RubyGems - sys-admin - Versions diffs - 1.5.4-x86-mingw32 → 1.5.5-x86-mingw32 - Mend

sys-admin 1.5.4-x86-mingw32 → 1.5.5-x86-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/CHANGES +8 -0
data/Rakefile +12 -13
data/lib/sys/admin.rb +944 -936
data/sys-admin.gemspec +1 -1
data/test/test_sys_admin.rb +1 -1
data/test/test_sys_admin_windows.rb +306 -295
metadata +6 -8

data/CHANGES CHANGED Viewed

@@ -1,3 +1,11 @@
+== 1.5.5 - 5-Jul-2011
+* Modified lastlog handling, and ignore getpwent_r and getgrent_r, on AIX.
+  Thanks go to Rick Ohnemus for the spot and patches.
+* Explicitly set spec.cpu on Windows to 'universal' in the gem creation task.
+* Fixed a bug in the User.get_login and User.get_group methods where the query
+  being generated was incorrect if no options were passed. Thanks go to
+  Matthew Brown for the spot.
 == 1.5.4 - 7-Oct-2010
 * Prefer the getlastlogx() function over lastlog() where supported.

data/Rakefile CHANGED Viewed

@@ -2,21 +2,19 @@ require 'rake'
 require 'rake/clean'
 require 'rake/testtask'
 require 'rbconfig'
+include Config
-WINDOWS = Config::CONFIG['host_os'] =~ /msdos|mswin|win32|mingw|cygwin/i
+WINDOWS = CONFIG['host_os'] =~ /msdos|mswin|win32|mingw|cygwin|windows/i
-desc "Clean the build files for the sys-admin source for UNIX systems"
-task :clean do
-  Dir['*.gem'].each{ |f| File.delete(f) } # Remove any .gem files
-  unless WINDOWS
-    Dir.chdir('ext') do
-      rm_rf('conftest.dSYM') if File.exists?('conftest.dSYM') # OS X
-      build_file = 'admin.' + Config::CONFIG['DLEXT']
-      sh 'make distclean' if File.exists?(build_file)
-      File.delete("sys/#{build_file}") if File.exists?("sys/#{build_file}")
-    end
-  end
-end
+CLEAN.include(
+  '**/*.gem',               # Gem files
+  '**/*.rbc',               # Rubinius
+  '**/*.o',                 # C object file
+  '**/*.log',               # Ruby extension build log
+  '**/Makefile',            # C Makefile
+  '**/conftest.dSYM',       # OS X build directory
+  "**/*.#{CONFIG['DLEXT']}" # C shared object
+)
 desc "Build the sys-admin library on UNIX systems (but don't install it)"
 task :build => [:clean] do
@@ -37,6 +35,7 @@ namespace :gem do
     if WINDOWS
       spec.platform = Gem::Platform::CURRENT
+      spec.platform.cpu = 'universal'
       spec.files = spec.files.reject{ |f| f.include?('ext') }
       spec.add_dependency('win32-security', '>= 0.1.2')
     else

data/lib/sys/admin.rb CHANGED Viewed

@@ -4,977 +4,985 @@ require 'win32/registry'
 require 'socket'
 module Sys
-   class Group
-      # Short description of the object.
-      attr_accessor :caption
-      # Description of the group.
-      attr_accessor :description
-      # Name of the Windows domain to which the group account belongs.
-      attr_accessor :domain
-      # Date the group was added.
-      attr_accessor :install_date
-      # Name of the Windows group account on the Group#domain specified.
-      attr_accessor :name
-      # Security identifier for this group.
-      attr_accessor :sid
-      # Current status for the group, such as "ok", "error", etc.
-      attr_accessor :status
-      # The group ID.
-      attr_accessor :gid
-      # Sets whether or not the group is local (as opposed to global).
-      attr_writer :local
-      # An array of members for that group. May contain SID's.
-      attr_accessor :members
-      # Creates and returns a new Group object.  This class encapsulates
-      # the information for a group account, whether it be global or local.
-      #
-      # Yields +self+ if a block is given.
-      #
-      def initialize
-         yield self if block_given?
-      end
+  class Group
+    # Short description of the object.
+    attr_accessor :caption
+    # Description of the group.
+    attr_accessor :description
+    # Name of the Windows domain to which the group account belongs.
+    attr_accessor :domain
+    # Date the group was added.
+    attr_accessor :install_date
+    # Name of the Windows group account on the Group#domain specified.
+    attr_accessor :name
+    # Security identifier for this group.
+    attr_accessor :sid
+    # Current status for the group, such as "ok", "error", etc.
+    attr_accessor :status
+    # The group ID.
+    attr_accessor :gid
+    # Sets whether or not the group is local (as opposed to global).
+    attr_writer :local
+    # An array of members for that group. May contain SID's.
+    attr_accessor :members
+    # Creates and returns a new Group object.  This class encapsulates
+    # the information for a group account, whether it be global or local.
+    #
+    # Yields +self+ if a block is given.
+    #
+    def initialize
+      yield self if block_given?
+    end
+    # Returns whether or not the group is a local group.
+    #
+    def local?
+      @local
+    end
+    # Returns the type of SID (Security Identifier) as a stringified value.
+    #
+    def sid_type
+      @sid_type
+    end
-      # Returns whether or not the group is a local group.
-      #
-      def local?
-         @local
-      end
-      # Returns the type of SID (Security Identifier) as a stringified value.
-      #
-      def sid_type
-         @sid_type
-      end
-      # Sets the SID (Security Identifier) type to +stype+, which can be
-      # one of the following constant values:
-      #
-      # * Admin::SidTypeUser
-      # * Admin::SidTypeGroup
-      # * Admin::SidTypeDomain
-      # * Admin::SidTypeAlias
-      # * Admin::SidTypeWellKnownGroup
-      # * Admin::SidTypeDeletedAccount
-      # * Admin::SidTypeInvalid
-      # * Admin::SidTypeUnknown
-      # * Admin::SidTypeComputer
-      #
-      def sid_type=(stype)
-         if stype.kind_of?(String)
-            @sid_type = stype.downcase
-         else
-            case stype
-               when Admin::SidTypeUser
-                  @sid_type = "user"
-               when Admin::SidTypeGroup
-                  @sid_type = "group"
-               when Admin::SidTypeDomain
-                  @sid_type = "domain"
-               when Admin::SidTypeAlias
-                  @sid_type = "alias"
-               when Admin::SidTypeWellKnownGroup
-                  @sid_type = "well_known_group"
-               when Admin::SidTypeDeletedAccount
-                  @sid_type = "deleted_account"
-               when Admin::SidTypeInvalid
-                  @sid_type = "invalid"
-               when Admin::SidTypeUnknown
-                  @sid_type = "unknown"
-               when Admin::SidTypeComputer
-                  @sid_type = "computer"
-               else
-                  @sid_type = "unknown"
-            end
+    # Sets the SID (Security Identifier) type to +stype+, which can be
+    # one of the following constant values:
+    #
+    # * Admin::SidTypeUser
+    # * Admin::SidTypeGroup
+    # * Admin::SidTypeDomain
+    # * Admin::SidTypeAlias
+    # * Admin::SidTypeWellKnownGroup
+    # * Admin::SidTypeDeletedAccount
+    # * Admin::SidTypeInvalid
+    # * Admin::SidTypeUnknown
+    # * Admin::SidTypeComputer
+    #
+    def sid_type=(stype)
+      if stype.kind_of?(String)
+        @sid_type = stype.downcase
+      else
+        case stype
+          when Admin::SidTypeUser
+            @sid_type = "user"
+          when Admin::SidTypeGroup
+            @sid_type = "group"
+          when Admin::SidTypeDomain
+            @sid_type = "domain"
+          when Admin::SidTypeAlias
+            @sid_type = "alias"
+          when Admin::SidTypeWellKnownGroup
+            @sid_type = "well_known_group"
+          when Admin::SidTypeDeletedAccount
+            @sid_type = "deleted_account"
+          when Admin::SidTypeInvalid
+            @sid_type = "invalid"
+          when Admin::SidTypeUnknown
+            @sid_type = "unknown"
+          when Admin::SidTypeComputer
+            @sid_type = "computer"
+          else
+            @sid_type = "unknown"
          end
-         @sid_type
-      end
-   end
+       end
+      @sid_type
+    end
+  end
-   class User
-      # An account for users whose primary account is in another domain.
-      TEMP_DUPLICATE = 0x0100
-      # Default account type that represents a typical user.
-      NORMAL = 0x0200
-      # A permit to trust account for a domain that trusts other domains.
-      INTERDOMAIN_TRUST = 0x0800
+  class User
+    # An account for users whose primary account is in another domain.
+    TEMP_DUPLICATE = 0x0100
+    # Default account type that represents a typical user.
+    NORMAL = 0x0200
+    # A permit to trust account for a domain that trusts other domains.
+    INTERDOMAIN_TRUST = 0x0800
+    # An account for a Windows NT/2000 workstation or server that is a
+    # member of this domain.
+    WORKSTATION_TRUST = 0x1000
+    # A computer account for a backup domain controller that is a member
+    # of this domain.
+    SERVER_TRUST = 0x2000
+    # Domain and username of the account.
+    attr_accessor :caption
+    # Description of the account.
+    attr_accessor :description
+    # Name of the Windows domain to which a user account belongs.
+    attr_accessor :domain
+    # The user's password.
+    attr_accessor :password
+    # Full name of a local user.
+    attr_accessor :full_name
+    # An array of groups to which the user belongs.
+    attr_accessor :groups
+    # Date the user account was created.
+    attr_accessor :install_date
+    # Name of the Windows user account on the domain that the User#domain
+    # property specifies.
+    attr_accessor :name
+    # The user's security identifier.
+    attr_accessor :sid
+    # Current status for the user, such as "ok", "error", etc.
+    attr_accessor :status
+    # The user's id (RID).
+    attr_accessor :uid
+    # The user's home directory
+    attr_accessor :dir
+    # Used to set whether or not the account is disabled.
+    attr_writer :disabled
+    # Sets whether or not the account is defined on the local computer.
+    attr_writer :local
+    # Sets whether or not the account is locked out of the OS.
+    attr_writer :lockout
+    # Sets whether or not the password for the account can be changed.
+    attr_writer :password_changeable
+    # Sets whether or not the password for the account expires.
+    attr_writer :password_expires
+    # Sets whether or not a password is required for the account.
+    attr_writer :password_required
+    # Returns the account type as a human readable string.
+    attr_reader :account_type
-      # An account for a Windows NT/2000 workstation or server that is a
-      # member of this domain.
-      WORKSTATION_TRUST = 0x1000
+    # Creates an returns a new User object.  A User object encapsulates a
+    # user account on the operating system.
+    #
+    # Yields +self+ if a block is provided.
+    #
+    def initialize
+      yield self if block_given?
+    end
-      # A computer account for a backup domain controller that is a member
-      # of this domain.
-      SERVER_TRUST = 0x2000
-      # Domain and username of the account.
-      attr_accessor :caption
-      # Description of the account.
-      attr_accessor :description
-      # Name of the Windows domain to which a user account belongs.
-      attr_accessor :domain
-      # The user's password.
-      attr_accessor :password
-      # Full name of a local user.
-      attr_accessor :full_name
-      # An array of groups to which the user belongs.
-      attr_accessor :groups
-      # Date the user account was created.
-      attr_accessor :install_date
-      # Name of the Windows user account on the domain that the User#domain
-      # property specifies.
-      attr_accessor :name
-      # The user's security identifier.
-      attr_accessor :sid
-      # Current status for the user, such as "ok", "error", etc.
-      attr_accessor :status
-      # The user's id (RID).
-      attr_accessor :uid
-      # The user's home directory
-      attr_accessor :dir
-      # Used to set whether or not the account is disabled.
-      attr_writer :disabled
-      # Sets whether or not the account is defined on the local computer.
-      attr_writer :local
-      # Sets whether or not the account is locked out of the OS.
-      attr_writer :lockout
-      # Sets whether or not the password for the account can be changed.
-      attr_writer :password_changeable
-      # Sets whether or not the password for the account expires.
-      attr_writer :password_expires
-      # Sets whether or not a password is required for the account.
-      attr_writer :password_required
-      # Returns the account type as a human readable string.
-      attr_reader :account_type
-      # Creates an returns a new User object.  A User object encapsulates a
-      # user account on the operating system.
-      #
-      # Yields +self+ if a block is provided.
-      #
-      def initialize
-         yield self if block_given?
-      end
-      # Sets the account type for the account.  Possible values are:
-      #
-      # * User::TEMP_DUPLICATE
-      # * User::NORMAL
-      # * User::INTERDOMAIN_TRUST
-      # * User::WORKSTATION_TRUST
-      # * User::SERVER_TRUST
-      #
-      def account_type=(type)
-         case type
-            when TEMP_DUPLICATE
-               @account_type = 'duplicate'
-            when NORMAL
-               @account_type = 'normal'
-            when INTERDOMAIN_TRUST
-               @account_type = 'interdomain_trust'
-            when WORKSTATION_TRUST
-               @account_type = 'workstation_trust'
-            when SERVER_TRUST
-               @account_type = 'server_trust'
-            else
-               @account_type = 'unknown'
-         end
+    # Sets the account type for the account.  Possible values are:
+    #
+    # * User::TEMP_DUPLICATE
+    # * User::NORMAL
+    # * User::INTERDOMAIN_TRUST
+    # * User::WORKSTATION_TRUST
+    # * User::SERVER_TRUST
+    #
+    def account_type=(type)
+      case type
+        when TEMP_DUPLICATE
+          @account_type = 'duplicate'
+        when NORMAL
+          @account_type = 'normal'
+        when INTERDOMAIN_TRUST
+          @account_type = 'interdomain_trust'
+        when WORKSTATION_TRUST
+          @account_type = 'workstation_trust'
+        when SERVER_TRUST
+          @account_type = 'server_trust'
+        else
+          @account_type = 'unknown'
       end
+    end
-      # Returns the SID type as a human readable string.
-      #
-      def sid_type
-         @sid_type
-      end
+    # Returns the SID type as a human readable string.
+    #
+    def sid_type
+      @sid_type
+    end
-      # Sets the SID (Security Identifier) type to +stype+, which can be
-      # one of the following constant values:
-      #
-      # * Admin::SidTypeUser
-      # * Admin::SidTypeGroup
-      # * Admin::SidTypeDomain
-      # * Admin::SidTypeAlias
-      # * Admin::SidTypeWellKnownGroup
-      # * Admin::SidTypeDeletedAccount
-      # * Admin::SidTypeInvalid
-      # * Admin::SidTypeUnknown
-      # * Admin::SidTypeComputer
-      #
-      def sid_type=(stype)
-         case stype
-            when Admin::SidTypeUser
-               @sid_type = 'user'
-            when Admin::SidTypeGroup
-               @sid_type = 'group'
-            when Admin::SidTypeDomain
-               @sid_type = 'domain'
-            when Admin::SidTypeAlias
-               @sid_type = 'alias'
-            when Admin::SidTypeWellKnownGroup
-               @sid_type = 'well_known_group'
-            when Admin::SidTypeDeletedAccount
-               @sid_type = 'deleted_account'
-            when Admin::SidTypeInvalid
-               @sid_type = 'invalid'
-            when Admin::SidTypeUnknown
-               @sid_type = 'unknown'
-            when Admin::SidTypeComputer
-               @sid_type = 'computer'
-            else
-               @sid_type = 'unknown'
-         end
-      end
-      # Returns whether or not the account is disabled.
-      #
-      def disabled?
-         @disabled
+    # Sets the SID (Security Identifier) type to +stype+, which can be
+    # one of the following constant values:
+    #
+    # * Admin::SidTypeUser
+    # * Admin::SidTypeGroup
+    # * Admin::SidTypeDomain
+    # * Admin::SidTypeAlias
+    # * Admin::SidTypeWellKnownGroup
+    # * Admin::SidTypeDeletedAccount
+    # * Admin::SidTypeInvalid
+    # * Admin::SidTypeUnknown
+    # * Admin::SidTypeComputer
+    #
+    def sid_type=(stype)
+      case stype
+        when Admin::SidTypeUser
+          @sid_type = 'user'
+        when Admin::SidTypeGroup
+          @sid_type = 'group'
+        when Admin::SidTypeDomain
+          @sid_type = 'domain'
+        when Admin::SidTypeAlias
+          @sid_type = 'alias'
+        when Admin::SidTypeWellKnownGroup
+          @sid_type = 'well_known_group'
+        when Admin::SidTypeDeletedAccount
+          @sid_type = 'deleted_account'
+        when Admin::SidTypeInvalid
+          @sid_type = 'invalid'
+        when Admin::SidTypeUnknown
+          @sid_type = 'unknown'
+        when Admin::SidTypeComputer
+          @sid_type = 'computer'
+        else
+          @sid_type = 'unknown'
       end
+    end
-      # Returns whether or not the account is local.
-      #
-      def local?
-         @local
-      end
-      # Returns whether or not the account is locked out.
-      #
-      def lockout?
-         @lockout
-      end
+    # Returns whether or not the account is disabled.
+    #
+    def disabled?
+      @disabled
+    end
+    # Returns whether or not the account is local.
+    #
+    def local?
+      @local
+    end
+    # Returns whether or not the account is locked out.
+    #
+    def lockout?
+      @lockout
+    end
-      # Returns whether or not the password for the account is changeable.
-      #
-      def password_changeable?
-         @password_changeable
-      end
-      # Returns whether or not the password for the account is changeable.
-      #
-      def password_expires?
-         @password_expires
+    # Returns whether or not the password for the account is changeable.
+    #
+    def password_changeable?
+      @password_changeable
+    end
+    # Returns whether or not the password for the account is changeable.
+    #
+    def password_expires?
+      @password_expires
+    end
+    # Returns whether or not the a password is required for the account.
+    #
+    def password_required?
+      @password_required
+    end
+  end
+  class Admin
+    # The version of the sys-admin library
+    VERSION = '1.5.5'
+    # This is the error raised in the majority of cases if anything goes wrong
+    # with any of the Sys::Admin methods.
+    #
+    class Error < StandardError; end
+    SidTypeUser           = 1
+    SidTypeGroup          = 2
+    SidTypeDomain         = 3
+    SidTypeAlias          = 4
+    SidTypeWellKnownGroup = 5
+    SidTypeDeletedAccount = 6
+    SidTypeInvalid        = 7
+    SidTypeUnknown        = 8
+    SidTypeComputer       = 9
+    private
+    HKEY = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\"
+    # Retrieves the user's home directory. For local accounts query the
+    # registry. For domain accounts use ADSI and use the HomeDirectory.
+    #
+    def self.get_home_dir(user, local = false, domain = nil)
+      if local
+        sec = Win32::Security::SID.open(user)
+        key = HKEY + sec.to_s
+        dir = nil
+        begin
+          Win32::Registry::HKEY_LOCAL_MACHINE.open(key) do |reg|
+            dir = reg['ProfileImagePath']
+          end
+        rescue Win32::Registry::Error
+          # Not every local user has a home directory
+        end
+      else
+        domain ||= Socket.gethostname
+        adsi = WIN32OLE.connect("WinNT://#{domain}/#{user},user")
+        dir = adsi.get('HomeDirectory')
       end
+      dir
+    end
+    # A private method that lower cases all keys, and converts them
+    # all to symbols.
+    #
+    def self.munge_options(opts)
+      rhash = {}
+      opts.each{ |k, v|
+        k = k.to_s.downcase.to_sym
+        rhash[k] = v
+      }
+      rhash
+    end
+    # An internal, private method for getting a list of groups for
+    # a particular user.
+    #
+    def self.get_groups(domain, user)
+      array = []
+      adsi = WIN32OLE.connect("WinNT://#{domain}/#{user}")
+      adsi.groups.each{ |g| array << g.name }
+      array
+    end
+    # An internal, private method for getting a list of members for
+    # any particular group.
+    #
+    def self.get_members(domain, group)
+      array = []
+      adsi = WIN32OLE.connect("WinNT://#{domain}/#{group}")
+      adsi.members.each{ |g| array << g.name }
+      array
+    end
-      # Returns whether or not the a password is required for the account.
-      #
-      def password_required?
-         @password_required
-      end
-   end
-   class Admin
-      # The version of the sys-admin library
-      VERSION = '1.5.4'
-      # This is the error raised in the majority of cases if anything goes wrong
-      # with any of the Sys::Admin methods.
-      #
-      class Error < StandardError; end
-      SidTypeUser           = 1
-      SidTypeGroup          = 2
-      SidTypeDomain         = 3
-      SidTypeAlias          = 4
-      SidTypeWellKnownGroup = 5
-      SidTypeDeletedAccount = 6
-      SidTypeInvalid        = 7
-      SidTypeUnknown        = 8
-      SidTypeComputer       = 9
-      private
-      HKEY = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\"
-      # Retrieves the user's home directory. For local accounts query the
-      # registry. For domain accounts use ADSI and use the HomeDirectory.
-      #
-      def self.get_home_dir(user, local = false, domain = nil)
-         if local
-            sec = Win32::Security::SID.open(user)
-            key = HKEY + sec.to_s
-            dir = nil
-            begin
-               Win32::Registry::HKEY_LOCAL_MACHINE.open(key) do |reg|
-                  dir = reg['ProfileImagePath']
-               end
-            rescue Win32::Registry::Error
-               # Not every local user has a home directory
-            end
-         else
-            domain ||= Socket.gethostname
-            adsi = WIN32OLE.connect("WinNT://#{domain}/#{user},user")
-            dir = adsi.get('HomeDirectory')
-         end
-         dir
+    # Used by the get_login method
+    GetUserName = Win32::API.new('GetUserName', 'PP', 'L', 'advapi32') # :nodoc:
+    public
+    # Creates the given +user+. If no domain option is specified,
+    # then it defaults to your local host, i.e. a local account is
+    # created.
+    #
+    # Any options provided are treated as IADsUser interface methods
+    # and are called before SetInfo is finally called.
+    #
+    # Examples:
+    #
+    #  # Create a local user with no options
+    #  Sys::Admin.add_user(:name => 'asmith')
+    #
+    #  # Create a local user with options
+    #  Sys::Admin.add_user(
+    #     :name        => 'asmith',
+    #     :description => 'Really cool guy',
+    #     :password    => 'abc123'
+    #  )
+    #
+    #  # Create a user on a specific domain
+    #  Sys::Admin.add_user(
+    #     :name     => 'asmith',
+    #     :domain   => 'XX',
+    #     :fullname => 'Al Smith'
+    #  )
+    #--
+    # Most options are passed to the 'put' method. However, we handle the
+    # password specially since it's a separate method, and some environments
+    # require that it be set up front.
+    #
+    def self.add_user(options = {})
+      options = munge_options(options)
+      name   = options.delete(:name) or raise ArgumentError, 'No user given'
+      domain = options[:domain]
+      if domain.nil?
+        domain  = Socket.gethostname
+        moniker = "WinNT://#{domain},Computer"
+      else
+        moniker = "WinNT://#{domain}"
       end
-      # A private method that lower cases all keys, and converts them
-      # all to symbols.
-      #
-      def self.munge_options(opts)
-         rhash = {}
-         opts.each{ |k, v|
-            k = k.to_s.downcase.to_sym
-            rhash[k] = v
-         }
-         rhash
+      begin
+        adsi = WIN32OLE.connect(moniker)
+        user = adsi.create('user', name)
+        options.each{ |option, value|
+          if option.to_s == 'password'
+            user.setpassword(value)
+          else
+            user.put(option.to_s, value)
+          end
+        }
+        user.setinfo
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
       end
-      # An internal, private method for getting a list of groups for
-      # a particular user.
-      #
-      def self.get_groups(domain, user)
-         array = []
-         adsi = WIN32OLE.connect("WinNT://#{domain}/#{user}")
-         adsi.groups.each{ |g| array << g.name }
-         array
+    end
+    # Configures the +user+ using +options+. If no domain option is
+    # specified then your local host is used, i.e. you are configuring
+    # a local user account.
+    #
+    # See http://tinyurl.com/3hjv9 for a list of valid options.
+    #
+    # In the case of a password change, pass a two element array as the
+    # old value and new value.
+    #
+    # Examples:
+    #
+    #  # Configure a local user
+    #  Sys::Admin.configure_user(
+    #     :name        => 'djberge',
+    #     :description => 'Awesome'
+    #  )
+    #
+    #  # Change the password
+    #  Sys::Admin.configure_user(
+    #     :name     => 'asmith',
+    #     :password => [old_pass, new_pass]
+    #  )
+    #
+    #  # Configure a user on a specific domain
+    #  Sys::Admin.configure_user(
+    #     :name      => 'jsmrz',
+    #     :domain    => 'XX',
+    #     :firstname => 'Jo'
+    #  )
+    #
+    def self.configure_user(options = {})
+      options = munge_options(options)
+      name   = options.delete(:name) or raise ArgumentError, 'No name given'
+      domain = options[:domain] || Socket.gethostname
+      begin
+        adsi = WIN32OLE.connect("WinNT://#{domain}/#{name},user")
+        options.each{ |option, value|
+           if option.to_s == 'password'
+             adsi.changepassword(value[0], value[1])
+           else
+             adsi.put(option.to_s, value)
+           end
+        }
+        adsi.setinfo
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
       end
-      # An internal, private method for getting a list of members for
-      # any particular group.
-      #
-      def self.get_members(domain, group)
-         array = []
-         adsi = WIN32OLE.connect("WinNT://#{domain}/#{group}")
-         adsi.members.each{ |g| array << g.name }
-         array
+    end
+    # Deletes the given +user+ on +domain+. If no domain is specified,
+    # then it defaults to your local host, i.e. a local account is
+    # deleted.
+    #
+    def self.delete_user(user, domain = nil)
+      if domain.nil?
+        domain  = Socket.gethostname
+        moniker = "WinNT://#{domain},Computer"
+      else
+        moniker = "WinNT://#{domain}"
       end
-      # Used by the get_login method
-      GetUserName = Win32::API.new('GetUserName', 'PP', 'L', 'advapi32') # :nodoc:
-      public
-      # Creates the given +user+. If no domain option is specified,
-      # then it defaults to your local host, i.e. a local account is
-      # created.
-      #
-      # Any options provided are treated as IADsUser interface methods
-      # and are called before SetInfo is finally called.
-      #
-      # Examples:
-      #
-      #  # Create a local user with no options
-      #  Sys::Admin.add_user(:name => 'asmith')
-      #
-      #  # Create a local user with options
-      #  Sys::Admin.add_user(
-      #     :name        => 'asmith',
-      #     :description => 'Really cool guy',
-      #     :password    => 'abc123'
-      #  )
-      #
-      #  # Create a user on a specific domain
-      #  Sys::Admin.add_user(
-      #     :name     => 'asmith',
-      #     :domain   => 'XX',
-      #     :fullname => 'Al Smith'
-      #  )
-      #--
-      # Most options are passed to the 'put' method. However, we handle the
-      # password specially since it's a separate method, and some environments
-      # require that it be set up front.
-      #
-      def self.add_user(options = {})
-         options = munge_options(options)
-         name   = options.delete(:name) or raise ArgumentError, 'No user given'
-         domain = options[:domain]
-         if domain.nil?
-            domain  = Socket.gethostname
-            moniker = "WinNT://#{domain},Computer"
-         else
-            moniker = "WinNT://#{domain}"
-         end
-         begin
-            adsi = WIN32OLE.connect(moniker)
-            user = adsi.create('user', name)
-            options.each{ |option, value|
-               if option.to_s == 'password'
-                  user.setpassword(value)
-               else
-                  user.put(option.to_s, value)
-               end
-            }
-            user.setinfo
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
+      begin
+        adsi = WIN32OLE.connect(moniker)
+        adsi.delete('user', user)
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
       end
-      # Configures the +user+ using +options+. If no domain option is
-      # specified then your local host is used, i.e. you are configuring
-      # a local user account.
-      #
-      # See http://tinyurl.com/3hjv9 for a list of valid options.
-      #
-      # In the case of a password change, pass a two element array as the
-      # old value and new value.
-      #
-      # Examples:
-      #
-      #  # Configure a local user
-      #  Sys::Admin.configure_user(
-      #     :name        => 'djberge',
-      #     :description => 'Awesome'
-      #  )
-      #
-      #  # Change the password
-      #  Sys::Admin.configure_user(
-      #     :name     => 'asmith',
-      #     :password => [old_pass, new_pass]
-      #  )
-      #
-      #  # Configure a user on a specific domain
-      #  Sys::Admin.configure_user(
-      #     :name      => 'jsmrz',
-      #     :domain    => 'XX',
-      #     :firstname => 'Jo'
-      #  )
-      #
-      def self.configure_user(options = {})
-         options = munge_options(options)
-         name   = options.delete(:name) or raise ArgumentError, 'No name given'
-         domain = options[:domain] || Socket.gethostname
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{domain}/#{name},user")
-            options.each{ |option, value|
-               if option.to_s == 'password'
-                  adsi.changepassword(value[0], value[1])
-               else
-                  adsi.put(option.to_s, value)
-               end
-            }
-            adsi.setinfo
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
+    end
+    # Create a new +group+ using +options+. If no domain option is specified
+    # then a local group is created instead.
+    #
+    # Examples:
+    #
+    #  # Create a local group with no options
+    #  Sys::Admin.add_group(:name => 'Dudes')
+    #
+    #  # Create a local group with options
+    #  Sys::Admin.add_group(:name => 'Dudes', :description => 'Boys')
+    #
+    #  # Create a group on a specific domain
+    #  Sys::Admin.add_group(
+    #     :name        => 'Ladies',
+    #     :domain      => 'XYZ',
+    #     :description => 'Girls'
+    #  )
+    #
+    def self.add_group(options = {})
+      options = munge_options(options)
+      group  = options.delete(:name) or raise ArgumentError, 'No name given'
+      domain = options[:domain]
+      if domain.nil?
+        domain  = Socket.gethostname
+        moniker = "WinNT://#{domain},Computer"
+      else
+        moniker = "WinNT://#{domain}"
       end
-      # Deletes the given +user+ on +domain+. If no domain is specified,
-      # then it defaults to your local host, i.e. a local account is
-      # deleted.
-      #
-      def self.delete_user(user, domain = nil)
-         if domain.nil?
-            domain  = Socket.gethostname
-            moniker = "WinNT://#{domain},Computer"
-         else
-            moniker = "WinNT://#{domain}"
-         end
-         begin
-            adsi = WIN32OLE.connect(moniker)
-            adsi.delete('user', user)
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
+      begin
+        adsi = WIN32OLE.connect(moniker)
+        group = adsi.create('group', group)
+        group.setinfo
+        configure_group(options) unless options.empty?
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
       end
-      # Create a new +group+ using +options+. If no domain option is specified
-      # then a local group is created instead.
-      #
-      # Examples:
-      #
-      #  # Create a local group with no options
-      #  Sys::Admin.add_group(:name => 'Dudes')
-      #
-      #  # Create a local group with options
-      #  Sys::Admin.add_group(:name => 'Dudes', :description => 'Boys')
-      #
-      #  # Create a group on a specific domain
-      #  Sys::Admin.add_group(
-      #     :name        => 'Ladies',
-      #     :domain      => 'XYZ',
-      #     :description => 'Girls'
-      #  )
-      #
-      def self.add_group(options = {})
-         options = munge_options(options)
-         group  = options.delete(:name) or raise ArgumentError, 'No name given'
-         domain = options[:domain]
-         if domain.nil?
-            domain  = Socket.gethostname
-            moniker = "WinNT://#{domain},Computer"
-         else
-            moniker = "WinNT://#{domain}"
-         end
-         begin
-            adsi = WIN32OLE.connect(moniker)
-            group = adsi.create('group', group)
-            group.setinfo
-            configure_group(options) unless options.empty?
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
+    end
+    # Configures the +group+ using +options+. If no domain option is
+    # specified then your local host is used, i.e. you are configuring
+    # a local group.
+    #
+    # See http://tinyurl.com/cjkzl for a list of valid options.
+    #
+    # Examples:
+    #
+    #  # Configure a local group.
+    #  Sys::Admin.configure_group(:name => 'Abba', :description => 'Swedish')
+    #
+    #  # Configure a group on a specific domain.
+    #  Sys::Admin.configure_group(
+    #     :name        => 'Web Team',
+    #     :domain      => 'Foo',
+    #     :description => 'Web programming cowboys'
+    #  )
+    #
+    def self.configure_group(options = {})
+      options = munge_options(options)
+      group  = options.delete(:name) or raise ArgumentError, 'No name given'
+      domain = options[:domain] || Socket.gethostname
+      begin
+        adsi = WIN32OLE.connect("WinNT://#{domain}/#{group},group")
+        options.each{ |option, value| adsi.put(option.to_s, value) }
+        adsi.setinfo
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
       end
-      # Configures the +group+ using +options+. If no domain option is
-      # specified then your local host is used, i.e. you are configuring
-      # a local group.
-      #
-      # See http://tinyurl.com/cjkzl for a list of valid options.
-      #
-      # Examples:
-      #
-      #  # Configure a local group.
-      #  Sys::Admin.configure_group(:name => 'Abba', :description => 'Swedish')
-      #
-      #  # Configure a group on a specific domain.
-      #  Sys::Admin.configure_group(
-      #     :name        => 'Web Team',
-      #     :domain      => 'Foo',
-      #     :description => 'Web programming cowboys'
-      #  )
-      #
-      def self.configure_group(options = {})
-         options = munge_options(options)
-         group  = options.delete(:name) or raise ArgumentError, 'No name given'
-         domain = options[:domain] || Socket.gethostname
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{domain}/#{group},group")
-            options.each{ |option, value| adsi.put(option.to_s, value) }
-            adsi.setinfo
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
+    end
+    # Delete the +group+ from +domain+. If no domain is specified, then
+    # you are deleting a local group.
+    #
+    def self.delete_group(group, domain = nil)
+      if domain.nil?
+        domain = Socket.gethostname
+        moniker = "WinNT://#{domain},Computer"
+      else
+        moniker = "WinNT://#{domain}"
       end
-      # Delete the +group+ from +domain+. If no domain is specified, then
-      # you are deleting a local group.
-      #
-      def self.delete_group(group, domain = nil)
-         if domain.nil?
-            domain = Socket.gethostname
-            moniker = "WinNT://#{domain},Computer"
-         else
-            moniker = "WinNT://#{domain}"
-         end
-         begin
-            adsi = WIN32OLE.connect(moniker)
-            obj = adsi.delete('group', group)
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
+      begin
+        adsi = WIN32OLE.connect(moniker)
+        obj = adsi.delete('group', group)
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
       end
+    end
-      # Returns the user name (only) of the current login.
-      #
-      def self.get_login
-         buffer = 0.chr * 256
-         nsize  = [buffer.size].pack("L")
-         if GetUserName.call(buffer, nsize) == 0
-            raise Error, 'GetUserName() call failed in get_login'
-         end
-         length   = nsize.unpack('L')[0]
-         username = buffer[0 ... length].chop
-         username
+    # Returns the user name (only) of the current login.
+    #
+    def self.get_login
+      buffer = 0.chr * 256
+      nsize  = [buffer.size].pack("L")
+      if GetUserName.call(buffer, nsize) == 0
+        raise Error, 'GetUserName() call failed in get_login'
       end
-      # Returns a User object based on either +name+ or +uid+.
-      #
-      # call-seq:
-      #    Sys::Admin.get_user(name, options = {})
-      #    Sys::Admin.get_user(uid, options = {})
-      #
-      # Looks for +usr+ information based on the options you specify, where
-      # the +usr+ argument can be either a user name or a RID.
-      #
-      # If a 'host' option is specified, information is retrieved from that
-      # host. Otherwise, the local host is used.
-      #
-      # All other options are converted to WQL statements against the
-      # Win32_UserAccount WMI object. See http://tinyurl.com/by9nvn for a
-      # list of possible options.
-      #
-      # Examples:
-      #
-      #  # Get a user by name
-      #  Admin.get_user('djberge')
-      #
-      #  # Get a user by uid
-      #  Admin.get_user(100)
-      #
-      #  # Get a user on a specific domain
-      #  Admin.get_user('djberge', :domain => 'TEST')
-      #--
-      # The reason for keeping the +usr+ variable as a separate argument
-      # instead of rolling it into the options hash was to keep a unified
-      # API between the Windows and UNIX versions.
-      #
-      def self.get_user(usr, options = {})
-         options = munge_options(options)
-         host = options.delete(:host) || Socket.gethostname
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
-         query = "select * from win32_useraccount"
-         i = 0
-         options.each{ |opt, val|
-            if i == 0
-               query << " where #{opt} = '#{val}'"
-               i += 1
-            else
-               query << " and #{opt} = '#{val}'"
-            end
-         }
-         if usr.kind_of?(Fixnum)
-            query << " and sid like '%-#{usr}'"
-         else
-            query << " and name = '#{usr}'"
-         end
-         domain = options[:domain] || host
-         wmi.execquery(query).each{ |user|
-            uid = user.sid.split('-').last.to_i
-            # Because our 'like' query isn't fulproof, let's parse
-            # the SID again to make sure
-            if usr.kind_of?(Fixnum)
-               next if usr != uid
-            end
-            user_object = User.new do |u|
-               u.account_type        = user.accounttype
-               u.caption             = user.caption
-               u.description         = user.description
-               u.disabled            = user.disabled
-               u.domain              = user.domain
-               u.full_name           = user.fullname
-               u.install_date        = user.installdate
-               u.local               = user.localaccount
-               u.lockout             = user.lockout
-               u.name                = user.name
-               u.password_changeable = user.passwordchangeable
-               u.password_expires    = user.passwordexpires
-               u.password_required   = user.passwordrequired
-               u.sid                 = user.sid
-               u.sid_type            = user.sidtype
-               u.status              = user.status
-               u.uid                 = uid
-               u.groups              = get_groups(domain, user.name)
-               u.dir                 = get_home_dir(user.name, options[:localaccount], domain)
-            end
-            return user_object
-         }
-         # If we're here, it means it wasn't found.
-         raise Error, "no user found for '#{usr}'"
+      length   = nsize.unpack('L')[0]
+      username = buffer[0 ... length].chop
+      username
+    end
+    # Returns a User object based on either +name+ or +uid+.
+    #
+    # call-seq:
+    #    Sys::Admin.get_user(name, options = {})
+    #    Sys::Admin.get_user(uid, options = {})
+    #
+    # Looks for +usr+ information based on the options you specify, where
+    # the +usr+ argument can be either a user name or a RID.
+    #
+    # If a 'host' option is specified, information is retrieved from that
+    # host. Otherwise, the local host is used.
+    #
+    # All other options are converted to WQL statements against the
+    # Win32_UserAccount WMI object. See http://tinyurl.com/by9nvn for a
+    # list of possible options.
+    #
+    # Examples:
+    #
+    #  # Get a user by name
+    #  Admin.get_user('djberge')
+    #
+    #  # Get a user by uid
+    #  Admin.get_user(100)
+    #
+    #  # Get a user on a specific domain
+    #  Admin.get_user('djberge', :domain => 'TEST')
+    #--
+    # The reason for keeping the +usr+ variable as a separate argument
+    # instead of rolling it into the options hash was to keep a unified
+    # API between the Windows and UNIX versions.
+    #
+    def self.get_user(usr, options = {})
+      options = munge_options(options)
+      host = options.delete(:host) || Socket.gethostname
+      cs = "winmgmts:{impersonationLevel=impersonate}!"
+      cs << "//#{host}/root/cimv2"
+      begin
+        wmi = WIN32OLE.connect(cs)
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
+      end
+      query = "select * from win32_useraccount"
+      i = 0
+      options.each{ |opt, val|
+        if i == 0
+          query << " where #{opt} = '#{val}'"
+          i += 1
+        else
+          query << " and #{opt} = '#{val}'"
+        end
+      }
+      if usr.kind_of?(Fixnum)
+        query << " and sid like '%-#{usr}'"
+      else
+        if i > 0
+          query << " and name = '#{usr}'"
+        else
+          query << " where name = '#{usr}'"
+        end
       end
+      domain = options[:domain] || host
+      wmi.execquery(query).each{ |user|
+        uid = user.sid.split('-').last.to_i
+        # Because our 'like' query isn't fulproof, let's parse
+        # the SID again to make sure
+        if usr.kind_of?(Fixnum)
+          next if usr != uid
+        end
+        user_object = User.new do |u|
+          u.account_type        = user.accounttype
+          u.caption             = user.caption
+          u.description         = user.description
+          u.disabled            = user.disabled
+          u.domain              = user.domain
+          u.full_name           = user.fullname
+          u.install_date        = user.installdate
+          u.local               = user.localaccount
+          u.lockout             = user.lockout
+          u.name                = user.name
+          u.password_changeable = user.passwordchangeable
+          u.password_expires    = user.passwordexpires
+          u.password_required   = user.passwordrequired
+          u.sid                 = user.sid
+          u.sid_type            = user.sidtype
+          u.status              = user.status
+          u.uid                 = uid
+          u.groups              = get_groups(domain, user.name)
+          u.dir                 = get_home_dir(user.name, options[:localaccount], domain)
+        end
+        return user_object
+      }
+      # If we're here, it means it wasn't found.
+      raise Error, "no user found for '#{usr}'"
+    end
-      # In block form, yields a User object for each user on the system. In
-      # non-block form, returns an Array of User objects.
-      #
-      # call-seq:
-      #    Sys::Admin.users(options = {})
-      #    Sys::Admin.users(options = {}){ |user| ... }
-      #
-      # You may specify a host from which information is retrieved. The
-      # default is the local host.
-      #
-      # All other arguments are passed as WQL query parameters against
-      # the Win32_UserAccont WMI object.
-      #
-      # Examples:
-      #
-      #  # Get all local account users
-      #  Sys::Admin.users(:localaccount => true)
-      #
-      #  # Get all user accounts on a specific domain
-      #  Sys::Admin.users(:domain => 'FOO')
-      #
-      #  # Get a single user from a domain
-      #  Sys::Admin.users(:name => 'djberge', :domain => 'FOO')
-      #
-      def self.users(options = {})
-         options = munge_options(options)
-         host = options.delete(:host) || Socket.gethostname
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise Error, e
-         end
-         query = "select * from win32_useraccount"
-         i = 0
-         options.each{ |opt, val|
-            if i == 0
-               query << " where #{opt} = '#{val}'"
-               i += 1
-            else
-               query << " and #{opt} = '#{val}'"
-            end
-         }
-         array = []
-         domain = options[:domain] || host
-         wmi.execquery(query).each{ |user|
-            uid = user.sid.split('-').last.to_i
-            usr = User.new do |u|
-               u.account_type        = user.accounttype
-               u.caption             = user.caption
-               u.description         = user.description
-               u.disabled            = user.disabled
-               u.domain              = user.domain
-               u.full_name           = user.fullname
-               u.install_date        = user.installdate
-               u.local               = user.localaccount
-               u.lockout             = user.lockout
-               u.name                = user.name
-               u.password_changeable = user.passwordchangeable
-               u.password_expires    = user.passwordexpires
-               u.password_required   = user.passwordrequired
-               u.sid                 = user.sid
-               u.sid_type            = user.sidtype
-               u.status              = user.status
-               u.groups              = get_groups(domain, user.name)
-               u.uid                 = uid
-               u.dir                 = get_home_dir(user.name, options[:localaccount], host)
-            end
-            if block_given?
-               yield usr
-            else
-               array.push(usr)
-            end
-         }
-         return array unless block_given?
+    # In block form, yields a User object for each user on the system. In
+    # non-block form, returns an Array of User objects.
+    #
+    # call-seq:
+    #    Sys::Admin.users(options = {})
+    #    Sys::Admin.users(options = {}){ |user| ... }
+    #
+    # You may specify a host from which information is retrieved. The
+    # default is the local host.
+    #
+    # All other arguments are passed as WQL query parameters against
+    # the Win32_UserAccont WMI object.
+    #
+    # Examples:
+    #
+    #  # Get all local account users
+    #  Sys::Admin.users(:localaccount => true)
+    #
+    #  # Get all user accounts on a specific domain
+    #  Sys::Admin.users(:domain => 'FOO')
+    #
+    #  # Get a single user from a domain
+    #  Sys::Admin.users(:name => 'djberge', :domain => 'FOO')
+    #
+    def self.users(options = {})
+      options = munge_options(options)
+      host = options.delete(:host) || Socket.gethostname
+      cs = "winmgmts:{impersonationLevel=impersonate}!"
+      cs << "//#{host}/root/cimv2"
+      begin
+        wmi = WIN32OLE.connect(cs)
+      rescue WIN32OLERuntimeError => e
+        raise Error, e
       end
+      query = "select * from win32_useraccount"
+      i = 0
+      options.each{ |opt, val|
+        if i == 0
+          query << " where #{opt} = '#{val}'"
+          i += 1
+        else
+          query << " and #{opt} = '#{val}'"
+        end
+      }
+      array = []
+      domain = options[:domain] || host
+      wmi.execquery(query).each{ |user|
+        uid = user.sid.split('-').last.to_i
+        usr = User.new do |u|
+          u.account_type        = user.accounttype
+          u.caption             = user.caption
+          u.description         = user.description
+          u.disabled            = user.disabled
+          u.domain              = user.domain
+          u.full_name           = user.fullname
+          u.install_date        = user.installdate
+          u.local               = user.localaccount
+          u.lockout             = user.lockout
+          u.name                = user.name
+          u.password_changeable = user.passwordchangeable
+          u.password_expires    = user.passwordexpires
+          u.password_required   = user.passwordrequired
+          u.sid                 = user.sid
+          u.sid_type            = user.sidtype
+          u.status              = user.status
+          u.groups              = get_groups(domain, user.name)
+          u.uid                 = uid
+          u.dir                 = get_home_dir(user.name, options[:localaccount], host)
+        end
+        if block_given?
+          yield usr
+        else
+          array.push(usr)
+        end
+      }
+      return array unless block_given?
+    end
-      # Returns a Group object based on either +name+ or +gid+.
-      #
-      # call-seq:
-      #    Sys::Admin.get_group(name, options = {})
-      #    Sys::Admin.get_group(gid, options = {})
-      #
-      # If a numeric value is sent as the first parameter, it is treated
-      # as a RID and is checked against the SID for a match.
-      #
-      # You may specify a host as an option from which information is
-      # retrieved. The default is the local host.
-      #
-      # All other options are passed as WQL parameters to the Win32_Group
-      # WMI object. See http://tinyurl.com/bngc8s for a list of possible
-      # options.
-      #
-      # Examples:
-      #
-      #  # Find a group by name
-      #  Sys::Admin.get_group('Web Team')
-      #
-      #  # Find a group by id
-      #  Sys::Admin.get_group(31667)
-      #
-      #  # Find a group on a specific domain
-      #  Sys::Admin.get_group('Web Team', :domain => 'FOO')
-      #
-      def self.get_group(grp, options = {})
-         options = munge_options(options)
-         host = options.delete(:host) || Socket.gethostname
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
-         query = "select * from win32_group"
-         i = 0
-         options.each{ |opt, val|
-            if i == 0
-               query << " where #{opt} = '#{val}'"
-               i += 1
-            else
-               query << " and #{opt} = '#{val}'"
-            end
-         }
-         if grp.kind_of?(Fixnum)
-            query << " and sid like '%-#{grp}'"
-         else
-            query << " and name = '#{grp}'"
-         end
-         domain = options[:domain] || host
-         wmi.execquery(query).each{ |group|
-            gid = group.sid.split("-").last.to_i
-            # Because our 'like' query isn't fulproof, let's parse
-            # the SID again to make sure
-            if grp.kind_of?(Fixnum)
-               next if grp != gid
-            end
-            group_object = Group.new do |g|
-               g.caption      = group.caption
-               g.description  = group.description
-               g.domain       = group.domain
-               g.gid          = gid
-               g.install_date = group.installdate
-               g.local        = group.localaccount
-               g.name         = group.name
-               g.sid          = group.sid
-               g.sid_type     = group.sidtype
-               g.status       = group.status
-               g.members      = get_members(domain, group.name)
-            end
-            return group_object
-         }
-         # If we're here, it means it wasn't found.
-         raise Error, "no group found for '#{grp}'"
+    # Returns a Group object based on either +name+ or +gid+.
+    #
+    # call-seq:
+    #    Sys::Admin.get_group(name, options = {})
+    #    Sys::Admin.get_group(gid, options = {})
+    #
+    # If a numeric value is sent as the first parameter, it is treated
+    # as a RID and is checked against the SID for a match.
+    #
+    # You may specify a host as an option from which information is
+    # retrieved. The default is the local host.
+    #
+    # All other options are passed as WQL parameters to the Win32_Group
+    # WMI object. See http://tinyurl.com/bngc8s for a list of possible
+    # options.
+    #
+    # Examples:
+    #
+    #  # Find a group by name
+    #  Sys::Admin.get_group('Web Team')
+    #
+    #  # Find a group by id
+    #  Sys::Admin.get_group(31667)
+    #
+    #  # Find a group on a specific domain
+    #  Sys::Admin.get_group('Web Team', :domain => 'FOO')
+    #
+    def self.get_group(grp, options = {})
+      options = munge_options(options)
+      host = options.delete(:host) || Socket.gethostname
+      cs = "winmgmts:{impersonationLevel=impersonate}!"
+      cs << "//#{host}/root/cimv2"
+      begin
+        wmi = WIN32OLE.connect(cs)
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
+      end
+      query = "select * from win32_group"
+      i = 0
+      options.each{ |opt, val|
+        if i == 0
+          query << " where #{opt} = '#{val}'"
+          i += 1
+        else
+          query << " and #{opt} = '#{val}'"
+        end
+      }
+      if grp.kind_of?(Fixnum)
+        query << " and sid like '%-#{grp}'"
+      else
+        if i > 0
+          query << " and name = '#{grp}'"
+        else
+          query << " where name = '#{grp}'"
+        end
       end
+      domain = options[:domain] || host
+      wmi.execquery(query).each{ |group|
+        gid = group.sid.split("-").last.to_i
+        # Because our 'like' query isn't fulproof, let's parse
+        # the SID again to make sure
+        if grp.kind_of?(Fixnum)
+           next if grp != gid
+        end
+        group_object = Group.new do |g|
+          g.caption      = group.caption
+          g.description  = group.description
+          g.domain       = group.domain
+          g.gid          = gid
+          g.install_date = group.installdate
+          g.local        = group.localaccount
+          g.name         = group.name
+          g.sid          = group.sid
+          g.sid_type     = group.sidtype
+          g.status       = group.status
+          g.members      = get_members(domain, group.name)
+        end
+        return group_object
+      }
+      # If we're here, it means it wasn't found.
+      raise Error, "no group found for '#{grp}'"
+    end
-      # In block form, yields a Group object for each user on the system.  In
-      # non-block form, returns an Array of Group objects.
-      #
-      # call-seq:
-      #    groups(options = {})
-      #    groups(options = {}){ |group| ... }
-      #
-      # You may specify a host option from which information is retrieved.
-      # The default is the local host.
-      #
-      # All other options are passed as WQL parameters to the Win32_Group
-      # WMI object. See http://tinyurl.com/bngc8s for a list of possible
-      # options.
-      #
-      # Examples:
-      #
-      #  # Get local group information
-      #  Sys::Admin.groups(:localaccount => true)
-      #
-      #  # Get all groups on a specific domain
-      #  Sys::Admin.groups(:domain => 'FOO')
-      #
-      #  # Get a specific group on a domain
-      #  Sys::Admin.groups(:name => 'Some Group', :domain => 'FOO')
-      #
-      def self.groups(options = {})
-         options = munge_options(options)
-         host = options.delete(:host) || Socket.gethostname
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
-         query = "select * from win32_group"
-         i = 0
-         options.each{ |opt, val|
-            if i == 0
-               query << " where #{opt} = '#{val}'"
-               i += 1
-            else
-               query << " and #{opt} = '#{val}'"
-            end
-         }
-         array = []
-         domain = options[:domain] || host
-         wmi.execquery(query).each{ |group|
-            grp = Group.new do |g|
-               g.caption      = group.caption
-               g.description  = group.description
-               g.domain       = group.domain
-               g.gid          = group.sid.split("-").last.to_i
-               g.install_date = group.installdate
-               g.local        = group.localaccount
-               g.name         = group.name
-               g.sid          = group.sid
-               g.sid_type     = group.sidtype
-               g.status       = group.status
-               g.members      = get_members(domain, group.name)
-            end
-            if block_given?
-               yield grp
-            else
-               array.push(grp)
-            end
-         }
-         return array unless block_given?
+    # In block form, yields a Group object for each user on the system.  In
+    # non-block form, returns an Array of Group objects.
+    #
+    # call-seq:
+    #    groups(options = {})
+    #    groups(options = {}){ |group| ... }
+    #
+    # You may specify a host option from which information is retrieved.
+    # The default is the local host.
+    #
+    # All other options are passed as WQL parameters to the Win32_Group
+    # WMI object. See http://tinyurl.com/bngc8s for a list of possible
+    # options.
+    #
+    # Examples:
+    #
+    #  # Get local group information
+    #  Sys::Admin.groups(:localaccount => true)
+    #
+    #  # Get all groups on a specific domain
+    #  Sys::Admin.groups(:domain => 'FOO')
+    #
+    #  # Get a specific group on a domain
+    #  Sys::Admin.groups(:name => 'Some Group', :domain => 'FOO')
+    #
+    def self.groups(options = {})
+      options = munge_options(options)
+      host = options.delete(:host) || Socket.gethostname
+      cs = "winmgmts:{impersonationLevel=impersonate}!"
+      cs << "//#{host}/root/cimv2"
+      begin
+        wmi = WIN32OLE.connect(cs)
+      rescue WIN32OLERuntimeError => err
+        raise Error, err
       end
-   end
+      query = "select * from win32_group"
+      i = 0
+      options.each{ |opt, val|
+        if i == 0
+          query << " where #{opt} = '#{val}'"
+          i += 1
+        else
+          query << " and #{opt} = '#{val}'"
+        end
+      }
+      array = []
+      domain = options[:domain] || host
+      wmi.execquery(query).each{ |group|
+        grp = Group.new do |g|
+          g.caption      = group.caption
+          g.description  = group.description
+          g.domain       = group.domain
+          g.gid          = group.sid.split("-").last.to_i
+          g.install_date = group.installdate
+          g.local        = group.localaccount
+          g.name         = group.name
+          g.sid          = group.sid
+          g.sid_type     = group.sidtype
+          g.status       = group.status
+          g.members      = get_members(domain, group.name)
+        end
+        if block_given?
+           yield grp
+        else
+           array.push(grp)
+        end
+      }
+      return array unless block_given?
+    end
+  end
 end