如何列出仅启用本地管理员

发布于 2025-01-23 00:41:39 字数 268 浏览 0 评论 0原文

尝试仅列出在Windows Workstation上启用的本地管理员帐户。

到目前为止，请使用此代码，但是我正在遇到问题，超出了这一点，试图比较活动用户是否是管理员。

$enabledUsers = (Get-LocalUser | Select * | sort Name, FullName, Enabled) | where-object enabled -eq $true

$enabledUsers | Select Name, Fullname

原文

Trying to list only local administrator accounts that are enabled on windows workstations.

Have this code so far but I am running into issues beyond this point trying to compare if the active user is an administrator.

$enabledUsers = (Get-LocalUser | Select * | sort Name, FullName, Enabled) | where-object enabled -eq $true

$enabledUsers | Select Name, Fullname

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

许仙没带伞 2025-01-30 00:41:39

您可以使用get-localgroupmember获取管理员组的所有成员，但是此cmdlet不会告诉我们是否启用了返回的用户，我们可以通过每个用户到get-localuser ：

Get-LocalGroupMember Administrators | Where-Object { (Get-LocalUser $_.SID -EA 0).Enabled }

在此示例中使用了 -ea 0（- eroration-eroraction sillycontinue）组的可能不是类用户，在这种情况下，cmdlet会丢下错误（我们想避免）。

如果您需要localuser对象而不是localprincipal对象，则可以使用此方法：

Get-LocalGroupMember Administrators | ForEach-Object {
    if(($usr = Get-LocalUser $_.SID -EA 0) -and $usr.Enabled) {
        $usr | Select-Object Name, FullName
    }
}

You can use Get-LocalGroupMember to get all members of the Administrators group, however this cmdlet doesn't tell us if the returned users are Enabled, we can pass the SID of each user to Get-LocalUser and filter for those Enabled ones:

Get-LocalGroupMember Administrators | Where-Object { (Get-LocalUser $_.SID -EA 0).Enabled }

-EA 0 (-ErrorAction SilentlyContinue) is used in this example because the members of the group may not be of the class User, in which case, the cmdlet would throw an error (which we want to avoid).

If you need LocalUser objects instead of LocalPrincipal objects, you can use this instead:

Get-LocalGroupMember Administrators | ForEach-Object {
    if(($usr = Get-LocalUser $_.SID -EA 0) -and $usr.Enabled) {
        $usr | Select-Object Name, FullName
    }
}

回复收藏 0 原文

浅笑轻吟梦一曲 2025-01-30 00:41:39

Get-LocalGroupMember Adminstrators | Where-Object {$_.PrincipalSource -ne "ActiveDirectory"} | select sid | ForEach-Object {
        Get-LocalUser $_.sid | Where-Object {$_.Enabled -eq $True } | select name, enabled
}

如果您还需要过滤AD管理员

Get-LocalGroupMember Adminstrators | Where-Object {$_.PrincipalSource -ne "ActiveDirectory"} | select sid | ForEach-Object {
        Get-LocalUser $_.sid | Where-Object {$_.Enabled -eq $True } | select name, enabled
}

If you need to filter out AD admins as well

回复收藏 0 原文

~没有更多了~