1

My goal is: Get the effective rights for a file or directory without needing external modules like PowerShellAccessControl or NTFSSecurity from powershell gallery (I used both work on other systems without problems). Simply because the the owner of the system(s) it has to run on doesn't want "External untrusted" stuff. Tn my case when testing on my systems the file exists. I run as local administrator on Server 2019, the guest account I am using to test against is activated and has full access to the file (verified via explorer, extended rights, effective access). Using right-click start as Administrator on Powershell makes no difference.

# define method
$MethodDefinition = @'
[DllImport("advapi32.dll", SetLastError = true)]
    public static extern uint GetEffectiveRightsFromAclA(
        string pacl,
        string pTrustee,
        out uint pAccessRight);
'@

$Advapi32 = Add-Type -MemberDefinition $MethodDefinition -Name 'Advapi32' -Namespace 'Win32' -PassThru

# execute function
$pacl = [System.String]"c:\testfile.txt"
$pTrustee = [System.String]"guest"
$PACCESS_MASK = [System.uint32]0
$AccessMask = [Win32.Advapi32]::GetEffectiveRightsFromAclA([ref]$pacl, [ref]$pTrustee,[ref]$PACCESS_MASK)

I expect the accessmask to be returned, a uint32 value.

But as soon as [Win32.Advapi32]::GetEffectiveRightsFromAclA([ref]$pacl, [ref]$pTrustee,[ref]$PACCESS_MASK) , with or without a $AccessMask =, is called PowerShell crashes. Sorry, I can only supply a screenshot of the PowerShell crash and not the text.

From here on I am running against a wall, what do I have to change? Powershell crashing from calling advapi32.dll

Joachim Otahal
  • 272
  • 2
  • 9
  • 2
    The function `GetEffectiveRightsFromAclA` you're trying to call has a completely different signature than the one you provided. For example, the first parameter should be a pointer to an ACL structure, not a `string`. https://learn.microsoft.com/en-us/windows/win32/api/aclapi/nf-aclapi-geteffectiverightsfromacla – Szabolcs Dézsi Jun 30 '20 at 02:04
  • @SzabolcsDézsi so `[ref]$pacl` is the wrong way? I followed [link](https://stackoverflow.com/questions/46142190/how-to-use-windows-api-auditenumeratecategories-function-in-powershell). What is the right method here? Calling sytem .DLL function from powershell is a new area for me. – Joachim Otahal Jun 30 '20 at 06:53
  • @SzabolcsDézsi I understood the problem now. The ACL Struct and the pTrustee struct are so complex that there is no chance to geht it right without an extra .DLL or so much inline C# or C code within the script that it does not make sense. I have to give it up doing it that way. – Joachim Otahal Jun 30 '20 at 22:06

0 Answers0