140 lines
3 KiB
Text
140 lines
3 KiB
Text
|
|
@include "_Arrays.dsi";
|
|
@include "_VersionChecks.dsi";
|
|
@include "windows/_Sid.dsi";
|
|
|
|
@echo off;
|
|
@quiet off;
|
|
|
|
# try to determine localized name for System and Administrators
|
|
string $system;
|
|
_GetWellKnownSid("System", $system);
|
|
string $admins;
|
|
_GetWellKnownSid("Administrators", $admins);
|
|
|
|
@record on;
|
|
if (!`processinfo -minimal`)
|
|
{
|
|
echo("* Failed to run process info", ERROR);
|
|
return false;
|
|
}
|
|
@record off;
|
|
|
|
string $user;
|
|
if (GetCmdData("ProcessInfo::BasicInfo::User::Name", $user) && defined($user))
|
|
{
|
|
if ($user == $system)
|
|
{
|
|
echo("User is SYSTEM", GOOD);
|
|
return true;
|
|
}
|
|
}
|
|
|
|
string $groups;
|
|
bool $useDeny;
|
|
if (!GetCmdData("ProcessInfo::Groups::Group::Name", $groups) ||
|
|
!GetCmdData("ProcessInfo::Groups::Group::Attributes::GroupUseDeny", $useDeny))
|
|
{
|
|
echo("* Failed to run get process information", ERROR);
|
|
return false;
|
|
}
|
|
|
|
for (int $i=0; $i < sizeof($groups); $i++)
|
|
{
|
|
if ($groups[$i] == $admins)
|
|
{
|
|
if (!$useDeny[$i])
|
|
{
|
|
# already have admin
|
|
echo("User is ADMINISTRATOR", GOOD);
|
|
return true;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
# if we got here, we need admin
|
|
echo("The current process does not appear to have ADMINISTRATOR privileges", WARNING);
|
|
echo(" (or has UAC enabled)", WARNING);
|
|
if (prompt("Do you want to elevate?"))
|
|
{
|
|
if (`getadmin`)
|
|
{
|
|
bool $rtn=true;
|
|
echo("");
|
|
echo("--Elevated to ADMINISTRATOR", GOOD);
|
|
|
|
# adding privileges
|
|
if (_IsWindowsVistaOrGreater())
|
|
{
|
|
string $privileges;
|
|
_AppendString($privileges, "SeSecurityPrivilege");
|
|
_AppendString($privileges, "SeCreateGlobalPrivilege");
|
|
_AppendString($privileges, "SeLoadDriverPrivilege");
|
|
_AppendString($privileges, "SeImpersonatePrivilege");
|
|
|
|
# need to add the new permissions
|
|
for (int $i = 0; $i < sizeof($privileges); $i++)
|
|
{
|
|
if (`processmodify -privilege enabled_by_default -add -orig $privileges[$i]`)
|
|
{
|
|
echo("--Added permission '$privileges[$i]'", GOOD);
|
|
}
|
|
else
|
|
{
|
|
echo("--Failed to add permission '$privileges[$i]'", ERROR);
|
|
$rtn = false;
|
|
}
|
|
}
|
|
|
|
# have to change into System Mandatory Level
|
|
string $currentLevel;
|
|
for (int $i = 0; $i < sizeof($groups); $i++)
|
|
{
|
|
if (RegexMatch(".* Mandatory Level", $groups[$i]))
|
|
{
|
|
$currentLevel = $groups[$i];
|
|
break;
|
|
}
|
|
}
|
|
if (!defined($currentLevel))
|
|
{
|
|
$rtn = false;
|
|
}
|
|
else if ($currentLevel != "System Mandatory Level")
|
|
{
|
|
$rtn = `processmodify -group -orig "$currentLevel" -new "System Mandatory Level"`;
|
|
}
|
|
|
|
if ($rtn)
|
|
{
|
|
echo("--Setting privilege level to System Mandatory Level", GOOD);
|
|
}
|
|
else
|
|
{
|
|
echo("--Unable to Set privilege level to System Mandatory Level", ERROR);
|
|
$rtn = false;
|
|
}
|
|
}
|
|
|
|
echo("");
|
|
return $rtn;
|
|
}
|
|
else
|
|
{
|
|
echo("");
|
|
echo("--Failed to elevate", ERROR);
|
|
echo("");
|
|
return false;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
echo("");
|
|
echo("--Not elevated", WARNING);
|
|
echo("");
|
|
return false;
|
|
}
|
|
|
|
# shouldn't get here
|
|
return false;
|