I have a relatively straight forward script.
- Export secedit
- Look for a specific SIDs and store them
- For each of the SIDs, return the group name
However, when I try to filter the results of Get-LocalGroup based on the SID value, I get no results. If instead of using a variable in the Where portion of the script I use the actual value, then it works just fine. What am I doing wrong?
secedit /export /areas USER_RIGHTS /cfg c:\temp\logs.txt
$userrights = Select-String -Path "c:\temp\logs.txt" -Pattern 'SeRemoteInteractiveLogonRight' | Out-String
$userrights = $userrights.Replace("C:\temp\logs.txt:35:SeRemoteInteractiveLogonRight = ", "").Replace("*", "").Split(",")
$userrights
foreach ($userright in $userrights)
{
Get-LocalGroup | Where {$_.SID -Match $userright}
}
CodePudding user response:
This seems to work properly for me in both Windows PowerShell and PowerShell Core, -Encoding unicode was key to make it work in my case, not sure if it could relate to your issue too:
Select-String .\test.txt -Pattern '(?<=SeRemoteInteractiveLogonRight[= *]{4}). ' -Encoding unicode |
ForEach-Object { $_.Matches.Value -split ',?\*' | Get-LocalGroup -SID { $_ } }