Get Local Admin Group Members in a New Old Way

Yesterday I posted a quick article on getting the age of the local administrator account password. It seemed appropropriate to follow up on a quick and dirty way to list all members of the local administrator group. Normally, I would turn to WMI (and have written about this in the past). But WMI is relatively slow for this task and even using the new CIM cmdlets in PowerShell 3.0 don’t improve performance. Instead I’m going to return to an old school technique using the NET command.

It is very easy to see members. To query a remote computer all I need to do is wrap this in Invoke-Command and use PowerShell remoting.

Yes, there is some overhead for remoting but overall performance is pretty decent. And if you already have an established PSSession, even better. For quick and dirty one-liner it doesn’t get much better. Well, maybe it can.

I have no problem using legacy tools when they still get the job done and this certainly qualifies. To make it more PowerShell friendly though, let’s clean up the output by filtering out blanks, that last line and skipping the “header” lines.

Boom. Now I only get the member names. Let’s go one more level and write an object to the pipeline and be better at handling output from multiple computers. I came up with a scriptblock like this:

This will create a simple object with a properties for the computername, group name and members. Here’s how I can use it with Invoke-Command.

get-netlocalgroupNow I have objects that I can export to XML, convert to HTML or send to a file. But since I’ve come this far, I might as well take a few more minutes and turn this into a reusable tool.

This function lets me specify a group of computers or PSSessions as well as the local group name. Today I may need to know who belongs to the local administrator’s group but tomorrow it might be Remote Desktop Users.

Sometimes even old school tools can still be a part of your admin toolkit.

 

5 thoughts on “Get Local Admin Group Members in a New Old Way

  1. Even if I’d be tempted to resort to other means to get this information, I think the approach (legacy cmdline app -> objects) is an extremely valuable technique. And by “hiding” it in a script you leave the opportunity to switch the implementation out. Very nice!

  2. Again a very good post!
    I Like to go with the WMI / CIM approach under use of the well known SID of the Administrators Group (S-1-5-32-544) because we have International Computer setups.
    net localgroup depends on the Name of the group.
    The German Administrators group name is “Administratoren” and the Spanish is Adminitradores (or so) 😉

    By use of the well known SID you do not have problems with different Names and it works worldwide!
    See: http://support.microsoft.com/kb/243330/en-us

    Greets:
    Peter Kriegel
    http://www.admin-source.de

  3. Pingback: Microsoft Most Valuable Professional (MVP) – Best Posts of the Week around Windows Server, Exchange, SystemCenter and more – #23 - TechCenter - Blog - TechCenter – Dell Community
  4. Pingback: Microsoft Most Valuable Professional (MVP) – Best Posts of the Week around Windows Server, Exchange, SystemCenter and more – #23 - Dell TechCenter - TechCenter - Dell Community

Comments are closed.