We help IT Professionals succeed at work.

Windows local admin rights throughout network

Medium Priority
82 Views
Last Modified: 2020-02-27
Is there any way to identify who all in the network has local admin rights on their laptops? Through SCCM or through any other windows feature can we identify this?
Comment
Watch Question

Network Administrator
CERTIFIED EXPERT
Commented:
I have used this powershell script in the past...

$Searcher = New-Object DirectoryServices.DirectorySearcher([ADSI]"")
$Searcher.Filter = "(objectClass=computer)"
$Computers = ($Searcher.Findall())
md C:\All_Local_Admins
Foreach ($Computer in $Computers)
{
$Path=$Computer.Path
$Name=([ADSI]"$Path").Name
write-host $Name
$members =[ADSI]"WinNT://$Name/Administrators"
$members = @($members.psbase.Invoke("Members"))
$members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty',
$null, $_, $null) | out-file -append C:\All_Local_Admins\$name.txt
}

}

Open in new window


Just edit the last line to reflect where you want the data.
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
There is one quite good GUI tool I can recommend:
http://www.cjwdev.co.uk/Software/GetLocalAdminsGUI/Info.html

If you want a verified script:
https://community.spiceworks.com/scripts/show/1753-list-members-of-all-local-groups-on-computers-vbs

You can also download Netwrix Auditor for Windows Server trial version just for this task.
https://www.netwrix.com/how_to_get_local_administrators.html