Analyze what rights are required for application

1. Procmon.
2. Secpol.msc.
3. Standard User Analyzer: https://docs.microsoft.com/en-us/windows/win32/win7appqual/standard-user-analyzer--sua--tool-and-standard-user-analyzer-wizard--sua-wizard-
4. LUA Buglight (choco install luabuglight)

Main difference between normal user and admin are:
access to registry (procmon)
access to file system (procmon)
privileges (tokenmon for WinXP and Win2003)

Manual way of finding priviliges, in Secpol.msc add to everyline where Administrators are alrady there, add a test user:

Who is consuming your battery

Check current timer interval:


PS C:\tools> .\Clockres.exe

ClockRes v2.0 - View the system clock resolution
Copyright (C) 2009 Mark Russinovich
SysInternals - www.sysinternals.com

Maximum timer interval: 15.625 ms
Minimum timer interval: 0.500 ms
Current timer interval: 0.997 ms

Who is set this value:

start-process "powercfg" -ArgumentList "/energy /duration 5 /output c:\en.html" -Verb runas

Platform Timer Resolution:Outstanding Timer Request

A program or service has requested a timer resolution smaller than the platform maximum timer resolution.

Requested Period	10000
Requesting Process ID	13356
Requesting Process Path	\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe

basic DSC config

1. Prepare config for your machine:

1. Who is logged on

#requires -version 4.0

#use ConfigurationData

Configuration MyConfig3 {

    Param()

    Import-DscResource -module xSMBShare

    Import-DscResource -ModuleName ComputerManagementDsc

    Node $allNodes.nodename {

    #region Folders

    

    File Company {

        Ensure = "Present"

        DestinationPath = "c:\Company"

        Type = "Directory"

    }

    TimeZone Company {

        TimeZone = "Central Europe Standard Time"

        IsSingleInstance = "Yes"

    }

    

    xSMBShare Company {

        DependsOn = "[File]Company"

        Name = "Company$"

        Path = "C:\Company"

        Ensure = "Present"

        FolderEnumerationMode = "AccessBased"

    }

    #endregion

    } #close configuration

}

2. Load configuration to memory

. .\Config-MyConfig3.ps1

Get-Command -CommandType Configuration

myconfig3 -ConfigurationData .\myconfig2data.psd1 -OutputPath C:\DSC\MyConfig2

#one MOF per server

psedit c:\dsc\myconfig2\WIN-3UTHK7V1J58.mof

3.Deploy and verify

$paramHash = @{

    ComputerName = "WIN-3UTHK7V1J58"

    Path         = "C:\dsc\MyConfig2"

    Wait         = $True

    verbose      = $True

}

   

Start-DscConfiguration @paramHash

   

$paramHash = @{

    Path         = "C:\dsc\MyConfig2"

    ComputerName = "chi-core01"

    OutVariable  = "j"

}

   

Start-DscConfiguration @paramHash

   

#receive-job results when it completes

wait-job $j

   

#receive-job XX -verbose -keep

$j | receive-job -keep -verbose

   

#view result

Get-DscConfiguration -CimSession chi-fp02

   

4.