CONTACT US

Dark mode

Dark mode

Dark mode

There are 0 results matching

article card image dark article card image light

Published by · Jun 25, 2024 tools · 2 mins read

Introducing: macOS JAMF Offboarding Tool

Offboarding macOS Devices from JAMF in Bulk using the JAMF API with a bash script ...

See More
article card image dark article card image light

Published by · Jun 25, 2024 tools · 2 mins read

Introducing: Microsoft Cloud License Automation Tool - Part 1

Automating Microsoft Cloud License Assignment and Reporting with PowerShell and Slack for Enterprise Mobility and Security E3 ...

See More
article card image dark article card image light

Published by · Jun 18, 2024 tools · 2 mins read

Introducing: Configuration Manager Set Implicit Uninstall Flag Tool

Setting Configuration Manager ConfigMgr Implicit Uninstall Flag with PowerShell for Required Application Deployments ...

See More
article card image dark article card image light

Published by · Jun 11, 2024 configmgr · 2 mins read

Configuration Manager Next Maintenance Window SQL Function

Get Next Configuration Manager Maintenance Window from a Schedule Token with Offset Days using an SQL Function. ...

See More
article card image dark article card image light

Published by · Jun 3, 2024 tools · 2 mins read

Introducing: Windows User Rights Assignment Tool - Part 3

Add, Remove, or Replace Windows Rights Assignment with our PowerShell Tool. ...

See More
article card image dark article card image light

Published by · May 28, 2024 tools · 2 mins read

Introducing: Windows User Rights Assignment Tool - Part 2

Get and Report Windows Rights Assignment with our PowerShell Tool. ...

See More
article card image dark article card image light

Published by · May 22, 2024 tools · 1 mins read

Introducing: Windows User Rights Assignment Tool - Part 1

Get Windows Rights Assignment with our PowerShell Tool. ...

See More
article card image dark article card image light

Published by · Apr 11, 2024 tools · 2 mins read

Introducing: Intune Linux Onboarding Tool

Onboard Ubuntu Linux devices to Microsoft Intune using a bash script. Installs prerequisites and starts the user-driven enrollment. ...

See More
article card image dark article card image light

Published by · Apr 11, 2024 tools · 2 mins read

Introducing: Intune macOS Onboarding Tool

Onboard macOS devices to Microsoft Intune using a bash script that initiates the process. Optionally, the script converts mobile accounts, resets the FileVault key, and removes ...

See More
article card image dark article card image light

Published by · Jan 23, 2024 tools · 3 mins read

Introducing: Intune Device Renaming Tool

Rename Intune Devices by setting a Prefix or using a User Attribute as Prefix. Supports Windows, macOS, and Linux ...

See More
article card image dark article card image light

Published by · Dec 8, 2023 intune · 5 mins read

Intune Logs: A Deep Dive into Locations, Interpretation, and Configuration

A Comprehensive Guide to Locations, Interpretation, and Configuration of Intune Logs ...

See More
article card image dark article card image light

Published by · Aug 14, 2023 configmgr · 2 mins read

Configuration Manager Console Extension to show Device Collection Membership with Console Builder

Use the Configuration Manager Console Builder, to add Collection Membership View to the Device Node ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 3 mins read

Introducing: Configuration Manager SSRS Dashboards

A Configuration Manager Dashboards solution with Reports for Software Updates, Bitlocker and more ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 2 mins read

Introducing: PowerShell WMI Management Toolkit Module

Streamline your WMI Namespace, Class, and Instance Management with our PowerShell Module ...

See More
article card image dark article card image light

Published by · Jul 14, 2023 configmgr · 1 mins read

Configuration Manager detailed, filterable Port Documentation

Configuration Manager detailed, filterable port documentation as an excel document ...

See More
article card image dark article card image light

Published by · Jul 14, 2023 configmgr · 3 mins read

Configuration Manager PXE TFTP Window Size Bug

Configuration Manager TFTP Block Size and TFTP Window Size Correct Configuration ...

See More
article card image dark article card image light

Published by · Jun 18, 2023 tools · 4 mins read

Introducing: Configuration Manager Client Cache Cleanup Tool

Cleaning the Configuration Manager Client Cache the Right Way with PowerShell and Configuration Baselines ...

See More
article card image dark article card image light

Published by · Jun 18, 2023 tools · 2 mins read

Introducing: Windows Cache Cleanup Tool

Cleaning Windows and Configuration Manager Caches for Configuration Manager Build and Capture Task Sequence or Standalone Use ...

See More
article card image dark article card image light

Published by · Jun 17, 2023 tools · 1 mins read

Introducing: Windows Update Database Reinitialization Tool

Proactively repair corrupted Windows Update Database with Powershell and Configuration Manager ...

See More
article card image dark article card image light

Published by · Mar 31, 2023 tools · 3 mins read

Introducing: Configuration Manager SQL Products Reporting

A Complete SQL Products reporting solution using Configuration Manager ...

See More
article card image dark article card image light

Published by · Jan 28, 2023 configmgr · 1 mins read

Application Detection Method using the Configuration Manager Application Version

Replace hardcoded application version in scripts, with the Configuration Manager Application Version ...

See More
article card image dark article card image light

Published by · Jan 28, 2023 tools · 3 mins read

Introducing: Certificate Management Toolkit

Managing Certificates with Configuration Manager and PowerShell by using just the Public Key ...

See More
article card image dark article card image light

Published by · Jan 7, 2019 reports · 2 mins read

Configuration Manager Device Boundary and Network Information Report

List Device Boundaries and Network Information with Configuration Manager ...

See More
article card image dark article card image light

Published by · Sep 9, 1980 help · 5 mins read

MEM.Zone Blog Publishing Documentation

Publishing Documentation for MEM.Zone ...

See More

We couldn’t find anything related to

“SCCM”

BLOG / tools zone

Introducing: Windows User Rights Assignment Tool - Part 1

Published by Popovici Ioan · May 22, 2024 · 1 mins read
article card image dark article card image light

Quick Summary

Managing User Rights Assignment is not always straight forward especially with Intune. To address this issue we have created a PowerShell tool to help you manage User Rights Assignment on Windows devices. This will be a three part series where we will cover getting, setting and writing User Rights Assignment to WMI for easy reporting.

Part 1 covers getting the User Rights Assignments.

This tool can be used as a standalone script or integrated into your Configuration Manager or Intune Compliance Baseline or Script.

Table of Contents

Prerequisites

Recommendations

  • Always use a test environment to validate your configuration.

Parameters

Principal

Defines the Principal to get the rights for.

Privilege

Defines the User Right(s) to get the principals for.

Notes

If you use the Principal Name instead of a SID you need to localize your Principal Name with the locale of the OS this script will be running on.

Examples

Principal Name

Get-UserRightsAssignment.ps1 -Principal 'CONTOSO\Group'

Principal SID

Get-UserRightsAssignment.ps1 -Principal '*S-1-5-19'

Privilege Type

Get-UserRightsAssignment.ps1 -Privilege 'SeServiceLogonRight', 'SeRemoteInteractiveLogonRight'

Preview

article card image powershell-set-windows-user-rights-assignment.gif
Get User Rights Assignment

Code

  1<#
  2.SYNOPSIS
  3    Gets user rights assignment.
  4.DESCRIPTION
  5    Gets user rights assignment for a local computer, and performs a compliance check.
  6.PARAMETER Principal
  7    Defines the Principal to get the rights for.
  8    If you use the Principal Name instead of a SID you need to localize your Principal Names with the locale of the OS this script will be running on.
  9    Default is: '*'. Supports wildcards.
 10.PARAMETER Privilege
 11    Defines the User Right(s) to get the principals for.
 12    Valid values are:
 13        SeAssignPrimaryTokenPrivilege
 14        SeAuditPrivilege
 15        SeBackupPrivilege
 16        SeBatchLogonRight
 17        SeChangeNotifyPrivilege
 18        SeCreateGlobalPrivilege
 19        SeCreatePagefilePrivilege
 20        SeCreatePermanentPrivilege
 21        SeCreateSymbolicLinkPrivilege
 22        SeCreateTokenPrivilege
 23        SeDebugPrivilege
 24        SeDelegateSessionUserImpersonatePrivilege
 25        SeDenyBatchLogonRight
 26        SeDenyInteractiveLogonRight
 27        SeDenyNetworkLogonRight
 28        SeDenyRemoteInteractiveLogonRight
 29        SeDenyServiceLogonRight
 30        SeEnableDelegationPrivilege
 31        SeImpersonatePrivilege
 32        SeIncreaseBasePriorityPrivilege
 33        SeIncreaseQuotaPrivilege
 34        SeIncreaseWorkingSetPrivilege
 35        SeInteractiveLogonRight
 36        SeLoadDriverPrivilege
 37        SeLockMemoryPrivilege
 38        SeMachineAccountPrivilege
 39        SeManageVolumePrivilege
 40        SeNetworkLogonRight
 41        SeProfileSingleProcessPrivilege
 42        SeRelabelPrivilege
 43        SeRemoteInteractiveLogonRight
 44        SeRemoteShutdownPrivilege
 45        SeRestorePrivilege
 46        SeSecurityPrivilege
 47        SeServiceLogonRight
 48        SeShutdownPrivilege
 49        SeSyncAgentPrivilege
 50        SeSystemEnvironmentPrivilege
 51        SeSystemProfilePrivilege
 52        SeSystemtimePrivilege
 53        SeTakeOwnershipPrivilege
 54        SeTcbPrivilege
 55        SeTimeZonePrivilege
 56        SeTrustedCredManAccessPrivilege
 57        SeUndockPrivilege
 58.EXAMPLE
 59    Get-UserRightsAssignment.ps1
 60.EXAMPLE
 61    Get-UserRightsAssignment.ps1 -Principal 'CONTOSO\Group'
 62.EXAMPLE
 63    Get-UserRightsAssignment.ps1 -Principal '*S-1-5-19'
 64.EXAMPLE
 65    Get-UserRightsAssignment.ps1 -Privilege 'SeServiceLogonRight', 'SeRemoteInteractiveLogonRight'
 66.INPUTS
 67    None.
 68.OUTPUTS
 69    System.Object
 70    System.Exception
 71.NOTES
 72    Created by Ioan Popovici
 73.LINK
 74    https://MEMZ.one/Get-UserRightsAssignment
 75.LINK
 76    https://MEMZ.one/Get-UserRightsAssignment-CHANGELOG
 77.LINK
 78    https://MEMZ.one/Get-UserRightsAssignment-GIT
 79.LINK
 80    https://MEM.Zone/ISSUES
 81.COMPONENT
 82    User Rights Assignment
 83.FUNCTIONALITY
 84    Gets User Rights Assigment.
 85#>
 86
 87[CmdletBinding(DefaultParameterSetName = 'Principal')]
 88Param (
 89    [Parameter(Mandatory = $false, ParameterSetName = 'Principal', Position = 0)]
 90    [SupportsWildcards()]
 91    [ValidateNotNullorEmpty()]
 92    [Alias('PrincipalName')]
 93    [string]$Principal = '*',
 94    [Parameter(Mandatory = $true, ParameterSetName = 'Privileges', Position = 1)]
 95    [ValidateSet('SeAssignPrimaryTokenPrivilege', 'SeAuditPrivilege', 'SeBackupPrivilege', 'SeBatchLogonRight', 'SeChangeNotifyPrivilege',
 96        'SeCreateGlobalPrivilege', 'SeCreatePagefilePrivilege', 'SeCreatePermanentPrivilege', 'SeCreateSymbolicLinkPrivilege', 'SeCreateTokenPrivilege',
 97        'SeDebugPrivilege', 'SeDelegateSessionUserImpersonatePrivilege', 'SeDenyBatchLogonRight', 'SeDenyInteractiveLogonRight', 'SeDenyNetworkLogonRight',
 98        'SeDenyRemoteInteractiveLogonRight', 'SeDenyServiceLogonRight', 'SeEnableDelegationPrivilege', 'SeImpersonatePrivilege', 'SeIncreaseBasePriorityPrivilege',
 99        'SeIncreaseQuotaPrivilege', 'SeIncreaseWorkingSetPrivilege', 'SeInteractiveLogonRight', 'SeLoadDriverPrivilege', 'SeLockMemoryPrivilege', 'SeMachineAccountPrivilege',
100        'SeManageVolumePrivilege', 'SeNetworkLogonRight', 'SeProfileSingleProcessPrivilege', 'SeRelabelPrivilege', 'SeRemoteInteractiveLogonRight', 'SeRemoteShutdownPrivilege',
101        'SeRestorePrivilege', 'SeSecurityPrivilege', 'SeServiceLogonRight', 'SeShutdownPrivilege', 'SeSyncAgentPrivilege', 'SeSystemEnvironmentPrivilege', 'SeSystemProfilePrivilege',
102        'SeSystemtimePrivilege', 'SeTakeOwnershipPrivilege', 'SeTcbPrivilege', 'SeTimeZonePrivilege', 'SeTrustedCredManAccessPrivilege', 'SeUndockPrivilege', IgnoreCase = $true
103    )]
104    [Alias('Rights')]
105    [string[]]$Privilege
106)
107
108##*=============================================
109##* VARIABLE DECLARATION
110##*=============================================
111#region VariableDeclaration
112
113## Get script path and name
114[string]$ScriptPath = [System.IO.Path]::GetDirectoryName($MyInvocation.MyCommand.Definition)
115[string]$ScriptName = [System.IO.Path]::GetFileNameWithoutExtension($MyInvocation.MyCommand.Definition)
116
117#endregion
118##*=============================================
119##* END VARIABLE DECLARATION
120##*=============================================
121
122##*=============================================
123##* FUNCTION LISTINGS
124##*=============================================
125#region FunctionListings
126
127#region Function Resolve-Principal
128Function Resolve-Principal {
129<#
130.SYNOPSIS
131    Resolves a Principal or Principals.
132.DESCRIPTION
133    Resolves a Principal or Principals to SID or Principal Name.
134.PARAMETER Principal
135    Specifies the Principal to resolve.
136.EXAMPLE
137    Resolve-Principal -Principal 'CONTOSO\User'
138.EXAMPLE
139    Resolve-Principal -Principal 'CONTOSO\User', 'CONTOSO\Group', 'BUILTIN\Administrators'
140.EXAMPLE
141    Resolve-Principal -Principal 'S-1-5-21-1234567890-1234567890-1234567890-500'
142.EXAMPLE
143    Resolve-Principal -Principal 'S-1-5-21-1234567890-1234567890-1234567890-500', 'S-1-5-21-1234567890-1234567890-1234567890-501'
144.INPUTS
145    System.Array
146.OUTPUTS
147    System.Object
148    System.Exception
149.NOTES
150    Created by Ioan Popovici
151.LINK
152    https://MEM.Zone
153.LINK
154    https://MEM.Zone/GIT
155.LINK
156    https://MEM.Zone/ISSUES
157.COMPONENT
158    Security Principal
159.FUNCTIONALITY
160    Resolves a Principal or Principals to SID or Principal Name.
161#>
162    [CmdletBinding()]
163    Param (
164        [Parameter(Mandatory = $true, Position = 0)]
165        [ValidateNotNullorEmpty()]
166        [Alias('SecurityPrincipal')]
167        [string[]]$Principal
168    )
169    Begin {
170
171        ## Set SID regex match Pattern
172        [regex]$Pattern = 'S-\d-(?:\d+-){1,14}\d+'
173
174        ## Initialize output object
175        $Output = $null
176    }
177    Process {
178        Try {
179
180            ## Resolve Principal
181            $Output = ForEach ($PrincipalItem in $Principal) {
182                Try {
183                    #  Set Principal type
184                    [string]$SIDMatch = (Select-String -Pattern $Pattern -InputObject $PrincipalItem).Matches.Value
185                    [string]$PrincipalType = If ([string]::IsNullOrEmpty($SIDMatch)) { 'PrincipalName' } Else { 'PrincipalSID' }
186                    #  Resolve Principal
187                    Switch ($PrincipalType) {
188                        'PrincipalName' {
189                            $NTAccountObject = New-Object System.Security.Principal.NTAccount($PrincipalItem)
190                            $NTAccountObject.Translate([System.Security.Principal.SecurityIdentifier]).Value
191                            Break
192                        }
193                        'PrincipalSID' {
194                            $SIDObject = New-Object System.Security.Principal.SecurityIdentifier($PrincipalItem.Replace('*',''))
195                            $SIDObject.Translate([Security.Principal.NTAccount]).Value
196                            Break
197                        }
198                    }
199                }
200                Catch {
201
202                    ## Return custom error. The error handling is done here in order not to break the ForEach loop and allow it to continue.
203                    $Exception     = [Exception]::new($PsItem.Exception.Message)
204                    $ExceptionType = [Management.Automation.ErrorCategory]::ObjectNotFound
205                    $ErrorRecord   = [System.Management.Automation.ErrorRecord]::new($Exception, $PsItem.FullyQualifiedErrorId, $ExceptionType, $PrincipalItem)
206                    $PSCmdlet.WriteError($ErrorRecord)
207                }
208            }
209        }
210        Catch {
211            $PSCmdlet.WriteError($PSItem)
212        }
213        Finally {
214            Write-Output -InputObject $Output
215        }
216    }
217}
218#endregion
219
220#region Function Get-UserRightsAssignment
221Function Get-UserRightsAssignment {
222<#
223.SYNOPSIS
224    Gets user rights assignment.
225.DESCRIPTION
226    Gets user rights assignment for a local computer.
227.PARAMETER Principal
228    Defines the Principal to get the rights for.
229    Default is: 'All'.
230.PARAMETER Privilege
231    Defines the User Right(s) to get the principals for.
232    Valid values are:
233        SeAssignPrimaryTokenPrivilege
234        SeAuditPrivilege
235        SeBackupPrivilege
236        SeBatchLogonRight
237        SeChangeNotifyPrivilege
238        SeCreateGlobalPrivilege
239        SeCreatePagefilePrivilege
240        SeCreatePermanentPrivilege
241        SeCreateSymbolicLinkPrivilege
242        SeCreateTokenPrivilege
243        SeDebugPrivilege
244        SeDelegateSessionUserImpersonatePrivilege
245        SeDenyBatchLogonRight
246        SeDenyInteractiveLogonRight
247        SeDenyNetworkLogonRight
248        SeDenyRemoteInteractiveLogonRight
249        SeDenyServiceLogonRight
250        SeEnableDelegationPrivilege
251        SeImpersonatePrivilege
252        SeIncreaseBasePriorityPrivilege
253        SeIncreaseQuotaPrivilege
254        SeIncreaseWorkingSetPrivilege
255        SeInteractiveLogonRight
256        SeLoadDriverPrivilege
257        SeLockMemoryPrivilege
258        SeMachineAccountPrivilege
259        SeManageVolumePrivilege
260        SeNetworkLogonRight
261        SeProfileSingleProcessPrivilege
262        SeRelabelPrivilege
263        SeRemoteInteractiveLogonRight
264        SeRemoteShutdownPrivilege
265        SeRestorePrivilege
266        SeSecurityPrivilege
267        SeServiceLogonRight
268        SeShutdownPrivilege
269        SeSyncAgentPrivilege
270        SeSystemEnvironmentPrivilege
271        SeSystemProfilePrivilege
272        SeSystemtimePrivilege
273        SeTakeOwnershipPrivilege
274        SeTcbPrivilege
275        SeTimeZonePrivilege
276        SeTrustedCredManAccessPrivilege
277        SeUndockPrivilege
278.EXAMPLE
279    Get-UserRightsAssignment
280.EXAMPLE
281    Get-UserRightsAssignment -Principal 'CONTOSO\Group'
282.EXAMPLE
283    Get-UserRightsAssignment -Principal '*S-1-5-19'
284.EXAMPLE
285    Get-UserRightsAssignment -Privilege 'SeServiceLogonRight', 'SeRemoteInteractiveLogonRight'
286.INPUTS
287    None.
288.OUTPUTS
289    System.Object
290    System.Exception
291.NOTES
292    Created by Ioan Popovici
293.LINK
294    https://MEM.Zone
295.LINK
296    https://MEM.Zone/GIT
297.LINK
298    https://MEM.Zone/ISSUES
299.COMPONENT
300    User Rights Assignment
301.FUNCTIONALITY
302    Gets User Rights Assignment.
303#>
304    [CmdletBinding(DefaultParameterSetName = 'Principal')]
305    Param (
306        [Parameter(Mandatory = $false, ParameterSetName = 'Principal', Position = 0)]
307        [SupportsWildcards()]
308        [ValidateNotNullorEmpty()]
309        [Alias('PrincipalName')]
310        [string]$Principal = '*',
311        [Parameter(Mandatory = $true, ParameterSetName = 'Privileges', Position = 1)]
312        [ValidateSet('SeAssignPrimaryTokenPrivilege', 'SeAuditPrivilege', 'SeBackupPrivilege', 'SeBatchLogonRight', 'SeChangeNotifyPrivilege',
313            'SeCreateGlobalPrivilege', 'SeCreatePagefilePrivilege', 'SeCreatePermanentPrivilege', 'SeCreateSymbolicLinkPrivilege', 'SeCreateTokenPrivilege',
314            'SeDebugPrivilege', 'SeDelegateSessionUserImpersonatePrivilege', 'SeDenyBatchLogonRight', 'SeDenyInteractiveLogonRight', 'SeDenyNetworkLogonRight',
315            'SeDenyRemoteInteractiveLogonRight', 'SeDenyServiceLogonRight', 'SeEnableDelegationPrivilege', 'SeImpersonatePrivilege', 'SeIncreaseBasePriorityPrivilege',
316            'SeIncreaseQuotaPrivilege', 'SeIncreaseWorkingSetPrivilege', 'SeInteractiveLogonRight', 'SeLoadDriverPrivilege', 'SeLockMemoryPrivilege', 'SeMachineAccountPrivilege',
317            'SeManageVolumePrivilege', 'SeNetworkLogonRight', 'SeProfileSingleProcessPrivilege', 'SeRelabelPrivilege', 'SeRemoteInteractiveLogonRight', 'SeRemoteShutdownPrivilege',
318            'SeRestorePrivilege', 'SeSecurityPrivilege', 'SeServiceLogonRight', 'SeShutdownPrivilege', 'SeSyncAgentPrivilege', 'SeSystemEnvironmentPrivilege', 'SeSystemProfilePrivilege',
319            'SeSystemtimePrivilege', 'SeTakeOwnershipPrivilege', 'SeTcbPrivilege', 'SeTimeZonePrivilege', 'SeTrustedCredManAccessPrivilege', 'SeUndockPrivilege', IgnoreCase = $true
320        )]
321        [Alias('Rights')]
322        [string[]]$Privilege
323    )
324    Begin {
325
326        ## Set export file path
327        [string]$TempFolderPath = [System.IO.Path]::GetTempPath()
328        [string]$RandomFileName = [System.IO.Path]::GetRandomFileName()
329        [string]$ExportFilePath = Join-Path -Path $TempFolderPath -ChildPath $RandomFileName
330        [string]$System32Path   = [Environment]::GetFolderPath([Environment+SpecialFolder]::System)
331
332        ## Set SID regex match Pattern
333        [regex]$Pattern = 'S-\d-(?:\d+-){1,14}\d+'
334
335        ## Set output object
336        $Output = $null
337    }
338    Process {
339        Try {
340
341            ## Check for Admin Rights
342            [boolean]$IsAdministrator = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
343            If (-not $IsAdministrator) { Throw 'You must have administrative privileges to run this script!' }
344
345            ## Check if Principal is SID
346            [string]$SIDMatch = (Select-String -Pattern $Pattern -InputObject $Principal).Matches.Value
347            If (-not [string]::IsNullOrEmpty($SIDMatch)) { $Principal = Resolve-Principal -Principal $Principal -ErrorAction 'Stop' }
348            Else { Write-Warning -Message 'You specified a Principal Name. This is not recommended if the names are not localized for the OS this script will be running on. Please use SID instead.' }
349
350            ## Set ScEdit.exe path
351            [string]$SecEdit = Join-Path -Path $System32Path -ChildPath 'SecEdit.exe' -Resolve
352
353            ## Export User Rights Assignment to file using SecEdit.exe
354            $null = & $SecEdit /export /cfg $ExportFilePath /areas USER_RIGHTS
355
356            ## Select User Rights Assignment from file
357            [regex]$Pattern = '^(Se\S+) = (\S+)'
358            $UserRightsMatches = (Select-String -Path $ExportFilePath -Pattern $Pattern)
359
360            ## Assemble Result object
361            $Result = ForEach ($UserRightsMatch in $UserRightsMatches) {
362                $SID = $UserRightsMatch.Matches[0].Groups[2].Value -split ','
363                [pscustomobject]@{
364                    Privilege     = $UserRightsMatch.Matches[0].Groups[1].Value
365                    PrincipalSID  = $SID
366                    PrincipalName = Resolve-Principal -Principal $SID
367                }
368            }
369
370            ## Filter Output object according to parameters
371            If ($PSCmdlet.ParameterSetName -eq 'Principal') {
372                If ($Principal -ne '*') {
373                    $FilterResult = $Result.Where({ $PsItem.PrincipalName -like $Principal })
374                    $Output = [pscustomobject]@{
375                        #  Stop on unresolved SID, account should exist
376                        PrincipalSID  = Resolve-Principal -Principal $Principal -ErrorAction 'Stop'
377                        PrincipalName = $Principal
378                        Privilege     = @($FilterResult.Privilege)
379                    }
380                }
381                Else {
382                    $UniquePrincipals = $Result.PrincipalName | Sort-Object -Unique
383                    $Output = ForEach ($UniquePrincipal in $UniquePrincipals) {
384                        $FilterResult = ($Result.Where({ $PsItem.PrincipalName -eq $UniquePrincipal }))
385                        [pscustomobject]@{
386                            #  Continue on unresolved SID, account might be deleted
387                            PrincipalSID  = Resolve-Principal -Principal $UniquePrincipal -ErrorAction 'SilentlyContinue'
388                            PrincipalName = $UniquePrincipal
389                            Privilege     = @($FilterResult.Privilege)
390                        }
391                    }
392                }
393            }
394            Else { $Output = $Result.Where({ $Privilege -contains $PsItem.Privilege }) }
395        }
396        Catch {
397            $PSCmdlet.WriteError($PSItem)
398        }
399        Finally {
400            Write-Output -InputObject $Output
401        }
402    }
403    End {
404        Remove-Item -Path $ExportFilePath -Force -ErrorAction 'SilentlyContinue'
405    }
406}
407#endregion
408
409#endregion
410##*=============================================
411##* END FUNCTION LISTINGS
412##*=============================================
413
414##*=============================================
415##* SCRIPT BODY
416##*=============================================
417#region ScriptBody
418
419## Write verbose info
420Write-Verbose -Message $("Script '{0}\{1}' started." -f $ScriptPath, $ScriptName) -Verbose
421
422$Output = Get-UserRightsAssignment @PSBoundParameters
423
424## Write output
425Write-Output -InputObject $Output
426
427## Write verbose info
428Write-Verbose -Message $("Script '{0}\{1}' completed." -f $ScriptPath, $ScriptName) -Verbose
429
430#endregion
431##*=============================================
432##* END SCRIPT BODY
433##*=============================================

SHARE

article card image dark article card image light

Published by · Jun 18, 2023 tools · 2 mins read

Introducing: Windows Cache Cleanup Tool

Cleaning Windows and Configuration Manager Caches for Configuration Manager Build and Capture Task Sequence or Standalone Use ...

See More
article card image dark article card image light

Published by · Aug 14, 2023 configmgr · 2 mins read

Configuration Manager Console Extension to show Device Collection Membership with Console Builder

Use the Configuration Manager Console Builder, to add Collection Membership View to the Device Node ...

See More