I am trying to make a script that detects if the local administrator account is renamed and also enabled
I got it to work to just check if its renamed but I want to also add to check if its enabled to
Try {
#Checks if the machine if adminaccount administrator account with sid 500 exists and exits with code 0 as success
if (get-localuser | Where-Object {($_.name -eq 'adminaccount') -and ($_.SID -like 'S-1-5-*-500')}){
Write-Host "adminaccount exists"
Exit 0
}
# The account has not been correctly renamed or created
Else {
Write-Warning "adminaccount does not exist"
Exit 1
}
}
Catch {
#The above check has failed. Exit with code 1 to flag failed detection.
Exit 1
}
#region ---Detection--------------------------------------------------------
SO the above script works fine but just checks if the name is correct
When I do the below it and run this it doesnt return the correct output ( when the account in question is disabled)
Try {
#Checks if the machine if adminaccount administrator account with sid 500 exists and exits with code 0 as success
if (get-localuser | Where-Object {($_.name -eq 'adminaccount') -and ($_.SID -like 'S-1-5-*-500')}){
Write-Host "adminaccount exists"
if ((get-localuser 'adminaccount').enabled){}
Write-Host "adminaccount is enabled"
Exit 0
}
# The account has not been correctly renamed or created
Else {
Write-Warning "adminaccount is not enabled"
Exit 1
}
}
Catch {
#The above check has failed. Exit with code 1 to flag failed detection.
Write-Warning $_
Exit 1
}
I need it to exit code 0 if the account is both enabled and named correctly
exit code 1 if either of those dont match
Can anyone please help 🙂
3