Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 

R4D3

Member
  • Content count

    76
  • Donations

    $0.00 
  • Joined

  • Last visited

Community Reputation

3 Neutral

About R4D3

Profile Information

  • OS
    none specified
  • Country

Recent Profile Visitors

1,241 profile views
  1. update script, and the whole first post...
  2. Hmm, and did you try my batch to fix it ? As i wrote, i made many many tests, with the result that, you only can change the starttype of 21 Services and 1 driver, all other changes breaks the Store, Update, or other functions... - what maybe could helped with that i to remove depending states of the services with sc and the depend flag (i did not try removing all dependencies from all services yet) - please write feedback here if you have success with that...
  3. how to run a batch file as "run as admin"

    You can try, making a shortcut to: C:\Windows\System32\cmd.exe /c "net accounts /maxpwage:unlimited" give it adminrights, and place it in Autorun Folder... %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
  4. Sorry, there is one Error in "my Fix.bat"... - Dnscache must stay at Auto - cause it is needed by WindowsStore... (error 0x80072ee7) for some Apps like ADBlock for Edge
  5. REM Reading Variable Service_nAm3s Registry Permissions FOR /F "delims=\ tokens=5" %%a in (' reg query "HKLM\SYSTEM\CurrentControlSet\Services" /s /f "C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup" ^|find "CDPUserSvc_" ') do set A1=%%a FOR /F "delims=\ tokens=5" %%a in (' reg query "HKLM\SYSTEM\CurrentControlSet\Services" /s /f "C:\WINDOWS\system32\svchost.exe -k DevicesFlow" ^|find "DevicesFlowUserSvc_" ') do set A2=%%a FOR /F "delims=\ tokens=5" %%a in (' reg query "HKLM\SYSTEM\CurrentControlSet\Services" /s /f "C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup" ^|find "MessagingService_" ') do set A3=%%a FOR /F "delims=\ tokens=5" %%a in (' reg query "HKLM\SYSTEM\CurrentControlSet\Services" /s /f "C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup" ^|find "OneSyncSvc_" ') do set A4=%%a FOR /F "delims=\ tokens=5" %%a in (' reg query "HKLM\SYSTEM\CurrentControlSet\Services" /s /f "C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup" ^|find "PimIndexMaintenanceSvc_" ') do set A5=%%a FOR /F "delims=\ tokens=5" %%a in (' reg query "HKLM\SYSTEM\CurrentControlSet\Services" /s /f "C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup" ^|find "UnistoreSvc_" ') do set A6=%%a FOR /F "delims=\ tokens=5" %%a in (' reg query "HKLM\SYSTEM\CurrentControlSet\Services" /s /f "C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup" ^|find "UserDataSvc_" ') do set A7=%%a FOR /F "delims=\ tokens=5" %%a in (' reg query "HKLM\SYSTEM\CurrentControlSet\Services" /s /f "C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup" ^|find "WpnUserService_" ') do set A8=%%a REM II Output the Variable and load Powershellscript to get Full Adminrights Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\%A1% powershell.exe -file "%CD%\PhoenixCall.ps1" Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\%A2% powershell.exe -file "%CD%\PhoenixCall.ps1" Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\%A3% powershell.exe -file "%CD%\PhoenixCall.ps1" Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\%A4% powershell.exe -file "%CD%\PhoenixCall.ps1" Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\%A5% powershell.exe -file "%CD%\PhoenixCall.ps1" Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\%A6% powershell.exe -file "%CD%\PhoenixCall.ps1" Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\%A7% powershell.exe -file "%CD%\PhoenixCall.ps1" Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\%A8% powershell.exe -file "%CD%\PhoenixCall.ps1" REM III Config the Services via REGADD - SC dont work here REG ADD HKLM\SYSTEM\CurrentControlSet\Services\%A1% /v Start /t REG_DWORD /d 2 /f REG ADD HKLM\SYSTEM\CurrentControlSet\Services\%A2% /v Start /t REG_DWORD /d 3 /f REG ADD HKLM\SYSTEM\CurrentControlSet\Services\%A3% /v Start /t REG_DWORD /d 3 /f REG ADD HKLM\SYSTEM\CurrentControlSet\Services\%A4% /v Start /t REG_DWORD /d 2 /f REG ADD HKLM\SYSTEM\CurrentControlSet\Services\%A5% /v Start /t REG_DWORD /d 3 /f REG ADD HKLM\SYSTEM\CurrentControlSet\Services\%A6% /v Start /t REG_DWORD /d 3 /f REG ADD HKLM\SYSTEM\CurrentControlSet\Services\%A7% /v Start /t REG_DWORD /d 3 /f REG ADD HKLM\SYSTEM\CurrentControlSet\Services\%A8% /v Start /t REG_DWORD /d 2 /f 1 Find them 2 Change Reg Permissions via Powershell 3 Change the Starttype $Service=$Env:Dienst $acl=Get-Acl $Service $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.RegistryRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $rule=New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl|Set-Acl
  6. Just a Notize: - Not sure - did my First Script switch all inherits ??? (remove inherit where one is, and make one where no is) - instead removing all of them ???? (if yes, how to fix that `d*** i hate inherits! - Fixed It - see Edit above) - Now i am trying to remove all inherits from Registry (HKEY_USERS and HKEY_LOCAL_MACHINE) - but hell - i am sitting since days on it, without getting it... - maybe someone can help... Note: The Google Key is just for Testing, - it should run at HKU and HKLM as root normally) - Edit: It works with the "Powerrun" Tool Alacran posted - but only for this key - running for whole HKLM, just crash Powershell.... - and destroy windows foreach ($i in Get-ChildItem Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Google -Recurse -Force -Name) { $name=-join("HKLM:\SOFTWARE\Google","\$i") echo $name $acl=Get-Acl $name $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.RegistryRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $acl.SetAccessRuleProtection($True, $True) $rule=New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl.SetAccessRule($rule) Set-Acl $name $acl }
  7. here is what i used in XP (its kind of unfinished and not from me alone) - but it is good enough to extract all resources of a folder, - and change them...
  8. After much of tests i was able to write a Powershell Script, that replace, all inherits of all folders and subfolders (even the one with long names), without taking the Ownership ! Reasons: - Taking the Ownership of a Windows Folder can make much Problems ! (I dont like solutions, that can make more problems than they solve, and i even dont like it, if people say, dont change Permissions of systemfolders blabla - Me, the Owner of my Harddrive, like to have R/W Permissions to all Folders, but some folders get there permission inherit from a Top Folder, and so, i wasnt able to set their permissions... so many commands iacls, dir -ad, some powershell commands and ways, just didn´t do it, but i was able to to it (R4 never gives up...) 1) You need to allow Powershellscripts - in a Powershell console (with Adminrights) run: Set-ExecutionPolicy RemoteSigned (maybe "unrestricted could do the job too, you can set it back to restricted later) 2) Then run the script (with Adminrights too) 3) THis could take a while !!! Some really rare folders (probably Symbolic NTFS Links, Junctions or Similar) give Errormessages, - you can ignore it ! cd "C:\" foreach ($i in Get-ChildItem -Recurse -Force| ?{ $_.PSIsContainer}) { echo $i.FullName $acl=Get-ACL $i.FullName $acl.SetAccessRuleProtection($True, $True) Set-Acl $i.FullName -AclObject $acl } (this little success brings me some steps forward, in getting a clean os, - next step is setting r/w permissions for buildIN Admin, and then check the 1355 dll´s i identified, that can be called by regsvr32) - (maybe i could replace reginherits too...) mfg R4D3 Edit: Uhm, sorry my Script seems to switch all folderinherits like 180 degree (good for folders with inherits, but not for folders without - SetAccessRuleProtection($True, $False) seems to be better, and with giving Adminrights this hopefully does it: Edit: Just moved $acl.SetAccessRuleProtection($True, $True) before the new rule (cause, first the existing inherits must be replaced with local one, before the new-Object Rule, took them off and give Built-In Admin permissions.... cd "C:\" foreach ($i in Get-ChildItem -Recurse -Force| ?{$_.PSIsContainer}){ echo $i.FullName $acl=Get-ACL $i.FullName $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.FileSystemRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $acl.SetAccessRuleProtection($True, $True) $rule=New-Object System.Security.AccessControl.FileSystemAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl.SetAccessRule($rule) Set-Acl $i.FullName -AclObject $acl }
  9. i use this from here http://www.alkanesolutions.co.uk/2016/06/29/set-registry-key-permissions-powershell/ (i check so many scripts for my RepairService Script, - with this one, i got "lucky" It just add Permissions for the BuildIn Admin, without breaking something (like Regini does...) but you need to allow PS-Scripts first... - in a Admin Powershell type: Set-ExecutionPolicy RemoteSigned (maybe "unrestricted could do the job too, - restart after change.. standard is: Restricted) Remind to Change the ALC Name to your OS Language, and change VORDEFINIERT\Administratoren to BUILTIN\Administrators First define your Regpath as EnvVariable "Dienst", then Call it: (The HKLM: is correct call for Powershell in this case...) Set Dienst=HKLM:\SYSTEM\CurrentControlSet\Services\YOURService powershell.exe -file "This Script.ps1" $Service=$Env:Dienst $acl=Get-Acl $Service $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.RegistryRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $rule=New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl|Set-Acl
  10. UPDATE: R4D3_Service_Fix.zip NEW: Grants "Build-In Admin" Permissions with a called PowershellSkript (just a minimal single Entry that allow BuiltIn Admins to change the RegEntry) IMPORTANT: If your Windows is NON-English (like mine) you need to change 1 Entry in the Powershellscript ! - Read the Comment in the Phoenix.bat You need to Run AdminPowershell, and run: Set-ExecutionPolicy RemoteSigned one time (to allow Powershellscripts - dont forget to Restart then !) You can turn it off with Set-ExecutionPolicy Restricted after... Edit: You have, to rightcklick each file, - and click allow (there is a flag on the files, that they are from another computer... - next time i zip them from a Fat32 Filesystem, then this flag shouldn´t be there...) Files: - Phoenix.bat Change All Services to their Original State (Creators Update W10 Home) (Highly Recommend New: Grants Admin Reg Permissions for Protected Services) - R4D3_Service_Fix.bat Yeah Hell MS, i fixed them ! (Change 22 Services & 1 Driver to Disabled, 7 to Demand) New: Grants Admin Reg Permissions for Protected Services) - PhoenixCall.ps1 Powershellscript thats be called from the Batchfiles to Grant Permission Note: you can check all Service acl flags with (even to get names you can place in the PhoenixCall.ps1) this powershell command:
  11. They did it in the German Version.... Exapmle of funny MS Translation: 1) SUBACLS... - Example: The User "Everyone" is translated to "Jeder"... - a English Script, that need to change Rights, just don´t work ! If it is a .cmd i can change it myself, - in an .exefile - no chance... 2) Folders: - I can´t trust Explorer anymore (cause MS used the Dektop.ini files - to call the mui´s) - in a German XP the Path %ProgramFiles% is called "Programme" and this was the real Foldername - in Windows 10 the Explorer shows the Folder as "Programme" but the foldername is "C:\Program Files" - I would wish they did it otherways - (Using Mui´s for SubACLS not a real Translation, and for Folders the real one... - like they did in the past...) P.S. They translated most of the ACL´s not only "Everyone" - they even did mui-files for "Short-Cut-Names" oO & there is no hint, that the desktop.ini files does different things than before... P.P.S On their Auto-Translated Help pages - they even translate Commands and Flags
  12. Nah, its ok - thx (it has a little error at Plug & Play, cause of the & - but i can live with that...) I think about trying to delete some dependency flags, - maybe then i can disable more services, without eventlog errors...
  13. Let the Re-Tweakage Begin

    Maybe this error just happens in localized versions, or its a Home/Premium/blabla thing ! If i like to run your script on a "VM Fresh Installed Windows 10 Home" in German with UAC disabled: I end up in System32, if i choose "Als Administrator ausführen" ! Only "CD /D %~dp0" fix this... @Echo Off CD /D %~dp0 Echo Path is %CD% Pause - So if you like to Present your Tool for all people, you have to add CD /D %~dp0 Not a big deal...
  14. Let the Re-Tweakage Begin

    Hell YES, (I remember it now... - Lost my Brain somewhere...) - So, I was just able to show the problem, but not to find an elegant solution - good boy
×