Ask the Expert

How do I determine if user accounts have local administrative access?

I was wondering, how can I configure Active Directory and or all the workstations to show what computer and user accounts have local administrator access on the workstations?

The scenario is that some accounts may have been granted access via Active Directory in an organizational unit, while others the individual user in Active Directory may have been given the access to the local administrator group on the box.

I need to see a list so we can correct who should and who should not have local admin access.

Thank you for your help.

Requires Free Membership to View

You can use the "net localgroup administrators" command on each workstation (probably in a login script so that it records its information to a central file for later review). This command will enumerate the members of the Administrators group on each machine you run it on. Alternately, you can use the Restricted Groups feature of Group Policy to restrict the membership of Administrators to only those users you want to belong.

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: