Win Powershell get list of active local users-CodePudding

I want to get the list of active local users on the windows server. When I do Get-LocalUser, I get following output

Name               Enabled Description                                                              
----               ------- -----------                                                              
DefaultAccount     False   A user account managed by the system.                                    
Guest              False   Built-in account for guest access to the computer/domain                 
labadmin           True    Built-in account for administering the computer/domain                   
Test               True                                                                             
WDAGUtilityAccount False   A user account managed and used by the system for Windows Defender Application Guard scen...

I tried GetLocalUser -Enabled True and got following error

Get-LocalUser : A parameter cannot be found that matches parameter name 'Enabled'.
At line:1 char:79
  ... ng = New-Object Text.UTF8Encoding $false; Get-LocalUser -Enabled True
                                                              ~~~~~~~~
      CategoryInfo          : InvalidArgument: (:) [Get-LocalUser], ParameterBindingException
      FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.GetLocalUserCommandnon-zero return code

What is the correct parameter to filter out the disabled users?

CodePudding user response：

Get-Help -Name "Get-LocalUser" (also written help get-localuser) will show you that the only available parameters are:

SYNTAX
    Get-LocalUser [[-Name] <String[]>] [<CommonParameters>]

    Get-LocalUser [[-SID] <SecurityIdentifier[]>] [<CommonParameters>]

And there is no parameter to filter on the enabled users. You need to get the results back, then filter afterwards. From the results in your question, the Enabled column shows you that the user objects probably have a property called Enabled which you can check for the filtering:

$users = Get-LocalUser
$enabledUsers = $users | Where-Object { $_.Enabled }

If you did not know that, or that did not work because the column name is not exactly the same as the property name, you could run $users | Get-Member to see what properties the user objects have, and then look through them for ones to check. Enabled is shown in the result:

   TypeName: Microsoft.PowerShell.Commands.LocalUser

Name                   MemberType Definition
----                   ---------- ----------
Clone                  Method     Microsoft.PowerShell.Commands.LocalUser Clone()
Equals                 Method     bool Equals(System.Object obj)
GetHashCode            Method     int GetHashCode()
GetType                Method     type GetType()
ToString               Method     string ToString()
AccountExpires         Property   System.Nullable[datetime] AccountExpires {get;set;}
Description            Property   string Description {get;set;}
Enabled                Property   bool Enabled {get;set;}
FullName               Property   string FullName {get;set;}
LastLogon              Property   System.Nullable[datetime] LastLogon {get;set;}
Name                   Property   string Name {get;set;}
ObjectClass            Property   string ObjectClass {get;set;}
PasswordChangeableDate Property   System.Nullable[datetime] PasswordChangeableDate {get;set;}
PasswordExpires        Property   System.Nullable[datetime] PasswordExpires {get;set;}
PasswordLastSet        Property   System.Nullable[datetime] PasswordLastSet {get;set;}
PasswordRequired       Property   bool PasswordRequired {get;set;}
PrincipalSource        Property   System.Nullable[Microsoft.PowerShell.Commands.PrincipalSource] PrincipalSource {ge...
SID                    Property   System.Security.Principal.SecurityIdentifier SID {get;set;}
UserMayChangePassword  Property   bool UserMayChangePassword {get;set;}