PowerShellArsenal icon indicating copy to clipboard operation
PowerShellArsenal copied to clipboard
verified publisher icon mattifestation

You will likely need to run this script elevated

Open b414m opened this issue 9 years ago • 4 comments

Hi! I execute command with Administrator privileges, thanks for all! My PowerShell Version : 5.0.10586.122 in Windows 10 64bits

**PS C:\WINDOWS\system32> $AllPEBs = Get-Process | Get-PEB Get-PEB : Unable to obtain a handle for PID 10844. You will likely need to run this script elevated. At line:1 char:26

  • $AllPEBs = Get-Process | Get-PEB
  •                      ~~~~~~~
    • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
    • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-PEB**

b414m avatar Jun 09 '16 05:06 b414m

If you're on Windows 10, there are system protected processes which can't be accessed from user-space. So even running as Admin won't allow you to open a handle for these processes.

On Jun 8, 2016, at 10:03 PM, b414m [email protected] wrote:

Hi! I execute command with Administrator privileges, thanks for all!

**PS C:\WINDOWS\system32> $AllPEBs = Get-Process | Get-PEB Get-PEB : Unable to obtain a handle for PID 10844. You will likely need to run this script elevated. At line:1 char:26

$AllPEBs = Get-Process | Get-PEB

CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-PEB**
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

secabstraction avatar Jun 09 '16 12:06 secabstraction

On Windows 7 with Version 2 the error is the same only with this command.

b414m avatar Jun 09 '16 14:06 b414m

You might want to make sure that your user account has the SeDebug privilege.

secabstraction avatar Jun 10 '16 02:06 secabstraction

PRIVILEGES INFORMATION

Privilege Name Description State =============================== ========================================= ======== SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled SeSecurityPrivilege Manage auditing and security log Disabled SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled SeLoadDriverPrivilege Load and unload device drivers Disabled SeSystemProfilePrivilege Profile system performance Disabled SeSystemtimePrivilege Change the system time Disabled SeProfileSingleProcessPrivilege Profile single process Disabled SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled SeCreatePagefilePrivilege Create a pagefile Disabled SeBackupPrivilege Back up files and directories Disabled SeRestorePrivilege Restore files and directories Disabled SeShutdownPrivilege Shut down the system Disabled SeDebugPrivilege Debug programs Enabled SeSystemEnvironmentPrivilege Modify firmware environment values Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled SeUndockPrivilege Remove computer from docking station Disabled SeManageVolumePrivilege Perform volume maintenance tasks Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled

b414m avatar Jun 10 '16 03:06 b414m