Here I have a running process, I know his name and id, can I somehow see if he has the rights to create and delete files? I could not find anything in Google, so I ask here
2 answers
It is not clear in which directory you want to check the rights (suppose in an arbitrary). The solution is divided into 3 tasks:
- Find the owner of the process. For example:
@set pid = 6880 @for / f "delims =, tokens = 7.8 *" %% i in ('@tasklist / fi "pid eq% pid%" / v / fo csv / nh') do @echo. %% i
- Determine which groups it belongs to.
2.1 If you can perform a task on its behalf, you can create a list:
whoami /group 2.2 Define a list of local groups:
wmic path win32_Group where (LocalAccount = "True") get Name,SID 2.3 Check the matching lists.
- Check the rights.
3.1 Determine the rights to the directory by creating a list:
icacls c:\Directory 3.2 Match lists of groups and rights.
For me, it's better to use powershell to solve the problem.
Daemon-5 Daemon-5
742 four 12
|
By running powershell with administrative rights and running: Get-Process -Name "processname" -IncludeUserName you can find out usera, under which the process is running, and from this determine the rights of the process.
Vadim Bondaruk Vadim Bondaruk
768 3 eleven
|