How to List All User Accounts on a Windows System

Native Auditing vs. Netwrix Auditor for Windows Server
{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Windows Server
Native Auditing
Netwrix Auditor for Windows Server
Steps

How to check users in Windows 10 and Windows 11 using PowerShell

  1. Create a file containing the computer list → Open the PowerShell ISE by clicking on the Start button and typing “PowerShell ISE”→ Run the following script, adjusting the file name and path for the export:

$computers=Get-Content-PathC:\data\computers.txt

Get-WmiObject-ComputerName$computers-ClassWin32_UserAccount-Filter"LocalAccount='True'"|SelectPSComputername,Name,Status,Disabled,AccountType,Lockout,PasswordRequired,PasswordChangeable,SID|Export-csvC:\data\local_users.csv-NoTypeInformation 

  1. Open the file produced by the script in MS Excel.
A screenshot of a computer Description automatically generated

The PowerShell script does not produce an output because we save the results in a CSV file. To see the results in the PowerShell window, remove the last part where we save the output in CSV, and add the switch format table, like below.

Get-WmiObject-ComputerName$computers-ClassWin32_UserAccount-Filter"LocalAccount='True'"|SelectPSComputername,Name,Status,Disabled,AccountType,Lockout,PasswordRequired,PasswordChangeable,SID|format-table

Without the help of a format-table switch, the results would be shown user-by-user, expanding to multiple pages. Using the switch, the result will be formatted in a tabular form and will give you the output as below.

Get-LocalUser

The Get-LocalUser PowerShell cmdlet retrieves information about local user accounts on a Windows system. You can run this command in a PowerShell window to list local user accounts and their properties, including name, description, and status as enabled or disabled.

Get-LocalUser

This will display a list of local user accounts on the system in a row-wise manner; CMD lacks this by showing them randomly in one or two rows. Type “Get-LocalUser” in PowerShell and press Enter.

A screenshot of a computer screen Description automatically generated

List local users in CMD

If you want to list Windows users who are currently logged in or have accounts on the system, you can use the net user command in the command prompt. This will list all user accounts on the system. Below is how to list users in cmd.

net user

This Windows command line will show users in cmd.

  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "Windows Server" section → Go to "Windows Server – State-in-Time" → Select "Local Users and Groups" → Click "View.". You can also search for reports.
  2. To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".
Learn more about Netwrix Auditor for Windows Server

How to Check User Groups in Windows to Reduce Your Attack Surface Area

If an attacker or malware compromises a local user account, all resources the user can access across the network are vulnerable. Administrators limit the reach of attackers and malware by ensuring that users have access to only the resources they need to do their jobs, enhancing security. You can use native tools to get insight into local accounts and their properties. The easiest way is to use the “Computer Management” console for local users and groups. Another way is to get a list of Windows users with command line entries, but you must check user groups in Windows machines one at a time by entering ‘net user’ at the command line. Or, if you have the time and skills, you can create, test, and run a PowerShell script to get all local users on all Windows systems on your domain. 

Netwrix Auditor for Windows

Netwrix Auditor for Windows Server provides complete visibility into local users and groups across your entire IT environment, eliminating the need to use the command prompt on each computer or undertake time-consuming scripting. The software provides a comprehensive report that lists all local users on each server, the status of each user (enabled or disabled), and additional properties that give you more insight into potential security gaps, such as passwords that never expire, so you can take action to minimize your attack surface.

Related How-tos
How to Detect Who Installed What Software on Your Windows Server How to Monitor Deletions of DNS Records How to Detect Who Created a Scheduled Task on Windows Server How to Detect Modifications to Startup Items in the Windows Registry How to Get Local Group Members Report with or without PowerShell How to Get Server Inventory across Your Network