Old 20th June 2016, 11:03   #1
MehdiAli
Junior Member
 
Join Date: Jun 2016
Posts: 13
Add group by SID to Administrators

Hello everybody,

I tried to search on the forum but I haven't found my response.

Like the title said, I want add a group by SID to Administrators on a server.

I seen the plugins UserMgr but unfortunately, it cannot do that.

Like I havn't found response in order to add group by SID, I would like if it's possible to do that and if it's possible, how can I do that.

Does it exists a plugin able to do that ?

Moreover, NET.EXE /ADD command does not support names longer than 20 characters and the SID is longer than 20 characters.

PS: Sorry for my bad english

Thanks,
Regards,
MehdiAli is offline   Reply With Quote
Old 20th June 2016, 13:05   #2
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 4,926
Do you actually mean adding a group to another group or do you mean adding the users from this group?

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 20th June 2016, 15:08   #3
MehdiAli
Junior Member
 
Join Date: Jun 2016
Posts: 13
Hello,

I mean adding a group to another group and adding the users from this group
(A group to the Administrators)

Thanks,
MehdiAli is offline   Reply With Quote
Old 20th June 2016, 15:40   #4
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 4,926
I don't even know if it is possible to add a group to another group.

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 20th June 2016, 16:31   #5
MehdiAli
Junior Member
 
Join Date: Jun 2016
Posts: 13
Yes, it is possible to add a group to another group
i.e : C:\Windows\System32\net.exe localgroup "Administrators" /add MYGROUP
works

But if I do:
C:\Windows\System32\net.exe localgroup "Administrators" /add SID

The group doesn't recognize or the SID is longer than 20 characters.

I need the SID in order to add group which doesn't belong to my domain
MehdiAli is offline   Reply With Quote
Old 20th June 2016, 17:14   #6
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 4,926
You can add a global group to a local group but not the other way around.

You could try this but I don't have a domain to test on so I don't know if it works:
PHP Code:
!include LogicLib.nsh
!macro AddSidToLocalGroup Machine TargetGroupName StringSid OutputErrorCode NSIS 2.51+
System::Store S
System
::Call 'ADVAPI32::ConvertStringSidToSid(ts,*p.r1)i.r0?e' "${StringSid}"
${If} $<> 0
    Pop 
$; Throw away GLE
    System
::Call 'NETAPI32::NetLocalGroupAddMembers(w "${Machine}", w "${TargetGroupName}", i 0, *pr1, i 1)i.s'
    
System::Call 'KERNEL32::LocalFree(pr1)'
${EndIf}
System::Store L
Pop 
${OutputErrorCode}
!
macroend

!insertmacro AddSidToLocalGroup "." "Users" "S-1-5-21-???-???-???-???" $0
DetailPrint ErrorCode
=$

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 21st June 2016, 14:07   #7
MehdiAli
Junior Member
 
Join Date: Jun 2016
Posts: 13
Hello Anders,

Sorry for the delay.
Your code perfectly works. You're a boss !

Have a good day and thank you again for your help and your quicky response !

PS: Please, do you think the same thing exists with net share TEST=C:\ /GRANT:SID ?
MehdiAli is offline   Reply With Quote
Old 21st June 2016, 14:59   #8
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 4,926
I would not call it a bug, I don't even see where it says you are allowed to use a SID, it just says username and that means the NetBIOS username.

To do it with the system plugin you might call NetShareSetInfo with the 1501 level or use the higher-level security api ( http://stackoverflow.com/questions/1...ogrammatically ), I don't have the time to really investigate that right now.

There are also some NSIS WMI plugins if you want to follow this guide: https://blogs.msdn.microsoft.com/hel...ns-on-a-share/

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 21st June 2016, 15:52   #9
MehdiAli
Junior Member
 
Join Date: Jun 2016
Posts: 13
The flags 1501 is for a share ever create. Can I create share with NetShareSetInfo ?

EDIT : Should I create a share for everyone and just after restrict right on the share ?
Moreover, add several groups seem difficult
MehdiAli is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump