ken1471 Posted January 24, 2012 Posted January 24, 2012 Is there any way to "Pre-set" permissions in windows 7 through the setup? I want to setup windows and have FULL access to ALL my files and folders at First logon and after! There must be a batch or someway to change (or shut off) permissions permenantly without haveing to do it after windows is installed.I want to customize my setup to do it for me.
Moonchilde Posted January 27, 2012 Posted January 27, 2012 Hi Ken. I'm currently looking for a way to do this myself, for no particular reason other than I just want to see if it can be done. Anyway, I've had no luck as I extracted a wim to an exfat partition which does not have file permissions built into the file system, and then captured the directory into a new wim. Sadly, no luck during the install as it simply errors out. An entity called TrustedInstaller takes ownership of all the OS files, and it's possible there is a check during install or even possibly the files get marked with TrustedInstaller as it installs rather than any type of root admin. Really, it's for our security, but still I'm interested in this topic. If you find anything out let me know, there is also the possibility I messed up during my wim management and iso build that something wasn't correct.
jaclaz Posted January 28, 2012 Posted January 28, 2012 An entity called TrustedInstaller takes ownership of all the OS files, Sure:http://en.wikipedia.org/wiki/Windows_Resource_Protectionhttp://msdn.microsoft.com/en-us/library/Aa382530(no actual "answer" in post 12, BTW, just hints)Of course you can disable TrustedInstaller, but all in all it all bils down to ACL's.Strangely enough actual good info comes directly from MS:http://technet.microsoft.com/en-us/magazine/2007.06.acl.aspxHow to set ACL's during install (or immediately after) is to be found, as well as the detailed procedure.These may be of use:http://www.robvanderwoude.com/allhelpw7rc_en.php#ICACLShttp://lallousx86.wordpress.com/2009/06/14/resetting-ntfs-files-security-and-permission-in-windows-7/http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/1c922194-dd30-4674-afb1-ca72672a6172jaclaz
czyt Posted February 1, 2012 Posted February 1, 2012 You can try this: mount the install.wimcd mouteddir\system32\configfind the system hiv and loaded it in the regeditchange the value cmdline under setup to your own toolshere is some of my autoit scripts#ce _______________脚本开始_________________;~ 工具说明;~ 本工具可以使安装版本的windowsNT6系统拥有类似于封装版本的windows7的效果,具体的操作办法如下:;~ 使用wim处理工具挂载install.wim文件,然后找到system32\config目录下名的system注册表配置单元文件;~ 加载该注册表单元,修改键值setup下的cmdline键值为为本工具的路径,我的操作是把它放在oobe目录,然后;~ 修改cmdline的值为"oobe\UdDeploy.exe",当然你写个批处理接管也是OK的;~ (封装后的系统应该是HKEY_LOCAL_MACHINE\SYSTEM\SETUP下的cmdline键值)#include <ButtonConstants.au3>#include <GUIConstantsEx.au3>#include <WindowsConstants.au3>;获取系统安装所在盘符,因为有的系统不一定安装在C盘,通常情况下$sysdrive是C:Global $sysdrive = EnvGet("systemdrive")Opt("GUIOnEventMode", 1)$Form1 = GUICreate("Form1", @DesktopWidth, @DesktopHeight, 0, 0,$WS_POPUP)$Pic1 = GUICtrlCreatePic(@ScriptDir&"\bg.jpg", 0, 0, @DesktopWidth, @DesktopHeight)$status = GUICtrlCreateLabel("windows7系统安装部署程序", 0, @DesktopHeight/6*5, @DesktopWidth, 25);下面这行,定义了提示信息的字体,一般的系统自带的字体都不好看GUICtrlSetFont(-1, 16, 400, 0, "浪漫雅圆");设置提示信息的字体颜色GUICtrlSetColor(-1, 0xFFFFFF);设置提示信息的背景颜色GUICtrlSetBkColor(-1, 0x808000)GUISetState(@SW_SHOW)deploy()While 1 Sleep(100)WEndFunc quit() ExitEndFuncFunc deploy();================系统安装前的任务====================== ; 这里一般是进行预解压、驱动预安装操作(可以使用极限压缩工具把系统文件压缩,在此时解压,没试,哈哈);如果要在此步骤进行更换背景图片,请使用GUICtrlSetImage函数,下面的类似。 GUICtrlSetData($status,"正在预安装驱动程序-----") ;RunWait($sysdrive&"\deploytools\driver.exe");================系统安装的任务========================;此步骤的任务不要更改,呵呵,这个是系统安装 GUICtrlSetData($status,"开始安装windows7系统-----") ;RunWait($sysdrive&"\windows\system32\Oobe\Windeploy.exe");执行上面操作以后,界面会跳到正常重启后的画面-;================系统安装后的任务========================;系统安装完成以后的任务调度,一般是快速执行的东西。清理垃圾文件等等,界面此时未显示 _SelfDelete(3)EndFunc;完成后清理系统垃圾自删除处理Func _SelfDelete($iDelay = 0) Local $sCmdFile FileDelete(@ScriptDir&"\bg.jpg") DirRemove($sysdrive&"\deploytools",1);在启动文件夹生成批处理。进入桌面时,再次执行以确认程序已经被删除。 FileDelete(@StartupDir & "\cleanup.bat") $sCmdFile = 'ping -n ' & $iDelay & '127.0.0.1 > nul' & @CRLF _ & ':loop' & @CRLF _ & 'del "' & @ScriptFullPath & '" > nul' & @CRLF _ & 'if exist "' & @ScriptFullPath & '" goto loop' & @CRLF _ & 'del/s/f/q %0' FileWrite(@StartupDir & "\cleanup.bat", $sCmdFile) Shutdown(6,"重启计算机");退出代码,执行一次 exit (run(@ComSpec & ' /c del/f/q "' & @ScriptFullPath & '"||del/f/q "' & @ScriptFullPath & '"||del/f/q "' & @ScriptFullPath & '"', @ScriptDir, @SW_HIDE)) EndFunc
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now