Identifying Local Administrators Group

by Sep 22, 2021

Any member of the built-in Administrators group has access to extensive privileges, so checking the members of this group can be part of a security audit. While the “Administrators” group exists by default, its name can vary from culture to culture because it is localized. On German systems, for example, the group is called “Administratoren”.

To access the group regardless of culture and naming, use its SID which is always ‘S-1-5-32-544’:

PS> Get-LocalGroup -SID S-1-5-32-544

Name            Description
----            -----------
Administrators  Administrators have complete and unrestricted access to the...  

Likewise, to dump the list of users and groups with Administrator privileges, use the SID rather than the group name:

PS> Get-LocalGroupMember -SID S-1-5-32-544

Twitter This Tip! ReTweet this Tip!