Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Powershell returns SecurityException

See original GitHub issue

I’m trying to execute some PS scripts as another user.

Here is the function :

public string GetSizeLecteurH(string GID, string Serveur)
        {
            using (SimpleImpersonation.Impersonation.LogonUser(Login.Split('\\')[0], Login.Split('\\')[1], Password, SimpleImpersonation.LogonType.Interactive))
            {
                using (PowerShell PowerShellInstance = PowerShell.Create())
                {
                    PowerShellInstance.AddScript(TestLecteurH);
                    PowerShellInstance.AddParameter("GID", GID);
                    PowerShellInstance.AddParameter("Serveur", Serveur);
                    //PowerShellInstance.AddParameter("credential", Credential);

                    Collection<PSObject> PSOutput = PowerShellInstance.Invoke();
                    try
                    {
                        if (!PowerShellInstance.HadErrors) return PSOutput.Count > 0 ? PSOutput.ElementAt(0).ToString() : "pas de retour";
                        else return PowerShellInstance.Streams.Error.ElementAt(0).Exception + "";
                    }
                    catch (Exception e)
                    {
                        Debug.WriteLine(e.StackTrace);
                        return "inexistant";
                    }
                }
            }
        }

I’m providing a string for the Login var as “domain\login”.

When I execute this code, the Collection<PSOutput> returns a “System.Security.SecurityException” : Requested registry access is not allowed

However it will works if I do not use the Impersonation and just run the entire script as the identity I’m passing to the LogonUser function.

I’m a bit lost, how can I avoid this error ?

Issue Analytics

State:
Created 6 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

mattjohnsonpintcommented, Feb 26, 2018

Hmmm… I’m not sure if one can impersonate the execution of a PowerShell environment or not. It would seem maybe not.

Maybe better to impersonate in the PowerShell script itself? I haven’t tried it, but I see one such script here.

0reactions

mattjohnsonpintcommented, Jul 18, 2018

With the new API, the handle is available, so the @jamezor changes referenced above should be able to be done outside of this library.

Top Results From Across the Web

Powershell returns SecurityException · Issue #24

When I execute this code, the Collection returns a "System.Security.SecurityException" : Requested registry access is not allowed.

c# - Exception thrown as "Security error" while invoking ...

Invoking powershell. ... The above code working fine while running in console application but throws exception while running in mvc application.

Set-ExecutionPolicy (Microsoft.PowerShell.Security)

This cmdlet returns no output. Notes. Set-ExecutionPolicy doesn't change the MachinePolicy and UserPolicy scopes because they are set by Group Policies.

How to enable execution of PowerShell scripts?

The answer was to go into the Local Group Policy Editor -> Local Computer Policy -> Administrative Templates -> Windows Components -> Windows ......

15 Ways to Bypass the PowerShell Execution Policy

Before being able to use all of the wonderful features PowerShell has to offer, attackers may have to bypass the “Restricted” execution policy....