private void ProcessAccount()
{
foreach (IdentityReference acct in Account)
{
WriteVerbose($"Getting current rights for '{acct.Value}'");
string[] rights = Lsa.EnumerateAccountRights(_lsa, acct).ToArray();
if (rights.Length > 0)
{
WriteVerbose($"Removing all rights for account '{acct.Value}'");
if (ShouldProcess(acct.Value, "Remove all rights"))
{
Lsa.RemoveAllAccountRights(_lsa, acct);
}
}
else
{
WriteVerbose($"Account '{acct.Value} does not have any rights, no action required");
}
}
}
protected override void ProcessRecord()
{
// Will be invalid if it failed to be opened in begin.
if (_lsa.IsInvalid)
{
return;
}
if (Account == null && Name.Length == 0)
{
Name = PrivilegeHelper.ALL_PRIVILEGES.Concat(Lsa.ALL_RIGHTS.Keys).ToArray();
}
else if (Account != null)
{
string[] accountRights = Lsa.EnumerateAccountRights(_lsa, Account).ToArray();
if (Name.Length > 0)
{
accountRights = accountRights.Intersect(Name).ToArray();
}
Name = accountRights;
}
WriteVerbose("Getting details for the following rights: " + String.Join(", ", Name));
foreach (string right in Name)
{
string description = "";
if (Lsa.ALL_RIGHTS.ContainsKey(right))
{
description = Lsa.ALL_RIGHTS[right];
}
else if (PrivilegeHelper.CheckPrivilegeName(right))
{
description = PrivilegeHelper.GetPrivilegeDisplayName(right);
}
else
{
WriteWarning($"Unknown right {right}, cannot get description");
}
WriteVerbose($"Enumerating accounts with the privilege/rights '{right}'");
IdentityReference[] rightAccounts;
try
{
rightAccounts = Lsa.EnumerateAccountsWithUserRight(_lsa, right)
.Select(i => TranslateIdentity(i, IdentityType))
.ToArray();
}
catch (ArgumentException e)
{
WriteError(new ErrorRecord(e, "InvalidPrivilegeRightName", ErrorCategory.InvalidArgument, right));
continue;
}
WriteObject(new Right()
{
Name = right,
ComputerName = ComputerName,
Description = description,
Accounts = rightAccounts,
});
}
}
