Solved

Powershell Password Info

Posted on 2016-09-19
11
51 Views
Last Modified: 2016-10-04
I need to add the following information to this script but I'm not sure how.
Date password last set / Password Age
Local Group Memberships
Global Group Memberships

	$GetAccountsInfoScriptblock = {$Obj = @()
			$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'"
				Foreach($LocalAccount in $AllLocalAccounts)
					{
						$Object = New-Object -TypeName PSObject
						$Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
						$Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
						$Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
						$Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
						$Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
						$Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
						$Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
						$Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
						$Obj+=$Object
					}
		$Obj
		}

Open in new window

0
Comment
Question by:coitadmin
  • 5
  • 5
11 Comments
 
LVL 18

Expert Comment

by:x-men
Comment Utility
$pwdLAstSet = [datetime]::fromfiletime(($LocalAccount .Properties.pwdlastset)[0])
0
 

Author Comment

by:coitadmin
Comment Utility
Unexpected token '.Properties.pwdlastset' in expression or statement.

+             $PwdLastSet = [datetime]::fromfiletime(($LocalAccount .Properties.pwdlastset <<<< )[0])
    + CategoryInfo          : ParserError: (.Properties.pwdlastset:String) [], ParseException
    + FullyQualifiedErrorId : UnexpectedToken
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
I was using a function to get the local admin users list, here is a modified version based on your requirement.. Check and let me know if it works for you..
Function Get-Localadmin {
Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='$True'" | %{
$LocalAccount = $_
$Comp = $env:computername
$Groups = Get-WMIObject win32_group -filter "LocalAccount='True'" | Select PSComputername,Name,@{N="Members";E={$_.GetRelated("win32_useraccount").Name}}
$User = Try {
     Add-Type -AssemblyName System.DirectoryServices.AccountManagement 
     $PrincipalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine,$comp)
     [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($PrincipalContext,$LocalAccount.Name)
    }
    Catch {
        Write-Warning -Message "$($_.Exception.Message)"
    }
 
 New-Object PSObject -Property @{
   Name = $LocalAccount.Name
	Caption = $LocalAccount.Caption
	Disabled = $LocalAccount.Disabled
	LockOut = $LocalAccount.LockOut
	"Password Changeable" = $LocalAccount.PasswordChangeable
	"Password Expires" = $LocalAccount.PasswordExpires
	"Password Required" = $LocalAccount.PasswordRequired
   Description = $LocalAccount.Description
   LastPasswordSet = $User.LastPasswordSet
   passwordage = "$((New-TimeSpan $User.LastPasswordSet (Get-Date)).Days) Days"
   memberOf = ($Groups | ?{$_.Members -contains $LocalAccount.Name} | Select -Expand name) -join ","
   }
 }
}

Get-Localadmin

Open in new window

0
 

Author Comment

by:coitadmin
Comment Utility
This is excellent.  The only part that doesn't seem to be working is the Groups component.  I'm not getting anything back from that part.
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
Does the groups have members?
Check the result of command..
Get-WMIObject win32_group -filter "LocalAccount='True'" | Select PSComputername,Name,@{N="Members";E={$_.GetRelated("win32_useraccount").Name}}

Open in new window

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:coitadmin
Comment Utility
Yes.  The Administrator group for example does contain the Administrator account but it doesn't show up using that command.
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
It's working for me without any issue and showing the groups..
What was the result of command which I posted in my last comment?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
Comment Utility
Also Try this updated code..
Function Get-Localadmin {
Function  Get-LocalGroupMember {
  Param  ($Group)
 $Computer = $env:COMPUTERNAME
 $ADSIComputer = [ADSI]("WinNT://$Computer,computer")
 $group = $ADSIComputer.psbase.children.find($Group,  'Group') 
 $group.Invoke('members')  | ForEach {
 $_.GetType().InvokeMember("Name",  'GetProperty',  $null,  $_, $null)
  }
}
Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='$True'" | %{
$LocalAccount = $_
$Comp = $env:computername
$Groups = Get-WMIObject win32_group -filter "LocalAccount='True'" | Select Name,@{N="Members";E={Get-LocalGroupMember $_.Name}}
$User = Try {
     Add-Type -AssemblyName System.DirectoryServices.AccountManagement 
     $PrincipalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine,$comp)
     [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($PrincipalContext,$LocalAccount.Name)
    }
    Catch {
        Write-Warning -Message "$($_.Exception.Message)"
    }
 
 New-Object PSObject -Property @{
   Name = $LocalAccount.Name
	Caption = $LocalAccount.Caption
	Disabled = $LocalAccount.Disabled
	LockOut = $LocalAccount.LockOut
	"Password Changeable" = $LocalAccount.PasswordChangeable
	"Password Expires" = $LocalAccount.PasswordExpires
	"Password Required" = $LocalAccount.PasswordRequired
   Description = $LocalAccount.Description
   LastPasswordSet = $User.LastPasswordSet
   passwordage = "$((New-TimeSpan $User.LastPasswordSet (Get-Date)).Days) Days"
   memberOf = ($Groups | ?{$_.Members -contains $LocalAccount.Name} | Select -Expand name) -join ","
   }
 }
}

Get-Localadmin

Open in new window

0
 

Author Comment

by:coitadmin
Comment Utility
This is what it gives me:

Name                                                        Members
----                                                        -------
Administrators
Backup Operators
Cryptographic Operators
Distributed COM Users
Event Log Readers
Guests
IIS_IUSRS
Network Configuration Operators
Performance Log Users
Performance Monitor Users
Power Users
Remote Desktop Users
Replicator
Users
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
What is the result for the updated script?
0
 

Author Closing Comment

by:coitadmin
Comment Utility
Works great.  Thank you.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
Set OWA language and time zone in Exchange for individuals, all users or per database.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now