R4D3 Posted May 2, 2017 Posted May 2, 2017 (edited) After much of tests i was able to write a Powershell Script, that replace, all inherits of all folders and subfolders (even the one with long names), without taking the Ownership ! Reasons: - Taking the Ownership of a Windows Folder can make much Problems ! (I dont like solutions, that can make more problems than they solve, and i even dont like it, if people say, dont change Permissions of systemfolders blabla - Me, the Owner of my Harddrive, like to have R/W Permissions to all Folders, but some folders get there permission inherit from a Top Folder, and so, i wasnt able to set their permissions... so many commands iacls, dir -ad, some powershell commands and ways, just didn´t do it, but i was able to to it (R4 never gives up...) 1) You need to allow Powershellscripts - in a Powershell console (with Adminrights) run: Set-ExecutionPolicy RemoteSigned (maybe "unrestricted could do the job too, you can set it back to restricted later) 2) Then run the script (with Adminrights too) 3) THis could take a while !!! Some really rare folders (probably Symbolic NTFS Links, Junctions or Similar) give Errormessages, - you can ignore it ! cd "C:\" foreach ($i in Get-ChildItem -Recurse -Force| ?{ $_.PSIsContainer}) { echo $i.FullName $acl=Get-ACL $i.FullName $acl.SetAccessRuleProtection($True, $True) Set-Acl $i.FullName -AclObject $acl } (this little success brings me some steps forward, in getting a clean os, - next step is setting r/w permissions for buildIN Admin, and then check the 1355 dll´s i identified, that can be called by regsvr32) - (maybe i could replace reginherits too...) mfg R4D3 Edit: Uhm, sorry my Script seems to switch all folderinherits like 180 degree (good for folders with inherits, but not for folders without - SetAccessRuleProtection($True, $False) seems to be better, and with giving Adminrights this hopefully does it: Edit: Just moved $acl.SetAccessRuleProtection($True, $True) before the new rule (cause, first the existing inherits must be replaced with local one, before the new-Object Rule, took them off and give Built-In Admin permissions.... cd "C:\" foreach ($i in Get-ChildItem -Recurse -Force| ?{$_.PSIsContainer}){ echo $i.FullName $acl=Get-ACL $i.FullName $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.FileSystemRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $acl.SetAccessRuleProtection($True, $True) $rule=New-Object System.Security.AccessControl.FileSystemAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl.SetAccessRule($rule) Set-Acl $i.FullName -AclObject $acl } Edited May 7, 2017 by R4D3
alacran Posted May 2, 2017 Posted May 2, 2017 Maybe this can be of some help: http://www.sordum.org/9416/powerrun-v1-1-run-with-highest-privileges/ alacran
R4D3 Posted May 2, 2017 Author Posted May 2, 2017 (edited) Edit thx - i willi give it a try Edited May 2, 2017 by R4D3
aviv00 Posted May 3, 2017 Posted May 3, 2017 run as cmd Trustedinstaller or any app that can change ntfs
R4D3 Posted May 6, 2017 Author Posted May 6, 2017 (edited) Just a Notize: - Not sure - did my First Script switch all inherits ??? (remove inherit where one is, and make one where no is) - instead removing all of them ???? (if yes, how to fix that `d*** i hate inherits! - Fixed It - see Edit above) - Now i am trying to remove all inherits from Registry (HKEY_USERS and HKEY_LOCAL_MACHINE) - but hell - i am sitting since days on it, without getting it... - maybe someone can help... Note: The Google Key is just for Testing, - it should run at HKU and HKLM as root normally) - Edit: It works with the "Powerrun" Tool Alacran posted - but only for this key - running for whole HKLM, just crash Powershell.... - and destroy windows foreach ($i in Get-ChildItem Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Google -Recurse -Force -Name) { $name=-join("HKLM:\SOFTWARE\Google","\$i") echo $name $acl=Get-Acl $name $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.RegistryRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $acl.SetAccessRuleProtection($True, $True) $rule=New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl.SetAccessRule($rule) Set-Acl $name $acl } Edited May 7, 2017 by R4D3
alacran Posted May 7, 2017 Posted May 7, 2017 (edited) You may also try ExecTI - Run as TrustedInstaller from Winaero: http://winaero.com/download.php?view.1991 Or NSudo from M2Team: https://github.com/M2Team/NSudo This last one has more options, run as TrustedInstaller, System, Administrator, etc and you can have several at the same time, also I think it runs in PowerShell, sounds like the tool you need. I haven't use it. But I read good comments about it in MDL: https://forums.mydigitallife.info/threads/m2-team-nsudo-new-version-4-0.59268/ alacran Edited May 7, 2017 by alacran
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now