You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Normally server artifacts are collected in the user context of the launching user - this consistently applies the user's ACL to everything the artifact does which is what we want in most cases.
However we sometimes want to provide some very specialized functionality that requires elevated ACLs to low privilege users. For example this artifact allows collecting Quarantine to non admin users
name: Sudo.Quaratine
type: SERVER
parameters:
- name: ClientId
sources:
- query: |
SELECT if(condition=whoami() =~ "^bob$", then=collect_client(artifacts="Windows.Remediation.Quarantine", client_id=ClientId))
FROM scope()
This does not currently work because the artifact runs in the calling user's context and if the calling user is not an admin they can not launch the Quarantine artifact.
We need a way to either:
Set the access token per artifact
Run in the context of another user
The text was updated successfully, but these errors were encountered:
Normally server artifacts are collected in the user context of the launching user - this consistently applies the user's ACL to everything the artifact does which is what we want in most cases.
However we sometimes want to provide some very specialized functionality that requires elevated ACLs to low privilege users. For example this artifact allows collecting Quarantine to non admin users
This does not currently work because the artifact runs in the calling user's context and if the calling user is not an admin they can not launch the Quarantine artifact.
We need a way to either:
The text was updated successfully, but these errors were encountered: