justaguywhocodes · June 27, 2025 15:29
diff --git a/Convert-SDDL.ps1 b/Convert-SDDL.ps1
 $VarD=$null
 $VarS=$null
 $ResultsD=$null
 $ResultsS=$null
 $Service="mslldp"
 $AddPermissions="(A;;CCLCSWLOCRRC;;;SU)"
 $VarAccount="SU"
 [string]$RawResults=sc.exe sdshow $Service
 $RegexPatternALL='(D:)(\(.*\))(S:)(\(.*\))|(S:)(\(.*\))|(D:)(\(.*\))'

 # Match 0 is the complete string
 # Match 1 is the D: label if both sections are present
 # Match 2 is the D: section permissions if both sections are present
 # Match 3 is the S: label if both sections are present
 # Match 4 is the S: section permissions if both sections are present
 # Match 5 is the S: label if only the S: section is present
 # Match 6 is the S: section permissions if only the S: section is present
 # Match 7 is the D: label if only the D: section is present
 # Match 8 is the D: section permissions if only the D: section is present

 $RawResults -match $RegexPatternALL | out-null
 #$Matches
 # Find the D: section
 if ($null -eq $matches[1]){
    $VarD=$Matches[8]
 }
 else {
    $VarD=$Matches[2]
 }

 #Find the S: section
 if ($null -eq $Matches[3]) {
    $VarS=$Matches[6]
 }
 else {
    $VarS=$Matches[4]
 }

 # Split the results into individual items then strip out the open and close parenthesis from all objects.
 if ($null -ne $VarD){
    [array]$ResultsD=$VarD -split '\)\(' | foreach-object {$_ -replace "\(", ""} | foreach-object {$_ -replace "\)", ""}
 }
 if ($null -ne $VarS){
    [array]$ResultsS=$VarS -split '\)\(' | foreach-object {$_ -replace "\(", ""} | foreach-object {$_ -replace "\)", ""}
 }

 write-output "`nD:"
 $ResultsD

 write-output "`nS:"
 $ResultsS

 # Build new SD permission string so to confirm if the values are parsed correctly.
 $ExistingPermissions=$null
 if ($null -ne $ResultsD){
    # This is the first element in the array
    $ExistingPermissions=$ExistingPermissions + "D:"
    for ($i=0; $i -lt $ResultsD.count; $i++) {
        $ExistingPermissions=$ExistingPermissions + "(" + $ResultsD[$i] + ")"
    }
 }
 if ($null -ne $ResultsS){
    $ExistingPermissions=$ExistingPermissions + "S:"
    for ($i=0; $i -lt $ResultsS.count; $i++) {
        $ExistingPermissions=$ExistingPermissions + "(" + $ResultsS[$i] + ")"
    }
 }
 write-output "`nParsed permissions:"
 $ExistingPermissions
 write-output "`nOriginal permissions:"
 $RawResults.trim()
 # Compare the newly build results with the original results (trimming whitespace).
 # Only add the new permissions if we could properly build a string with the existing data which matched the original permission string.
 if ($ExistingPermissions -eq $RawResults.trim()) {
    Write-Output "`nCorrectly identified existing permissions."
    # Make sure that the permissions we are setting are not already in the existing permission string.
    if ($ExistingPermissions -notmatch $VarAccount){
        write-output "`nBuilding new permissions string..."
        $NewPermissions=$null
        if ($null -ne $ResultsD){
            # This is the first element in the array
            $NewPermissions=$NewPermissions + "D:"
            for ($i=0; $i -lt $ResultsD.count; $i++) {
                $NewPermissions=$NewPermissions + "(" + $ResultsD[$i] + ")"
            }
            $NewPermissions=$NewPermissions + $AddPermissions
        }
        if ($null -ne $ResultsS){
            $NewPermissions=$NewPermissions + "S:"
            for ($i=0; $i -lt $ResultsS.count; $i++) {
                $NewPermissions=$NewPermissions + "(" + $ResultsS[$i] + ")"
            }
        }
        write-output "`nNew permissions string will be:"
        $NewPermissions
        # sc.exe sdset $service $NewPermissions
    }
    else {
        write-output "Permissions for this account already exist. Please review."
        exit 1
    }

 }
 else {
    write-output "`nUnable to properly parse the permission results. Please review."
    exit 1
 }
	$VarD=$null
	$VarS=$null
	$ResultsD=$null
	$ResultsS=$null
	$Service="mslldp"
	$AddPermissions="(A;;CCLCSWLOCRRC;;;SU)"
	$VarAccount="SU"
	[string]$RawResults=sc.exe sdshow $Service
	$RegexPatternALL='(D:)(\(.\))(S:)(\(.\))\|(S:)(\(.\))\|(D:)(\(.\))'

	# Match 0 is the complete string
	# Match 1 is the D: label if both sections are present
	# Match 2 is the D: section permissions if both sections are present
	# Match 3 is the S: label if both sections are present
	# Match 4 is the S: section permissions if both sections are present
	# Match 5 is the S: label if only the S: section is present
	# Match 6 is the S: section permissions if only the S: section is present
	# Match 7 is the D: label if only the D: section is present
	# Match 8 is the D: section permissions if only the D: section is present

	$RawResults -match $RegexPatternALL \| out-null
	#$Matches
	# Find the D: section
	if ($null -eq $matches[1]){
	$VarD=$Matches[8]
	}
	else {
	$VarD=$Matches[2]
	}

	#Find the S: section
	if ($null -eq $Matches[3]) {
	$VarS=$Matches[6]
	}
	else {
	$VarS=$Matches[4]
	}

	# Split the results into individual items then strip out the open and close parenthesis from all objects.
	if ($null -ne $VarD){
	[array]$ResultsD=$VarD -split '\)\(' \| foreach-object {$_ -replace "\(", ""} \| foreach-object {$_ -replace "\)", ""}
	}
	if ($null -ne $VarS){
	[array]$ResultsS=$VarS -split '\)\(' \| foreach-object {$_ -replace "\(", ""} \| foreach-object {$_ -replace "\)", ""}
	}

	write-output "`nD:"
	$ResultsD

	write-output "`nS:"
	$ResultsS

	# Build new SD permission string so to confirm if the values are parsed correctly.
	$ExistingPermissions=$null
	if ($null -ne $ResultsD){
	# This is the first element in the array
	$ExistingPermissions=$ExistingPermissions + "D:"
	for ($i=0; $i -lt $ResultsD.count; $i++) {
	$ExistingPermissions=$ExistingPermissions + "(" + $ResultsD[$i] + ")"
	}
	}
	if ($null -ne $ResultsS){
	$ExistingPermissions=$ExistingPermissions + "S:"
	for ($i=0; $i -lt $ResultsS.count; $i++) {
	$ExistingPermissions=$ExistingPermissions + "(" + $ResultsS[$i] + ")"
	}
	}
	write-output "`nParsed permissions:"
	$ExistingPermissions
	write-output "`nOriginal permissions:"
	$RawResults.trim()
	# Compare the newly build results with the original results (trimming whitespace).
	# Only add the new permissions if we could properly build a string with the existing data which matched the original permission string.
	if ($ExistingPermissions -eq $RawResults.trim()) {
	Write-Output "`nCorrectly identified existing permissions."
	# Make sure that the permissions we are setting are not already in the existing permission string.
	if ($ExistingPermissions -notmatch $VarAccount){
	write-output "`nBuilding new permissions string..."
	$NewPermissions=$null
	if ($null -ne $ResultsD){
	# This is the first element in the array
	$NewPermissions=$NewPermissions + "D:"
	for ($i=0; $i -lt $ResultsD.count; $i++) {
	$NewPermissions=$NewPermissions + "(" + $ResultsD[$i] + ")"
	}
	$NewPermissions=$NewPermissions + $AddPermissions
	}
	if ($null -ne $ResultsS){
	$NewPermissions=$NewPermissions + "S:"
	for ($i=0; $i -lt $ResultsS.count; $i++) {
	$NewPermissions=$NewPermissions + "(" + $ResultsS[$i] + ")"
	}
	}
	write-output "`nNew permissions string will be:"
	$NewPermissions
	# sc.exe sdset $service $NewPermissions
	}
	else {
	write-output "Permissions for this account already exist. Please review."
	exit 1
	}

	}
	else {
	write-output "`nUnable to properly parse the permission results. Please review."
	exit 1
	}