Open bhuddah opened 1 year ago
Hi! So "Setting token failed" again. Same as #177
Can you please open Local Security Policy, navigate to Local Policies -> User Right Assignments, then right click on an empty space on the right panel and select Export List. Paste the list contents here please. Below is my machine settings:
Check specially Debug programs
and Obtain an impersonation token
.
Policy | Security Setting |
---|---|
Access Credential Manager as a trusted caller | |
Access this computer from the network | Everyone,Administrators,Users,Backup Operators |
Act as part of the operating system | |
Add workstations to domain | |
Adjust memory quotas for a process | LOCAL SERVICE,NETWORK SERVICE,Administrators |
Allow log on locally | Guest,Administrators,Users,Backup Operators |
Allow log on through Remote Desktop Services | Administrators,Remote Desktop Users |
Back up files and directories | Administrators,Backup Operators |
Bypass traverse checking | Everyone,LOCAL SERVICE,NETWORK SERVICE,Administrators,Users,Backup Operators |
Change the system time | LOCAL SERVICE,Administrators |
Change the time zone | LOCAL SERVICE,Administrators,Users |
Create a pagefile | Administrators |
Create a token object | |
Create global objects | LOCAL SERVICE,NETWORK SERVICE,Administrators,SERVICE |
Create permanent shared objects | |
Create symbolic links | Administrators,NT VIRTUAL MACHINE\Virtual Machines |
Debug programs | Administrators |
Deny access to this computer from the network | Guest |
Deny log on as a batch job | |
Deny log on as a service | |
Deny log on locally | Guest |
Deny log on through Remote Desktop Services | |
Enable computer and user accounts to be trusted for delegation | |
Force shutdown from a remote system | Administrators |
Generate security audits | LOCAL SERVICE,NETWORK SERVICE |
Impersonate a client after authentication | LOCAL SERVICE,NETWORK SERVICE,Administrators,SERVICE |
Increase a process working set | Users |
Increase scheduling priority | Administrators,Window Manager\Window Manager Group |
Load and unload device drivers | Administrators |
Lock pages in memory | |
Log on as a batch job | Administrators,Backup Operators,Performance Log Users |
Log on as a service | NT SERVICE\ALL SERVICES,NT VIRTUAL MACHINE\Virtual Machines |
Manage auditing and security log | Administrators |
Modify an object label | |
Modify firmware environment values | Administrators |
Obtain an impersonation token for another user in the same session | Administrators |
Perform volume maintenance tasks | Administrators |
Profile single process | Administrators |
Profile system performance | Administrators,NT SERVICE\WdiServiceHost |
Remove computer from docking station | Administrators,Users |
Alternatively, If you don't want to change the sec policy, you can use attached mode by running
gsudo config ForceAttachedConsole true
... but there is a chance some other minor bugs could ocurr, plus the environment variables wont migrate to the elevated instance...
Issue Description
gsudo fails in PowerShell (5.1) on Microsoft Windows Server 2016 Datacenter with error message:
Steps to Reproduce
Screenshots
Context: