Reputation: 6808
Get Caption of SID from RSOP_Session SecurityGroups
From the WMI namespace root\rsop\user\<user_SID> I can fetch an array of SecurityGroups using the WQL Select SecurityGroups from RSOP_Session. I end up with a list of SIDs similar to the following:
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-604776629-999
S-1-1-0
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-682003330-9999
S-1-5-32-545
S-1-5-32-544
S-1-5-4
S-1-5-11
S-1-2-0
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-604776629-888
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-604776629-77777
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-604776629-66666
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-604776629-55555
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-604776629-44444
My question: How do I retrieve the caption (name) of those SIDs? Some of them belongs to the domain, and yet some others belong to I'm not sure who/what/where... (the problem, of course, is the latter)
Upvotes: 0
Views: 301
Answers (1)
Reputation: 21
Process the SAM and SYSTEM hives with YARU (Yet Another Registry Utility) and generate a Password Hash Report from the Report menu, using the "Extracted hives" option for exported hives and the "Live System" option for the system which you are using.
YARU can be found for download at:
https://www.tzworks.net/download_links.php
YARU is located in the middle of the list under Registry and Event Log Analysis.
Upvotes: 2
Related Questions
- How to get active session user SID?
- Get group name from SID
- Receive all membership groups' SIDs that a user belongs to?
- Ways to fetch domain username from SID string in VBScript
- How do I get SID for the group using vbscript?
- Determine if SID is User or Group
- How to get SID of a group once i get groups of a user in Active Directory?
- How can I get the current user's SID in VB6?
- How to find out if a currently logged in user belongs to a specific security group in classic asp
- I have a SID of a user account, and I want the SIDs of the groups it belongs to