2

I am trying to check a local user account if its either disabled or enabled and do the following: If enabled tell me "account is enabled, nothing to do"

If the account is disabled, tell me, Account is disabled, enabling... Enabled the account

What I get is always the first output no matter if the account is disabled or enabled:

#Checks local  user if its disabled to enable it
$isEnabled = $True
$Account = 'local_account'

try {
    $isEnabled = (Get-LocalUser $Account -ErrorAction Stop).Disabled
    Write-output  "local_account account is already enabled" 
}

catch {
    $isEnabled = $False
    write-output "local_account account is disabled, enabling..."
    Enable-LocalUser $Account
Improve this question

2 Answers 2

Reset to default
2

There isn't a .Disabled property on those objects, you need to check for .Enabled instead. You're also missing an if statement.

try {
    $Account = 'local_account'

    # if its enabled
    if((Get-LocalUser $Account -ErrorAction Stop).Enabled) {
        "$Account account is already enabled"
    }
    else {
        # if its not enabled
        "$Account account is disabled, enabling..."
        Enable-LocalUser $Account -ErrorAction Stop
    }
}
catch {
    # if there was an error while enabling or trying to find the account
    Write-Error $_
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi This works really well, however and this is my fault as I didnt mention it. I have to add this code to a larger script. So I have to take out the "return" code so the script doesnt exit early. I replaced it with "write-output but now it gives me both ouputs even if the account is already enabled:
@Drekko I see, an if / else would make sense in this case then. See my update.
0

See the rewritten script below

  • Main culprit .Disabled is not a property of Get-LocalUser use .Enabled instead
  • You have a missing } for your catch block, assuming copy/paste error
  • The $isEnabled variable has been removed because it is not used in the script.
  • The Get-LocalUser cmdlet is called with the -Name parameter instead of the $Account variable. This is a best practice because it is more clear and concise.
  • The if statement has been used to check whether the account is disabled instead of setting the $isEnabled variable to True or False. This is a more concise way to check the account status.
  • The Write-Output cmdlet is used instead of write-output. This is a best practice because it is more consistent with PowerShell's naming conventions.
  • The Write-Error cmdlet is used to display errors. This is a best practice because it formats the error message in a way that makes it easy to identify the source of the error.
$Account = 'local_account'

try {
    $User = Get-LocalUser -Name $Account -ErrorAction Stop
    if (-NOT $User.Enabled) {
        Write-Output "The '$Account' account is disabled. Enabling..."
        $User | Enable-LocalUser
        Write-Output "The '$Account' account has been enabled."
    }
    else {
        Write-Output "The '$Account' account is already enabled."
    }
}
catch {
    Write-Error "An error occurred while checking the status of the '$Account' account. Details: $_"
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.