El TecnoBaúl de Kiquenet

Kiquenet boring stories

Posts Tagged ‘secedit’

Powershell–Troubleshooting Group Policy – Privileges

Posted by kiquenet en 28 julio 2014

Useful when troubleshooting things like group policy, scripts or any other sources that may change privileges from what they should be. May generate a hash from this and automate a quick hash difference to monitor changes to privileges on systems.

Command
"secedit.exe", "/export /areas USER_RIGHTS /cfg $file"

#Variables
$computername= $env:COMPUTERNAME
$tempdir = "c:\temp"
$file = "$tempdir\privs.txt"
[string] $readableNames
$outHash = @{}

##### Generate report with just USER_RIGHTS ######
$process = [diagnostics.process]::Start("secedit.exe", "/export /areas USER_RIGHTS /cfg $file")
$process.WaitForExit()

$in = get-content $file
# start check of local userrights
foreach ($line in $in) {
if ($line.StartsWith("Se")) {
$privilege = $line.substring(0,$line.IndexOf("=") – 1)
$sids = $line.substring($line.IndexOf("=") + 1,$line.Length – ($line.IndexOf("=") + 1))
$sids =  $sids.Trim() -split ","
$readableNames = ""
foreach ($str in $sids){
    Write-Host $str
    if ($str.StartsWith("*S-")) {
        $str = $str.substring(1) # For some reason, secedit appends a * to the SID like *S-1-5-32-544, this just strips the first character
        $sid = new-object System.Security.Principal.SecurityIdentifier($str)
        $readableName = $sid.Translate([System.Security.Principal.NTAccount])
        $readableNames = $readableNames + $readableName.Value + ","
    } else {
        $readableName = $str
        $readableNames = $readableNames + $readableName + ","
    }
  }
$outHash.Add($privilege,$readableNames.substring(0,($readableNames.Length – 1))) #output edited version
}
}
$outHash

References:
http://rcampi.blogspot.com.es/2011/08/powershell-ghetto-way-to-output.html

Anuncios

Posted in PowerShell, Scripts | Etiquetado: , , | Leave a Comment »