PowerShell Remoting Project Home

Monday, June 12, 2006

What Access Rights Do You Have?

A PowerShell script to check User/Group access rights on FileSystem and Registry.

Yesterday, I was reading post on Mark's Sysinternals Blog: The Power in Power Users. It says "a user that belongs to the Power Users group can easily elevate themselves to fully-privileged administrators". He used a tool called AccessChk to find out what access rights does "Power User" group have.

If you read my serise posts on access control list in monad.  you will find out that we can get/set access rule in PowerShell directly without using extra tools. So I wrote a PowerShell script (Check-AccessRights.ps1) to get similar function as AccessChk. It is pretty dirty, but dose the job. You may want to try
D:\ps1\Check-AccessRights.ps1 .\
# Check your access rights on current path (could be filesystem or registry)
or
D:\ps1\Check-AccessRights.ps1 HKLM:\sytem\CurrentControlSet\Services $true "Power Users"
# HKLM:\sytem\CurrentControlSet\Services is Path to check
# $true is to get child object ACL recursively
# "Power Users" is user/group
Be prepared if you use -Recurse option ($true), you may want to redirect results to a file.
#################################################################
#
# File: Check-AccessRights.ps1
# Author: Tony (http://MSHForFun.blogspot.com/)
# Parameters:
#    $Path:  PowerShell Path (for example, c:\ or HKLM:\)
#    $Recurse: Check child object recursively
#    $Account: User name / Group (for example, "domain\alice",
#               "Power Users")
#
################################################################
param([string] $Path = {throw "Please specify a path"}, [bool] $Recurse = $false, [string] $Account)
if (-not (test-path $Path))
{
    $Path + " not exists!"
    return
}
if ([string]::ISNullOrEmpty($Account))
{
    $SID = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).Owner
}
else
{
    $SID = (new-object System.Security.Principal.NTAccount($Account)).Translate([System.Security.Principal.SecurityIdentifier])
    if ($SID -eq $null) {return}
}
"Account: " + $SID.ToString()
"Path: " + $Path
$AccessRules = (get-acl $Path).Access
if ($AccessRules -eq $null)
{
    "Can't get access rules!"
    return
}
$AccessRules|foreach-object {
    $CurrentSID = $_.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
    if ($CurrentSID.ToString() -eq $SID.ToString())
    {
        $_
    }
}
if ($Recurse)
{
    Get-ChildItem $Path -Recurse| foreach {
        "========================================"
        "Child Path: " + $_.ToString()
        $AccessRules = (get-acl $Path).Access
        if ($AccessRules -eq $null)
        {
            "Can't get access rules!"
            return
        }
        $AccessRules|foreach-object {
            $CurrentSID = $_.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
            if ($CurrentSID.ToString() -eq $SID.ToString())
            {
              $_
            }
        }
    }
}

Have Fun

Tags:       


Comments:
If you are looking wow power leveling, buy wow gold,warcraft gold as well as WOW Power Leveling and World Of wow leveling
 
I like Archlord gold very much. Since I entered into this game, I learnt skills to earn Archlord money. Thanks to archlord online Gold let me know a lot of friends. It is my habit to buy Archlord gold, and I get some cheap Archlord gold from my friends and Internet.
I like to play Asda Story, because I like its name, also I like Asda Story gold. My friend told me that she would buy Asda Story money for me, and I was so happy. I do not like to go shopping, because it always spends a lot of money, but I never hesitate to buy Asda Story Gold. You can buy cheap Asda Story gold; it is so easy and convenient.
 
You know ,I have some Entropiauniverse ped, and my friend also has some
Entropia Universe Gold, do you kouw they have the same meaning,Both of them can be called
Entropia Universe Money,I just want to
Buy Entropia Universe Gold, because there are many
cheap Entropiauniverse ped.
You know ,I have some Atlantica online Gold, and my friend also has some
Atlantica Gold, do you kouw they have the same meaning,Both of them can be called
Atlantica online money,I just want to
buy Atlantica online Gold, because there are many
cheap Atlantica online Gold.
 
buy wow gold,cheap wow gold,wow power leveling.
09.05.11
 
Buy breitling replica,cheap wow gold auto insurance09.05.11
 
Online poker free signup poker bankrolls is a very attractive
poker sign up bonuses it's all possible duration.
giving money from pokerroom with no deposit bonus and found you very morale player.
As a friendly propriet instant poker bonus - Poker online no deposit $35 bonus promotion.
bonus for CD Poker is quite no need deposit free bankrolls so stronger than any internet bonuses for poker.
well you may be take free Poker cash ane $50 bonuses.
good little free signup poker bankrolls as download soft.
 
Oes Tsetnoc one of the ways in which we can learn seo besides Mengembalikan Jati Diri Bangsa. By participating in the Oes Tsetnoc or Mengembalikan Jati Diri Bangsa we can improve our seo skills. To find more information about Oest Tsetnoc please visit my Oes Tsetnoc pages. And to find more information about Mengembalikan Jati Diri Bangsa please visit my Mengembalikan Jati Diri Bangsa pages. Thank you So much.
Oes Tsetnoc | Semangat Mengembalikan Jati Diri Bangsa
 

Post a Comment



Links to this post:

Create a Link



<< Home