Open mfgjwaterman opened 2 weeks ago
Do you get the same results with just Invoke-Locksmith
?
Hi Jake,
yes exactly same results.
Let me if you need additional info.
Okie dokie. I think I see why. Which version(s) of PowerShell are you using?
I use both 5.1 and 7.x. Let me know if you need a Guinea pig.
Do you get the same results when running from a non-elevated prompt?
It's the same output on a mic medium and high. I just remembered I tested it only on 5.1. Got a warning on 7 about servermanger being required and running in compat mode. Couldn't get it to work. Anyways, different story. Let's see if we can fix it on 5,1 first.
Well my lab is almost rebuilt to my previous specs, so expect an update soooon
Hi,
LockSmith Version: v2024.3
On a Windows Server 2022 PKI Infrastructure. I use the following command in an elevated PowerShell:
Invoke-Locksmith -Scans ESC4
The output is:
I've manually checked all the templates and can not locate the displayed permissions. Also manually in the "permissions" and the "Effective access" tab to make sure. I'm beginning to think this is a bug?
On the templates User, UserSignature, ClientAuth and EFS, "CORP\Domain Users" only has "Enroll" rights, nothing else. On the templates Machine, IPSECIntermediateOnline , Workstation "CORP\Domain Computers" only has "Enroll" rights, nothing else. On the templates RASAndIASServer "CORP\RAS and IAS Servers", only has "Enroll" rights, nothing else.
Check was done with AdsiEdit in CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,.
If you need additional information, please let me know. Happy to help out.