Jul 24 2024 03:53 AM
Hello,
I am new to power shell scripting and i got a task where i need to restive all the users that have local admins on their devices.
Any help?
I managed to create a script but i got errors on all users.
This is the script:
#Get Current Computer Name
$computer = $env:computername
#Get Current UserName
$CurrentUser = whoami
#Get User’s Local Group Membership
$CurrentUserGroups = whoami /groups
#Check if current user is a member of the Local Admins group
$CurrentUserAdmin = $CurrentUserGroups -like "*S-1-5-32-544*"
#If user is an admin
if ($CurrentUserAdmin) {
$body = ConvertTo-JSON @{Device = $computer; User = $CurrentUser; IsAdmin = ‘true’}
#Start Flow
Invoke-RestMethod -uri $URI -Method Post -body $body -ContentType ‘application/json’
}
#If user is not an admin
else {
$body = ConvertTo-JSON @{Device = $computer; User = $CurrentUser; IsAdmin = ‘false’}
#Start Flow
Invoke-RestMethod -uri $URI -Method Post -body $body -ContentType ‘application/json’
}
Jul 24 2024 05:56 AM
check the following hope it helps to improve your script
# Function to get local admins for a single computer
function Get-LocalAdmins {
param(
[string]$computerName
)
try {
# Use Get-WmiObject to retrieve local administrators more reliably
$admins = Get-WmiObject -Class Win32_GroupUser -ComputerName $computerName -Filter "GroupComponent='Win32_Group.Domain=\"$computerName\",Name=\"Administrators\"'"
if ($admins) {
foreach ($admin in $admins) {
$account = Get-WmiObject -Class Win32_UserAccount -ComputerName $computerName -Filter "Name='$($admin.PartComponent -split ',')[1]'"
[PSCustomObject]@{
Device = $computerName
User = $account.Name
IsAdmin = $true
}
}
}
}
catch {
Write-Warning "Failed to get local admins for $computerName: $_"
# Optionally, send error details to your Flow
}
}
# Get all computer names in your domain or desired scope
$computerNames = Get-ADComputer -Filter * | Select-Object -ExpandProperty Name
# Process each computer
foreach ($computerName in $computerNames) {
$admins = Get-LocalAdmins -computerName $computerName
if ($admins) {
# Convert admin data to JSON and send to your Flow
$body = ConvertTo-Json $admins
Invoke-RestMethod -uri $URI -Method Post -body $body -ContentType 'application/json'
}
}
Jul 24 2024 06:12 AM
Hi, Iani.
With respect to testing for if a logged-on (aka interactive) user has local administration rights, you can use .NET's [Security.Principal.WindowsIdentity] class.
This will tell you if they have local administration rights independent of whether they are currently elevated or not.
$Identity = [Security.Principal.WindowsIdentity]::GetCurrent();
[PSCustomObject] @{
device = [string]::Concat([System.Environment]::MachineName.ToLower(), ".", [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name);
user = $Identity.Name;
isAdmin = $Identity.UserClaims.Value -contains "S-1-5-32-544";
}
For a user that's not a local administrator:
For a user that's a local administrator but not currently running an elevated session:
For a user that's a local administrator and is running an elevated session:
Cheers,
Lain