Cатсн²² (in)sесuяitу / ChrisJohnRiley

So yesterday, in a fit of Winrage I posted a cry for help… (see original Commandline Kung-fu needed! Apply within).

The basics of it were, I needed to resolve a group SID  to its name and then use it in a later command. Simple you’d think, but not so! The resolution is simple using wmic, but the way it’s returned and the limitations of Windows command line tools really started to be a pain.

Once you add in the limitation that it had to be a one-liner and not a script, you really started to have issues. You couldn’t set a variable or use substring as once you set an environment variable it didn’t seem to be available until the one-liner had finished and Windows had refreshed the env list…. and that was just the start of the hair pulling (not that I have much to pull out anymore).

So, after a bit more playing I realised that one of my earlier solutions might just have worked if I’d have set the delimiter right… so, here you have it… a working one-liner to find the local administrators group (no matter what it’s called, spaces and all) and add a newly created user to that group.

FOR /F "usebackq tokens=2* skip=1 delims==" %G IN (`wmic group where sid^='S-1-5-32-544' get name /Value`); do FOR /F "usebackq tokens=1 delims==" %X IN (`echo %G`); do net user username password /ADD && net localgroup "%X" username /ADD

Simple you say… well I guess hindsight is 20/20!

Some more useful SID values for testing:

• S-1-5-32-555 –> Remote Desktop Users
• S-1-5-32-551 –> Backup Operators
• S-1-5-32-549 –> Server Operators
• Well-known security identifiers in Windows operating systems (here)