Incorrect check control in OS with spanish language

[CarlosM4]

Hello Team,

The controls that check local accounts or groups, such as Guest, Administrators, do not give the expected result when the OS language is in Spanish.

Default account names in spanish: Invitado, Administrador

Example of failed controls:

221 User Rights Assignment: Access Credential Manager as a trusted caller 222 User Rights Assignment: Access this computer from the network 223 User Rights Assignment: Act as part of the operating system 224 User Rights Assignment: Adjust memory quotas for a process 225 User Rights Assignment: Allow log on locally 226 User Rights Assignment: Allow log on through Remote Desktop Services 227 User Rights Assignment: Back up files and directories 228 User Rights Assignment: Change the system time 229 User Rights Assignment: Change the time zone

Is it possible to perform the check for 2 types of languages (English and Spanish) at the same time just by modifying the .CSV?

Regards

[0x6d69636b]

It works for local and well-known groups on a Spanish system, doesn't it? So only local users like Invitado or Administrador are a problem?

[CarlosM4]

The script works on a Spanish system, only the check is the one that does not give the expected result, because it validates only user in English.

I understand that I could modify the .CSV and change the corresponding users according to the language, but I wanted to know if there is a way to make it work for both languages?

[0x6d69636b]

There is already a translation function in place for well-known groups, hence my question about groups already working. If only the local accounts (RID 500 and 501) are wrong, then I could extend the translation function. If everything is wrong then I need to debug it

[CarlosM4]

Below is an example of a control check, in this case the expected result should be “Severity: Low” since the “Administrador” account has not been renamed.

Result is Passed: [+] ID 2.3.1.4, Accounts: Rename administrator account, Result=Administrador, Recommended=Administrator, Severity=Passed

In the .CSV the condition is for any name other than “Administrator”, so it takes it as correct.

Template used: finding_list_cis_microsoft_windows_11_enterprise_22h2_machine

[0x6d69636b]

I have added the translation of local accounts in the dev version, this should fix all items of User Rights Assignment checks.

However, it will not fix your last point, the Accounts: Rename administrator account check. Here you need to change the RecommendedValue in the CSV file, as you have already done.