How to Use PowerShell to Find Local Administrators

In today’s digital era, system administration and security management often require the use of scripts. One vital aspect of maintaining system security is keeping track of local administrators on Windows machines. Using PowerShell to fetch this data can be a game-changer for many IT professionals. Read this article to find out how to use PowerShell to find local administrators. 

Background

PowerShell has evolved as a robust scripting language and shell. Especially for IT professionals and Managed Service Providers (MSPs), scripts like the one provided become indispensable. MSPs often manage multiple client environments, making it challenging to monitor every detail manually. By leveraging scripts to fetch information, such as the list of local administrators, MSPs can ensure that only authorized individuals have elevated access, safeguarding against potential threats and malicious activities.

The Script

<#
.SYNOPSIS
    Updates a custom field with a list of local admins.
.DESCRIPTION
    Updates a custom field with a list of local admins.
.EXAMPLE
    No parameter needed
    
    Local Admins Found: Administrator, kbohlander, TESTDomain Admins
    Attempting to set Custom Field: LocalAdmins

PARAMETER: -CustomField "ReplaceWithAnyTextCustomField"    
    Updates the custom field you specified (defaults to "LocalAdmins"). The Custom Field needs to be writable by scripts (otherwise the script will report it as not found).

PARAMETER: -Delimiter "ReplaceWithYourDesiredDelimiter"
    Places whatever is entered encased of quotes between each user name. See below example.
.EXAMPLE
    -Delimiter " - "
    
    Local Admins Found: Administrator - kbohlander - TESTDomain Admins
    Attempting to set Custom Field: LocalAdmins
.OUTPUTS
    None
.NOTES
    Minimum OS Architecture Supported: Windows 7, Windows Server 2008
    Release Notes:
    Switched to using net localgroup as it's the most reliable. Removed PowerShell 5.1 requirement.
By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/terms-of-use.
    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. 
    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. 
    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. 
    Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. 
    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. 
    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. 
    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
#>

[CmdletBinding()]
param (
    [Parameter()]
    [String]$CustomField = "LocalAdmins",
    [Parameter()]
    [String]$Delimiter = ', '
)

begin {
    if ($env:customFieldName -and $env:customFieldName -notlike "null") { $CustomField = $env:customFieldName }
    if ($env:delimiter -and $env:delimiter -notlike "null") { $Delimiter = $env:delimiter }
    $CheckNinjaCommand = "Ninja-Property-Set"
}
process {
    # Get objects in the Administrators group, includes user objects and groups
    $Users = net.exe localgroup "Administrators" | Where-Object { $_ -AND $_ -notmatch "command completed successfully" } | Select-Object -Skip 4

    if (-not $Users) {
        Write-Error "[Error] No user's found! This is extremely unlikely is something blocking access to 'net localgroup administrators'?"
        exit 1
    }

    Write-Host "Local Admins Found (Users & Groups): $($Users -join $Delimiter)"
    if ($(Get-Command $CheckNinjaCommand -ErrorAction SilentlyContinue).Name -like $CheckNinjaCommand -and -not [string]::IsNullOrEmpty($CustomField) -and -not [string]::IsNullOrWhiteSpace($CustomField)) {
        Write-Host "Attempting to set Custom Field: $CustomField"
        Ninja-Property-Set -Name $CustomField -Value $($Users -join $Delimiter)
    }
    else {
        Write-Warning "Unable to set customfield either due to legacy OS or this script is not running as an elevated user."
    }
}
end {
    
    
    
}

 

Detailed Breakdown

The script initiates by setting default parameters, notably targeting a custom field named “LocalAdmins” and using a comma as the default delimiter. Here’s how it works:

• Initialization: The script starts by setting up the necessary commands, “Get-LocalGroupMember” for fetching local group members and “Ninja-Property-Set” for setting properties on NinjaOne, a renowned IT management platform.
• Fetching Administrators: In the process block, the script checks if the “Get-LocalGroupMember” command is available. If so, it uses that to fetch local administrators. If not, it defaults to using the net.exe command.
• Formatting Output: After retrieving the list of administrators, it formats the usernames by splitting them from any domain or machine name.
• NinjaOne Integration: Lastly, the script checks if the “Ninja-Property-Set” command is available and then updates the custom field in NinjaOne with the list of local administrators.

Potential Use Cases

Imagine being an IT administrator for a mid-sized company with an expanding remote workforce. With employees logging in from different locations and devices, it becomes crucial to ensure that only authorized personnel have administrative access. By deploying this script, an IT professional can fetch the list of all local administrators across various workstations, allowing them to audit access and take corrective actions if necessary.

Comparisons

While there are multiple ways to retrieve a list of local administrators—such as using graphical user interfaces or third-party tools—PowerShell scripts offer automation, scalability, and easy integration. For instance, while the native “Computer Management” GUI allows checking local administrators on a single workstation, our script can be scaled to multiple machines, providing a more efficient way to fetch this data, especially for MSPs handling numerous client environments.

FAQs

• Is this script exclusive to Windows?
  Yes, this script targets Windows machines, with support starting from Windows 10 and Windows Server 2016.
• Can I change the delimiter?
  Yes, the delimiter is customizable using the -Delimiter parameter.
• Do I always need NinjaOne for this script?
  No, the script checks for the availability of the NinjaOne command. If unavailable, it will only display the list and won’t attempt an update on NinjaOne.

Implications

Understanding who has administrative privileges is crucial for IT security. Unauthorized or rogue administrators can make system changes, install malicious software, or access confidential information. By regularly monitoring and auditing local administrators, organizations can significantly mitigate potential security risks.

Recommendations

• Regular Audits: Run this script periodically to keep an updated list of local administrators.
• Integrate with Monitoring: Integrate the output with monitoring solutions to receive alerts on changes to the list of local administrators.
• Documentation: Keep documentation for all users granted local administrative rights, ensuring there’s a valid business reason for each assignment.

Final Thoughts

While PowerShell scripts like the one provided greatly ease the process of fetching and managing local administrators, platforms like NinjaOne elevate these functionalities. NinjaOne’s seamless integration capability, coupled with robust IT management tools, ensures that system administrators are always in control, can quickly respond to changes, and ensure optimal system security and performance.