Local Administrators on remote PC's


Sorry for the knowledge on this but I have been tasked with providing a list of accounts under the local administrator on PC’s that are part of an OU in AD. I am not sure where to start to accomplish this. I would like pc name along with accounts in the group.



that depends pretty much on the target systems. If they are a kind of up to date you can use PowerShell remoting combined with the local account management cmdlets.

So you may start reading about



Please read the help completely including the examples to learn how to use the cmdlets.

1 Like

If you dont want to mess with PS Remoting and you HAVE admin on the remote system, you can try this function. It works for me. This will return ALL local groups and their members so if you only want the Administrators group, you will need to customize it. I use this on Systems that are only at PS3 (which dont support Get-LocalGroupMember) but it should work on any system.

Function Get-LocalGroupInfoPS3 {

	This function will enumerate local groups for systems with PowerShell version 3

		[String] $System
	$remoteHost = [ADSI]"WinNT://$System,computer"

	$localGroupInfo = @()

	$remoteHost.psbase.children | Where-Object { $_.psbase.schemaClassName -eq 'group' } | foreach {
   	 	$Group =[ADSI]$_.PsBase.Path
   	 	$Group.PsBase.Invoke("Members") | foreach {
			$User = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
			$UserInfo = [PSCustomObject][Ordered] @{
				'Group' = [System.String]$Group.Name
				'User' = $User
			$localGroupInfo += $UserInfo
	Return $localGroupInfo
1 Like

I have been playing around with this script. The only part that I am struggling with is exporting the information to a csv or test file. Please advise.

function get-localadmins{
  $group = get-wmiobject win32_group -ComputerName $computerName -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
  $query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($group.name)'`""
  $list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
  $list | ForEach{$_.PartComponent} | ForEach{$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}

foreach($computer in (Get-ADComputer -filter * -SearchBase "OU=Workstations, DC=test, DC=local"| select name).name){
Write-Verbose "Checking $computer" -Verbose
get-localadmins -computerName $computer