- Create a file containing the computer list → Open the Powershell ISE → Run the following script, adjusting the file name and path for the export:
$computers = Get-Content -Path C:\data\computers.txt
Get-WmiObject -ComputerName $computers -Class Win32_UserAccount -Filter "LocalAccount='True'" |
Select PSComputername, Name, Status, Disabled, AccountType, Lockout, PasswordRequired, PasswordChangeable, SID | Export-csv C:\data\local_users.csv -NoTypeInformation
- Open the file produced by the script in MS Excel.
- Run Netwrix Auditor → Navigate to "Reports" → Expand the "Windows Server" section → Go to "Windows Server – State-in-Time" → Select "Local Users and Groups" → Click "View".
- To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".
How to Check User Group in Windows Servers to Reduce Your Attack Surface Area
If a local user account is compromised by an attacker or malware, all resources that user has permissions to access across the network are vulnerable. By ensuring that users have access to only the resources they need to do their jobs, you limit the reach of attackers and malware, which enhances security. You can use native tools to get some insight into local accounts and their properties. You can get a list of Windows users with command line entries, but you have to check user groups in Windows machines one at a time by entering ‘net user’ at the command line. Or, if you have the time and skills, you can create, test and run a PowerShell script to get all local users on all Windows systems on your domain. But there’s a better way.
Netwrix Auditor for Windows Server provides complete visibility into local users and groups across your entire IT environment, eliminating the need to use the command prompt on each computer or undertake time-consuming scripting. The software provides a comprehensive report that lists all local users on each server, the status of each user (enabled or disabled), and additional properties that give you more insight into potential security gaps, such as passwords that never expire, so you can take action to minimize your attack surface.