This took me a while to get working, so I figured I'd share the detail in case anyone else would like to use something similar. I've been working on identifying computers that have local user accounts with blank passwords. This problem is more a relic of launching our RMM journey late and not being ready to enforce a password policy, but it might be useful for someone else.
I used the variable 'offenders,' and it returns a comma-separated list of the local user accounts that have blank passwords or just the word "Secured" if all accounts have a password.
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$script = {
Param($cred)
try{
$obj = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('machine',$env:ComputerName)
$obj.ValidateCredentials($cred.username, $cred.GetNetworkCredential().password)
}
catch {
if($_.Exception.InnerException -like "*blank passwords aren't allowed*"){
$true
}
else{
Write-Warning $_.exception.message
$false
}
}
}
$userlist = Get-WmiObject win32_useraccount -Filter "LocalAccount=True AND disabled=False"
[securestring]$blankpassword = New-Object securestring
$nopassword = foreach($user in $userlist){
$credential = New-Object System.Management.Automation.PSCredential -ArgumentList $user.Name,$blankpassword
if(. $script $credential){
$user.Name
}
}
$offenders = if ($nopassword) { $nopassword -join "`n" } else { "Secured" }
$offenders
