New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get-ADComputer doesn't return nTSecurityDescriptor content #21540
Comments
The
|
TLDR: Run I've had a look into this and it looks like there is an actual value there for For example we can see through PS C:\Users\vagrant-domain> (Get-ADComputer -Identity $env:COMPUTERNAME -Properties nTSecurityDescriptor).nTSecurityDescriptor | Get-Member *
TypeName: System.DirectoryServices.ActiveDirectorySecurity
Name MemberType Definition
---- ---------- ----------
AccessRuleFactory Method System.Security.AccessControl.AccessRule AccessRuleFactory(System.Security.…
AddAccessRule Method void AddAccessRule(System.DirectoryServices.ActiveDirectoryAccessRule rule)
AddAuditRule Method void AddAuditRule(System.DirectoryServices.ActiveDirectoryAuditRule rule)
AuditRuleFactory Method System.Security.AccessControl.AuditRule AuditRuleFactory(System.Security.Pr…
Equals Method bool Equals(System.Object obj)
GetAccessRules Method System.Security.AccessControl.AuthorizationRuleCollection GetAccessRules(bo…
GetAuditRules Method System.Security.AccessControl.AuthorizationRuleCollection GetAuditRules(boo…
GetGroup Method System.Security.Principal.IdentityReference GetGroup(type targetType)
GetHashCode Method int GetHashCode()
GetOwner Method System.Security.Principal.IdentityReference GetOwner(type targetType)
GetSecurityDescriptorBinaryForm Method byte[] GetSecurityDescriptorBinaryForm()
GetSecurityDescriptorSddlForm Method string GetSecurityDescriptorSddlForm(System.Security.AccessControl.AccessCo…
GetType Method type GetType()
ModifyAccessRule Method bool ModifyAccessRule(System.Security.AccessControl.AccessControlModificati…
ModifyAuditRule Method bool ModifyAuditRule(System.Security.AccessControl.AccessControlModificatio…
PurgeAccessRules Method void PurgeAccessRules(System.Security.Principal.IdentityReference identity)
PurgeAuditRules Method void PurgeAuditRules(System.Security.Principal.IdentityReference identity)
RemoveAccess Method void RemoveAccess(System.Security.Principal.IdentityReference identity, Sys…
RemoveAccessRule Method bool RemoveAccessRule(System.DirectoryServices.ActiveDirectoryAccessRule ru…
RemoveAccessRuleSpecific Method void RemoveAccessRuleSpecific(System.DirectoryServices.ActiveDirectoryAcces…
RemoveAudit Method void RemoveAudit(System.Security.Principal.IdentityReference identity)
RemoveAuditRule Method bool RemoveAuditRule(System.DirectoryServices.ActiveDirectoryAuditRule rule)
RemoveAuditRuleSpecific Method void RemoveAuditRuleSpecific(System.DirectoryServices.ActiveDirectoryAuditR…
ResetAccessRule Method void ResetAccessRule(System.DirectoryServices.ActiveDirectoryAccessRule rul…
SetAccessRule Method void SetAccessRule(System.DirectoryServices.ActiveDirectoryAccessRule rule)
SetAccessRuleProtection Method void SetAccessRuleProtection(bool isProtected, bool preserveInheritance)
SetAuditRule Method void SetAuditRule(System.DirectoryServices.ActiveDirectoryAuditRule rule)
SetAuditRuleProtection Method void SetAuditRuleProtection(bool isProtected, bool preserveInheritance)
SetGroup Method void SetGroup(System.Security.Principal.IdentityReference identity)
SetOwner Method void SetOwner(System.Security.Principal.IdentityReference identity)
SetSecurityDescriptorBinaryForm Method void SetSecurityDescriptorBinaryForm(byte[] binaryForm), void SetSecurityDe…
SetSecurityDescriptorSddlForm Method void SetSecurityDescriptorSddlForm(string sddlForm), void SetSecurityDescri…
ToString Method string ToString()
AccessRightType Property type AccessRightType {get;}
AccessRuleType Property type AccessRuleType {get;}
AreAccessRulesCanonical Property bool AreAccessRulesCanonical {get;}
AreAccessRulesProtected Property bool AreAccessRulesProtected {get;}
AreAuditRulesCanonical Property bool AreAuditRulesCanonical {get;}
AreAuditRulesProtected Property bool AreAuditRulesProtected {get;}
AuditRuleType Property type AuditRuleType {get;} The Get-FormatData -TypeName System.Security.AccessControl.ObjectSecurity | Export-FormatData -Path ob.ps1xml
Get-Content ob.ps1xml
Remove-Item ob.ps1xml <?xml version="1.0" encoding="utf-8"?>
<Configuration>
<ViewDefinitions>
<View>
<Name>System.Security.AccessControl.ObjectSecurity</Name>
<ViewSelectedBy>
<TypeName>System.Security.AccessControl.ObjectSecurity</TypeName>
</ViewSelectedBy>
<TableControl>
<TableHeaders>
<TableColumnHeader />
<TableColumnHeader />
<TableColumnHeader>
<Label>Access</Label>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<PropertyName>Path</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Owner</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>AccessToString</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
<View>
<Name>System.Security.AccessControl.ObjectSecurity</Name>
<ViewSelectedBy>
<TypeName>System.Security.AccessControl.ObjectSecurity</TypeName>
</ViewSelectedBy>
<ListControl>
<ListEntries>
<ListEntry>
<ListItems>
<ListItem>
<PropertyName>Path</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Owner</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Group</PropertyName>
</ListItem>
<ListItem>
<Label>Access</Label>
<PropertyName>AccessToString</PropertyName>
</ListItem>
<ListItem>
<Label>Audit</Label>
<PropertyName>AuditToString</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Sddl</PropertyName>
</ListItem>
</ListItems>
</ListEntry>
</ListEntries>
</ListControl>
</View>
</ViewDefinitions>
</Configuration> The default format is a table format which the above format definition is retrieved through the You can manually get these values through the normal .NET methods like Luckily the simpler solution is to import the module that contains the ETS definitions for the (Get-ADComputer -Identity $env:COMPUTERNAME -Properties nTSecurityDescriptor).nTSecurityDescriptor
Path Owner Access
---- ----- ------
Import-Module Microsoft.PowerShell.Security
(Get-ADComputer -Identity $env:COMPUTERNAME -Properties nTSecurityDescriptor).nTSecurityDescriptor
Path Owner Access
---- ----- ------
DOMAIN\Domain Admins NT AUTHORITY\SELF Allow … The reason why this works automatically in WinPS is the ETS data had not been separated into it's own module so was already present when WinPS had started. Now with PS moving to separate modules for core subsystems the ETS members will only be defined when that module is also imported. Technically the fix for the |
Thx jborean93 it works perfectly |
📣 Hey @PhidarkMM, how did we do? We would love to hear your feedback with the link below! 🗣️ 🔗 https://aka.ms/PSRepoFeedback |
Prerequisites
Steps to reproduce
PS > pwsh
PowerShell 7.4.2
PS > import-module activedirectory
PS > get-module
ModuleType Version PreRelease Name ExportedCommands
Manifest 1.0.1.0 activedirectory {Add-ADCentralAccessPolicyMember, Add-ADComputerS…
Script 2.3.5 PSReadLine {Get-PSReadLineKeyHandler, Get-PSReadLineOption, …
PS > (Get-ADComputer -Filter * -Properties nTSecurityDescriptor).nTSecurityDescriptor |fl
Path :
Owner :
Group :
Access :
Audit :
Sddl :
Path :
Owner :
Group :
Access :
Audit :
Sddl :
...
Expected behavior
Actual behavior
No content returned
Error details
Environment data
Visuals
No response
The text was updated successfully, but these errors were encountered: