Hi,
Im after a script that interrogates all end user machines on our domain, and shows a list of all users who are in the local admin group and on what machine.
Is this poss?
It would be great if you can make you question bit more clear.
Are you facing any issue with an existing script or are you expecting a ready made script ?
Would it be something as simple as this?
[pre]
$computers = get-adcomputer -filter * | select -expand name
invoke-command -computername $computers -scriptblock {Get-LocalGroupMember -Group administrators}
[/pre]
Thanks for getting back to me.. i tried what you suggested but i get the results below for multiple devices.. the devices are deffo on the network and switched on.
+ CategoryInfo : OpenError: (computername:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken
[computername] Connecting to remote server computername failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid,
that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall
exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
Also the report im after is to show all users who are in local admin group which also exports results to a CSV or excel file for example.
I have tried this but couldnt get it to work
https://gallery.technet.microsoft.com/scriptcenter/Get-remote-machine-members-bc5faa57
Probably a lot more complicated than it needs to be, but here is one I wrote:
function Get-LocalAdmin
{
param ($ComputerName)
$localAdmins = @()
$regex_user = 'Win32_UserAccount \(Domain \= "(.+)", Name = "(.+)"\)'
$regex_group = 'Win32_Group \(Domain \= "(.+)", Name = "(.+)"\)'
$admins = Get-CimInstance -ClassName win32_groupuser -ComputerName $ComputerName | Where-Object GroupComponent -like "*Administrators*"
$admins.PartComponent |
ForEach-Object {
if ($_ -like "Win32_UserAccount*")
{
$_ |
Select-String -Pattern $regex_user |
ForEach-Object {
$localAdmins += [PSCustomObject]@{
Type = "User"
Value = "$($_.Matches.Groups[1].Value)\$($_.Matches.Groups[2].Value)"
}
}
}
elseif ($_ -like "Win32_Group*")
{
$_ |
Select-String -Pattern $regex_group |
ForEach-Object {
$localAdmins += [PSCustomObject]@{
Type = "Group"
Value = "$($_.Matches.Groups[1].Value)\$($_.Matches.Groups[2].Value)"
}
}
}
else
{
$_ |
Select-String -Pattern $regex_group |
ForEach-Object {
$localAdmins += [PSCustomObject]@{
Type = "Other"
Value = "$($_.Matches.Groups[1].Value)\$($_.Matches.Groups[2].Value)"
}
}
}
}
}
You could get that into a CSV by piping the output to Export-Csv:
Get-LocalAdmin server01 | Export-Csv -NoTypeInformation e:\temp\localadmin.csv
Hi Charles,
Tried running what you suggested but i get
PS C:\WINDOWS\system32> C:\Temp\123.ps1
At C:\Temp\123.ps1:2 char:1
- {
- ~
Missing closing ‘}’ in statement block or type definition. - CategoryInfo : ParserError: (
, ParentContainsErrorRecordException - FullyQualifiedErrorId : MissingEndCurlyBrace
Yeah, looks like I missed the final curly brace when I pasted it into the post. I updated it, but it was just adding a ‘}’ to the very end of the code (line 47).
[quote quote=187654]Yeah, looks like I missed the final curly brace when I pasted it into the post. I updated it, but it was just adding a ‘}’ to the very end of the code (line 47).
[/quote]
Thanks again Charles!. Im new to some PS scripting so forgive my pestering… so i pasted in the updated script and ran through PS ISE but when i hit run script it just goes back to PS C:\WINDOWS\system32> C:\Temp.…
Now im guessing i need to enter our corp domain, and some other bit of info for the script to pickup what i need, but where do i enter it?