How to get name of BUILTIN\Users & BUILTIN\Power Users

Question

Is there a universal way to get the principals BUILTIN\Users or BUILTIN\Power Users (specifically retrieve the name)

The obvious answer would be that I already have the names! However, they are called different things in different languages, so I'd like to find a way of retrieving this information without having to know the name in advance.

I've tried, in MS SQL

select * from sys.database_principals

which gives me the name and principal_id amongst other things

name                 principal_id  type  type_desc      default_schema_name
BUILTIN\Power Users  7             G     WINDOWS_GROUP  dbo
BUILTIN\Users        8             G     WINDOWS_GROUP  dbo

... but I'm assuming that these principal_ids aren't hard-coded and I can't rely on them always being 7 and 8

Answer 1

To get the actual name of the BUILTIN\Users group, you may query for the Well-Known SecurityIdentifier (SID) that is always assigned to the group. Note that the group name may be anything, as it can be renamed.

wmic /Node:"YourPCName" path win32_group WHERE SID="S-1-5-32-545"  


Caption                  Description                                                                                                  Domain   InstallDate  LocalAccount  Name             SID           SIDType  Status
YourPCName\UsersXXXRenamed  Users are prevented from making accidental or intentional system-wide changes and can run most applications  YourPCName               TRUE          UsersXXXRenamed  S-1-5-32-545  4        OK  

Reference:

https://docs.microsoft.com/en-US/windows-server/identity/ad-ds/manage/understand-security-identifiers