From 0aaa23cd8656f0b92f2fac3cd8e6be68eed7d809 Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Mon, 12 Dec 2016 21:05:08 -0500 Subject: first take at platyPS doc generation --- docs/Recon/Get-NetLocalGroupMember.md | 212 ++++++++++++++++++++++++++++++++++ 1 file changed, 212 insertions(+) create mode 100755 docs/Recon/Get-NetLocalGroupMember.md (limited to 'docs/Recon/Get-NetLocalGroupMember.md') diff --git a/docs/Recon/Get-NetLocalGroupMember.md b/docs/Recon/Get-NetLocalGroupMember.md new file mode 100755 index 0000000..302302b --- /dev/null +++ b/docs/Recon/Get-NetLocalGroupMember.md @@ -0,0 +1,212 @@ +# Get-NetLocalGroupMember + +## SYNOPSIS +Enumerates members of a specific local group on the local (or remote) machine. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Convert-ADName + +## SYNTAX + +``` +Get-NetLocalGroupMember [[-ComputerName] ] [-GroupName ] [-Method ] + [-Credential ] +``` + +## DESCRIPTION +This function will enumerate the members of a specified local group on the +current, or remote, machine. +By default, the Win32 API call NetLocalGroupGetMembers +will be used (for speed). +Specifying "-Method WinNT" causes the WinNT service provider +to be used instead, which returns a larger amount of information. + +## EXAMPLES + +### -------------------------- EXAMPLE 1 -------------------------- +``` +Get-NetLocalGroupMember | ft +``` + +ComputerName GroupName MemberName SID IsGroup IsDomain +------------ --------- ---------- --- ------- -------- +WINDOWS1 Administrators WINDOWS1\Ad... +S-1-5-21-25... +False False +WINDOWS1 Administrators WINDOWS1\lo... +S-1-5-21-25... +False False +WINDOWS1 Administrators TESTLAB\Dom... +S-1-5-21-89... +True True +WINDOWS1 Administrators TESTLAB\har... +S-1-5-21-89... +False True + +### -------------------------- EXAMPLE 2 -------------------------- +``` +Get-NetLocalGroupMember -Method winnt | ft +``` + +ComputerName GroupName MemberName SID IsGroup IsDomain +------------ --------- ---------- --- ------- -------- +WINDOWS1 Administrators WINDOWS1\Ad... +S-1-5-21-25... +False False +WINDOWS1 Administrators WINDOWS1\lo... +S-1-5-21-25... +False False +WINDOWS1 Administrators TESTLAB\Dom... +S-1-5-21-89... +True True +WINDOWS1 Administrators TESTLAB\har... +S-1-5-21-89... +False True + +### -------------------------- EXAMPLE 3 -------------------------- +``` +Get-NetLocalGroup | Get-NetLocalGroupMember | ft +``` + +ComputerName GroupName MemberName SID IsGroup IsDomain +------------ --------- ---------- --- ------- -------- +WINDOWS1 Administrators WINDOWS1\Ad... +S-1-5-21-25... +False False +WINDOWS1 Administrators WINDOWS1\lo... +S-1-5-21-25... +False False +WINDOWS1 Administrators TESTLAB\Dom... +S-1-5-21-89... +True True +WINDOWS1 Administrators TESTLAB\har... +S-1-5-21-89... +False True +WINDOWS1 Guests WINDOWS1\Guest S-1-5-21-25... +False False +WINDOWS1 IIS_IUSRS NT AUTHORIT... +S-1-5-17 False False +WINDOWS1 Users NT AUTHORIT... +S-1-5-4 False False +WINDOWS1 Users NT AUTHORIT... +S-1-5-11 False False +WINDOWS1 Users WINDOWS1\lo... +S-1-5-21-25... +False UNKNOWN +WINDOWS1 Users TESTLAB\Dom... +S-1-5-21-89... +True UNKNOWN + +### -------------------------- EXAMPLE 4 -------------------------- +``` +Get-NetLocalGroupMember -ComputerName primary.testlab.local | ft +``` + +ComputerName GroupName MemberName SID IsGroup IsDomain +------------ --------- ---------- --- ------- -------- +primary.tes... +Administrators TESTLAB\Adm... +S-1-5-21-89... +False False +primary.tes... +Administrators TESTLAB\loc... +S-1-5-21-89... +False False +primary.tes... +Administrators TESTLAB\Ent... +S-1-5-21-89... +True False +primary.tes... +Administrators TESTLAB\Dom... +S-1-5-21-89... +True False + +## PARAMETERS + +### -ComputerName +Specifies the hostname to query for sessions (also accepts IP addresses). +Defaults to the localhost. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: HostName, dnshostname, name + +Required: False +Position: 1 +Default value: $Env:COMPUTERNAME +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -GroupName +The local group name to query for users. +If not given, it defaults to "Administrators". + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: Administrators +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Method +The collection method to use, defaults to 'API', also accepts 'WinNT'. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: CollectionMethod + +Required: False +Position: Named +Default value: API +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +A \[Management.Automation.PSCredential\] object of alternate credentials +for connection to a remote machine. +Only applicable with "-Method WinNT". + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: [Management.Automation.PSCredential]::Empty +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +## OUTPUTS + +### PowerView.LocalGroupMember.API + +Custom PSObject with translated group property fields from API results. + +PowerView.LocalGroupMember.WinNT + +Custom PSObject with translated group property fields from WinNT results. + +## NOTES + +## RELATED LINKS + +[http://stackoverflow.com/questions/21288220/get-all-local-members-and-groups-displayed-together +http://msdn.microsoft.com/en-us/library/aa772211(VS.85).aspx +https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx](http://stackoverflow.com/questions/21288220/get-all-local-members-and-groups-displayed-together +http://msdn.microsoft.com/en-us/library/aa772211(VS.85).aspx +https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx) + -- cgit v1.2.3