JSI Tip 8990. How can I report local Administrators group membership for all the computers in my network?

Using PsExec.exe, I have scripted LocalAdmins.bat to report local Administrators group membership for all the computers in my network.

The syntax for using LocalAdmins.bat is:

\\Host\Share\LocalAdmins.bat Account Password


Host     is a computer that will host the LocalAdmins.bat script and the LocalAdmins.log report file in it's Share.

Share    is a share name on Host that is writeable by Account.

Account  is an account that has administrative privileges on all the computers in your network.

Password is the password of Account.

Sample Usage:

\\jsi001\netlogon\LocalAdmins.bat JSIINC\Jerry <Password>

The resulting \\jsi001\netlogon\LocalAdmins.log report might contain:

JSI001 Administrator
JSI001 Domain Admins
JSI001 Enterprise Admins
JSI005 Administrator
JSI005 JSIINC\Domain Admins
JSI007 Administrator
JSI007 JSIINC\Domain Admins
JSI007 JSIINC\Jennifer
JSI009 Administrator
JSI009 JSIINC\Domain Admins
NOTE: You must copy PsExec.exe to \\Host\Share\Psexec.exe.

LocalAdmins.bat contains:

@echo off
if \{%2\}==\{\} @echo Syntax: LocalAdmins DomainAdminAccount DomainAdminPassword&goto :EOF
set batch=%~DP0LocalAdminsBat.bat
set report=%~DP0LocalAdmins.log
set PsExec=%~DP0PsExec.exe
set domacct=%1
set pw=%2
@echo @echo off>%batch%
@echo setlocal>>%batch%
@echo for /f "Skip=6 Tokens=*" %%%%m in ('net localgroup administrators^^^|FIND /V /I "The command completed successfully."') Do @echo ^%%computername^%% %%%%m>>%batch%
@echo endlocal>>%batch%
if exist %report% del /q %report%
call :quiet>nul 2>&1
del /q %batch%
goto :EOF
for /f "Tokens=1" %%c in ('net view^|FIND "\\"') do (
 %PsExec% %%c -u %domacct% -p %pw% %batch%>>%Report%

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.