@@ -6,8 +6,10 @@ $global:ConnectedState = $false # Default value
66$global :managedIdentities
77$global :clearExistingPermissions
88$global :darkModeStateUI
9+ $global :sortedManagedIdentities
10+ $global :filteredManagedIdentities
911
10- $global :FormVersion = " 1.0.0.1 "
12+ $global :FormVersion = " 1.0.0.2 "
1113$global :Author = " Michael Morten Sonne"
1214$global :ToolName = " Managed Identity Permission Manager"
1315$global :AuthorEmail = " "
@@ -22,29 +24,123 @@ $LogPath = "$Env:USERPROFILE\AppData\Local\$global:ToolName"
2224# Variable that provides the location of the script
2325[string ]$ScriptDirectory = Get-ScriptDirectory
2426
27+ function StartAsAdmin
28+ {
29+ # Check if the current process is running with elevated privileges
30+ $isElevated = ([Security.Principal.WindowsPrincipal ][Security.Principal.WindowsIdentity ]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole ]::Administrator)
31+
32+ if (-not $isElevated )
33+ {
34+ # Restart the current process as administrator
35+ $processPath = [System.Diagnostics.Process ]::GetCurrentProcess().MainModule.FileName
36+ # $arguments = "-NoProfile -ExecutionPolicy Bypass -File `"$processPath`""
37+
38+ Write-Log - Level INFO - Message " Restarting $processPath as administrator..."
39+ Start-Process $processPath - Verb RunAs
40+
41+ # Exit the current process
42+ [System.Environment ]::Exit (0 )
43+ }
44+ }
45+
46+ function Is-Administrator
47+ {
48+ # Get the current Windows identity
49+ $currentIdentity = [Security.Principal.WindowsIdentity ]::GetCurrent()
50+
51+ # Create a Windows principal object
52+ $principal = New-Object Security.Principal.WindowsPrincipal($currentIdentity )
53+
54+ # Check if the current principal is in the Administrator role
55+ return $principal.IsInRole ([Security.Principal.WindowsBuiltInRole ]::Administrator)
56+ }
57+
58+ function Get-CurrentExecutionFilename
59+ {
60+ # Get the current execution location
61+ $currentLocation = Get-Location
62+
63+ # Get the path of the currently executing assembly
64+ # Get the path of the currently running process
65+ $processPath = [System.Diagnostics.Process ]::GetCurrentProcess().MainModule.FileName
66+ $scriptName = [System.IO.Path ]::GetFileName($processPath )
67+
68+ # Get the current hostname using the .NET method
69+ $hostname = [System.Net.Dns ]::GetHostName()
70+
71+ # Output the current location and script name
72+ Write-Log - Level INFO - Message " Current execution location: '$ ( $currentLocation.Path ) \$scriptName ' on host '$hostname '"
73+ }
74+
2575# Checks the current execution policy for the process
2676function Check-ExecutionPolicy
2777{
78+ # StartAsAdmin
79+
80+ if (Is- Administrator)
81+ {
82+ # TODO
83+ }
84+
2885 try
2986 {
3087 Write-Log - Level INFO - Message " Getting PowerShell execution policy..."
31- $executionPolicy = Get-ExecutionPolicy - Scope Process
32- if ($executionPolicy -ne " Unrestricted" -and $executionPolicy -ne " Bypass" )
88+ $executionPolicies = Get-ExecutionPolicy - List
89+
90+ # Concatenate execution policies into a single string
91+ $policyString = ($executionPolicies | ForEach-Object { " $ ( $_.Scope ) : $ ( $_.ExecutionPolicy ) " }) -join " , "
92+ Write-Log - Level INFO - Message " Execution policies: $policyString "
93+
94+ $processPolicy = $executionPolicies | Where-Object { $_.Scope -eq ' Process' }
95+ $currentUserPolicy = $executionPolicies | Where-Object { $_.Scope -eq ' CurrentUser' }
96+ $effectivePolicy = $executionPolicies | Where-Object { $_.Scope -eq ' MachinePolicy' -or $_.Scope -eq ' UserPolicy' }
97+
98+ if ($effectivePolicy.ExecutionPolicy -ne ' Undefined' )
3399 {
34- Write-Log - Level INFO - Message " Current execution policy is '$executionPolicy '."
100+ Write-Log - Level INFO - Message " Execution policy is set by Group Policy. Current effective policy is '$ ( $effectivePolicy.ExecutionPolicy ) '."
101+ return
102+ }
103+
104+ if ($processPolicy.ExecutionPolicy -ne " Unrestricted" -and $processPolicy.ExecutionPolicy -ne " Bypass" )
105+ {
106+ Write-Log - Level INFO - Message " Current process execution policy is '$ ( $processPolicy.ExecutionPolicy ) '."
35107
36- Set-ExecutionPolicy - Scope Process - ExecutionPolicy Bypass - Force
37- Write-Log - Level INFO - Message " Execution policy set to 'Bypass' for the current process."
108+ try
109+ {
110+ Set-ExecutionPolicy - Scope Process - ExecutionPolicy Bypass - Force
111+ Write-Log - Level INFO - Message " Execution policy set to 'Bypass' for the current process."
112+ }
113+ catch
114+ {
115+ if ($_.Exception.Message -match " Security error" )
116+ {
117+ Write-Log - Level WARN - Message " Security error encountered. Attempting to set execution policy to 'RemoteSigned'..."
118+ try
119+ {
120+ Set-ExecutionPolicy - Scope Process - ExecutionPolicy RemoteSigned - Force
121+ Write-Log - Level INFO - Message " Execution policy set to 'RemoteSigned' for the current process."
122+ }
123+ catch
124+ {
125+ Write-Log - Level ERROR - Message " Failed to set execution policy to 'RemoteSigned': $ ( $_.Exception.Message ) "
126+
127+ StartAsAdmin
128+ }
129+ }
130+ else
131+ {
132+ Write-Log - Level ERROR - Message " Failed to set execution policy: $ ( $_.Exception.Message ) "
133+ }
134+ }
38135 }
39136 else
40137 {
41- Write-Log - Level INFO - Message " Current execution policy is '$executionPolicy '. No need to change."
138+ Write-Log - Level INFO - Message " Current process execution policy is '$ ( $processPolicy .ExecutionPolicy ) '. No need to change."
42139 }
43140 }
44141 catch
45142 {
46- Write-Log - Level ERROR - Message " Failed to set execution policy: $ ( $_.Exception.Message ) "
47- throw
143+ Write-Log - Level ERROR - Message " An error occurred: $ ( $_.Exception.Message ) "
48144 }
49145}
50146
@@ -421,7 +517,8 @@ function ConnectToGraph
421517function Get-CurrentAppRoleAssignments
422518{
423519 param (
424- [string ]$ManagedIdentityID
520+ [string ]$ManagedIdentityID ,
521+ [string ]$ManagedIdentityName
425522 )
426523
427524 $result = " "
@@ -430,15 +527,15 @@ function Get-CurrentAppRoleAssignments
430527 # Retrieve the current app role assignments for the specified service principal
431528
432529 # Log
433- Write-Log - Level INFO - Message " Getting permissions for Managed Identity with Id: '$ManagedIdentityID '"
530+ Write-Log - Level INFO - Message " Getting permissions for Managed Identity with Id: '$ManagedIdentityID ' name ' $ManagedIdentityName ' "
434531
435532 # Get current role assignments
436533 $currentAppRoles = Get-MgServicePrincipalAppRoleAssignment - ServicePrincipalId $ManagedIdentityID - All - ErrorAction Stop
437534
438535 # Of any roles assigned
439536 if ($currentAppRoles )
440537 {
441- $result += " Current permissions assignments for Managed Identity ID '$ManagedIdentityID ':`r`n "
538+ $result += " Current permissions assignments for Managed Identity ID '$ManagedIdentityID ' name ' $ManagedIdentityName ' :`r`n "
442539 foreach ($appRole in $currentAppRoles )
443540 {
444541 # Resolve ResourceId to Service Principal Name
@@ -465,14 +562,14 @@ AppRoleScope: '$appRoleScope'
465562 }
466563
467564 # Log
468- Write-Log - Level INFO - Message " Got current assigned permissions for Managed Identity ID '$ManagedIdentityID '"
565+ Write-Log - Level INFO - Message " Got current assigned permissions for Managed Identity ID '$ManagedIdentityID ' name ' $ManagedIdentityName ' "
469566 }
470567 else
471568 {
472- $result += " No AppRole assignments found for Managed Identity ID '$ManagedIdentityID '.`r`n "
569+ $result += " No AppRole assignments found for Managed Identity ID '$ManagedIdentityID ' name ' $ManagedIdentityName .`r`n "
473570
474571 # Log
475- Write-Log - Level INFO - Message " No AppRole assignments found for Managed Identity ID '$ManagedIdentityID '"
572+ Write-Log - Level INFO - Message " No AppRole assignments found for Managed Identity ID '$ManagedIdentityID ' name ' $ManagedIdentityName "
476573 }
477574 }
478575 catch
@@ -847,4 +944,4 @@ function Remove-AllServicePrincipalPermissions
847944 # Log
848945 Write-Log - Level ERROR - Message " Error removing all permissions for managed identity '$ManagedIdentityID ': $ ( $_.Exception.Message ) "
849946 }
850- }
947+ }
0 commit comments