Finding Built-In Administrators Group

by Jul 5, 2012

Using System User or group names like 'Administrators' in scripts may not always be a good idea because they are localized and may not work on machines that use a different UI language.

Here is a rather long one-liner that always returns the name of the local Administrators group, regardless of current culture settings:

(New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid, $null)).Translate([System.Security.Principal.NTAccount]).Value

Actually, this one line consists of three parts which may be easier to understand when they are kept separate:

$id = [System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid
$Account = New-Object System.Security.Principal.SecurityIdentifier($id, $null)
$Account.Translate([System.Security.Principal.NTAccount]).Value

Twitter This Tip! ReTweet this Tip!