PSPKI Get-CertificationAuthorityAcl is no longer returning ACLs on PowerShell 7.4.1

Get-CertificationAuthorityAcl is no longer returning ACLs on PowerShell 7.4.1

Open marcgoff opened this issue 5 months ago • 1 comments

It seems like there is some change in Powershell 7.4+ that causes the Get-CertificationAuthorityAcl to no longer return data.

Expected behavior (using PSPKI 4.2.0 running on Powershell 7.2.18 on Windows Server 2016 Standard):

(Get-CertificationAuthority CA01.uad-dev.xxx.xxx |  Get-CertificationAuthorityAcl).Access

Rights            : Enroll
AccessControlType : Allow
IdentityReference : NT AUTHORITY\Authenticated Users
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

Rights            : ManageCA, ManageCertificates
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

Rights            : ManageCA, ManageCertificates
AccessControlType : Allow
IdentityReference : UAD-DEV\Domain Admins
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

Rights            : ManageCA, ManageCertificates
AccessControlType : Allow
IdentityReference : UAD-DEV\Enterprise Admins
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

Behavior using PSPKI 4.2.0 on Powershell 7.4.1 on Windows Server 2016 Standard:

(Get-CertificationAuthority CA01.uad-dev.xxx.xxx |  Get-CertificationAuthorityAcl -verbose )

Path Owner Access
---- ----- ------

The Get-CertificationAuthority command works fine, it could be something with the GetSecurityDescriptor method.

Feb 06 '24 16:02 marcgoff

PSPKI PSPKI copied to clipboard

Get-CertificationAuthorityAcl is no longer returning ACLs on PowerShell 7.4.1

PSPKI
PSPKI copied to clipboard