The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,382 other followers

Getting localized translations of built-in Windows account names

Posted by jpluimers on 2012/12/31

A lot of scripts you find on the internet have hardcoded Windows account names or groups, for instance BUILTIN\Administrators

Those don’t work on many localized Windows versions, as part of the account names have been translated as well. Not only Administrators is translated, but BUILTIN can be translated too. Basically, expect everything in Windows to be translated as part of the localization process.

Some people keep translations lists, but that is not the real solution.

The real solution is that each such group, account or other identifier stems from a SID or Security ID.
Many of those SIDs are the same on any machine, or structured the same within a domain.
Microsoft has a list of these called Well-known security identifiers in Windows operating systems.

That list isn’t in a format most Windows tools use it, so I generated the list below that is more suitable.

The list below is based on a Windows 7 machine. Other versions or editions give slightly different results, but it is a good start.

At the bottom is the batch file that I used to generate this table. That file is adapted from the Microsoft list above.

The batch file depends on a few tools and tricks:

The table:

SID Kind Name
S-1-0-0 Well Known Group \NULL SID
S-1-1-0 Well Known Group \Everyone
S-1-2-0 Well Known Group \LOCAL
S-1-2-1 Well Known Group \CONSOLE LOGON
S-1-3-0 Well Known Group \CREATOR OWNER
S-1-3-1 Well Known Group \CREATOR GROUP
S-1-3-2 Well Known Group \CREATOR OWNER SERVER
S-1-3-3 Well Known Group \CREATOR GROUP SERVER
S-1-3-4 Well Known Group \OWNER RIGHTS
S-1-5-80-0 Well Known Group NT SERVICE\ALL SERVICES
S-1-5-1 Well Known Group NT AUTHORITY\DIALUP
S-1-5-2 Well Known Group NT AUTHORITY\NETWORK
S-1-5-3 Well Known Group NT AUTHORITY\BATCH
S-1-5-4 Well Known Group NT AUTHORITY\INTERACTIVE
S-1-5-6 Well Known Group NT AUTHORITY\SERVICE
S-1-5-7 Well Known Group NT AUTHORITY\ANONYMOUS LOGON
S-1-5-8 Well Known Group NT AUTHORITY\PROXY
S-1-5-9 Well Known Group NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
S-1-5-10 Well Known Group NT AUTHORITY\SELF
S-1-5-11 Well Known Group NT AUTHORITY\Authenticated Users
S-1-5-12 Well Known Group NT AUTHORITY\RESTRICTED
S-1-5-13 Well Known Group NT AUTHORITY\TERMINAL SERVER USER
S-1-5-14 Well Known Group NT AUTHORITY\REMOTE INTERACTIVE LOGON
S-1-5-15 Well Known Group NT AUTHORITY\This Organization
S-1-5-17 Well Known Group NT AUTHORITY\IUSR
S-1-5-18 Well Known Group NT AUTHORITY\SYSTEM
S-1-5-19 Well Known Group NT AUTHORITY\LOCAL SERVICE
S-1-5-20 Well Known Group NT AUTHORITY\NETWORK SERVICE
S-1-5-32-544 Alias BUILTIN\Administrators
S-1-5-32-545 Alias BUILTIN\Users
S-1-5-32-546 Alias BUILTIN\Guests
S-1-5-32-547 Alias BUILTIN\Power Users
S-1-5-32-551 Alias BUILTIN\Backup Operators
S-1-5-32-552 Alias BUILTIN\Replicator
S-1-5-64-10 Well Known Group NT AUTHORITY\NTLM Authentication
S-1-5-64-14 Well Known Group NT AUTHORITY\SChannel Authentication
S-1-5-64-21 Well Known Group NT AUTHORITY\Digest Authentication
S-1-5-80 Domain NT SERVICE\NT SERVICE
S-1-16-0 Unknown Mandatory Label\Untrusted Mandatory Level
S-1-16-4096 Unknown Mandatory Label\Low Mandatory Level
S-1-16-8192 Unknown Mandatory Label\Medium Mandatory Level
S-1-16-8448 Unknown Mandatory Label\Medium Plus Mandatory Level
S-1-16-12288 Unknown Mandatory Label\High Mandatory Level
S-1-16-16384 Unknown Mandatory Label\System Mandatory Level
S-1-16-20480 Unknown Mandatory Label\Protected Process Mandatory Level
S-1-5-80-0 Well Known Group NT SERVICE\ALL SERVICES
S-1-5-32-555 Alias BUILTIN\Remote Desktop Users
S-1-5-32-556 Alias BUILTIN\Network Configuration Operators
S-1-5-32-558 Alias BUILTIN\Performance Monitor Users
S-1-5-32-559 Alias BUILTIN\Performance Log Users
S-1-5-32-562 Alias BUILTIN\Distributed COM Users
S-1-5-32-569 Alias BUILTIN\Cryptographic Operators
S-1-5-32-573 Alias BUILTIN\Event Log Readers

And the batch file:

@echo off
  call :showSID S-1-0
  call :showSID S-1-0-0
  call :showSID S-1-1
  call :showSID S-1-1-0
  call :showSID S-1-2
  call :showSID S-1-2-0
  call :showSID S-1-2-1
  call :showSID S-1-3
  call :showSID S-1-3-0
  call :showSID S-1-3-1
  call :showSID S-1-3-2
  call :showSID S-1-3-3
  call :showSID S-1-3-4
  call :showSID S-1-5-80-0
  call :showSID S-1-4
  call :showSID S-1-5
  call :showSID S-1-5-1
  call :showSID S-1-5-2
  call :showSID S-1-5-3
  call :showSID S-1-5-4
  ::  call :showSID S-1-5-5-X-Y
  call :showSID S-1-5-6
  call :showSID S-1-5-7
  call :showSID S-1-5-8
  call :showSID S-1-5-9
  call :showSID S-1-5-10
  call :showSID S-1-5-11
  call :showSID S-1-5-12
  call :showSID S-1-5-13
  call :showSID S-1-5-14
  call :showSID S-1-5-15
  call :showSID S-1-5-17
  call :showSID S-1-5-18
  call :showSID S-1-5-19
  call :showSID S-1-5-20
  ::  call :showSID S-1-5-21domain-500
  ::  call :showSID S-1-5-21domain-501
  ::  call :showSID S-1-5-21domain-502
  ::  call :showSID S-1-5-21domain-512
  ::  call :showSID S-1-5-21domain-513
  ::  call :showSID S-1-5-21domain-514
  ::  call :showSID S-1-5-21domain-515
  ::  call :showSID S-1-5-21domain-516
  ::  call :showSID S-1-5-21domain-517
  ::  call :showSID S-1-5-21root domain-518
  ::  call :showSID S-1-5-21root domain-519
  ::  call :showSID S-1-5-21domain-520
  ::  call :showSID S-1-5-21domain-553
  call :showSID S-1-5-32-544
  call :showSID S-1-5-32-545
  call :showSID S-1-5-32-546
  call :showSID S-1-5-32-547
  call :showSID S-1-5-32-548
  call :showSID S-1-5-32-549
  call :showSID S-1-5-32-550
  call :showSID S-1-5-32-551
  call :showSID S-1-5-32-552
  call :showSID S-1-5-64-10
  call :showSID S-1-5-64-14
  call :showSID S-1-5-64-21
  call :showSID S-1-5-80
  call :showSID S-1-16-0
  call :showSID S-1-16-4096
  call :showSID S-1-16-8192
  call :showSID S-1-16-8448
  call :showSID S-1-16-12288
  call :showSID S-1-16-16384
  call :showSID S-1-16-20480
  call :showSID S-1-16-28672
  call :showSID S-1-5-80-0
  call :showSID S-1-5-32-554
  call :showSID S-1-5-32-555
  call :showSID S-1-5-32-556
  call :showSID S-1-5-32-557
  call :showSID S-1-5-32-558
  call :showSID S-1-5-32-559
  call :showSID S-1-5-32-560
  call :showSID S-1-5-32-561
  call :showSID S-1-5-32-562
  ::  call :showSID S-1-5- 21domain -498
  ::  call :showSID S-1-5- 21domain -521
  call :showSID S-1-5-32-569
  ::  call :showSID S-1-5-21 domain -571
  ::  call :showSID S-1-5- 21 domain -572
  call :showSID S-1-5-32-573
  call :showSID S-1-5-32-574
  ::  call :showSID S-1-5-21-domain-522
  call :showSID S-1-5-32-575
  call :showSID S-1-5-32-576
  call :showSID S-1-5-32-577
  call :showSID S-1-5-32-578
  call :showSID S-1-5-32-579
  call :showSID S-1-5-32-580
goto :exit

:showSID
  :: redirect stderr to null http://stackoverflow.com/questions/4507312/how-to-redirect-stderr-to-null-in-cmd-exe
  for /F "tokens=1,2 delims=:" %%i in ('psgetsid %1 2^> nul ^| find /v "%COMPUTERNAME%"') do (
    :: cannot remove spaces from %%j here
    call :showSIDName %1 "%%i" "%%j"
  )
  goto :exit

:showSIDName
  :: echo SID=%1 ; kind=%2 ; name=%3
  :: %3 starts with a space after the double quote; remove it
  ::http://stackoverflow.com/questions/636381/what-is-the-best-way-to-do-a-substring-in-a-batch-file
  setlocal
  :: first strip the quotes
  set name=%~3
  :: strip the first character: copy from  till the end
  set name=%name:~1%
  echo %1		%~2		%name%
  endlocal
:exit

–jeroen

via:

One Response to “Getting localized translations of built-in Windows account names”

  1. […] Getting localized translations of built-in Windows account names […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

 
%d bloggers like this: