Advertisement
aveyo

Take_Ownership_Advanced_Context_Menu.reg

Jul 4th, 2018
2,204
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
REG 35.39 KB | None | 0 0
  1. Windows Registry Editor Version 5.00
  2.  
  3. ; Take_Ownership_Advanced_Context_Menu.reg by AveYo v2018-07-19                                   gist mirror: https://git.io/fNNUM
  4. ; =================================================================================================================================
  5. ; GAIN ACCESS: Inherit from parent: YES, Owner = current user, Owner Rights = Modify
  6. ; GAIN EXCLUSIVE ACCESS: Inherit from parent: NO, Owner = current user, Owner Rights = FullControl
  7. ; USERS GAIN EXCLUSIVE ACCESS FOR NEW FILES: Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl
  8. ; CLEAR GAINED ACCESS: Inherit from parent: YES, Owner = Inherited or Administrators, Authenticated Users = Inherited or Modify
  9. ; =================================================================================================================================
  10. ; Single context menu entry added for files, folders (except C:\Windows etc.) and drives (except C:) with the 4 choices above
  11. ; Properly gain access for limited accounts. SYSTEM and TrustedInstaller safeguard. Restore Inheritance recursively if possible.
  12. ; ~25% faster than conventional takeown + icacls (mechanical drive, folder with 4000 subfolders, 36000 files, 8GiB as test)
  13.  
  14. [-HKEY_CLASSES_ROOT\*\shell\runas]
  15. [-HKEY_CLASSES_ROOT\Directory\shell\runas]
  16. [-HKEY_CLASSES_ROOT\*\shell\322takeown]
  17. [-HKEY_CLASSES_ROOT\Directory\shell\322takeown]
  18. [-HKEY_CLASSES_ROOT\Drive\shell\322takeown]
  19. [-HKEY_CLASSES_ROOT\*\shell\322clearown]
  20. [-HKEY_CLASSES_ROOT\Directory\shell\322clearown]
  21. [-HKEY_CLASSES_ROOT\Drive\shell\322clearown]
  22. [-HKEY_CLASSES_ROOT\*\shell\322freeown]
  23. [-HKEY_CLASSES_ROOT\Directory\shell\322freeown]
  24. [-HKEY_CLASSES_ROOT\Drive\shell\322freeown]
  25. ; Cleanup older versions and concurrent scripts
  26.  
  27. [-HKEY_CLASSES_ROOT\*\shell\TakeOwnership]
  28. [-HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership]
  29. [-HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership]
  30. ; To remove context-menu entries, copy paste into a new .reg everything above
  31.  
  32. ; Main context-menu entries and idiotproof filters
  33. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership]
  34. "MuiVerb"="Take Ownership"
  35. "SubCommands"=""
  36. "HasLUAShield"=""
  37. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership]
  38. "MuiVerb"="Take Ownership"
  39. "SubCommands"=""
  40. "HasLUAShield"=""
  41. "AppliesTo"="NOT (System.ItemPathDisplay:=\"C:\\Users\" OR System.ItemPathDisplay:=\"C:\\ProgramData\" OR System.ItemPathDisplay:=\"C:\\Program Files\" OR System.ItemPathDisplay:=\"C:\\Program Files (x86)\" OR System.ItemPathDisplay:=\"C:\\Windows\")"
  42. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership]
  43. "MuiVerb"="Take Ownership"
  44. "SubCommands"=""
  45. "HasLUAShield"=""
  46. "AppliesTo"="NOT (System.ItemPathDisplay:=\"C:\\\")"
  47.  
  48. ;==================================================================================================================================
  49. ; GAIN RIGHTS: Inherit from parent: YES, Owner = current user, Owner Rights = Modify
  50. ;==================================================================================================================================
  51. ; All file types
  52. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\01addme]
  53. "MuiVerb"="Gain access"
  54. "HasLUAShield"=""
  55. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\01addme\command]
  56. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  57. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  58. ; Folders
  59. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\01addme]
  60. "MuiVerb"="Gain access"
  61. "HasLUAShield"=""
  62. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\01addme\command]
  63. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''ContainerInherit,ObjectInherit'',''None'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs \""
  64. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''ContainerInherit,ObjectInherit'',''None'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs \""
  65. ; Partitions
  66. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\01addme]
  67. "MuiVerb"="Gain access"
  68. "HasLUAShield"=""
  69. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\01addme\command]
  70. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadAndExecute, CreateFiles, CreateDirectories'', ''FullControl'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  71. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadAndExecute, CreateFiles, CreateDirectories'', ''FullControl'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  72.  
  73. ;==================================================================================================================================
  74. ; GAIN EXCLUSIVE RIGHTS: Inherit from parent: NO, Owner = current user, Owner Rights = FullControl
  75. ;==================================================================================================================================
  76. ; All file types
  77. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\02justme]
  78. "MuiVerb"="Gain exclusive access"
  79. "HasLUAShield"=""
  80. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\02justme\command]
  81. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  82. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  83. ; Folders
  84. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\02justme]
  85. "MuiVerb"="Gain exclusive access"
  86. "HasLUAShield"=""
  87. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\02justme\command]
  88. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  89. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  90. ; Partitions
  91. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\02justme]
  92. "MuiVerb"="Gain exclusive access"
  93. "HasLUAShield"=""
  94. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\02justme\command]
  95. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  96. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  97.  
  98. ;==================================================================================================================================
  99. ; USERS GAIN EXCLUSIVE RIGHTS FOR NEW FILES: Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl
  100. ;==================================================================================================================================
  101. ; All file types
  102. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\03users]
  103. "MuiVerb"="Users gain exclusive access for new files"
  104. "HasLUAShield"=""
  105. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\03users\command]
  106. @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  107. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  108. ; Folders
  109. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\03users]
  110. "MuiVerb"="Users gain exclusive access for new files"
  111. "HasLUAShield"=""
  112. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\03users\command]
  113. @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  114. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  115. ; Partitions
  116. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\03users]
  117. "MuiVerb"="Users gain exclusive access for new files"
  118. "HasLUAShield"=""
  119. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\03users\command]
  120. @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  121. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  122.  
  123. ;==================================================================================================================================
  124. ; CLEAR GAINED RIGHTS: Inherit from parent: YES, Owner = Default / Administrators, Authenticated Users = Default / Modify
  125. ;==================================================================================================================================
  126. ; All file types
  127. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\04clear]
  128. "MuiVerb"="Clear gained access"
  129. "HasLUAShield"=""
  130. [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\04clear\command]
  131. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  132. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  133. ; Folders
  134. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\04clear]
  135. "MuiVerb"="Clear gained access"
  136. "HasLUAShield"=""
  137. [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\04clear\command]
  138. @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  139. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
  140. ; Partitions
  141. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\04clear]
  142. "MuiVerb"="Clear gained access"
  143. "HasLUAShield"=""
  144. [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\04clear\command]
  145. @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Clear Ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-5-11'', ''S-1-5-18'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0; $r=0,0,0,0; For($i=0;$i -le 3;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[2]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  146. "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Clear Ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-5-11'', ''S-1-5-18'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0; $r=0,0,0,0; For($i=0;$i -le 3;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[2]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
  147. ;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement