# Tahir Hassan's Blog

My Technical Notes

## Monday, 14 March 2016

### Listing Users and Groups of the Local Computer using PowerShell

To list all users of the computer do:


Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='True'"


For what ever reason, some posts also pass in the argument root\cimv2 for the Namespace parameter. It works perfectly well without it.

To list all groups of the computer do:


Get-WmiObject -Class Win32_Group -Filter "LocalAccount='True'"


To list all users and groups and other permissionable things of the current computer, do:


Get-WmiObject -Class Win32_Account -Filter "LocalAccount='True'"


This also gives us <computer-name>\Everyone etc.

To get all of the service users, we do:


Get-Service | % { "NT Service\$($_.Name)" }


Note that even if a service uses a custom user account, an NT Service\<service-name> account is still created for it. Also note that the service name is different from the display name that is shown in services.msc user interface.

To get all of the IIS Application Pool accounts which run under ApplicationPoolIdentity we do:


? { $_.processModel.identityType -eq 'ApplicationPoolIdentity' } | % { "IIS APPPOOL\$(\$_.Name)" }

In order to access the Get-WebConfiguration commandlet, we have to install the relevant "feature" from Control Panel → Programs → Programs and Feature → Turn Windows features on or off. Easiest way to get to this is my entering Turn Windows Feature on or off within the Start Menu. The "feature" would be somewhere under Internet Information Services called "...scripts...".