Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create_user_privilege_test.ps1 #21543

Closed
wants to merge 1 commit into from
Closed

Create_user_privilege_test.ps1 #21543

wants to merge 1 commit into from

Conversation

AbishekPonmudi
Copy link

@AbishekPonmudi AbishekPonmudi commented Apr 27, 2024
edited

PR Summary

This pull request introduces a new feature for PowerShell known as Command Privilege Management. This feature aims to enhance the security of PowerShell environments by providing a mechanism for controlling access to admin commands and PowerShell itself. It introduces functionality for both admin and non-admin PowerShell sessions, requiring credentials (username and password) for access to PowerShell. This prevents unauthorized users from executing potentially harmful commands and helps safeguard against malicious activities.

PR Context

The need for robust security measures in PowerShell environments is paramount to protect against unauthorized access and misuse of PowerShell capabilities. This Pull Request addresses this need by implementing Command Privilege Management, which allows administrators to control who can execute admin commands and access PowerShell. By requiring authentication credentials, it ensures that only authorized users can interact with PowerShell, thus reducing the risk of unauthorized access and potential security breaches.

Detailed Description

Script Details

The core of this feature lies in a PowerShell script included in this pull request. The script performs several key functions:

  1. Checking Administrative Privileges: The script first checks whether it is running with administrative privileges. This is essential for determining the level of access required for executing certain commands.

  2. Credential Prompt: If the script detects that administrative privileges are not present, it prompts the user for credentials. This step ensures that only authorized users with the correct credentials can access PowerShell.

  3. Registry Configuration: The script sets registry values to enable command prompt and PowerShell with user authentication. This configuration step is crucial for establishing a secure environment for script execution.

How It Works

The script follows a logical sequence of steps to ensure the secure execution of PowerShell commands:

  1. Administrative Privilege Check: The script checks whether it is running with administrative privileges. If not, it proceeds to the next step.

  2. Credential Prompt: If administrative privileges are not present, the script prompts the user for credentials. This ensures that only authorized users can access PowerShell.

  3. Registry Configuration: After obtaining the necessary credentials, the script configures registry values to enable command prompt and PowerShell with user authentication. This step sets up the environment for secure script execution.

  4. Access Control: Once the registry values are configured, the script grants access to PowerShell only to users who provide valid credentials. Unauthorized users are denied access, thereby preventing unauthorized activity.

  5. Additional Operations: After successful authentication, additional operations can be performed within the PowerShell environment. These operations are executed within the secure context established by the script.

PR Checklist

  • PR has a meaningful title
  • Summarized changes
  • Make sure all .h, .cpp, .cs, .ps1, and .psm1 files have the correct copyright header
  • This PR is ready to merge and is not Work in Progress.
  • Breaking changes
    • None
    • OR
    • Experimental feature(s) needed
      • Experimental feature name(s):
  • User-facing changes
    • Not Applicable
    • OR
    • Documentation needed
      • Issue filed:
  • Testing - New and feature
    • N/A or can only be tested interactively
    • OR
    • Make sure you've added a new test if existing tests do not effectively test the code changed
  • Tooling
    • I have considered the user experience from a tooling perspective and don't believe tooling will be impacted.
    • OR
    • I have considered the user experience from a tooling perspective and opened an issue in the relevant tool repository. This may include:
      • Impact on PowerShell Editor Services which is used in the PowerShell extension for VSCode (which runs in a different PS Host).
        • Issue filed:
      • Impact on Completions (both in the console and in editors) - one of PowerShell's most powerful features.
        • Issue filed:
      • Impact on PSScriptAnalyzer (which provides linting & formatting in the editor extensions).
        • Issue filed:
      • Impact on EditorSyntax (which provides syntax highlighting within VSCode, GitHub, and many other editors).
        • Issue filed:

@SteveL-MSFT
Copy link
Member

This does not appear to be a script useful to keep in this repo

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

microsoft-github-policy-service bot commented Apr 29, 2024
edited by unfurl-links bot

📣 Hey @AbishekPonmudi, how did we do? We would love to hear your feedback with the link below! 🗣️

🔗 https://aka.ms/PSRepoFeedback

@SteveL-MSFT SteveL-MSFT added the Resolution-Declined The proposed feature is declined. label Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Resolution-Declined The proposed feature is declined.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@AbishekPonmudi @SteveL-MSFT