Revoking "Impersonate" revokes "Tcb" instead
jsdhasfedssad opened this issue · 4 comments
Hi,
I am testing your tool and have stumbled onto what I think is an error. When I try to revoke "Impersonate/SeImpersonatePrivilege" your tool revokes "Tcb/SeTcbPrivilege" instead. I am executing this using an elevated CMD on a DC.
Thanks for reporting!
I will handle it as soon as possible.
I tested on Domain Controller (Windows Server 2019) but failed to replicate your situation :(
As far as I see, it seems that there are no suspicious things in my code.
So I don't seem to be able to do much more than this, but if you have any additional information please let me know.
Strange... Why does it fail for me then?
I tested again using a different account and this time I tried to revoke "IncreaseWorkingSet" instead. Your tool attempts to yet again revoke "Tcb" instead but this time that fails. My DC is also running 2019.
Is there a debug or verbose flag I can use?
This tool converts your input by the following function.
So you can test it by inserting Console.WriteLine(right); into before if statement and Console.WriteLine(userRight.ToString()); into before return true;.
But this is simply compare input string and I have no idea why the conversion is failed in your environment.