Do You Know Who is in Local Administrator Group of a PC

Posted on

As a domain administrator we need to know exactly who is included on local administrator group of a PC. Below is the easiest way to find out who is included on local administrator group of a PC in many PCs.

I found and test the script on Spiceworks forum, it works great and need no spicework installed (nothing to do with Spiceworks).
It is a VBScripts.
It will produce 2 files, 1 in txt format and 1 in csv format (I love csv).
1. On C: create a folder called scripts, save all attachment into this folder.
2. Add all PC name in the file workstations.txt ( import it from active directory)
3. Run file LocalAdminCheck.vbs (Create from below script)
It will create files LocalAdmins.log and LocalAdministratorsMembership.csv (same information in it)
Use either LocalAdmins.log or LocalAdministratorsMembership.csv to see the report.

Sample of LocalAdministratorsMembership.csv generated by below script:

Who Is In Local Administrator Group
LocalAdministratorsMembership.csv

 

‘==========================================================================
‘ NAME: Dump Local Administrators Membership

‘ AUTHOR: Brian Desmond,
‘ DATE  : 4/16/2007
‘==========================================================================
Option Explicit

Const LogFile = “LocalAdmins.log”
Const resultFile = “LocalAdministratorsMembership.csv”
Const inputFile = “c:\scripts\workstations.txt”
Dim fso
Set fso = CreateObject(“Scripting.FileSystemObject”)

Dim shl
Set shl = WScript.CreateObject(“WScript.Shell”)

Dim fil
Set fil = fso.OpenTextFile(inputFile)

Dim results
Set results = fso.CreateTextFile(resultFile, True)

WriteToLog “Beginning Pass of ” & inputFile & ” at ” & Now()
‘WScript.Echo “Beginning Pass of ” & inputFile & ” at ” & Now()
‘On Error Resume Next

Dim grp
Dim line
Dim exec
Dim pingResults
Dim member

While Not fil.AtEndOfStream
line = fil.ReadLine

Set exec = shl.Exec(“ping -n 2 -w 1000 ” & line)
pingResults = LCase(exec.StdOut.ReadAll)

If InStr(pingResults, “reply from”) Then
WriteToLog line & ” responded to ping”
‘WScript.Echo line & ” responded to ping”

On Error Resume Next

Set grp = GetObject(“WinNT://” & line & “/Administrators”)

‘WScript.Echo line & “, Administrators”
results.WriteLine line & “,Administrators,”

For Each member In grp.Members
‘WScript.Echo  “Administrators: ” & member.Name
WriteToLog line & “: Administrators – ” & member.Name
results.WriteLine “,,” & member.Name
Next
Else
WriteToLog line & ” did not respond to ping”
‘WScript.Echo line & ” did not respond to ping”
End If
Wend

results.Close

Sub WriteToLog(LogData)
On Error Resume Next

Dim fil
‘8 = ForAppending
Set fil = fso.OpenTextFile(LogFile, 8, True)

fil.WriteLine(LogData)

fil.Close
Set fil = Nothing
End Sub
 

Error you might encounter:
1. LocalAdministratorsMembership.csv still empty after you run the script.
add absolute path, change script above as below

Const LogFile = “c:\scripts\LocalAdmins.log”
Const resultFile = “c:\scripts\LocalAdministratorsMembership.csv”
Const inputFile = “c:\scripts\workstations.txt”

2. LocalAdministratorsMembership.csv result is not complete.
If you import from Active Directory make sure no invisible character after computer name, delete it.
Hope this help, thanks.

Facebook Comments