Hi all,
I have a user who needs a very specific Wireshark plugin. Wireshark plugins are just DLLs (on Windows) that need permissions to execute. It’s easy enough to copy the file in, and I thought I’d use PowerShell with get-acl and set-acl to copy the permissions from one of the default plugins. The added fun is Wireshark’s plugin directory is named by version; as a result I needed some gnarly relevance to cough out the right path.
This is the command:
waithidden powershell -ExecutionPolicy Bypass -command "{{$theacl = get-acl '{value of variable "programw6432" of environment}\Wireshark\plugins\{(value "DisplayVersion" of key whose ( value "DisplayName" of it as string contains "Wireshark" ) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry) as string}\ethercat.dll' ; set-acl '{value of variable "programw6432" of environment}\Wireshark\plugins\{(value "DisplayVersion" of key whose ( value "DisplayName" of it as string contains "Wireshark" ) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry) as string}\f5ethtrailer.dll' $theacl}"
And then in the log, it runs and exits with error code 0:
Command started - waithidden powershell -ExecutionPolicy Bypass -command "{$theacl = get-acl "C:\Program Files\Wireshark\plugins\1.12.6\ethercat.dll" ; set-acl "C:\Program Files\Wireshark\plugins\1.12.6\f5ethtrailer.dll" $theacl}" (action:55391)
Command succeeded (Exit Code=0) waithidden powershell -ExecutionPolicy Bypass -command "{$theacl = get-acl "C:\Program Files\Wireshark\plugins\1.12.6\ethercat.dll" ; set-acl "C:\Program Files\Wireshark\plugins\1.12.6\f5ethtrailer.dll" $theacl}" (action:55391)
But when I use get-acl to verify it, the ACLs haven’t changed. Naturally, the same powershell command line works fine in the normal PowerShell.
Ideas or suggestions welcome. Thanks!