• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 405
  • Last Modified:

Retrieve administrator right and software installed on the domain workstation

Is it possible to use Powershell or VBscript to scan all domain workstations and list out which users has the local domain right , together with the software installed on their workstations ?

  • 3
  • 3
1 Solution
Krzysztof PytkoActive Directory EngineerCommented:
You can try using these scripts

Local administrators

Installed software

for more advanced help, please wait for PowerShell experts

AXISHKAuthor Commented:
I have put the following under c:\get-localadministrators.ps1 and then run it.  I have open a powershell and execute the following :
c:\get-localadministrators -computername mydomain-computer01

However, no result is display. Any idea ??

function get-localadministrators {
    param ([string]$computername=$env:computername)

    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""","")#strips the last "

                $objOutput = New-Object PSObject -Property @{
                    Machinename = $computername
                    Fullname = ($admin)
                    DomainName  =$admin.split("\")[0]
                    UserName = $admin.split("\")[1]
                }#end object

    }#end for

    return $objreport
}#end function
Krzysztof PytkoActive Directory EngineerCommented:
Because you cannot specify computer name. It is taken from system variable $env:computername

To use it with different name, you need to change code a little bit.

And to that script, you need to add one more line at the end


Then run script again

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

AXISHKAuthor Commented:
It works but I have a question,

get-localadministrators is a self -defined script and I suppose  $computername will accept my passing parameter, ie. mydomain-computer01

But why do I need to include a call to itself at the end of the line.

Krzysztof PytkoActive Directory EngineerCommented:
This is self-defined function, so you need to run it at the end.

In example: Get-ADUser is Windows AD PowerShell cmd-let predefined by Microsoft, you need to run it to get data. The same with this one. You need to run get-localadministrators but it won't be recognized, so that's why you need to predefined function before you can use it

Yes, you're right, you can use another computer name but you have to replace this piece of code from
param ([string]$computername=$env:computername)
param ([string]$computername=$computerNameVariable)

where $computerNameVariable is taken from other part of your script (Import-CSV or Get-Content)

AXISHKAuthor Commented:

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now