Monthly Archive

Categories

Local Administrators

Finding the local administrators on a system is a not infrequent action.  There are a number of ways to do this.

 

The oldest method is to use the ADSI WinNT provider

$group =[ADSI]"WinNT://$($env:COMPUTERNAME)/Administrators, group"
$members = @($group.psbase.Invoke("Members"))
$members | Foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}

 

NOTE – this doesn’t work on my Windows 10 system – build 14352

I’d recommend avoiding the WinNT provider if you can

 

WMI provides this option

$group = Get-CimInstance -ClassName Win32_Group -Filter "Name='Administrators'"
Get-CimAssociatedInstance -InputObject $group -ResultClassName Win32_UserAccount

 

You can also use a .NET based approach with the System.DirectoryServices.AccountManagement  namespace

using assembly System.DirectoryServices.AccountManagement
$ctype = [System.DirectoryServices.AccountManagement.ContextType]::Machine
$context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ctype, $($env:COMPUTERNAME)

$idtype = [System.DirectoryServices.AccountManagement.IdentityType]::Name
$grp = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($context, $idtype, "Administrators")
$grp.Members | select SamAccountName

 

This is a bit more complicated as you have to load the assembly (using is new to PowerShell v5 – use Add-Type in earlier versions)

Set the context to the local machine and the identity type to Name

You can then use FindByIdentity() to get the local adminsitrators groups and look at the Members property to find the group members.

 

PowerShell v5 brings a Local Accounts module - Microsoft.PowerShell.LocalAccounts

Add-LocalGroupMember
Disable-LocalUser
Enable-LocalUser
Get-LocalGroup
Get-LocalGroupMember
Get-LocalUser
New-LocalGroup
New-LocalUser
Remove-LocalGroup
Remove-LocalGroupMember
Remove-LocalUser
Rename-LocalGroup
Rename-LocalUser
Set-LocalGroup
Set-LocalUser

 

NOTE – depending on your version of PowerShell v5 you may, or may not have this module. Its present in the later Windows 10 builds (on Insider Preview) and in Windows server 2016 TP 5. Eventually it’ll become available on all Windows 10 systems through Windows updates.

 

PS>  Get-LocalGroupMember -Group Administrators | select Name

Name
----
RSsurfacePro2\Administrator
RSSURFACEPRO2\Richard

Comments are closed.