Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Introduction
Monitoring local groups listings is essential to Microsoft Windows Server 2016 security. Sometimes Active Directory groups or user accounts are added to the local Administrators group or other privileged groups on a local machine so users can install the programs they need to do their jobs, connect to the workstation remotely, make backups and so on. While this approach reduces helpdesk workload, it significantly increases security risks on your systems by increasing the attack surface area and the risk of privilege abuse. By carefully monitoring the membership of local groups, you can reduce these risks.
Steps
1. Open the PowerShell ISE
Connect to the computer from which you want to get a list of all local groups by running the following cmdlet and entering appropriate credentials:
Enter-PSSession computername -Credential Enterprise\T.Simpson
2. Run scripts
Run the following script on each workstation from which you need to get a list of local groups, specifying the network path for export:
Get-LocalGroup | select name | Out-File \\fs1\shared\IT\scripts\localgroups.csv
3. Result
Open the file produced by the script in MS Excel.
https://img.netwrix.com/howtos/list_local_groups_using_powershell.png
Credits
Originally posted at: https://www.netwrix.com/how_to_list_local_groups_powershell.html/a>