Last active
October 4, 2021 18:24
-
-
Save JohnLBevan/498bcae292e698b77449f3f361f195ff to your computer and use it in GitHub Desktop.
Get Local Security Group Info (PS2 compatible)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#based on code from this blog: https://mcpmag.com/articles/2015/06/18/reporting-on-local-groups.aspx | |
function Get-AdsiComputer { | |
[CmdletBinding()] | |
param ( | |
[Parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] | |
[string]$ComputerName = $env:COMPUTERNAME | |
) | |
process { | |
[ADSI]("WinNT://$ComputerName,computer") | |
} | |
} | |
function Get-AdsiComputerLocalGroup { | |
[CmdletBinding(DefaultParameterSetName='ComputerByName')] | |
param ( | |
[Parameter(ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByName')] | |
[string]$ComputerName = $env:COMPUTERNAME | |
, | |
[Parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByAdsiObject')] | |
[ADSI]$AdsiComputer | |
, | |
[Parameter(ValueFromPipelineByPropertyName=$true)] | |
[string[]]$GroupName | |
) | |
process { | |
if($PSCmdlet.ParameterSetName -eq 'ComputerByName') { | |
$AdsiComputer = Get-AdsiComputer $ComputerName | |
} else { | |
$ComputerName = $AdsiComputer.Name | Select-Object -First 1 | |
} | |
if(@($GroupName | ?{$_}).Count -eq 0) { #list all groups | |
Write-Verbose "Listing all groups on $ComputerName" | |
$AdsiComputer.Children | ?{$_.SchemaClassName -eq 'Group'} | |
} else { #get specific group(s) | |
$GroupName | %{ | |
Write-Verbose "Getting group $_ on $ComputerName" | |
$AdsiComputer.Children.Find($_, 'Group') | |
} | |
} | |
} | |
} | |
function Get-AdsiComputerLocalGroupMember { | |
[CmdletBinding(DefaultParameterSetName='ComputerByNameGroupByName')] | |
param ( | |
[Parameter(ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByNameGroupByName')] | |
[Parameter(ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByNameGroupByAdsi')] | |
[string]$ComputerName = $env:COMPUTERNAME | |
, | |
[Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByAdsiGroupByName')] | |
[Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByAdsiGroupByAdsi')] | |
[ADSI]$AdsiComputer | |
, | |
[Parameter(ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByNameGroupByName')] | |
[Parameter(ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByAsdiGroupByName')] | |
[string[]]$GroupName | |
, | |
[Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByNameGroupByAdsi')] | |
[Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, ParameterSetName='ComputerByAsdiGroupByAdsi')] | |
[ADSI[]]$AdsiGroup | |
, | |
[Parameter(ValueFromPipelineByPropertyName=$true)] | |
[string[]]$UserName | |
) | |
process { | |
if (@('ComputerByNameGroupByName','ComputerByNameGroupByAdsi') -contains $PSCmdlet.ParameterSetName) { | |
$AdsiComputer = Get-AdsiComputer -ComputerName $ComputerName | |
} else { | |
$ComputerName = $AdsiComputer.Name | Select-Object -First 1 | |
} | |
if(@('ComputerByNameGroupByName','ComputerByAsdiGroupByName') -contains $PSCmdlet.ParameterSetName) { | |
$AdsiGroup = @(Get-AdsiComputerLocalGroup -AdsiComputer $AdsiComputer -GroupName $GroupName) | |
} else { | |
$GroupName = @($AdsiGroup | Select-Group -ExpandProperty Name) | |
} | |
[bool]$DontFilterOnUsername = @($UserName | ?{$_}).Count -eq 0 | |
$AdsiGroup | %{ | |
$gName = $_.Name | select -first 1 | |
$gSid = (New-Object System.Security.Principal.SecurityIdentifier($_.ObjectSID[0],0)).Value | |
$gADSPath = $_.Path | |
$_.Invoke('members') | %{ | |
$AdsiUser = $_ | |
$AdsiUser.GetType.Invoke().InvokeMember("Name",'GetProperty', $null, $AdsiUser, $null) | ?{$DontFilterOnUsername -or (@($UserName) -contains $_)} | %{ | |
(New-Object -TypeName PSObject -Property @{ | |
ComputerName = $ComputerName | |
GroupName = $gName | |
UserName = $_ | |
ComputerADSPath = $AdsiComputer.Path | |
GroupADSPath = $gADSPath | |
GroupSID = $gSid | |
UserSID = (New-Object System.Security.Principal.SecurityIdentifier($AdsiUser.GetType.Invoke().InvokeMember("ObjectSID",'GetProperty', $null, $AdsiUser, $null),0)).Value | |
UserADSPath = $AdsiUser.GetType.Invoke().InvokeMember("ADSPath",'GetProperty', $null, $AdsiUser, $null) | |
}) | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note: This makes use of the NULL session for enumerating accounts.
For that to work, the target machine must have HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \LSA\RestrictAnonymous set to 0. More info here: http://smallvoid.com/article/winnt-restrict-anonymous.html