如何使用WMI检索Windows计算机的SID？ [英] How can I retrieve a Windows Computer's SID using WMI?

问题描述

我不是在寻找用户SID。我正在寻找计算机SID，哪个活动目录将用于唯一标识计算机。我也不想查询活动目录服务器，我想查询计算机本身。

I'm not looking for User SIDs. I'm looking for the computer SID, which active directory would use to uniquely identify the computer. I also don't want to query the active directory server, i want to query the computer itself.

推荐答案

（哦，这个是一个有趣的一个！我进行了一个野鹅追逐，正如他们所说，试图获得Win32_SID实例，这是一个单例，而不是枚举的通常的InstancesOf或查询方法... yadda yadda yadda。）

(Ooh, this was a fun one! I went on a wild goose chase, as they say, trying to get the Win32_SID instance, which is a singleton and not enumerable by the usual InstancesOf or Query methods... yadda yadda yadda.)

嗯，这取决于你想要的计算机SID（认真！）。有本地计算机自己使用的SID ...为此，您只需要获取本地管理员用户的SID，并从最后删除-500以获取计算机的SID。

Well, it depends which computer SID you want (seriously!). There's the SID that the local computer uses for itself... For this, you just need to get the SID of the local Administrator user, and remove the "-500" from the end to get the computer's SID.

在 VBScript 中，它看起来像这样：

In VBScript, it looks like this:

strComputer = "AFAPC001"
strUsername = "Administrator"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get("Win32_UserAccount.Name='" & strUsername & "',Domain='" & strComputer & "'")
WScript.Echo "Administrator account SID: " & objAccount.SID
WScript.Echo "Computer's SID: " & Left(objAccount.SID, Len(objAccount.SID) - 4)

在 PowerShell ，如下所示：

function get-sid
{
    Param ( $DSIdentity )
    $ID = new-object System.Security.Principal.NTAccount($DSIdentity)
    return $ID.Translate( [System.Security.Principal.SecurityIdentifier] ).toString()
}
> $admin = get-sid "Administrator"
> $admin.SubString(0, $admin.Length - 4)

在 C＃ strong> on .NET 3.5：

In C# on .NET 3.5:

using System;
using System.Security.Principal;
using System.DirectoryServices;
using System.Linq;
public static SecurityIdentifier GetComputerSid()
{
    return new SecurityIdentifier((byte[])new DirectoryEntry(string.Format("WinNT://{0},Computer", Environment.MachineName)).Children.Cast<DirectoryEntry>().First().InvokeGet("objectSID"), 0).AccountDomainSid;
}

所有这些的结果与从 PsGetSid.exe 。

另一方面，Active Directory用于标识每个域成员计算机的SID ...通过获取域中的计算机帐户的SID来获取的那个 - 一个以$美元符号结尾。

On the other hand, there's the SID that Active Directory uses to identify each domain member computer... That one you fetch by getting the SID of the machine account in the domain--the one that ends with a dollar sign.

例如，对于名为CLIENT的域名成员使用上述PowerShell函数，可以键入 get-sid 客户$。

E.g., using the above PowerShell function for a domain member called "CLIENT", you can type get-sid "CLIENT$".

这篇关于如何使用WMI检索Windows计算机的SID？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！