Created
January 28, 2013 16:55
-
-
Save nmische/4657161 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script allows Powershell Session Users to access services remotely | |
| # Get Powershell Session Users SID | |
| $objUser = New-Object System.Security.Principal.NTAccount("Powershell Session Users") | |
| $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) | |
| # Get Current ACL for scmanager | |
| $strOldACL = sc.exe sdshow scmanager | Out-String | |
| # Find the ACL for interactive users | |
| $strOldACL -cmatch "\(A;;\w*;;;IU\)" | |
| # Build ACL for Powershell Session Users | |
| $strPSUACL = $Matches[0] -creplace "IU", $strSID.Value.ToString().Trim() | |
| # Make sure ACL for Powershell Session Users isn't already set | |
| if ( $strOldACL -match $strPSUACL ) { | |
| # ACL is good | |
| "SDDL for scmanager $strOldACL already contains $strPSUACL" | |
| } else { | |
| # Update the ACL | |
| $strNewACL = $strOldACL -creplace "\(A;;\w*;;;IU\)", ( $Matches[0].ToString().Trim() + $strPSUACL.ToString().Trim() ) | Out-String -Width 500 | |
| "Setting SDDL for scmanager to $strNewACL" | |
| & sc.exe sdset scmanager $strNewACL.ToString().Trim() | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment