我正在尝试使用以下命令导出用户权限分配:secedit /export /areas USER_RIGHTS /cfg d:\privs.txt然后使用Powershell,我尝试将SID转换为名称。这是我的代码:
$output=@()
$temp = "c:\"
$file = "$temp\privs.txt"
[string] $readableNames
$process = [diagnostics.process]::Start("secedit.exe", "/export /cfg $file /areas USER_RIGHTS")
$process.WaitForExit()
$in = get-content $file
foreach ($line in $in) {
if ($line.StartsWith("Se")) {
$privilege = $line.substring(0,$line.IndexOf("=") - 1)
switch ($privilege){
"SeCreateTokenPrivilege " {$privilege = "Create a token object"}
"SeAssignPrimaryTokenPrivilege" {$privilege = "Replace a process-level token"}
"SeLockMemoryPrivilege" {$privilege = "Lock pages in memory"}
"SeIncreaseQuotaPrivilege" {$privilege = "Adjust memory quotas for a process"}
"SeUnsolicitedInputPrivilege" {$privilege = "Load and unload device drivers"}
"SeMachineAccountPrivilege" {$privilege = "Add workstations to domain"}
"SeTcbPrivilege" {$privilege = "Act as part of the operating system"}
"SeSecurityPrivilege" {$privilege = "Manage auditing and the security log"}
"SeTakeOwnershipPrivilege" {$privilege = "Take ownership of files or other objects"}
"SeLoadDriverPrivilege" {$privilege = "Load and unload device drivers"}
"SeSystemProfilePrivilege" {$privilege = "Profile system performance"}
"SeSystemtimePrivilege" {$privilege = "Change the system time"}
"SeProfileSingleProcessPrivilege" {$privilege = "Profile single process"}
"SeCreatePagefilePrivilege" {$privilege = "Create a pagefile"}
"SeCreatePermanentPrivilege" {$privilege = "Create permanent shared objects"}
"SeBackupPrivilege" {$privilege = "Back up files and directories"}
"SeRestorePrivilege" {$privilege = "Restore files and directories"}
"SeShutdownPrivilege" {$privilege = "Shut down the system"}
"SeDebugPrivilege" {$privilege = "Debug programs"}
"SeAuditPrivilege" {$privilege = "Generate security audit"}
"SeSystemEnvironmentPrivilege" {$privilege = "Modify firmware environment values"}
"SeChangeNotifyPrivilege" {$privilege = "Bypass traverse checking"}
"SeRemoteShutdownPrivilege" {$privilege = "Force shutdown from a remote system"}
"SeUndockPrivilege" {$privilege = "Remove computer from docking station"}
"SeSyncAgentPrivilege" {$privilege = "Synchronize directory service data"}
"SeEnableDelegationPrivilege" {$privilege = "Enable computer and user accounts to be trusted for delegation"}
"SeManageVolumePrivilege" {$privilege = "Manage the files on a volume"}
"SeImpersonatePrivilege" {$privilege = "Impersonate a client after authentication"}
"SeCreateGlobalPrivilege" {$privilege = "Create global objects"}
"SeTrustedCredManAccessPrivilege" {$privilege = "Access Credential Manager as a trusted caller"}
"SeRelabelPrivilege" {$privilege = "Modify an object label"}
"SeIncreaseWorkingSetPrivilege" {$privilege = "Increase a process working set"}
"SeTimeZonePrivilege" {$privilege = "Change the time zone"}
"SeCreateSymbolicLinkPrivilege" {$privilege = "Create symbolic links"}
"SeDenyInteractiveLogonRight" {$privilege = "Deny local logon"}
"SeRemoteInteractiveLogonRight" {$privilege = "Allow logon through Terminal Services"}
"SeServiceLogonRight" {$privilege = "Logon as a service"}
"SeIncreaseBasePriorityPrivilege" {$privilege = "Increase scheduling priority"}
"SeBatchLogonRight" {$privilege = "Log on as a batch job"}
"SeInteractiveLogonRight" {$privilege = "Log on locally"}
"SeDenyNetworkLogonRight" {$privilege = "Deny Access to this computer from the network"}
"SeNetworkLogonRight" {$privilege = "Access this Computer from the Network"}
"SeDenyBatchLogonRight" {$privilege = "Deny log on as a batch job"}
"SeDenyServiceLogonRight" {$privilege = "Deny log on as a service"}
"SeDenyRemoteInteractiveLogonRight" {$privilege = "Deny log on through Remote Desktop Services"}
}
$sids = $line.substring($line.IndexOf("=") + 1,$line.Length - ($line.IndexOf("=") + 1))
$sids = $sids.Trim() -split ","
$readableNames = ""
foreach ($str in $sids){
if($str.StartsWith("*"))
{
$str = $str.substring(1)
$str
$sid = new-object System.Security.Principal.SecurityIdentifier($str)
$readableName = $sid.Translate([System.Security.Principal.NTAccount])
$readableNames = $readableNames + $readableName.Value + ", "
}
else
{
$readableNames = $readableNames + $str + ", "
}
}
$output += New-Object PSObject -Property @{
privilege = $privilege
readableNames = $readableNames.substring(0,($readableNames.Length - 1))
#else = $line."property"
}
}
}
$output
所以我的问题是我收到错误
exception calling translate with 1 argument some or all identity referances could not be translated$str输出显示出,当将S-1-5-21-1042109134-4285797005-3901271436-1004之类的SID授予S-1-5-21-1042109134-4285797005-3901271436-1006时,导致错误的功能。我不明白为什么这些小岛屿发展中国家会导致错误。一点点搜索就告诉我,第三个数字(例如,在21号以上的SID中)代表域身份。但是在输出中,我得到了SIDS,它们的第三个数字不同。例如,有:
S-1-5-21-1042109134-4285797005-3901271436-1007$sid.Translate([System.Security.Principal.NTAccount])我不明白为什么这些数字会有所不同,因为我不属于任何 Realm 。如果有人解释会很好。非常感谢你。P.S
我试过了
S-1-5-20,它将生成用户的每个名称及其对应的SID,并且在输出中没有S-1-5-19 wmic useraccount get name,sid S-1-5-21-1042109134-4285797005-3901271436-1004但是它们来自哪里? 最佳答案
S-1-5-21是用于本地和域用户的前缀。这是SID的下一部分,它确定它属于哪个域,并且计算机具有自己的域标识符。如果您的SID无法在您的用户权限分配中进行翻译,则说明该用户或组已被删除(孤立的SID)。重现步骤:
S-1-5-20(网络服务)和S-1-5-19(本地服务)是Windows中特殊内置帐户的众所周知的SID。使用
try {} catch {}处理孤立SID中的异常。try {
$readableName = $sid.Translate([System.Security.Principal.NTAccount])
$readableName
} catch {
Write-Host "Could not find SID"
}
关于windows - Powershell:某些SID无法翻译,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/35377735/