Merge pull request #680 from microsoft/bilong-cve

Remove Schema Admin check
microsoft · Aug 6, 2021 · 57d7dd9 · 57d7dd9
2 parents 58c2913 + 55faa8c
commit 57d7dd9
Showing 1 changed file with 11 additions and 13 deletions.
diff --git a/Security/src/Test-CVE-2021-34470.ps1 b/Security/src/Test-CVE-2021-34470.ps1
@@ -65,20 +65,18 @@ if ($ApplyFix) {
         $storageGroupSchemaEntry.Properties["possSuperiors"] | Out-File $OutputFile -Append
     }
 
-    $isSchemaAdmin = $null -ne (whoami /groups | Select-String "\\Schema Admins\s+")
-    if (-not $isSchemaAdmin) {
-        Write-Warning "This user is not in Schema Admins. Cannot apply fix."
-        return
-    }
-
-    Write-Host "Attempting to apply fix..."
+    try {
+        Write-Host "Attempting to apply fix..."
 
-    $rootDSE = [ADSI]("LDAP://$($schemaMaster)/RootDSE")
-    [void]$rootDSE.Properties["schemaUpgradeInProgress"].Add(1)
-    $rootDSE.CommitChanges()
+        $rootDSE = [ADSI]("LDAP://$($schemaMaster)/RootDSE")
+        [void]$rootDSE.Properties["schemaUpgradeInProgress"].Add(1)
+        $rootDSE.CommitChanges()
 
-    $storageGroupSchemaEntry.Properties["possSuperiors"].Clear()
-    $storageGroupSchemaEntry.CommitChanges()
+        $storageGroupSchemaEntry.Properties["possSuperiors"].Clear()
+        $storageGroupSchemaEntry.CommitChanges()
 
-    Write-Host "Fix was applied successfully."
+        Write-Host "Fix was applied successfully."
+    } catch {
+        Write-Warning "Failed to apply fix. Please ensure you have Schema Admin rights. Error was: `n$_"
+    }
 }