Alex

> Thanks! Sorry about all the changes — I’m not a developer by trade and still learning Git, but I’m committed to getting better at it. Really appreciate you merging...

Thanks for the PR :)

@lodos2005 how do you enable the event tracking? Tried enabling "Administrative Templates\System\Audit Process Creation\Include command line in process creation events" (see [here](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4688#security-monitoring-recommendations)), but i don't see any 4688 events in...

> > @NeffIsBack Can you try with template Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> System Audit Policies -> Detailed Tracking -> Audit...

Can you post the code? That could probably help identifying the problem

> @NeffIsBack yes, I built a standalone reproducer: https://gist.github.com/dadevel/d4e8906424278f65d0cf8b9bf3aea906 Looks indeed like a privilege issue on your side. Your script works flawlessly with the domain admin in my lab: 

Hmm nope, no luck:  Neither with your implementation, nor with the one out of coerce_plus (which does practically the same thing, but wanted to check if there was bug...

Thanks for the PR!

Duplicate to https://github.com/Pennyw0rth/NetExec/issues/854 Probably a good idea tho, as discussed in the issue.

Thanks for the PR, looks really cool! Gonna take a look at it as soon as i got some time to work on all the PRs :)