PSPKI
PSPKI copied to clipboard
Get-CertificationAuthorityAcl is no longer returning ACLs on PowerShell 7.4.1
It seems like there is some change in Powershell 7.4+ that causes the Get-CertificationAuthorityAcl to no longer return data.
Expected behavior (using PSPKI 4.2.0 running on Powershell 7.2.18 on Windows Server 2016 Standard):
(Get-CertificationAuthority CA01.uad-dev.xxx.xxx | Get-CertificationAuthorityAcl).Access
Rights : Enroll
AccessControlType : Allow
IdentityReference : NT AUTHORITY\Authenticated Users
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
Rights : ManageCA, ManageCertificates
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
Rights : ManageCA, ManageCertificates
AccessControlType : Allow
IdentityReference : UAD-DEV\Domain Admins
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
Rights : ManageCA, ManageCertificates
AccessControlType : Allow
IdentityReference : UAD-DEV\Enterprise Admins
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
Behavior using PSPKI 4.2.0 on Powershell 7.4.1 on Windows Server 2016 Standard:
(Get-CertificationAuthority CA01.uad-dev.xxx.xxx | Get-CertificationAuthorityAcl -verbose )
Path Owner Access
---- ----- ------
The Get-CertificationAuthority command works fine, it could be something with the GetSecurityDescriptor method.