Jump to content

Using Permissions.au3 with a certificate?

Recommended Posts

Curious if anyone knows if the permissions UDF can be used with certificates and if so, how.

This is the code in the UDF for $_SE_OBJECT_TYPE which doesn't state anything about certs and not sure if it would fall under one of the object types listed:

Global Enum _ ;$_SE_OBJECT_TYPE
        $SE_UNKNOWN_OBJECT_TYPE = 0, _ ;Unknown object type.
        $SE_FILE_OBJECT, _ ;Indicates a file or directory. Can be an absolute path, such as FileName.dat, C:\DirectoryName\FileName.dat, or a handle to an opened file
        $SE_SERVICE, _;Indicates a Windows service. A service object can be a local service, such as ServiceName, or a remote service, such as \\ComputerName\ServiceName, or a handle to a service
        $SE_PRINTER, _;Indicates a printer. A printer object can be a local printer, such as PrinterName, or a remote printer, such as \\ComputerName\PrinterName.
        $SE_REGISTRY_KEY, _;Indicates a registry key. The names can be in the format 'HKLM\SOFTWARE\Example', or 'HKEY_LOCAL_MACHINE\SOFTWARE\Example'. It can also be a handle to a registry key
        $SE_LMSHARE, _;Indicates a network share. A share object can be local, such as ShareName, or remote, such as \\ComputerName\ShareName.
        $SE_KERNEL_OBJECT, _;Indicates a local kernel object. All types of kernel objects are supported. ie, A process handle obtained with _Permissions_OpenProcess
        $SE_WINDOW_OBJECT, _;Indicates a window station or desktop object on the local computer.
        $SE_DS_OBJECT, _;Indicates a directory service object or a property set or property of a directory service object. e.g.CN=SomeObject,OU=ou2,OU=ou1,DC=DomainName,DC=CompanyName,DC=com,O=internet
        $SE_DS_OBJECT_ALL, _;Indicates a directory service object and all of its property sets and properties.
        $SE_PROVIDER_DEFINED_OBJECT, _;Indicates a provider-defined object.
        $SE_WMIGUID_OBJECT, _;Indicates a WMI object.
        $SE_REGISTRY_WOW64_32KEY;Indicates an object for a registry entry under WOW64.

What I'm trying to do is add another user to a cert in Certificates (Local  Computer) > Personal > Certificates as if using the "manage private keys" command via the MMC.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Psyllex
      I'm trying to install some setup stuff on Win10. 
      One part of the script requires just regular user privileges but the other requires admin privileges.  When I run it from the Autoit Editor it works like a champ.  When I build it, Windows slaps the admin stamp on it and then when I attempt to run the part that only requires regular users....it gets all hosed up. 
      Is there a way to remove #RequireAdmin? 

      I've tried RunAs(username, "", myPassword, "", "cmd.exe", "") but that never seems to work.
      Can someone help me out?
    • By Luigi
      I want use WinHttpRequest to access a OpenShift API server, it use a self signed certificate.
      Does now work...
      I never try with a self signed certificate, how do this?
      Best regards
      Global $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("GET", "https://openshift.domain:1234/api/", False) $oHttp.Option(4) = 0x0100 + 0x0200 + 0x1000 + 0x2000 $oHTTP.Option(9) = 0x0080 ;WinHttpRequestOption_SecureProtocols ;~ $oHttp.SetClientCertificate("LOCAL_MACHINE\\Personal\\certificado.crt") $oHttp.Send() $oHttp.WaitForResponse() Local $oAllHeaders = $oHttp.GetAllResponseHeaders() $oReceived = $oHttp.ResponseText $oStatusCode = $oHttp.Status $oHttp = 0 If $oStatusCode = 200 Then ConsoleWrite("$oAllHeaders--------------------" & @LF & $oAllHeaders & "$oAllHeaders--------------------" & @LF) Else ConsoleWrite("< error = " & $oReceived & @LF & $oAllHeaders & @LF) EndIf  
    • By colombeen
      Hi guys,
      I have a pretty advanced question...
      This is the issue i'm facing :
      On a regular basis we need to install pfx certificates (with password protection) on devices from external companies.
      To install the certificate we always have to contact the user, setup a really dull and long process to get an RDP session to that device, install the certificate.
      I'm looking for :
      a way to generate exe files on the fly, that will include the pfx file and password, and automatically install them without any interaction from the user, and the user not being able to retrieve the password to install the certificate.
      Question :
      Is this possible with AutoIT? And if so, does anyone have a working example for the certificate installation part or the auto generate with file include?
      Thx in advance
    • By ur
      I can check this though signtool.exe and it results in the text output though below command.
      signtool.exe verify /v /pa "C:\test\ftdiport.cat"And this result the output in verbose mode in command prompt or we can redirect it to a text file as below.
      Verifying: C:\test\ftdiport.cat Signing Certificate Chain: Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Expires: 8/2/2028 5:29:59 AM SHA1 hash: 742C3192E607E424EB4549542BE1BBC53E6174E2 Issued to: VeriSign Class 3 Code Signing 2004 CA Issued by: Class 3 Public Primary Certification Authority Expires: 7/16/2014 5:29:59 AM SHA1 hash: 197A4AEBDB25F0170079BB8C73CB2D655E0018A4 Issued to: Future Technology Devices International Ltd Issued by: VeriSign Class 3 Code Signing 2004 CA Expires: 9/30/2010 5:29:59 AM SHA1 hash: 029E8FF6146EE9AEDA68092AB030057165B73A20 The signature is timestamped: 3/31/2010 6:10:55 PM Timestamp Verified by: Issued to: Thawte Timestamping CA Issued by: Thawte Timestamping CA Expires: 1/1/2021 5:29:59 AM SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656 Issued to: VeriSign Time Stamping Services CA Issued by: Thawte Timestamping CA Expires: 12/4/2013 5:29:59 AM SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D Issued to: VeriSign Time Stamping Services Signer - G2 Issued by: VeriSign Time Stamping Services CA Expires: 6/15/2012 5:29:59 AM SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE Successfully verified: C:\Users\ur00361883\Desktop\ftdiport.cat Number of files successfully Verified: 1 Number of warnings: 0 Number of errors: 0  
      One option is to parse this file and I need to get below details.
      Catalog file is Signed/Unsigned and Certificate issued for it and its expiry date.
      Is there any option like some libraries instead of parsing this text file whether in c#,vbscript,autoit or powershell or any platform.
      If no option, please guide me on how to parse this output.
    • By ur
      Is there any library or api in Autoit to check whether a particular driver is signed or not and check for the certificate validity of the driver/catalog file if it is signed.?
  • Create New...