software:powershell
This is an old revision of the document!
Commands
http://technet.microsoft.com/en-us/library/ee176949.aspx
Get-ExecutionPolicy
Set-ExecutionPolicy RemoteSigned
& "C:\My Scripts\Test.ps1" Get-Service | Sort-Object Status | Format-Table
Removing Security protected files from c:\ after infection of bProtector
Solution: (First: Thanks to AlfredHall & Sheng Jiang for starting me in the right direction in their discussion here) 0) Run PS as administrator if UAC is enabled. 1) Use PSCX to elevate your privileges Import-Module “PSCX”
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
2) Create a new, Owner-only ACL with only the Owner specified with the administrative group as the owner.
$blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
3) Use SetAccessControl to set that Owner.
(Get-Item "F:\testpath\locked").SetAccessControl($blankdirAcl)
4) Modify File Permissions, Auditing, Ownership using Get-Acl, Set-Acl as normal.
By using the new Owner-only ACL object and SetAccessControl, Ownership has now changed to Administrators and you can use Get-Acl,Set-Acl as desired.
software/powershell.1361742350.txt.gz · Last modified: 2013/02/24 21:45 by superwizard