Jump to content

Recommended Posts

Posted

This took me a while to get working, so I figured I'd share the detail in case anyone else would like to use something similar. I've been working on identifying computers that have local user accounts with blank passwords. This problem is more a relic of launching our RMM journey late and not being ready to enforce a password policy, but it might be useful for someone else.

I used the variable 'offenders,' and it returns a comma-separated list of the local user accounts that have blank passwords or just the word "Secured" if all accounts have a password.

 

Add-Type -AssemblyName System.DirectoryServices.AccountManagement

$script = {
    Param($cred)

    try{
        $obj = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('machine',$env:ComputerName)

        $obj.ValidateCredentials($cred.username, $cred.GetNetworkCredential().password)
    }
    catch {
        if($_.Exception.InnerException -like "*blank passwords aren't allowed*"){
            $true
        }
        else{
            Write-Warning $_.exception.message
            $false
        }
    }
}

$userlist = Get-WmiObject win32_useraccount -Filter "LocalAccount=True AND disabled=False"

[securestring]$blankpassword = New-Object securestring

$nopassword = foreach($user in $userlist){
    $credential = New-Object System.Management.Automation.PSCredential -ArgumentList $user.Name,$blankpassword
    if(. $script $credential){
        $user.Name
    }
}

$offenders = if ($nopassword) { $nopassword -join "`n" } else { "Secured" }
$offenders

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...