Jump to content

Remove permissions prior to windows setup


Recommended Posts

Is there any way to "Pre-set" permissions in windows 7 through the setup? I want to setup windows and have FULL access to ALL my files and folders at First logon and after! There must be a batch or someway to change (or shut off) permissions permenantly without haveing to do it after windows is installed.

I want to customize my setup to do it for me.

Link to comment
Share on other sites


Hi Ken. I'm currently looking for a way to do this myself, for no particular reason other than I just want to see if it can be done. Anyway, I've had no luck as I extracted a wim to an exfat partition which does not have file permissions built into the file system, and then captured the directory into a new wim. Sadly, no luck during the install as it simply errors out. An entity called TrustedInstaller takes ownership of all the OS files, and it's possible there is a check during install or even possibly the files get marked with TrustedInstaller as it installs rather than any type of root admin. Really, it's for our security, but still I'm interested in this topic. If you find anything out let me know, there is also the possibility I messed up during my wim management and iso build that something wasn't correct.

Link to comment
Share on other sites

An entity called TrustedInstaller takes ownership of all the OS files,

Sure:

http://en.wikipedia.org/wiki/Windows_Resource_Protection

http://msdn.microsoft.com/en-us/library/Aa382530

(no actual "answer" in post 12, BTW, just hints)

Of course you can disable TrustedInstaller, but all in all it all bils down to ACL's.

Strangely enough actual good info comes directly from MS:

http://technet.microsoft.com/en-us/magazine/2007.06.acl.aspx

How to set ACL's during install (or immediately after) is to be found, as well as the detailed procedure.

These may be of use:

http://www.robvanderwoude.com/allhelpw7rc_en.php#ICACLS

http://lallousx86.wordpress.com/2009/06/14/resetting-ntfs-files-security-and-permission-in-windows-7/

http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/1c922194-dd30-4674-afb1-ca72672a6172

jaclaz

Link to comment
Share on other sites

You can try this:

mount the install.wim

cd mouteddir\system32\config

find the system hiv and loaded it in the regedit

change the value cmdline under setup to your own tools

here is some of my autoit scripts

#ce _______________脚本开始_________________
;~ 工具说明
;~ 本工具可以使安装版本的windowsNT6系统拥有类似于封装版本的windows7的效果,具体的操作办法如下:
;~ 使用wim处理工具挂载install.wim文件,然后找到system32\config目录下名的system注册表配置单元文件
;~ 加载该注册表单元,修改键值setup下的cmdline键值为为本工具的路径,我的操作是把它放在oobe目录,然后
;~ 修改cmdline的值为"oobe\UdDeploy.exe",当然你写个批处理接管也是OK的
;~ (封装后的系统应该是HKEY_LOCAL_MACHINE\SYSTEM\SETUP下的cmdline键值)

#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
;获取系统安装所在盘符,因为有的系统不一定安装在C盘,通常情况下$sysdrive是C:
Global $sysdrive = EnvGet("systemdrive")
Opt("GUIOnEventMode", 1)
$Form1 = GUICreate("Form1", @DesktopWidth, @DesktopHeight, 0, 0,$WS_POPUP)
$Pic1 = GUICtrlCreatePic(@ScriptDir&"\bg.jpg", 0, 0, @DesktopWidth, @DesktopHeight)
$status = GUICtrlCreateLabel("windows7系统安装部署程序", 0, @DesktopHeight/6*5, @DesktopWidth, 25)
;下面这行,定义了提示信息的字体,一般的系统自带的字体都不好看
GUICtrlSetFont(-1, 16, 400, 0, "浪漫雅圆")
;设置提示信息的字体颜色
GUICtrlSetColor(-1, 0xFFFFFF)
;设置提示信息的背景颜色
GUICtrlSetBkColor(-1, 0x808000)
GUISetState(@SW_SHOW)
deploy()
While 1
Sleep(100)
WEnd
Func quit()
Exit
EndFunc
Func deploy()
;================系统安装前的任务======================
; 这里一般是进行预解压、驱动预安装操作(可以使用极限压缩工具把系统文件压缩,在此时解压,没试,哈哈)
;如果要在此步骤进行更换背景图片,请使用GUICtrlSetImage函数,下面的类似。
GUICtrlSetData($status,"正在预安装驱动程序-----")
;RunWait($sysdrive&"\deploytools\driver.exe")
;================系统安装的任务========================
;此步骤的任务不要更改,呵呵,这个是系统安装
GUICtrlSetData($status,"开始安装windows7系统-----")
;RunWait($sysdrive&"\windows\system32\Oobe\Windeploy.exe")
;执行上面操作以后,界面会跳到正常重启后的画面-
;================系统安装后的任务========================
;系统安装完成以后的任务调度,一般是快速执行的东西。清理垃圾文件等等,界面此时未显示
_SelfDelete(3)
EndFunc
;完成后清理系统垃圾自删除处理
Func _SelfDelete($iDelay = 0)
Local $sCmdFile
FileDelete(@ScriptDir&"\bg.jpg")
DirRemove($sysdrive&"\deploytools",1)
;在启动文件夹生成批处理。进入桌面时,再次执行以确认程序已经被删除。
FileDelete(@StartupDir & "\cleanup.bat")
$sCmdFile = 'ping -n ' & $iDelay & '127.0.0.1 > nul' & @CRLF _
& ':loop' & @CRLF _
& 'del "' & @ScriptFullPath & '" > nul' & @CRLF _
& 'if exist "' & @ScriptFullPath & '" goto loop' & @CRLF _
& 'del/s/f/q %0'
FileWrite(@StartupDir & "\cleanup.bat", $sCmdFile)
Shutdown(6,"重启计算机")
;退出代码,执行一次
exit (run(@ComSpec & ' /c del/f/q "' & @ScriptFullPath & '"||del/f/q "' & @ScriptFullPath & '"||del/f/q "' & @ScriptFullPath & '"', @ScriptDir, @SW_HIDE))
EndFunc

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...