December 4, 2014

Find information about the local administrator account on remote systems with PowerShell

I wanted to get some basic information about the local administrator account on all my systems.
Well, as it seemed my predecessor had a policy to manually rename the local administrator account, which is great… but he wasn’t consistent in this.
Next to that, some of our users had or have local administrator permissions.

That means they can do all kind of things with local accounts, such ad rename or disable the local administrator account.
I’ve written this small function which utilizes a CIM class to list the local administrator account, with some basic information:

function Get-LocalAdministrator {
    param (
        [parameter(
            Mandatory=$true,
            Position=1,
            ValueFromPipeline=$true,
            ValueFromPipelineByPropertyName=$true
        )][string[]]$ComputerName
    )
    begin {
    } process {
        foreach ($Computer in $ComputerName) {
            try {
                Get-CimInstance -ClassName Win32_UserAccount -ComputerName $Computer -Filter 'SID like "S-1-5-21-%-500"'
            } catch {
                Write-Error $_
            }
        }
    } end {
    }
}

Output is shown like so:

function Get-LocalAdministrator {

param (

[parameter(

Mandatory=$true,

Position=1,

ValueFromPipeline=$true,

ValueFromPipelineByPropertyName=$true

)][string[]]$ComputerName

)

begin {

} process {

foreach ($Computer in $ComputerName) {

try {

Get-CimInstance -ClassName Win32_UserAccount -ComputerName $Computer -Filter 'SID like "S-1-5-21-%-500"'

} catch {

Write-Error $_

}

} end {

}

Output is shown like so:

JeffOps

Find information about the local administrator account on remote systems with PowerShell

Leave a Reply Cancel reply

Archives