Monitoring local groups listings is essential to Microsoft Windows Server 2016 security. Sometimes Active Directory groups or user accounts are added to the local Administrators group or other privileged groups on a local machine so users can install the programs they need to do their jobs, connect to the workstation remotely, make backups and so on. While this approach reduces helpdesk workload, it significantly increases security risks on your systems by increasing the attack surface area and the risk of privilege abuse. By carefully monitoring the membership of local groups, you can reduce these risks.
If you have enough PowerShell knowledge and experience, you can create a script that lists all local groups, including the local Administrators group. By running this script periodically and comparing the result with your baselines, you can find out whether any rogue groups have been created. But this is not a very convenient way to achieve even that limited goal because you’ll have to run the script on each machine you are interested in and there is no way to get it from the number of servers with one script.
Netwrix Auditor for Windows Server makes it easy to review the list of all local groups and also see all the members of each group. Unlike manual scripting, Netwrix Auditor automatically retrieves this information from the number of servers and provides you with the list of local groups for each server in one click. Reviewing the report on a regular basis will help you establish your baseline and spot any deviations that violate your security policy.
Receive information about local groups on a regular basis right to your inbox by subscribing to the report and, thus, facilitating good IT housekeeping.
If you also need to track all user objects membership is these groups, navigate to how to get local group membership report page.