Naming conventions fix for well known SIDs

lkarlslund · May 4, 2022 · 3dd0f7b · 3dd0f7b
1 parent 12d9ac7
commit 3dd0f7b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 9 deletions.
diff --git a/modules/integrations/localmachine/analyze/analyzer.go b/modules/integrations/localmachine/analyze/analyzer.go
@@ -156,7 +156,7 @@ func (ld *LocalMachineLoader) ImportCollectorInfo(cinfo localmachine.Info) error
 		computerobject.SetValues(localmachine.MACAddress, macaddrs...)
 	}
 
-	ld.ao.ReindexObject(computerobject) // We changed stuff after adding it
+	ld.ao.ReindexObject(computerobject, false) // We changed stuff after adding it
 
 	// Add local accounts as synthetic objects
 	userscontainer := engine.NewObject(activedirectory.Name, "Users")
@@ -278,11 +278,11 @@ func (ld *LocalMachineLoader) ImportCollectorInfo(cinfo localmachine.Info) error
 				switch {
 				case group.Name == "SMS Admins":
 					memberobject.Pwns(computerobject, PwnLocalSMSAdmins)
-				case groupsid == windowssecurity.SIDAdministrators:
+				case groupsid == windowssecurity.AdministratorsSID:
 					memberobject.Pwns(computerobject, PwnLocalAdminRights)
-				case groupsid == windowssecurity.SIDDCOMUsers:
+				case groupsid == windowssecurity.DCOMUsersSID:
 					memberobject.Pwns(computerobject, PwnLocalDCOMRights)
-				case groupsid == windowssecurity.SIDRemoteDesktopUsers:
+				case groupsid == windowssecurity.RemoteDesktopUsersSID:
 					memberobject.Pwns(computerobject, PwnLocalRDPRights)
 				}
 

diff --git a/modules/windowssecurity/wellknown.go b/modules/windowssecurity/wellknown.go
@@ -33,7 +33,7 @@ var (
 		"S-1-5-15":     "This Organization",
 		"S-1-5-17":     "This Organization",
 		"S-1-5-18":     "Local System",
-		"S-1-5-19":     "NT Authority",
+		"S-1-5-19":     "Local Service",
 		"S-1-5-2":      "Network",
 		"S-1-5-20":     "NT Authority",
 		"S-1-5-3":      "Batch",
@@ -80,17 +80,16 @@ var (
 		"S-1-5-90-0":  "Windows Manager - Windows Manager Group",
 	}
 
-	SIDAdministrators, _     = SIDFromString("S-1-5-32-544")
-	SIDRemoteDesktopUsers, _ = SIDFromString("S-1-5-32-555")
-	SIDDCOMUsers, _          = SIDFromString("S-1-5-32-562")
+	AdministratorsSID, _     = SIDFromString("S-1-5-32-544")
+	RemoteDesktopUsersSID, _ = SIDFromString("S-1-5-32-555")
+	DCOMUsersSID, _          = SIDFromString("S-1-5-32-562")
 
 	OwnerSID, _              = SIDFromString("S-1-3-4")
 	SystemSID, _             = SIDFromString("S-1-5-18")
 	CreatorOwnerSID, _       = SIDFromString("S-1-3-0")
 	SelfSID, _               = SIDFromString("S-1-5-10")
 	AuthenticatedUsersSID, _ = SIDFromString("S-1-5-11")
 	EveryoneSID, _           = SIDFromString("S-1-1-0")
-	AdministratorsSID, _     = SIDFromString("S-1-5-32-544")
 	ServicesSID, _           = SIDFromString("S-1-5-6")
 	NetworkServiceSID, _     = SIDFromString("S-1-5-19")
 	LocalServiceSID, _       = SIDFromString("S-1-5-20")