Find Local Admin Accounts Within Your Windows Environment Using Powershell

Limiting the number of local admin accounts is an important way to help limit the ways an attacker can pivot within your environment. But how can you find out where all the local admin accounts are? 4sysops has a great script over at https://4sysops.com/archives/create-a-list-of-local-administrators-with-powershell/#script-usage, but if you want to make it just a little bit more useful feed it a list of every computer in your ad to check against thusly, GetLocalGroupMembers.ps1 ComputerName (Get-ADComputer -Filter ‘*’ | Select -Expand Name) >> file.txt. Note: You will need to have the PowerShell AD module installed for this to work properly.This will query every machine online within your environment to see who has a local admin account on what box. You can also check the output to see which machines were not available to scan the first time, and include them in subsequent scans. 

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s