How to add the BUILTIN Administrators group in SQL Server for Operating Systems that are not in English?

Question

How to add the BUILTIN Administrators group in SQL Server for Operating Systems that are not in English?

Asked 8 years, 4 months ago

Viewed 92 times

3

During the installation of my application on a server, the following line is executed:

using (var com = con.CreateCommand())
{
    com.CommandText = "CREATE LOGIN [BUILTIN\\Administrators] FROM WINDOWS";
    com.ExecuteNonQuery();
}

This code works well when running on English operating systems, but when I tried to run on an operating system in Portuguese it didn’t work.

What would then be the correct command, so that this code can be executed on any operating system, regardless of language?

1

Did you even test by swapping Administrators for Administrators? Just to see if it works?

– Diego

2016/05/19 at 13:06
I will test this now, and I believe it should work. But I have no way of knowing which language of the operating system will be installed. So I still need a command to run in any OS, or at least some way to get the correct system string.

– Marcello

2016/05/19 at 13:14
When it comes to Windows, it will be difficult to follow a pattern. If your case is only about English/Portuguese installations, you could create an if by testing the language and then run your command.

– Diego

2016/05/19 at 13:23
My case is any installation, in any language, because this application can be used in any country of the world. I’m researching how to get the name "BUILTIN Administrators" in any language.

– Marcello

2016/05/19 at 13:41
2

I was able to solve the problem. There is a way to recover names from known groups, such as the Administrators group, using SID. I will post a reply explaining. Thank you for helping Diego!

– Marcello

2016/05/19 at 14:11

1 answer

Browser other questions tagged c# sql-server security-guard

You are not signed in. Login or sign up in order to post.

by Marcello • **490** points · Answer 1 · 2016-05-19T14:45:33+00:00

I managed to solve this problem as follows:

For known groups, such as Administrators (Administrators) and Guests (Guests), it is possible to recover the name based on SID (Secutiry Identifier). A list of known Sids is available here:

For this specific case, the Administrators group has the SID = "S-1-5-32-544". So, below is the final solution:

string sidBuiltinAdmins = "S-1-5-32-544";
string builtinAdmins = new System.Security.Principal.SecurityIdentifier(sidBuiltinAdmins).Translate(typeof(System.Security.Principal.NTAccount)).ToString();
using (var com = con.CreateCommand())
{
    com.CommandText = string.Format("CREATE LOGIN [{0}] FROM WINDOWS", builtinAdmins);
    com.ExecuteNonQuery();
}