How to Disable Local User Computer Accounts Using PowerShell?

Recently, I got a requirement to disable a local user account in my organization. PowerShell is the best option to do this. In this tutorial, I will explain how to disable local user computer accounts using PowerShell.

When an employee leaves the company, it’s essential to ensure that their access to company resources is revoked promptly. Additionally, temporary disabling of accounts can be useful during periods of inactivity or for troubleshooting purposes. In these situations, you might need to disable local user accounts.

Note: Make sure you have administrative privileges on the computer where you will be running the PowerShell commands.

Disable Local User Accounts using PowerShell

Now follow the step-by-step approach to disable local user accounts using PowerShell.

Step 1: Open PowerShell with Administrative Privileges

First, you need to open PowerShell as an administrator. You can do this by searching for “PowerShell” in the Start menu, right-clicking on Windows PowerShell, and selecting “Run as administrator.”

Step 2: List All Local User Accounts

To get a list of all local user accounts on your computer, use the Get-LocalUser cmdlet. This will help you identify the exact username of the account you wish to disable.

Get-LocalUser

This command will output a list of all local user accounts. For example:

Name               Enabled Description                                                                                    
----               ------- -----------                                                                                    
Administrator      False   Built-in account for administering the computer/domain                                         
DefaultAccount     False   A user account managed by the system.                                                          
fewli              True                                                                                                   
Guest              False   Built-in account for guest access to the computer/domain                                       
John Smith         True                                                                                                   
WDAGUtilityAccount False   A user account managed and used by the system for Windows Defender Application Guard scenarios.

You can see the exact output in the screenshot below:

Step 3: Disable a Specific Local User Account

To disable a specific local user account, use the Disable-LocalUser cmdlet followed by the -Name parameter and the username of the account you wish to disable. For example, to disable the account for JohnDoe, you would use the following command:

Disable-LocalUser -Name "John Smith"

This command will disable the John Smith account, preventing the user from logging in.

Check out How to Use PowerShell to Get the Current Logged On User on a Remote Computer?

Step 4: Verify the Account is Disabled

To ensure that the account has been successfully disabled, you can use the Get-LocalUser cmdlet again and check the Enabled status of the account.

Get-LocalUser -Name "John Smith"

The output should now show that the Enabled status is False for the John Smith account.

Here is the exact output in the screenshot below:

Step 5: Disable Multiple Accounts

If you need to disable multiple accounts at once, you can use a PowerShell script to automate the process. For example, to disable both JohnDoe and JaneSmith accounts, you can use the following script:

$users = @("JohnDoe", "JaneSmith")
foreach ($user in $users) {
    Disable-LocalUser -Name $user
}

Check out How to Keep Your Screen Active with a PowerShell Script?

Step 6: Disable All Local Accounts Except Administrator

In some cases, you might want to disable all local user accounts except the Administrator account. You can achieve this with the following script:

Get-LocalUser | Where-Object { $_.Name -ne "Administrator" } | ForEach-Object { Disable-LocalUser -Name $_.Name }

This script will iterate through all local user accounts, excluding the Administrator, and disable them.

Check out How to Get Computer Information Using PowerShell?

Troubleshooting Common Issues

Like every time, let me show you how to troubleshoot common issues you might face while executing the above PowerShell scripts.

Issue 1: Access Denied Error

If you encounter an “Access Denied” error, ensure that you are running PowerShell with administrative privileges. Right-click on the PowerShell icon and select “Run as administrator.”

Issue 2: User Account Not Found

If you receive an error stating that the user account was not found, double-check the username for any typos. Use the Get-LocalUser cmdlet to list all local user accounts and verify the correct username.

Issue 3: PowerShell Version Compatibility

The Disable-LocalUser cmdlet is available in Windows PowerShell 5.1 and later versions. If you are using an earlier version of PowerShell, you may need to update to a newer version.

Conclusion

In this tutorial, I explained how to disable local user accounts in PowerShell using the Disable-LocalUser cmdlet.

You may also like:

• Create a Shortcut to a Folder Using PowerShell
• How to Create Local Users in Windows Using PowerShell?

Bijay Kumar

Bijay Kumar is an esteemed author and the mind behind PowerShellFAQs.com, where he shares his extensive knowledge and expertise in PowerShell, with a particular focus on SharePoint projects. Recognized for his contributions to the tech community, Bijay has been honored with the prestigious Microsoft MVP award. With over 15 years of experience in the software industry, he has a rich professional background, having worked with industry giants such as HP and TCS. His insights and guidance have made him a respected figure in the world of software development and administration. Read more.