Computer Auditing – Part 1 – Local Group Membership

This is Part 1 of 4 (Part 2 is here, Part 3 is here, and Part 4 is here), where I go through how I use PowerShell to audit different aspects of workstations/servers. There are a lot of ways to perform these types of tasks, and a lot of software which can do these things out of the box.  SCCM is often used for these sorts of things, but I find a lot of companies haven’t invested in SCCM or spent the time “investing” in SCCM SMEs to make it really useful.

So, I often resort to these types of scripts to get the data I need, and often run these things as Scheduled Tasks, locally, and have the data stored it in a central database (maybe a topic for down the line).

This script gets the Local Computer groups, and the membership of those groups.  Usually I’m just interested in the local Administrators group, but this gives you everything.  There’s an argument for not reporting back on empty groups – but I’ll leave that up to you to change/implement if you want to skip those.

 

The resulting object, $getmembers. should then look something like this:

 

Although a few years old now, I wrote this in 2015 which does something similar: https://hkeylocalmachine.com/?p=166

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *