Getting localized translations of built-in Windows account names
Posted by jpluimers on 2012/12/31
A lot of scripts you find on the internet have hardcoded Windows account names or groups, for instance BUILTIN\Administrators
Those don’t work on many localized Windows versions, as part of the account names have been translated as well. Not only Administrators is translated, but BUILTIN can be translated too. Basically, expect everything in Windows to be translated as part of the localization process.
Some people keep translations lists, but that is not the real solution.
The real solution is that each such group, account or other identifier stems from a SID or Security ID.
Many of those SIDs are the same on any machine, or structured the same within a domain.
Microsoft has a list of these called Well-known security identifiers in Windows operating systems.
That list isn’t in a format most Windows tools use it, so I generated the list below that is more suitable.
The list below is based on a Windows 7 machine. Other versions or editions give slightly different results, but it is a good start.
At the bottom is the batch file that I used to generate this table. That file is adapted from the Microsoft list above.
The batch file depends on a few tools and tricks:
- PsGetSid from SysInternals translates SID to/from Name using the LookupAccountSid and LookupAccountName functions.
- Since PsGetSid emits the SID/name information to stdout, and a header to stderr, you need to redirect stderr to nul using the
2>nultrick. - You cannot separate the SID/name using “: ” (colon space) as the name can contain spaces. So you need to pass the results using quotes to the display logic, then strip a space from the name there using substrings in batch files.
The table:
| SID | Kind | Name |
| S-1-0-0 | Well Known Group | \NULL SID |
| S-1-1-0 | Well Known Group | \Everyone |
| S-1-2-0 | Well Known Group | \LOCAL |
| S-1-2-1 | Well Known Group | \CONSOLE LOGON |
| S-1-3-0 | Well Known Group | \CREATOR OWNER |
| S-1-3-1 | Well Known Group | \CREATOR GROUP |
| S-1-3-2 | Well Known Group | \CREATOR OWNER SERVER |
| S-1-3-3 | Well Known Group | \CREATOR GROUP SERVER |
| S-1-3-4 | Well Known Group | \OWNER RIGHTS |
| S-1-5-80-0 | Well Known Group | NT SERVICE\ALL SERVICES |
| S-1-5-1 | Well Known Group | NT AUTHORITY\DIALUP |
| S-1-5-2 | Well Known Group | NT AUTHORITY\NETWORK |
| S-1-5-3 | Well Known Group | NT AUTHORITY\BATCH |
| S-1-5-4 | Well Known Group | NT AUTHORITY\INTERACTIVE |
| S-1-5-6 | Well Known Group | NT AUTHORITY\SERVICE |
| S-1-5-7 | Well Known Group | NT AUTHORITY\ANONYMOUS LOGON |
| S-1-5-8 | Well Known Group | NT AUTHORITY\PROXY |
| S-1-5-9 | Well Known Group | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS |
| S-1-5-10 | Well Known Group | NT AUTHORITY\SELF |
| S-1-5-11 | Well Known Group | NT AUTHORITY\Authenticated Users |
| S-1-5-12 | Well Known Group | NT AUTHORITY\RESTRICTED |
| S-1-5-13 | Well Known Group | NT AUTHORITY\TERMINAL SERVER USER |
| S-1-5-14 | Well Known Group | NT AUTHORITY\REMOTE INTERACTIVE LOGON |
| S-1-5-15 | Well Known Group | NT AUTHORITY\This Organization |
| S-1-5-17 | Well Known Group | NT AUTHORITY\IUSR |
| S-1-5-18 | Well Known Group | NT AUTHORITY\SYSTEM |
| S-1-5-19 | Well Known Group | NT AUTHORITY\LOCAL SERVICE |
| S-1-5-20 | Well Known Group | NT AUTHORITY\NETWORK SERVICE |
| S-1-5-32-544 | Alias | BUILTIN\Administrators |
| S-1-5-32-545 | Alias | BUILTIN\Users |
| S-1-5-32-546 | Alias | BUILTIN\Guests |
| S-1-5-32-547 | Alias | BUILTIN\Power Users |
| S-1-5-32-551 | Alias | BUILTIN\Backup Operators |
| S-1-5-32-552 | Alias | BUILTIN\Replicator |
| S-1-5-64-10 | Well Known Group | NT AUTHORITY\NTLM Authentication |
| S-1-5-64-14 | Well Known Group | NT AUTHORITY\SChannel Authentication |
| S-1-5-64-21 | Well Known Group | NT AUTHORITY\Digest Authentication |
| S-1-5-80 | Domain | NT SERVICE\NT SERVICE |
| S-1-16-0 | Unknown | Mandatory Label\Untrusted Mandatory Level |
| S-1-16-4096 | Unknown | Mandatory Label\Low Mandatory Level |
| S-1-16-8192 | Unknown | Mandatory Label\Medium Mandatory Level |
| S-1-16-8448 | Unknown | Mandatory Label\Medium Plus Mandatory Level |
| S-1-16-12288 | Unknown | Mandatory Label\High Mandatory Level |
| S-1-16-16384 | Unknown | Mandatory Label\System Mandatory Level |
| S-1-16-20480 | Unknown | Mandatory Label\Protected Process Mandatory Level |
| S-1-5-80-0 | Well Known Group | NT SERVICE\ALL SERVICES |
| S-1-5-32-555 | Alias | BUILTIN\Remote Desktop Users |
| S-1-5-32-556 | Alias | BUILTIN\Network Configuration Operators |
| S-1-5-32-558 | Alias | BUILTIN\Performance Monitor Users |
| S-1-5-32-559 | Alias | BUILTIN\Performance Log Users |
| S-1-5-32-562 | Alias | BUILTIN\Distributed COM Users |
| S-1-5-32-569 | Alias | BUILTIN\Cryptographic Operators |
| S-1-5-32-573 | Alias | BUILTIN\Event Log Readers |
And the batch file:
@echo off
call :showSID S-1-0
call :showSID S-1-0-0
call :showSID S-1-1
call :showSID S-1-1-0
call :showSID S-1-2
call :showSID S-1-2-0
call :showSID S-1-2-1
call :showSID S-1-3
call :showSID S-1-3-0
call :showSID S-1-3-1
call :showSID S-1-3-2
call :showSID S-1-3-3
call :showSID S-1-3-4
call :showSID S-1-5-80-0
call :showSID S-1-4
call :showSID S-1-5
call :showSID S-1-5-1
call :showSID S-1-5-2
call :showSID S-1-5-3
call :showSID S-1-5-4
:: call :showSID S-1-5-5-X-Y
call :showSID S-1-5-6
call :showSID S-1-5-7
call :showSID S-1-5-8
call :showSID S-1-5-9
call :showSID S-1-5-10
call :showSID S-1-5-11
call :showSID S-1-5-12
call :showSID S-1-5-13
call :showSID S-1-5-14
call :showSID S-1-5-15
call :showSID S-1-5-17
call :showSID S-1-5-18
call :showSID S-1-5-19
call :showSID S-1-5-20
:: call :showSID S-1-5-21domain-500
:: call :showSID S-1-5-21domain-501
:: call :showSID S-1-5-21domain-502
:: call :showSID S-1-5-21domain-512
:: call :showSID S-1-5-21domain-513
:: call :showSID S-1-5-21domain-514
:: call :showSID S-1-5-21domain-515
:: call :showSID S-1-5-21domain-516
:: call :showSID S-1-5-21domain-517
:: call :showSID S-1-5-21root domain-518
:: call :showSID S-1-5-21root domain-519
:: call :showSID S-1-5-21domain-520
:: call :showSID S-1-5-21domain-553
call :showSID S-1-5-32-544
call :showSID S-1-5-32-545
call :showSID S-1-5-32-546
call :showSID S-1-5-32-547
call :showSID S-1-5-32-548
call :showSID S-1-5-32-549
call :showSID S-1-5-32-550
call :showSID S-1-5-32-551
call :showSID S-1-5-32-552
call :showSID S-1-5-64-10
call :showSID S-1-5-64-14
call :showSID S-1-5-64-21
call :showSID S-1-5-80
call :showSID S-1-16-0
call :showSID S-1-16-4096
call :showSID S-1-16-8192
call :showSID S-1-16-8448
call :showSID S-1-16-12288
call :showSID S-1-16-16384
call :showSID S-1-16-20480
call :showSID S-1-16-28672
call :showSID S-1-5-80-0
call :showSID S-1-5-32-554
call :showSID S-1-5-32-555
call :showSID S-1-5-32-556
call :showSID S-1-5-32-557
call :showSID S-1-5-32-558
call :showSID S-1-5-32-559
call :showSID S-1-5-32-560
call :showSID S-1-5-32-561
call :showSID S-1-5-32-562
:: call :showSID S-1-5- 21domain -498
:: call :showSID S-1-5- 21domain -521
call :showSID S-1-5-32-569
:: call :showSID S-1-5-21 domain -571
:: call :showSID S-1-5- 21 domain -572
call :showSID S-1-5-32-573
call :showSID S-1-5-32-574
:: call :showSID S-1-5-21-domain-522
call :showSID S-1-5-32-575
call :showSID S-1-5-32-576
call :showSID S-1-5-32-577
call :showSID S-1-5-32-578
call :showSID S-1-5-32-579
call :showSID S-1-5-32-580
goto :exit
:showSID
:: redirect stderr to null http://stackoverflow.com/questions/4507312/how-to-redirect-stderr-to-null-in-cmd-exe
for /F "tokens=1,2 delims=:" %%i in ('psgetsid %1 2^> nul ^| find /v "%COMPUTERNAME%"') do (
:: cannot remove spaces from %%j here
call :showSIDName %1 "%%i" "%%j"
)
goto :exit
:showSIDName
:: echo SID=%1 ; kind=%2 ; name=%3
:: %3 starts with a space after the double quote; remove it
::http://stackoverflow.com/questions/636381/what-is-the-best-way-to-do-a-substring-in-a-batch-file
setlocal
:: first strip the quotes
set name=%~3
:: strip the first character: copy from till the end
set name=%name:~1%
echo %1 %~2 %name%
endlocal
:exit
–jeroen
via:
- sql server 2008 – How to get localized Windows Administrators group name in Inno Setup? – Stack Overflow.
- How much gets localized in a localized version of Windows? – The Old New Thing – Site Home – MSDN Blogs.
The Wiert Corner - irregular stream of stuff 
Adding the localized [BUILTINAdministrators] as SQL Server and giving them SA equivalent rights « The Wiert Corner – irregular stream of stuff said
[…] Getting localized translations of built-in Windows account names […]