How to List Local Administrators Using PowerShell

Try the below script, in order to audit or list local administrators.

Here is the VBScript

Set objGroup = GetObject(“WinNT://./Administrators,group”)

For Each objUser In objGroup.Members
WScript.Echo “Member found: ” & objUser.Name
Next

set objGroup = Nothing

Here is the Powershell syntax

function LogToFile ([string]$strFileName, [string]$strComputer)
{
Add-Content $strFileName $strComputer
}

$strComputer = “.”
$computer = [ADSI](“WinNT://” + $strComputer + “,computer”)
$Group = $computer.psbase.children.find(“Administrators”)
$members= $Group.psbase.invoke(“Members”) | %{$_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null)}

ForEach($user in $members)

{
Write-Host $user
$a = $strComputer + “!” + $user.ToString()
LogToFile “C:ss.txt” $a
}

Source: https://ponderingthought.com/2009/01/09/list-local-administrators-on-a-machine-using-powershell-adsi/

Below script retrieves a list of all users that are member of the local administrator group

function Get-LocalAdmin {

<# .Synopsis Get Local admin list .Description Get Local admin list .Example Get-LocalAdmin -Computername myworkstation.contoso.com This shows the NTP Status of the localhost, this will be the result: Retrieving Local Admin list for myworkstation.contoso.com MYWORKSTATION\Administrator CONTOSO\Domain Admins .Example get-adcomputer -searchbase ‘OU=workstations,dc=contoso,dc=com’ -filter * -property * | select name | Get-LocalAdmin Get Local admin list for all the workstation in AD. .Notes Author: Paolo Frigo – paolofrigo@gmail.com #>
param (

[Parameter(Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 0)]
[Alias(‘Name’)]

[string[]]$ComputerName
)
Process {

Write-Warning “Retrieving Local Admin list for $ComputerName”

try {
If (!(Test-Connection -ComputerName $computerName -Count 1 -Quiet)) {
Write-Output “$computerName is offline.”
#Continue # Move to next computer
}
else {
$admins = Gwmi win32_groupuser –computer $ComputerName
$admins = $admins |? {$_.groupcomponent –like ‘*”Administrators”‘}
$admins | % {
$_.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul
$matches[1].trim(‘”‘) + “\” + $matches[2].trim(‘”‘) }
}

}
catch {
Write-Output “Can’t gather information from $ComputerName”
Write-Output $Error[0].Exception;
}
finally {

}

}
}

#Example with desktop, but you can use Laptops or VMs or Servers as OU
get-adcomputer -searchbase ‘OU=workstations,dc=contoso,dc=com’ -filter * -property * | select name | Get-LocalAdmin

Note if you’re using Powershell 5.1 or later versions you can use this cmd-let : Get-LocalGroupMember:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/Get-LocalGroupMember?view=powershell-5.1