From 7ecd58c012689b8bf857435ce72b2d130276139d Mon Sep 17 00:00:00 2001
From: Noah Chaslin <noah.chaslin@synacktiv.com>
Date: Wed, 12 Nov 2025 16:19:26 +0100
Subject: [PATCH] add support for WriteLogonScript

---
 src/CommonLib/Enums/EdgeNames.cs         |  1 +
 src/CommonLib/Processors/ACEGuids.cs     |  1 +
 src/CommonLib/Processors/ACLProcessor.cs | 11 +++++++++++
 3 files changed, 13 insertions(+)

diff --git a/src/CommonLib/Enums/EdgeNames.cs b/src/CommonLib/Enums/EdgeNames.cs
index 3cd346729..ec45eb95c 100644
--- a/src/CommonLib/Enums/EdgeNames.cs
+++ b/src/CommonLib/Enums/EdgeNames.cs
@@ -18,6 +18,7 @@ public static class EdgeNames
         public const string ReadGMSAPassword = "ReadGMSAPassword";
         public const string AddMember = "AddMember";
         public const string WriteSPN = "WriteSPN";
+        public const string WriteLogonScript = "WriteLogonScript";
         public const string AddKeyCredentialLink = "AddKeyCredentialLink";
         public const string SQLAdmin = "SQLAdmin";
         public const string WriteAccountRestrictions = "WriteAccountRestrictions";
diff --git a/src/CommonLib/Processors/ACEGuids.cs b/src/CommonLib/Processors/ACEGuids.cs
index ebb0e5b11..1179e6d36 100644
--- a/src/CommonLib/Processors/ACEGuids.cs
+++ b/src/CommonLib/Processors/ACEGuids.cs
@@ -10,6 +10,7 @@ public class ACEGuids
         public const string WriteMember = "bf9679c0-0de6-11d0-a285-00aa003049e2";
         public const string WriteAllowedToAct = "3f78c3e5-f79a-46bd-a0b8-9d18116ddc79";
         public const string WriteSPN = "f3a64788-5306-11d1-a9c5-0000f80367c1";
+        public const string WriteLogonScript = "bf9679a8-0de6-11d0-a285-00aa003049e2";
         public const string AddKeyPrincipal = "5b47d60f-6090-40b2-9f37-2a4de88f3063";
         public const string UserAccountRestrictions = "4c164200-20c0-11d0-a768-00aa006e0529";
         public const string WriteGPLink = "f30e3bbe-9ff0-11d1-b603-0000f80367c1";
diff --git a/src/CommonLib/Processors/ACLProcessor.cs b/src/CommonLib/Processors/ACLProcessor.cs
index 383b69aff..7906d43a1 100644
--- a/src/CommonLib/Processors/ACLProcessor.cs
+++ b/src/CommonLib/Processors/ACLProcessor.cs
@@ -756,6 +756,17 @@ or Label.NTAuthStore
                             IsPermissionForOwnerRightsSid = isPermissionForOwnerRightsSid,
                             IsInheritedPermissionForOwnerRightsSid = isInheritedPermissionForOwnerRightsSid,
                         };
+                    else if (objectType == Label.User && aceType == ACEGuids.WriteLogonScript)
+                        yield return new ACE
+                        {
+                            PrincipalType = resolvedPrincipal.ObjectType,
+                            PrincipalSID = resolvedPrincipal.ObjectIdentifier,
+                            IsInherited = inherited,
+                            RightName = EdgeNames.WriteLogonScript,
+                            InheritanceHash = aceInheritanceHash,
+                            IsPermissionForOwnerRightsSid = isPermissionForOwnerRightsSid,
+                            IsInheritedPermissionForOwnerRightsSid = isInheritedPermissionForOwnerRightsSid,
+                        };
                     else if (objectType == Label.Computer && aceType == ACEGuids.WriteAllowedToAct)
                         yield return new ACE {
                             PrincipalType = resolvedPrincipal.ObjectType,