Report to fetch Local Administrators on Individual Servers

Question

Hi,

Is there any way in Solarwinds, via which we can fetch the information of all local admin accounts for each of the servers.

This needs to be used by security team to know if any unused admins are a part of Administrator group of each of the server.

Regards,

Ujjwal

yaquaholic · Accepted Answer

Hi uaggarwal ​ Create a locally executed PowerShell monitor, that runs something like: -------------------------------------------------------------------------------------------------------------------------------------------------------------- # Get local users accounts, for SolarWinds PowerShell monitor # Verison 0.1 # Blatantly borrowed from https://gallery.technet.microsoft.com/scriptcenter/Get-remote-machine-members-bc5faa57 # Thwack: Yaquaholic # Realworld: Rich Graham # 20th July 2018 $count = 0 $admins = Gwmi win32_groupuser –computer localhost  $admins = $admins |? {$_.groupcomponent –like '*"Administrators"'}    ForEach ($entry IN $admins)           { $entry.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul              $account = $matches[1].trim('"') + “\” + $matches[2].trim('"')             $count ++             Write-Host "Message.$($count):" $account  }  -------------------------------------------------------------------------------------------------------------------------------------------------------------- And deploy the monitor to the required servers, the returning messages will be the local Admin accounts information you seek. Caveat: These PowerShell monitors are limited to a maximum of 10 output rows which means only the first 10 users will be returned. If you have more than ten local admin users you might need to rethink this one. Hope it helps, yaquaholic