Link to home
Start Free TrialLog in
Avatar of MilesLogan
MilesLoganFlag for United States of America

asked on

Pull local accounts with elevated access from multiple servers

Hi EE

Can someone help me modify the script below or if someone has a script that will do the same ..
The script pulls all the local accounts from a list of servers ... can someone help me modify this so it
only pulls the local accounts that are member of the Administrators group ?
or it add a column that shows which local group the account is a member of ?

function get-localusers {
    param(
    [Parameter(Mandatory=$true,valuefrompipeline=$true)]
    [string]$strComputer)
    begin {}
    Process {
      $Select = "Name","Class" | %{  
      Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$Null, `$_, `$Null) }}"  
       }
       If (Test-Connection $strComputer -Count 2 -Quiet){
       $computer = [ADSI]("WinNT://" + $strComputer + ",computer")
       $Users = $computer.psbase.children | ? {$_.psbase.SchemaClassName -eq "User"}
       foreach ($User in $Users) {
	   $stat = Switch ($User.UserFlags.Value -band "2"){"2"{"Disabled"};"0"{"Enabled"}}
	   $User | Select @{N="ComputerName";E={$strComputer}},@{N="User";E={$_.Name}},@{N="Status";E={$stat}},@{N="Description";E={$_.Description}},Class
          }
        }
      Else {
          "" | Select @{N="ComputerName";E={$strComputer}},@{N="User";E={"Not able to Ping"}},Status,Description,Class
        }
      }
end {}
}
Get-Content "C:\PS\Servers.txt" | get-localusers | Select ComputerName,User,Status,Description,Class | Export-Csv "C:\PS\Servers_details_$((get-date).toString('MM-dd-yyyy')).csv" -NTI

Open in new window

Avatar of Zac Harris
Zac Harris
Flag of United States of America image

I modified the script... this should work for you:

function get-localusers {
        param(
    [Parameter(Mandatory=$true,valuefrompipeline=$true)]
    [string]$strComputer)
    begin {}
    Process {
	$Select = "Name","Class","Parent" | %{  
  	Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$Null, `$_, `$Null) }}"  
	}
      If (Test-Connection $strComputer -Count 2 -Quiet){
        $adminlist =""
        $computer = [ADSI]("WinNT://" + $strComputer + ",computer")
        $AdminGroup = $computer.psbase.children.find("Administrators")
        $Adminmembers= $AdminGroup.psbase.invoke("Members") | Select $Select
	        foreach ($admin in $Adminmembers) {
	        $admin | Select @{N="ComputerName";E={$strComputer}},@{N="Administrators";E={"$(($_.parent) -replace "WinNT://")\$($_.Name)"}},Class,Parent
			}
		}
      Else {
		"" | Select @{N="ComputerName";E={$strComputer}},@{N="Administrators";E={"Not able to Ping"}},Class,Parent
        }
     }
end {}
}

Get-Content "C:\ps\Servers.txt" | get-localusers | Select ComputerName,Administrators,Class,Parent | Export-Csv "C:\ps\Results\LocalAdminGroups_$((get-date).toString('MM-dd-yyyy')).csv" -NTI

Open in new window

Avatar of MilesLogan

ASKER

Hi Zac

Thanks .. but this now pulls all groups and accounts, including Domain accounts/groups in the Local Administrators group. I want to keep the same output format as the current script .

The current script pulls all local accounts, but I need it to only pull local accounts in the local Administrators group or pull all local accounts but tag somehow local accounts that are members
of the Administrators group.
Anyone ??
ASKER CERTIFIED SOLUTION
Avatar of Amit
Amit
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Amit , thank you for looking into this ..  this helped a lot !