I see a few problems here.
- On non domain joined computers there must be an administratror account active even if it's not the Account named Administrator.
- On non domain joined computers you'd need an account to run your query
- In general you can only run a query when the computer is online, so you'd need to schedule your queries to run regularly and even then you couldn't be garantueed to get them all because you can't garantuee the PCs will be online in the timeframe you run your query.
That being said
On a Windows 10 PC you can run the following to get the account named Administrator and wether it's enabled:
Get-LocalUser -Name Administrator | Select-Object Name, Enabled
You could use this command in a script like the following one to get the status of a computer.
[pscustomobject]@{
Computername = $env:Computername
AdminEnabled = Get-LocalUser -Name "Administrator" | Select-Object -ExpandProperty Enabled
} | Export-CSV -Path "\\a\share\where\you\can\put\this\$($env:Computername).csv"
You could then run the above command as a startup script in the domain (Be aware that the shared folded would need to be writable for the "Domain Computers" group)
On PCs outside of the domain you're a bit out of luck. If you have an account which can log on remotely on a number of systems you could use something like this:
$APSCredentialWhichHasTheRightsToDoThis = Get-Credential
Invoke-Command -Computername "RemotePC" -ScriptBlock {Get-LocalUser -Name "Administrator"} -Credential $APSCredentialWhichHasTheRightsToDoThis
to get the status of the remote computer.
