Skip to content

Instantly share code, notes, and snippets.

@justaguywhocodes
Created June 27, 2025 15:29
Show Gist options
  • Save justaguywhocodes/9229f5c4ef5fe189f18bbdac74ad6a94 to your computer and use it in GitHub Desktop.
Save justaguywhocodes/9229f5c4ef5fe189f18bbdac74ad6a94 to your computer and use it in GitHub Desktop.
$VarD=$null
$VarS=$null
$ResultsD=$null
$ResultsS=$null
$Service="mslldp"
$AddPermissions="(A;;CCLCSWLOCRRC;;;SU)"
$VarAccount="SU"
[string]$RawResults=sc.exe sdshow $Service
$RegexPatternALL='(D:)(\(.*\))(S:)(\(.*\))|(S:)(\(.*\))|(D:)(\(.*\))'
# Match 0 is the complete string
# Match 1 is the D: label if both sections are present
# Match 2 is the D: section permissions if both sections are present
# Match 3 is the S: label if both sections are present
# Match 4 is the S: section permissions if both sections are present
# Match 5 is the S: label if only the S: section is present
# Match 6 is the S: section permissions if only the S: section is present
# Match 7 is the D: label if only the D: section is present
# Match 8 is the D: section permissions if only the D: section is present
$RawResults -match $RegexPatternALL | out-null
#$Matches
# Find the D: section
if ($null -eq $matches[1]){
$VarD=$Matches[8]
}
else {
$VarD=$Matches[2]
}
#Find the S: section
if ($null -eq $Matches[3]) {
$VarS=$Matches[6]
}
else {
$VarS=$Matches[4]
}
# Split the results into individual items then strip out the open and close parenthesis from all objects.
if ($null -ne $VarD){
[array]$ResultsD=$VarD -split '\)\(' | foreach-object {$_ -replace "\(", ""} | foreach-object {$_ -replace "\)", ""}
}
if ($null -ne $VarS){
[array]$ResultsS=$VarS -split '\)\(' | foreach-object {$_ -replace "\(", ""} | foreach-object {$_ -replace "\)", ""}
}
write-output "`nD:"
$ResultsD
write-output "`nS:"
$ResultsS
# Build new SD permission string so to confirm if the values are parsed correctly.
$ExistingPermissions=$null
if ($null -ne $ResultsD){
# This is the first element in the array
$ExistingPermissions=$ExistingPermissions + "D:"
for ($i=0; $i -lt $ResultsD.count; $i++) {
$ExistingPermissions=$ExistingPermissions + "(" + $ResultsD[$i] + ")"
}
}
if ($null -ne $ResultsS){
$ExistingPermissions=$ExistingPermissions + "S:"
for ($i=0; $i -lt $ResultsS.count; $i++) {
$ExistingPermissions=$ExistingPermissions + "(" + $ResultsS[$i] + ")"
}
}
write-output "`nParsed permissions:"
$ExistingPermissions
write-output "`nOriginal permissions:"
$RawResults.trim()
# Compare the newly build results with the original results (trimming whitespace).
# Only add the new permissions if we could properly build a string with the existing data which matched the original permission string.
if ($ExistingPermissions -eq $RawResults.trim()) {
Write-Output "`nCorrectly identified existing permissions."
# Make sure that the permissions we are setting are not already in the existing permission string.
if ($ExistingPermissions -notmatch $VarAccount){
write-output "`nBuilding new permissions string..."
$NewPermissions=$null
if ($null -ne $ResultsD){
# This is the first element in the array
$NewPermissions=$NewPermissions + "D:"
for ($i=0; $i -lt $ResultsD.count; $i++) {
$NewPermissions=$NewPermissions + "(" + $ResultsD[$i] + ")"
}
$NewPermissions=$NewPermissions + $AddPermissions
}
if ($null -ne $ResultsS){
$NewPermissions=$NewPermissions + "S:"
for ($i=0; $i -lt $ResultsS.count; $i++) {
$NewPermissions=$NewPermissions + "(" + $ResultsS[$i] + ")"
}
}
write-output "`nNew permissions string will be:"
$NewPermissions
# sc.exe sdset $service $NewPermissions
}
else {
write-output "Permissions for this account already exist. Please review."
exit 1
}
}
else {
write-output "`nUnable to properly parse the permission results. Please review."
exit 1
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment