Local Administrators

Finding the local administrators on a system is a not infrequent action.  There are a number of ways to do this.

The oldest method is to use the ADSI WinNT provider

$group =[ADSI]”WinNT://$($env:COMPUTERNAME)/Administrators, group”
$members = @($group.psbase.Invoke(“Members”))
$members | Foreach {$_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null)}

NOTE – this doesn’t work on my Windows 10 system – build 14352

I’d recommend avoiding the WinNT provider if you can

WMI provides this option

$group = Get-CimInstance -ClassName Win32_Group -Filter “Name=’Administrators'”
Get-CimAssociatedInstance -InputObject $group -ResultClassName Win32_UserAccount

You can also use a .NET based approach with the System.DirectoryServices.AccountManagement  namespace

using assembly System.DirectoryServices.AccountManagement
$ctype = [System.DirectoryServices.AccountManagement.ContextType]::Machine
$context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ctype, $($env:COMPUTERNAME)

$idtype = [System.DirectoryServices.AccountManagement.IdentityType]::Name
$grp = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($context, $idtype, “Administrators”)
$grp.Members | select SamAccountName

This is a bit more complicated as you have to load the assembly (using is new to PowerShell v5 – use Add-Type in earlier versions)

Set the context to the local machine and the identity type to Name

You can then use FindByIdentity() to get the local adminsitrators groups and look at the Members property to find the group members.

PowerShell v5 brings a Local Accounts module – Microsoft.PowerShell.LocalAccounts

Add-LocalGroupMember
Disable-LocalUser
Enable-LocalUser
Get-LocalGroup
Get-LocalGroupMember
Get-LocalUser
New-LocalGroup
New-LocalUser
Remove-LocalGroup
Remove-LocalGroupMember
Remove-LocalUser
Rename-LocalGroup
Rename-LocalUser
Set-LocalGroup
Set-LocalUser

NOTE – depending on your version of PowerShell v5 you may, or may not have this module. Its present in the later Windows 10 builds (on Insider Preview) and in Windows server 2016 TP 5. Eventually it’ll become available on all Windows 10 systems through Windows updates.

PS>  Get-LocalGroupMember -Group Administrators | select Name

Name
—-
RSsurfacePro2\Administrator
RSSURFACEPRO2\Richard

Advertisements
This entry was posted in Powershell. Bookmark the permalink.

One Response to Local Administrators

  1. Trevor Jones says:

    Very helpful, thanks 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s