Eva
10/29/2019, 8:19 AMException when calling "RemoveAccessRule" with arguments "1": "Some or all identity references could not be converted."
$acl = Get-Acl $target
# First, to ensure success, we remove the entirety of the ACL
$acl.SetAccessRuleProtection($true, $false)
foreach ($access in $acl.Access) {
$acl.RemoveAccessRule($access)
}
I think it's due to osquery_utils try to remove permission to ALL APPLICATION PACKAGES and it fails.
Also, I think the permissions are correct.
I have disabled the inheritance and the only ones have permissions are SYSTEM, Administrators and ALL APPLICATION PACKAGES.osqueryd has unsafe permissions: C:\Program Files\osquery\osqueryd\osqueryd.exe
I already wrote about it: https://osquery.slack.com/archives/C08V7KTJB/p1571911570146100
Could you help me?blaedj
10/29/2019, 1:07 PMEva
10/29/2019, 1:10 PM