Identifying and Managing Unused Local Accounts on Windows Systems

by Team Ninja
reviewed by Stan Hunter
Identifying and Managing Unused Local Accounts on Windows Systems

If you're an IT professional or a Managed Service Provider (MSP), the concept of unused local accounts should ring a bell. Simply put, unused local accounts are accounts that have not been used for a period of time—often defined by your organization's policy. These seemingly innocuous accounts can actually be a significant security risk, serving as a backdoor for attackers to gain unauthorized access to a system. Today, we're exploring a PowerShell script designed to identify and manage these potential security loopholes. 

The Script: A Detailed Examination 

The Test-UnusedLocalAccounts.ps1 script operates under PowerShell 5.1 and offers a streamlined approach to managing dormant accounts. It starts its operation by verifying if the Get-LocalUser command is available on your system. This is crucial because the entire functionality is built upon this command. Once confirmed, the script cycles through all local accounts to pinpoint those that haven't seen any activity for a specified number of days (30 days by default). The cherry on top? The script outputs a neatly organized list of these inactive accounts straight to your console.

The Script: Condition Script for Unused Local Accounts on Windows

#Requires -Version 5.1

    Condition script for unused local account on windows
    Condition script for unused local account on windows
     -Days 30
    Checks for accounts that have not logged in for more than 30 days
    PS C:\> Test-UnusedLocalAccounts.ps1 -Days 30
    Checks for accounts that have not logged in for more than 30 days
    Minimum supported OS: Windows 10, Server 2016
    Release Notes:
    Initial release
    (c) 2023 NinjaOne
    By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at
    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. 
    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. 
    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. 
    Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. 
    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. 
    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. 
    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).

param (
    $Days = 30

begin {
    function Test-StringEmpty {
        # Returns true if string is empty, null, or whitespace
        process { [string]::IsNullOrEmpty($Text) -or [string]::IsNullOrWhiteSpace($Text) }
    if (-not $(Test-StringEmpty -Text $env:Days)) {
        $Days = $env:Days
process {
    # Check if Get-LocalUser is available on this system
    if (-not $(Get-Command -Name "Get-LocalUser" -ErrorAction SilentlyContinue)) {
        Write-Error "The command Get-LocalUser is not available on this system."
        exit 2

    $UnusedAccounts = Get-LocalUser |
        Where-Object {
            ($(Test-StringEmpty -Text $_.LastLogon) -or $_.LastLogon -le (Get-Date).AddDays(-$Days)) -and
        } |
        Select-Object Name, LastLogon |
        ForEach-Object {
                Name      = $_.Name
                LastLogon = $_.LastLogon
    if ($UnusedAccounts) {
        Write-Host "Accounts that have not logged in for the past $Days days:"
        $UnusedAccounts | ForEach-Object {
            Write-Host "$($_.Name): $($_.LastLogon)"
        exit 1
    exit 0
end {
    $ScriptVariables = @(
            name           = "Days"
            calculatedName = "days"
            required       = $false
            defaultValue   = [PSCustomObject]@{
                type  = "TEXT"
                value = "30"
            valueType      = "TEXT"
            valueList      = $null
            description    = "Accounts older than this number in days."


Access over 700+ scripts in the NinjaOne Dojo

Get Access

Core Benefits: Beyond the Basics 


As mentioned earlier, unused local accounts are often left unmonitored, becoming potential entry points for cybercriminals. This script helps in proactively identifying these accounts. 


What could take hours of manual labor takes minutes with this script. Particularly for MSPs overseeing multiple client accounts, efficiency is key. 


You're not stuck with a 30-day period. You can customize the time frame according to your organizational policies.

Extended Features 

While identifying unused accounts is critical, acting upon this information is equally important. The script can also be configured to export the results to a file or send an email notification when unused accounts are discovered. This enhances your ability to track and manage these accounts effectively.

How to Use It 

To deploy the script, input the following command:

PS C:\> Test-UnusedLocalAccounts.ps1 -Days 30


You may also be interested in our blog post, How to Disable a Local Account in Windows Using PowerShell.

NinjaOne: Expanding Your Arsenal 

While our discussed PowerShell script is an invaluable tool, it's just one piece of the puzzle. Platforms like NinjaOne offer a more comprehensive approach, allowing you to manage not just unused local accounts, but your entire IT ecosystem. NinjaOne can even execute scripts like Test-UnusedLocalAccounts.ps1 across multiple systems simultaneously.

Concluding Remarks 

In the grand scheme of cybersecurity, every little bit counts. Unused local accounts on Windows systems may seem trivial but could become your Achilles' heel if left unaddressed. The Test-UnusedLocalAccounts.ps1 script is a robust, automated solution for this often-overlooked aspect of system management. And when coupled with platforms like NinjaOne and other tools, IT professionals and MSPs have an expansive toolkit to ensure their networks remain uncompromised. 

So, there you have it. Equip yourself with the right tools and knowledge to safeguard your IT environment effectively. Keep following this space for more enterprise IT solutions. 

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

NinjaOne Rated #1 in RMM, Endpoint Management and Patch Management

Monitor, manage, and secure any device, anywhere

NinjaOne gives you complete visibility and control over all your devices for more efficient management.

Too many tools in too many places?

See how tool sprawl impacts IT and what you can do to solve it.