59 lines
1.7 KiB
PowerShell
59 lines
1.7 KiB
PowerShell
|
function Grant-UserLocalSecurityPolicyRights {
|
|||
|
<#
|
|||
|
.SYNOPSIS
|
|||
|
Grants a User the Specified Right in the Local Security Policy
|
|||
|
#>
|
|||
|
|
|||
|
[CmdletBinding()]
|
|||
|
param(
|
|||
|
[Parameter(Mandatory = $true)]
|
|||
|
[string]$userName,
|
|||
|
|
|||
|
[Parameter(Mandatory = $true)]
|
|||
|
[string]$policyName
|
|||
|
)
|
|||
|
|
|||
|
$logLead = (Get-LogLeadName);
|
|||
|
$userSid = Get-SidFromUsername $username
|
|||
|
|
|||
|
if ([String]::IsNullOrEmpty($userSid)) {
|
|||
|
Write-Warning ("$logLead : Could not find the SID for username {0}" -f $userName)
|
|||
|
return
|
|||
|
}
|
|||
|
|
|||
|
Write-Verbose ("$logLead : SID for Supplied Username is {0}" -f $userSid)
|
|||
|
|
|||
|
Write-Output ("$logLead : Getting current security policy setting for policy {0}" -f $policyName)
|
|||
|
$currentValue = Get-SecurityPolicySetting $policyName
|
|||
|
|
|||
|
if ($currentValue -like "*$($userSid)*") {
|
|||
|
Write-Output ("$logLead : The specified user {0} already has the right {1} on this machine" -f $userName, $policyName)
|
|||
|
return
|
|||
|
}
|
|||
|
|
|||
|
if ([String]::IsNullOrEmpty($currentValue)) {
|
|||
|
Write-Warning ("$logLead : Could not parse the current {0} value. Breaking function to avoid breaking system." -f $policyName)
|
|||
|
return
|
|||
|
}
|
|||
|
|
|||
|
$newSetting = ("{0},*{1}" -f $currentValue, $userSid)
|
|||
|
|
|||
|
$newSecurityContent = @"
|
|||
|
[Unicode]
|
|||
|
Unicode=yes
|
|||
|
[Version]
|
|||
|
signature="`$CHICAGO`$"
|
|||
|
Revision=1
|
|||
|
[Privilege Rights]
|
|||
|
$($policyName) = $($newSetting)
|
|||
|
"@
|
|||
|
|
|||
|
$importFile = [System.IO.Path]::GetTempFileName()
|
|||
|
Write-Verbose ("$logLead : Saving modified security file to {0}" -f $importFile)
|
|||
|
$newSecurityContent | Set-Content -Path $importFile -Encoding Unicode -Force
|
|||
|
|
|||
|
Write-Output ("$logLead : Importing Modified Security Policy")
|
|||
|
secedit.exe /configure /db "secedit.sdb" /cfg "$($importFile)" /areas USER_RIGHTS
|
|||
|
}
|
|||
|
|