No users in Local Administrators Group

Posted: 01-21-2009, 02:54 PM
When attempting to view the members of the local administrators group I see
no users at all, even when in the context of the local administrators
account. If I attempt to add an account to the group that I know is in there
already, I receive the following message:

"Username" is already a member of group "Administrators".

I've also tried running a script to enumerate the users in local
administrators group and this returns no results.

Any ideas how I can resolve this?

No users in Local Administrators Group


Responses to "No users in Local Administrators Group"

am
Guest
Posts: n/a
 
RE: No users in Local Administrators Group
Posted: 01-22-2009, 03:19 PM
I knocked up a C# app that calls NetLocalGroupGetMembers but this returns 87
(ERROR_INVALID_PARAMETER) when the groupname parameter = "administrators".
When groupname = "users" the function returns 0 (ERROR_SUCCESS), indicating
that it is succesful.

"am" wrote:
> When attempting to view the members of the local administrators group I see
> no users at all, even when in the context of the local administrators
> account. If I attempt to add an account to the group that I know is in there
> already, I receive the following message:
>
> "Username" is already a member of group "Administrators".
>
> I've also tried running a script to enumerate the users in local
> administrators group and this returns no results.
>
> Any ideas how I can resolve this?
am
Guest
Posts: n/a
 
RE: No users in Local Administrators Group
Posted: 01-23-2009, 05:10 PM
I've done some further debugging of the NetLocalGroupGetMembers API and looks
like it calls LsarLookupSids2 (translates SIDS into names), which fails -
returning C000000D (STATUS_INVALID_PARAMETER in ntstatus.h). This then gets
translated to 87 (ERROR_INVALID_PARAMETER in winerror.h) before being
returned by NetLocalGroupGetMembers.

Running "net localgroup administrators" returns :

Alias name administrators
Comment Administrators have complete and unrestricted access to the
computer/domain
System error 87 has occurred.

The parameter is incorrect.

"am" wrote:
> I knocked up a C# app that calls NetLocalGroupGetMembers but this returns 87
> (ERROR_INVALID_PARAMETER) when the groupname parameter = "administrators".
> When groupname = "users" the function returns 0 (ERROR_SUCCESS), indicating
> that it is succesful.
>
> "am" wrote:
>
> > When attempting to view the members of the local administrators group I see
> > no users at all, even when in the context of the local administrators
> > account. If I attempt to add an account to the group that I know is in there
> > already, I receive the following message:
> >
> > "Username" is already a member of group "Administrators".
> >
> > I've also tried running a script to enumerate the users in local
> > administrators group and this returns no results.
> >
> > Any ideas how I can resolve this?
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
SP2 problem: Add Domain users in the local Administrators group Dédé Windows XP Configuration & Management 4 11-25-2004 03:04 PM
get all local user accounts from the group administrators C5BlueEagle Windows XP Work Remotely 0 04-23-2004 12:21 PM
Adding Domain Admins to local Administrators group Rob Roberts Windows XP Security & Administration 2 03-02-2004 06:35 PM
Can't Add Domain Users Group to local Administrators Group Mark Tyler Windows XP Security & Administration 1 09-27-2003 12:44 AM
add domain administrators into local administrators group from GPO rix Windows XP Security & Administration 0 09-26-2003 10:34 PM