How to List Local Groups with or without PowerShell

Native Auditing vs. Netwrix Auditor for Windows Server
{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Windows Server
Native Auditing
Netwrix Auditor for Windows Server
Steps
  1. Open the PowerShell ISE → Connect to the computer from which you want to get a list of all local groups by running the following cmdlet and entering appropriate credentials:

Enter-PSSession computername -Credential Enterprise\T.Simpson

  1. Run the following script on each workstation from which you need to get a list of local groups, specifying the network path for export:

Get-LocalGroup | select name | Out-File \\fs1\shared\IT\scripts\localgroups.csv

  1. Open the file produced by the script in MS Excel.


Sample report:

Local groups listing report produced by PowerShell script
  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "Windows Server" section → Go to "Windows Server – State-in-Time" → Select "Local Users and Groups" → Click "View".
  2. Set the "Type" filter to "Group".
  3. To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".


Sample report:

Local Users and Groups Netwrix Auditor report: lists local users ans grops on Windows Server, grouped by server name
Learn more about Netwrix Auditor for Windows Server

List Local Groups on Your Windows Servers in Couple Clicks

Monitoring local groups listings is essential to Microsoft Windows Server 2016 security. Sometimes Active Directory groups or user accounts are added to the local Administrators group or other privileged groups on a local machine so users can install the programs they need to do their jobs, connect to the workstation remotely, make backups and so on. While this approach reduces helpdesk workload, it significantly increases security risks on your systems by increasing the attack surface area and the risk of privilege abuse. By carefully monitoring the membership of local groups, you can reduce these risks.

If you have enough PowerShell knowledge and experience, you can create a script that lists all local groups, including the local Administrators group. By running this script periodically and comparing the result with your baselines, you can find out whether any rogue groups have been created. But this is not a very convenient way to achieve even that limited goal because you’ll have to run the script on each machine you are interested in and there is no way to get it from the number of servers with one script.

Netwrix Auditor for Windows Server makes it easy to review the list of all local groups and also see all the members of each group. Unlike manual scripting, Netwrix Auditor automatically retrieves this information from the number of servers and provides you with the list of local groups for each server in one click. Reviewing the report on a regular basis will help you establish your baseline and spot any deviations that violate your security policy.

Receive information about local groups on a regular basis right to your inbox by subscribing to the report and, thus, facilitating good IT housekeeping.

If you also need to track all user objects membership is these groups, navigate to how to get local group membership report page.

Related How-tos
How to Detect Who Installed What Software on Your Windows Server How to Detect Who Created a Scheduled Task on Windows Server How to Detect Modifications to Startup Items in the Windows Registry How to Get Local Group Members Report with or without PowerShell How to Get Server Inventory across Your Network How to List All User Accounts on a Windows System