≡ Menu

Audit local administrator password on workstations/servers using PowerShell script

“How to audit local administrator password on list of servers using a script” — this is the question I have seen in one of the forums I participate. The requester asked for a way to read local administrator password on a server and compare it with the standard password and report deviations if any. While this sounds like a good algorithm to audit, I wonder how one can “READ” passwords of any account in Windows Operating System. But still requirements are requirements and we need a way to address them.

After thinking for sometime, I recollected one of the old tricks I have used during my initial days of system administration. “Accessing of other systems resources(like C$) works if the source(from where you are trying to access) and target systems are running with same local administrator password”. That means you should login to system with local administrator password and then you should be able to manage remote systems if they have same password with which you logged into the current one. I felt why can’t I use this to audit the administrator password.

I quickly wrote a powershell script(code below) of few lines and tested. It worked like a champ. So, what I am trying to do here is, accessing the c$ share of remote computer. This works if the remote computer password is same as the one with which I logged into current computer; otherwise it fails. Is n’t it enough to audit the admin rights and identify the computers which are not having the correct password? I feel this should be good and quick.

$servers = Get-Content c:tempserverslist.txt$servers | % {

if(Test-Path “\$_c`$windows”) {

Write-Host “Local administrator account on $_ has same password”

}  else  {

Write-Host “Local administrator account on $_ has different password”


I would be more happy if you can suggest a more efficient way of doing this.

{ 1 comment… add one }

Leave a Comment