Occasionally, PowerShell scripts need to access or use the built-in Administrator account or the built-in Administrators group. Unfortunately, their names are localized, so their names can change based on the language of your Windows operating system.
They do use constant (well-known) SIDs (security identifiers), though. By using the SID, you can get the name. For the local Administrator group, this is trivial because here the SID is always known: S-1-5-32-544. With a one-liner, the SID can be translated. This is the result taken from a German system:
With accounts like the built-in Administrator, it’s not as simple as that. Here, only the RID (relative identifier) is known: -500.
With a simple WMI query, you get the account that matches your filter:
PS> Get-CimInstance -ClassName Win32_UserAccount -Filter "LocalAccount = TRUE and SID like 'S-1-5-%-500'"
Name Caption AccountType SID Domain
---- ------- ----------- --- ------
Administrator DELL7390\Administrator 512 S-1-5-21-2770831484-2260150476-2133527644-500 DELL7390
ReTweet this Tip!
Get-LocalGroupMember -SID S-1-5-32-544 | ? SID -like 'S-1-5-*-500'
Powered by IDERA