Skip to content

Commit

Permalink
Merge branch 'development'
Browse files Browse the repository at this point in the history
  • Loading branch information
@potatoqualitee
potatoqualitee committed Sep 18, 2024
2 parents 72a7a40 + a85b606 commit 918182a
Show file tree
Hide file tree
Showing 5 changed files with 113 additions and 103 deletions.
39 changes: 38 additions & 1 deletion bin/dbatools-buildref-index.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"LastUpdated": "2024-07-24T00:00:00",
"LastUpdated": "2024-09-11T00:00:00",
"Data": [
{
"Version": "8.0.47",
Expand Down Expand Up @@ -4119,6 +4119,10 @@
"Version": "13.0.6441",
"KBList": "5040946"
},
{
"Version": "13.0.6445",
"KBList": "5042207"
},
{
"Version": "13.0.7000",
"KBList": "5014242"
Expand All @@ -4139,6 +4143,10 @@
"Version": "13.0.7037",
"KBList": "5040944"
},
{
"Version": "13.0.7040",
"KBList": "5042209"
},
{
"Version": "14.0.1",
"Name": "2017"
Expand Down Expand Up @@ -4204,6 +4212,10 @@
"Version": "14.0.2056",
"KBList": "5040942"
},
{
"Version": "14.0.2060",
"KBList": "5042217"
},
{
"CU": "CU1",
"Version": "14.0.3006",
Expand Down Expand Up @@ -4399,6 +4411,10 @@
"Version": "14.0.3471",
"KBList": "5040940"
},
{
"Version": "14.0.3475",
"KBList": "5042215"
},
{
"Version": "15.0.1000",
"Name": "2019"
Expand Down Expand Up @@ -4448,6 +4464,10 @@
"Version": "15.0.2116",
"KBList": "5040986"
},
{
"Version": "15.0.2120",
"KBList": "5042214"
},
{
"CU": "CU1",
"Version": "15.0.4003",
Expand Down Expand Up @@ -4608,6 +4628,15 @@
"Version": "15.0.4382",
"KBList": "5040948"
},
{
"CU": "CU28",
"Version": "15.0.4385",
"KBList": "5039747"
},
{
"Version": "15.0.4390",
"KBList": "5042749"
},
{
"Version": "16.0.100",
"Name": "2022"
Expand Down Expand Up @@ -4645,6 +4674,10 @@
"Version": "16.0.1121",
"KBList": "5040936"
},
{
"Version": "16.0.1125",
"KBList": "5042211"
},
{
"CU": "CU1",
"Version": "16.0.4003",
Expand Down Expand Up @@ -4730,6 +4763,10 @@
"CU": "CU14",
"Version": "16.0.4135",
"KBList": "5038325"
},
{
"Version": "16.0.4140",
"KBList": "5042578"
}
]
}
2 changes: 1 addition & 1 deletion dbatools.psd1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
RootModule = 'dbatools.psm1'

# Version number of this module.
ModuleVersion = '2.1.22'
ModuleVersion = '2.1.23'

# ID used to uniquely identify this module
GUID = '9d139310-ce45-41ce-8e8b-d76335aa1789'
Expand Down
17 changes: 11 additions & 6 deletions public/Export-DbaUser.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,9 @@ function Export-DbaUser {

$stepCounter = 0
foreach ($dbuser in $users) {
# Clear output for each user
$outsql = @()
$sql = ""

if ($GenerateFilePerUser) {
if ($null -eq $usersProcessed[$dbuser.Name]) {
Expand All @@ -264,7 +267,12 @@ function Export-DbaUser {
}
}

Write-ProgressHelper -TotalSteps $users.Count -Activity "Exporting from $($db.Name)" -StepNumber ($stepCounter++) -Message "Generating script ($FilePath) for user $dbuser"
if ($Passthru) {
$progressMessage = "Generating script for user $dbuser"
} else {
$progressMessage = "Generating script ($FilePath) for user $dbuser"
}
Write-ProgressHelper -TotalSteps $users.Count -Activity "Exporting from $($db.Name)" -StepNumber ($stepCounter++) -Message $progressMessage

#setting database
if (((Test-Bound ScriptingOptionsObject) -and $ScriptingOptionsObject.IncludeDatabaseContext) -or - (Test-Bound ScriptingOptionsObject -Not)) {
Expand Down Expand Up @@ -366,7 +374,7 @@ function Export-DbaUser {
$withGrant = " WITH GRANT OPTION"
$grantDatabasePermission = 'GRANT'
} else {
$withGrant = " "
$withGrant = ""
$grantDatabasePermission = $databasePermission.PermissionState.ToString().ToUpper()
}
if ($Template) {
Expand Down Expand Up @@ -526,7 +534,7 @@ function Export-DbaUser {
$withGrant = " WITH GRANT OPTION"
$grantObjectPermission = 'GRANT'
} else {
$withGrant = " "
$withGrant = ""
$grantObjectPermission = $objectPermission.PermissionState.ToString().ToUpper()
}
if ($Template) {
Expand Down Expand Up @@ -573,9 +581,6 @@ function Export-DbaUser {
$sql | Out-File -Encoding:$Encoding -FilePath $FilePath -Append
}
}
# Clear variables for next user
$outsql = @()
$sql = ""
} else {
$sql
}
Expand Down
155 changes: 62 additions & 93 deletions public/Get-DbaPrivilege.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,18 +56,18 @@ function Get-DbaPrivilege {
)

begin {
$ResolveSID = @'
function Convert-SIDToUserName ([string] $SID ) {
try {
$objSID = New-Object System.Security.Principal.SecurityIdentifier ($SID)
$objUser = $objSID.Translate([System.Security.Principal.NTAccount])
$objUser.Value
} catch {
$SID
}
}
'@
function Convert-SIDToUserName ([string] $SID ) {
try {
$objSID = New-Object System.Security.Principal.SecurityIdentifier ($SID)
$objUser = $objSID.Translate([System.Security.Principal.NTAccount])
$objUser.Value
} catch {
$SID
}
}

$ComputerName = $ComputerName.ComputerName | Select-Object -Unique

}
process {
foreach ($computer in $ComputerName) {
Expand All @@ -78,123 +78,96 @@ function Get-DbaPrivilege {
}

try {
Write-Message -Level Verbose -Message "Exporting Privileges on $computer"
$null = Invoke-Command2 -Raw -ComputerName $computer -Credential $Credential -ScriptBlock {
Write-Message -Level Verbose -Message "Exporting Privileges on $computer and cleaning up temporary files"
$secPol = Invoke-Command2 -Raw -ComputerName $computer -Credential $Credential -ScriptBlock {
$temp = ([System.IO.Path]::GetTempPath()).TrimEnd("")
secedit /export /cfg $temp\secpolByDbatools.cfg > $null
$CFG = Get-Content $temp\secpolByDbatools.cfg -Force
Remove-Item $temp\secpolByDbatools.cfg -Force
$CFG
}

Write-Message -Level Verbose -Message "Getting Batch Logon Privileges on $computer"
$bl = Invoke-Command2 -Raw -ComputerName $computer -Credential $Credential -ArgumentList $ResolveSID -ScriptBlock {
param ($ResolveSID)
. ([ScriptBlock]::Create($ResolveSID))
$temp = ([System.IO.Path]::GetTempPath()).TrimEnd("");
$blEntries = (Get-Content $temp\secpolByDbatools.cfg | Where-Object {
$_ -like "SeBatchLogonRight*"
})

if ($null -ne $blEntries) {
$blEntries.Substring(20).Split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
$blEntries = $secPol | Where-Object { $_ -like "SeBatchLogonRight*" }

$bl = if ($null -ne $blEntries) {
$blEntries.Substring(20).Split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
}
}

if ($bl.count -eq 0) {
Write-Message -Level Verbose -Message "No users with Batch Logon Rights on $computer"
}

Write-Message -Level Verbose -Message "Getting Instant File Initialization Privileges on $computer"
$ifi = Invoke-Command2 -Raw -ComputerName $computer -Credential $Credential -ArgumentList $ResolveSID -ScriptBlock {
param ($ResolveSID)
. ([ScriptBlock]::Create($ResolveSID))
$temp = ([System.IO.Path]::GetTempPath()).TrimEnd("");
$ifiEntries = (Get-Content $temp\secpolByDbatools.cfg | Where-Object {
$_ -like 'SeManageVolumePrivilege*'
})

if ($null -ne $ifiEntries) {
$ifiEntries.Substring(26).Split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
$ifiEntries = $secPol | Where-Object { $_ -like 'SeManageVolumePrivilege*' }

$ifi = if ($null -ne $ifiEntries) {
$ifiEntries.Substring(26).Split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
}
}

if ($ifi.count -eq 0) {
Write-Message -Level Verbose -Message "No users with Instant File Initialization Rights on $computer"
}

Write-Message -Level Verbose -Message "Getting Lock Pages in Memory Privileges on $computer"
$lpim = Invoke-Command2 -Raw -ComputerName $computer -Credential $Credential -ArgumentList $ResolveSID -ScriptBlock {
param ($ResolveSID)
. ([ScriptBlock]::Create($ResolveSID))
$temp = ([System.IO.Path]::GetTempPath()).TrimEnd("");
$lpimEntries = (Get-Content $temp\secpolByDbatools.cfg | Where-Object {
$_ -like 'SeLockMemoryPrivilege*'
})

if ($null -ne $lpimEntries) {
$lpimEntries.Substring(24).Split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
$lpimEntries = $secPol | Where-Object { $_ -like 'SeLockMemoryPrivilege*' }

$lpim = if ($null -ne $lpimEntries) {
$lpimEntries.Substring(24).Split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
}
}

if ($lpim.count -eq 0) {
Write-Message -Level Verbose -Message "No users with Lock Pages in Memory Rights on $computer"
}

Write-Message -Level Verbose -Message "Getting Generate Security Audits Privileges on $computer"
$gsa = Invoke-Command2 -Raw -ComputerName $computer -Credential $Credential -ArgumentList $ResolveSID -ScriptBlock {
param ($ResolveSID)
. ([ScriptBlock]::Create($ResolveSID))
$temp = ([System.IO.Path]::GetTempPath()).TrimEnd("");
$gsaEntries = (Get-Content $temp\secpolByDbatools.cfg | Where-Object {
$_ -like 'SeAuditPrivilege*'
})

if ($null -ne $gsaEntries) {
$gsaEntries.Substring(19).Split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
$gsaEntries = $secPol | Where-Object { $_ -like 'SeAuditPrivilege*' }

$gsa = if ($null -ne $gsaEntries) {
$gsaEntries.Substring(19).Split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
}
}

if ($gsa.count -eq 0) {
Write-Message -Level Verbose -Message "No users with Generate Security Audits Rights on $computer"
}

Write-Message -Level Verbose -Message "Getting Logon as a service Privileges on $computer"
$los = Invoke-Command2 -Raw -ComputerName $computer -Credential $Credential -ArgumentList $ResolveSID -ScriptBlock {
param ($ResolveSID)
. ([ScriptBlock]::Create($ResolveSID))
$temp = ([System.IO.Path]::GetTempPath()).TrimEnd("");
$losEntries = (Get-Content $temp\secpolByDbatools.cfg | Where-Object {
$_ -like "SeServiceLogonRight*"
})

if ($null -ne $losEntries) {
$losEntries.Substring(22).split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
$losEntries = $secPol | Where-Object { $_ -like "SeServiceLogonRight*" }

$los = if ($null -ne $losEntries) {
$losEntries.Substring(22).split(",") | ForEach-Object {
if ($_ -match '^\*S-') {
Convert-SIDToUserName -SID $_.TrimStart('*')
} else {
$_
}
}
}

if ($los.count -eq 0) {
Write-Message -Level Verbose -Message "No users with Logon as a service Rights on $computer"
}
Expand All @@ -211,11 +184,7 @@ function Get-DbaPrivilege {
LogonAsAService = $los -contains $_
}
}
Write-Message -Level Verbose -Message "Removing secpol file on $computer"
Invoke-Command2 -Raw -ComputerName $computer -Credential $Credential -ScriptBlock {
$temp = ([System.IO.Path]::GetTempPath()).TrimEnd("")
Remove-Item $temp\secpolByDbatools.cfg -Force
}

} catch {
Stop-Function -Continue -Message "Failure" -ErrorRecord $_ -Target $computer
}
Expand Down
3 changes: 1 addition & 2 deletions public/Reset-DbaAdmin.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,6 @@ function Reset-DbaAdmin {
}
} catch {
Stop-Service -InputObject $sqlservice -Force -ErrorAction SilentlyContinue

if ($isClustered) {
$clusterResource | Where-Object Name -EQ "SQL Server" | ForEach-Object { $_.BringOnline(60) }
$clusterResource | Where-Object Name -NE "SQL Server" | ForEach-Object { $_.BringOnline(60) }
Expand All @@ -332,7 +331,7 @@ function Reset-DbaAdmin {
Start-Sleep 3
$null = Invoke-ResetSqlCmd -instance $instance -Sql "SELECT 1" -EnableException
} catch {
Stop-Service Input-Object $sqlservice -Force -ErrorAction SilentlyContinue
Stop-Service -InputObject $sqlservice -Force -ErrorAction SilentlyContinue
if ($isClustered) {
$clusterResource | Where-Object { $_.Name -eq "SQL Server" } | ForEach-Object { $_.BringOnline(60) }
$clusterResource | Where-Object { $_.Name -ne "SQL Server" } | ForEach-Object { $_.BringOnline(60) }
Expand Down

0 comments on commit 918182a

Please sign in to comment.