List all Local User Accounts on Systems

Written by Stephanie DeCamp on April 15, 2020

Share This Article

Why is it important to list all local accounts on systems? Three words: security, auditing, and compliance. Listing all local accounts is a far-reaching detail that needs to be queried regularly to ensure there aren’t any unnecessary or hidden accounts.

If one of your local accounts is somehow compromised, it can be a big problem. All the resources and data that account has access to — across your entire network — could be in danger. Listing all local accounts can also be a handy tool with auditing and compliance, since it provides proof that all systems are solely accessed by those who are supposed to be using them. 

All three major operating systems — Windows®, Mac®, and Linux® — have different yet similar means to access this information. Below we’ll go through each before discussing an easier approach to extracting data across a heterogeneous IT environment. 

List Local Accounts on a Windows Machine

Listing all local accounts on a Windows device is pretty straightforward, and usually done in PowerShell via command-line entry. This method, however, is limited to the specific device you’re working on, which isn’t a scalable approach for admins. If you want to look at accounts across a range of machines, you’ll need to develop a script or program to automate this process.

If you need to query local accounts on remote systems as well, you’ll need to use the Windows Management Instrumentation tool, which can be challenging. It requires many changes to Windows Firewall, DCOM, and User Account Control (UAC) settings. You’ll then need to further tweak a set of other configurations and changes to make it all work.

List Local Accounts for Mac 

For Mac devices, you can use a similar command-line entry via the Terminal tool to list users, admins, or any other accounts. But again, doing so at scale by going to machine after machine is tedious. You can do this remotely through Computer Lists or Unix/AppleScript/SQL script via the Apple Remote Desktop, but this requires activating administrative privileges on each individual machine or creating a custom installer that can enable your preferred settings automatically.

List Local Accounts for Linux

When querying Linux machines for all local accounts on a system, the command-line entry is a pretty simple, cut-and-paste job. The most common way to do this remotely is by creating a script as well as ensuring the necessary permissions to access all of the machines.

A Single, Centralized Way to List Accounts

An admin in today’s world will need to be able to query any system at any time to ensure the safety of their IT organization. While the above methods can be effective, there is an easier way to get the same information — all from one administrative pane of glass.

A Single, Centralized Way to List Accounts

An admin in today’s world will need to be able to query any system at any time to ensure the safety of their IT organization. While the above methods can be effective, there is an easier way to get the same information — all from one administrative pane of glass.

JumpCloud® Directory-as-a-Service® features Systems Insights, which allows admins to pull in-depth, system-level telemetry from all endpoints. Not only that, but it can do so regardless of whether the machine is running Windows, Mac, or Linux.

“With endpoints acting as one of the greatest surfaces of exposure to security risks by organizations, SecOps teams must have a way to remediate situations that arise during, or preferably before, an incident occurs,” says Paul Nguyen, Product Manager at JumpCloud. “SecOps must have a way to interrogate machines to look for security vulnerabilities in the hardware, software, and access.” 

Faster and easier than the above solutions, it’s done through command-line entry in the JumpCloud API, PowerShell module, or via the Commands tab within the Admin Portal. Additionally, you can use the JumpCloud Commands functionality to glean insight to just about anything on a system. Aside from listing all local user accounts on a system, it can also track:

  • Installed browser extensions
  • Mounted volumes
  • Installed applications
  • Network configurations
  • System hardware info
  • Disk encryption state reporting
  • Enhanced operating system info

Learn more about fleetwide inventory and visibility via System Insights.

Continue Learning with our Newsletter