Getting local admins from all PCs

Copper Contributor

Hello,

 

I am new to power shell scripting and i got a task where i need to restive all the users that have local admins on their devices.

Any help?

 

I managed to create a script but i got errors on all users.

This is the script:

#Get Current Computer Name

$computer = $env:computername

#Get Current UserName

$CurrentUser = whoami

#Get User’s Local Group Membership

$CurrentUserGroups = whoami /groups

#Check if current user is a member of the Local Admins group

$CurrentUserAdmin = $CurrentUserGroups -like "*S-1-5-32-544*"

#If user is an admin

if ($CurrentUserAdmin) {

$body = ConvertTo-JSON @{Device = $computer; User = $CurrentUser; IsAdmin = ‘true’}

#Start Flow

Invoke-RestMethod -uri $URI -Method Post -body $body -ContentType ‘application/json’

}

#If user is not an admin

else {

$body = ConvertTo-JSON @{Device = $computer; User = $CurrentUser; IsAdmin = ‘false’}

#Start Flow

Invoke-RestMethod -uri $URI -Method Post -body $body -ContentType ‘application/json’

}

2 Replies

@ianicepi 

 

check the following hope it helps to improve your script 

 

# Function to get local admins for a single computer
function Get-LocalAdmins {
    param(
        [string]$computerName
    )

    try {
        # Use Get-WmiObject to retrieve local administrators more reliably
        $admins = Get-WmiObject -Class Win32_GroupUser -ComputerName $computerName -Filter "GroupComponent='Win32_Group.Domain=\"$computerName\",Name=\"Administrators\"'"
        if ($admins) {
            foreach ($admin in $admins) {
                $account = Get-WmiObject -Class Win32_UserAccount -ComputerName $computerName -Filter "Name='$($admin.PartComponent -split ',')[1]'"
                [PSCustomObject]@{
                    Device = $computerName
                    User = $account.Name
                    IsAdmin = $true
                }
            }
        }
    }
    catch {
        Write-Warning "Failed to get local admins for $computerName: $_"
        # Optionally, send error details to your Flow
    }
}

# Get all computer names in your domain or desired scope
$computerNames = Get-ADComputer -Filter * | Select-Object -ExpandProperty Name

# Process each computer
foreach ($computerName in $computerNames) {
    $admins = Get-LocalAdmins -computerName $computerName
    if ($admins) {
        # Convert admin data to JSON and send to your Flow
        $body = ConvertTo-Json $admins
        Invoke-RestMethod -uri $URI -Method Post -body $body -ContentType 'application/json' 
    }
}

 

@ianicepi 

 

Hi, Iani.

 

With respect to testing for if a logged-on (aka interactive) user has local administration rights, you can use .NET's [Security.Principal.WindowsIdentity] class.

 

This will tell you if they have local administration rights independent of whether they are currently elevated or not.

 

Example

$Identity = [Security.Principal.WindowsIdentity]::GetCurrent();

[PSCustomObject] @{
    device = [string]::Concat([System.Environment]::MachineName.ToLower(), ".", [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name);
    user = $Identity.Name;
    isAdmin = $Identity.UserClaims.Value -contains "S-1-5-32-544";
}

 

Output

For a user that's not a local administrator:

LainRobertson_0-1721826585878.png

 

For a user that's a local administrator but not currently running an elevated session:

LainRobertson_1-1721826652170.png

 

For a user that's a local administrator and is running an elevated session:

LainRobertson_2-1721826718005.png

 

 

Cheers,

Lain