I would like to get a list of "normal" users in the Windows command line. By normal, I mean the users that appear when logging on to the computer. Thus, disabled accounts, accounts like System, and others that an average PC users would never log into, would not be in this list. I also need to know whether the users returned were admins or standard users. Any ideas?
Windows – List members of a Windows group using command line
command lineuser-accountswindows
Related Solutions
This isn't the solution to the exact question you asked, but will accomplish your goal of being able to elevate to the administrator account but not have it show up on the login screen.
Here's what you need to do. Use the special accounts registry entry to hide the administrator account (and whatever other accounts you want to hide) from the login screen. Then, configure UAC to prompt for both a username and password, instead of just showing the clickable usernames. This will let you elevate to one of the hidden accounts, because it behaves much like the "do not display last username" setting does for the login. This is what it will look like; you can type in any (administator's) username:
In order to configure this, all you have to do is create one registry value. Go to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies
and create a key called CredUI
if it doesn't already exist. Then, within CredUI, create a DWORD called EnumerateAdministrators
with the value 0x00000000
. That's it! Now you can elevate to any account you want, and hide any account you want.
If you don't want to edit the registry by hand, you can paste the following code into notepad, and save it as a file with a .reg
extension, then open the file to add the data to the registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI]
"EnumerateAdministrators"=dword:00000000
I don't think there is an ultimate list of all possible accounts.
There are different types of names you can use in the user input-field such as in permissions dialogs.
First up are standard Win32_Accounts, to get a full list open a PowerShell session and run:
get-wmiobject -class "win32_account" -namespace "root\cimv2" | sort caption | format-table caption, __CLASS, FullName
These are the usual users, groups and the builtin accounts.
Since Vista, there is a new class of accounts, called virtual accounts, because they do not show up in the usual management tools. There are sometimes called service accounts as well, and there are at least three different types of these:
- Windows Service Accounts
Since Vista every windows service has an virtual account associated with it, even it it runs under a different user account and
even if it does not run at all. It looks like NT Service\MSSQLSERVER
To get a list of those use:
get-service | foreach {Write-Host NT Service\$($_.Name)}
- IIS Application Pools
Each IIS application pool that runs under the ApplicationPoolIdentity runs under a special account called IIS APPPOOL\NameOfThePool
Assuming you have the IIS Management scripting tools installed, you can run:
Get-WebConfiguration system.applicationHost/applicationPools/* /* | where {$_.ProcessModel.identitytype -eq 'ApplicationPoolIdentity'} | foreach {Write-Host IIS APPPOOL\$($_.Name)}
- Hyper-V Virtual Machines
On Server 2008+ and Windows 8+ you have Hyper-V, each virtual machine creates it own virtual account, which looks like:
NT VIRTUAL MACHINE\1043F032-2199-4DEA-8E69-72031FAA50C5
to get a list use:
get-vm | foreach {Write-Host NT VIRTUAL MACHINE\$($_.Id) - $($_.VMName)}
Ever though these accounts are not accepted in the permissions dialog, you can use them with icacls.exe to set permissions.
There is also a special group NT Virtual Machine\Virtual Machines
, which doesn't show up elsewhere. All of the virtual machine accounts are members of this group, so you can use this to set permissions for all VM files.
These names are language specific, e.g. in German it is named NT Virtual Machine\Virtuelle Computer
- Desktop Window Manager
The dvm.exe process (Desktop Window Manager) runs under a user Windows Manager\DWM-1
Again you can not use this type of users in the permissions dialogs. It is not really possible to enumerate these either because one exists for each 'Desktop session', so when using two RDP sessions, you also have DWM-2
and DWM-3
in addition to DVM-1
. So there are as many as there are desktops available.
- Computer Names
In certain cases you can also use computer names in the permissions dialog, usually when being part of an Active Directory domain.
- Windows Remoting Virtual Users
When using PowerShell and 'JEA (Just enough Administration)' and connect to a server with a PS remote session, a temporary virtual user may be created.
these have the following format:
winrm virtual users\winrm va_x_computername_username
and an SID that starts with S-1-5-94-
the 'x' is an integer number.
These accounts can be used when assigning NTFS permissions, but I don't know how to list all these possible virtual users.
While in a JEA session you can use whoami
to find out the current account name.
- finally:
Even these lists don't give you every possible account.
For example, you can create an application pool FooBarPool
then delete it again,
you can still use IIS APPPOOL\FooBarPool
in the permissions dialog, so there must be an internal list somewhere.
Best Answer
To list users, use the
net user
command:Your output will look something like this:
If you need a list of users in a specific group, the use
net localgroup
:Your output will look something like this:
This is for local system users, not domain accounts. If you want to know the membership of the Administrators group, you would just supply that as a parameter:
net localgroup Administrators
.