====== Set-​Execution​Policy so Powershell is useable ====== 2020-07-19 -ExecutionPolicy Specifies the execution policy. If there are no Group Policies and each scope's execution policy is set to Undefined, then Restricted becomes the effective policy for all users. The acceptable execution policy values are as follows: • AllSigned. Requires that all scripts and configuration files are signed by a trusted publisher, including scripts written on the local computer. • Bypass. Nothing is blocked and there are no warnings or prompts. • Default. Sets the default execution policy. Restricted for Windows clients or RemoteSigned for Windows servers. • RemoteSigned. Requires that all scripts and configuration files downloaded from the Internet are signed by a trusted publisher. The default execution policy for Windows server computers. • Restricted. Doesn't load configuration files or run scripts. The default execution policy Windows client computers. • Undefined. No execution policy is set for the scope. Removes an assigned execution policy from a scope that is not set by a Group Policy. If the execution policy in all scopes is Undefined, the effective execution policy is Restricted. • Unrestricted. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs. Set-ExecutionPolicy -ExecutionPolicy ByPass From ====== Set-​Execution​Policy and About Signing ====== From: https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Security/Set-ExecutionPolicy?view=powershell-5.1 From: https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/about_Signing?view=powershell-5.1 The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy. The Restricted execution policy does not permit any scripts to run. The AllSigned and RemoteSigned execution policies prevent Windows PowerShell from running scripts that do not have a digital signature.+ This topic explains how to run selected scripts that are not signed, even while the execution policy is RemoteSigned, and how to sign scripts for your own use. ====== Commands ====== http://technet.microsoft.com/en-us/library/ee176949.aspx Get-ExecutionPolicy http://technet.microsoft.com/en-us/library/ee176961.aspx Set-ExecutionPolicy RemoteSigned & "C:\My Scripts\Test.ps1" Get-Service | Sort-Object Status | Format-Table ====== Removing Security protected files from c:\ after infection of bProtector ====== PowerShell Community Extensions (PSCX) http://pscx.codeplex.com/releases http://social.technet.microsoft.com/Forums/eu/winserverpowershell/thread/87679d43-04d5-4894-b35b-f37a6f5558cb Solution: (First: Thanks to AlfredHall & Sheng Jiang for starting me in the right direction in their discussion here) 0) Run PS as administrator if UAC is enabled. 1) Use PSCX to elevate your privileges Import-Module "PSCX" Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership 2) Create a new, Owner-only ACL with only the Owner specified with the administrative group as the owner. $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators') 3) Use SetAccessControl to set that Owner. (Get-Item "F:\testpath\locked").SetAccessControl($blankdirAcl) 4) Modify File Permissions, Auditing, Ownership using Get-Acl, Set-Acl as normal. --------- By using the new Owner-only ACL object and SetAccessControl, Ownership has now changed to Administrators and you can use Get-Acl,Set-Acl as desired. In honor of Diana - goddess of the hunt - Import-Module -Name "C:\Users\Diana\Downloads\Pscx-2.1.1\PSCX" -verbose Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'Diana-PC\Diana') (Get-Item "c:\6dc5d7208340ab9995c48afe1508").SetAccessControl($blankdirAcl) takeown /F "c:\6dc5d7208340ab9995c48afe1508" /R /D Y $Acl = Get-Acl "C:\6dc5d7208340ab9995c48afe1508" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "C:\6dc5d7208340ab9995c48afe1508" $Acl $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Acl $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\searchplugins" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Acl $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows\2.2.453.59" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows\2.2.453.59" $Acl rmdir "c:\6dc5d7208340ab9995c48afe1508" Did it for one! Import-Module -Name "C:\Users\Diana\Downloads\Pscx-2.1.1\PSCX" -verbose Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'Diana-PC\Diana') $excluded = @("hp","users","PerfLogs","Program Files","ProgramData","Qoobox","speedDIAL","System Volume Information","Windows","autoexec.bat","bootmgr","BOOTSECT.BAK","config.sys","hiberfil.sys","IO.SYS","MSDOS.SYS","pagefile.sys","TDSSKiller.2.8.16.0_23.02.2013_08.59.56_log.txt","TDSSKiller.2.8.16.0_23.02.2013_09.20.12_log.txt","updatedatfix.log","Windows Sidebar","Boot","ComboFix","Config.Msi","Documents and Settings","*.BIN") $LockedDirs = Get-ChildItem $Directorypath -force -name -exclude $excluded # get all of the locked directories. #$LockedDirs Foreach ($Locked in $LockedDirs) { $Locked $FileName = "c:\$Locked" $FileName (Get-Item $FileName).SetAccessControl($blankdirAcl) takeown /F $FileName /R /D Y $Acl = Get-Acl $FileName $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl $FileName $Acl $Acl = Get-Acl "$FileName\bProtectorForWindows" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "$FileName\bProtectorForWindows" $Acl $Acl = Get-Acl "$FileName\searchplugins" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "$FileName\bProtectorForWindows" $Acl $Acl = Get-Acl "$FileName\bProtectorForWindows\2.2.453.59" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "$FileName\bProtectorForWindows\2.2.453.59" $Acl rmdir $FileName } Done!