Local PC Admin group audit

bernardb
bernardb used Ask the Experts™
on
We have several PC'S and laptop's connected to our Win2k3 active directory domain. We need to find out which users have beeN added to their local machines administrator group.

Is there a way to do this without asking users or without going to each users desktop and laptop or with remoting into each individual PC or Laptop?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
helpfinderIT Consultant

Commented:
if you do not need a list of users who are in local admin group on domain computers you can use GPO to define who should be in that group and apply that GPO accross your domain. That wipe all all non authorized users from local admin group.
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
Top Expert 2014
Commented:
hi,

Please use the LocalAdministratorsMembership script from below site.

http://community.spiceworks.com/scripts/show/78-list-local-administrators-for-a-list-of-computers.
Hi Bern,
Any update from above suggestion ?
Alternatively, you can have give a try to this automated option(http://www.activedirectoryauditing.net/) which seems good sound to audit and find out which users have been added to their local machines administrator group. You can collect and analyze all the critical changes made in AD with this software.

Author

Commented:
Great script.

Thanks Experts one and all

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial