check if a local user is locked out although he is logged in powershell
Question
I want to check if a user is using an account or locked out from a password protected account.
the command (query user) returns "active" even though the user is locked out. and the process "explorer.exe" will still be active.
get-WmiObject win32_useraccount -Namespace "root/cimv2" | %{$_.lockout}
this also returns: "False"
2 answers
solution1
1 2014-03-23 15:14:03
It's not very clear what you're asking, but assuming you mean "Show me logged in users whose user accounts are locked", this should do it:
# Get locked local accounts
$lockedAccounts = @(Get-WmiObject win32_useraccount -filter "LockOut=True")
# Get login sessions including disconnected ones
# Get the username, ignore sessions with no username
# Username is in the form "computer\user" so remove "computer\"
$users = @(Get-TerminalSession | select -ExpandProperty UserName | ? {$_})
$users = @($users | % { (Split-String $_ -Separator "\")[1] })
ForEach ($account in $lockedAccounts) {
if ($users -icontains $account.Name) {
write "Locked Account $(account.Name) is logged in"
}
}
I haven't tested it completely, but I've tested the bits of it separately and it looks likely to work.
solution2
0 2014-03-23 21:02:00
Get-EventLog -LogName Security | where {$_.instanceid -eq "4634"} | %{$_.TimeGenerated} | sort TimeOfDay -Descending | select TimeOfDay -First 1
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.