TrimarcJake
commented
1 week ago Do you get the same results with just Invoke-Locksmith ?
Open mfgjwaterman opened 2 weeks ago
TrimarcJake
commented
1 week ago Do you get the same results with just Invoke-Locksmith ?
mfgjwaterman
commented
1 week ago Hi Jake,
yes exactly same results.
Let me if you need additional info.
TrimarcJake
commented
1 week ago Okie dokie. I think I see why. Which version(s) of PowerShell are you using?
mfgjwaterman
commented
1 week ago I use both 5.1 and 7.x. Let me know if you need a Guinea pig.
TrimarcJake
commented
1 week ago Do you get the same results when running from a non-elevated prompt?
mfgjwaterman
commented
1 week ago It's the same output on a mic medium and high. I just remembered I tested it only on 5.1. Got a warning on 7 about servermanger being required and running in compat mode. Couldn't get it to work. Anyways, different story. Let's see if we can fix it on 5,1 first.
TrimarcJake
commented
1 day ago Well my lab is almost rebuilt to my previous specs, so expect an update soooon
Hi,
LockSmith Version: v2024.3
On a Windows Server 2022 PKI Infrastructure. I use the following command in an elevated PowerShell:
Invoke-Locksmith -Scans ESC4The output is:
I've manually checked all the templates and can not locate the displayed permissions. Also manually in the "permissions" and the "Effective access" tab to make sure. I'm beginning to think this is a bug?
On the templates User, UserSignature, ClientAuth and EFS, "CORP\Domain Users" only has "Enroll" rights, nothing else. On the templates Machine, IPSECIntermediateOnline , Workstation "CORP\Domain Computers" only has "Enroll" rights, nothing else. On the templates RASAndIASServer "CORP\RAS and IAS Servers", only has "Enroll" rights, nothing else.
Check was done with AdsiEdit in CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,.
If you need additional information, please let me know. Happy to help out.