Windows 普通Powershell提示符中的工作命令在PSSession中拒绝访问
这不是关于不能启动PSSession的问题,而是关于在PSSession中明显不同的访问权限的问题Windows 普通Powershell提示符中的工作命令在PSSession中拒绝访问,windows,powershell,security,powershell-remoting,Windows,Powershell,Security,Powershell Remoting,这不是关于不能启动PSSession的问题,而是关于在PSSession中明显不同的访问权限的问题 PS C:\Users\xxxxxxxx> whoami /all USER INFORMATION ---------------- User Name SID ================== =============================================== corporate\xxxxxxxx S-1-5-21-365037674
PS C:\Users\xxxxxxxx> whoami /all
USER INFORMATION
----------------
User Name SID
================== ===============================================
corporate\xxxxxxxx S-1-5-21-3650376746-1030869643-1781887868-23610
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================== ================ =============================================== ===============================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Remote Desktop Users Alias S-1-5-32-555 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\REMOTE INTERACTIVE LOGON Well-known group S-1-5-14 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
CORPORATE\xxxxxxxx User S-1-5-21-348289982-344025507-1237804090-35554 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1 Mandatory group, Enabled by default, Enabled group
CORPORATE\xxxxxxxxxxxxxxxxxxxxxx_RDP Alias S-1-5-21-3650376746-1030869643-1781887868-21634 Mandatory group, Enabled by default, Enabled group, Local Group
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
PS C:\Users\xxxxxxxx> enter-pssession localhost
[localhost]: PS C:\Users\xxxxxxxx\Documents> whoami /all
USER INFORMATION
----------------
User Name SID
================== ===============================================
corporate\xxxxxxxx S-1-5-21-3650376746-1030869643-1781887868-23610
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================== ================ =============================================== ===============================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Remote Desktop Users Alias S-1-5-32-555 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NETWORK Well-known group S-1-5-2 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
CORPORATE\xxxxxxxx User S-1-5-21-348289982-344025507-1237804090-35554 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1 Mandatory group, Enabled by default, Enabled group
CORPORATE\xxxxxxxxxxxxxxxxxxxxxx_RDP Alias S-1-5-21-3650376746-1030869643-1781887868-21634 Mandatory group, Enabled by default, Enabled group, Local Group
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== =======
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
下面的一组命令起作用
cmd/c sc queryex-WerSvc
Enter PSSession localhost
cmd/c sc queryex-WerSvc
sc queryex
,但在PSSession中显然没有。有人知道我应该从哪里开始检查访问权限吗
编辑cudo's to PetSerAl
在标准powershell提示符和PSSession中的whoami/all
输出下方
PS C:\Users\xxxxxxxx> whoami /all
USER INFORMATION
----------------
User Name SID
================== ===============================================
corporate\xxxxxxxx S-1-5-21-3650376746-1030869643-1781887868-23610
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================== ================ =============================================== ===============================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Remote Desktop Users Alias S-1-5-32-555 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\REMOTE INTERACTIVE LOGON Well-known group S-1-5-14 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
CORPORATE\xxxxxxxx User S-1-5-21-348289982-344025507-1237804090-35554 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1 Mandatory group, Enabled by default, Enabled group
CORPORATE\xxxxxxxxxxxxxxxxxxxxxx_RDP Alias S-1-5-21-3650376746-1030869643-1781887868-21634 Mandatory group, Enabled by default, Enabled group, Local Group
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
PS C:\Users\xxxxxxxx> enter-pssession localhost
[localhost]: PS C:\Users\xxxxxxxx\Documents> whoami /all
USER INFORMATION
----------------
User Name SID
================== ===============================================
corporate\xxxxxxxx S-1-5-21-3650376746-1030869643-1781887868-23610
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================== ================ =============================================== ===============================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Remote Desktop Users Alias S-1-5-32-555 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NETWORK Well-known group S-1-5-2 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
CORPORATE\xxxxxxxx User S-1-5-21-348289982-344025507-1237804090-35554 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1 Mandatory group, Enabled by default, Enabled group
CORPORATE\xxxxxxxxxxxxxxxxxxxxxx_RDP Alias S-1-5-21-3650376746-1030869643-1781887868-21634 Mandatory group, Enabled by default, Enabled group, Local Group
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== =======
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
您是否可能启动一个提升的Powershell,然后在
进入PSSession
之后,您将进入一个权限较低的shell
请尝试使用以下行进行检查:
[bool]$isElavated = (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
您是否可能启动一个提升的Powershell,然后在
进入PSSession
之后,您将进入一个权限较低的shell
请尝试使用以下行进行检查:
[bool]$isElavated = (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
whoami/all
输出显示您使用交互式登录运行PowerShell,而PowerShell远程处理在创建会话时默认使用网络登录。您可以使用-EnableNetworkAccess
参数使用现有的交互式会话,而不是创建新的网络登录
如果您查看
WerSvc
服务安全描述符(您可以使用sc.exe sdshow WerSvc
命令执行此操作),您可以看到它为交互式登录授予访问服务的权限,而不为网络登录授予此权限。因此,您可以看到行为上的差异。whoami/all
输出显示您使用交互式登录来运行PowerShell,而PowerShell远程处理在创建会话时默认使用网络登录。您可以使用-EnableNetworkAccess
参数使用现有的交互式会话,而不是创建新的网络登录
如果您查看
WerSvc
服务安全描述符(您可以使用sc.exe sdshow WerSvc
命令执行此操作),您可以看到它为交互式登录授予访问服务的权限,而不为网络登录授予此权限。因此,您可以看到行为上的差异。TimPe-(新对象Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
在powershell提示符(普通和pssession)中返回false
(新对象Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)在powershell提示符中返回false
(普通和pssession)在这两种情况下都显示whoami/all
的输出。@PetSerAl-我已将输出添加到问题中。不幸的是,没有差异。不幸的是,没有差异。什么?在一种情况下,您确实拥有NT AUTHORITY\INTERACTIVE
。现在,如果您查看sc sdshow WerSvc
的输出,您将看到这是一点授予访问权限的SID(至少在默认情况下)。您可能可以使用Enter PSSession localhost-EnableNetworkAccess
使用交互式令牌连接到PowerShell会话。@PetSerAl-现在这很尴尬。我必须比较同一命令的输出:(.谢谢你捕捉到它!。我明天才能测试,我会告诉你的。@PetSerAl-添加-EnableNetworkAccess
有效。我看不到与正在执行的命令和网络访问的连接:)但是请发布一个答案,这样我就可以投票并接受它。在这两种情况下都显示whoami/all
的输出。@PetSerAl-我已将输出添加到问题中。不幸的是,没有差异。不幸的是,没有差异。什么?在一种情况下,您确实拥有NT AUTHORITY\INTERACTIVE
,在另一种情况下,您没有。现在,如果您查看的输出e> sc sdshow WerSvc
,然后您将看到这是授予访问权限的SID(至少在默认情况下)。您可能可以使用Enter PSSession localhost-EnableNetworkAccess
使用交互令牌连接到PowerShell会话。@PetSerAl-现在这很尴尬。我必须比较了同一命令的输出:(.谢谢你抓到它!。我明天才能测试,我会告诉你的。@PetSerAl-添加-EnableNetworkAccess
有效。我看不到与正在执行的命令和网络访问的连接:),但请发布一个答案,以便我可以投票并接受它。