Monitors and audits all local administrator endpoints.
This PowerShell Worklet lets you check devices for local administrator accounts so that you can remove them where local privileges could pose a security risk or are unnecessary.
Admins can use this PowerShell script to verify if there are unwanted local administrator accounts on managed endpoints.
When run, this Worklet will audit a device for all local administrator accounts and list them in the activity log if they exist. Then, you can take any follow-up action needed, like removing local admin accounts.
This Worklet is compatible with Windows 8 / Server 2012 and above.
A local administrator account is a user account with administrative privileges on a specific device, such as a computer or a server. It has elevated access rights, allowing the user to make changes to system settings, install or uninstall software, modify files and folders, and perform other administrative tasks on that particular device.
There are several instances where it doesn’t make sense for an endpoint to have a local admin account. Here are a few examples:
Having a local administrator account on an end user device can pose security risks. If an unauthorized person gains access to the device or the credentials associated with the local administrator account, they can potentially make unauthorized changes, install malicious software, or access sensitive data. By removing the local administrator account, the IT admin can mitigate these security risks and reduce the attack surface.
IT admins often strive to maintain standardization and control over the devices in their organization. By removing local administrator accounts, they can enforce uniformity in device configurations and ensure that users do not make unauthorized changes or install unauthorized software that could negatively impact system stability, performance, or security. This approach allows the IT admin to have centralized control over device management and reduces the potential for system instability caused by unregulated user modifications.
In certain industries or organizations, compliance regulations or security standards may require restricting administrative access on end user devices. By removing local administrator accounts, IT admins can demonstrate compliance with these requirements and ensure that users are operating within the authorized boundaries of their roles.
Removing local administrator accounts can help streamline support and troubleshooting processes. When end users do not have administrative privileges, it reduces the likelihood of accidental changes or unauthorized modifications that can lead to system issues. IT admins can provide more targeted support and troubleshooting guidance when they have control over the device configuration and can ensure that changes are made with proper authorization.
No credit card required. By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in
Consider Worklets your easy button
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.
AUTOMOX + WORKLETS™
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy