OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

restrict access to directories with powershell

  • Thread starter Thread starter Acauã Tunari
  • Start date Start date
A

Acauã Tunari

Guest
i'm an internship and i have to be responsible for creating security controls for vulnerabilities of an environment that will be pci certified.

there is a windows machine with two local users: normal-user and administrator.

i need to create acl rules in windows (in powershell) so that the normal-user does not have access to c:\

but have access to c:\users\usuario-normal (user directory)

and access to another directory which we can call c:\xyz (which is the directory of an application that will be run by the normal user)

i've been trying to do this for 1 month, but i always break the system by restricting access.

Code:
$logPath = "C:\HardeningFixLogs999.txt"
Start-Transcript -Path $logPath -Append

$hostname = $env:COMPUTERNAME
$username = whoami 
$ip = (Test-Connection -ComputerName $hostname -Count 1).IPAddressToString

Write-Host "Data: $(Get-Date)"
Write-Host "Nome do Host: $hostname"
Write-Host "Nome do User: $username"
Write-Host "IP: $ip"


$user = Get-WmiObject -Class Win32_UserAccount -Filter "Name = 'NormalUser'"
if ($null -eq $user) {
    Write-Host "Status: Erro - Normal User not found"
    Stop-Transcript
    exit
}

$userSID = $user.SID

$objUser = New-Object System.Security.Principal.SecurityIdentifier($userSID)
$strSID = $objUser.Translate([System.Security.Principal.NTAccount])

try {
    $Acl = Get-Acl "C:\"
    $permissionTypes = @("ReadAndExecute", "ListDirectory", "Read")
    foreach ($permissionType in $permissionTypes) {
        $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($strSID, $permissionType, "Deny")
        $Acl.SetAccessRule($Ar)
    }
    Set-Acl "C:\" $Acl
    Write-Host "Status: Okay"
}
catch {
    Write-Host "Status: Erro: $_"
}


Write-Host "---------------------------------------------"
Stop-Transcript
<p>i'm an internship and i have to be responsible for creating security controls for vulnerabilities of an environment that will be pci certified.</p>
<p>there is a windows machine with two local users: normal-user and administrator.</p>
<p>i need to create acl rules in windows (in powershell) so that the normal-user does not have access to c:\</p>
<p>but have access to c:\users\usuario-normal (user directory)</p>
<p>and access to another directory which we can call c:\xyz (which is the directory of an application that will be run by the normal user)</p>
<p>i've been trying to do this for 1 month, but i always break the system by restricting access.</p>
<pre><code>$logPath = "C:\HardeningFixLogs999.txt"
Start-Transcript -Path $logPath -Append

$hostname = $env:COMPUTERNAME
$username = whoami
$ip = (Test-Connection -ComputerName $hostname -Count 1).IPAddressToString

Write-Host "Data: $(Get-Date)"
Write-Host "Nome do Host: $hostname"
Write-Host "Nome do User: $username"
Write-Host "IP: $ip"


$user = Get-WmiObject -Class Win32_UserAccount -Filter "Name = 'NormalUser'"
if ($null -eq $user) {
Write-Host "Status: Erro - Normal User not found"
Stop-Transcript
exit
}

$userSID = $user.SID

$objUser = New-Object System.Security.Principal.SecurityIdentifier($userSID)
$strSID = $objUser.Translate([System.Security.Principal.NTAccount])

try {
$Acl = Get-Acl "C:\"
$permissionTypes = @("ReadAndExecute", "ListDirectory", "Read")
foreach ($permissionType in $permissionTypes) {
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($strSID, $permissionType, "Deny")
$Acl.SetAccessRule($Ar)
}
Set-Acl "C:\" $Acl
Write-Host "Status: Okay"
}
catch {
Write-Host "Status: Erro: $_"
}


Write-Host "---------------------------------------------"
Stop-Transcript
</code></pre>
Continue reading...
 

Latest posts

ن
Replies
0
Views
1
نعمان منذر محمود الجميلي
ن
Top