wmi SetSecurityDescriptor
wmi SetSecurityDescriptor
提问于 2016-12-19 14:38:46
尝试使用sddl通过wmi授予对systemroot的访问权限,但获得无效参数的错误。这是我的职责:
function GrantSysRoot
{
Param (
[string]$strcomputer
)
$sec = Get-WmiObject -Class Win32_LogicalFileSecuritySetting -Filter "Path='C:\\Windows'" -ComputerName $strcomputer
$converter = New-Object System.Management.ManagementClass Win32_SecurityDescriptorHelper
$sddl = $converter.Win32SDToSDDL($sec.GetSecurityDescriptor().Descriptor)
$newSDDL = $sddl.SDDL += "(" + $SRSDDL + ")"
$Win32descriptor = $converter.SDDLToWin32SD($newSDDL)
$result = $sec.SetSecurityDescriptor($Win32descriptor)
if ($result.ReturnValue -eq 0) {
LogWrite "Success SystemRoot setting rights"
}
else {
LogWrite "An error occured with SystemRoot rights settings"
}
}SetSecurityDescriptor方法返回无效的参数错误。有什么想法吗?
回答 2
Stack Overflow用户
回答已采纳
发布于 2016-12-20 07:48:14
解决后,我们必须使用属性“描述符”。
$result = $sec.SetSecurityDescriptor($Win32descriptor.Descriptor)Stack Overflow用户
发布于 2016-12-19 15:41:18
我觉得你做了个小错误。在您的代码中,我无法看到用$SRSDDL定义的任何内容,但是您正在追加数据并以$newSDDL存储。你能再确认一下吗。
function GrantSysRoot
{
Param (
[string]$strcomputer
)
$sec = Get-WmiObject -Class Win32_LogicalFileSecuritySetting -Filter "Path='C:\\Windows'" -ComputerName $strcomputer
$converter = new-object system.management.ManagementClass Win32_SecurityDescriptorHelper
$sddl = $converter.Win32SDToSDDL($sec.GetSecurityDescriptor().Descriptor)
$newSDDL = $sddl.SDDL += "(" + $SDDL + ")"
$Win32descriptor = $converter.SDDLToWin32SD($newSDDL)
$result = $sec.SetSecurityDescriptor($Win32descriptor)
if ($result.ReturnValue -eq 0){LogWrite "Success SystemRoot setting rights"
} else {LogWrite "An error occured with SystemRoot rights settings"}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/41224963
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号