<#
.SYNOPSIS
Retrieves local Administrators group members, filters out default accounts, and exports the results to a CSV file.
Optionally removes the file if it's empty.
.DESCRIPTION
This script gathers members of the local Administrators group, excludes well-known system SIDs, and formats the output with computer name,
date/time, and other relevant information. The output is saved to a CSV file in a specified network location.
If the resulting CSV file is empty (after filtering), the file is deleted.
.PARAMETER OutputPath
Specifies the network path where the CSV output file should be saved. Defaults to "\\XXXXX\ScriptRunResults".
.EXAMPLE
.\Get-LocalAdmins.ps1 -OutputPath "\\server\share"
Exports local Administrators group members to "\\server\share\LocalAdminOutput-HOSTNAME.csv".
.EXAMPLE
.\Get-LocalAdmins.ps1
Exports local Administrators group members to "\\XXXXX\ScriptRunResults\LocalAdminOutput-HOSTNAME.csv".
.NOTES
This script requires PowerShell 3.0 or later.
Ensure the script execution context has appropriate permissions to access the network share.
The script filters out built-in SIDs: Administrator (500), Domain Admins (512), and two potentially environment-specific SIDs (17741 and 23112).
Adjust the filtered SIDs as needed for your environment.
------------------------------------------------------------------------------------------------------------------------------
.DISCLAIMER This script has been uploaded to and delivered by the Absolute Platform.
A digital signature is used to ensure integrity, authenticity, and non-repudiation, but does not imply that Absolute is the author.
Details about who uploaded and who executed the script are available in the Absolute console.
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $false)]
[string]$OutputPath = "\\XXXXX\ScriptRunResults"
)
# Get computer hostname and current date/time for output file and data
$hostname = $env:COMPUTERNAME
$datetime = Get-Date -Format "yyyyMMdd_HHmmss"
# Construct the output filename
$filename = "LocalAdminOutput-$( $hostname ).csv"
# Construct the full output filepath
$filepath = Join-Path -Path $OutputPath -ChildPath $filename
try {
# Retrieve and filter local Administrators group members
Get-LocalGroupMember -Group Administrators |
Where-Object { $_.SID -notmatch "500$|512$|17741$|23112$|1000" } |
Select-Object @{ Name = "ComputerName"; Expression = { $hostname } },
Name,
ObjectClass,
PrincipalSource,
@{ Name = "DateTime"; Expression = { $datetime } },
SID |
Export-Csv -Path $filepath -NoTypeInformation -Encoding UTF8 #Use UTF8 encoding for better compatibility
# Check if the exported file is empty and remove if so
if ((Get-Content -Path $filepath | Measure-Object).Count -eq 0) {
Remove-Item -Path $filepath -Force #Added -Force to avoid confirmation prompts.
Write-Verbose "Removed empty file: $filepath"
} else {
Write-Verbose "Successfully exported data to: $filepath"
}
}
catch {
# Handle any errors that occur during script execution
Write-Error $_
}
No comments:
Post a Comment