Hello,
I am attempting to write an automated method to pull permissions for all objects in a specific installed application. I am leveraging accesschk.exe (sysinternals) to pull the effective permissions of the service "log on" accounts from the registry/filesystem then attempted to find a method to pull the assigned permissions for DCOM objects and have run into a road block.
(Cleaned up script.. should have everything relevant here)
$ComName = 'PrintNotify'$dcom = Get-WMIObject Win32_DCOMApplicationSetting `
-Filter "Description='$ComName'" -EnableAllPrivileges
$lsd = $dcom.GetLaunchSecurityDescriptor().Descriptor
write-host "Users: " $lsd.dacl.trustee.name
So here is the issue:
I can see a list of users assigned to the "Launch" permissions. These users will show up as long as at least 1 of the 4 options are enabled (Local/Remote Launch/Activation). However, I do not see any sort of object that will show what users are assigned which permissions.
So here are the questions:
Is there an attribute that can be scripted in Powershell to list the permission attributes assigned to the users inside a specific DCOM object? Or is the maximum possible just: Has at least one permission granted?