forked from MicksITBlogs/PowerShell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
LocalAdministratorsDetection.ps1
59 lines (56 loc) · 2.13 KB
/
LocalAdministratorsDetection.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<#
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2015 v4.2.98
Created on: 11/23/2015 1:14 PM
Created by: Mick Pletcher
Filename: LocalAdministratorsDetectionMethod.ps1
===========================================================================
.DESCRIPTION
This script will query the local administrators group. It will return a
success to SCCM if there are no members in the local administrators
group or if a system is in the SystemExclusions array or a user is
in the MemberExclusions variable.
#>
#Declare Global Variables
Set-Variable -Name LocalAdmins -Force
Set-Variable -Name LogFile -Value $env:windir"\Logs\LocalAdministrators_Emailed.log" -Force
Set-Variable -Name Member -Force
Set-Variable -Name MemberExclusions -Force
Set-Variable -Name Members -Force
Set-Variable -Name SystemExclusions -Force
cls
$MemberExclusions = @("Domain Admins","Workstation Admins")
$SystemExclusions = @("SYSTEM01")
$LocalAdmins = @()
$Members = net localgroup administrators | where { $_ -AND $_ -notmatch "command completed successfully" } | select -skip 4
$Profiles = Get-ChildItem -Path $env:SystemDrive"\users" -Force
Foreach ($Member in $Members) {
$Member = $Member.Split("\")
If ($Member.Count -gt 1) {
[string]$Member = $Member[1]
If ($Member -notin $MemberExclusions) {
$LocalAdmins += $Member
}
}
Remove-Variable -Name Member
}
if (($LocalAdmins.Count -eq 0) -and ((Test-Path -Path $LogFile) -eq $true)) {
Remove-Item -Path $LogFile -Force
}
if (($LocalAdmins.Count -gt 0) -and ($env:COMPUTERNAME -notin $SystemExclusions) -and ((Test-Path -Path $LogFile) -eq $false )) {
Start-Sleep -Seconds 5
exit 0
} else {
Write-Host "No Local Administrators"
Start-Sleep -Seconds 5
exit 0
}
$LocalAdmins = $null
#Cleanup Global Variables
Remove-Variable -Name LocalAdmins -Force
Remove-Variable -Name LogFile -Force
Remove-Variable -Name Member -Force
Remove-Variable -Name MemberExclusions -Force
Remove-Variable -Name Members -Force
Remove-Variable -Name SystemExclusions -Force