PR to support local group definition

[mclbn]

Hi,

Under a localized Windows (i.e. French), the name of the local admin group might be different (i.e. "Administrateurs"). This PR adds a new "Group" parameters that patches the hardcoded DLL in the script with the specified value.

Cheers.

Marc

[jschpp]

I'm curious. why not use SIDs to resolve the name of the Administrator Group? like so:

[System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-544").Translate([System.Security.Principal.NTAccount]).Value

[calebstewart]

The DLL would need to be updated. Currently, the group name is specified as a literal string constant, which could be modified at runtime before dropping the payload, but couldn't be any longer than the original string (L"Administrators"). If it was separated out into a global variable with some padded space like the user name and password, that would be feasible and less likely to cause some sort of overflow situation in DllMain.

[jschpp]

Hmmm... I'd need to test this in my side but I'm pretty sure you could do SID resolution in the DLL itself. Let me get back to you on that

[jschpp]

Hmmm... I'd need to test this in my side but I'm pretty sure you could do SID resolution in the DLL itself. Let me get back to you on that

Yeah that doesn't seem to be as easy as I thought oO sooo much LSA stuff I know nothing about^^

If it was separated out into a global variable with some padded space

This should be much much easier. So this gets my vote :-)