Flygsand/LSARights.ps1

## LSARights.ps1
Add-Type @'
using System;
using System.Collections.Generic;
using System.Text;

namespace LSA
{
  using System.Runtime.InteropServices;
  using System.Security;
  using System.Management;
  using System.Runtime.CompilerServices;
  using System.ComponentModel;

  using LSA_HANDLE = IntPtr;

  [StructLayout(LayoutKind.Sequential)]
  struct LSA_OBJECT_ATTRIBUTES
  {
    internal int Length;
    internal IntPtr RootDirectory;
    internal IntPtr ObjectName;
    internal int Attributes;
    internal IntPtr SecurityDescriptor;
    internal IntPtr SecurityQualityOfService;
  }
  [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
  struct LSA_UNICODE_STRING
  {
    internal ushort Length;
    internal ushort MaximumLength;
    [MarshalAs(UnmanagedType.LPWStr)]
    internal string Buffer;
  }
  sealed class Win32Sec
  {
    [DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
    SuppressUnmanagedCodeSecurityAttribute]
    internal static extern uint LsaOpenPolicy(
    LSA_UNICODE_STRING[] SystemName,
    ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
    int AccessMask,
    out IntPtr PolicyHandle
    );

    [DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true), SuppressUnmanagedCodeSecurityAttribute]
    internal static extern uint LsaAddAccountRights(LSA_HANDLE PolicyHandle, IntPtr pSID, LSA_UNICODE_STRING[] UserRights, int CountOfRights);

    [DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true), SuppressUnmanagedCodeSecurityAttribute]
    internal static extern int LsaLookupNames2(LSA_HANDLE PolicyHandle, uint Flags, uint Count, LSA_UNICODE_STRING[] Names, ref IntPtr ReferencedDomains, ref IntPtr Sids);

    [DllImport("advapi32")]
    internal static extern int LsaNtStatusToWinError(int NTSTATUS);

    [DllImport("advapi32")]
    internal static extern int LsaClose(IntPtr PolicyHandle);

    [DllImport("advapi32")]
    internal static extern int LsaFreeMemory(IntPtr Buffer);

  }

  public sealed class LsaWrapper : IDisposable
  {
    [StructLayout(LayoutKind.Sequential)]
    struct LSA_TRUST_INFORMATION
    {
      internal LSA_UNICODE_STRING Name;
      internal IntPtr Sid;
    }
    [StructLayout(LayoutKind.Sequential)]
    struct LSA_TRANSLATED_SID2
    {
      internal SidNameUse Use;
      internal IntPtr Sid;
      internal int DomainIndex;
      uint Flags;
    }

    [StructLayout(LayoutKind.Sequential)]
    struct LSA_REFERENCED_DOMAIN_LIST
    {
      internal uint Entries;
      internal LSA_TRUST_INFORMATION Domains;
    }

    enum SidNameUse : int
    {
      User = 1,
      Group = 2,
      Domain = 3,
      Alias = 4,
      KnownGroup = 5,
      DeletedAccount = 6,
      Invalid = 7,
      Unknown = 8,
      Computer = 9
    }

    enum Access : int
    {
      POLICY_READ = 0x20006,
      POLICY_ALL_ACCESS = 0x00F0FFF,
      POLICY_EXECUTE = 0X20801,
      POLICY_WRITE = 0X207F8
    }
    const uint STATUS_ACCESS_DENIED = 0xc0000022;
    const uint STATUS_INSUFFICIENT_RESOURCES = 0xc000009a;
    const uint STATUS_NO_MEMORY = 0xc0000017;

    IntPtr lsaHandle;

    public LsaWrapper()
      : this(null)
    { }
    public LsaWrapper(string systemName)
    {
      LSA_OBJECT_ATTRIBUTES lsaAttr;
      lsaAttr.RootDirectory = IntPtr.Zero;
      lsaAttr.ObjectName = IntPtr.Zero;
      lsaAttr.Attributes = 0;
      lsaAttr.SecurityDescriptor = IntPtr.Zero;
      lsaAttr.SecurityQualityOfService = IntPtr.Zero;
      lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES));
      lsaHandle = IntPtr.Zero;
      LSA_UNICODE_STRING[] system = null;
      if (systemName != null)
      {
        system = new LSA_UNICODE_STRING[1];
        system[0] = InitLsaString(systemName);
      }

      uint ret = Win32Sec.LsaOpenPolicy(system, ref lsaAttr,
      (int)Access.POLICY_ALL_ACCESS, out lsaHandle);
      if (ret == 0)
        return;
      if (ret == STATUS_ACCESS_DENIED)
      {
        throw new UnauthorizedAccessException();
      }
      if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
      {
        throw new OutOfMemoryException();
      }
      throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
    }

    public void AddRight(string account, string right)
    {
      IntPtr pSid = GetSIDInformation(account);
      LSA_UNICODE_STRING[] rights = new LSA_UNICODE_STRING[1];
      rights[0] = InitLsaString(right);
      uint ret = Win32Sec.LsaAddAccountRights(lsaHandle, pSid, rights, 1);
      if (ret == 0)
        return;
      if (ret == STATUS_ACCESS_DENIED)
      {
        throw new UnauthorizedAccessException();
      }
      if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
      {
        throw new OutOfMemoryException();
      }
      throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
    }

    public void Dispose()
    {
      if (lsaHandle != IntPtr.Zero)
      {
        Win32Sec.LsaClose(lsaHandle);
        lsaHandle = IntPtr.Zero;
      }
      GC.SuppressFinalize(this);
    }
    ~LsaWrapper()
    {
      Dispose();
    }
    // helper functions

    IntPtr GetSIDInformation(string account)
    {
      LSA_UNICODE_STRING[] names = new LSA_UNICODE_STRING[1];
      LSA_TRANSLATED_SID2 lts;
      IntPtr tsids = IntPtr.Zero;
      IntPtr tdom = IntPtr.Zero;
      names[0] = InitLsaString(account);
      lts.Sid = IntPtr.Zero;
      int ret = Win32Sec.LsaLookupNames2(lsaHandle, 0, 1, names, ref tdom, ref tsids);
      if (ret != 0)
        throw new Win32Exception(Win32Sec.LsaNtStatusToWinError(ret));
      lts = (LSA_TRANSLATED_SID2)Marshal.PtrToStructure(tsids,
      typeof(LSA_TRANSLATED_SID2));
      Win32Sec.LsaFreeMemory(tsids);
      Win32Sec.LsaFreeMemory(tdom);
      return lts.Sid;
    }

    static LSA_UNICODE_STRING InitLsaString(string s)
    {
      // Unicode strings max. 32KB
      if (s.Length > 0x7ffe)
        throw new ArgumentException("String too long");
      LSA_UNICODE_STRING lus = new LSA_UNICODE_STRING();
      lus.Buffer = s;
      lus.Length = (ushort)(s.Length * sizeof(char));
      lus.MaximumLength = (ushort)(lus.Length + sizeof(char));
      return lus;
    }
  }
  public class Util
  {
    public static void AddRight(string account, string right)
    {
      using (LsaWrapper lsaWrapper = new LsaWrapper())
      {
        lsaWrapper.AddRight(account, right);
      }
    }
  }
}
'@

function Add-LSARight
{
  <#
    .SYNOPSIS
      Adds a right to an account

    .DESCRIPTION
      Adds a right (e.g. SeServiceLogonRight) to an account via the Local Security Authority (LSA)

    .PARAMETER Account
      Account to grant the right to

    .PARAMETER Right
      The right to grant

    .EXAMPLE
      Add-LSARight -Account JohnDoe -Right SeServiceLogonRight
  #>

  [CmdletBinding()]
  param
  (
    [Parameter(Mandatory, Position=0)][string]$Right,
    [Parameter(Mandatory)][string]$Account
  )

  process {
    [LSA.Util]::AddRight($Account, $Right)
  }
}
	Add-Type @'
	using System;
	using System.Collections.Generic;
	using System.Text;

	namespace LSA
	{
	using System.Runtime.InteropServices;
	using System.Security;
	using System.Management;
	using System.Runtime.CompilerServices;
	using System.ComponentModel;

	using LSA_HANDLE = IntPtr;

	[StructLayout(LayoutKind.Sequential)]
	struct LSA_OBJECT_ATTRIBUTES
	{
	internal int Length;
	internal IntPtr RootDirectory;
	internal IntPtr ObjectName;
	internal int Attributes;
	internal IntPtr SecurityDescriptor;
	internal IntPtr SecurityQualityOfService;
	}
	[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
	struct LSA_UNICODE_STRING
	{
	internal ushort Length;
	internal ushort MaximumLength;
	[MarshalAs(UnmanagedType.LPWStr)]
	internal string Buffer;
	}
	sealed class Win32Sec
	{
	[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
	SuppressUnmanagedCodeSecurityAttribute]
	internal static extern uint LsaOpenPolicy(
	LSA_UNICODE_STRING[] SystemName,
	ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
	int AccessMask,
	out IntPtr PolicyHandle
	);

	[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true), SuppressUnmanagedCodeSecurityAttribute]
	internal static extern uint LsaAddAccountRights(LSA_HANDLE PolicyHandle, IntPtr pSID, LSA_UNICODE_STRING[] UserRights, int CountOfRights);

	[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true), SuppressUnmanagedCodeSecurityAttribute]
	internal static extern int LsaLookupNames2(LSA_HANDLE PolicyHandle, uint Flags, uint Count, LSA_UNICODE_STRING[] Names, ref IntPtr ReferencedDomains, ref IntPtr Sids);

	[DllImport("advapi32")]
	internal static extern int LsaNtStatusToWinError(int NTSTATUS);

	[DllImport("advapi32")]
	internal static extern int LsaClose(IntPtr PolicyHandle);

	[DllImport("advapi32")]
	internal static extern int LsaFreeMemory(IntPtr Buffer);

	}

	public sealed class LsaWrapper : IDisposable
	{
	[StructLayout(LayoutKind.Sequential)]
	struct LSA_TRUST_INFORMATION
	{
	internal LSA_UNICODE_STRING Name;
	internal IntPtr Sid;
	}
	[StructLayout(LayoutKind.Sequential)]
	struct LSA_TRANSLATED_SID2
	{
	internal SidNameUse Use;
	internal IntPtr Sid;
	internal int DomainIndex;
	uint Flags;
	}

	[StructLayout(LayoutKind.Sequential)]
	struct LSA_REFERENCED_DOMAIN_LIST
	{
	internal uint Entries;
	internal LSA_TRUST_INFORMATION Domains;
	}

	enum SidNameUse : int
	{
	User = 1,
	Group = 2,
	Domain = 3,
	Alias = 4,
	KnownGroup = 5,
	DeletedAccount = 6,
	Invalid = 7,
	Unknown = 8,
	Computer = 9
	}

	enum Access : int
	{
	POLICY_READ = 0x20006,
	POLICY_ALL_ACCESS = 0x00F0FFF,
	POLICY_EXECUTE = 0X20801,
	POLICY_WRITE = 0X207F8
	}
	const uint STATUS_ACCESS_DENIED = 0xc0000022;
	const uint STATUS_INSUFFICIENT_RESOURCES = 0xc000009a;
	const uint STATUS_NO_MEMORY = 0xc0000017;

	IntPtr lsaHandle;

	public LsaWrapper()
	: this(null)
	{ }
	public LsaWrapper(string systemName)
	{
	LSA_OBJECT_ATTRIBUTES lsaAttr;
	lsaAttr.RootDirectory = IntPtr.Zero;
	lsaAttr.ObjectName = IntPtr.Zero;
	lsaAttr.Attributes = 0;
	lsaAttr.SecurityDescriptor = IntPtr.Zero;
	lsaAttr.SecurityQualityOfService = IntPtr.Zero;
	lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES));
	lsaHandle = IntPtr.Zero;
	LSA_UNICODE_STRING[] system = null;
	if (systemName != null)
	{
	system = new LSA_UNICODE_STRING[1];
	system[0] = InitLsaString(systemName);
	}

	uint ret = Win32Sec.LsaOpenPolicy(system, ref lsaAttr,
	(int)Access.POLICY_ALL_ACCESS, out lsaHandle);
	if (ret == 0)
	return;
	if (ret == STATUS_ACCESS_DENIED)
	{
	throw new UnauthorizedAccessException();
	}
	if ((ret == STATUS_INSUFFICIENT_RESOURCES) \|\| (ret == STATUS_NO_MEMORY))
	{
	throw new OutOfMemoryException();
	}
	throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
	}

	public void AddRight(string account, string right)
	{
	IntPtr pSid = GetSIDInformation(account);
	LSA_UNICODE_STRING[] rights = new LSA_UNICODE_STRING[1];
	rights[0] = InitLsaString(right);
	uint ret = Win32Sec.LsaAddAccountRights(lsaHandle, pSid, rights, 1);
	if (ret == 0)
	return;
	if (ret == STATUS_ACCESS_DENIED)
	{
	throw new UnauthorizedAccessException();
	}
	if ((ret == STATUS_INSUFFICIENT_RESOURCES) \|\| (ret == STATUS_NO_MEMORY))
	{
	throw new OutOfMemoryException();
	}
	throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
	}

	public void Dispose()
	{
	if (lsaHandle != IntPtr.Zero)
	{
	Win32Sec.LsaClose(lsaHandle);
	lsaHandle = IntPtr.Zero;
	}
	GC.SuppressFinalize(this);
	}
	~LsaWrapper()
	{
	Dispose();
	}
	// helper functions

	IntPtr GetSIDInformation(string account)
	{
	LSA_UNICODE_STRING[] names = new LSA_UNICODE_STRING[1];
	LSA_TRANSLATED_SID2 lts;
	IntPtr tsids = IntPtr.Zero;
	IntPtr tdom = IntPtr.Zero;
	names[0] = InitLsaString(account);
	lts.Sid = IntPtr.Zero;
	int ret = Win32Sec.LsaLookupNames2(lsaHandle, 0, 1, names, ref tdom, ref tsids);
	if (ret != 0)
	throw new Win32Exception(Win32Sec.LsaNtStatusToWinError(ret));
	lts = (LSA_TRANSLATED_SID2)Marshal.PtrToStructure(tsids,
	typeof(LSA_TRANSLATED_SID2));
	Win32Sec.LsaFreeMemory(tsids);
	Win32Sec.LsaFreeMemory(tdom);
	return lts.Sid;
	}

	static LSA_UNICODE_STRING InitLsaString(string s)
	{
	// Unicode strings max. 32KB
	if (s.Length > 0x7ffe)
	throw new ArgumentException("String too long");
	LSA_UNICODE_STRING lus = new LSA_UNICODE_STRING();
	lus.Buffer = s;
	lus.Length = (ushort)(s.Length * sizeof(char));
	lus.MaximumLength = (ushort)(lus.Length + sizeof(char));
	return lus;
	}
	}
	public class Util
	{
	public static void AddRight(string account, string right)
	{
	using (LsaWrapper lsaWrapper = new LsaWrapper())
	{
	lsaWrapper.AddRight(account, right);
	}
	}
	}
	}
	'@

	function Add-LSARight
	{
	<#
	.SYNOPSIS
	Adds a right to an account

	.DESCRIPTION
	Adds a right (e.g. SeServiceLogonRight) to an account via the Local Security Authority (LSA)

	.PARAMETER Account
	Account to grant the right to

	.PARAMETER Right
	The right to grant

	.EXAMPLE
	Add-LSARight -Account JohnDoe -Right SeServiceLogonRight
	#>

	[CmdletBinding()]
	param
	(
	[Parameter(Mandatory, Position=0)][string]$Right,
	[Parameter(Mandatory)][string]$Account
	)

	process {
	[LSA.Util]::AddRight($Account, $Right)
	}
	}