Hi Team, Can any one help with the relevance query to get the local user created on servers but not port of administrator group excluding build in account.
Below is the relevance query
Q: string values of selects "Name from Win32_UserAccount Where LocalAccount = True and SIDType = 1" of wmi
A: DefaultAccount
A: Local account1
A: Local account2
A: Local account3
T: 0.108 ms
Thanks @ersaumitra10 for the response, but it is including built in account information and part of administrator account. Can we exclude built in account and get only local account those are not port of Administrator Group.
Will have to exclude these, try below -
selects "Name FROM Win32_UserAccount WHERE LocalAccount=True AND Disabled=False AND Name <> 'Administrator' AND Name <> 'Guest' AND Name <> 'DefaultAccount' AND Name <> 'WDAGUtilityAccount'" of wmi
A: Name=localaccount
T: 0.023 ms
This query not solving our requirement. We need the local account those are not part of Administrator group.
I can get the local account detail with the below mentioned query but not able to understand how to apply the condition for not part of Administrator group.
concatenation "; " of names of local users whose (account disabled flag of it = false)
I got it :- concatenation "; " of names of local users whose ((account disabled flag of it = false) and (not exists (it, members of local group "Administrators") whose (sid of item 0 of it as string = sid of item 1 of it as string)))
1 Like
Based on SID account this can be achieved
See if this works for you. Its working for me when validated
Q: concatenation "; " of names of local users whose ( account disabled flag of it = false and not (sid of it as string ends with "-500") and not (sid of it as string ends with "-501"))
A: Localaccount
T: 0.047 ms
An alternative approach?
Q: concatenation ";" of names of local users whose ((not admin privilege of it) and (not account disabled flag of it) )
A: TestNonAdmin;TestNonAdmin2
T: 0.044 ms
I: singular string