The following script can be run against remote Windows machines, and will enumerate the contents of the remote server’s local administrators group.

It requires Sysinternals PSExec utility, and must be run with administrative credentials.  Set the four paths to the correct locations for your workstation.
REM set path to PSexec on machine the script is being run from
 Set PSExecDir=c:\pstools

REM Set file that contains the list of all your remote machines
 Set InputFile=C:\servers.txt

REM Set path to file where administrator group membership is logged
 Set OutputFile=C:\localadmins.txt

REM set path to error log file
 Set ErrorFile=C:\errors.txt

for /f %%a in (%InputFile%) do (
echo *** Checking Server %%a *** >> %OutputFile%
%PSExecDir%\psexec \\%%a net localgroup administrators >> %OutputFile%
IF ERRORLEVEL 1 (echo Problem with obtaining local administrators on %%a >> %ErrorFile%)
 )

Leave a Reply

Your email address will not be published. Required fields are marked *