Script for Local User and Group Baselines

Post author:James Tarala
Post published:February 1, 2011
Post category:Assurance

In keeping with my New Year’s resolutions, I want to continue posting information on how an auditor might take advantage of baselines when performing an Information System (IS) audit. Certainly I hope system administrators will be able to take advantage of this information as well when performing their own Control Self Assessments (CSAs).

For a primer on why you might want to consider performing a system baseline or for a process for performing system baselines, check out our previous blog entries here. <shamelessplug>Or if you really want to deeper dive, try the SANS Audit 407 class </shamelessplug>.

As we discussed earlier as well, we are going to rely primarily on PowerShell to pull this information for us. So all of the scripts you will see in this series will be written as PowerShell scripts. For your sake, make your life easy, and install PowerShell version 2.0, that will give you the latest and greatest functionality and give you the same development environment we’re primarily using to write these scripts.

So to get started with our baseline scripts, we are going to use a couple easy scripts to produce a list of the user accounts and the groups on a local Microsoft Windows machine (Windows 2000 or later). In order to produce a list of local user accounts, try the following command:

Get-WmiObject Win32_UserAccount -filter “LocalAccount=True” | Select-Object Domain,Name,Disabled

For a list of groups on a local machine, try the following command:

Get-WmiObject Win32_Group -filter “LocalAccount=True” | Select-Object Domain,Name

Now, could we have used WMIC to do much of the same work, of course! But for the sake of this series we are going to use PowerShell instead. Once everyone gets a taste for the simple scripts, then we’ll move on to slightly more difficult ones next. So let’s stay in the same language to be consistent.

For a complete copy of each of the scripts in this series (plus bonus scripts as they arrive), check out our full directory listing at https://enclavesecurit.wpengine.com/scripts/.

Enjoy! We look forward to providing you more fully featured scripts as the year progresses. If you do have any requests, don’t be shy, and feel free to make requests too.

Tags: Audit, Baselining

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Please Share This Share this content

You Might Also Like

Looking for IT Compliance Institute (ITCi) Resources?

Data Theft and Least Privilege

Recycling old Paper Mills into Data Centers

Share this content