Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $CLSID = "{D63B10C5-BB46-4990-A94F-E40B9D520160}"
- $APPID = "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}"
- function enable-privilege {
- param(
- [ValidateSet(
- "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
- "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
- "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
- "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
- "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
- "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
- "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
- "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
- "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
- "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
- "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
- $Privilege,
- $ProcessId = $pid,
- [Switch] $Disable
- )
- ## Taken from P/Invoke.NET with minor adjustments.
- $definition = @'
- using System;
- using System.Runtime.InteropServices;
- public class AdjPriv
- {
- [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
- internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
- ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
- [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
- internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
- [DllImport("advapi32.dll", SetLastError = true)]
- internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
- [StructLayout(LayoutKind.Sequential, Pack = 1)]
- internal struct TokPriv1Luid
- {
- public int Count;
- public long Luid;
- public int Attr;
- }
- internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
- internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
- internal const int TOKEN_QUERY = 0x00000008;
- internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
- public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
- {
- bool retVal;
- TokPriv1Luid tp;
- IntPtr hproc = new IntPtr(processHandle);
- IntPtr htok = IntPtr.Zero;
- retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
- tp.Count = 1;
- tp.Luid = 0;
- if(disable)
- {
- tp.Attr = SE_PRIVILEGE_DISABLED;
- }
- else
- {
- tp.Attr = SE_PRIVILEGE_ENABLED;
- }
- retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
- retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
- return retVal;
- }
- }
- '@
- $processHandle = (Get-Process -id $ProcessId).Handle
- $type = Add-Type $definition -PassThru
- $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
- }
- try {
- Write-Host "Script start"
- Write-Host "CLSID is $CLSID"
- Write-Host "APPID is $APPID"
- enable-privilege SeTakeOwnershipPrivilege
- enable-privilege SeRestorePrivilege
- $key = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey("CLSID\$CLSID",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
- if ($key -eq $null) {
- Write-Host "Unable to get registry key HKCR:\CLSID\$CLSID"
- exit 1
- }
- Write-Host "Opened registry key $($key.Name)"
- #$acl = $key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None)
- #$me = [System.Security.Principal.NTAccount]"t-alien\tome"
- #$admin = [System.Security.Principal.NTAccount]"Administrator"
- #$acl.SetOwner($admin)
- #$key.SetAccessControl($acl)
- $cname = $env:computername
- $admin = [System.Security.Principal.NTAccount]"$cname\Administrator"
- Write-Host "Setting owner to $($admin.Value)"
- $acl = $key.GetAccessControl()
- $acl.SetOwner($admin)
- $key.SetAccessControl($acl)
- $key.Close()
- #$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrator","FullControl","Allow")
- #$acl.SetAccessRule($rule)
- #$key.SetAccessControl($acl)
- } catch {
- $ErrorMessage = $_.Exception.Message
- $FailedItem = $_.Exception.ItemName
- Write-Host "Error running setDCOMpermissions"
- Write-Host $_.Exception|format-list
- exit 1
- }
- #$CLSID = "{3f2db10f-6368-4702-a4b1-e5149d931371}"
- #New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
- #$key = Get-Item "HKCR:\CLSID\$CLSID\"
- #$values = Get-ItemProperty $key.PSPath
- #$values.'(default)'
- #$key = Get-Item "HKCR:\AppID\$CLSID\"
- #$values = Get-ItemProperty $key.PSPath
- #$values.'(default)'
- #Remove-PSDrive -Name HKCR
- Write-Host "Script complete"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement