Using Powershell and SCCM to audit local administrators.

In the past, I have used Powershell and SCCM to determine if assets have local administrators that deviate from what is set via Group Policy.
This requires the creation of a Configuration Item and a Configuration Baseline, and a deployment but the below Powershell script can be adapted for other uses.

A value of ‘True’ will be returned if the local administrators of the machine on which the script is run match the values supplied for $users (supply your own environment appropriate values, below are merely examples).

Script is here, rename to PS1 to edit or execute, no warranties expressed or implied.

$useraffinity = gwmi -Namespace root\ccm\policy\machine -Class ccm_useraffinity
$users = “administrator”,”DOMAIN\Domain Admins”,”DOMAIN\Workstation Admins”
foreach ($useraff in $useraffinity)
{ $users += $useraff.ConsoleUser }

$members = net localgroup administrators | where {$_ -AND $_ -notmatch “command completed successfully”} | select -skip 4
New-Object PSObject -Property @{
Computername = $env:COMPUTERNAME
Group = “Administrators”
Members=$members
} | out-null

$adminusers = $true
foreach ($useradm in $users)
{
if (!($members -contains $useradm))
{
$adminusers = $false
break;
}
}

foreach ($useradm in $members)
{
if (!($users -contains $useradm))
{
$adminusers = $false
break;
}
}
write-host $adminusers