Banks, credit unions, insurance companies,
- Create a file containing the computer list.
- Open the Powershell ISE → Run the following script, adjusting the file name and path for the export:
$computers = Get-Content -Path C:\data\computers.txt Get-WmiObject -ComputerName $computers -Class Win32_UserAccount -Filter "LocalAccount='True'" |
Select PSComputername, Name, Status, Disabled, AccountType, Lockout, PasswordRequired, PasswordChangeable, SID | Export-csv C:\data\local_users.csv -NoTypeInformation
- Open the file produced by the script in MS Excel.
- Run Netwrix Auditor → Navigate to "Reports" → Expand the "Windows Server" section → Go to "Windows Server – State-in-Time" → Select "Local Users and Groups" → Click "View".
- To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".
Regularly Review Local Users and Groups on Your Windows Servers to Harden IT Security
Attackers often try to compromise local user accounts to get a foothold in your network. By keeping a close eye on who has permissions on your servers and workstations, you can quickly detect any deviations from a known good baseline and respond accordingly, hardening the security of your IT systems.
Microsoft native tools can help Windows administrators get some insight into local users and groups and their properties. For example, you can get a list of local Windows user accounts on particular machine using the command line, or by running PowerShell cmdlets, functions and scripts if you need to perform more complex tasks. Alternatively, ADSI, which is mainly used for Active Directory management, can also help you perform queries against local accounts. But there’s a less time-consuming way.
Netwrix Auditor for Windows Server provides complete visibility into local users and groups across your entire IT environment, eliminating the need to use the command prompt on each computer or spend hours working up complex scripts. The software provides a comprehensive report on all local users on each server, the status of each user (enabled or disabled), and additional properties that give you more insight into potential security gaps, such as passwords that never expire, so you can close those gaps and strengthen your organization’s security policy.