blob: 29ac4d6bca47ebaf23f2a5852faf4e689560d8ae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# Get-NetLocalGroup
## SYNOPSIS
Enumerates the local groups on the local (or remote) machine.
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
Required Dependencies: PSReflect
## SYNTAX
```
Get-NetLocalGroup [[-ComputerName] <String[]>] [-Method <String>] [-Credential <PSCredential>]
```
## DESCRIPTION
This function will enumerate the names and descriptions for the
local groups on the current, or remote, machine.
By default, the Win32 API
call NetLocalGroupEnum will be used (for speed).
Specifying "-Method WinNT"
causes the WinNT service provider to be used instead, which returns group
SIDs along with the group names and descriptions/comments.
## EXAMPLES
### -------------------------- EXAMPLE 1 --------------------------
```
Get-NetLocalGroup
```
ComputerName GroupName Comment
------------ --------- -------
WINDOWS1 Administrators Administrators have comple...
WINDOWS1 Backup Operators Backup Operators can overr...
WINDOWS1 Cryptographic Operators Members are authorized to ...
...
### -------------------------- EXAMPLE 2 --------------------------
```
Get-NetLocalGroup -Method Winnt
```
ComputerName GroupName GroupSID Comment
------------ --------- -------- -------
WINDOWS1 Administrators S-1-5-32-544 Administrators hav...
WINDOWS1 Backup Operators S-1-5-32-551 Backup Operators c...
WINDOWS1 Cryptographic Opera...
S-1-5-32-569 Members are author...
...
### -------------------------- EXAMPLE 3 --------------------------
```
Get-NetLocalGroup -ComputerName primary.testlab.local
```
ComputerName GroupName Comment
------------ --------- -------
primary.testlab.local Administrators Administrators have comple...
primary.testlab.local Users Users are prevented from m...
primary.testlab.local Guests Guests have the same acces...
primary.testlab.local Print Operators Members can administer dom...
primary.testlab.local Backup Operators Backup Operators can overr...
## PARAMETERS
### -ComputerName
Specifies the hostname to query for sessions (also accepts IP addresses).
Defaults to the localhost.
```yaml
Type: String[]
Parameter Sets: (All)
Aliases: HostName, dnshostname, name
Required: False
Position: 1
Default value: $Env:COMPUTERNAME
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
```
### -Method
The collection method to use, defaults to 'API', also accepts 'WinNT'.
```yaml
Type: String
Parameter Sets: (All)
Aliases: CollectionMethod
Required: False
Position: Named
Default value: API
Accept pipeline input: False
Accept wildcard characters: False
```
### -Credential
A \[Management.Automation.PSCredential\] object of alternate credentials
for connection to a remote machine.
Only applicable with "-Method WinNT".
```yaml
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: [Management.Automation.PSCredential]::Empty
Accept pipeline input: False
Accept wildcard characters: False
```
## INPUTS
## OUTPUTS
### PowerView.LocalGroup.API
Custom PSObject with translated group property fields from API results.
PowerView.LocalGroup.WinNT
Custom PSObject with translated group property fields from WinNT results.
## NOTES
## RELATED LINKS
[https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx](https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx)
|