-
Notifications
You must be signed in to change notification settings - Fork 128
/
GetLocalAdministrators.ps1
100 lines (97 loc) · 4.03 KB
/
GetLocalAdministrators.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<#
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2015 v4.2.98
Created on: 11/23/2015 1:14 PM
Created by: Mick Pletcher
Filename: GetLocalAdministrators.ps1
===========================================================================
.DESCRIPTION
This script will open query the local administrators group. It generates
a log file if there are users in the local administrators group that are
not in the exclusions group. A .log file is written to the local HDD. The
script then returns a error code 0 back to SCCM, which will initiate a
software deployment. At that point, the secondary script will email
the .log file to the appropriate users. That script then deletes the
.log file which will then create a successful
#>
#Declare Global Variables
Set-Variable -Name Body -Force
Set-Variable -Name EmailAddress -Force
Set-Variable -Name EmailAddresses -Force
Set-Variable -Name Exclusions -Force
Set-Variable -Name LocalAdmin -Force
Set-Variable -Name LocalAdmins -Force
Set-Variable -Name LogFile -Value $env:windir"\Logs\LocalAdministrators.log" -Force
Set-Variable -Name LogFileEmailed -Value $env:windir"\Logs\LocalAdministrators_Emailed.log" -Force
Set-Variable -Name Member -Force
Set-Variable -Name Members -Force
Set-Variable -Name Output -Force
Set-Variable -Name Prof -Force
Set-Variable -Name Profiles -Force
Set-Variable -Name RelativePath -Force
cls
$RelativePath = (split-path $SCRIPT:MyInvocation.MyCommand.Path -parent) + "\"
$Body = "Local Administrator(s)" + [char]13 + "---------------------------" + [char]13
$EmailAddresses = @()
$EmailAddresses = Get-Content -Path $RelativePath"EmailAddresses.txt"
$LocalAdmins = @()
$Members = net localgroup administrators | where { $_ -AND $_ -notmatch "command completed successfully" } | select -skip 4
$Profiles = Get-ChildItem -Path $env:SystemDrive"\users" -Force
$Exclusions = Get-Content -Path $RelativePath"Exclusions.txt"
Foreach ($Member in $Members) {
$Member = $Member.Split("\")
If ($Member.Count -gt 1) {
[string]$Member = $Member[1]
If ($Member -notin $Exclusions) {
Foreach ($Prof in $Profiles) {
If ($Member -eq $Prof) {
$LocalAdmins += $Member
}
}
}
}
Remove-Variable -Name Member
}
if ((Test-Path $LogFileEmailed) -eq $true) {
Remove-Item -Path $LogFileEmailed -Force
}
if ((Test-Path $LogFile) -eq $true) {
Remove-Item -Path $LogFile -Force
}
if ($LocalAdmins.Count -gt 0) {
if ((Test-Path $LogFile) -eq $false) {
New-Item -Path $LogFile -ItemType file -Force
}
foreach ($LocalAdmin in $LocalAdmins) {
Add-Content -Path $LogFile -Value $LocalAdmin -Force
$Body = $Body + $LocalAdmin + [char]13
}
}
If ($LocalAdmins.count -eq 1) {
$Output = $LocalAdmin + [char]32 + "is a local administrator on" + [char]32 + $env:COMPUTERNAME
foreach ($EmailAddress in $EmailAddresses) {
Send-MailMessage -To $EmailAddress -From "[email protected]" -Subject "Local Administrator Report" -Body $Output -SmtpServer "smtp.acme.com"
}
Rename-Item -Path $LogFile -NewName $LogFileEmailed -Force
} else {
$Output = "The attached file lists all local administrators on" + [char]32 + $env:COMPUTERNAME
foreach ($EmailAddress in $EmailAddresses) {
Send-MailMessage -To $EmailAddress -From "[email protected]" -Subject "Local Administrator Report" -Body $Output -Attachments $LogFile -SmtpServer "smtp.acme.com"
}
Rename-Item -Path $LogFile -NewName $LogFileEmailed -Force
}
$LocalAdmins = $null
#Cleanup Global Variables
Remove-Variable -Name Body -Force
Remove-Variable -Name EmailAddress -Force
Remove-Variable -Name EmailAddresses -Force
Remove-Variable -Name Exclusions -Force
Remove-Variable -Name LocalAdmin -Force
Remove-Variable -Name LocalAdmins -Force
Remove-Variable -Name LogFile -Force
Remove-Variable -Name LogFileEmailed -Force
Remove-Variable -Name Members -Force
Remove-Variable -Name Output -Force
Remove-Variable -Name Prof -Force
Remove-Variable -Name Profiles -Force