From 55faa8ca698048111d3ac9450c9d8666159ea4e7 Mon Sep 17 00:00:00 2001
From: Bill Long <bilong@microsoft.com>
Date: Fri, 6 Aug 2021 08:12:33 -0700
Subject: [PATCH] Remove Schema Admin check

---
 Security/src/Test-CVE-2021-34470.ps1 | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/Security/src/Test-CVE-2021-34470.ps1 b/Security/src/Test-CVE-2021-34470.ps1
index 5e8f778566..e6859d63f6 100644
--- a/Security/src/Test-CVE-2021-34470.ps1
+++ b/Security/src/Test-CVE-2021-34470.ps1
@@ -65,20 +65,18 @@ if ($ApplyFix) {
         $storageGroupSchemaEntry.Properties["possSuperiors"] | Out-File $OutputFile -Append
     }
 
-    $isSchemaAdmin = $null -ne (whoami /groups | Select-String "\\Schema Admins\s+")
-    if (-not $isSchemaAdmin) {
-        Write-Warning "This user is not in Schema Admins. Cannot apply fix."
-        return
-    }
-
-    Write-Host "Attempting to apply fix..."
+    try {
+        Write-Host "Attempting to apply fix..."
 
-    $rootDSE = [ADSI]("LDAP://$($schemaMaster)/RootDSE")
-    [void]$rootDSE.Properties["schemaUpgradeInProgress"].Add(1)
-    $rootDSE.CommitChanges()
+        $rootDSE = [ADSI]("LDAP://$($schemaMaster)/RootDSE")
+        [void]$rootDSE.Properties["schemaUpgradeInProgress"].Add(1)
+        $rootDSE.CommitChanges()
 
-    $storageGroupSchemaEntry.Properties["possSuperiors"].Clear()
-    $storageGroupSchemaEntry.CommitChanges()
+        $storageGroupSchemaEntry.Properties["possSuperiors"].Clear()
+        $storageGroupSchemaEntry.CommitChanges()
 
-    Write-Host "Fix was applied successfully."
+        Write-Host "Fix was applied successfully."
+    } catch {
+        Write-Warning "Failed to apply fix. Please ensure you have Schema Admin rights. Error was: `n$_"
+    }
 }