I have an analysis that pulls back the local administrators of a Windows box…
if ((it contains "Win" AND it != "Win98" AND it != "WinME") of name of operating system) then (if (exists local group "Administrators") then (concatenation of (it as string & ":") of members of local group "Administrators") else "No Administrators Group") else nothing
For one server result I’ve found, the results from running the relevancy in qna.exe is different than what the actual Administrators list within mmc. Specifically, 2 of the 4 results have some number as the group name rather than the actual group name:
example:
mmc shows domain\group1 and domain\group2
but the relevancy above returns …domain\00000D15:domain\0000695A:
The relevancy does correctly return"localhost\Administrator" and “domain\Domain Admins”, but these 2 other groups return more like a corrupt result instead of right result. Has anyone seen this before?