Skip to content

Commit 2d592de

Browse files
committed
Refactor ownership and removal functions
1 parent bc8b5b7 commit 2d592de

1 file changed

Lines changed: 75 additions & 72 deletions

File tree

isoDebloaterScript.ps1

Lines changed: 75 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -168,65 +168,90 @@ function Remove-TempFiles {
168168
Remove-Item $transcript -Force 2>&1 | Write-Log
169169
}
170170

171-
# Force Remove Function
172-
function Set-OwnAndRemove {
173-
param([Parameter(Mandatory)][string]$Path)
174-
175-
try {
176-
$FullPath = [System.IO.Path]::GetFullPath($Path)
177-
if (-not (Test-Path -Path $FullPath)) { return $true }
178-
179-
# ACL method
171+
# Set Ownership Permissions
172+
function Set-Ownership {
173+
param([string]$Path, [string[]]$Registry)
174+
if ($Path) {
180175
try {
176+
$FullPath = [System.IO.Path]::GetFullPath($Path)
177+
if (-not (Test-Path -Path $FullPath)) { return $true }
181178
$IsFolder = (Get-Item $FullPath).PSIsContainer
182179
$Acl = Get-Acl $FullPath
183180
$Acl.SetOwner([System.Security.Principal.NTAccount]"Administrators")
184181
$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
185-
186-
if ($IsFolder) { $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow") }
187-
else { $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser, "FullControl", "Allow") }
188-
182+
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser, "FullControl", $(if ($IsFolder) {"ContainerInherit,ObjectInherit"} else {"None"}), "None", "Allow")
189183
$Acl.SetAccessRule($AccessRule)
190184
Set-Acl -Path $FullPath -AclObject $Acl
191-
192-
# Apply to child items if folder
193-
if ($IsFolder) {
194-
Get-ChildItem -Path $FullPath -Recurse -Force -ErrorAction SilentlyContinue | ForEach-Object {
195-
try {
196-
$ChildAcl = Get-Acl $_.FullName
197-
$ChildAcl.SetOwner([System.Security.Principal.NTAccount]"Administrators")
198-
$ChildAcl.SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser, "FullControl", "Allow")))
199-
Set-Acl -Path $_.FullName -AclObject $ChildAcl
200-
} catch {}
201-
}
202-
}
203-
204-
Remove-Item -Path $FullPath -Force -Recurse -ErrorAction Stop
205-
"Removed with ACL: $FullPath" | Write-Log
185+
if ($IsFolder) { Get-ChildItem -Path $FullPath -Recurse -Force -ErrorAction SilentlyContinue | ForEach-Object {
186+
try { $ChildAcl = Get-Acl $_.FullName
187+
$ChildAcl.SetOwner([System.Security.Principal.NTAccount]"Administrators")
188+
$ChildAcl.SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser, "FullControl", "Allow")))
189+
Set-Acl -Path $_.FullName -AclObject $ChildAcl }
190+
catch {}
191+
}}
192+
Write-Log -msg "Set ownership for: $FullPath"
206193
return $true
207-
} catch {}
208-
209-
# icacls fallback
194+
} catch { Write-Log -msg "Failed to own path: $Path - $($_.Exception.Message)"; return $false }
195+
}
196+
if ($Registry) {
210197
try {
211-
if($IsFolder) { takeown /F "$FullPath" /R /D Y 2>&1 | Write-Log } else { takeown /F "$FullPath" /A 2>&1 | Write-Log }
212-
213-
foreach ($Perm in @("*S-1-5-32-544:F", "System:F", "Administrators:F", "$CurrentUser`:F")) {
214-
if($IsFolder) { icacls "$FullPath" /grant:R "$Perm" /T /C 2>&1 | Write-Log } else { icacls "$FullPath" /grant:R "$Perm" 2>&1 | Write-Log }
215-
if ($LASTEXITCODE -eq 0) { break }
198+
$sid = (New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators")).Translate([System.Security.Principal.SecurityIdentifier])
199+
$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "ContainerInherit", "None", "Allow")
200+
foreach ($keyPath in $Registry) {
201+
try {
202+
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($keyPath, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership)
203+
if ($key) { $acl = $key.GetAccessControl()
204+
$acl.SetOwner($sid)
205+
$key.SetAccessControl($acl)
206+
$key.Close()
207+
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($keyPath, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::ChangePermissions)
208+
if ($key) { $acl = $key.GetAccessControl()
209+
$acl.SetAccessRule($rule)
210+
$key.SetAccessControl($acl)
211+
$key.Close()
212+
Write-Log -msg "Set ownership for registry: $keyPath"
213+
}
214+
} else { Write-Log -msg "Unable to open reg-key: $keyPath" }
215+
} catch {}
216216
}
217-
218-
Remove-Item -Path $FullPath -Force -Recurse -ErrorAction Stop
219-
"Removed with icacls: $FullPath" | Write-Log
220217
return $true
221-
} catch {}
222-
223-
"Failed to remove: $FullPath" | Write-Log
224-
return $false
225-
}
226-
catch {
227-
"Error: $Path - $($_.Exception.Message)" | Write-Log
228-
return $false
218+
} catch { Write-Log -msg "Failed to own reg-key: $($_.Exception.Message)"; return $false }
229219
}
220+
return $false
221+
}
222+
223+
# Force Remove Function
224+
function Set-OwnAndRemove {
225+
param([Parameter(Mandatory=$true)][string]$Path)
226+
try {
227+
$FullPath = [System.IO.Path]::GetFullPath($Path)
228+
if (-not (Test-Path -Path $FullPath)) { return $true }
229+
try {
230+
$ownershipResult = Set-Ownership -Path $Path
231+
if (-not $ownershipResult) { throw "ACL method failed" }
232+
Remove-Item -Path $FullPath -Force -Recurse -ErrorAction Stop
233+
Write-Log -msg "Removed with ACL: $FullPath"
234+
return $true
235+
} catch {
236+
Write-Log -msg "ACL method failed for: $FullPath"
237+
try {
238+
$IsFolder = (Get-Item $FullPath -ErrorAction Stop).PSIsContainer
239+
$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
240+
if($IsFolder) { takeown /F "$FullPath" /R /D Y 2>&1 | Write-Log }
241+
else { takeown /F "$FullPath" /A 2>&1 | Write-Log }
242+
foreach ($Perm in @("*S-1-5-32-544:F", "System:F", "Administrators:F", "$CurrentUser`:F")) {
243+
try {
244+
if($IsFolder) { icacls "$FullPath" /grant:R "$Perm" /T /C 2>&1 | Write-Log }
245+
else { icacls "$FullPath" /grant:R "$Perm" 2>&1 | Write-Log }
246+
if ($LASTEXITCODE -eq 0) { break }
247+
} catch { continue }
248+
}
249+
Remove-Item -Path $FullPath -Force -Recurse -ErrorAction Stop
250+
Write-Log -msg "Removed with icacls: $FullPath"
251+
return $true
252+
} catch { Write-Log -msg "Failed to remove: $FullPath - $($_.Exception.Message)"; return $false }
253+
}
254+
} catch { Write-Log -msg "Error processing path: $Path - $($_.Exception.Message)"; return $false }
230255
}
231256

232257
# Image Info Function
@@ -338,8 +363,8 @@ else {
338363
Exit
339364
}
340365

341-
$sourceDrive = "${sourceDriveLetter}:\" # Source Drive of ISO
342-
$destinationPath = "$env:SystemDrive\WIDTemp\winlite" # Destination Path
366+
$sourceDrive = "${sourceDriveLetter}:\" # Source Drive of ISO
367+
$destinationPath = "$env:SystemDrive\WIDTemp\winlite" # Destination Path
343368
$installMountDir = "$env:SystemDrive\WIDTemp\mountdir\installWIM" # Mount Directory
344369

345370
# Copy Files
@@ -816,30 +841,8 @@ reg load HKLM\zSOFTWARE "$installMountDir\Windows\System32\config\SOFTWARE" 2>&1
816841
reg load HKLM\zSYSTEM "$installMountDir\Windows\System32\config\SYSTEM" 2>&1 | Write-Log
817842

818843
# Setting Permissions
819-
try {
820-
$sid = (New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators")).Translate([System.Security.Principal.SecurityIdentifier])
821-
$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "ContainerInherit", "None", "Allow")
844+
Set-Ownership -Registry @("zSOFTWARE\Microsoft\Windows\CurrentVersion\Communications", "zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks", "zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows", "zSOFTWARE\Microsoft\WindowsRuntime\Server\Windows.Gaming.GameBar.Internal.PresenceWriterServer")
822845

823-
foreach ($keyPath in @("zSOFTWARE\Microsoft\Windows\CurrentVersion\Communications", "zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks", "zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows", "zSOFTWARE\Microsoft\WindowsRuntime\Server\Windows.Gaming.GameBar.Internal.PresenceWriterServer")) {
824-
try {
825-
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($keyPath, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership)
826-
if ($key) {
827-
$acl = $key.GetAccessControl()
828-
$acl.SetOwner($sid)
829-
$key.SetAccessControl($acl)
830-
$key.Close()
831-
832-
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($keyPath, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::ChangePermissions)
833-
$acl = $key.GetAccessControl()
834-
$acl.SetAccessRule($rule)
835-
$key.SetAccessControl($acl)
836-
$key.Close()
837-
}
838-
}
839-
catch {}
840-
}
841-
}
842-
catch {}
843846
Write-Host ("[OK] Registry loaded") -ForegroundColor Green
844847

845848
# Modify registry settings

0 commit comments

Comments
 (0)