Solved

Local PC Admin group audit

Posted on 2014-02-26
4
1,299 Views
Last Modified: 2014-02-27
We have several PC'S and laptop's connected to our Win2k3 active directory domain. We need to find out which users have beeN added to their local machines administrator group.

Is there a way to do this without asking users or without going to each users desktop and laptop or with remoting into each individual PC or Laptop?
0
Comment
Question by:bernardb
4 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 39889836
if you do not need a list of users who are in local admin group on domain computers you can use GPO to define who should be in that group and apply that GPO accross your domain. That wipe all all non authorized users from local admin group.
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39889840
hi,

Please use the LocalAdministratorsMembership script from below site.

http://community.spiceworks.com/scripts/show/78-list-local-administrators-for-a-list-of-computers.
0
 
LVL 5

Expert Comment

by:Pankaj_401
ID: 39891157
Hi Bern,
Any update from above suggestion ?
Alternatively, you can have give a try to this automated option(http://www.activedirectoryauditing.net/) which seems good sound to audit and find out which users have been added to their local machines administrator group. You can collect and analyze all the critical changes made in AD with this software.
0
 

Author Closing Comment

by:bernardb
ID: 39893411
Great script.

Thanks Experts one and all
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question