Scripts/Enable-Privilege.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
Function Enable-Privilege {
    <#
        .SYNOPSIS
            Enables specific privilege or privileges on the current process.

        .DESCRIPTION
            Enables specific privilege or privileges on the current process.
        
        .PARAMETER Privilege
            Specific privilege/s to enable on the current process
        
        .NOTES
            Name: Enable-Privilege
            Author: Boe Prox
            Version History:
                1.0 - Initial Version

        .EXAMPLE
        Enable-Privilege -Privilege SeBackupPrivilege

        Description
        -----------
        Enables the SeBackupPrivilege on the existing process

        .EXAMPLE
        Enable-Privilege -Privilege SeBackupPrivilege, SeRestorePrivilege, SeTakeOwnershipPrivilege

        Description
        -----------
        Enables the SeBackupPrivilege, SeRestorePrivilege and SeTakeOwnershipPrivilege on the existing process
        
    #>

    [cmdletbinding(
        SupportsShouldProcess = $True
    )]
    Param (
        [parameter(Mandatory = $True)]
        [Privileges[]]$Privilege
    )    
    If ($PSCmdlet.ShouldProcess("Process ID: $PID", "Enable Privilege(s): $($Privilege -join ', ')")) {
        #region Constants
        $SE_PRIVILEGE_ENABLED = 0x00000002
        $SE_PRIVILEGE_DISABLED = 0x00000000
        $TOKEN_QUERY = 0x00000008
        $TOKEN_ADJUST_PRIVILEGES = 0x00000020
        #endregion Constants

        $TokenPriv = New-Object TokPriv1Luid
        $HandleToken = [intptr]::Zero
        $TokenPriv.Count = 1
        $TokenPriv.Attr = $SE_PRIVILEGE_ENABLED
    
        #Open the process token
        $Return = [PoshPrivilege]::OpenProcessToken(
            [PoshPrivilege]::GetCurrentProcess(),
            ($TOKEN_QUERY -BOR $TOKEN_ADJUST_PRIVILEGES), 
            [ref]$HandleToken
        )    
        If (-NOT $Return) {
            Write-Warning "Unable to open process token! Aborting!"
            Break
        }
        ForEach ($Priv in $Privilege) {
            $PrivValue = $Null
            $TokenPriv.Luid = 0
            #Lookup privilege value
            $Return = [PoshPrivilege]::LookupPrivilegeValue($Null, $Priv, [ref]$PrivValue)             
            If ($Return) {
                $TokenPriv.Luid = $PrivValue
                #Adjust the process privilege value
                $return = [PoshPrivilege]::AdjustTokenPrivileges(
                    $HandleToken, 
                    $False, 
                    [ref]$TokenPriv, 
                    [System.Runtime.InteropServices.Marshal]::SizeOf($TokenPriv), 
                    [IntPtr]::Zero, 
                    [IntPtr]::Zero
                )
                If (-NOT $Return) {
                    Write-Warning "Unable to enable privilege <$priv>! "
                }
            }
        }
    }
}