Manage Local User Accounts with Reports

Howdy
I need to come up with a report of local accounts on Windows 2003 - 2012R2 servers.

The first report would be all local accounts, no domain accounts included. The next report would be the same but only provide a list of accounts that I search for specifically using a task. A task exists now that searches all servers for accounts, but the process is not smooth because the list has to be manually formatted each time. I am going to work on finding a method of reading a file into the task if that is possible.

I will then have to create a report to list accounts that are disabled by a task that runs and another report that lists the accounts that are deleted by a task that runs.

Is there anyone that has done this before or can provide some assistance?

Once you delete an account, you won’t be able to report on it (directly) - so the easiest thing on the “disabled” and “deleted” accounts is probably to have your task create a log file of its actions, and report on the log file content as part of the analysis.

As for how to retrieve users, and what you can query on the user, the use of Introspectors usually helps me to find what I’m looking for:

q: types whose (it as string contains "user")
A: active directory local user
A: logged on user
A: metabase user type
A: user
A: winrt package user information
T: 0.149 ms
I: plural type

q: properties of type "user"
A: logged on user of <user>: logged on user
A: sid of <user>: security identifier
A: name of <user>: string
A: active directory user of <user>: active directory local user
A: password age of <user>: time interval
A: guest privilege of <user>: boolean
A: user privilege of <user>: boolean
A: admin privilege of <user>: boolean
A: home directory of <user>: string
A: comment of <user>: string
A: script flag of <user>: boolean
A: account disabled flag of <user>: boolean
A: home directory required flag of <user>: boolean
A: no password required flag of <user>: boolean
A: password change disabled flag of <user>: boolean
A: locked out flag of <user>: boolean
A: password expiration disabled flag of <user>: boolean
A: normal account flag of <user>: boolean
A: temporary duplicate account flag of <user>: boolean
A: workstation trust account flag of <user>: boolean
A: server trust account flag of <user>: boolean
A: interdomain trust account flag of <user>: boolean
A: logon script of <user>: string
A: print operator flag of <user>: boolean
A: communications operator flag of <user>: boolean
A: server operator flag of <user>: boolean
A: accounts operator flag of <user>: boolean
A: full name of <user>: string
A: user comment of <user>: string
A: application parameter string of <user>: string
A: allowed workstations string of <user>: string
A: last logon of <user>: time
A: last logoff of <user>: time
A: account expiration of <user>: time
A: maximum storage of <user>: integer
A: bad password count of <user>: integer
A: logon count of <user>: integer
A: logon server of <user>: string
A: country code of <user>: integer
A: code page of <user>: integer
A: user id of <user>: integer
A: primary group id of <user>: integer
A: profile folder of <user>: string
A: home directory drive of <user>: string
A: password expired of <user>: boolean
A: domain of <user>: string
A: winrt packages of <user>: winrt package
T: 0.290 ms
I: plural property

q: (name of it, account disabled flag of it) of users
A: Administrator, True
A: Guest, True
A: Jason, False
T: 16.134 ms
I: plural ( string, boolean )
1 Like