[SOLVED] Delete Security Support Package

Delete Security Support Package

so im working on a powershell script to manage security Support Providers for specialized controls. currently i have the script working to ADD a SSP, but when i try and change the script to DELETE a ssp, it breaks.

Here is the code:

$DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False)

$TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class')
$PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('DeleteSecurityPackage',
    'secur32.dll',
    'Public, Static',
    [Reflection.CallingConventions]::Standard,
    [Int32],
    [Type[]] @([String]),
    [Runtime.InteropServices.CallingConvention]::Winapi,
    [Runtime.InteropServices.CharSet]::Auto)

$Secur32 = $TypeBuilder.CreateType()
$RuntimeSuccess = $True
$Result = $Secur32::DeleteSecurityPackage($DllName)

Every time i run this i get: Exception calling "DeleteSecurityPackage" with "1" argument(s): "The function requested is not supported

however this piece of code to ADD the ssp works fine:

$DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False)

$TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class')
$PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('AddSecurityPackage',
    'secur32.dll',
    'Public, Static',
    [Reflection.CallingConventions]::Standard,
    [Int32],
    [Type[]] @([String], [IntPtr]),
    [Runtime.InteropServices.CallingConvention]::Winapi,
    [Runtime.InteropServices.CharSet]::Auto)

$Secur32 = $TypeBuilder.CreateType()

if ([IntPtr]::Size -eq 4) {
    $StructSize = 20
} else {
    $StructSize = 24
}

$StructPtr = [Runtime.InteropServices.Marshal]::AllocHGlobal($StructSize)
[Runtime.InteropServices.Marshal]::WriteInt32($StructPtr, $StructSize)

$RuntimeSuccess = $True
$Result = $Secur32::AddSecurityPackage($DllName, $StructPtr)

by rights it should be easier to delete since i dont need t worry about the struct, however it is not happy.

any help would be appreciated

Solution

It seems like this was not fully implemented/supported by Microsoft. This article seems to support that: http://cybernigma.blogspot.com/2014/03/using-sspap-lsass-proxy-to-mitigate.html The relevant information is about 3/4 of the way down.