Managing Local Users and Groups
U Case Requirements
1. Import the local account management module in PowerShell.
2. This module can manage local group memberships with user accounts, local groups. Operates primarily through the ADSI interface.
3. You need to install. NET Framewok 3.5.
U Knowledge Tips
1. Import of permission Modules
After extracting the module file localaccounts 1.01.zip, copy the LocalAccounts folder to C:\windows\system32\WindowsPowerShell\v1.0\Modules, And then run it in PowerShell.
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002 "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M02/77/8A/ Wkiom1zpfl3q8ykwaaaiisbqe3y377.jpg "" 244 "height="/>
PS c:\> get-module-listavailable
Moduletype Name Exportedcommands
---------- ---- ----------------
Manifest MSI {}
Manifest psterminalservices {}
Manifest Bitstransfer {}
Manifest localaccounts {}
Manifest ntfssecurity {get-orphanedace, disable-inheritance,
Script Powerfilewatcher {}
Script PowerNet {}
Manifest psterminalservices {}a
Import a permissions module using the command Import-module localaccounts
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002[1] "border=" 0 "alt=" clip_image002[1] "src=" http://s3.51cto.com/wyfs02/M02/77 /89/wkiol1zpfl7wfnlmaaaiisbqe3y638.jpg "" 244 "height="/>
PS c:\> Import-module localaccounts
Types added
LocalAccounts Module Loaded
View the available commands Get-command–module localaccounts
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002[2] "border=" 0 "alt=" clip_image002[2] "src=" http://s3.51cto.com/wyfs02/M02/77 /89/wkiol1zpfl7dss2maaaiisbqe3y694.jpg "" 244 "height="/>
PS c:\> Get-command-module localaccounts
CommandType Name Definition
----------- ---- ----------
Function add-localgroupmembership ...
Function Disable-localuser ...
Function Enable-localuser ...
Function Get-localgroup ...
Function get-localgroupmembership ...
Function Get-localuser ...
Function New-localgroup ...
Function New-localuser ...
Function Remove-localgroup ...
Function remove-localgroupmembership ...
Function Remove-localuser ...
Function Set-localuser ...
For help, please use Get-help
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002[3] "border=" 0 "alt=" clip_image002[3] "src=" http://s3.51cto.com/wyfs02/M00/77 /89/wkiol1zpfl-crkdvaaaiisbqe3y061.jpg "" 244 "height="/>
PS c:\> get-help add-localgroupmembership-detailed
2. Use of commands
This module not only manages local accounts and groups, but also manages local accounts and groups for remote computers.
The following will use the commands in the module to manage local accounts and groups
Get-localuser get Local Users, you can use the-computername parameter to retrieve a remote computer
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002[4] "border=" 0 "alt=" clip_image002[4] "src=" http://s3.51cto.com/wyfs02/M01/77 /89/wkiol1zpfmkwf1qpaaaiisbqe3y292.jpg "" 244 "height="/>
PS c:\> Get-localuser-all
Name FullName Description SID
---- -------- ----------- ---
Administrator built-in account for the management computer (domain) s-1-5-21-2961338881-2616085431-2236681525-500
Guest to access the computer or access the domain's built-in account s-1-5-21-2961338881-2616085431-2236681525-501
Get-localgroup
Get local user groups
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002[5] "border=" 0 "alt=" clip_image002[5] "src=" http://s3.51cto.com/wyfs02/M02/77 /8a/wkiom1zpfmlzzcpvaaaiisbqe3y098.jpg "" 244 "height="/>
PS c:\> Get-localgroup-all
Warning: The column "SID" cannot be displayed and has been deleted.
Name Description
---- -----------
Administrators administrator has unrestricted full access to the computer/domain
Backup Operators back up operator in order to back up or restore files can override security restrictions
.........
Replicator file replication in a supported domain
Users prevent user from making intentional or unintentional system-wide changes, but can run most applications
Get-localgroupmembership
Get a member of the computer Client1 Local Group
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002[6] "border=" 0 "alt=" clip_image002[6] "src=" http://s3.51cto.com/wyfs02/M02/77 /8a/wkiom1zpfmogqcn8aaaiisbqe3y452.jpg "" 244 "height="/>
PS C:\>get-localgroup client1\administrators | Get-localgroupmembership
Name FullName Description SID
---- -------- ----------- ---
Administrator built-in account for administering the Computer/domain s-1-5-21-4004058760-1322732122-2562739762-500
User1 s-1-5-21-4004058760-1322732122-2562739762-1000
Managing Local Users and Groups