public void ShowADPermissionScript()
{
var current = this.SelectedDomain;
if (current == null)
{
return;
}
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Run the following script with Domain Admins rights to add the service account to the correct groups",
ScriptText = ScriptTemplates.AddDomainGroupMembershipPermissions
.Replace("{domainDNS}", current.Name, StringComparison.OrdinalIgnoreCase)
.Replace("{serviceAccountSid}", this.serviceSettings.GetServiceAccount().Value, StringComparison.OrdinalIgnoreCase)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Script",
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
current.RefreshGroupMembership();
}
public async Task Add()
{
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Add authorization rule",
SaveButtonIsDefault = true,
Height = childWindowHeight,
Width = childWindowWidth,
};
var m = new SecurityDescriptorTarget();
var vm = await this.factory.CreateViewModelAsync(m, this.ChildDisplaySettings);
w.DataContext = vm;
if (w.ShowDialog() == true)
{
m.CreatedBy = WindowsIdentity.GetCurrent().User.ToString();
m.Created = DateTime.UtcNow;
m.LastModifiedBy = WindowsIdentity.GetCurrent().User.ToString();
m.LastModified = m.Created;
this.Model.Add(m);
this.ViewModels.Add(vm);
}
}
public void PublishSelectedCertificate()
{
var de = this.discoveryServices.GetConfigurationNamingContext(this.SelectedForest.RootDomain.Name);
var certData = Convert.ToBase64String(this.SelectedCertificate.Model.RawData, Base64FormattingOptions.InsertLineBreaks);
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Run the following script to publish the encryption certificate",
ScriptText = this.scriptTemplateProvider.PublishLithnetAccessManagerCertificate
.Replace("{configurationNamingContext}", de.GetPropertyString("distinguishedName"))
.Replace("{certificateData}", certData)
.Replace("{forest}", this.SelectedForest.Name)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Script",
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
try
{
if (this.certificateProvider.TryGetCertificateFromDirectory(out X509Certificate2 publishedCert,
this.SelectedForest.RootDomain.Name))
{
if (publishedCert.Thumbprint == this.SelectedCertificate.Model.Thumbprint)
{
this.SelectedCertificate.IsPublished = true;
foreach (var c in this.AvailableCertificates.ToList())
{
if (this.SelectedCertificate != c)
{
c.IsPublished = false;
}
if (c.IsOrphaned)
{
this.AvailableCertificates.Remove(c);
}
}
}
}
}
catch (Exception ex)
{
logger.LogWarning(EventIDs.UIGenericWarning, ex, "Could not update certificate publication information");
}
}
public void About()
{
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "About",
SaveButtonIsDefault = false,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
var vm = new AboutViewModel();
w.DataContext = vm;
w.ShowDialog();
}
public async Task EditItem(SecurityDescriptorTargetViewModel selectedItem, Window owner)
{
try
{
if (selectedItem == null)
{
return;
}
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Edit rule",
SaveButtonIsDefault = true,
Height = childWindowHeight,
Width = childWindowWidth,
Owner = owner
};
var m = JsonConvert.DeserializeObject <SecurityDescriptorTarget>(JsonConvert.SerializeObject(selectedItem.Model));
var vm = await this.factory.CreateViewModelAsync(m, this.ChildDisplaySettings);
vm.IsEditing = true;
w.DataContext = vm;
if (w.ShowDialog() == true)
{
this.Model.Remove(selectedItem.Model);
int existingPosition = this.ViewModels.IndexOf(selectedItem);
this.ViewModels.Remove(selectedItem);
this.Model.Add(m);
m.LastModifiedBy = WindowsIdentity.GetCurrent().User.ToString();
m.LastModified = DateTime.UtcNow;
this.ViewModels.Insert(Math.Min(Math.Max(existingPosition, 0), this.ViewModels.Count), vm);
this.SelectedItem = vm;
}
}
catch (Exception ex)
{
this.logger.LogError(EventIDs.UIGenericError, ex, "Error editing item");
await this.dialogCoordinator.ShowMessageAsync(this, "Error", $"Could not edit the selected item. {ex.Message}");
}
}
public void DelegateMsLapsPermission()
{
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Modify the OU variable in this script, and run it with domain admin rights to assign permissions for the service account to be able to read Microsoft LAPS passwords from the directory",
ScriptText = ScriptTemplates.GrantMsLapsPermissions.Replace("{serviceAccount}", this.serviceSettings.GetServiceAccount().ToString(), StringComparison.OrdinalIgnoreCase)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
}
public void DelegateServicePermission()
{
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Modify the OU variable in this script, and run it with domain admin rights to assign permissions for the service account to be able to read BitLocker recovery passwords from the directory",
ScriptText = this.scriptTemplateProvider.GrantBitLockerRecoveryPasswordPermissions.Replace("{serviceAccount}", this.windowsServiceProvider.GetServiceAccountSid().ToString(), StringComparison.OrdinalIgnoreCase)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Script",
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
}
public void ShowEffectivePermissions()
{
var vm = this.effectiveAccessFactory.CreateViewModel(this);
ExternalDialogWindow window = new ExternalDialogWindow(shellExecuteProvider)
{
Title = "Effective Access",
DataContext = vm,
CancelButtonName = "Close",
SaveButtonVisible = false,
Height = 770
};
if (window.ShowDialog() == false)
{
return;
}
}
public async Task ExtendSchemaLithnetAccessManager()
{
ActiveDirectoryForestSchemaViewModel current = this.SelectedForest;
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Run the following script as an account that is a member of the 'Schema Admins' group",
ScriptText = ScriptTemplates.UpdateAdSchemaTemplate
.Replace("{forest}", current.Name)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
await Task.Run(() => current.RefreshSchemaStatus()).ConfigureAwait(false);
}
private bool PromptForTargetForest(IViewAware owner, out string targetServer)
{
targetServer = null;
SelectForestViewModel vm = new SelectForestViewModel();
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Select forest",
DataContext = vm,
SaveButtonName = "Next...",
SizeToContent = SizeToContent.WidthAndHeight,
SaveButtonIsDefault = true
};
foreach (Forest forest in this.domainTrustProvider.GetForests())
{
vm.AvailableForests.Add(forest.Name);
}
vm.SelectedForest = vm.AvailableForests.FirstOrDefault();
if (vm.AvailableForests.Count > 1)
{
w.Owner = owner.GetWindow();
if (!w.ShowDialog() ?? false)
{
return(false);
}
}
targetServer = this.discoveryServices.GetDomainController(vm.SelectedForest ?? Forest.GetCurrentForest().Name);
return(true);
}
public async Task AddAllowedPrincipal()
{
try
{
ExternalDialogWindow w = new ExternalDialogWindow();
w.Title = "Select forest";
var vm = new SelectForestViewModel();
w.DataContext = vm;
w.SaveButtonName = "Next...";
w.SaveButtonIsDefault = true;
vm.AvailableForests = new List <string>();
var domain = Domain.GetCurrentDomain();
vm.AvailableForests.Add(domain.Forest.Name);
vm.SelectedForest = domain.Forest.Name;
foreach (var trust in domain.Forest.GetAllTrustRelationships().OfType <TrustRelationshipInformation>())
{
if (trust.TrustDirection == TrustDirection.Inbound || trust.TrustDirection == TrustDirection.Bidirectional)
{
vm.AvailableForests.Add(trust.TargetName);
}
}
w.Owner = this.GetWindow();
if (!w.ShowDialog() ?? false)
{
return;
}
DsopScopeInitInfo scope = new DsopScopeInitInfo();
scope.Filter = new DsFilterFlags();
scope.Filter.UpLevel.BothModeFilter = DsopObjectFilterFlags.DSOP_FILTER_DOMAIN_LOCAL_GROUPS_SE | DsopObjectFilterFlags.DSOP_FILTER_GLOBAL_GROUPS_SE | DsopObjectFilterFlags.DSOP_FILTER_UNIVERSAL_GROUPS_SE | DsopObjectFilterFlags.DSOP_FILTER_USERS | DsopObjectFilterFlags.DSOP_FILTER_WELL_KNOWN_PRINCIPALS;
scope.ScopeType = DsopScopeTypeFlags.DSOP_SCOPE_TYPE_ENTERPRISE_DOMAIN | DsopScopeTypeFlags.DSOP_SCOPE_TYPE_USER_ENTERED_UPLEVEL_SCOPE | DsopScopeTypeFlags.DSOP_SCOPE_TYPE_EXTERNAL_UPLEVEL_DOMAIN;
scope.InitInfo = DsopScopeInitInfoFlags.DSOP_SCOPE_FLAG_DEFAULT_FILTER_GROUPS | DsopScopeInitInfoFlags.DSOP_SCOPE_FLAG_STARTING_SCOPE;
string target = vm.SelectedForest == domain.Forest.Name ? null : vm.SelectedForest;
var result = NativeMethods.ShowObjectPickerDialog(this.GetHandle(), target, scope, "objectClass", "objectSid").FirstOrDefault();
if (result != null)
{
byte[] sidraw = result.Attributes["objectSid"] as byte[];
if (sidraw == null)
{
return;
}
SecurityIdentifierViewModel sidvm = new SecurityIdentifierViewModel();
var sid = new SecurityIdentifier(sidraw, 0);
sidvm.Sid = sid.ToString();
if (this.model.AllowedPrincipals.Any(t => string.Equals(t, sidvm.Sid, StringComparison.OrdinalIgnoreCase)))
{
return;
}
sidvm.DisplayName = this.GetSidDisplayName(sid);
this.model.AllowedPrincipals.Add(sidvm.Sid);
this.AllowedPrincipals.Add(sidvm);
}
}
catch (Exception ex)
{
this.logger.LogError(EventIDs.UIGenericError, ex, "Select group error");
await this.dialogCoordinator.ShowMessageAsync(this, "Error", $"An error occurred when processing the request\r\n{ex.Message}");
}
}
