Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Remove permissions prior to windows setup


Recommended Posts

Is there any way to "Pre-set" permissions in windows 7 through the setup? I want to setup windows and have FULL access to ALL my files and folders at First logon and after! There must be a batch or someway to change (or shut off) permissions permenantly without haveing to do it after windows is installed.

I want to customize my setup to do it for me.

Link to comment
Share on other sites

Hi Ken. I'm currently looking for a way to do this myself, for no particular reason other than I just want to see if it can be done. Anyway, I've had no luck as I extracted a wim to an exfat partition which does not have file permissions built into the file system, and then captured the directory into a new wim. Sadly, no luck during the install as it simply errors out. An entity called TrustedInstaller takes ownership of all the OS files, and it's possible there is a check during install or even possibly the files get marked with TrustedInstaller as it installs rather than any type of root admin. Really, it's for our security, but still I'm interested in this topic. If you find anything out let me know, there is also the possibility I messed up during my wim management and iso build that something wasn't correct.

Link to comment
Share on other sites

An entity called TrustedInstaller takes ownership of all the OS files,




(no actual "answer" in post 12, BTW, just hints)

Of course you can disable TrustedInstaller, but all in all it all bils down to ACL's.

Strangely enough actual good info comes directly from MS:


How to set ACL's during install (or immediately after) is to be found, as well as the detailed procedure.

These may be of use:





Link to comment
Share on other sites

You can try this:

mount the install.wim

cd mouteddir\system32\config

find the system hiv and loaded it in the regedit

change the value cmdline under setup to your own tools

here is some of my autoit scripts

#ce _______________脚本开始_________________
;~ 工具说明
;~ 本工具可以使安装版本的windowsNT6系统拥有类似于封装版本的windows7的效果,具体的操作办法如下:
;~ 使用wim处理工具挂载install.wim文件,然后找到system32\config目录下名的system注册表配置单元文件
;~ 加载该注册表单元,修改键值setup下的cmdline键值为为本工具的路径,我的操作是把它放在oobe目录,然后
;~ 修改cmdline的值为"oobe\UdDeploy.exe",当然你写个批处理接管也是OK的
;~ (封装后的系统应该是HKEY_LOCAL_MACHINE\SYSTEM\SETUP下的cmdline键值)

#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
Global $sysdrive = EnvGet("systemdrive")
Opt("GUIOnEventMode", 1)
$Form1 = GUICreate("Form1", @DesktopWidth, @DesktopHeight, 0, 0,$WS_POPUP)
$Pic1 = GUICtrlCreatePic(@ScriptDir&"\bg.jpg", 0, 0, @DesktopWidth, @DesktopHeight)
$status = GUICtrlCreateLabel("windows7系统安装部署程序", 0, @DesktopHeight/6*5, @DesktopWidth, 25)
GUICtrlSetFont(-1, 16, 400, 0, "浪漫雅圆")
GUICtrlSetColor(-1, 0xFFFFFF)
GUICtrlSetBkColor(-1, 0x808000)
While 1
Func quit()
Func deploy()
; 这里一般是进行预解压、驱动预安装操作(可以使用极限压缩工具把系统文件压缩,在此时解压,没试,哈哈)
Func _SelfDelete($iDelay = 0)
Local $sCmdFile
FileDelete(@StartupDir & "\cleanup.bat")
$sCmdFile = 'ping -n ' & $iDelay & ' > nul' & @CRLF _
& ':loop' & @CRLF _
& 'del "' & @ScriptFullPath & '" > nul' & @CRLF _
& 'if exist "' & @ScriptFullPath & '" goto loop' & @CRLF _
& 'del/s/f/q %0'
FileWrite(@StartupDir & "\cleanup.bat", $sCmdFile)
exit (run(@ComSpec & ' /c del/f/q "' & @ScriptFullPath & '"||del/f/q "' & @ScriptFullPath & '"||del/f/q "' & @ScriptFullPath & '"', @ScriptDir, @SW_HIDE))

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...