Issue: "Error: Failed to substitute token" again

[bhuddah]

Issue Description

gsudo fails in PowerShell (5.1) on Microsoft Windows Server 2016 Datacenter with error message:

Server Error: Setting token failed.
Zugriff verweigert
Error: Failed to substitute token. Connection from server lost.

Steps to Reproduce

1. run gsudo in powershell 5.1 / any other known version

Screenshots

Context:

• Windows version: Microsoft Windows Server 2016 Datacenter
• gsudo version: gsudo v2.0.4 (Branch.tags-v2.0.4.Sha.506efa024af0cef6e4b0cfec42e0c8c5d0b1472c)

[gerardog]

Hi! So "Setting token failed" again. Same as #177

Can you please open Local Security Policy, navigate to Local Policies -> User Right Assignments, then right click on an empty space on the right panel and select Export List. Paste the list contents here please. Below is my machine settings:

Check specially Debug programs and Obtain an impersonation token.

Policy	Security Setting
Access Credential Manager as a trusted caller
Access this computer from the network	Everyone,Administrators,Users,Backup Operators
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process	LOCAL SERVICE,NETWORK SERVICE,Administrators
Allow log on locally	Guest,Administrators,Users,Backup Operators
Allow log on through Remote Desktop Services	Administrators,Remote Desktop Users
Back up files and directories	Administrators,Backup Operators
Bypass traverse checking	Everyone,LOCAL SERVICE,NETWORK SERVICE,Administrators,Users,Backup Operators
Change the system time	LOCAL SERVICE,Administrators
Change the time zone	LOCAL SERVICE,Administrators,Users
Create a pagefile	Administrators
Create a token object
Create global objects	LOCAL SERVICE,NETWORK SERVICE,Administrators,SERVICE
Create permanent shared objects
Create symbolic links	Administrators,NT VIRTUAL MACHINE\Virtual Machines
Debug programs	Administrators
Deny access to this computer from the network	Guest
Deny log on as a batch job
Deny log on as a service
Deny log on locally	Guest
Deny log on through Remote Desktop Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system	Administrators
Generate security audits	LOCAL SERVICE,NETWORK SERVICE
Impersonate a client after authentication	LOCAL SERVICE,NETWORK SERVICE,Administrators,SERVICE
Increase a process working set	Users
Increase scheduling priority	Administrators,Window Manager\Window Manager Group
Load and unload device drivers	Administrators
Lock pages in memory
Log on as a batch job	Administrators,Backup Operators,Performance Log Users
Log on as a service	NT SERVICE\ALL SERVICES,NT VIRTUAL MACHINE\Virtual Machines
Manage auditing and security log	Administrators
Modify an object label
Modify firmware environment values	Administrators
Obtain an impersonation token for another user in the same session	Administrators
Perform volume maintenance tasks	Administrators
Profile single process	Administrators
Profile system performance	Administrators,NT SERVICE\WdiServiceHost
Remove computer from docking station	Administrators,Users

Alternatively, If you don't want to change the sec policy, you can use attached mode by running
gsudo config ForceAttachedConsole true ... but there is a chance some other minor bugs could ocurr, plus the environment variables wont migrate to the elevated instance...