psprivilege

0.1.0

PSPrivilege.psm1

                                # Copyright: (c) 2018, Jordan Borean (@jborean93) <jborean93@gmail.com>

# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments", "", Justification="psprivilege_* vars are used in the cmdlets after loading")]

param()

# get public and private function definition files.

$public  = @( Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -ErrorAction SilentlyContinue )

$private = @( Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -ErrorAction SilentlyContinue )

# dot source the files

foreach ($import in @($public + $private)) {

    try {

        . $import.FullName

    } catch {

        Write-Error -Message "Failed to import function $($import.FullName): $_"

    }

}

Import-PInvokeUtil

# TODO: find some way to enumerate these with an API call instead of hardcoding

# https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants

$psprivilege_privileges = @(

    "SeAssignPrimaryTokenPrivilege",

    "SeAuditPrivilege",

    "SeBackupPrivilege",

    "SeChangeNotifyPrivilege",

    "SeCreateGlobalPrivilege",

    "SeCreatePagefilePrivilege",

    "SeCreatePermanentPrivilege",

    "SeCreateSymbolicLinkPrivilege",

    "SeCreateTokenPrivilege",

    "SeDebugPrivilege",

    "SeEnableDelegationPrivilege",

    "SeImpersonatePrivilege",

    "SeIncreaseBasePriorityPrivilege",

    "SeIncreaseQuotaPrivilege",

    "SeIncreaseWorkingSetPrivilege",

    "SeLoadDriverPrivilege",

    "SeLockMemoryPrivilege",

    "SeMachineAccountPrivilege",

    "SeManageVolumePrivilege",

    "SeProfileSingleProcessPrivilege",

    "SeRelabelPrivilege",

    "SeRemoteShutdownPrivilege",

    "SeRestorePrivilege",

    "SeSecurityPrivilege",

    "SeShutdownPrivilege",

    "SeSyncAgentPrivilege",

    "SeSystemEnvironmentPrivilege",

    "SeSystemProfilePrivilege",

    "SeSystemtimePrivilege",

    "SeTakeOwnershipPrivilege",

    "SeTcbPrivilege",

    "SeTrustedCredManAccessPrivilege",

    "SeTrustedCredManAccessPrivilege",

    "SeUndockPrivilege"

)

# TODO: find a way to get the description from internal API

# https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/account-rights-constants

$psprivilege_rights = @{

    SeBatchLogonRight = "Log on as a batch job"

    SeDenyBatchLogonRight = "Deny log on as a batch job"

    SeDenyInteractiveLogonRight = "Deny log on locally"

    SeDenyNetworkLogonRight = "Deny access to this computer from the network"

    SeDenyRemoteInteractiveLogonRight = "Deny log on through Remote Desktop Services"

    SeDenyServiceLogonRight = "Deny log on as a service"

    SeInteractiveLogonRight = "Allow log on locally"

    SeNetworkLogonRight = "Access this computer from the network"

    SeRemoteInteractiveLogonRight = "Allow log on through Remote Desktop Services"

    SeServiceLogonRight = "Log on as a service"

}

Export-ModuleMember -Function $public.Basename