$CLSID = "{D63B10C5-BB46-4990-A94F-E40B9D520160}"$APPID = "{9CA88EE3-ACB7-47C8

1. $CLSID = "{D63B10C5-BB46-4990-A94F-E40B9D520160}"
2. $APPID = "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}"
3.  
4. function enable-privilege {
5.  param(
6.   [ValidateSet(
7.    "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
8.    "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
9.    "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
10.    "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
11.    "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
12.    "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
13.    "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
14.    "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
15.    "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
16.    "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
17.    "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
18.   $Privilege,
19.   $ProcessId = $pid,
20.   [Switch] $Disable
21.  )
22.  
23.  ## Taken from P/Invoke.NET with minor adjustments.
24.  $definition = @'
25. using System;
26. using System.Runtime.InteropServices;
27.  
28. public class AdjPriv
29. {
30.  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
31.  internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
32.   ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
33.  
34.  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
35.  internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
36.  [DllImport("advapi32.dll", SetLastError = true)]
37.  internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
38.  [StructLayout(LayoutKind.Sequential, Pack = 1)]
39.  internal struct TokPriv1Luid
40.  {
41.   public int Count;
42.   public long Luid;
43.   public int Attr;
44.  }
45.  
46.  internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
47.  internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
48.  internal const int TOKEN_QUERY = 0x00000008;
49.  internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
50.  public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
51.  {
52.   bool retVal;
53.   TokPriv1Luid tp;
54.   IntPtr hproc = new IntPtr(processHandle);
55.   IntPtr htok = IntPtr.Zero;
56.   retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
57.   tp.Count = 1;
58.   tp.Luid = 0;
59.   if(disable)
60.   {
61.    tp.Attr = SE_PRIVILEGE_DISABLED;
62.   }
63.   else
64.   {
65.    tp.Attr = SE_PRIVILEGE_ENABLED;
66.   }
67.   retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
68.   retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
69.   return retVal;
70.  }
71. }
72. '@
73.  
74.  $processHandle = (Get-Process -id $ProcessId).Handle
75.  $type = Add-Type $definition -PassThru
76.  $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
77. }
78.  
79. try {
80.     Write-Host "Script start"
81.    
82.     Write-Host "CLSID is $CLSID"
83.     Write-Host "APPID is $APPID"
84.  
85.     enable-privilege SeTakeOwnershipPrivilege
86.     enable-privilege SeRestorePrivilege
87.    
88.     $key = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey("CLSID\$CLSID",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
89.  
90.     if ($key -eq $null) {
91.         Write-Host "Unable to get registry key HKCR:\CLSID\$CLSID"
92.         exit 1
93.     }
94.  
95.     Write-Host "Opened registry key $($key.Name)"
96.  
97.     #$acl = $key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None)
98.     #$me = [System.Security.Principal.NTAccount]"t-alien\tome"
99.     #$admin = [System.Security.Principal.NTAccount]"Administrator"
100.     #$acl.SetOwner($admin)
101.     #$key.SetAccessControl($acl)
102.     $cname = $env:computername
103.     $admin = [System.Security.Principal.NTAccount]"$cname\Administrator"
104.     Write-Host "Setting owner to $($admin.Value)"
105.  
106.     $acl = $key.GetAccessControl()
107.     $acl.SetOwner($admin)
108.     $key.SetAccessControl($acl)
109.     $key.Close()
110.    
111.     #$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrator","FullControl","Allow")
112.     #$acl.SetAccessRule($rule)
113.     #$key.SetAccessControl($acl)
114. } catch {
115.     $ErrorMessage = $_.Exception.Message
116.     $FailedItem = $_.Exception.ItemName
117.     Write-Host "Error running setDCOMpermissions"
118.     Write-Host $_.Exception|format-list
119.     exit 1
120. }
121.  
122. #$CLSID = "{3f2db10f-6368-4702-a4b1-e5149d931371}"
123. #New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
124. #$key = Get-Item "HKCR:\CLSID\$CLSID\"
125. #$values = Get-ItemProperty $key.PSPath
126. #$values.'(default)'
127.  
128. #$key = Get-Item "HKCR:\AppID\$CLSID\"
129. #$values = Get-ItemProperty $key.PSPath
130. #$values.'(default)'
131. #Remove-PSDrive -Name  HKCR
132. Write-Host "Script complete"