How to List Local Administrators Using PowerShell?

In this tutorial, I will explain how to use PowerShell to list all the local administrators on a Windows machine. As a system administrator, you may need to audit the local admin accounts to ensure that only authorized users have elevated privileges. PowerShell provides a quick and efficient way to retrieve this information.

What are Local Administrators?

Local administrators have elevated privileges on their respective machines, allowing them to install software, change system settings, and manage other user accounts. In many organizations, especially those with many servers and workstations, it’s essential to regularly audit these accounts to ensure that only necessary personnel have administrative access.

List Local Administrators Using PowerShell

The simplest way to list local administrators on a single machine is by using the Get-LocalGroupMember cmdlet in PowerShell. Here’s how you can do it:

Example: Listing Local Administrators on a Single Machine

Get-LocalGroupMember -Group "Administrators"

This command retrieves all members of the local “Administrators” group on the machine where the command is executed.

The output will display the usernames and their respective account types (e.g., User, Group). For instance:

ObjectClass Name                PrincipalSource
----------- ----                ---------------
User        Bijay\Administrator Local
User        BIJAY\fewli         MicrosoftAccount

The screenshot below displays the two local administrators in my local system after I executed the above PowerShell script.

Check out Rename a Computer Using PowerShell

List Local Administrators on Remote Machines

In a corporate environment, you often need to check multiple machines. To do this, you can use PowerShell Remoting. Ensure that PowerShell Remoting is enabled on the target machines.

Enabling PowerShell Remoting

Run the following command on each target machine:

Enable-PSRemoting -Force

Example: Listing Local Administrators on Multiple Machines

You can create a script that queries multiple machines using their names or IP addresses. Here’s a sample script:

$computers = @("Server1", "Server2", "Server3")

foreach ($computer in $computers) {
    try {
        $admins = Get-LocalGroupMember -Group "Administrators" -ComputerName $computer
        Write-Output "Local Administrators on $computer:"
        $admins | Select-Object Name, ObjectClass
    } catch {
        Write-Output "Could not retrieve administrators from $computer. Error: $_"
    }
}

Explanation of the Script

1. $computers: An array of computer names you want to query.
2. foreach: Loops through each computer in the array.
3. Get-LocalGroupMember: Retrieves local administrators for each specified computer.
4. Write-Output: Displays the results or an error message if the query fails.

You will be able to see the output like the below one.

Local Administrators on Server1:
Name         ObjectClass
----         -----------
JohnDoe      User
Administrators Group

Local Administrators on Server2:
Name         ObjectClass
----         -----------
JaneSmith    User
Administrators Group

Read Get HP Laptop Model and Serial Number Using PowerShell

Exporting the Results to a CSV File

You may want to export the list of local administrators to a CSV file for better management and reporting. Here’s how you can modify the previous script to include this functionality:

$computers = @("Server1", "Server2", "Server3")
$results = @()

foreach ($computer in $computers) {
    try {
        $admins = Get-LocalGroupMember -Group "Administrators" -ComputerName $computer
        foreach ($admin in $admins) {
            $results += [PSCustomObject]@{
                ComputerName = $computer
                Name          = $admin.Name
                ObjectClass   = $admin.ObjectClass
            }
        }
    } catch {
        Write-Output "Could not retrieve administrators from $computer. Error: $_"
    }
}

$results | Export-Csv -Path "LocalAdminsReport.csv" -NoTypeInformation

Explanation:

1. $results: An array to store the results.
2. [PSCustomObject]: Creates a custom object for each administrator with properties for computer name, name, and object class.
3. Export-Csv: Exports the collected data to a CSV file for further analysis.

Check out How to Get Windows Services Using PowerShell?

Error: Access Denied Error

If you encounter an “Access Denied” error, ensure that you are running PowerShell with elevated privileges (Run as Administrator) and that you have the necessary permissions on the target machines.

Error: Remote Management Not Enabled

If remote commands fail, verify that PowerShell Remoting is enabled on the target machines and that the Windows Firewall allows PowerShell traffic.

Conclusion

In this tutorial, I explained how to list local administrators using PowerShell, especially using the Get-LocalGroupMember cmdlet. I have also explained how to get local admins from a remote computer using PowerShell.

You may also like:

• Get the Windows Version Using PowerShell
• Get and Set Window Size in PowerShell
• How to Disable Windows Firewall Using PowerShell?

Bijay Kumar

Bijay Kumar is an esteemed author and the mind behind PowerShellFAQs.com, where he shares his extensive knowledge and expertise in PowerShell, with a particular focus on SharePoint projects. Recognized for his contributions to the tech community, Bijay has been honored with the prestigious Microsoft MVP award. With over 15 years of experience in the software industry, he has a rich professional background, having worked with industry giants such as HP and TCS. His insights and guidance have made him a respected figure in the world of software development and administration. Read more.