Articles and Ideas

PowerShell: Audit all local groups with members across domain

Posted by:

PowerShell: Audit all local groups with members across domain

I was surprised when I found out that not many administrators use PowerShell! It is extremely important to master it, since modern datacenter administration in enterprise environments generate tasks impossible to complete in reasonable deadlines.

I felt so astonished; I am going to dedicate a whole new PowerShell category in my blog.
To explain my decision, I am going to present you the following real-life example:
I was recently given the task to audit (discover) all local groups on all of the workstations and list all of their members. I had to present my findings to internal audit department to negotiate and document needs for local administrative accounts and discover any irregularities in privileges.

I have more than 2000 workstations in my current environment, dispersed across all of the country. How much time would you plan for this task?

I planned 2 hours for development of the script and 2 days for actual script run and tests. It took me only 7 hours to complete this task since script did its job in 5 hours. That’s just one work day even with nice and usable reports and on screen display progress. I could have been a bit faster if I didn’t put so much effort and time in makeup of this script 🙂

What I wrote was and WMI Object discovery of local groups since I have believed all of my workstations allowed RPC. That was a mistake 🙁 so I have included in report workstations not ready for RPC and nice help in the scripts Catch block.

Below is the script you can test in your environment, only remeber to define your mail server parametars in script to allow script to send an email.
Also notice that you can use filter block in Get-ADComputer command to list different systems in your environment.

 

You can copy/paste it in your PowerShell ISE to review it more easily.

2


Predrag Mirjanić

About the Author:

I am capable of working as an engineer on complicated projects or as a "one-man band" bringing the project from scratch to successful fruition. Regarding my technical skills I have quite a lot to offer. Primarily I am a Systems Administrator (Engineer). I have acquired experience in the field by installing, implementing and administering many different Microsoft based network setups in large ICT environments, in diverse industry and government companies. I am familiar with older operating systems including Linux/UNIX based systems. I have designed, installed and implemented different technologies like: Exchange, IP CCTV, BES, SCCM (specifically ZTI), network QoS optimization, and much more. I have good experience with virtualized environments (Microsoft based). I can apply my skills to help automate processes in order to reduce administrative overheads and/or human errors. I am in process of developing WAMP based (Windows, Apache, MySQL and PHP) intranet (company-wide) social networking site for document and project management purposes. Engineering hardware based cloud (powered by Linux OS) for purposes of rendering video material. Also programming several different RouterOS based MikroTik routers to deliver ultimate network management solution (QoS, bandwidth control, L7 protocol traffic control etc.).

Discussion

  1. Stefan  November 30, 2013

    Svaka cast maestro 😉

    (reply)

Add a Comment