Details
Normal Description
When referring to the Administrator account or Guest account on Windows, those well-known and commonly used names cannot be referred to with well-known SIDs - see https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
Because these account names may also be localized on international versions of Windows, such as French and German - it can be difficult to write a manifest that doesn't need to vary based on the current OS language.
Administrator and Guest build on the computer's SID, which varies on an individual computer basis, like:
- -500 is appended to the computer SID for the Administrator account
- -501 is appended to the computer SID for the Guest account
To make it easier to refer to these accounts universally, regardless of which computer they're run on, whether the accounts have been localized or renamed, a first step would to be produce a Fact value containing the computers SID. There are a number of other SID structures that might be useful to surface as facts based on https://msdn.microsoft.com/en-us/library/cc980032.aspx
An easy way to do this is to call the LookupAccountName Windows API, passing in the computers name.
This value is also stored in the registry at HKLM\security\sam\domains\account (particularly in the 24 byte span between 272 and 295 in the byte array), if the user has permission to access that key - see http://powershellers.blogspot.com/2009/06/how-to-get-computer-sid-using.html for more details
