Jump to content

No users in Local Administrators Group

Guest am

By Guest am
in Techno Babble

 Share

Recommended Posts

Guest am

Guest am

Posted
Posted

When attempting to view the members of the local administrators group I see

no users at all, even when in the context of the local administrators

account. If I attempt to add an account to the group that I know is in there

already, I receive the following message:

 

"Username" is already a member of group "Administrators".

 

I've also tried running a script to enumerate the users in local

administrators group and this returns no results.

 

Any ideas how I can resolve this?

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest am

Guest am

Posted
Posted

I knocked up a C# app that calls NetLocalGroupGetMembers but this returns 87

(ERROR_INVALID_PARAMETER) when the groupname parameter = "administrators".

When groupname = "users" the function returns 0 (ERROR_SUCCESS), indicating

that it is succesful.

 

"am" wrote:

<span style="color:blue">

> When attempting to view the members of the local administrators group I see

> no users at all, even when in the context of the local administrators

> account. If I attempt to add an account to the group that I know is in there

> already, I receive the following message:

>

> "Username" is already a member of group "Administrators".

>

> I've also tried running a script to enumerate the users in local

> administrators group and this returns no results.

>

> Any ideas how I can resolve this?</span>

Guest am

Guest am

Posted
Posted

I've done some further debugging of the NetLocalGroupGetMembers API and looks

like it calls LsarLookupSids2 (translates SIDS into names), which fails -

returning C000000D (STATUS_INVALID_PARAMETER in ntstatus.h). This then gets

translated to 87 (ERROR_INVALID_PARAMETER in winerror.h) before being

returned by NetLocalGroupGetMembers.

 

Running "net localgroup administrators" returns :

 

Alias name administrators

Comment Administrators have complete and unrestricted access to the

computer/domain

System error 87 has occurred.

 

The parameter is incorrect.

 

"am" wrote:

<span style="color:blue">

> I knocked up a C# app that calls NetLocalGroupGetMembers but this returns 87

> (ERROR_INVALID_PARAMETER) when the groupname parameter = "administrators".

> When groupname = "users" the function returns 0 (ERROR_SUCCESS), indicating

> that it is succesful.

>

> "am" wrote:

> <span style="color:green">

> > When attempting to view the members of the local administrators group I see

> > no users at all, even when in the context of the local administrators

> > account. If I attempt to add an account to the group that I know is in there

> > already, I receive the following message:

> >

> > "Username" is already a member of group "Administrators".

> >

> > I've also tried running a script to enumerate the users in local

> > administrators group and this returns no results.

> >

> > Any ideas how I can resolve this?</span></span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...