Zafer Balkan

Hi @AlexRuiz7, Thank you for the update. Looking at the priorities, this will be in the backlog for a while but it's OK. Bests.

Hi all, Yeah, I tried to think about it and it actually needs a workflow of state management. Yes, there may be a workaround to add one more field and...

As I mentioned in another issue [some time ago](https://github.com/wazuh/wazuh/issues/21298#issuecomment-1908096665). the reliable way is using SID: ```shell wmic useraccount where "sid like 's-1-5-21-%-501'" get name,status Name Status Degraded ``` Same with...

This applies to the local Administrator as well.

Well, to use wmic is the tricky bit. The PowerShell version is with SIDs is the best way.

The easiest way would be the one-liner below. If the user does not exist, it will return false as well. ```powershell [bool](Get-LocalUser | Where-Object -Property SID -like 'S-1-5-21-*-501' | Where-Object...

Hi @Johnng007, Is the two-single-quote around the SID pattern grammatically correct? I never tried this level of nested checks. ```yaml - 'c:powershell -noprofile "[bool](Get-LocalUser | Where-Object -Property SID -like ''S-1-5-21-*-501''...

Then, the added newline after False may be the culprit. When you run powershell.exe -Command, PowerShell formats and outputs the result via its default pipeline, which automatically adds a trailing...

What happens when you run the command from cmd? ```powershell powershell -NoProfile -Command "[Console]::Write([bool](Get-LocalUser | Where-Object SID -like 'S-1-5-21-*-501' | Where-Object Enabled))" ```

Can you enable Debug logging temporarily? Adding `windows.debug=2` to the local_internal_options.conf and monitoring for the SCA related logs would give more info. Edit: I'm on mobile and away from a...