TinCanTech
commented
1 month ago Important note: secure_session()
# atomic:
if mkdir "$secured_session"; thendoes not work as expected because mkdir.exe always returns zero, no matter the actual result. Since Windows 10/11.
Also, easyrsa_mkdir() is not atomic.
On Windows 11, Easy-RSA requires Administrator Access.
According to extensive testing: Windows 11 will only allow MKSH:
sh.exeto function, if full admin privileges have been granted via the Windows-User-Access-Control interface.This restriction means that Easy-RSA will not run from any directory (System or User), unless full admin privileges have been granted via WUAC.