go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/groups/testdata/windows.toml (about) 1 [commands."powershell -c \"Get-LocalGroup | ConvertTo-Json\""] 2 stdout = """ 3 [ 4 { 5 "Description": "Members of this group can remotely query authorization attributes and permissions for resources on this computer.", 6 "Name": "Access Control Assistance Operators", 7 "SID": { 8 "BinaryLength": 16, 9 "AccountDomainSid": null, 10 "Value": "S-1-5-32-579" 11 }, 12 "PrincipalSource": 1, 13 "ObjectClass": "Group" 14 }, 15 { 16 "Description": "Administrators have complete and unrestricted access to the computer/domain", 17 "Name": "Administrators", 18 "SID": { 19 "BinaryLength": 16, 20 "AccountDomainSid": null, 21 "Value": "S-1-5-32-544" 22 }, 23 "PrincipalSource": 1, 24 "ObjectClass": "Group" 25 }, 26 { 27 "Description": "Backup Operators can override security restrictions for the sole purpose of backing up or restoring files", 28 "Name": "Backup Operators", 29 "SID": { 30 "BinaryLength": 16, 31 "AccountDomainSid": null, 32 "Value": "S-1-5-32-551" 33 }, 34 "PrincipalSource": 1, 35 "ObjectClass": "Group" 36 }, 37 { 38 "Description": "Members of this group are allowed to connect to Certification Authorities in the enterprise", 39 "Name": "Certificate Service DCOM Access", 40 "SID": { 41 "BinaryLength": 16, 42 "AccountDomainSid": null, 43 "Value": "S-1-5-32-574" 44 }, 45 "PrincipalSource": 1, 46 "ObjectClass": "Group" 47 }, 48 { 49 "Description": "Members are authorized to perform cryptographic operations.", 50 "Name": "Cryptographic Operators", 51 "SID": { 52 "BinaryLength": 16, 53 "AccountDomainSid": null, 54 "Value": "S-1-5-32-569" 55 }, 56 "PrincipalSource": 1, 57 "ObjectClass": "Group" 58 }, 59 { 60 "Description": "Members of this group can change system-wide settings.", 61 "Name": "Device Owners", 62 "SID": { 63 "BinaryLength": 16, 64 "AccountDomainSid": null, 65 "Value": "S-1-5-32-583" 66 }, 67 "PrincipalSource": 1, 68 "ObjectClass": "Group" 69 }, 70 { 71 "Description": "Members are allowed to launch, activate and use Distributed COM objects on this machine.", 72 "Name": "Distributed COM Users", 73 "SID": { 74 "BinaryLength": 16, 75 "AccountDomainSid": null, 76 "Value": "S-1-5-32-562" 77 }, 78 "PrincipalSource": 1, 79 "ObjectClass": "Group" 80 }, 81 { 82 "Description": "Members of this group can read event logs from local machine", 83 "Name": "Event Log Readers", 84 "SID": { 85 "BinaryLength": 16, 86 "AccountDomainSid": null, 87 "Value": "S-1-5-32-573" 88 }, 89 "PrincipalSource": 1, 90 "ObjectClass": "Group" 91 }, 92 { 93 "Description": "Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted", 94 "Name": "Guests", 95 "SID": { 96 "BinaryLength": 16, 97 "AccountDomainSid": null, 98 "Value": "S-1-5-32-546" 99 }, 100 "PrincipalSource": 1, 101 "ObjectClass": "Group" 102 }, 103 { 104 "Description": "Members of this group have complete and unrestricted access to all features of Hyper-V.", 105 "Name": "Hyper-V Administrators", 106 "SID": { 107 "BinaryLength": 16, 108 "AccountDomainSid": null, 109 "Value": "S-1-5-32-578" 110 }, 111 "PrincipalSource": 1, 112 "ObjectClass": "Group" 113 }, 114 { 115 "Description": "Built-in group used by Internet Information Services.", 116 "Name": "IIS_IUSRS", 117 "SID": { 118 "BinaryLength": 16, 119 "AccountDomainSid": null, 120 "Value": "S-1-5-32-568" 121 }, 122 "PrincipalSource": 1, 123 "ObjectClass": "Group" 124 }, 125 { 126 "Description": "Members in this group can have some administrative privileges to manage configuration of networking features", 127 "Name": "Network Configuration Operators", 128 "SID": { 129 "BinaryLength": 16, 130 "AccountDomainSid": null, 131 "Value": "S-1-5-32-556" 132 }, 133 "PrincipalSource": 1, 134 "ObjectClass": "Group" 135 }, 136 { 137 "Description": "Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer", 138 "Name": "Performance Log Users", 139 "SID": { 140 "BinaryLength": 16, 141 "AccountDomainSid": null, 142 "Value": "S-1-5-32-559" 143 }, 144 "PrincipalSource": 1, 145 "ObjectClass": "Group" 146 }, 147 { 148 "Description": "Members of this group can access performance counter data locally and remotely", 149 "Name": "Performance Monitor Users", 150 "SID": { 151 "BinaryLength": 16, 152 "AccountDomainSid": null, 153 "Value": "S-1-5-32-558" 154 }, 155 "PrincipalSource": 1, 156 "ObjectClass": "Group" 157 }, 158 { 159 "Description": "Power Users are included for backwards compatibility and possess limited administrative powers", 160 "Name": "Power Users", 161 "SID": { 162 "BinaryLength": 16, 163 "AccountDomainSid": null, 164 "Value": "S-1-5-32-547" 165 }, 166 "PrincipalSource": 1, 167 "ObjectClass": "Group" 168 }, 169 { 170 "Description": "Members can administer printers installed on domain controllers", 171 "Name": "Print Operators", 172 "SID": { 173 "BinaryLength": 16, 174 "AccountDomainSid": null, 175 "Value": "S-1-5-32-550" 176 }, 177 "PrincipalSource": 1, 178 "ObjectClass": "Group" 179 }, 180 { 181 "Description": "Servers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group.", 182 "Name": "RDS Endpoint Servers", 183 "SID": { 184 "BinaryLength": 16, 185 "AccountDomainSid": null, 186 "Value": "S-1-5-32-576" 187 }, 188 "PrincipalSource": 1, 189 "ObjectClass": "Group" 190 }, 191 { 192 "Description": "Servers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group.", 193 "Name": "RDS Management Servers", 194 "SID": { 195 "BinaryLength": 16, 196 "AccountDomainSid": null, 197 "Value": "S-1-5-32-577" 198 }, 199 "PrincipalSource": 1, 200 "ObjectClass": "Group" 201 }, 202 { 203 "Description": "Servers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group.", 204 "Name": "RDS Remote Access Servers", 205 "SID": { 206 "BinaryLength": 16, 207 "AccountDomainSid": null, 208 "Value": "S-1-5-32-575" 209 }, 210 "PrincipalSource": 1, 211 "ObjectClass": "Group" 212 }, 213 { 214 "Description": "Members in this group are granted the right to logon remotely", 215 "Name": "Remote Desktop Users", 216 "SID": { 217 "BinaryLength": 16, 218 "AccountDomainSid": null, 219 "Value": "S-1-5-32-555" 220 }, 221 "PrincipalSource": 1, 222 "ObjectClass": "Group" 223 }, 224 { 225 "Description": "Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.", 226 "Name": "Remote Management Users", 227 "SID": { 228 "BinaryLength": 16, 229 "AccountDomainSid": null, 230 "Value": "S-1-5-32-580" 231 }, 232 "PrincipalSource": 1, 233 "ObjectClass": "Group" 234 }, 235 { 236 "Description": "Supports file replication in a domain", 237 "Name": "Replicator", 238 "SID": { 239 "BinaryLength": 16, 240 "AccountDomainSid": null, 241 "Value": "S-1-5-32-552" 242 }, 243 "PrincipalSource": 1, 244 "ObjectClass": "Group" 245 }, 246 { 247 "Description": "Members of this group have complete and unrestricted access to all features of Storage Replica.", 248 "Name": "Storage Replica Administrators", 249 "SID": { 250 "BinaryLength": 16, 251 "AccountDomainSid": null, 252 "Value": "S-1-5-32-582" 253 }, 254 "PrincipalSource": 1, 255 "ObjectClass": "Group" 256 }, 257 { 258 "Description": "Members of this group are managed by the system.", 259 "Name": "System Managed Accounts Group", 260 "SID": { 261 "BinaryLength": 16, 262 "AccountDomainSid": null, 263 "Value": "S-1-5-32-581" 264 }, 265 "PrincipalSource": 1, 266 "ObjectClass": "Group" 267 }, 268 { 269 "Description": "Users are prevented from making accidental or intentional system-wide changes and can run most applications", 270 "Name": "Users", 271 "SID": { 272 "BinaryLength": 16, 273 "AccountDomainSid": null, 274 "Value": "S-1-5-32-545" 275 }, 276 "PrincipalSource": 1, 277 "ObjectClass": "Group" 278 } 279 ] 280 """ 281 282 [commands."Get-LocalGroupMember -Group \"Users\" | ConvertTo-Json "] 283 stdout = """ 284 [ 285 { 286 "Name": "NT AUTHORITY\\Authenticated Users", 287 "SID": { 288 "BinaryLength": 12, 289 "AccountDomainSid": null, 290 "Value": "S-1-5-11" 291 }, 292 "PrincipalSource": 0, 293 "ObjectClass": "Group" 294 }, 295 { 296 "Name": "NT AUTHORITY\\INTERACTIVE", 297 "SID": { 298 "BinaryLength": 12, 299 "AccountDomainSid": null, 300 "Value": "S-1-5-4" 301 }, 302 "PrincipalSource": 0, 303 "ObjectClass": "Group" 304 } 305 ] 306 """ 307 308 [commands."Get-LocalGroupMember -Group \"Administrators\" | ConvertTo-Json"] 309 stdout = """ 310 { 311 "Name": "Test\\chris", 312 "SID": { 313 "BinaryLength": 28, 314 "AccountDomainSid": { 315 "BinaryLength": 24, 316 "AccountDomainSid": "S-1-5-21-2356735557-1575748656-448136971", 317 "Value": "S-1-5-21-2356735557-1575748656-448136971" 318 }, 319 "Value": "S-1-5-21-2356735557-1575748656-448136971-500" 320 }, 321 "PrincipalSource": 1, 322 "ObjectClass": "User" 323 } 324 """ 325 326 [commands."wmic os get * /format:csv"] 327 stdout = """Node,BootDevice,BuildNumber,BuildType,Caption,CodeSet,CountryCode,CreationClassName,CSCreationClassName,CSDVersion,CSName,CurrentTimeZone,DataExecutionPrevention_32BitApplications,DataExecutionPrevention_Available,DataExecutionPrevention_Drivers,DataExecutionPrevention_SupportPolicy,Debug,Description,Distributed,EncryptionLevel,ForegroundApplicationBoost,FreePhysicalMemory,FreeSpaceInPagingFiles,FreeVirtualMemory,InstallDate,LargeSystemCache,LastBootUpTime,LocalDateTime,Locale,Manufacturer,MaxNumberOfProcesses,MaxProcessMemorySize,MUILanguages,Name,NumberOfLicensedUsers,NumberOfProcesses,NumberOfUsers,OperatingSystemSKU,Organization,OSArchitecture,OSLanguage,OSProductSuite,OSType,OtherTypeDescription,PAEEnabled,PlusProductID,PlusVersionNumber,PortableOperatingSystem,Primary,ProductType,RegisteredUser,SerialNumber,ServicePackMajorVersion,ServicePackMinorVersion,SizeStoredInPagingFiles,Status,SuiteMask,SystemDevice,SystemDirectory,SystemDrive,TotalSwapSpaceSize,TotalVirtualMemorySize,TotalVisibleMemorySize,Version,WindowsDirectory 328 VAGRANT,\\Device\\HarddiskVolume1,17763,Multiprocessor Free,Microsoft Windows Server 2019 Datacenter Evaluation,1252,1,Win32_OperatingSystem,Win32_ComputerSystem,,VAGRANT,-420,TRUE,TRUE,TRUE,3,FALSE,,FALSE,256,2,721716,979372,1922780,20190906065515.000000-420,,20190908011749.580533-420,20190908042731.608000-420,0409,Microsoft Corporation,4294967295,137438953344,{en-US},Microsoft Windows Server 2019 Datacenter Evaluation|C:\\Windows|\\Device\\Harddisk0\\Partition2,0,69,1,80,Vagrant,64-bit,1033,400,18,,,,,FALSE,TRUE,3,,00431-20000-00000-AA838,0,0,1179648,OK,400,\\Device\\HarddiskVolume2,C:\\Windows\\system32,C:,,3276340,2096692,10.0.17763,C:\\Windows 329 """ 330 331 [commands."powershell -c \"Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name CurrentBuild, UBR, EditionID | ConvertTo-Json\""] 332 stdout=""" 333 { 334 "CurrentBuild": "17763", 335 "EditionID": "ServerDatacenterEval", 336 "UBR": 720 337 } 338 """