Marcus Hall

User Tools

Site Tools

Trace: internetexplorer remotedesktop
software:powershell

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:powershell [2013/02/24 15:50] superwizardsoftware:powershell [2020/07/19 18:13] (current) – [Set-​Execution​Policy so Powershell is useable] superwizard
Line 1: Line 1:
 +====== Set-​Execution​Policy so Powershell is useable ======
 +
 +<WRAP center round box >
 +2020-07-19
 +
 +-ExecutionPolicy
 +Specifies the execution policy. If there are no Group Policies and each scope's execution policy is set to Undefined, then Restricted becomes the effective policy for all users.
 +The acceptable execution policy values are as follows:
 + • AllSigned. Requires that all scripts and configuration files are signed by a trusted publisher, including scripts written on the local computer.
 + • Bypass. Nothing is blocked and there are no warnings or prompts.
 + • Default. Sets the default execution policy. Restricted for Windows clients or RemoteSigned for Windows servers.
 + • RemoteSigned. Requires that all scripts and configuration files downloaded from the Internet are signed by a trusted publisher. The default execution policy for Windows server computers.
 + • Restricted. Doesn't load configuration files or run scripts. The default execution policy Windows client computers.
 + • Undefined. No execution policy is set for the scope. Removes an assigned execution policy from a scope that is not set by a Group Policy. If the execution policy in all scopes is Undefined, the effective execution policy is Restricted.
 + • Unrestricted. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.
 +
 +    Set-ExecutionPolicy -ExecutionPolicy ByPass
 +
 +
 +</WRAP>
 +From <https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Security/Set-ExecutionPolicy?view=powershell-5.1> 
 +
 +
 +
 +
 +
 +====== Set-​Execution​Policy and About Signing ======
 +
 +From: https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Security/Set-ExecutionPolicy?view=powershell-5.1
 +
 +From: https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/about_Signing?view=powershell-5.1
 +
 +<code>
 +The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy.
 +
 +The Restricted execution policy does not permit any scripts to run. The AllSigned and RemoteSigned 
 +execution policies prevent Windows PowerShell from running scripts that do not have a digital 
 +signature.+
 +This topic explains how to run selected scripts that are not signed, even while the execution 
 +policy is RemoteSigned, and how to sign scripts for your own use.
 +</code>
 +
 ====== Commands ====== ====== Commands ======
  
Line 4: Line 46:
  
     Get-ExecutionPolicy     Get-ExecutionPolicy
 +
 +http://technet.microsoft.com/en-us/library/ee176961.aspx
  
     Set-ExecutionPolicy RemoteSigned     Set-ExecutionPolicy RemoteSigned
 +
  
     & "C:\My Scripts\Test.ps1"     & "C:\My Scripts\Test.ps1"
Line 11: Line 56:
     Get-Service | Sort-Object Status | Format-Table     Get-Service | Sort-Object Status | Format-Table
          
 +====== Removing Security protected files from c:\ after infection of bProtector ======
 +
 +PowerShell Community Extensions (PSCX)
 +
 +http://pscx.codeplex.com/releases
 +
 +http://social.technet.microsoft.com/Forums/eu/winserverpowershell/thread/87679d43-04d5-4894-b35b-f37a6f5558cb
          
 +Solution:
 +(First: Thanks to AlfredHall & Sheng Jiang for starting me in the right direction in their discussion here)
 +0) Run PS as administrator if UAC is enabled.
 +1) Use PSCX to elevate your privileges
 +Import-Module "PSCX"
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
 +
 +2) Create a new, Owner-only ACL with only the Owner specified with the administrative group as the owner. 
 +    $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
 +    $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
 +3) Use SetAccessControl to set that Owner.
 +    (Get-Item "F:\testpath\locked").SetAccessControl($blankdirAcl)
 +4) Modify File Permissions, Auditing, Ownership using Get-Acl, Set-Acl as normal.
 +---------
 +By using the new Owner-only ACL object and SetAccessControl, Ownership has now changed to Administrators and you can use Get-Acl,Set-Acl as desired.
 + 
 +In honor of Diana - goddess of the hunt -
 +
 +    Import-Module -Name "C:\Users\Diana\Downloads\Pscx-2.1.1\PSCX" -verbose
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
 +    
 +    $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
 +    $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'Diana-PC\Diana')
 +    
 +    (Get-Item "c:\6dc5d7208340ab9995c48afe1508").SetAccessControl($blankdirAcl)
 +         
 +    takeown /F "c:\6dc5d7208340ab9995c48afe1508" /R /D Y
 +    
 +    $Acl = Get-Acl "C:\6dc5d7208340ab9995c48afe1508"
 +    $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
 +    $Acl.SetAccessRule($Ar)
 +    Set-Acl "C:\6dc5d7208340ab9995c48afe1508" $Acl
 +    
 +    $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows"
 +    $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
 +    $Acl.SetAccessRule($Ar)
 +    Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Acl
 +    
 +    $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\searchplugins"
 +    $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
 +    $Acl.SetAccessRule($Ar)
 +    Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Acl
 +    
 +    $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows\2.2.453.59"
 +    $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
 +    $Acl.SetAccessRule($Ar)
 +    Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows\2.2.453.59" $Acl
 +    
 +    rmdir "c:\6dc5d7208340ab9995c48afe1508"
 +    
 +Did it for one!
 +
 +    
 +    Import-Module -Name "C:\Users\Diana\Downloads\Pscx-2.1.1\PSCX" -verbose
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
 +    
 +    $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
 +    $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'Diana-PC\Diana')
 +    $excluded = @("hp","users","PerfLogs","Program Files","ProgramData","Qoobox","speedDIAL","System Volume Information","Windows","autoexec.bat","bootmgr","BOOTSECT.BAK","config.sys","hiberfil.sys","IO.SYS","MSDOS.SYS","pagefile.sys","TDSSKiller.2.8.16.0_23.02.2013_08.59.56_log.txt","TDSSKiller.2.8.16.0_23.02.2013_09.20.12_log.txt","updatedatfix.log","Windows Sidebar","Boot","ComboFix","Config.Msi","Documents and Settings","*.BIN")
 +    
 +    $LockedDirs = Get-ChildItem $Directorypath -force -name -exclude $excluded # get all of the locked directories.
 +    #$LockedDirs
 +    
 +    Foreach ($Locked in $LockedDirs) {
 +        $Locked
 +        $FileName = "c:\$Locked"
 +        $FileName
 +        
 +        (Get-Item $FileName).SetAccessControl($blankdirAcl)
 +        
 +        takeown /F $FileName /R /D Y
 +        
 +        $Acl = Get-Acl $FileName
 +        $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
 +        $Acl.SetAccessRule($Ar)
 +        Set-Acl $FileName $Acl
 +        
 +        $Acl = Get-Acl "$FileName\bProtectorForWindows"
 +        $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
 +        $Acl.SetAccessRule($Ar)
 +        Set-Acl "$FileName\bProtectorForWindows" $Acl
 +        
 +        $Acl = Get-Acl "$FileName\searchplugins"
 +        $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
 +        $Acl.SetAccessRule($Ar)
 +        Set-Acl "$FileName\bProtectorForWindows" $Acl
 +        
 +        $Acl = Get-Acl "$FileName\bProtectorForWindows\2.2.453.59"
 +        $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
 +        $Acl.SetAccessRule($Ar)
 +        Set-Acl "$FileName\bProtectorForWindows\2.2.453.59" $Acl
 +        
 +        rmdir $FileName
 +    }
 +    
 +Done!    
 +
 +
 +
software/powershell.1361721052.txt.gz · Last modified: 2013/02/24 15:50 by superwizard