Reputation: 19735
How do I get a local NT Service SID using Powershell?
I found this snippet on SO:
Get User SID From Logon ID (Windows XP and Up)
Function GetSIDfromAcctName()
{
$myacct = Get-WmiObject Win32_UserAccount -filter "Name = '$env:USERNAME "
write-host Name: $myacct.name
Write-Host SID : $myacct.sid
}
But it doesn't show everything.
For example, I just want the sid of "nt service\dhcp." How can I get that? When I run my powershell manually with
Get-WmiObject Win32_UserAccont
I get all the users, but there's only three "regular" users. None of the "special" nt service users.
Thanks for help.
Upvotes: 4
Views: 11466
Answers (2)
Reputation: 72640
If you want to know the name of the account under which a service is started you can use:
Get-WMIObject -Class 'Win32_Service' -Filter "name='dhcp'" | % {return $_.startname}
The result is "NT Authority\LocalService", which is a well known SID. As discribed in SID Values For Default Windows NT Installations, you'll find more SIDs in Well-known security identifiers in Windows operating systems.
Edit
As you can see in the following screen shot, yes the DHCP client is running in a session started as "NT Authority\LocalService":
Upvotes: 1
Reputation: 52619
To get the built-in accounts, you need another WMI class: Win32_Account.
Get-WMIObject -Class 'Win32_Account' -Filter 'name="LOCAL SERVICE"'
Upvotes: 4
Related Questions
- from PowerShell 5.1 to 7.2.5 Get-Service -ComputerName doesn't exist anymore, how do I get computer name then?
- What command should I use for getting comprehensive service information on Powershell?
- How to get Log On As account for Windows Service via PowerShell
- Get startup type of Windows service using PowerShell
- How to pull physical path of a Windows Service using Get-Service command
- Powershell Get-Service to show all services executed with specific service account name
- How can I convert a SID to an account name in PowerShell?
- Get service name inside service
- Get-Service in a Powershell Script
- How to add a service SID to a service?