How to List All User Accounts on a Windows System

Native Auditing vs. Netwrix Auditor for Windows Server
{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Windows Server
Native Auditing
Netwrix Auditor for Windows Server
Steps
  1. Create a file containing the computer list → Open the Powershell ISE → Run the following script, adjusting the file name and path for the export:

$computers = Get-Content -Path C:\data\computers.txt

 

Get-WmiObject -ComputerName $computers -Class Win32_UserAccount -Filter "LocalAccount='True'" |
Select PSComputername, Name, Status, Disabled, AccountType, Lockout, PasswordRequired, PasswordChangeable, SID | Export-csv C:\data\local_users.csv -NoTypeInformation

  1. Open the file produced by the script in MS Excel.
List of users on Windows Server
  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "Windows Server" section → Go to "Windows Server – State-in-Time" → Select "Local Users and Groups" → Click "View".
  2. To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".
Local Users and Groups report from Netwrix Auditor: Name, Type, Status and Properties
Learn more about Netwrix Auditor for Windows Server

How to Check User Group in Windows Servers to Reduce Your Attack Surface Area

If a local user account is compromised by an attacker or malware, all resources that user has permissions to access across the network are vulnerable. By ensuring that users have access to only the resources they need to do their jobs, you limit the reach of attackers and malware, which enhances security. You can use native tools to get some insight into local accounts and their properties. You can get a list of Windows users with command line entries, but you have to check user groups in Windows machines one at a time by entering ‘net user’ at the command line. Or, if you have the time and skills, you can create, test and run a PowerShell script to get all local users on all Windows systems on your domain. But there’s a better way.

Netwrix Auditor for Windows Server provides complete visibility into local users and groups across your entire IT environment, eliminating the need to use the command prompt on each computer or undertake time-consuming scripting. The software provides a comprehensive report that lists all local users on each server, the status of each user (enabled or disabled), and additional properties that give you more insight into potential security gaps, such as passwords that never expire, so you can take action to minimize your attack surface.

Related How-tos
How to Detect Who Installed What Software on Your Windows Server How to Monitor Deletions of DNS Records How to Detect Who Created a Scheduled Task on Windows Server How to Detect Modifications to Startup Items in the Windows Registry How to Get Local Group Members Report with or without PowerShell How to Get Server Inventory across Your Network