How do I get a local NT Service SID using Powershell?
I found this snippet on SO:
Get User SID From Logon ID (Windows XP and Up)
Function GetSIDfromAcctName()
{
$myacct = Get-WmiObject Win32_UserAccount -filter "Name = '$env:USERNAME "
write-host Name: $myacct.name
Write-Host SID : $myacct.sid
}
But it doesn't show everything.
For example, I just want the sid of "nt service\dhcp." How can I get that? When I run my powershell manually with
Get-WmiObject Win32_UserAccont
I get all the users, but there's only three "regular" users. None of the "special" nt service users.
Thanks for help.
If you want to know the name of the account under which a service is started you can use :
gwmi Win32_service -Filter "name='dhcp'" | % {return $_.startname}
The result is "NT Authority\LocalService" which is a well known SID as discribed in SID Values For Default Windows NT Installations, you'll find more SIDs in Well-known security identifiers in Windows operating systems.
Edited :
As you can see in the following screen shot, yes the dhcp client is running in a session started as "NT Authority\LocalService"
- VS code terminal can't find AWS SAM even though windows terminal can
- How to combine multiple conditions in a PowerShell if-statement
- Can I change Read-Host so it doesn't always end in a colon?
- How to call native XPath functions from Select-Xml?
- How to get all piped in objects at once when using Begin/Process/End blocks?
- Calling a method returned from another method in Powershell
- Powershell -- how to minimize the console the script is running in while sitting in a loop?
- Automation Account Script to delete Stale Devices
- Powershell version of cut -d is very slow on large files, am I missing the fast way to do it?
- how to use "if" statements inside pipeline
- Error When Connecting to Azure from PowerShell
- Execute powershell in x64 from MSBuild
- Powershell 5 and 7 processes double quotes in different way when running Cygwin
- SQL Package extract command is failing in PowerShell script
- Office 364 Audit logs: Search-UnifiedAuditLog is not recognized as the name of a cmdlet
- Empty path name is not legal - DTEXEC with Powershell
- Cannot remove PowerShell environment variables
- Is automating App Registration on Azure possible through ARM Template on the User's tenant?
- Powershell error "value can not in the type System Management Automation LanguagePrimitives+InternalPSCustomObject converted"
- Diskspace Report HTML Text Color Output
- Issue with Azure Automation Account and Key Vault Certificate Retrieval
- How to display current virtual environtment in python in oh-my-posh?
- How do I get a list of Service Principals in Azure via the CLI
- Handling special characters in password string
- What is the right way to check a switch parameter
- How to make ($Line_1`n$Line_2) work in a CMD script?
- .ps1 script reported as "Missing closing '}'" in .bat file script
- APPAP308E - Invalid process path. Full path is required
- How do I verify that a SMB server requires signing, preferably with Powershell?
- Import-Excel: Expand imported Excel columns to become individual row entries