PowerShell Local Guest & Admin Account by SID

        Pulls the Guest Account and Local Admin Account by Default Windows Assigned SID 

        Allows an admin to verify the guest account is shut off
        Allows an admin to review the account name of the default admin account 

        Requires Rights on Remote Machines   
        Author: Scott Head
        Min PSVer: Powershell 2.0



$AccountFinder=Get-WMIObject -class Win32_UserAccount -Filter "LocalAccount=$True" 

$Array+= $AccountFinder | ?{$_.SID -like "S-1-5-21*501"} | Select Name, Disabled 

$Array+= $AccountFinder | ?{$_.SID -like "S-1-5-21*500"} | Select Name, Disabled 

Return $Array


$ServerName=Read-Host "Enter ServerName"

Invoke-Command $ServerName -Scriptblock $MyCommand | Export-CSV C:\temp\Admin_Guest_Check.csv