@@ -168,65 +168,90 @@ function Remove-TempFiles {
168168 Remove-Item $transcript - Force 2>&1 | Write-Log
169169}
170170
171- # Force Remove Function
172- function Set-OwnAndRemove {
173- param ([Parameter (Mandatory )][string ]$Path )
174-
175- try {
176- $FullPath = [System.IO.Path ]::GetFullPath($Path )
177- if (-not (Test-Path - Path $FullPath )) { return $true }
178-
179- # ACL method
171+ # Set Ownership Permissions
172+ function Set-Ownership {
173+ param ([string ]$Path , [string []]$Registry )
174+ if ($Path ) {
180175 try {
176+ $FullPath = [System.IO.Path ]::GetFullPath($Path )
177+ if (-not (Test-Path - Path $FullPath )) { return $true }
181178 $IsFolder = (Get-Item $FullPath ).PSIsContainer
182179 $Acl = Get-Acl $FullPath
183180 $Acl.SetOwner ([System.Security.Principal.NTAccount ]" Administrators" )
184181 $CurrentUser = [System.Security.Principal.WindowsIdentity ]::GetCurrent().Name
185-
186- if ($IsFolder ) { $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser , " FullControl" , " ContainerInherit,ObjectInherit" , " None" , " Allow" ) }
187- else { $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser , " FullControl" , " Allow" ) }
188-
182+ $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser , " FullControl" , $ (if ($IsFolder ) {" ContainerInherit,ObjectInherit" } else {" None" }), " None" , " Allow" )
189183 $Acl.SetAccessRule ($AccessRule )
190184 Set-Acl - Path $FullPath - AclObject $Acl
191-
192- # Apply to child items if folder
193- if ($IsFolder ) {
194- Get-ChildItem - Path $FullPath - Recurse - Force - ErrorAction SilentlyContinue | ForEach-Object {
195- try {
196- $ChildAcl = Get-Acl $_.FullName
197- $ChildAcl.SetOwner ([System.Security.Principal.NTAccount ]" Administrators" )
198- $ChildAcl.SetAccessRule ((New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser , " FullControl" , " Allow" )))
199- Set-Acl - Path $_.FullName - AclObject $ChildAcl
200- } catch {}
201- }
202- }
203-
204- Remove-Item - Path $FullPath - Force - Recurse - ErrorAction Stop
205- " Removed with ACL: $FullPath " | Write-Log
185+ if ($IsFolder ) { Get-ChildItem - Path $FullPath - Recurse - Force - ErrorAction SilentlyContinue | ForEach-Object {
186+ try { $ChildAcl = Get-Acl $_.FullName
187+ $ChildAcl.SetOwner ([System.Security.Principal.NTAccount ]" Administrators" )
188+ $ChildAcl.SetAccessRule ((New-Object System.Security.AccessControl.FileSystemAccessRule($CurrentUser , " FullControl" , " Allow" )))
189+ Set-Acl - Path $_.FullName - AclObject $ChildAcl }
190+ catch {}
191+ }}
192+ Write-Log - msg " Set ownership for: $FullPath "
206193 return $true
207- } catch {}
208-
209- # icacls fallback
194+ } catch { Write-Log - msg " Failed to own path: $Path - $ ( $_ .Exception.Message ) " ; return $false }
195+ }
196+ if ( $Registry ) {
210197 try {
211- if ($IsFolder ) { takeown / F " $FullPath " / R / D Y 2>&1 | Write-Log } else { takeown / F " $FullPath " / A 2>&1 | Write-Log }
212-
213- foreach ($Perm in @ (" *S-1-5-32-544:F" , " System:F" , " Administrators:F" , " $CurrentUser `:F" )) {
214- if ($IsFolder ) { icacls " $FullPath " / grant:R " $Perm " / T / C 2>&1 | Write-Log } else { icacls " $FullPath " / grant:R " $Perm " 2>&1 | Write-Log }
215- if ($LASTEXITCODE -eq 0 ) { break }
198+ $sid = (New-Object System.Security.Principal.NTAccount(" BUILTIN\Administrators" )).Translate([System.Security.Principal.SecurityIdentifier ])
199+ $rule = New-Object System.Security.AccessControl.RegistryAccessRule(" Administrators" , " FullControl" , " ContainerInherit" , " None" , " Allow" )
200+ foreach ($keyPath in $Registry ) {
201+ try {
202+ $key = [Microsoft.Win32.Registry ]::LocalMachine.OpenSubKey($keyPath , [Microsoft.Win32.RegistryKeyPermissionCheck ]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights ]::TakeOwnership)
203+ if ($key ) { $acl = $key.GetAccessControl ()
204+ $acl.SetOwner ($sid )
205+ $key.SetAccessControl ($acl )
206+ $key.Close ()
207+ $key = [Microsoft.Win32.Registry ]::LocalMachine.OpenSubKey($keyPath , [Microsoft.Win32.RegistryKeyPermissionCheck ]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights ]::ChangePermissions)
208+ if ($key ) { $acl = $key.GetAccessControl ()
209+ $acl.SetAccessRule ($rule )
210+ $key.SetAccessControl ($acl )
211+ $key.Close ()
212+ Write-Log - msg " Set ownership for registry: $keyPath "
213+ }
214+ } else { Write-Log - msg " Unable to open reg-key: $keyPath " }
215+ } catch {}
216216 }
217-
218- Remove-Item - Path $FullPath - Force - Recurse - ErrorAction Stop
219- " Removed with icacls: $FullPath " | Write-Log
220217 return $true
221- } catch {}
222-
223- " Failed to remove: $FullPath " | Write-Log
224- return $false
225- }
226- catch {
227- " Error: $Path - $ ( $_.Exception.Message ) " | Write-Log
228- return $false
218+ } catch { Write-Log - msg " Failed to own reg-key: $ ( $_.Exception.Message ) " ; return $false }
229219 }
220+ return $false
221+ }
222+
223+ # Force Remove Function
224+ function Set-OwnAndRemove {
225+ param ([Parameter (Mandatory = $true )][string ]$Path )
226+ try {
227+ $FullPath = [System.IO.Path ]::GetFullPath($Path )
228+ if (-not (Test-Path - Path $FullPath )) { return $true }
229+ try {
230+ $ownershipResult = Set-Ownership - Path $Path
231+ if (-not $ownershipResult ) { throw " ACL method failed" }
232+ Remove-Item - Path $FullPath - Force - Recurse - ErrorAction Stop
233+ Write-Log - msg " Removed with ACL: $FullPath "
234+ return $true
235+ } catch {
236+ Write-Log - msg " ACL method failed for: $FullPath "
237+ try {
238+ $IsFolder = (Get-Item $FullPath - ErrorAction Stop).PSIsContainer
239+ $CurrentUser = [System.Security.Principal.WindowsIdentity ]::GetCurrent().Name
240+ if ($IsFolder ) { takeown / F " $FullPath " / R / D Y 2>&1 | Write-Log }
241+ else { takeown / F " $FullPath " / A 2>&1 | Write-Log }
242+ foreach ($Perm in @ (" *S-1-5-32-544:F" , " System:F" , " Administrators:F" , " $CurrentUser `:F" )) {
243+ try {
244+ if ($IsFolder ) { icacls " $FullPath " / grant:R " $Perm " / T / C 2>&1 | Write-Log }
245+ else { icacls " $FullPath " / grant:R " $Perm " 2>&1 | Write-Log }
246+ if ($LASTEXITCODE -eq 0 ) { break }
247+ } catch { continue }
248+ }
249+ Remove-Item - Path $FullPath - Force - Recurse - ErrorAction Stop
250+ Write-Log - msg " Removed with icacls: $FullPath "
251+ return $true
252+ } catch { Write-Log - msg " Failed to remove: $FullPath - $ ( $_.Exception.Message ) " ; return $false }
253+ }
254+ } catch { Write-Log - msg " Error processing path: $Path - $ ( $_.Exception.Message ) " ; return $false }
230255}
231256
232257# Image Info Function
@@ -338,8 +363,8 @@ else {
338363 Exit
339364}
340365
341- $sourceDrive = " ${sourceDriveLetter} :\" # Source Drive of ISO
342- $destinationPath = " $env: SystemDrive \WIDTemp\winlite" # Destination Path
366+ $sourceDrive = " ${sourceDriveLetter} :\" # Source Drive of ISO
367+ $destinationPath = " $env: SystemDrive \WIDTemp\winlite" # Destination Path
343368$installMountDir = " $env: SystemDrive \WIDTemp\mountdir\installWIM" # Mount Directory
344369
345370# Copy Files
@@ -816,30 +841,8 @@ reg load HKLM\zSOFTWARE "$installMountDir\Windows\System32\config\SOFTWARE" 2>&1
816841reg load HKLM\zSYSTEM " $installMountDir \Windows\System32\config\SYSTEM" 2>&1 | Write-Log
817842
818843# Setting Permissions
819- try {
820- $sid = (New-Object System.Security.Principal.NTAccount(" BUILTIN\Administrators" )).Translate([System.Security.Principal.SecurityIdentifier ])
821- $rule = New-Object System.Security.AccessControl.RegistryAccessRule(" Administrators" , " FullControl" , " ContainerInherit" , " None" , " Allow" )
844+ Set-Ownership - Registry @ (" zSOFTWARE\Microsoft\Windows\CurrentVersion\Communications" , " zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" , " zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows" , " zSOFTWARE\Microsoft\WindowsRuntime\Server\Windows.Gaming.GameBar.Internal.PresenceWriterServer" )
822845
823- foreach ($keyPath in @ (" zSOFTWARE\Microsoft\Windows\CurrentVersion\Communications" , " zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" , " zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows" , " zSOFTWARE\Microsoft\WindowsRuntime\Server\Windows.Gaming.GameBar.Internal.PresenceWriterServer" )) {
824- try {
825- $key = [Microsoft.Win32.Registry ]::LocalMachine.OpenSubKey($keyPath , [Microsoft.Win32.RegistryKeyPermissionCheck ]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights ]::TakeOwnership)
826- if ($key ) {
827- $acl = $key.GetAccessControl ()
828- $acl.SetOwner ($sid )
829- $key.SetAccessControl ($acl )
830- $key.Close ()
831-
832- $key = [Microsoft.Win32.Registry ]::LocalMachine.OpenSubKey($keyPath , [Microsoft.Win32.RegistryKeyPermissionCheck ]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights ]::ChangePermissions)
833- $acl = $key.GetAccessControl ()
834- $acl.SetAccessRule ($rule )
835- $key.SetAccessControl ($acl )
836- $key.Close ()
837- }
838- }
839- catch {}
840- }
841- }
842- catch {}
843846Write-Host (" [OK] Registry loaded" ) - ForegroundColor Green
844847
845848# Modify registry settings
0 commit comments