How to List All Local Users in Batch Script
For security audits, system inventory, or user account management on a standalone machine, you often need to get a list of all local user accounts. This is distinct from domain accounts and refers to the users defined in the local Security Account Manager (SAM) database of the computer. Windows provides several built-in command-line tools to retrieve this list.
This guide will teach you the two most effective methods for listing local users. We will cover the classic NET USER command, which is simple and universally available, and the more powerful and script-friendly WMIC command, which is the recommended method for any automation task.
The Classic Method: NET USER
The NET USER command is the original tool for managing local user accounts. When run with no arguments, it lists all local user accounts on the machine.
Syntax: NET USER
This command is simple, fast, and available on all versions of Windows.
The Modern Method (Recommended for Scripting): WMIC
The WMIC (Windows Management Instrumentation Command-line) utility provides a more structured and powerful way to query system information, including local user accounts.
Syntax: WMIC USERACCOUNT GET Name
USERACCOUNT: The WMI alias for theWin32_UserAccountclass.GET Name: The specific property we want to retrieve.
This command produces a clean, single-column list of usernames, which is far easier to use in a script.
Basic Example: Displaying All Local Users
This script runs both commands to show the difference in their output format.
@ECHO OFF
ECHO --- Listing Local Users ---
ECHO.
ECHO --- Method 1: Using NET USER (multi-column format) ---
NET USER
ECHO.
ECHO ==========================================================
ECHO.
ECHO --- Method 2: Using WMIC (clean, single-column format) ---
WMIC USERACCOUNT GET Name
The NET USER output is formatted in columns and includes a header and footer.
User accounts for \\MY-PC
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
jdoe TempUser WDAGUtilityAccount
The command completed successfully.
The WMIC output is a clean, single column with a header, which is ideal for scripting.
Name
Administrator
DefaultAccount
Guest
jdoe
TempUser
WDAGUtilityAccount
How to Capture the User List in a Script
To use the list of users in a script (e.g., to loop through them), you need to capture the output into a variable or, more usefully, process it with a FOR /F loop. This is where WMIC's superiority becomes clear.
Example of script for capturing WMIC output (Recommended):
@ECHO OFF
ECHO --- Capturing a list of all local users ---
ECHO.
REM 'skip=1' ignores the "Name" header line.
FOR /F "skip=1 delims=" %%U IN ('WMIC USERACCOUNT GET Name') DO (
ECHO Found user: "%%U"
)
This is the standard, robust pattern for iterating through local users. Parsing the multi-column output of NET USER is much more complex and not recommended.
How NET USER and WMIC USERACCOUNT Commands Work
NET USER: This command is a legacy interface that directly queries the local Security Account Manager (SAM) database and formats the results in a simple text report.WMIC USERACCOUNT: This is a more modern interface to the WMI service. It queries theWin32_UserAccountclass, which represents all user accounts known to the system. You can add theWHERE LocalAccount=Trueclause to be absolutely certain you are only getting local accounts:WMIC USERACCOUNT WHERE LocalAccount=True GET Name.
Common Pitfalls and How to Solve Them
Problem: The Output Includes System and Built-in Accounts
Both commands will list all accounts, not just the ones for human users. This includes:
Administrator(the built-in admin account, usually disabled)Guest(the built-in guest account, usually disabled)WDAGUtilityAccount(used for Windows Defender Application Guard)DefaultAccount(a system-managed account)
Solution: This is normal and expected. A robust script needs to filter this list if it only wants to operate on "real" user accounts. You can do this by adding FINDSTR to your command.
REM This command excludes common system accounts.
WMIC USERACCOUNT GET Name | FINDSTR /V /I "Administrator Guest DefaultAccount WDAGUtilityAccount"
Problem: The NET USER Output is Hard to Parse
As shown, the multi-column format of NET USER is difficult for a FOR /F loop to handle reliably, especially if usernames contain spaces.
Solution: Always use WMIC for scripting. Its clean, single-column output is designed for exactly this kind of automation.
Practical Example: A Local User Account Report
This script uses the robust WMIC method to create a CSV report of all local user accounts, including their status (enabled or disabled) and a description.
@ECHO OFF
SETLOCAL
SET "ReportFile=%USERPROFILE%\Desktop\Local_User_Report.csv"
ECHO --- Local User Account Report Generator ---
ECHO Creating report at: "%ReportFile%"
REM --- Create the CSV Header ---
(ECHO "Name","Disabled","Description") > "%ReportFile%"
REM --- Get the data from WMIC in CSV format and append to the report ---
REM 'skip=1' ignores the WMIC header. 'tokens=2-5' grabs the 4 data columns.
FOR /F "skip=1 tokens=2,3,4 delims=," %%A IN (
'WMIC USERACCOUNT WHERE LocalAccount=True GET Description,Disabled,Name /FORMAT:CSV'
) DO (
ECHO "%%C","%%B","%%A" >> "%ReportFile%"
)
ECHO.
ECHO [SUCCESS] Report created.
START "" "%ReportFile%"
ENDLOCAL
The /FORMAT:CSV switch, which makes parsing with FOR /F extremely reliable.
Conclusion
While NET USER is a quick command for a human to read, the WMIC utility is the superior and recommended tool for listing local users in a batch script.
Key takeaways:
- The
NET USERcommand is simple for a quick, interactive glance. - The
WMIC USERACCOUNT GET Namecommand is the best practice for scripting because it produces a clean, single-column list that is easy to parse. - Use a
FOR /F "skip=1"loop to process the output ofWMICand iterate through the users. - Be prepared for the list to include built-in system accounts; use
FINDSTRto filter them out if needed.