en-US/PSPrivilege.dll-Help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-WindowsRight</command:name> <command:verb>Add</command:verb> <command:noun>WindowsRight</command:noun> <maml:description> <maml:para>Add an account to the privilege/right membership on the host specified.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Add an account to the privilege/right membership on the host specified. This cmdlet will run on localhost by default but a remote host can be specified. This requires administrative privileges to run.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-WindowsRight</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) or Right(s) to add the account to. See related links for a list of privileges and account right constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>Account</maml:name> <maml:description> <maml:para>Add the accounts specified to the privilege/right.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">IdentityReference[]</command:parameterValue> <dev:type> <maml:name>IdentityReference[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to add the accounts on, if not set then this will run on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>Account</maml:name> <maml:description> <maml:para>Add the accounts specified to the privilege/right.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">IdentityReference[]</command:parameterValue> <dev:type> <maml:name>IdentityReference[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to add the accounts on, if not set then this will run on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) or Right(s) to add the account to. See related links for a list of privileges and account right constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>The privilege/right name(s) to add the accounts to.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>This cmdlets opens up the LSA policy object with the `POLICY_LOOKUP_NAMES`, `POLICY_VIEW_LOCAL_INFORMATION`, and `POLICY_CREATE_ACCOUNT` access rights. This will fail if the current user does not have these access rights.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ EXAMPLE 1: Add SeDebugPrivilege to administrators ------</maml:title> <dev:code>PS C:\> $admin = [System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-544") PS C:\> Add-WindowsRight -Name SeDebugPrivilege -Account $admin</dev:code> <dev:remarks> <maml:para>Grants the `SeDebugPrivilege` privilege to the local Administrators group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- EXAMPLE 2: Add a privilege to an account on a remote host --</maml:title> <dev:code>PS C:\> $admin = [System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-544") PS C:\> Add-WindowsRight -Name SeDebugPrivilege -Account $admin -ComputerName server-remote</dev:code> <dev:remarks> <maml:para>Grants the `SeDebugPrivilege` privilege to the Administrators group on `server-remote`. This will interact with the LSA policy on `server-remote` so the SIDs need to be resolvable on that host itself.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Privileges</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Account Rights</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/account-rights-constants</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Clear-WindowsRight</command:name> <command:verb>Clear</command:verb> <command:noun>WindowsRight</command:noun> <maml:description> <maml:para>Clears privilege/right of an account.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Clears all accounts in a privilege/right or all privilges/rights of an account. This cmdlet will run on localhost by default but a remote host can be specified. This requires administrative privileges to run.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Clear-WindowsRight</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Account</maml:name> <maml:description> <maml:para>Remove all the rights of the specified account(s). This is mutually exclusive to the Name parameter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">IdentityReference[]</command:parameterValue> <dev:type> <maml:name>IdentityReference[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to clear the rights on, if not set then this will run on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Clear-WindowsRight</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) or Right(s) to clear all members off. See related links for a list of privileges and account right constants that can be used here. This is mutually exclusive to the Account parameter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to clear the rights on, if not set then this will run on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Account</maml:name> <maml:description> <maml:para>Remove all the rights of the specified account(s). This is mutually exclusive to the Name parameter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">IdentityReference[]</command:parameterValue> <dev:type> <maml:name>IdentityReference[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to clear the rights on, if not set then this will run on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) or Right(s) to clear all members off. See related links for a list of privileges and account right constants that can be used here. This is mutually exclusive to the Account parameter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>The privilege/right name(s) to clear.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>This cmdlets opens up the LSA policy object with the `POLICY_LOOKUP_NAMES` and `POLICY_VIEW_LOCAL_INFORMATION` access rights. This will fail if the current user does not have these access rights.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ EXAMPLE 1: Clear membership of a single privilege ------</maml:title> <dev:code>PS C:\> Clear-WindowsRight -Name SeDebugPrivilege</dev:code> <dev:remarks> <maml:para>Removes all the accounts and groups that have been granted the `SeDebugPrivilege`.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ EXAMPLE 2: Clear rights of the specified identity ------</maml:title> <dev:code>PS C:\> $user = [System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-545") PS C:\> Clear-WindowsRight -Account $user</dev:code> <dev:remarks> <maml:para>Removes the `User` group from all explicit rights or privileges it has been granted. This won't affect any rights/privileges it already gets from nested memberships, just rights/privileges that have the `User` group explicitly.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Privileges</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Account Rights</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/account-rights-constants</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Disable-ProcessPrivilege</command:name> <command:verb>Disable</command:verb> <command:noun>ProcessPrivilege</command:noun> <maml:description> <maml:para>Disables privilege(s) on the current process.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Disables the privileges specified on the current process. This cmdlet will disable a privilege on the current process. Only privileges that are set on the process can be disabled, privileges that are removed will result in an error.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Disable-ProcessPrivilege</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) to disable. See related links for a list of privilege constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) to disable. See related links for a list of privilege constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>The privilege name(s) to disable.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>If the privilege specified is an invalid constant, an error is written to the error stream. If the privilege constant is valid but not held on the current process, an error is written to the error stream.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- EXAMPLE 1: Disable the SeDebugPrivilege -----------</maml:title> <dev:code>PS C:\> Disable-ProcessPrivilege -Name SeDebugPrivilege</dev:code> <dev:remarks> <maml:para>Disables the `SeDebugPrivilege` on the current process.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Privileges</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Enable-ProcessPrivilege</command:name> <command:verb>Enable</command:verb> <command:noun>ProcessPrivilege</command:noun> <maml:description> <maml:para>Enables privilege(s) on the current process.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Enables the privileges specified on the current process. This cmdlet will enable a privilege on the current process. Only privileges that are set on the process can be enabled, privileges that are removed will result in an error.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Enable-ProcessPrivilege</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The privilege(s) to enable. See related links for a list of privilege constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The privilege(s) to enable. See related links for a list of privilege constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>The privilege name(s) to enable.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>If the privilege specified is an invalid constant, an error is written to the error stream. If the privilege constant is valid but not held on the current process, an error is written to the error stream.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ EXAMPLE 1: Enable the SeDebugPrivilege ------------</maml:title> <dev:code>PS C:\> Enable-ProcessPrivilege -Name SeDebugPrivilege</dev:code> <dev:remarks> <maml:para>Enables the `SeDebugPrivilege` on the current process.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Privileges</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ProcessPrivilege</command:name> <command:verb>Get</command:verb> <command:noun>ProcessPrivilege</command:noun> <maml:description> <maml:para>Get information about privileges on the current process.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Get information about privileges on the current process. This cmdlet will return whether the privilege is enabled or disabled, or enabled by default of either a single privilege or all the privileges on the current process.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ProcessPrivilege</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) to get the information on. Will return all the privileges if not set. If not set then all privileges that are set on the current process will be returned See related links for a list of privilege constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) to get the information on. Will return all the privileges if not set. If not set then all privileges that are set on the current process will be returned See related links for a list of privilege constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>The privilege name(s) to get information for</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSPrivilege.Privilege</maml:name> </dev:type> <maml:description> <maml:para>Information about the requested privilege(s) on the current process. It includes the following properties:</maml:para> <maml:para>- Name - The name of the privilege</maml:para> <maml:para>- Description - The description of the privilege</maml:para> <maml:para>- Enabled - Whether the privilege is currently enabled</maml:para> <maml:para>- EnabledByDefault - Whether the privilege was enabled by default (does not mean it is currently enabled)</maml:para> <maml:para>- Attributes - The raw PSPrivilege.Privilege attributes</maml:para> <maml:para>- IsRemoved - Whether the privilege is removed from the token</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>If the privilege specified is an invalid constant, an error is written to the error stream. If the privilege constant is valid but not held on the current process, the IsRemoved property is set to $true.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>EXAMPLE 1: Get info on all the privileges on the current process</maml:title> <dev:code>PS C:\> Get-ProcessPrivilege</dev:code> <dev:remarks> <maml:para>Returns information on all the privileges on the current process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------- EXAMPLE 2: Get info on a specific privilege ---------</maml:title> <dev:code>PS C:\> Get-ProcessPrivilege -Name SeDebugPrivilege</dev:code> <dev:remarks> <maml:para>Gets information about the `SeDebugPrivilege` on the current process.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Privileges</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-WindowsRight</command:name> <command:verb>Get</command:verb> <command:noun>WindowsRight</command:noun> <maml:description> <maml:para>Get the membership information about a privilege or right on the host specified.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet will return information about a Windows privilege or right such as it's memberships and a description. This requires administrative privileges to run.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-WindowsRight</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) or Right(s) to get the information on. Will return all the privileges or rights if not set. See related links for a list of privileges and account right constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>Account</maml:name> <maml:description> <maml:para>Only return rights and privileges that the specified account is a member of.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">IdentityReference</command:parameterValue> <dev:type> <maml:name>IdentityReference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to enumerate the membership info on, if not set then this will return information on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IdentityType</maml:name> <maml:description> <maml:para>Change the type used for the `Account` output type. The default is `[System.Security.Principal.SecurityIdentifier]` which represents the Security Identifier (SID) of each account. Can be set to `[System.Security.Principal.NTAccount]` to display a human readable representation of the account. If the SID fails to be translated to the requested type a warning will be emitted and the output will continue to be a `SID`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Type</command:parameterValue> <dev:type> <maml:name>Type</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>Account</maml:name> <maml:description> <maml:para>Only return rights and privileges that the specified account is a member of.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">IdentityReference</command:parameterValue> <dev:type> <maml:name>IdentityReference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to enumerate the membership info on, if not set then this will return information on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IdentityType</maml:name> <maml:description> <maml:para>Change the type used for the `Account` output type. The default is `[System.Security.Principal.SecurityIdentifier]` which represents the Security Identifier (SID) of each account. Can be set to `[System.Security.Principal.NTAccount]` to display a human readable representation of the account. If the SID fails to be translated to the requested type a warning will be emitted and the output will continue to be a `SID`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Type</command:parameterValue> <dev:type> <maml:name>Type</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) or Right(s) to get the information on. Will return all the privileges or rights if not set. See related links for a list of privileges and account right constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>The privilege/right name(s) to get information for</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Privilege.Right</maml:name> </dev:type> <maml:description> <maml:para>Information about the requested privilege/right(s). It includes the following properties:</maml:para> <maml:para>- Name - The name of the privilege or right</maml:para> <maml:para>- ComputerName - The hostname the information is from</maml:para> <maml:para>- Description - The description of the privilege or right</maml:para> <maml:para>- Accounts - [System.Security.Principal.IdentityReference[]] Accounts that have been granted the privilege/right, the type is based on the value of `-IdentityType`</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>This cmdlets opens up the LSA policy object with the `POLICY_LOOKUP_NAMES`, and `POLICY_VIEW_LOCAL_INFORMATION` access right. This will fail if the current user does not have these access rights.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>EXAMPLE 1: Get membership info on all local rights and privileges</maml:title> <dev:code>PS C:\> Get-WindowsRight</dev:code> <dev:remarks> <maml:para>Get the membership information about all the privileges and rights on the localhost.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- EXAMPLE 2: Get membership for specific rights --------</maml:title> <dev:code>PS C:\> Get-WindowsRight -Name SeDebugPrivilege, SeInteractiveLogonRight</dev:code> <dev:remarks> <maml:para>Get the membership information about the `SeDebugPrivilege` and `SeInteractiveLogonRight`.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>EXAMPLE 3: Get rights and privilege information that a specific account has</maml:title> <dev:code>PS C:\> $admin = [System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-544") PS C:\> Get-WindowsRight -Account $admin</dev:code> <dev:remarks> <maml:para>Gets the rights and privileges that the local Administrators group is set for.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4: Output accounts as an NTAccount ----------</maml:title> <dev:code>PS C:\> Get-WindowsRight -Name SeDebugPrivilege -IdentityType ([System.Security.Principal.NTAccount])</dev:code> <dev:remarks> <maml:para>Gets the accounts that have the `SeDebugPrivilege` and displays the `Account` property as an `NTAccount` value rather than a SID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Privileges</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Account Rights</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/account-rights-constants</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-ProcessPrivilege</command:name> <command:verb>Remove</command:verb> <command:noun>ProcessPrivilege</command:noun> <maml:description> <maml:para>Removes privilege(s) on the current process.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Removes the privileges specified on the current process. This cmdlet will remove a privilege on the current process. Once a privilege has been removed, it cannot be added back.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-ProcessPrivilege</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) to remove. See related links for a list of privilege constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) to remove. See related links for a list of privilege constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>The privilege name(s) to remove.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>If the privilege specified is an invalid constant, an error is written to the error stream.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ EXAMPLE 1: Remove the SeDebugPrivilege ------------</maml:title> <dev:code>PS C:\> Remove-ProcessPrivilege -Name SeDebugPrivilege</dev:code> <dev:remarks> <maml:para>Removes the `SeDebugPrivilege` from the current process.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Privileges</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-WindowsRight</command:name> <command:verb>Remove</command:verb> <command:noun>WindowsRight</command:noun> <maml:description> <maml:para>Removes privilege/right account membership.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Remove an account from the privilege/right membership on the host specified. This cmdlet will run on localhost by default but a remote host can be specified. This requires administrative privileges to run.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-WindowsRight</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) or Right(s) to remove the account from. See related links for a list of privileges and account right constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>Account</maml:name> <maml:description> <maml:para>Remove the accounts specified from the privilege/right.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">IdentityReference[]</command:parameterValue> <dev:type> <maml:name>IdentityReference[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to remove the accounts from, if not set then this will run on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>Account</maml:name> <maml:description> <maml:para>Remove the accounts specified from the privilege/right.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">IdentityReference[]</command:parameterValue> <dev:type> <maml:name>IdentityReference[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>ComputerName</maml:name> <maml:description> <maml:para>The host to remove the accounts from, if not set then this will run on the localhost. This uses the current user's credentials to authenticate with the remote host.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Privilege(s) or Right(s) to remove the account from. See related links for a list of privileges and account right constants that can be used here.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>The privilege/right name(s) to remove the accounts from.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>This cmdlets opens up the LSA policy object with the `POLICY_LOOKUP_NAMES`, and `POLICY_VIEW_LOCAL_INFORMATION` access rights. This will fail if the current user does not have these access rights.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ EXAMPLE 1: Remove privilege from a single account ------</maml:title> <dev:code>PS C:\> $admin = [System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-544") PS C:\> Remove-WindowsRight -Name SeDebugPrivilege -Account $admin</dev:code> <dev:remarks> <maml:para>Removes the local Administrators group from `SeDebugPrivilege` membership.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Privileges</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Account Rights</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/account-rights-constants</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |