堆栈内存溢出
  简体   繁体   English

使用 powershell/cmd 设置本地安全策略的用户权限分配

[英]Setting user rights assignment of local security policy using powershell/cmd

 原文  2017-06-06 16:26:55       powershell/ cmd

问题描述

I want to edit security settings of user rights assignment of local security policy using powershell or cmd.我想使用 powershell 或 cmd 编辑本地安全策略的用户权限分配的安全设置。

Eg: policy =  "change the system time"
default_security_settings = "local service,Administrators"
i want to remove everything except Administrators

i have tried ntrights command, but seems like not working Any command will be appreciated我已经尝试过 ntrights 命令,但似乎不起作用任何命令将不胜感激

2 个解决方案

解决方案1
 2 已采纳  2017-06-06 17:08:58

Here is something i just wrote.这是我刚刚写的东西。 You can make it more dynamic你可以让它更有活力

function Replace-SecurityTest([string[]]$Usernames,[string]$SecuritySetting, $SaveFile = "C:\Configuration.cfg"){
    function Get-SID($USER){
        $objUser = New-Object System.Security.Principal.NTAccount("$USER")
        $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
        $strSID.Value
    }
    secedit /export /cfg $SaveFile
    $reader = [System.IO.File]::OpenText($SaveFile)
    while($null -ne ($line = $reader.ReadLine())) {
        if ($Line -like "*$SecuritySetting*"){
            $reader.Close()
            $line2 = $line.Remove($line.IndexOf("="))
            $line2 += "= "
            foreach($user in $Usernames){
                $line2 += "*$(Get-SID -USER "$user"), "
            }
            $line2 = $line2.Remove($line2.LastIndexOf(", "))
            (gc $SaveFile).replace("$Line", "$Line2") | Out-File $SaveFile
            secedit /configure /db c:\windows\security\local.sdb /cfg $SaveFile /areas SECURITYPOLICY
            rm -force $SaveFile -confirm:$false
            break
        }
    }

}

Replace-SecurityTest -Usernames "Administrators" -SecuritySetting "SeSystemtimePrivilege" -SaveFile "C:\Config22.cfg"

解决方案2
 0  2019-02-07 21:31:31

$account = "accountName"
$userRight = "SeServiceLogonRight*"

$code = (Start-Process secedit -ArgumentList "/export /areas USER_RIGHTS /cfg c:\policies.inf" -Wait -PassThru).ExitCode
if ($code -eq 0)
    {
        Write-Output "security template exported successfully exit code $code"
    }
else
    {
        Write-Output "security template export failed exit code $code"
    }

$sid = ((Get-LocalUser $account).SID).Value

$policy = Get-Content C:\policies.inf
$newpol = @()
foreach ($line in $policy)
    {
        if ($line -like $userRight)
            {
                $line = $line + ",*$sid"
            }

        $newpol += $line
    }

$newpol | Out-File C:\policies.inf -Force

$code = (Start-Process secedit -ArgumentList "/configure /db secedit.sdb /cfg C:\policies.inf /areas USER_RIGHTS /log C:\policies.log" -Wait -PassThru).ExitCode
if ($code -eq 0)
    {
        Write-Output "exit code $code"
    }
else
    {
        Write-Output "exit code $code"
    }

Remove-Item -Path c:\policies.inf -Force

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Powershell:导出用户权限分配 - Powershell: Export User Rights Assignment 使用 Powershell 修改本地安全策略 - Modify Local Security Policy using Powershell SecEdit 用 powershell 加载本地安全权限 - SecEdit with powershell to load local security rights 使用Powershell设置NTFS权限 - Setting NTFS Rights using powershell 使用 powershell 获取“审计策略”安全设置值 - Using powershell to get the "Audit Policy" security setting value 使用 powershell 分配 Azure 策略? - Azure policy assignment using powershell? 通过批处理文件设置PowerShell的执行策略权限 - Setting execution policy rights to PowerShell through a batch file 修改本地安全策略(注册表/ powershell /其他) - Modify Local Security Policy (registry/powershell/other) 有没有办法在PowerShell的本地服务器上检查管理权限的任意安全主体? - Is there a way to check an arbitrary security principal for Administrative rights on a local serverwith PowerShell? 如何通过powershell给本地用户账号分配用户权限? - How to assign user rights to a local user account through powershell?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM