FInd ALL users who have local adminstrator rights to their computers via powershell

I haven't been able to find a powershell one line command or script where in our domain I want to find ALL users who have local admin rights to their computers.

Does anyone know where I can find one.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
I don't think you'll find one. The issue is that there are just too many variables. You have numerous client OSes to contend with. Not all of which support powershell, or different versions of powershell, so that means using WMI.  You have to avoid membership loops (member of group A, group A is member of group B, group is member of group A...traversing to check for admin rights causes a loop.)  Plus all of the ways local admin rights could be granted.

You'll be better off using a reporting package (spiceworks, SCOM, etc) that can just query the each machine as a report. And query group members as a separate report. And then manually cross-referencing. Not particularly scriptable, or at least not worth most people's efforts to script, which is why I've never seen one.
MacleanSystem EngineerCommented:
There is a script for this on the Technet Galleries.
Please find the script on the below URL.
zero000koolAuthor Commented:
that script does not work, and your telling me finding all users who are a member of their local administrator's group on their desktops, is not possible.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

MacleanSystem EngineerCommented:
Just tested the script, and it works. What is the error you receive? It will probably tell you the issue.
I guess it told you that the file is not signed, and you need to bypass that check using the command

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Then run the file again.

I never said it wasn't possible though, would not post the opposite if it was ;)
Let me know how you go.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
Just to clear things up, you have two experts chiming in. The person who posted a link to a gallery script, and myself. I'm the one who said what you want isn't easy to do with a script (I never said impossible, just said it wouldn't be worth the effort.)

The script posted will enumerate, to an extent, the local admin group on a machine. But as the script description says, it can be slow, and as I inferred, the way it works isn't fully recursive and therefore still requires other pieces and cross-referencing. So I stand by my first comment that you probably won't get what you want (a do-it-all script) and you may not find the script posted will be sufficient for your request.  

Don't get me wrong. I am not insulting or criticizing the other expert participating. And it certainly won't hurt to run the script and see if it returns results in enough detail to accomplish what you want. I was basing my answer on my interpretation of your question, but there are other viewpoints which is what makes EE an interesting resource.
MacleanSystem EngineerCommented:
I'm not worried Cliff, all good here, and I understand your view.

The script might not always be 100% reliable depending on various factors, but it should get him a fair way on obtaining the results. If it helps it helps, and if not, I tried getting him on his way.
zero000koolAuthor Commented:
I appreciate the help from both of you.
Let me check out running 'Execution-policy cmdlet
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.