<div>
if you do not need a list of users who are in local admin group on domain computers you can use GPO to define who should be in that group and apply that GPO accross your domain. That wipe all all non authorized users from local admin group.<br />
<a href="http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/" rel="ugc">http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/</a>
</div>


if you do not need a list of users who are in local admin group on domain computers you can use GPO to define who should be in that group and apply that GPO accross your domain. That wipe all all non authorized users from local admin group.
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/ [http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/]

<div>
Hi Bern,<br />
Any update from above suggestion ?<br />
Alternatively, you can have give a try to this automated option(<a href="http://www.activedirectoryauditing.net/" rel="ugc">http://www.activedirectory<wbr />auditing.n<wbr />et/</a>) which seems good sound to audit and find out which users have been added to their local machines administrator group. You can collect and analyze all the critical changes made in AD with this software.
</div>


Hi Bern,
Any update from above suggestion ?
Alternatively, you can have give a try to this automated option(http://www.activedirectoryauditing.net/ [http://www.activedirectoryauditing.net/]) which seems good sound to audit and find out which users have been added to their local machines administrator group. You can collect and analyze all the critical changes made in AD with this software.

<div>
Great script.<br />
<br />
Thanks Experts one and all
</div>


Great script.

Thanks Experts one and all

<div>
<div class="content wysiwyg-content">
We have several PC'S and laptop's connected to our Win2k3 active directory domain. We need to find out which users have beeN added to their local machines administrator group. <br />
<br />
Is there a way to do this without asking users or without going to each users desktop and laptop or with remoting into each individual PC or Laptop?
</div>
</div>


We have several PC'S and laptop's connected to our Win2k3 active directory domain. We need to find out which users have beeN added to their local machines administrator group. 

Is there a way to do this without asking users or without going to each users desktop and laptop or with remoting into each individual PC or Laptop?

Local PC Admin group audit

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Microsoft Windows XP is the sixth release of the NT series of operating systems, and was the first to be marketed in a variety of editions: XP Home and XP Professional, designed for business and power users. The advanced features in XP Professional are generally disabled in Home Edition, but are there and can be activated. There were two 64-bit editions, an embedded edition and a tablet edition.

Windows XP

Windows 7 is an operating system from Microsoft. Features include multi-touch support, a redesigned Windows Shell with a new taskbar, referred to as the Superbar, a home networking system called HomeGroup, and performance improvements.