Description:
The Least Privileged Model reduces risk by limiting the users who have admin permissions. Recommended best practice is to audit and limit access to administrative privileges. Learn more: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implemen...
Results:
Lists all users in the local administrative group on a target system, as well as user ID and group ID.
SELECT u.directory, u.uid, u.uuid, g.gid, g.groupname, g.group_sid
FROM registry as r
JOIN groups AS g ON data = group_sid
JOIN users AS u ON regex_match(key,'S\-[\-0-9]+', 0) = u.uuid
WHERE key LIKE 'HKEY_USERS\%\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership'
AND groupname = 'Administrators';