0
I know that there is a group for Admins but I need one for just standard users for this command. FOR /f "skip=6 delims=" %%u IN ('net localgroup (Group here)') DO (IF "%%u" NEQ "The command completed successfully." echo %%u) I need it to list all of the standard users. BTW I use batch and powershell coding.
Thanks! ~Henry
TheiMacNoob
Posted 2016-12-06T15:22:31.060
Reputation: 21
0
Depending on Domain or Workgroup mode and according to Microsoft, your group names should be Users or Power Users for workgroups and Domain Users for domains.
user121391
Posted 2016-12-06T15:22:31.060
Reputation: 1 228
0
On a standalone machine, the Users group contains all the normal users plus a couple special group-like principals from NT AUTHORITY.
net localgroup Users
In PowerShell, that's equivalent to:
Get-LocalGroupMember 'Users'
Alternatively, you could use a WMI query to get only real accounts:
wmic useraccount
That includes the Guest account, DefaultAccount, and the built-in Administrator. You get the same results from PowerShell's Get-LocalUser.
If you want to list only enabled accounts, you can narrow down the query:
wmic useraccount where "Disabled = FALSE"
The same in PowerShell:
Get-LocalUser | ? {$_.Enabled}
To test whether a given user (in variable $u) is an administrator:
(Get-LocalGroupMember 'Administrators' | ? {$_.SID -eq $u.SID}).Count -ne 0
This gets the members of the Administrators group and checks whether there are any members with the same SID (security identifier) as the given user object. You can get such a user object from Get-LocalUser or Get-LocalGroupMember.
Ben N
Posted 2016-12-06T15:22:31.060
Reputation: 32 973
Is there anyway to tell if they are an Admin account or not? – TheiMacNoob – 2016-12-06T16:17:36.380
@TheiMacNoob - Check if that user is also in the (Administrator, Domain Administrator) usergroup. – Ramhound – 2016-12-06T16:49:54.123
@TheiMacNoob I've added a section that tests whether a given user is an administrator. – Ben N – 2016-12-06T16:55:23.603
How would I write that in a batch script? – TheiMacNoob – 2016-12-06T17:18:33.787
@TheiMacNoob You can execute any PowerShell command from a batch script with powershell -command "your command here", or you can run an entire script file with powershell myscript.ps1 -executionpolicy bypass. – Ben N – 2016-12-06T17:28:47.577
I'm making a script that will make a .txt file with all of the users and will show me which ones are admin and which ones are not. – TheiMacNoob – 2016-12-06T17:42:20.330
There is
Users– notjustme – 2016-12-06T15:35:55.477That also displays admin though. I want just users or a way to distinguish them. – TheiMacNoob – 2016-12-06T16:18:57.693
So you need a group that includes only users and excludes admins, power users, application accounts, service accounts, shared accounts, etc? Or do you need some other combination? – music2myear – 2016-12-06T16:21:19.130
Oh, forgot one thing: What about domain admins versus domain users who have admin (or elevated) credentials on a specific application, service, system, or computer? – music2myear – 2016-12-06T16:22:00.270
I need one that eirther displays only users or one that displays users and admins but it says if one is an admin like one that says something like. John. Richard (Admin). or something like that – TheiMacNoob – 2016-12-06T16:28:34.793