How to Get Local Administrators with or without PowerShell

Native Auditing vs. Netwrix Auditor for Windows Server
{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Windows Server
Native Auditing
Netwrix Auditor for Windows Server
Steps
  1. Open the Powershell ISE → Create new script with the following code and run it, specifying the computer list and the path for export:

invoke-command {
    $members = net localgroup administrators | 
     where {$_ -AND $_ -notmatch "command completed successfully"} | 
     select -skip 4
    New-Object PSObject -Property @{
     Computername = $env:COMPUTERNAME
     Group = "Administrators"
     Members=$members
     }
    } -computer fs1,sp01,ncnad -HideComputerName | 
    Select * -ExcludeProperty RunspaceID | Export-CSV c:\data\local_admins.csv -NoTypeInformation 

  1. Open the file produced by the script in MS Excel.


Sample report:

get local administrators with PowerShell: report generated in MS Excel
  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "Windows Server" section → Go to "Windows Server ­– State-in-Time" → Select "Members of Local Administrators Group" → Click "View".
  2. To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".
  3. To get this report by email regularly, simply choose the "Subscribe" option and define the schedule and recipients.
get local administrators with Netwrix Auditor: Members of Local Administrators Group Report
Learn more about Netwrix Auditor for Windows Server

Get Members of the Local Administrators Group without the Work of PowerShell Scripting

Active Directory users are often made members of the local Administrators group so they can manage the programs installed on their computers and do other work without help from IT administrators. While this approach does reduce IT helpdesk workload, it introduces serious security risks, especially if sensitive data is stored on the computers. Busy IT administrators often forget to revoke membership in the local admins group, including remote users that tend to constantly fall out of their radar, which increases the vulnerability of IT systems to internal and external threats and the risk of privilege abuse. Therefore, to enhance Microsoft Windows Server security and maintain good IT hygiene, you need to stay current on the membership of all local Administrators groups.

You can use PowerShell commands and scripts to list local administrators group members. However, this approach requires quite a lot of time, as well as advanced PowerShell scripting skills. Plus, once you’ve exported the user objects into .CSV format, you’ll still face the task of comparing that list of members of each local administrators group to the known good baseline.

Netwrix Auditor for Windows Server makes it easy to see exactly which users are members of local administrators groups. Regularly review this report to spot security issues, such as a server that deviates from your security policy, so you can quickly restrict access and thereby mitigate security risks. Subscribe to the report to stay on top of local group membership and facilitate good IT housekeeping.

Related How-tos
How to Detect Who Installed What Software on Your Windows Server How to Detect Who Created a Scheduled Task on Windows Server How to Detect Modifications to Startup Items in the Windows Registry How to Get Local Group Members Report with or without PowerShell How to Get Server Inventory across Your Network How to List All User Accounts on a Windows System