Resources/WindowsSecurityPolicy.ps1

using module .\..\Helpers\SecurityPolicy.psm1

# get a temporary file to save and process the secedit settings
$securityPolicyPath = Join-Path -Path $env:TEMP -ChildPath 'SecurityPolicy.inf'

# export the secedit settings to this temporary file
Write-Verbose "[WindowsSecurityPolicy] Exporting local security policies from secedit into tempory file: $securityPolicyPath"
secedit.exe /export /cfg $securityPolicyPath | Out-Null

$config = @{}
switch -regex -file $securityPolicyPath {
    "^\[(.+)\]" { # Section
        $section = $matches[1]
        $config[$section] = @{}
    }
    "(.+?)\s*=(.*)" { # Key
        $name = $matches[1]
        $value = $matches[2] -replace "\*"
        $config[$section][$name] = $value
    }
}

Write-Verbose "[WindowsSecurityPolicy] Converting identities in 'Privilege Rights' section"
$privilegeRights = @{}
foreach ($key in $config["Privilege Rights"].Keys) {
    # Make all accounts SIDs
    $accounts = $($config["Privilege Rights"][$key] -split ",").Trim() `
        | ConvertTo-NTAccountUser -Verbose:$VerbosePreference `
        | Where-Object { $null -ne $_ }
    $privilegeRights[$key] = $accounts
}
$config["Privilege Rights"] = $privilegeRights

# sanitize input
$systemAccess = @{}
foreach ($key in $config["System Access"].Keys) {
    $systemAccess[$key] = $config["System Access"][$key].Trim()
}
$config["System Access"] = $systemAccess

return $config