Find Local Admin Accounts Within Your Windows Environment Using Powershell

Limiting the number of local admin accounts is an important way to help limit the ways an attacker can pivot within your environment. But how can you find out where all the local admin accounts are? 4sysops has a great script over at, but if you want to make it just a little bit more useful feed it a list of every computer in your ad to check against thusly, GetLocalGroupMembers.ps1 ComputerName (Get-ADComputer -Filter ‘*’ | Select -Expand Name) >> file.txt. Note: You will need to have the PowerShell AD module installed for this to work properly.This will query every machine online within your environment to see who has a local admin account on what box. You can also check the output to see which machines were not available to scan the first time, and include them in subsequent scans. 


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s