Description
Displays information about local groups including group name and members.
Overview
Displays information about local groups including group name and members.
Dependencies
- recon
Operating Systems
- Windows
Example Output
ComputerName GroupName GroupComment Members
------------ --------- ------------ -------
localhost Access Control Assistance Operators Members of this group can remotely query authorization attributes and permissions for resources on this computer. {}
localhost Administrators Administrators have complete and unrestricted access to the computer/domain {@{Sid=S-1-5-21-1570311002-106167381-3150605685-500; Class=User; User=Administrator; Domain=WKST-001}, @{Sid=S-1-5-21-1570311002-106167381-3150605685-1001; Class=User; User=helpdesk; Domain=WKST-001}, @{Sid=S-1-5-21-2167680254-1194456608-1029354720-512; Class=Group; User=Domain Admins; Domain=LAB}}
localhost Backup Operators Backup Operators can override security restrictions for the sole purpose of backing up or restoring files {}
localhost Cryptographic Operators Members are authorized to perform cryptographic operations. {}
localhost Device Owners Members of this group can change system-wide settings. {}
localhost Distributed COM Users Members are allowed to launch, activate and use Distributed COM objects on this machine. {}
localhost Event Log Readers Members of this group can read event logs from local machine {}
localhost Guests Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted {@{Sid=S-1-5-21-1570311002-106167381-3150605685-501; Class=User; User=Guest; Domain=WKST-001}}
localhost Hyper-V Administrators Members of this group have complete and unrestricted access to all features of Hyper-V. {}
localhost IIS_IUSRS Built-in group used by Internet Information Services. {@{Sid=S-1-5-17; Class=WellKnownGroup; User=IUSR; Domain=NT AUTHORITY}}
localhost Network Configuration Operators Members in this group can have some administrative privileges to manage configuration of networking features {}
localhost Performance Log Users Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer {}
localhost Performance Monitor Users Members of this group can access performance counter data locally and remotely {}
localhost Power Users Power Users are included for backwards compatibility and possess limited administrative powers {}
localhost Remote Desktop Users Members in this group are granted the right to logon remotely {}
localhost Remote Management Users Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user. {}
localhost Replicator Supports file replication in a domain {}
localhost System Managed Accounts Group Members of this group are managed by the system. {@{Sid=S-1-5-21-1570311002-106167381-3150605685-503; Class=User; User=DefaultAccount; Domain=WKST-001}}
localhost Users Users are prevented from making accidental or intentional system-wide changes and can run most applications {@{Sid=S-1-5-4; Class=WellKnownGroup; User=INTERACTIVE; Domain=NT AUTHORITY}, @{Sid=S-1-5-11; Class=WellKnownGroup; User=Authenticated Users; Domain=NT AUTHORITY}, @{Sid=S-1-5-21-2167680254-1194456608-1029354720-513; Class=Group; User=Domain Users; Domain=LAB}}
Example Json
[
{
"ComputerName": "localhost",
"GroupName": "Access Control Assistance Operators",
"GroupComment": "Members of this group can remotely query authorization attributes and permissions for resources on this computer.",
"Members": []
},
{
"ComputerName": "localhost",
"GroupName": "Administrators",
"GroupComment": "Administrators have complete and unrestricted access to the computer/domain",
"Members": [
{
"Sid": "S-1-5-21-1570311002-106167381-3150605685-500",
"Class": "User",
"User": "Administrator",
"Domain": "WKST-001"
},
{
"Sid": "S-1-5-21-1570311002-106167381-3150605685-1001",
"Class": "User",
"User": "helpdesk",
"Domain": "WKST-001"
},
{
"Sid": "S-1-5-21-2167680254-1194456608-1029354720-512",
"Class": "Group",
"User": "Domain Admins",
"Domain": "LAB"
}
]
}
]