<#
# It is recommended to test the script on a local machine for its purpose and effects.
# ManageEngine Endpoint Central will not be responsible for any
# damage/loss to the data/setup based on the behavior of the script.
# Description: Script is designed To Disable all local accounts in the end machines except few local user accounts
# Configuration Type - COMPUTER
# Caution: Before running scripts that modify user accounts, ensure you have appropriate backups and understand the impact.
Disabling all accounts could lock you out of the machine if not done carefully.
If account was unable to login means kindly reach out windows support
#>
# Define the usernames to check
$usernames = @("Test", "User1", "User2") # Add more usernames as needed
foreach ($username in $usernames) {
# Get the local user account
$user = Get-LocalUser -Name $username -ErrorAction SilentlyContinue
if ($user) {
# Check if the user account is enabled
if ($user.Enabled) {
Write-Output "The account '$username' is already enabled."
} else {
# Enable the local user account
Enable-LocalUser -Name $username
Write-Output "The account '$username' has been enabled."
}
} else {
Write-Output "User account '$username' does not exist."
}
}
# Get a list of all local user accounts
$localUsers = Get-LocalUser
# Loop through each user account
foreach ($user in $localUsers) {
# Skip the user accounts in the $usernames array
if ($usernames -notcontains $user.Name) {
# Check if the account is already disabled
if ($user.Enabled -eq $true) {
# Disable the user account
Disable-LocalUser -Name $user.Name
Write-Output "Disabled user account: $($user.Name)"
} else {
Write-Output "User account $($user.Name) is already disabled."
}
} else {
Write-Output "Skipping user account '$($user.Name)'."
}
}
Write-Output "All non-specified local user accounts have been processed."