fix Windows tests with hardcoded Administrator account (#35339)

* Admin account is not always called Administrator (eg Azure)
* this fixes some, but not all issues related to the Administrator account on non-English Windows as well (still numerous references to "Administrators" and other en-US Windows group names)

1 files changed, 19 insertions, 6 deletions

diff --git a/test/integration/targets/win_module_utils/library/sid_utils_test.ps1 b/test/integration/targets/win_module_utils/library/sid_utils_test.ps1
index 1b9bffd2f7..e64f5cf454 100644
--- a/test/integration/targets/win_module_utils/library/sid_utils_test.ps1
+++ b/test/integration/targets/win_module_utils/library/sid_utils_test.ps1
@@ -10,14 +10,24 @@ Function Assert-Equals($actual, $expected) {
 }
 
 Function Get-ComputerSID() {
-    # this is sort off cheating but I can't see any better way of getting this SID
-    $admin_sid = Convert-ToSID -account_name "$env:COMPUTERNAME\Administrator"
+    # find any local user and trim off the final UID
+    $luser_sid = (Get-CimInstance Win32_UserAccount -Filter "Domain='$env:COMPUTERNAME'")[0].SID
 
-    return $admin_sid.Substring(0, $admin_sid.Length - 4)
+    return $luser_sid -replace '(S-1-5-21-\d+-\d+-\d+)-\d+', '$1'
 }
 
 $local_sid = Get-ComputerSID
 
+# most machines should have a -500 Administrator account, but it may have been renamed. Look it up by SID
+$default_admin = Get-CimInstance Win32_UserAccount -Filter "SID='$local_sid-500'"
+
+# this group is called Administrators by default on English Windows, but could named something else. Look it up by SID
+$default_admin_group = Get-CimInstance Win32_Group -Filter "SID='S-1-5-32-544'"
+
+if (@($default_admin).Length -ne 1) {
+    Fail-Json @{} "could not find a local admin account with SID ending in -500"
+}
+
 ### Set this to the NETBIOS name of the domain you wish to test, not set for shippable ###
 $test_domain = $null
 
@@ -26,10 +36,10 @@ $tests = @(
     @{ sid = "S-1-1-0"; full_name = "Everyone"; names = @("Everyone") },
     @{ sid = "S-1-5-18"; full_name = "NT AUTHORITY\SYSTEM"; names = @("NT AUTHORITY\SYSTEM", "SYSTEM") },
     @{ sid = "S-1-5-20"; full_name = "NT AUTHORITY\NETWORK SERVICE"; names = @("NT AUTHORITY\NETWORK SERVICE", "NETWORK SERVICE") },
-    @{ sid = "$local_sid-500"; full_name = "$env:COMPUTERNAME\Administrator"; names = @("$env:COMPUTERNAME\Administrator", "Administrator", ".\Administrator") },
+    @{ sid = "$($default_admin.SID)"; full_name = "$($default_admin.FullName)"; names = @("$env:COMPUTERNAME\$($default_admin.Name)", "$($default_admin.Name)", ".\$($default_admin.Name)") },
 
     # Local Groups
-    @{ sid = "S-1-5-32-544"; full_name = "BUILTIN\Administrators"; names = @("BUILTIN\Administrators", "Administrators", ".\Administrators") }
+    @{ sid = "$($default_admin_group.SID)"; full_name = "BUILTIN\$($default_admin_group.Name)"; names = @("BUILTIN\$($default_admin_group.Name)", "$($default_admin_group.Name)", ".\$($default_admin_group.Name)") }
 )
 
 # Add domain tests if the domain name has been set
@@ -55,7 +65,10 @@ if ($test_domain -ne $null) {
 
 foreach ($test in $tests) {
     $actual_account_name = Convert-FromSID -sid $test.sid
-    Assert-Equals -actual $actual_account_name -expected $test.full_name
+    # renamed admins may have an empty FullName; skip comparison in that case
+    if ($test.full_name) {
+        Assert-Equals -actual $actual_account_name -expected $test.full_name
+    }
 
     foreach ($test_name in $test.names) {
         $actual_sid = Convert-ToSID -account_name $test_name