Active Directory users are often made members of the local Administrators group so they can manage the programs installed on their computers and do other work without help from IT administrators. While this approach does reduce IT helpdesk workload, it introduces serious security risks, especially if sensitive data is stored on the computers. Busy IT administrators often forget to revoke membership in the local admins group, including remote users that tend to constantly fall out of their radar, which increases the vulnerability of IT systems to internal and external threats and the risk of privilege abuse. Therefore, to enhance Microsoft Windows Server security and maintain good IT hygiene, you need to stay current on the membership of all local Administrators groups.

1. Open the Powershell ISE → Create new script with the following code and run it, specifying the computer list and the path for export:     

invoke-command {
 $members = net localgroup administrators |
 where {$_ -AND $_ -notmatch "command completed successfully"} |
 select -skip 4
 New-Object PSObject -Property @{
 Computername = $env:COMPUTERNAME
 Group = "Administrators"
 Members=$members
 }
 } -computer fs1,sp01,ncnad -HideComputerName |
 Select * -ExcludeProperty RunspaceID | Export-CSV c:\data\local_admins.csv -NoTypeInformation

2. Open the file produced by the script in MS Excel.

 

Credits

Originally published: https://www.netwrix.com/how_to_get_local_administrators.html