Public/Disable-User.ps1
|
function Disable-User { <# .SYNOPSIS Disables local user accounts. .DESCRIPTION The Disable-User cmdlet disables local user accounts. When a user account is disabled, the user is not permitted to log on. .PARAMETER InputObject Specifies the local user accounts to disable. .PARAMETER Name Specifies the names of the local user accounts to disable. .PARAMETER SID Specifies the LocalUser accounts to disable by SecurityIdentifier. .EXAMPLE Disable-User -Name "John" Disables the local user named John. #> [CmdletBinding(SupportsShouldProcess = $true)] param( [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'InputObject')] [LocalUser[]]$InputObject, [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'Default')] [string[]]$Name, [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'SecurityIdentifier')] [System.Security.Principal.SecurityIdentifier[]]$SID ) process { # Process InputObject if ($null -ne $InputObject) { foreach ($user in $InputObject) { if ($null -eq $user) { continue } if ($PSCmdlet.ShouldProcess($user.Name, 'Disable user account')) { try { [LocalAccountHelper]::SetLocalUserEnabled($user, $false) } catch [System.UnauthorizedAccessException] { $ex = [AccessDeniedException]::new($user) Write-Error -Message $ex.Message -ErrorId 'AccessDenied' -Category PermissionDenied -TargetObject $user } catch { Write-Error -Message $_.Exception.Message -ErrorId 'InvalidOperation' -Category InvalidOperation -TargetObject $user } } } } # Process Name if ($null -ne $Name) { foreach ($userName in $Name) { if ([string]::IsNullOrWhiteSpace($userName)) { continue } if ($PSCmdlet.ShouldProcess($userName, 'Disable user account')) { try { $user = [LocalAccountHelper]::GetLocalUserByName($userName) if ($null -ne $user) { [LocalAccountHelper]::SetLocalUserEnabled($user, $false) } else { $ex = [UserNotFoundException]::new($userName, $userName) Write-Error -Message $ex.Message -ErrorId 'UserNotFound' -Category ObjectNotFound -TargetObject $userName } } catch [System.UnauthorizedAccessException] { $ex = [AccessDeniedException]::new($userName) Write-Error -Message $ex.Message -ErrorId 'AccessDenied' -Category PermissionDenied -TargetObject $userName } catch { Write-Error -Message $_.Exception.Message -ErrorId 'InvalidOperation' -Category InvalidOperation -TargetObject $userName } } } } # Process SID if ($null -ne $SID) { foreach ($userSid in $SID) { if ($null -eq $userSid) { continue } if ($PSCmdlet.ShouldProcess($userSid.Value, 'Disable user account')) { try { $user = [LocalAccountHelper]::GetLocalUserBySid($userSid) if ($null -ne $user) { [LocalAccountHelper]::SetLocalUserEnabled($user, $false) } else { $ex = [UserNotFoundException]::new($userSid.Value, $userSid) Write-Error -Message $ex.Message -ErrorId 'UserNotFound' -Category ObjectNotFound -TargetObject $userSid } } catch [System.UnauthorizedAccessException] { $ex = [AccessDeniedException]::new($userSid) Write-Error -Message $ex.Message -ErrorId 'AccessDenied' -Category PermissionDenied -TargetObject $userSid } catch { Write-Error -Message $_.Exception.Message -ErrorId 'InvalidOperation' -Category InvalidOperation -TargetObject $userSid } } } } } } |