Win32: Getting the Machine SID

TGI has asked for the wisdom of the Perl Monks concerning the following question:

Does anyone know of a reliable way to get the machine SID for a given windows box? For what it's worth, I only need to get the value for the machine I am running on--I don't need to query a remote machine through WMI.

It's supposedly available in the HKEY_LOCAL_MACHINE SECURITY\SAM\Domains\Account registry key, but the SECURITY hive is locked down and I can't access it.

Win32::LookupAccountName will give me user SIDs, and Win32::Security::SID will parse the results and give me a clean text string from them.

The only missing piece of the puzzle is a reliable way to obtain the machine SID. I'd appreciate any insight anyone has into the problem.

TGI says moo

Comment on Win32: Getting the Machine SID Select or Download Code

Replies are listed 'Best First'.
Re: Win32: Getting the Machine SID by syphilis (Archbishop) on Oct 16, 2007 at 01:09 UTC
Win32::LookupAccountName will give me user SIDs It will also give you the machine SID, iinm. According to Roth's book ("The Standard Extensions"), the second arg can be "a user name, a group name, a trusted domain name, or a computer name (computer and Domain name must end with a dollar sign)". Cheers, Rob	[reply]
Re^2: Win32: Getting the Machine SID by TGI (Parson) on Oct 16, 2007 at 22:50 UTC
Thanks for the help, syphilis. In the typical win32 way, things don't seem to be behaving as specified. Appending the dollar sign gives an error, and using the computer name seems to return a domain SID. I'm working on a system that's not a member of a domain, with username "shop_user" and "system name" is "SHOP_02". FWIW, I'm testing on Windows XP systems with ActiveState Perl 5.8.8. use strict; use warnings; use Win32::Security::SID; my @SIDTYPE = qw( ERROR SidTypeUser SidTypeGroup SidTypeDomain SidTypeAlias SidTypeWellKnownGroup SidTypeDeletedAccount SidTypeInvalid SidTypeUnknown SidTypeComputer SidTypeLabel ); my ( $system, $account ); $account = Win32::LoginName; $system = Win32::NodeName; GetSID( $system, "$system\\$account"); GetSID( $system, $account); GetSID( $system, $system); GetSID( $system, "$system\\"); GetSID( $system, "\\$system"); GetSID( $system, "SYSTEM\\$system"); GetSID( $system, "\$$system"); GetSID( $system, "$system\$"); GetSID( $system, "$system\\\$"); sub GetSID { my $system = shift; my $account = shift; my $domain = shift; no warnings 'uninitialized'; my ( $sid, $sidtype ); Win32::LookupAccountName( $system, $account, $domain, $sid, $sidty +pe ); my $sidstring = Win32::Security::SID::ConvertSidToStringSid( $sid +); print "\n", "$system - $account - $domain\n", "SID: $sidstring\n", "SIDTYPE: $SIDTYPE[$sidtype]\n"; ; } [download] Here are the results: SHOP_02 - SHOP_02\shop_user - SHOP_02 SID: S-1-5-21-1957994488-963894560-725345543-1004 SIDTYPE: SidTypeUser SHOP_02 - shop_user - SHOP_02 SID: S-1-5-21-1957994488-963894560-725345543-1004 SIDTYPE: SidTypeUser SHOP_02 - SHOP_02 - SHOP_02 SID: S-1-5-21-1957994488-963894560-725345543 SIDTYPE: SidTypeDomain SHOP_02 - SHOP_02\ - SID: SIDTYPE: ERROR SHOP_02 - \SHOP_02 - SHOP_02 SID: S-1-5-21-1957994488-963894560-725345543 SIDTYPE: SidTypeDomain SHOP_02 - SYSTEM\SHOP_02 - SID: SIDTYPE: ERROR SHOP_02 - $SHOP_02 - SID: SIDTYPE: ERROR SHOP_02 - SHOP_02$ - SID: SIDTYPE: ERROR SHOP_02 - SHOP_02\$ - SID: SIDTYPE: ERROR [download] TGI says moo	[reply] [d/l] [select]
Re: Win32: Getting the Machine SID by Argel (Prior) on Oct 17, 2007 at 00:23 UTC
In the bad idea but I will suggest it anyway department, if you use the 'at' command to schedule a job it should run as the SYSTEM account which does have access to that part of the registry.	[reply]

Back to Seekers of Perl Wisdom