How can I get the local group name for guests/administrators?

Solution 1

As you have pointed out, the names of groups are localised depending on system language.

For 'well known' groups like 'Administrators' and 'Guests' you should retrieve based on the SID. The SID for Guests is:

S-1-5-32-546

There is a list of well known SIDs here:

http://support.microsoft.com/kb/243330

Code to get the group name from the SID can be found here

Solution 2

You can use this code, the returned value is correct for non-english systems:

var guestsGroup = new SecurityIdentifier(WellKnownSidType.BuiltinGuestsSid, null).Translate(typeof(NTAccount)).Value;

Solution 3

Looking up the account by SID is the best way to go. It's a bit contrived, but the way it works is this:

• The Administrator account's SID always starts with S-1-5-21 and ends with -500. Everything else in-between is random (the domain's SID).

• The Guest account's SID always starts with S-1-5-21 and ends with -501.

The Microsoft KB article describing this is available here.

To find these accounts, you'd have to enumerate all of the accounts on the local machine and find which SIDs start with and end with those numbers. Once they match, you've got the built-in accounts. Not the nicest way to do it, but it works.

There is also a group policy setting under Security Settings\Local Policies\Security Options called Accounts: Rename administrator account and Accounts: Rename guest account. I wasn't able to find where in the registry these settings are stored, but if you are able to find out and you look them up, you will most likely be able to get the "official" names of these two accounts.

public IdentityReferenceCollection GetUserGroups()
{
    System.Security.Principal.WindowsIdentity currentUser =
                      System.Security.Principal.WindowsIdentity.GetCurrent();
    return currentUser.Groups;
}

Author by

Stefan Steiger

I'm an avid HTTP-header-reader, github-user and a few more minor things like BusinessIntelligence & Web Software Developer Technologies I work with: Microsoft Reporting- & Analysis Service (2005-2016), ASP.NET, ASP.NET MVC, .NET Core, ADO.NET, JSON, XML, SOAP, Thrift ActiveDirectory, OAuth, MS Federated Login XHTML5, JavaScript (jQuery must die), ReverseAJAX/WebSockets, WebGL, CSS3 C#, .NET/mono, plain old C, and occasional C++ or Java and a little Bash-Scripts, Python and PHP5 I have a rather broad experience with the following relational SQL databases T-SQL PL/PGsql including CLR / extended stored procedures/functions Occasionally, I also work with MySQL/MariaDB Firebird/Interbase Oracle 10g+ SqLite Access I develop Enterprise Web-Applications (.NET 2.0 & 4.5) and interface to systems like LDAP/AD (ActiveDirectory) WebServices (including WCF, SOAP and Thrift) MS Federated Login OAuth DropBox XML & JSON data-stores DWG/SVG imaging for architecture In my spare-time, I'm a Linux-Server-Enthusiast (I have my own Web & DNS server) and reverse-engineer with interest in IDS Systems (IntrusionDetection), WireShark, IDA Pro Advanced, GDB, libPCAP. - Studied Theoretical Physics at the Swiss Federal Institute of Technology (ETHZ).

Updated on June 09, 2022