EndpointCloudkit

0.0.7.0

Public/Get-ECKExecutionContext.ps1

                                Function Get-ECKExecutionContext

    {

        # Version 1.2 - 14/02/2022 - added back KeyRoot

        # Version 1.3 - 15/02/2020 - added a try/Catch

        [CmdletBinding()]

        [Alias('Get-ExecutionContext')]

        Param

            (

                [Parameter(Mandatory = $false)]

                [String]$LogPath

            )

            Try

                {

                    Do

                        {

                            # Get current logged on user. In some cases, WMI is not ready at first call, so we added some retries

                            $CurrentUser = (Get-CimInstance -ClassName Win32_ComputerSystem -ErrorAction SilentlyContinue|Select-Object -ExpandProperty UserName)

                            If ($null -eq $CurrentUser) {Start-Sleep -Seconds 5 ; $Counter +=1}

                        }

                    Until ($null -ne $CurrentUser -or $Counter -eq 5)

                    If ($null -eq $CurrentUser) {$CurrentUser = ((((query user) -replace '\s{20,39}', ',,') -replace '\s{2,}', ',') -replace '>','' | ConvertFrom-Csv).UserName}

                    If ($null -eq $CurrentUser)

                        {

                            $CurrentUser = "#NotAvailable#"

                            $CurrentUserID = "#NotAvailable#"

                            $CurrentUserProfile = "#NotAvailable#"

                        }

                    else

                        {

                            $CurrentUserID = (New-Object System.Security.Principal.NTAccount($CurrentUser)).Translate([System.Security.Principal.SecurityIdentifier]).Value

                            $CurrentUserProfile = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'|Where-Object {$PSItem.pschildname -eq $CurrentUserID}|Get-ItemPropertyValue -Name PRofileImagePath

                        }

                }

            Catch

                {

                    $CurrentUser = "#NotAvailable#"

                    $CurrentUserID = "#NotAvailable#"

                    $CurrentUserProfile = "#NotAvailable#"

                }

        If ($LogPath ){Write-ECKLog "Logged on user is: $CurrentUser" -Path $LogPath}

        If ($LogPath ){Write-ECKLog "User profile is: $CurrentUserProfile" -Path $LogPath}

        if (-NOT ([Security.Principal.WindowsIdentity]::GetCurrent().Groups -contains 'S-1-5-32-544')) {$IsAdmin = $False} else {$IsAdmin = $True}

        If ($LogPath){Write-ECKLog "User $CurrentUser is Admin: $IsAdmin" -Path $LogPath}

        If ($env:USERPROFILE -eq "C:\Windows\System32\Config\systemprofile") {$RunAsSystem = $True} else {$RunAsSystem = $False}

        If ($LogPath){Write-ECKLog "Currently running in System context: $RunAsSystem" -Path $LogPath}

        IF ($IsAdmin -eq $true -or $RunAsSystem -eq $true) {$KeyRoot = "HKLM:"} Else {$KeyRoot = "HKCU:"}

        If ($LogPath){Write-ECKLog "Allowed Registry key : $KeyRoot" -Path $LogPath}

        [PSCustomObject]@{ User = $CurrentUser ; UserID = $CurrentUserID ; UserProfile = $CurrentUserProfile ; UserIsAdmin = $IsAdmin ; RunAsSystem = $RunAsSystem ; KeyRoot = $KeyRoot }

    }