How to Get Local Users with or without PowerShell

We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Windows Server
  1. Create a file containing the computer list.
  2. Open the Powershell ISE → Run the following script, adjusting the file name and path for the export:

$computers = Get-Content -Path C:\data\computers.txt Get-WmiObject -ComputerName $computers -Class Win32_UserAccount -Filter "LocalAccount='True'" |
Select PSComputername, Name, Status, Disabled, AccountType, Lockout, PasswordRequired, PasswordChangeable, SID | Export-csv C:\data\local_users.csv -NoTypeInformation

  1. Open the file produced by the script in MS Excel.
List of users on Windows Server
  1. Run Netwrix Auditor → Navigate to "Reports" →  Expand the "Windows Server" section → Go to "Windows Server ­– State-in-Time" → Select "Local Users and Groups" → Click "View".
Local Users and Groups report from Netwrix Auditor: Name, Type, Status and Properties
  1. To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".

Regularly Review Local Users and Groups on Your Windows Servers to Harden IT Security

Attackers often try to compromise local user accounts to get a foothold in your network. By keeping a close eye on who has permissions on your servers and workstations, you can quickly detect any deviations from a known good baseline and respond accordingly, hardening the security of your IT systems.

Microsoft native tools can help Windows administrators get some insight into local users and groups and their properties. For example, you can get a list of local Windows user accounts on particular machine using the command line, or by running PowerShell cmdlets, functions and scripts if you need to perform more complex tasks. Alternatively, ADSI, which is mainly used for Active Directory management, can also help you perform queries against local accounts. But there’s a less time-consuming way.

Netwrix Auditor for Windows Server provides complete visibility into local users and groups across your entire IT environment, eliminating the need to use the command prompt on each computer or spend hours working up complex scripts. The software provides a comprehensive report on all local users on each server, the status of each user (enabled or disabled), and additional properties that give you more insight into potential security gaps, such as passwords that never expire, so you can close those gaps and strengthen your organization’s security policy.