There are a few default accounts on Windows machines such as the local “Administrator” account. While this account exists by default, its name can vary from culture to culture, and its name can also be renamed.
To always identify the local Administrator account regardless of its name, search local accounts by SID (security identifier). The local Administrator account SID always starts with ‘S-1-5-‘ and uses the RID ‘-500’:
PS> Get-Localuser | Where-Object Sid -like 'S-1-5-*-500' Name Enabled Description ---- ------- ----------- Administrator False Built-in account for administering the computer/domain