Powershell/Private/SecurityPolicy/Backup-SecPol.ps1
|
function Backup-SecPol { [CmdletBinding()] [OutputType([System.String])] param() process { $timestamp = Get-Date -Format "yyyyMMdd_HHmmss" $tempDir = "$(Get-WindowsDrive)\Windows\Temp" $exportInf = Join-Path $tempDir "jcAdmu_secedit_export_$timestamp.inf" Write-ToLog -Message "Exporting security policy to $exportInf" -Level Verbose -Step "Backup-SecPol" $seceditOutput = & secedit /export /cfg "$exportInf" 2>&1 if (($LASTEXITCODE -ne 0) -or (-not (Test-Path $exportInf))) { $outputText = ($seceditOutput | Out-String).Trim() Write-ToLog -Message "secedit /export failed (exit code $LASTEXITCODE). $outputText`nCommon cause: the session is not elevated (reading the user-rights policy requires an Administrator session)." -Level Error -Step "Backup-SecPol" return $null } Write-ToLog -Message "Security policy exported to $exportInf" -Level Verbose -Step "Backup-SecPol" return $exportInf } } |