Often in companies, we encounter a situation where many individuals have local administrator privileges. This results in numerous applications being present on computers that should never be there, significantly increasing the risk of computer infections.
I have prepared a simple script that can be included in a GPO (Group Policy Object) to run, for instance, during computer shutdown. The script saves data to a file, for example, on a shared drive or in the SYSVOL directory.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# ITAdminBlog.pl # # Get Local Admin list $comp=$env:computername $administrators = Get-LocalGroupMember -Group "Administrators" | Select-Object ObjectClass, Name, @{name="ComputerName";expression={$comp}} # Create PS Custom Object $adminInfo = foreach ($admin in $administrators) { [PSCustomObject]@{ 'PC' = $comp 'Username' = $admin.Name 'IsGroup' = $admin.IsGroup 'PrincipalSource' = $admin.PrincipalSource 'ObjectClass' = $admin.ObjectClass } } # Path to file $path = "\\...\\admins.csv" $outFile = Import-csv $path $new = $outFile += $adminInfo $new | Export-Csv -Path $path -NoTypeInformation |