Corrupt "local administrators" results?

cstoneba · June 2, 2016, 2:03pm

I have an analysis that pulls back the local administrators of a Windows box…

if ((it contains "Win" AND it != "Win98" AND it != "WinME") of name of operating system) then (if (exists local group "Administrators") then (concatenation of (it as string & ":") of members of local group "Administrators") else "No Administrators Group") else nothing

For one server result I’ve found, the results from running the relevancy in qna.exe is different than what the actual Administrators list within mmc. Specifically, 2 of the 4 results have some number as the group name rather than the actual group name:

example:
mmc shows domain\group1 and domain\group2

but the relevancy above returns …domain\00000D15:domain\0000695A:

The relevancy does correctly return"localhost\Administrator" and “domain\Domain Admins”, but these 2 other groups return more like a corrupt result instead of right result. Has anyone seen this before?

swiars · June 2, 2016, 2:34pm

(it as string) of members whose( (following text of last "\" of (it as string as lowercase)) is not contained by set of ("usera";"userb";"userc") ) of local groups "administrators"

try this one. Maybe it will help you.

cstoneba · June 2, 2016, 2:49pm

hi, that will just ignore the incorrect results, rather than fix the problem. I’d really like to find out why the right local administrators isn’t being returned correctly.