Being able to list all user accounts on a Windows system is crucial for security and management purposes. It allows administrators to identify all user accounts present, ensuring accountability for system actions and enabling prompt action in case of unauthorized activities or breaches. Regular auditing of user accounts helps maintain system security and control by promptly detecting and addressing suspicious or unidentified accounts.
Access control is improved as administrators can assign appropriate permissions and privileges to each account based on their roles. Password policies are enforced efficiently, reducing the risk of weak passwords and brute-force attacks. Troubleshooting becomes more effective, and technical support can diagnose and resolve user-specific issues better.
Compliance with regulations and data security requirements is facilitated through transparency and control over user access. Additionally, the feature aids in employee onboarding and offboarding, ensuring timely access provisioning and account disabling/removal for departing employees.
In this post, I’ll show you how to list all the local users on a Windows system using PowerShell. However, because this method of using PowerShell is both complex and time consuming, I’ll also show you an alternative, more straightforward method using Lepide Auditor for Active Directory.
Use Get-LocalUser PowerShell cmdlet to List All User Accounts
Get-LocalUser is a PowerShell cmdlet that retrieves local user accounts from a Windows computer, returning account names, status, and properties.
The Get-LocalUser PowerShell cmdlet lists all the local users on a device. Remember that Active Directory domain controllers don’t have local user accounts.
Listing All Local Users
Get-LocalUserExample output:
If you want to see all the parameters available, pipe the results to the Select cmdlet:
Get-LocalUser | Select *Example output:
Key Get-LocalUser Parameters
- -Name – Returns information about a specific user account by username (e.g., Get-LocalUser -Name “Administrator”)
- -SID – Returns information about a specific user account by Security Identifier (e.g., Get-LocalUser -SID S-1-5-21-…)
Filtering by SIDs
Running the cmdlet without any parameters returns all accounts but you can also add the -Name or -SID parameters to return information about a specific account. The command below returns the user account with security identifier (SID) S-1-5-2.
Get-LocalUser -SID S-1-5-2Example output:
Retrieving Users from Remote Machines
Get-LocalUser is limited to listing accounts on the system where the command is run. But Get-WmiObject queries local users on remote systems using Windows Management Instrumentation (WMI).
Get-WmiObject -ComputerName workstation1 -Class Win32_UserAccount -Filter "LocalAccount=True"Example output:
The output can be piped to Select to display just the information you need, and then piped to Out-GridView to display it in separate window with the ability to sort and filter the information.
Get-WmiObject -ComputerName workstation1 -Class Win32_UserAccount -Filter "LocalAccount=True" | Select PSComputername, Name, Status, Disabled, AccountType, Lockout, PasswordRequired, PasswordChangeable | Out-GridViewUsing ADSI for Local User Enumeration
Most people associate ADSI with Active Directory, but it can also be used to enumerate local accounts.
$adsi = [ADSI]"WinNT://workstation1"
$Users = $adsi.Children | where {$_.SchemaClassName -eq 'user'}
$UsersThe above code displays information about all the users on workstation1. You can add a number after the $Users variable to display each user individually. Adding a zero displays information about the first user, and a ‘1’ about the second user, and so on.
$Users[0] | Select *Method Comparison
Common Errors and Solutions
“Get-LocalUser: The term ‘Get-LocalUser’ is not recognized”
- Cause: PowerShell version is older than 5.1 or the LocalAccounts module is not available
- Solution: Upgrade to PowerShell 5.1 or later, or use the Get-WmiObject method instead
Access is denied” error
- Cause: Insufficient permissions to query user accounts
- Solution: Run PowerShell as Administrator
How Lepide Helps
The native PowerShell method for listing all user accounts requires knowledge of PowerShell scripting and is a time-consuming process.
An alternative is to use Lepide Auditor for Active Directory. The Lepide Solution provides an All Users Report which allows you to list all users quickly and easily without the need for any PowerShell scripting expertise.
Here is an example of the report:
The All Users Report is straightforward to run using the following steps:
- From the States and Behavior screen, expand Active Directory Reports, User Reports and then choose the All Users
- Click Generate Report
- The report can be filtered, grouped, exported and saved
It is an essential part of data security to be able to understand what your users have permissions to and what they are doing with your critical files and folders. To do this in a straightforward way, you’ll need a data security solution like Lepide Auditor for Active Directory, Try it for free today!
Frequently Asked Questions
No, domain controllers do not have local user accounts. Use Get-ADUser to query domain user accounts instead.
Use Get-WmiObject -ComputerName <computername> -Class Win32_UserAccount -Filter "LocalAccount=True" since Get-LocalUser only works on the local system.
Yes, pipe the output to Export-Csv: Get-LocalUser | Export-Csv -Path "C:\users.csv" -NoTypeInformation