Instantly share code, notes, and snippets.
Forked from AveYo/Take_Ownership_Advanced_Context_Menu.reg
Created
May 23, 2024 02:51
-
Star
0
(0)
You must be signed in to star a gist -
Fork
0
(0)
You must be signed in to fork a gist
-
Save doggeddalle/bc6f61f500db4cfc7f5c768a030752f0 to your computer and use it in GitHub Desktop.
Take_Ownership_Advanced_Context_Menu.reg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| ; Take_Ownership_Advanced_Context_Menu.reg by AveYo v2018-07-19 | |
| ; ================================================================================================================================= | |
| ; GAIN ACCESS: Inherit from parent: YES, Owner = current user, Owner Rights = Modify | |
| ; GAIN EXCLUSIVE ACCESS: Inherit from parent: NO, Owner = current user, Owner Rights = FullControl | |
| ; USERS GAIN EXCLUSIVE ACCESS FOR NEW FILES: Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl | |
| ; CLEAR GAINED ACCESS: Inherit from parent: YES, Owner = Inherited or Administrators, Authenticated Users = Inherited or Modify | |
| ; ================================================================================================================================= | |
| ; Single context menu entry added for files, folders (except C:\Windows etc.) and drives (except C:) with the 4 choices above | |
| ; Properly gain access for limited accounts. SYSTEM and TrustedInstaller safeguard. Restore Inheritance recursively if possible. | |
| ; ~25% faster than conventional takeown + icacls (mechanical drive, folder with 4000 subfolders, 36000 files, 8GiB as test) | |
| [-HKEY_CLASSES_ROOT\*\shell\runas] | |
| [-HKEY_CLASSES_ROOT\Directory\shell\runas] | |
| [-HKEY_CLASSES_ROOT\*\shell\322takeown] | |
| [-HKEY_CLASSES_ROOT\Directory\shell\322takeown] | |
| [-HKEY_CLASSES_ROOT\Drive\shell\322takeown] | |
| [-HKEY_CLASSES_ROOT\*\shell\322clearown] | |
| [-HKEY_CLASSES_ROOT\Directory\shell\322clearown] | |
| [-HKEY_CLASSES_ROOT\Drive\shell\322clearown] | |
| [-HKEY_CLASSES_ROOT\*\shell\322freeown] | |
| [-HKEY_CLASSES_ROOT\Directory\shell\322freeown] | |
| [-HKEY_CLASSES_ROOT\Drive\shell\322freeown] | |
| ; Cleanup older versions and concurrent scripts | |
| [-HKEY_CLASSES_ROOT\*\shell\TakeOwnership] | |
| [-HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership] | |
| [-HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership] | |
| ; To remove context-menu entries, copy paste into a new .reg everything above | |
| ; Main context-menu entries and idiotproof filters | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership] | |
| "MuiVerb"="Take Ownership" | |
| "SubCommands"="" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership] | |
| "MuiVerb"="Take Ownership" | |
| "SubCommands"="" | |
| "HasLUAShield"="" | |
| "AppliesTo"="NOT (System.ItemPathDisplay:=\"C:\\Users\" OR System.ItemPathDisplay:=\"C:\\ProgramData\" OR System.ItemPathDisplay:=\"C:\\Program Files\" OR System.ItemPathDisplay:=\"C:\\Program Files (x86)\" OR System.ItemPathDisplay:=\"C:\\Windows\")" | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership] | |
| "MuiVerb"="Take Ownership" | |
| "SubCommands"="" | |
| "HasLUAShield"="" | |
| "AppliesTo"="NOT (System.ItemPathDisplay:=\"C:\\\")" | |
| ;================================================================================================================================== | |
| ; GAIN RIGHTS: Inherit from parent: YES, Owner = current user, Owner Rights = Modify | |
| ;================================================================================================================================== | |
| ; All file types | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\01addme] | |
| "MuiVerb"="Gain access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\01addme\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| ; Folders | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\01addme] | |
| "MuiVerb"="Gain access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\01addme\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''ContainerInherit,ObjectInherit'',''None'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs \"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''ContainerInherit,ObjectInherit'',''None'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs \"" | |
| ; Partitions | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\01addme] | |
| "MuiVerb"="Gain access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\01addme\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadAndExecute, CreateFiles, CreateDirectories'', ''FullControl'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadAndExecute, CreateFiles, CreateDirectories'', ''FullControl'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| ;================================================================================================================================== | |
| ; GAIN EXCLUSIVE RIGHTS: Inherit from parent: NO, Owner = current user, Owner Rights = FullControl | |
| ;================================================================================================================================== | |
| ; All file types | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\02justme] | |
| "MuiVerb"="Gain exclusive access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\02justme\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| ; Folders | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\02justme] | |
| "MuiVerb"="Gain exclusive access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\02justme\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| ; Partitions | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\02justme] | |
| "MuiVerb"="Gain exclusive access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\02justme\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| ;================================================================================================================================== | |
| ; USERS GAIN EXCLUSIVE RIGHTS FOR NEW FILES: Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl | |
| ;================================================================================================================================== | |
| ; All file types | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\03users] | |
| "MuiVerb"="Users gain exclusive access for new files" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\03users\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\"" | |
| ; Folders | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\03users] | |
| "MuiVerb"="Users gain exclusive access for new files" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\03users\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\"" | |
| ; Partitions | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\03users] | |
| "MuiVerb"="Users gain exclusive access for new files" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\03users\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\"" | |
| ;================================================================================================================================== | |
| ; CLEAR GAINED RIGHTS: Inherit from parent: YES, Owner = Default / Administrators, Authenticated Users = Default / Modify | |
| ;================================================================================================================================== | |
| ; All file types | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\04clear] | |
| "MuiVerb"="Clear gained access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\04clear\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| ; Folders | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\04clear] | |
| "MuiVerb"="Clear gained access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\04clear\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\"" | |
| ; Partitions | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\04clear] | |
| "MuiVerb"="Clear gained access" | |
| "HasLUAShield"="" | |
| [HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\04clear\command] | |
| @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Clear Ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-5-11'', ''S-1-5-18'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0; $r=0,0,0,0; For($i=0;$i -le 3;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[2]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\"" | |
| "IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Clear Ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-5-11'', ''S-1-5-18'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0; $r=0,0,0,0; For($i=0;$i -le 3;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[2]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\"" | |
| ; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment