Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: wmi

Commandline Kung-fu – Solution

So yesterday, in a fit of Winrage I posted a cry for help… (see original Commandline Kung-fu needed! Apply within).

The basics of it were, I needed to resolve a group SID  to its name and then use it in a later command. Simple you’d think, but not so! The resolution is simple using wmic, but the way it’s returned and the limitations of Windows command line tools really started to be a pain.

Once you add in the limitation that it had to be a one-liner and not a script, you really started to have issues. You couldn’t set a variable or use substring as once you set an environment variable it didn’t seem to be available until the one-liner had finished and Windows had refreshed the env list…. and that was just the start of the hair pulling (not that I have much to pull out anymore).

So, after a bit more playing I realised that one of my earlier solutions might just have worked if I’d have set the delimiter right… so, here you have it… a working one-liner to find the local administrators group (no matter what it’s called, spaces and all) and add a newly created user to that group.

FOR /F "usebackq tokens=2* skip=1 delims==" %G IN (`wmic group where sid^='S-1-5-32-544' get name /Value`); do FOR /F "usebackq tokens=1 delims==" %X IN (`echo %G`); do net user username password /ADD && net localgroup "%X" username /ADD

Simple you say… well I guess hindsight is 20/20!

Some more useful SID values for testing:

  • S-1-5-32-555 –> Remote Desktop Users
  • S-1-5-32-551 –> Backup Operators
  • S-1-5-32-549 –> Server Operators
  • Well-known security identifiers in Windows operating systems (here)

{Quick Post} Commandline Kung-fu needed! Apply within


After some more playing, and some headache tablets, it seems I’ve found a solution (or should I say, found the bug in a solution I thought didn’t work)… I won’t post a spoiler just yet incase people are playing… but I will post the answer I found tomorrow once I have time!

In the meantime happy hunting…. and remember, Windows sucks sometimes!

—- —- —-

So, I’ve been fighting with the following command for a while and can’t quite get it working (due to whitespace or linefeeds at the end of the string). So I’m putting it out there and asking for help!


Create a single Windows command-line (not a script) that runs on all modern versions of Windows (no powershell here) that resolves a localgroup name from its SID, and feeds this group name (including any spaces!) into a “net localgroup” command… It seems easy, but due to the spaces present in some group names, it’s a bit tricky to solve without using some mystical command-line kung-fu that I certainly don’t seem to posses!

Example (not working):

For /F “usebackq Tokens=1* Delims==” %I In (`wmic group where sid^=’S-1-5-32-551′ get name /Value ^| Find “=”`); do net user username password /ADD && net localgroup %J username /ADD

The above example uses the SID for “Backup Operators” as it contains a space… which meets the criteria! It also fails…

Example (working for group names w/o spaces only):

FOR /F “usebackq skip=1” %g IN (`wmic group where sid^=’S-1-5-32-544′ get name`); do net user username password /ADD && net localgroup %g username /ADD

This example works for group names like “administrators”, but if you alter the SID to S-1-5-32-551 then it will only take “backup” from the “backup operators” group name and therefore fail. It’s simple enough to fix if you known beforehand that the group has a space, but that’s not the point… we don’t know for all cases.

Anybody got the smarts to solve this? I hate batch scripting!!!