top of page

PowerShell | Local Accounts | Default Admin & Logged On

Built in Default Accounts by SID on Remote Machines

$MyCommand={
$Array=@()
$AccountFinder=Get-WMIObject -class Win32_UserAccount -Filter "LocalAccount=$True"
$Array+= $AccountFinder | ?{$_.SID -like "S-1-5-21*501"} | Select Name, Disabled
$Array+= $AccountFinder | ?{$_.SID -like "S-1-5-21*500"} | Select Name, Disabled
Return $Array
}
CLS
$ServerName=Read-Host "Enter ServerName"
Invoke-Command $ServerName -Scriptblock $MyCommand

Query Logged on Users

$MyCommand={
Query User
}
CLS
$ServerName=Read-Host "Enter ServerName"
Invoke-Command $ServerName -Scriptblock $MyCommand

With the results from the query above you can also log off staff by the ID assigned to the user. If a return came back with a user with an assigned ID as 2.

$MyCommand={
Logoff 2

}
CLS
$ServerName=Read-Host "Enter ServerName"
Invoke-Command $ServerName -Scriptblock $MyCommand

bottom of page