API tools faq
paste
Advertisement
aveyo

Take_Ownership_Advanced_Context_Menu.reg

aveyo
Jul 4th, 2018
2,136
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
REG 35.39 KB | None | 0 0
raw download clone embed print report
  1. Windows Registry Editor Version 5.00
  2.  
  3. ; Take_Ownership_Advanced_Context_Menu.reg by AveYo v2018-07-19                                   gist mirror: https://git.io/fNNUM
  4. ; =================================================================================================================================
  5. ; GAIN ACCESS: Inherit from parent: YES, Owner = current user, Owner Rights = Modify
  6. ; GAIN EXCLUSIVE ACCESS: Inherit from parent: NO, Owner = current user, Owner Rights = FullControl
  7. ; USERS GAIN EXCLUSIVE ACCESS FOR NEW FILES: Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl
  8. ; CLEAR GAINED ACCESS: Inherit from parent: YES, Owner = Inherited or Administrators, Authenticated Users = Inherited or Modify
  9. ; =================================================================================================================================
  10. ; Single context menu entry added for files, folders (except C:\Windows etc.) and drives (except C:) with the 4 choices above
  11. ; Properly gain access for limited accounts. SYSTEM and TrustedInstaller safeguard. Restore Inheritance recursively if possible.
  12. ; ~25% faster than conventional takeown + icacls (mechanical drive, folder with 4000 subfolders, 36000 files, 8GiB as test)
  13.  
  14. [-HKEY_CLASSES_ROOT\*\shell\runas]
  15. [-HKEY_CLASSES_ROOT\Directory\shell\runas]
  16. [-HKEY_CLASSES_ROOT\*\shell\322takeown]
  17. [-HKEY_CLASSES_ROOT\Directory\shell\322takeown]
  18. [-HKEY_CLASSES_ROOT\Drive\shell\322takeown]
  19. [-HKEY_CLASSES_ROOT\*\shell\322clearown]
  20. [-HKEY_CLASSES_ROOT\Directory\shell\322clearown]
  21. [-HKEY_CLASSES_ROOT\Drive\shell\322clearown]
  22. [-HKEY_CLASSES_ROOT\*\shell\322freeown]
  23. [-HKEY_CLASSES_ROOT\Directory\shell\322freeown]
  24. [-HKEY_CLASSES_ROOT\Drive\shell\322freeown]
  25. ; Cleanup older versions and concurrent scripts
  26.  
  27. [-HKEY_CLASSES_ROOT\*\shell\TakeOwnership]
  28. [-HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership]
  29. [-HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership]
  30. ; To remove context-menu entries, copy paste into a new .reg everything above
  31.  
  32. ; Main context-menu entries and idiotproof filters
  33. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership]
  34. "MuiVerb"="Take Ownership"
  35. "SubCommands"=""
  36. "HasLUAShield"=""
  37. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership]
  38. "MuiVerb"="Take Ownership"
  39. "SubCommands"=""
  40. "HasLUAShield"=""
  41. "AppliesTo"="NOT (System.ItemPathDisplay:=\"C:\\Users\" OR System.ItemPathDisplay:=\"C:\\ProgramData\" OR System.ItemPathDisplay:=\"C:\\Program Files\" OR System.ItemPathDisplay:=\"C:\\Program Files (x86)\" OR System.ItemPathDisplay:=\"C:\\Windows\")"
  42. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership]
  43. "MuiVerb"="Take Ownership"
  44. "SubCommands"=""
  45. "HasLUAShield"=""
  46. "AppliesTo"="NOT (System.ItemPathDisplay:=\"C:\\\")"
  47.  
  48. ;==================================================================================================================================
  49. ; GAIN RIGHTS: Inherit from parent: YES, Owner = current user, Owner Rights = Modify
  50. ;==================================================================================================================================
  51. ; All file types
  52. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\01addme]
  53. "MuiVerb"="Gain access"
  54. "HasLUAShield"=""
  55. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\01addme\command]
  56. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  57. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  58. ; Folders
  59. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\01addme]
  60. "MuiVerb"="Gain access"
  61. "HasLUAShield"=""
  62. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\01addme\command]
  63. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''ContainerInherit,ObjectInherit'',''None'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs \""
  64. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''ContainerInherit,ObjectInherit'',''None'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs \""
  65. ; Partitions
  66. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\01addme]
  67. "MuiVerb"="Gain access"
  68. "HasLUAShield"=""
  69. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\01addme\command]
  70. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadAndExecute, CreateFiles, CreateDirectories'', ''FullControl'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  71. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadAndExecute, CreateFiles, CreateDirectories'', ''FullControl'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  72.  
  73. ;==================================================================================================================================
  74. ; GAIN EXCLUSIVE RIGHTS: Inherit from parent: NO, Owner = current user, Owner Rights = FullControl
  75. ;==================================================================================================================================
  76. ; All file types
  77. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\02justme]
  78. "MuiVerb"="Gain exclusive access"
  79. "HasLUAShield"=""
  80. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\02justme\command]
  81. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  82. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  83. ; Folders
  84. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\02justme]
  85. "MuiVerb"="Gain exclusive access"
  86. "HasLUAShield"=""
  87. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\02justme\command]
  88. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  89. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  90. ; Partitions
  91. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\02justme]
  92. "MuiVerb"="Gain exclusive access"
  93. "HasLUAShield"=""
  94. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\02justme\command]
  95. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  96. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  97.  
  98. ;==================================================================================================================================
  99. ; USERS GAIN EXCLUSIVE RIGHTS FOR NEW FILES: Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl
  100. ;==================================================================================================================================
  101. ; All file types
  102. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\03users]
  103. "MuiVerb"="Users gain exclusive access for new files"
  104. "HasLUAShield"=""
  105. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\03users\command]
  106. @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  107. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  108. ; Folders
  109. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\03users]
  110. "MuiVerb"="Users gain exclusive access for new files"
  111. "HasLUAShield"=""
  112. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\03users\command]
  113. @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  114. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  115. ; Partitions
  116. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\03users]
  117. "MuiVerb"="Users gain exclusive access for new files"
  118. "HasLUAShield"=""
  119. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\03users\command]
  120. @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  121. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  122.  
  123. ;==================================================================================================================================
  124. ; CLEAR GAINED RIGHTS: Inherit from parent: YES, Owner = Default / Administrators, Authenticated Users = Default / Modify
  125. ;==================================================================================================================================
  126. ; All file types
  127. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\04clear]
  128. "MuiVerb"="Clear gained access"
  129. "HasLUAShield"=""
  130. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\04clear\command]
  131. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  132. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  133. ; Folders
  134. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\04clear]
  135. "MuiVerb"="Clear gained access"
  136. "HasLUAShield"=""
  137. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\04clear\command]
  138. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  139. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  140. ; Partitions
  141. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\04clear]
  142. "MuiVerb"="Clear gained access"
  143. "HasLUAShield"=""
  144. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\04clear\command]
  145. @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Clear Ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-5-11'', ''S-1-5-18'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0; $r=0,0,0,0; For($i=0;$i -le 3;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[2]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  146. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Clear Ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-5-11'', ''S-1-5-18'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0; $r=0,0,0,0; For($i=0;$i -le 3;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[2]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  147. ;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!