AD Pro Toolkit / Local Admin Report Tool

Local Administrators Report Tool

The Local Admin Reporting Tool will scan domain joined computers and report who is a member of the local administrators group. This tool will show you which users and groups have local admin rights on their computer.

Download Free Trial Schedule Demo
YouTube video

Features:

  • Find who has local administrator rights
  • Scan all local groups
  • Export to CSV, Excel or PDF
  • Fast and easy to use
  • Optionally get nested group members from the local admin group

Requirements:

  • WMI needs to be allowed inbound. If you have the Windows firewall enabled see Firewall docs for the GPO firewall settings to enable WMI.
  • You will need administrator rights on the remote computers.

How to Use the Local Administrators Report Tool

Step 1. Click on “Local Admin Report” from the management tools page.

Step 2. Click Run.

The default search option is the entire domain, click Run to start the scan. To select an OU or group click browse.

The report includes the following columns.

  • Computer = The remote computer hostname.
  • Group Name = The name of the local group.
  • Member Name = The name of the user or group that is a member of the group.
  • Object Class = The members object class.
  • Principal Source = This indicates if the member is a domain object or local object.
  • Status = Computer status.

Report Example.

In the above example, the server SRV09 has the following accounts as a member of the local administrator’s group.

  • Administrator (local user object)
  • Domain Admins (domain group)
  • it_wrk_admins (domain group)

Scan Computers in a Specific OU or Group

To scan computers in a specific OU or group click the browse button.

Now when you run the tool it will only scan the computers from the selected OUs or groups.

Scan Computers from a CSV list.

To scan a list of specific computers you can use a CSV file.

1. Download the CSV template.

2. Enter each computer name in the CSV file.

3. Select your CSV file and click run.

Scan All Local Groups

By default, the tool will only get members from the local administrator group.

To get all groups click the “Show All groups” box.

When you run the tool it will now include all local groups.

Included Nested Group Membership

By default, the tool will get direct members only. To show members of groups click “Include nested groups”

Here is a before screenshot (no nested groups).

Here is a screenshot after enabling “Include nested groups”.

The report now includes all the members of the “it_wrk_admins” group.

Schedule Scans (Automated Reports)

The local admin report tool can be run on an automated schedule with email reports.

1. Click on Scheduler

Note: If you want automated email reports you will first need to configure the email settings.

2. Click on Add and select “Local Admins Report”.

Click Next and complete the steps to create a task.