PowerShell for Windows Admins

Jul 5 2010   1:30PM GMT

Get Local Admins



Posted by: Richard Siddaway
Tags:
PowerShell v2
Users
WMI

I’ve been experimenting with different ways of retrieving local group membership – specifically the members of the local admin group.

This is the quickest answer I’ve come up with

001
002
003
004
005
006
Get-WmiObject -Class Win32_GroupUser | 
where{$_.GroupComponent -like "*Administrators*"} | 
foreach {
    $data = $_.PartComponent -split "\,"
    $data[1].Remove(0,5).Replace(‘"’,) 
}

The Win32_Usergroup is one of the association classes. In the case it has all the information we need.  Use the GroupComponent to restrict the data to the admins groups.  Split the Part component and then clean up the second element to get the name.

For reference the two elements look like this:

GroupComponent : \\RSLAPTOP01\root\cimv2:Win32_Group.Domain="RSLAPTOP01",Name="Administrators"

PartComponent  : \\RSLAPTOP01\root\cimv2:Win32_UserAccount.Domain="RSLAPTOP01",Name="Administrator"

If you want to pick off the domain to show the difference between local and domain accounts then manipulate $data[0]  like this

001
002
003
004
005
006
007
008
009
010
Get-WmiObject -Class Win32_GroupUser | 
where{$_.GroupComponent -like "*Administrators*"} | 
foreach {
    $data = $_.PartComponent -split "\,"
   
    $domain = ($data[0] -split "=")[1].Replace(‘"’,) 
    $name = $data[1].Remove(0,5).Replace(‘"’,) 
   
    "$domain\$name"
}

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: