How to List All User Accounts on a Windows System

How to Check User Group in Windows Servers to Reduce Your Attack Surface Area

If a local user account is compromised by an attacker or malware, all resources that user has permissions to access across the network are vulnerable. By ensuring that users have access to only the resources they need to do their jobs, you limit the reach of attackers and malware, which enhances security. You can use native tools to get some insight into local accounts and their properties. You can get a list of Windows users with command line entries, but you have to check user groups in Windows machines one at a time by entering ‘net user’ at the command line. Or, if you have the time and skills, you can create, test and run a PowerShell script to get all local users on all Windows systems on your domain.

1. Create a file containing the computer list → Open the Powershell ISE → Run the following script, adjusting the file name and path for the export:

$computers = Get-Content -Path C:\data\computers.txt Get-WmiObject -ComputerName $computers -Class Win32_UserAccount -Filter "LocalAccount='True'" |
Select PSComputername, Name, Status, Disabled, AccountType, Lockout, PasswordRequired, PasswordChangeable, SID | Export-csv C:\data\local_users.csv -NoTypeInformation

2. Open the file produced by the script in MS Excel.
https://img.netwrix.com/howtos/Excel_7.png

Originally posted: https://www.netwrix.com/how_to_list_all_user_accounts_on_a_windows_system.html