There’s a couple ways to get them, I’m sure you’ve been around the internet looking.
The Powershell scripts I use:
Get-LocalGroupMember -Group ‘Administrators’ | Where-Object ObjectClass -ne ‘Group’ | Select-Object Name -ExpandProperty Name
This will give you all the locally/directly provisioned admin accounts. Note this is only user accounts, not groups. I didn’t care about groups in this instance.
Sometimes you can get a Powershell error “Get-LocalGroupMember” something about a cmdlet not being there, or something about array comparison.
Well, there’s a script for that too, using CIMinstance
Get-CimInstance Win32_GroupUser | Where {$_.GroupComponent -like ‘*admini*’} | Where {$_.PartComponent -like ‘Win32_UserAccount*’} | Select-Object -ExpandProperty PartComponent | Select-Object -ExpandProperty Name
And there you go, pulling directly provisioned user accounts from the local admin group. This should work for any other group too. And you can if than else the results to look for specific accounts. I like to throw the script into a variable and then run the if than else against the variable.
I wrote this all on my phone, so I’m sure this is riddled with typos, but it should at least get you (me) going.
No comments:
Post a Comment