$strComputer = "."
$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\CIMV2\TerminalServices")
$colItems = $objWMIService.ExecQuery("Select * from Win32_TSAccount where SID='S-1-5-32-555' and TerminalName='RDP-Tcp'",,48)
@SERROR ?
For Each $objItem in $colItems
"AccountName: " + $objItem.AccountName ?
"AuditFail: " + $objItem.AuditFail ?
"AuditSuccess: " + $objItem.AuditSuccess ?
"Caption: " + $objItem.Caption ?
"Description: " + $objItem.Description ?
"InstallDate: " + $objItem.InstallDate ?
"Name: " + $objItem.Name ?
"PermissionsAllowed: " + $objItem.PermissionsAllowed+" (&"+DecToHex($objItem.PermissionsAllowed)+")" ?
If ($objItem.PermissionsAllowed & 1) = 1
"-WINSTATION_QUERY" ?
EndIf
If ($objItem.PermissionsAllowed & 2) = 2
"-WINSTATION_SET" ?
EndIf
If ($objItem.PermissionsAllowed & 4) = 4
"-WINSTATION_LOGOFF" ?
EndIf
If ($objItem.PermissionsAllowed & 16) = 16
"-WINSTATION_SHADOW" ?
EndIf
If ($objItem.PermissionsAllowed & 32) = 32
"-WINSTATION_LOGON" ?
EndIf
If ($objItem.PermissionsAllowed & 64) = 64
"-WINSTATION_RESET" ?
EndIf
If ($objItem.PermissionsAllowed & 128) = 128
"-WINSTATION_MSG" + ?
EndIf
If ($objItem.PermissionsAllowed & 256) = 256
"-WINSTATION_CONNECT" ?
EndIf
If ($objItem.PermissionsAllowed & 512) = 512
"-WINSTATION_DISCONNECT " ?
EndIf
If ($objItem.PermissionsAllowed & 983048) = 983048
"-WINSTATION_VIRTUAL" ?
EndIf
"PermissionsDenied: " + $objItem.PermissionsDenied ?
"SID: " + $objItem.SID ?
"Status: " + $objItem.Status ?
"TerminalName: " + $objItem.TerminalName ?
;"Adding Shadow Permission" ?
;$objItem.ModifyPermissions(4,1)
;? @SERROR
?
Next