Description
Gets all of the tokens stored in the TokenManager.
Overview
This script will return all of the token objects stored in the TokenManager. By default, there is only one token for the current user context, but additional tokens may be added through commands such as Get-System.
Dependencies
- credentials
Operating Systems
- Windows
Example Text
Name : helpdesk
Domain : DESKTOP-LMCH70V
SID : S-1-5-21-3175321519-4186628844-3469316858-1001
Groups : {BUILTIN\Administrators, BUILTIN\Performance Log Users, BUILTIN\Users, CONSOLE LOGON…}
Scope : Local
Type : TokenPrimary
Privileges : {@{Name=SeIncreaseQuotaPrivilege; Attributes=None}, @{Name=SeSecurityPrivilege; Attributes=None}, @{Name=SeTakeOwnershipPrivilege; Attributes=None}, @{Name=SeLoadDriverPrivilege; Attributes=None}…}
IsAdministrator : True
Name : SYSTEM
Domain : NT AUTHORITY
SID : S-1-5-18
Groups : {BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users}
Scope : Local
Type : TokenPrimary
Privileges : {@{Name=SeAssignPrimaryTokenPrivilege; Attributes=None}, @{Name=SeLockMemoryPrivilege; Attributes=UsedForAccess}, @{Name=SeIncreaseQuotaPrivilege; Attributes=None}, @{Name=SeTcbPrivilege; Attributes=UsedForAccess}…}
IsAdministrator : True
Example Json
[
{
"Name": "helpdesk",
"Domain": "DESKTOP-LMCH70V",
"SID": "S-1-5-21-3175321519-4186628844-3469316858-1001",
"Groups": [
"BUILTIN\\Administrators",
"BUILTIN\\Performance Log Users",
"BUILTIN\\Users",
"CONSOLE LOGON",
"DESKTOP-LMCH70V\\None",
"Everyone",
"LOCAL",
"NT AUTHORITY\\Authenticated Users",
"NT AUTHORITY\\INTERACTIVE",
"NT AUTHORITY\\Local account",
"NT AUTHORITY\\Local account and member of Administrators group",
"NT AUTHORITY\\NTLM Authentication",
"NT AUTHORITY\\This Organization"
],
"Scope": "Local",
"Type": "TokenPrimary",
"Privileges": [
{
"Name": "SeIncreaseQuotaPrivilege",
"Attributes": "None"
},
{
"Name": "SeSecurityPrivilege",
"Attributes": "None"
},
{
"Name": "SeTakeOwnershipPrivilege",
"Attributes": "None"
},
{
"Name": "SeLoadDriverPrivilege",
"Attributes": "None"
},
{
"Name": "SeSystemProfilePrivilege",
"Attributes": "None"
},
{
"Name": "SeSystemtimePrivilege",
"Attributes": "None"
},
{
"Name": "SeProfileSingleProcessPrivilege",
"Attributes": "None"
},
{
"Name": "SeIncreaseBasePriorityPrivilege",
"Attributes": "None"
},
{
"Name": "SeCreatePagefilePrivilege",
"Attributes": "None"
},
{
"Name": "SeBackupPrivilege",
"Attributes": "None"
},
{
"Name": "SeRestorePrivilege",
"Attributes": "None"
},
{
"Name": "SeShutdownPrivilege",
"Attributes": "None"
},
{
"Name": "SeDebugPrivilege",
"Attributes": "Enabled"
},
{
"Name": "SeSystemEnvironmentPrivilege",
"Attributes": "None"
},
{
"Name": "SeChangeNotifyPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeRemoteShutdownPrivilege",
"Attributes": "None"
},
{
"Name": "SeUndockPrivilege",
"Attributes": "None"
},
{
"Name": "SeManageVolumePrivilege",
"Attributes": "None"
},
{
"Name": "SeImpersonatePrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeCreateGlobalPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeIncreaseWorkingSetPrivilege",
"Attributes": "None"
},
{
"Name": "SeTimeZonePrivilege",
"Attributes": "None"
},
{
"Name": "SeCreateSymbolicLinkPrivilege",
"Attributes": "None"
},
{
"Name": "SeDelegateSessionUserImpersonatePrivilege",
"Attributes": "None"
}
],
"IsAdministrator": true
},
{
"Name": "SYSTEM",
"Domain": "NT AUTHORITY",
"SID": "S-1-5-18",
"Groups": [
"BUILTIN\\Administrators",
"Everyone",
"NT AUTHORITY\\Authenticated Users"
],
"Scope": "Local",
"Type": "TokenPrimary",
"Privileges": [
{
"Name": "SeAssignPrimaryTokenPrivilege",
"Attributes": "None"
},
{
"Name": "SeLockMemoryPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeIncreaseQuotaPrivilege",
"Attributes": "None"
},
{
"Name": "SeTcbPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeSecurityPrivilege",
"Attributes": "None"
},
{
"Name": "SeTakeOwnershipPrivilege",
"Attributes": "None"
},
{
"Name": "SeLoadDriverPrivilege",
"Attributes": "None"
},
{
"Name": "SeSystemProfilePrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeSystemtimePrivilege",
"Attributes": "None"
},
{
"Name": "SeProfileSingleProcessPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeIncreaseBasePriorityPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeCreatePagefilePrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeCreatePermanentPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeBackupPrivilege",
"Attributes": "None"
},
{
"Name": "SeRestorePrivilege",
"Attributes": "None"
},
{
"Name": "SeShutdownPrivilege",
"Attributes": "None"
},
{
"Name": "SeDebugPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeAuditPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeSystemEnvironmentPrivilege",
"Attributes": "None"
},
{
"Name": "SeChangeNotifyPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeUndockPrivilege",
"Attributes": "None"
},
{
"Name": "SeManageVolumePrivilege",
"Attributes": "None"
},
{
"Name": "SeImpersonatePrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeCreateGlobalPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeIncreaseWorkingSetPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeTimeZonePrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeCreateSymbolicLinkPrivilege",
"Attributes": "UsedForAccess"
},
{
"Name": "SeDelegateSessionUserImpersonatePrivilege",
"Attributes": "UsedForAccess"
}
],
"IsAdministrator": true
}
]