Home > database >  How to list only enabled local administrators
How to list only enabled local administrators

Time:04-20

Trying to list only local administrator accounts that are enabled on windows workstations.

Have this code so far but I am running into issues beyond this point trying to compare if the active user is an administrator.

$enabledUsers = (Get-LocalUser | Select * | sort Name, FullName, Enabled) | where-object enabled -eq $true

$enabledUsers | Select Name, Fullname

CodePudding user response:

You can use Get-LocalGroupMember to get all members of the Administrators group, however this cmdlet doesn't tell us if the returned users are Enabled, we can pass the SID of each user to Get-LocalUser and filter for those Enabled ones:

Get-LocalGroupMember Administrators | Where-Object { (Get-LocalUser $_.SID -EA 0).Enabled }

-EA 0 (-ErrorAction SilentlyContinue) is used in this example because the members of the group may not be of the class User, in which case, the cmdlet would throw an error (which we want to avoid).

If you need LocalUser objects instead of LocalPrincipal objects, you can use this instead:

Get-LocalGroupMember Administrators | ForEach-Object {
    if(($usr = Get-LocalUser $_.SID -EA 0) -and $usr.Enabled) {
        $usr | Select-Object Name, FullName
    }
}

CodePudding user response:

Get-LocalGroupMember Adminstrators | Where-Object {$_.PrincipalSource -ne "ActiveDirectory"} | select sid | ForEach-Object {
        Get-LocalUser $_.sid | Where-Object {$_.Enabled -eq $True } | select name, enabled
}

If you need to filter out AD admins as well

Page link:https//www.codepudding.com/database/378338.html

Prev:I'm trying to convert this file into json format & store it's output in another file
Next:Remove duplicates and mirror from [x,y] coordinates
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding