Get local account informations remotely with PowerShell

Hello,

To get local account informations, you need to use the ADSI accelerator type, but, instead of targeting ActiveDirectory, you target “WinNT” (be careful about the case) :

[ADSI]"WinNT://SC2012R2/Administrator"

“SC2012R2” is the computer name, and “Administrator” is the user name. If you look at the object type, you’ll notice that this is a “System.DirectoryServices.DirectoryEntry” just like an ActiveDirectory Object. So, you can treat it just like an AD object :

$localadm=[ADSI]"WinNT://SC2012R2/Administrator" 
if($localadm.properties.UserFlags.value -band 0x2){$AccountDisabled="Yes"} else {$AccountDisabled="No"} 
if($localadm.properties.UserFlags.value -band 0x0010){$AccountLocked="Yes"} else {$AccountLocked="No"} 
if($localadm.properties.UserFlags.value -band 0x800000){$PwdExpired="Yes"} else {$PwdExpired="No"} 
$Object = New-Object PSObject -Property @{ 
    'AccountName'        = "Administrator" 
    'ComputerName'       = "SC2012R2" 
    'LastLogin'          = $localadm.LastLogin.value 
    'Last Pwd Change'    = (Get-Date).AddHours(-($localadm.PasswordAge.value/86400)) 
    'Bad Password Count' = $localadm.BadPasswordAttempts.value 
    'AccountDisabled'    = $AccountDisabled 
    'AccountLocked'      = $AccountLocked 
    'PwdExpired'         = $PwdExpired 
} 
Write-Output $Object

LocalAccountInfo

Leave a Reply