User & Group Management

As a system administrator or penetration tester, managing and understanding user and group configurations is crucial for securing systems and gaining access during penetration tests. Users are typically the largest attack vector in an organization, making their management a vital part of system administration and security testing.

Default Local User Accounts

These accounts are created when Windows is installed to assist with basic system management. Below is a table of the most common built-in accounts:

Built-In Accounts

Account	Description
`Administrator`	The primary account for administrative tasks on the local host.
`DefaultAccount`	Used by the system for running multi-user authentication applications, like the Xbox utility.
`Guest`	A limited rights account that allows guest users to access the host. Disabled by default.
`WDAGUtilityAccount`	Used by Windows Defender Application Guard to run sandboxed sessions.

What Are User Groups?

User groups are collections of user accounts that share similar access permissions. By grouping users logically, administrators can assign permissions without having to configure each user individually. For example, a group can be given access to a specific directory or resource.

Get-LocalGroup

The Get-LocalGroup cmdlet can be used to list the groups on a local machine. It shows common groups like Administrators, Users, and others for specific roles.

# Example of Get-LocalGroup usage
Get-LocalGroup

Get-LocalUser

The Get-LocalUser cmdlet lists all the local user accounts on the system. These accounts are specific to the host and are not part of a domain.

# Example of Get-LocalUser usage
Get-LocalUser

Creating a New User

To create a new local user account, use the New-LocalUser cmdlet. You need to provide at least a username and password (or specify -NoPassword if no password is needed).

# Creating a new user named "DinjikUser"
New-LocalUser -Name "DinjikUser" -Password (ConvertTo-SecureString "newPassword123" -AsPlainText -Force)

For help with the syntax, you can use the Get-Help command:

# Get help on New-LocalUser cmdlet
Get-Help New-LocalUser

Modifying a User

If you need to modify an existing user, use the Set-LocalUser cmdlet. For example, you can change the password or add a description to a user account.

# Modify the user "DinjikUser" to change the password and add a description
Set-LocalUser -Name "DinjikUser" -Password (ConvertTo-SecureString "newSecurePassword456" -AsPlainText -Force) -Description "Updated user profile"

Get-LocalGroupMember

This cmdlet is useful for inspecting the members of a local group, helping you check which users belong to a particular group.

# Example of Get-LocalGroupMember usage
Get-LocalGroupMember -Group "Administrators"

Adding a Member To a Group

You can add a user to a specific local group using the Add-LocalGroupMember cmdlet.

# Add "DinjikUser" to the "Remote Desktop Users" group
Add-LocalGroupMember -Group "Remote Desktop Users" -Member "DinjikUser"

Get-ADUser

If you’re working in a domain, you can use Get-ADUser to search for users within Active Directory. This cmdlet allows you to filter users based on specific attributes.

# Example of Get-ADUser usage
Get-ADUser -Filter * -Properties *

Creating a New Active Directory User

To create a new AD user, use the New-ADUser cmdlet. Below is an example of creating a new user named DinjikSmith:

# Creating a new AD user "DinjikSmith"
New-ADUser -Name "DinjikSmith" -Surname "Smith" -GivenName "Dinjik" -Office "Security" -OtherAttributes @{'title'="Manager";'mail'="Dinjik.Smith@dijikcorp.com"} -AccountPassword (Read-Host -AsSecureString "AccountPassword") -Enabled $true

Example Output:

Name    Enabled GivenName Surname Title   Office   Mail
----    ------- --------- ------- -----   ------   ----
DinjikSmith   True  Dinjik   Smith  Manager Security Dinjik.Smith@dijikcorp.com

Explorer