diff options
Diffstat (limited to '.config/powershell')
| -rw-r--r-- | .config/powershell/ownership.ps1 | 109 |
1 files changed, 0 insertions, 109 deletions
diff --git a/.config/powershell/ownership.ps1 b/.config/powershell/ownership.ps1 deleted file mode 100644 index acd1e70..0000000 --- a/.config/powershell/ownership.ps1 +++ /dev/null @@ -1,109 +0,0 @@ -# ownership.ps1 - -function Takeown-Registry($key) { - # TODO does not work for all root keys yet - switch ($key.split('\')[0]) { - "HKEY_CLASSES_ROOT" { - $reg = [Microsoft.Win32.Registry]::ClassesRoot - $key = $key.substring(18) - } - "HKEY_CURRENT_USER" { - $reg = [Microsoft.Win32.Registry]::CurrentUser - $key = $key.substring(18) - } - "HKEY_LOCAL_MACHINE" { - $reg = [Microsoft.Win32.Registry]::LocalMachine - $key = $key.substring(19) - } - } - - # get administrator group - $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") - $admins = $admins.Translate([System.Security.Principal.NTAccount]) - - # set owner - $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership") - $acl = $key.GetAccessControl() - $acl.SetOwner($admins) - $key.SetAccessControl($acl) - - # set FullControl - $acl = $key.GetAccessControl() - $rule = New-Object System.Security.AccessControl.RegistryAccessRule($admins, "FullControl", "Allow") - $acl.SetAccessRule($rule) - $key.SetAccessControl($acl) -} - -function Takeown-File($path) { - takeown.exe /A /F $path - $acl = Get-Acl $path - - # get administrator group - $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") - $admins = $admins.Translate([System.Security.Principal.NTAccount]) - - # add NT Authority\SYSTEM - $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", "None", "None", "Allow") - $acl.AddAccessRule($rule) - - Set-Acl -Path $path -AclObject $acl -} - -function Takeown-Folder($path) { - Takeown-File $path - foreach ($item in Get-ChildItem $path) { - if (Test-Path $item -PathType Container) { - Takeown-Folder $item.FullName - } - else { - Takeown-File $item.FullName - } - } -} - -function Elevate-Privileges { - param($Privilege) - $Definition = @" - using System; - using System.Runtime.InteropServices; - - public class AdjPriv { - [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] - internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele); - - [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] - internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); - - [DllImport("advapi32.dll", SetLastError = true)] - internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); - - [StructLayout(LayoutKind.Sequential, Pack = 1)] - internal struct TokPriv1Luid { - public int Count; - public long Luid; - public int Attr; - } - - internal const int SE_PRIVILEGE_ENABLED = 0x00000002; - internal const int TOKEN_QUERY = 0x00000008; - internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; - - public static bool EnablePrivilege(long processHandle, string privilege) { - bool retVal; - TokPriv1Luid tp; - IntPtr hproc = new IntPtr(processHandle); - IntPtr htok = IntPtr.Zero; - retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); - tp.Count = 1; - tp.Luid = 0; - tp.Attr = SE_PRIVILEGE_ENABLED; - retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); - retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); - return retVal; - } - } -"@ - $ProcessHandle = (Get-Process -id $pid).Handle - $type = Add-Type $definition -PassThru - $type[0]::EnablePrivilege($processHandle, $Privilege) -} |