I have a relatively straight forward script.
However, when I try to filter the results of Get-LocalGroup based on the SID value, I get no results. If instead of using a variable in the Where portion of the script I use the actual value, then it works just fine. What am I doing wrong?
secedit /export /areas USER_RIGHTS /cfg c:\temp\logs.txt
$userrights = Select-String -Path "c:\temp\logs.txt" -Pattern 'SeRemoteInteractiveLogonRight' | Out-String
$userrights = $userrights.Replace("C:\temp\logs.txt:35:SeRemoteInteractiveLogonRight = ", "").Replace("*", "").Split(",")
$userrights
foreach ($userright in $userrights)
{
Get-LocalGroup | Where {$_.SID -Match $userright}
}
This seems to work properly for me in both Windows PowerShell and PowerShell Core, -Encoding unicode was key to make it work in my case, not sure if it could relate to your issue too:
Select-String .\test.txt -Pattern '(?<=SeRemoteInteractiveLogonRight[= *]{4}).+' -Encoding unicode |
ForEach-Object { $_.Matches.Value -split ',?\*' | Get-LocalGroup -SID { $_ } }
Thanks mklement0 for confirming this was indeed an Encoding issue. As he states in his helpful comment:
"...it seems that secedit.exe creates UTF-16LE ("Unicode") files without a BOM, which is why reading them requires
-Encoding Unicode."