proxb / poshprivilege Goto Github PK
View Code? Open in Web Editor NEWManage user privileges on a local machine or view applied privileges on local or remote system
License: Apache License 2.0
Manage user privileges on a local machine or view applied privileges on local or remote system
License: Apache License 2.0
From email:
It looks like the SeRelabelPrivilege user right wasn’t defined in PoshPrivilege.psm1. As best I could tell the integers you were using for the constants didn’t map the LUID or anything so I went ahead and added SeLabelPrivilege as an additional constant in the Privileges definition section and gave it the next int in the list. Hope this helps.
Hi Proxb.
Can you please review and comment on the following changes?
Thanks!
Tried this on Windows Server 2019
PS C:\Users\foo> Get-Privilege -CurrentUser
Privilege Description Enabled
--------- ----------- -------
SeIncreaseQuotaPrivilege Adjust memory quotas for a process False
SeSecurityPrivilege Manage auditing and security log False
SeTakeOwnershipPrivilege Take ownership of files or other objects False
SeLoadDriverPrivilege Load and unload device drivers False
SeSystemProfilePrivilege Profile system performance False
SeSystemtimePrivilege Change the system time False
SeProfileSingleProcessPrivilege Profile single process False
SeIncreaseBasePriorityPrivilege Increase scheduling priority False
SeCreatePagefilePrivilege Create a pagefile False
SeBackupPrivilege Back up files and directories False
SeRestorePrivilege Restore files and directories False
SeShutdownPrivilege Shut down the system False
SeDebugPrivilege Debug programs True
SeSystemEnvironmentPrivilege Modify firmware environment values False
SeChangeNotifyPrivilege Bypass traverse checking True
SeRemoteShutdownPrivilege Force shutdown from a remote system False
SeUndockPrivilege Remove computer from docking station False
SeManageVolumePrivilege Perform volume maintenance tasks False
SeImpersonatePrivilege Impersonate a client after authentica... True
SeCreateGlobalPrivilege Create global objects True
SeIncreaseWorkingSetPrivilege Increase a process working set False
SeTimeZonePrivilege Change the time zone False
SeCreateSymbolicLinkPrivilege Create symbolic links False
GetPrivilegeDisplayName : Cannot process argument transformation on parameter 'Privilege'. Cannot convert value
"SeDelegateSessionUserImpersonatePrivilege" to type "Privileges". Error: "Unable to match the identifier name
SeDelegateSessionUserImpersonatePrivilege to a valid enumerator name. Specify one of the following enumerator names
and try again:
SeAssignPrimaryTokenPrivilege, SeAuditPrivilege, SeBackupPrivilege, SeBatchLogonRight, SeChangeNotifyPrivilege,
SeCreateGlobalPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeCreateSymbolicLinkPrivilege,
SeCreateTokenPrivilege, SeDebugPrivilege, SeImpersonatePrivilege, SeIncreaseBasePriorityPrivilege,
SeIncreaseQuotaPrivilege, SeInteractiveLogonRight, SeLoadDriverPrivilege, SeLockMemoryPrivilege,
SeMachineAccountPrivilege, SeManageVolumePrivilege, SeNetworkLogonRight, SeProfileSingleProcessPrivilege,
SeRemoteInteractiveLogonRight, SeRemoteShutdownPrivilege, SeRestorePrivilege, SeSecurityPrivilege,
SeServiceLogonRight, SeShutdownPrivilege, SeSystemEnvironmentPrivilege, SeSystemProfilePrivilege,
SeSystemtimePrivilege, SeTakeOwnershipPrivilege, SeTcbPrivilege, SeTimeZonePrivilege, SeUndockPrivilege,
SeDenyNetworkLogonRight, SeDenyBatchLogonRight, SeDenyServiceLogonRight, SeDenyInteractiveLogonRight,
SeSyncAgentPrivilege, SeEnableDelegationPrivilege, SeDenyRemoteInteractiveLogonRight, SeTrustedCredManAccessPrivilege,
SeIncreaseWorkingSetPrivilege"
At T:\Windows\Tools\PowerShell\Modules\PoshPrivilege\0.3.0.0\Scripts\Get-Privilege.ps1:166 char:70
+ ... Description = GetPrivilegeDisplayName -Privilege $PrivilegeName
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [GetPrivilegeDisplayName], ParameterBindingArgumentTransformationExcept
ion
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,GetPrivilegeDisplayName
SeCreateSymbolicLinkPrivilege Create symbolic links False
PS C:\Users\foo> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.17763.1
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.1
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Based on email:
Thanks for putting together the PoshPrivilege module as it’s saved me a ton of work on a project I’m working. I couldn’t seem to get remove-privilege to work (kept failing with 0x80004005) but I think I found the problem and it seems to be working for me now. Did it ever work for you?
It looks like the $_UserRights buffer was calculated with non-unicode char size so I just replaced it with the same allocation lines from add-privilege since that worked. Also, I believe the 3rd parameter to LsaRemoveAccountRights() should be false instead of true. Seems to work fine for me now.
Thanks for this great module. I am trying to integrate it with a Chocolatey package for installing win32-openssh. I get errors on a fresh server 2008 R2 RTM box.
Is there a specific .NET version or Service package required on Server 2008 ?
Is there anyway to make the code compatible back to Server 2008 R2 RTM ?
Get-Privilege -CurrentUser
Privilege Description Enabled
--------- ----------- -------
SeIncreaseQuotaPrivilege Adjust memory quotas for a process False
SeSecurityPrivilege Manage auditing and security log False
SeTakeOwnershipPrivilege Take ownership of files or other objects False
SeLoadDriverPrivilege Load and unload device drivers False
SeSystemProfilePrivilege Profile system performance False
SeSystemtimePrivilege Change the system time False
SeProfileSingleProcessPrivilege Profile single process False
SeIncreaseBasePriorityPrivilege Increase scheduling priority False
SeCreatePagefilePrivilege Create a pagefile False
SeBackupPrivilege Back up files and directories False
SeRestorePrivilege Restore files and directories False
SeShutdownPrivilege Shut down the system False
SeDebugPrivilege Debug programs True
SeSystemEnvironmentPrivilege Modify firmware environment values False
SeChangeNotifyPrivilege Bypass traverse checking True
SeRemoteShutdownPrivilege Force shutdown from a remote system False
SeUndockPrivilege Remove computer from docking station False
SeManageVolumePrivilege Perform volume maintenance tasks False
SeImpersonatePrivilege Impersonate a client after authentica... True
SeCreateGlobalPrivilege Create global objects True
SeIncreaseWorkingSetPrivilege Increase a process working set False
SeTimeZonePrivilege Change the time zone False
SeCreateSymbolicLinkPrivilege Create symbolic links False
GetPrivilegeDisplayName : Cannot process argument transformation on parameter 'Privilege'. Cannot convert value
"SeDelegateSessionUserImpersonatePrivilege" to type "Privileges". Error: "Unable to match the identifier name
SeDelegateSessionUserImpersonatePrivilege to a valid enumerator name. Specify one of the following enumerator names
and try again:
SeAssignPrimaryTokenPrivilege, SeAuditPrivilege, SeBackupPrivilege, SeBatchLogonRight, SeChangeNotifyPrivilege,
SeCreateGlobalPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeCreateSymbolicLinkPrivilege,
SeCreateTokenPrivilege, SeDebugPrivilege, SeImpersonatePrivilege, SeIncreaseBasePriorityPrivilege,
SeIncreaseQuotaPrivilege, SeInteractiveLogonRight, SeLoadDriverPrivilege, SeLockMemoryPrivilege,
SeMachineAccountPrivilege, SeManageVolumePrivilege, SeNetworkLogonRight, SeProfileSingleProcessPrivilege,
SeRemoteInteractiveLogonRight, SeRemoteShutdownPrivilege, SeRestorePrivilege, SeSecurityPrivilege,
SeServiceLogonRight, SeShutdownPrivilege, SeSystemEnvironmentPrivilege, SeSystemProfilePrivilege,
SeSystemtimePrivilege, SeTakeOwnershipPrivilege, SeTcbPrivilege, SeTimeZonePrivilege, SeUndockPrivilege,
SeDenyNetworkLogonRight, SeDenyBatchLogonRight, SeDenyServiceLogonRight, SeDenyInteractiveLogonRight,
SeSyncAgentPrivilege, SeEnableDelegationPrivilege, SeDenyRemoteInteractiveLogonRight, SeTrustedCredManAccessPrivilege,
SeIncreaseWorkingSetPrivilege"
At C:\Program Files\WindowsPowerShell\Modules\PoshPrivilege\0.3.0.0\Scripts\Get-Privilege.ps1:166 char:70
+ ... Description = GetPrivilegeDisplayName -Privilege $PrivilegeName
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [GetPrivilegeDisplayName], ParameterBindingArgumentTransformationExcept
ion
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,GetPrivilegeDisplayName
SeCreateSymbolicLinkPrivilege Create symbolic links False
I'm trying to use PoshPrivilege on Windows 10 (22H2, 10.0.19045), PowerShell 7.6.3 (since I need a working Set-Acl -LiteralPath
in conjunction with this, the shipped PS 5.1 is not an option).
After installing via Install-Module -Name PoshPrivilege
, when trying to run any of the provided commands, I get (for example):
PS> Get-Privilege
InvalidOperation: \\local.domain\DFS\User$\Home\...\PowerShell\Modules\PoshPrivilege\0.3.0.0\Scripts\Get-Privilege.ps1:101
Line |
101 | [Privileges[]]$Privilege,
| ~~~~~~~~~~~~~~
| Unable to find type [Privileges].
What am I missing to make this work?
Current Pester tests just ensure that the module has been loaded. This needs better tests to ensure that functions work as intended.
Need to add some more help examples in all of the functions (maybe make it MAML?) and probably wouldn't hurt to add more in the about_* help file.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.