#213175 - 2018-02-02 04:17 PM
Win32_TSAccounts Permissions
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
|
Breaking my head over this, I'm trying to set a permission value in the Win32_TSAccount wmi space. This works as expected, however to get it to remove the same permission again or deny is doesn't work. I've tried every Boolean value type I could think of but none seem to work. Btw, the reason I do this is because in Windows 2012 R2 and Windows 2016 you don't get a GUI anymore to set the permissions. The permissions I'm trying to set are Shadowing permissions. This part works, just removing or denying it again doesn't. Here is my code:
$strComputer = "."
$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\CIMV2\TerminalServices")
$colItems = $objWMIService.ExecQuery("Select * from Win32_TSAccount where SID='S-1-5-32-555' and TerminalName='RDP-Tcp'",,48)
@SERROR ?
For Each $objItem in $colItems
"AccountName: " + $objItem.AccountName ?
"AuditFail: " + $objItem.AuditFail ?
"AuditSuccess: " + $objItem.AuditSuccess ?
"Caption: " + $objItem.Caption ?
"Description: " + $objItem.Description ?
"InstallDate: " + $objItem.InstallDate ?
"Name: " + $objItem.Name ?
"PermissionsAllowed: " + $objItem.PermissionsAllowed+" (&"+DecToHex($objItem.PermissionsAllowed)+")" ?
If ($objItem.PermissionsAllowed & 1) = 1
"-WINSTATION_QUERY" ?
EndIf
If ($objItem.PermissionsAllowed & 2) = 2
"-WINSTATION_SET" ?
EndIf
If ($objItem.PermissionsAllowed & 4) = 4
"-WINSTATION_LOGOFF" ?
EndIf
If ($objItem.PermissionsAllowed & 16) = 16
"-WINSTATION_SHADOW" ?
EndIf
If ($objItem.PermissionsAllowed & 32) = 32
"-WINSTATION_LOGON" ?
EndIf
If ($objItem.PermissionsAllowed & 64) = 64
"-WINSTATION_RESET" ?
EndIf
If ($objItem.PermissionsAllowed & 128) = 128
"-WINSTATION_MSG" + ?
EndIf
If ($objItem.PermissionsAllowed & 256) = 256
"-WINSTATION_CONNECT" ?
EndIf
If ($objItem.PermissionsAllowed & 512) = 512
"-WINSTATION_DISCONNECT " ?
EndIf
If ($objItem.PermissionsAllowed & 983048) = 983048
"-WINSTATION_VIRTUAL" ?
EndIf
"PermissionsDenied: " + $objItem.PermissionsDenied ?
"SID: " + $objItem.SID ?
"Status: " + $objItem.Status ?
"TerminalName: " + $objItem.TerminalName ?
;"Adding Shadow Permission" ?
;$objItem.ModifyPermissions(4,1)
;? @SERROR
?
Next
Documentation
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
1 registered
(mole)
and 405 anonymous users online.
|
|
|