1 Reply Latest reply on Jul 20, 2018 7:10 AM by yaquaholic

    Report to fetch Local Administrators on Individual Servers




      Is there any way in Solarwinds, via which we can fetch the information of all local admin accounts for each of the servers.

      This needs to be used by security team to know if any unused admins are a part of Administrator group of each of the server.




        • Re: Report to fetch Local Administrators on Individual Servers

          Hi uaggarwal


          Create a locally executed PowerShell monitor, that runs something like:




          # Get local users accounts, for SolarWinds PowerShell monitor

          # Verison 0.1

          # Blatantly borrowed from https://gallery.technet.microsoft.com/scriptcenter/Get-remote-machine-members-bc5faa57

          # Thwack: Yaquaholic

          # Realworld: Rich Graham

          # 20th July 2018


          $count = 0

          $admins = Gwmi win32_groupuser –computer localhost 

          $admins = $admins |? {$_.groupcomponent –like '*"Administrators"'} 


          ForEach ($entry IN $admins)

                    { $entry.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul 

                      $account = $matches[1].trim('"') + “\” + $matches[2].trim('"')

                      $count ++

                      Write-Host "Message.$($count):" $account  } 




          And deploy the monitor to the required servers, the returning messages will be the local Admin accounts information you seek.


          Caveat: These PowerShell monitors are limited to a maximum of 10 output rows which means only the first 10 users will be returned. If you have more than ten local admin users you might need to rethink this one.


          Hope it helps,