Enums/Enum.WellKnownSids.ps1

[Hashtable]$Variables.WellKnownSIDs = [hashtable]::New([StringComparer]::OrdinalIgnoreCase)

$Variables.WellKnownSIDs = [ordered] @{
    'S-1-0'                                      = 'null authority'
    'S-1-0-0'                                    = 'nobody'
    'S-1-1'                                      = 'world authority'
    'S-1-1-0'                                    = 'everyone'
    'S-1-16-0'                                   = 'untrusted mandatory level'
    'S-1-16-12288'                               = 'high mandatory level'
    'S-1-16-16384'                               = 'system mandatory level'
    'S-1-16-20480'                               = 'protected process mandatory level'
    'S-1-16-28672'                               = 'secure process mandatory level'
    'S-1-16-4096'                                = 'low mandatory level'
    'S-1-16-8192'                                = 'medium mandatory level'
    'S-1-16-8448'                                = 'medium plus mandatory level'
    'S-1-2'                                      = 'local authority'
    'S-1-3'                                      = 'creator authority'
    'S-1-3-0'                                    = 'creator owner'
    'S-1-3-1'                                    = 'creator group'
    'S-1-3-2'                                    = 'creator owner server'
    'S-1-3-3'                                    = 'creator group server'
    'S-1-4'                                      = 'nonunique authority'
    'S-1-5'                                      = 'nt authority'
    'S-1-5-1'                                    = 'dialup'
    'S-1-5-2'                                    = 'network'
    'S-1-5-3'                                    = 'batch'
    'S-1-5-19'                                   = 'local service'
    'S-1-5-18'                                   = 'LocalSystem'
    'S-1-5-20'                                   = 'network service'
    'S-1-5-21-4195037842-338827918-94892514-526' = 'key admins'
    'S-1-5-4'                                    = 'interactive'
    'S-1-5-6'                                    = 'service'
    'S-1-5-7'                                    = 'anonymous logon'
    'S-1-5-8'                                    = 'proxy'
    'S-1-5-9'                                    = 'enterprise domain controllers'
    'S-1-5-10'                                   = 'self'
    'S-1-5-11'                                   = 'authenticated users'
    'S-1-5-113'                                  = 'local account'
    'S-1-5-114'                                  = 'local account and member of administrators group'
    'S-1-5-12'                                   = 'restricted code'
    'S-1-5-13'                                   = 'terminal server users'
    'S-1-5-14'                                   = 'remote interactive logon'
    'S-1-5-15'                                   = 'this organization'
    'S-1-5-17'                                   = 'iis_usrs'
    'S-1-5-21-500'                               = 'Administrator'
    'S-1-5-21-501'                               = 'Guest'
    'S-1-5-21-502'                               = 'KRBTGT'
    'S-1-5-21-512'                               = 'Domain Admins'
    'S-1-5-21-513'                               = 'Domain Users'
    'S-1-5-21-514'                               = 'Domain Guests'
    'S-1-5-21-515'                               = 'Domain Computers'
    'S-1-5-21-516'                               = 'Domain Controllers'
    'S-1-5-21-517'                               = 'Cert Publishers'
    'S-1-5-21-518'                               = 'Schema Admins'
    'S-1-5-21-519'                               = 'Enterprise Admins'
    'S-1-5-21-520'                               = 'Group Policy Creator Owners'
    'S-1-5-21-522'                               = 'Cloneable Domain Controllers'
    'S-1-5-21-526'                               = 'Key Admins'
    'S-1-5-21-527'                               = 'Enterprise Key Admins'
    'S-1-5-21-553'                               = 'RAS and IAS Servers'
    'S-1-5-21-571'                               = 'Allowed RODC Password Replication Group'
    'S-1-5-21-572'                               = 'Denied RODC Password Replication Group'
    'S-1-5-32-544'                               = 'administrators'
    'S-1-5-32-545'                               = 'users'
    'S-1-5-32-546'                               = 'guests'
    'S-1-5-32-547'                               = 'power users'
    'S-1-5-32-548'                               = 'account operators'
    'S-1-5-32-549'                               = 'server operators'
    'S-1-5-32-550'                               = 'print operators'
    'S-1-5-32-551'                               = 'backup operators'
    'S-1-5-32-552'                               = 'replicators'
    'S-1-5-32-554'                               = 'pre-windows 2000 compatible access'
    'S-1-5-32-555'                               = 'remote desktop users'
    'S-1-5-32-556'                               = 'network configuration operators'
    'S-1-5-32-557'                               = 'incoming forest trust builders'
    'S-1-5-32-558'                               = 'performance monitor users'
    'S-1-5-32-559'                               = 'performance log users'
    'S-1-5-32-560'                               = 'windows authorization access group'
    'S-1-5-32-561'                               = 'terminal server license servers'
    'S-1-5-32-562'                               = 'distributed com users'
    'S-1-5-32-568'                               = 'iis_iusrs'
    'S-1-5-32-569'                               = 'cryptographic operators'
    'S-1-5-32-573'                               = 'event log readers'
    'S-1-5-32-575'                               = 'rds remote access servers'
    'S-1-5-32-577'                               = 'rds management servers'
    'S-1-5-32-578'                               = 'hyper-v administrators'
    'S-1-5-32-579'                               = 'access control assistance operators'
    'S-1-5-32-580'                               = 'remote management users'
    'S-1-5-32-581'                               = 'system managed accounts group'
    'S-1-5-32-582'                               = 'storage replica administrators'
    'S-1-5-64-10'                                = 'ntlm authentication'
    'S-1-5-64-14'                                = 'schannel authentication'
    'S-1-5-64-21'                                = 'digest authentication'
    'S-1-5-80'                                   = 'nt service'
    'S-1-5-80-0'                                 = 'all services'
    'S-1-5-83-0'                                 = 'virtual machines'
}
New-Variable -Name WellKnownSIDs -Value $Variables.WellKnownSIDs -Scope Script -Force
#
# Check if KEY exist
# $Variables.WellKnownSIDs.Keys.Contains('S-1-5-11')
# -> Return True or False
#
# Search by KEY to get VALUE
# $Variables.WellKnownSIDs['S-1-5-11']
# -> Return 'authenticated users'
#
#
#
# Check if VALUE exist
# $Variables.WellKnownSIDs.Values.Contains('authenticated users')
# -> Return True or False
#
# Search by VALUE to get KEY
# $Variables.WellKnownSIDs.keys.where{$Variables.WellKnownSIDs[$_] -eq 'authenticated users'}
#-> Return 'S-1-5-11'
#