Bulk disable local accounts found in text/csv file

Question

I am in need to disable about 250 local user accounts based on input in a text file or CSV-file and then export the result into a CSV file.

I have searched the net quiet a bit but I'm unable to find anything i can tailor togheter. Here is what I've tried;

This is one I tried:

$Workdir = 'C:\scripts\' 
$Output = $Workdir + 'Disabled-UserReport.csv' 
$InputFile = $Workdir + 'Users_To_Disable.csv' 
$Servers = 'LOCALHOST' 
Import-CSV $InputFile | ForEach-Object {
    $Server = $_ ([ADSI]"WinNT://$Server").Children | ? {$_.SchemaClassName -eq 'user'} | % { $User.UserFlags[0] = $User.UserFlags[0] -bor 0x2 $User.SetInfo() }
}| Export-CSV -Encode UTF8 -Path C:\scripts\Disabled-Users.csv

This is try two:

$Servers = 'LOCALHOST'
$Username = Import-CSV "C:\scripts\Users_To_Disable.csv"
$Username | FOREACH { 
    $Server = $_ 
    $objGroup = [ADSI]("WinNT://$env:ComputerName/User")
    $objGroup.PSBase.Invoke("Add",$objUser.PSBase.Path) 
    $User.description = $description 
    <#$User.userflags = $DisableUser#> 
    $User.setinfo() 
} | Export-CSV -Encode UTF8 -Path C:\scripts\Disabled-Users.csv

I know there is something very wrong with both scripts....and as you can see I'm a noob learning PS whenever I get the time :) It would be great if it works in PS2. But required to work with PS4.

Any help is appreciated!

Does this really work with local stand-alone computer user accounts? — Michael W, Oct 05 '15 at 11:21
Ah, sorry - totally missed the part about _local_. ) Take a look [here](https://berkenbile.wordpress.com/2013/04/26/manage-local-user-accounts-with-powershell/) - this should get you started. — Alexander Obersht, Oct 05 '15 at 11:58
I dont quiet manage to edit that script successfully as its have several binds i dont need...sorry I'm too new to powershell. I tried another one from [link](http://en.community.dell.com/techcenter/powergui/f/4839/t/19574159) but cant quiet manage that one too. — Michael W, Oct 05 '15 at 14:21
I need something quiet simple like: Import-Csv "C:\scripts\Users_To_Disable.csv" | ForEach | ([ADSI]"WinNT://$comp") MISSING MISSING MISSING $user_acc.userflags.value = $user_acc.userflags.value -bor "0x0002" $user_acc.SetInfo() — Michael W, Oct 05 '15 at 14:43
What changes are you making to the local accounts? Are you just disabling them? — Matt, Oct 05 '15 at 15:23
Just disabling them on 1 server.....based on another output-scriptfile I made earlier in CSV-format.. actually it would also be good to update the FullName from the CSV-file also if it isnt too much pain to code. Its built up with the following values: Username;FullName;LastUsed;GroupMembership;Description;Status — Michael W, Oct 05 '15 at 16:06
No one? I just cant seem to edit any script i find properly... — Michael W, Oct 06 '15 at 12:16

score 1 · Accepted Answer · answered Oct 12 '15 at 16:40

Yes I finally managed last week.... Thank you! Code if some other newbies want. It disabled accounts based on inputs from a textfile and also sets the accounts to Password Never Expire and Password Cannot Be Changed;

$EnableUser = 512 
$DisableUser = 2 
$PasswordNotExpire = 65536 
$PasswordCantChange = 64 
$users = Get-Content -path "C:\Users_To_Disable.txt" 
$computer = $env:COMPUTERNAME

Foreach($user in $users){ $user = [ADSI]"WinNT://$computer/$user"
$user.userflags = $DisableUser+$PasswordNotExpire+$PasswordCantChange
#$user.Userflags = $EnableUser+$PasswordNotExpire+$PasswordCantChange
$user.setinfo()
}

score 0 · Answer 2 · answered Oct 08 '15 at 20:26

Sorry, this isn't an answer, and I'm about to leave work, but did you see this article? http://blogs.technet.com/b/heyscriptingguy/archive/2010/11/22/use-powershell-to-enable-or-disable-a-local-user-account.aspx

That might help. I apologize if it doesn't.

score 0 · Answer 3 · answered Apr 08 '16 at 00:02

This isn't your answer but it is a high hit in google for disabling local user accounts in PowerShell. Here is what I assembled using your answer

function user-enable()
{
    param([string] $username, [boolean] $enabled)

    $disableFlag = 2 
    $enableFlag = 512

    $flag = if ($enabled) {$enableFlag} else {$disableFlag} # powershell turnary lol

    $computername = $env:COMPUTERNAME
    $user = [adsi]"WinNT://$computername/$username"
    $user.userflags = $flag
    $user.setinfo()
}

user-enable -username "packer" -enabled $false

Bulk disable local accounts found in text/csv file

3 Answers3