Solved

Powershell - How to pull all Local Accounts from multiple machines

Posted on 2013-11-22
6
789 Views
Last Modified: 2013-11-25
Hi EE

I have the script below that Subsun helped me with . It was originally set to pull the member of the Administrators group but I was trying to modify it to pull all Local Accounts and its pulling members of the local Users group only not all Local Accounts .

Any ideas ?  I dont have to use this scrtipt if someone already has something different.

function get-localusers {
        param(
    [Parameter(Mandatory=$true,valuefrompipeline=$true)]
    [string]$strComputer)
    begin {}
    Process {
      $Select = "Name","Class" | %{  
        Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$Null, `$_, `$Null) }}"  
      }
      If (Test-Connection $strComputer -Count 2 -Quiet){
        $Users =""
        $computer = [ADSI]("WinNT://" + $strComputer + ",computer")
        $UsersGroup = $computer.psbase.children.find("Users")
        $Usermembers= $UsersGroup.psbase.invoke("Members") | Select $Select
              foreach ($Users in $Usermembers) {
              $Users | Select @{N="ComputerName";E={$strComputer}},@{N="Users";E={$_.Name}},Class
                  }
            }
      Else {
            "" | Select @{N="ComputerName";E={$strComputer}},@{N="Users";E={"Not able to Ping"}},Class
        }
     }
end {}
}
Get-Content "e:\Projects\servers\Servers.txt" | get-localusers | Select ComputerName,Users,Class | Export-Csv "e:\Projects\Servers\LocalTest_$((get-date).toString('MM-dd-yyyy')).csv" -NTI
0
Comment
Question by:MilesLogan
  • 3
  • 3
6 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39669734
If you need only users in report then try..
function get-localusers {
    param(
    [Parameter(Mandatory=$true,valuefrompipeline=$true)]
    [string]$strComputer)
    begin {}
    Process {
      If (Test-Connection $strComputer -Count 2 -Quiet){
	$Users = Get-WmiObject Win32_UserAccount -ComputerName $strComputer
        foreach ($User in $Users) {
         $User | Select @{N="ComputerName";E={$strComputer}},@{N="User";E={$_.Name}}
         }
        }
      Else {
            "" | Select @{N="ComputerName";E={$strComputer}},@{N="User";E={"Not able to Ping"}}
        }
     }
end {}
}
Get-Content "e:\Projects\servers\Servers.txt" | get-localusers | Select ComputerName,User | Export-Csv "e:\Projects\Servers\LocalTest_$((get-date).toString('MM-dd-yyyy')).csv" -NTI 

Open in new window

0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39670752
Hi Subsun , I don't get an error but it just loops and it does not output any data .
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39672067
I just tested the code and I am getting the following result..

"ComputerName","User"
"ServerA","Not able to Ping"
"ServerB","Not able to Ping"
"TestSRV","Administrator"
"TestSRV","Guest"
"TestSRV","TestUser"

Open in new window


Are you getting the user details when you run the following command?

Get-WmiObject Win32_UserAccount -ComputerName ServerA

Open in new window

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 2

Author Comment

by:MilesLogan
ID: 39672246
Below will pull Local Users from an XP machine but if I want the local users from Server 2003/2008 it does not .. same with the full script

Get-WmiObject Win32_UserAccount -ComputerName ServerA
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39672645
Ok I didn't test it.. Try this..
function get-localusers {
    param(
    [Parameter(Mandatory=$true,valuefrompipeline=$true)]
    [string]$strComputer)
    begin {}
    Process {
      $Select = "Name","Class" | %{  
      Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$Null, `$_, `$Null) }}"  
       }
        If (Test-Connection $strComputer -Count 2 -Quiet){
         $computer = [ADSI]("WinNT://" + $strComputer + ",computer")
         $Users = $computer.psbase.children | ? {$_.psbase.SchemaClassName -eq "User"}
	 foreach ($User in $Users) {
	  $User | Select @{N="ComputerName";E={$strComputer}},@{N="User";E={$_.Name}},Class
	 }
        }
      Else {
          "" | Select @{N="ComputerName";E={$strComputer}},@{N="User";E={"Not able to Ping"}},Class
        }
      }
end {}
}
Get-Content "e:\Projects\servers\Servers.txt" | get-localusers | Select ComputerName,User | Export-Csv "e:\Projects\Servers\LocalTest_$((get-date).toString('MM-dd-yyyy')).csv" -NTI

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39676563
WOW Subsun !  you always help out so much ! thanks !
I am opening a new question to modify this same script if it can show if the user is Disabled/Enabled and possibly the Full Name and Description .
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now