R4D3 Posted May 2, 2017 Share Posted May 2, 2017 (edited) After much of tests i was able to write a Powershell Script, that replace, all inherits of all folders and subfolders (even the one with long names), without taking the Ownership ! Reasons: - Taking the Ownership of a Windows Folder can make much Problems ! (I dont like solutions, that can make more problems than they solve, and i even dont like it, if people say, dont change Permissions of systemfolders blabla - Me, the Owner of my Harddrive, like to have R/W Permissions to all Folders, but some folders get there permission inherit from a Top Folder, and so, i wasnt able to set their permissions... so many commands iacls, dir -ad, some powershell commands and ways, just didn´t do it, but i was able to to it (R4 never gives up...) 1) You need to allow Powershellscripts - in a Powershell console (with Adminrights) run: Set-ExecutionPolicy RemoteSigned (maybe "unrestricted could do the job too, you can set it back to restricted later) 2) Then run the script (with Adminrights too) 3) THis could take a while !!! Some really rare folders (probably Symbolic NTFS Links, Junctions or Similar) give Errormessages, - you can ignore it ! cd "C:\" foreach ($i in Get-ChildItem -Recurse -Force| ?{ $_.PSIsContainer}) { echo $i.FullName $acl=Get-ACL $i.FullName $acl.SetAccessRuleProtection($True, $True) Set-Acl $i.FullName -AclObject $acl } (this little success brings me some steps forward, in getting a clean os, - next step is setting r/w permissions for buildIN Admin, and then check the 1355 dll´s i identified, that can be called by regsvr32) - (maybe i could replace reginherits too...) mfg R4D3 Edit: Uhm, sorry my Script seems to switch all folderinherits like 180 degree (good for folders with inherits, but not for folders without - SetAccessRuleProtection($True, $False) seems to be better, and with giving Adminrights this hopefully does it: Edit: Just moved $acl.SetAccessRuleProtection($True, $True) before the new rule (cause, first the existing inherits must be replaced with local one, before the new-Object Rule, took them off and give Built-In Admin permissions.... cd "C:\" foreach ($i in Get-ChildItem -Recurse -Force| ?{$_.PSIsContainer}){ echo $i.FullName $acl=Get-ACL $i.FullName $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.FileSystemRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $acl.SetAccessRuleProtection($True, $True) $rule=New-Object System.Security.AccessControl.FileSystemAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl.SetAccessRule($rule) Set-Acl $i.FullName -AclObject $acl } Edited May 7, 2017 by R4D3 Link to comment Share on other sites More sharing options...
alacran Posted May 2, 2017 Share Posted May 2, 2017 Maybe this can be of some help: http://www.sordum.org/9416/powerrun-v1-1-run-with-highest-privileges/ alacran Link to comment Share on other sites More sharing options...
R4D3 Posted May 2, 2017 Author Share Posted May 2, 2017 (edited) Edit thx - i willi give it a try Edited May 2, 2017 by R4D3 Link to comment Share on other sites More sharing options...
aviv00 Posted May 3, 2017 Share Posted May 3, 2017 run as cmd Trustedinstaller or any app that can change ntfs Link to comment Share on other sites More sharing options...
R4D3 Posted May 6, 2017 Author Share Posted May 6, 2017 (edited) Just a Notize: - Not sure - did my First Script switch all inherits ??? (remove inherit where one is, and make one where no is) - instead removing all of them ???? (if yes, how to fix that `d*** i hate inherits! - Fixed It - see Edit above) - Now i am trying to remove all inherits from Registry (HKEY_USERS and HKEY_LOCAL_MACHINE) - but hell - i am sitting since days on it, without getting it... - maybe someone can help... Note: The Google Key is just for Testing, - it should run at HKU and HKLM as root normally) - Edit: It works with the "Powerrun" Tool Alacran posted - but only for this key - running for whole HKLM, just crash Powershell.... - and destroy windows foreach ($i in Get-ChildItem Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Google -Recurse -Force -Name) { $name=-join("HKLM:\SOFTWARE\Google","\$i") echo $name $acl=Get-Acl $name $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.RegistryRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $acl.SetAccessRuleProtection($True, $True) $rule=New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl.SetAccessRule($rule) Set-Acl $name $acl } Edited May 7, 2017 by R4D3 Link to comment Share on other sites More sharing options...
alacran Posted May 7, 2017 Share Posted May 7, 2017 (edited) You may also try ExecTI - Run as TrustedInstaller from Winaero: http://winaero.com/download.php?view.1991 Or NSudo from M2Team: https://github.com/M2Team/NSudo This last one has more options, run as TrustedInstaller, System, Administrator, etc and you can have several at the same time, also I think it runs in PowerShell, sounds like the tool you need. I haven't use it. But I read good comments about it in MDL: https://forums.mydigitallife.info/threads/m2-team-nsudo-new-version-4-0.59268/ alacran Edited May 7, 2017 by alacran Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now