Accessing local group by group SID

Accessing local group by group SID

Post by Marku » Sat, 23 Jul 2005 23:08:26

Hello all,
perhaps someone could give me a hint for a small problem I have here.
I would like to access local groups based on their well-known SID.
Then check the members for the existence of certain groups.

Currently I only know how to check the group based on the name.
However, there is the problem, that "Administrators" group is not the
same name in all languages.

Is there any possibility to identify a local group based on the SID.

Here's the part of the script that is currently doing the membership

Set colGroups = GetObject("WinNT://" & strComputer & "")
colGroups.Filter = Array("group")
For Each objGroup In colGroups
If objGroup.Name = "Administrators" Then
For Each objUser in objGroup.Members
If objUser.Name = strCheckMemberName Then
bIsMember =True
End If
End If

Thanks in advance for the help.


Accessing local group by group SID

Post by MV » Sun, 24 Jul 2005 01:55:10



Set objWshNetwork = CreateObject("WScript.Network")

strComputer = objWshNetwork.ComputerName

strGroupSID = "S-1-5-32-544" ' Well Known SID of the Administrators group

' Obtain the group name based on well know SID
strGroupName = GetGroupName(strComputer, strGroupSID)

' Connect to the group
Set objGroup = GetObject("WinNT://" & strComputer & "/" _
& strGroupName & ",group")

' Display all member names in the group
For Each objMember in objGroup.Members
WScript.Echo objMember.Name

Function GetGroupName(sComputer, sGroupSID)

' List of well know SID's is available here:
' Well-known security identifiers in Windows operating systems

Dim oGroupAccounts, oGroupAccount

Set oGroupAccounts = GetObject( _
"winmgmts://" & sComputer & "/root/cimv2") _
.ExecQuery("Select Name from Win32_Group" _
& " WHERE Domain = '" & sComputer & "' AND SID = '" & sGroupSID & "'")

If oGroupAccounts.Count = 0 Then
' need to use Domain = 'BUILTIN' at least for Win2k SP2
Set oGroupAccounts = GetObject( _
"winmgmts://" & sComputer & "/root/cimv2") _
.ExecQuery("Select Name from Win32_Group" _
& " WHERE Domain = 'BUILTIN' AND SID = '" & sGroupSID & "'")
End If

For Each oGroupAccount In oGroupAccounts
GetGroupName = oGroupAccount.Name
End Function


torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide: