Revoking "Impersonate" revokes "Tcb" instead

[jsdhasfedssad]

Hi,

I am testing your tool and have stumbled onto what I think is an error. When I try to revoke "Impersonate/SeImpersonatePrivilege" your tool revokes "Tcb/SeTcbPrivilege" instead. I am executing this using an elevated CMD on a DC.

[daem0nc0re]

Thanks for reporting!
I will handle it as soon as possible.

[daem0nc0re]

I tested on Domain Controller (Windows Server 2019) but failed to replicate your situation :(
As far as I see, it seems that there are no suspicious things in my code.
So I don't seem to be able to do much more than this, but if you have any additional information please let me know.

[jsdhasfedssad]

Strange... Why does it fail for me then?

I tested again using a different account and this time I tried to revoke "IncreaseWorkingSet" instead. Your tool attempts to yet again revoke "Tcb" instead but this time that fails. My DC is also running 2019.

Is there a debug or verbose flag I can use?

[daem0nc0re]

This tool converts your input by the following function.
So you can test it by inserting Console.WriteLine(right); into before if statement and Console.WriteLine(userRight.ToString()); into before return true;.
But this is simply compare input string and I have no idea why the conversion is failed in your environment.

PrivFu/UserRightsUtil/UserRightsUtil/Handler/Execute.cs

Line 61 in cd2d0fb

static bool ResolveRights(string right, out Rights userRight)