wmi 设置安全描述符
wmi SetSecurityDescriptor
尝试通过wmi 和sddl 授予对systemroot 的访问权限,但出现参数无效的错误。
这是我的功能:
function GrantSysRoot
{
Param (
[string]$strcomputer
)
$sec = Get-WmiObject -Class Win32_LogicalFileSecuritySetting -Filter "Path='C:\Windows'" -ComputerName $strcomputer
$converter = New-Object System.Management.ManagementClass Win32_SecurityDescriptorHelper
$sddl = $converter.Win32SDToSDDL($sec.GetSecurityDescriptor().Descriptor)
$newSDDL = $sddl.SDDL += "(" + $SRSDDL + ")"
$Win32descriptor = $converter.SDDLToWin32SD($newSDDL)
$result = $sec.SetSecurityDescriptor($Win32descriptor)
if ($result.ReturnValue -eq 0) {
LogWrite "Success SystemRoot setting rights"
}
else {
LogWrite "An error occured with SystemRoot rights settings"
}
}
SetSecurityDescriptor 方法返回无效参数错误。有什么想法吗?
我认为你打错了一个小错字。在您的代码中,我看不到用 $SRSDDL 定义的任何内容,但您正在附加数据并存储在 $newSDDL 中。能否请您重新验证一下。
function GrantSysRoot
{
Param (
[string]$strcomputer
)
$sec = Get-WmiObject -Class Win32_LogicalFileSecuritySetting -Filter "Path='C:\Windows'" -ComputerName $strcomputer
$converter = new-object system.management.ManagementClass Win32_SecurityDescriptorHelper
$sddl = $converter.Win32SDToSDDL($sec.GetSecurityDescriptor().Descriptor)
$newSDDL = $sddl.SDDL += "(" + $SDDL + ")"
$Win32descriptor = $converter.SDDLToWin32SD($newSDDL)
$result = $sec.SetSecurityDescriptor($Win32descriptor)
if ($result.ReturnValue -eq 0){LogWrite "Success SystemRoot setting rights"
} else {LogWrite "An error occured with SystemRoot rights settings"}
解决了,我们要用属性"descriptor"
$result = $sec.SetSecurityDescriptor($Win32descriptor.Descriptor)
尝试通过wmi 和sddl 授予对systemroot 的访问权限,但出现参数无效的错误。 这是我的功能:
function GrantSysRoot
{
Param (
[string]$strcomputer
)
$sec = Get-WmiObject -Class Win32_LogicalFileSecuritySetting -Filter "Path='C:\Windows'" -ComputerName $strcomputer
$converter = New-Object System.Management.ManagementClass Win32_SecurityDescriptorHelper
$sddl = $converter.Win32SDToSDDL($sec.GetSecurityDescriptor().Descriptor)
$newSDDL = $sddl.SDDL += "(" + $SRSDDL + ")"
$Win32descriptor = $converter.SDDLToWin32SD($newSDDL)
$result = $sec.SetSecurityDescriptor($Win32descriptor)
if ($result.ReturnValue -eq 0) {
LogWrite "Success SystemRoot setting rights"
}
else {
LogWrite "An error occured with SystemRoot rights settings"
}
}
SetSecurityDescriptor 方法返回无效参数错误。有什么想法吗?
我认为你打错了一个小错字。在您的代码中,我看不到用 $SRSDDL 定义的任何内容,但您正在附加数据并存储在 $newSDDL 中。能否请您重新验证一下。
function GrantSysRoot
{
Param (
[string]$strcomputer
)
$sec = Get-WmiObject -Class Win32_LogicalFileSecuritySetting -Filter "Path='C:\Windows'" -ComputerName $strcomputer
$converter = new-object system.management.ManagementClass Win32_SecurityDescriptorHelper
$sddl = $converter.Win32SDToSDDL($sec.GetSecurityDescriptor().Descriptor)
$newSDDL = $sddl.SDDL += "(" + $SDDL + ")"
$Win32descriptor = $converter.SDDLToWin32SD($newSDDL)
$result = $sec.SetSecurityDescriptor($Win32descriptor)
if ($result.ReturnValue -eq 0){LogWrite "Success SystemRoot setting rights"
} else {LogWrite "An error occured with SystemRoot rights settings"}
解决了,我们要用属性"descriptor"
$result = $sec.SetSecurityDescriptor($Win32descriptor.Descriptor)