My Technical Notes

Monday, 14 March 2016

Listing Users and Groups of the Local Computer using PowerShell

To list all users of the computer do:

Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='True'"  

For what ever reason, some posts also pass in the argument `root\cimv2` for the `Namespace` parameter. It works perfectly well without it.

To list all groups of the computer do:

Get-WmiObject -Class Win32_Group -Filter "LocalAccount='True'" 

To list all users and groups and other permissionable things of the current computer, do:

Get-WmiObject -Class Win32_Account -Filter "LocalAccount='True'" 

This also gives us `<computer-name>\Everyone` etc.

To get all of the service users, we do:

Get-Service | % { "NT Service\$($_.Name)" } 

Note that even if a service uses a custom user account, an `NT Service\<service-name>` account is still created for it. Also note that the service name is different from the display name that is shown in `services.msc` user interface.

To get all of the IIS Application Pool accounts which run under `ApplicationPoolIdentity` we do:

Get-WebConfiguration 'system.applicationHost/applicationPools/add' | 
? { $_.processModel.identityType -eq 'ApplicationPoolIdentity' } | 
% { "IIS APPPOOL\$($_.Name)" }

In order to access the `Get-WebConfiguration` commandlet, we have to install the relevant "feature" from Control Panel → Programs → Programs and Feature → Turn Windows features on or off. Easiest way to get to this is my entering `Turn Windows Feature on or off` within the Start Menu. The "feature" would be somewhere under Internet Information Services called "...scripts...".


No comments: