Get local account informations remotely with PowerShell

Posted on by

Hello,

To get local account informations, you need to use the ADSI accelerator type, but, instead of targeting ActiveDirectory, you target “WinNT” (be careful about the case) :

[ADSI]"WinNT://SC2012R2/Administrator"

“SC2012R2” is the computer name, and “Administrator” is the user name. If you look at the object type, you’ll notice that this is a “System.DirectoryServices.DirectoryEntry” just like an ActiveDirectory Object. So, you can treat it just like an AD object :

$localadm=[ADSI]"WinNT://SC2012R2/Administrator" 
if($localadm.properties.UserFlags.value -band 0x2){$AccountDisabled="Yes"} else {$AccountDisabled="No"} 
if($localadm.properties.UserFlags.value -band 0x0010){$AccountLocked="Yes"} else {$AccountLocked="No"} 
if($localadm.properties.UserFlags.value -band 0x800000){$PwdExpired="Yes"} else {$PwdExpired="No"} 
$Object = New-Object PSObject -Property @{ 
    'AccountName'        = "Administrator" 
    'ComputerName'       = "SC2012R2" 
    'LastLogin'          = $localadm.LastLogin.value 
    'Last Pwd Change'    = (Get-Date).AddHours(-($localadm.PasswordAge.value/86400)) 
    'Bad Password Count' = $localadm.BadPasswordAttempts.value 
    'AccountDisabled'    = $AccountDisabled 
    'AccountLocked'      = $AccountLocked 
    'PwdExpired'         = $PwdExpired 
} 
Write-Output $Object

LocalAccountInfo

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.