Marcus Hall

User Tools

Site Tools

Trace:
software:powershell

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:powershell [2013/02/24 21:50] superwizardsoftware:powershell [2020/07/19 18:13] (current) – [Set-​Execution​Policy so Powershell is useable] superwizard
Line 1: Line 1:
 +====== Set-​Execution​Policy so Powershell is useable ======
 +
 +<WRAP center round box >
 +2020-07-19
 +
 +-ExecutionPolicy
 +Specifies the execution policy. If there are no Group Policies and each scope's execution policy is set to Undefined, then Restricted becomes the effective policy for all users.
 +The acceptable execution policy values are as follows:
 + • AllSigned. Requires that all scripts and configuration files are signed by a trusted publisher, including scripts written on the local computer.
 + • Bypass. Nothing is blocked and there are no warnings or prompts.
 + • Default. Sets the default execution policy. Restricted for Windows clients or RemoteSigned for Windows servers.
 + • RemoteSigned. Requires that all scripts and configuration files downloaded from the Internet are signed by a trusted publisher. The default execution policy for Windows server computers.
 + • Restricted. Doesn't load configuration files or run scripts. The default execution policy Windows client computers.
 + • Undefined. No execution policy is set for the scope. Removes an assigned execution policy from a scope that is not set by a Group Policy. If the execution policy in all scopes is Undefined, the effective execution policy is Restricted.
 + • Unrestricted. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.
 +
 +    Set-ExecutionPolicy -ExecutionPolicy ByPass
 +
 +
 +</WRAP>
 +From <https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Security/Set-ExecutionPolicy?view=powershell-5.1> 
 +
 +
 +
 +
 +
 +====== Set-​Execution​Policy and About Signing ======
 +
 +From: https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Security/Set-ExecutionPolicy?view=powershell-5.1
 +
 +From: https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/about_Signing?view=powershell-5.1
 +
 +<code>
 +The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy.
 +
 +The Restricted execution policy does not permit any scripts to run. The AllSigned and RemoteSigned 
 +execution policies prevent Windows PowerShell from running scripts that do not have a digital 
 +signature.+
 +This topic explains how to run selected scripts that are not signed, even while the execution 
 +policy is RemoteSigned, and how to sign scripts for your own use.
 +</code>
 +
 ====== Commands ====== ====== Commands ======
  
Line 4: Line 46:
  
     Get-ExecutionPolicy     Get-ExecutionPolicy
 +
 +http://technet.microsoft.com/en-us/library/ee176961.aspx
  
     Set-ExecutionPolicy RemoteSigned     Set-ExecutionPolicy RemoteSigned
 +
  
     & "C:\My Scripts\Test.ps1"     & "C:\My Scripts\Test.ps1"
Line 12: Line 57:
          
 ====== Removing Security protected files from c:\ after infection of bProtector ====== ====== Removing Security protected files from c:\ after infection of bProtector ======
 +
 +PowerShell Community Extensions (PSCX)
 +
 +http://pscx.codeplex.com/releases
  
 http://social.technet.microsoft.com/Forums/eu/winserverpowershell/thread/87679d43-04d5-4894-b35b-f37a6f5558cb http://social.technet.microsoft.com/Forums/eu/winserverpowershell/thread/87679d43-04d5-4894-b35b-f37a6f5558cb
Line 44: Line 93:
          
     (Get-Item "c:\6dc5d7208340ab9995c48afe1508").SetAccessControl($blankdirAcl)     (Get-Item "c:\6dc5d7208340ab9995c48afe1508").SetAccessControl($blankdirAcl)
 +         
 +    takeown /F "c:\6dc5d7208340ab9995c48afe1508" /R /D Y
          
-    takeown /F "c:\6dc5d7208340ab9995c48afe1508" /R /D Y 
- 
     $Acl = Get-Acl "C:\6dc5d7208340ab9995c48afe1508"     $Acl = Get-Acl "C:\6dc5d7208340ab9995c48afe1508"
     $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")     $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
Line 69: Line 118:
     rmdir "c:\6dc5d7208340ab9995c48afe1508"     rmdir "c:\6dc5d7208340ab9995c48afe1508"
          
-Done!+Did it for one! 
 + 
 +     
 +    Import-Module -Name "C:\Users\Diana\Downloads\Pscx-2.1.1\PSCX" -verbose 
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions 
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking 
 +    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership 
 +     
 +    $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity 
 +    $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'Diana-PC\Diana'
 +    $excluded = @("hp","users","PerfLogs","Program Files","ProgramData","Qoobox","speedDIAL","System Volume Information","Windows","autoexec.bat","bootmgr","BOOTSECT.BAK","config.sys","hiberfil.sys","IO.SYS","MSDOS.SYS","pagefile.sys","TDSSKiller.2.8.16.0_23.02.2013_08.59.56_log.txt","TDSSKiller.2.8.16.0_23.02.2013_09.20.12_log.txt","updatedatfix.log","Windows Sidebar","Boot","ComboFix","Config.Msi","Documents and Settings","*.BIN"
 +     
 +    $LockedDirs = Get-ChildItem $Directorypath -force -name -exclude $excluded # get all of the locked directories. 
 +    #$LockedDirs 
 +     
 +    Foreach ($Locked in $LockedDirs) { 
 +        $Locked 
 +        $FileName = "c:\$Locked" 
 +        $FileName 
 +         
 +        (Get-Item $FileName).SetAccessControl($blankdirAcl) 
 +         
 +        takeown /F $FileName /R /D Y 
 +         
 +        $Acl = Get-Acl $FileName 
 +        $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow"
 +        $Acl.SetAccessRule($Ar) 
 +        Set-Acl $FileName $Acl 
 +         
 +        $Acl = Get-Acl "$FileName\bProtectorForWindows" 
 +        $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow"
 +        $Acl.SetAccessRule($Ar) 
 +        Set-Acl "$FileName\bProtectorForWindows" $Acl 
 +         
 +        $Acl = Get-Acl "$FileName\searchplugins" 
 +        $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow"
 +        $Acl.SetAccessRule($Ar) 
 +        Set-Acl "$FileName\bProtectorForWindows" $Acl 
 +         
 +        $Acl = Get-Acl "$FileName\bProtectorForWindows\2.2.453.59" 
 +        $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow"
 +        $Acl.SetAccessRule($Ar) 
 +        Set-Acl "$FileName\bProtectorForWindows\2.2.453.59" $Acl 
 +         
 +        rmdir $FileName 
 +    } 
 +     
 +Done!     
 + 
 + 
software/powershell.1361742636.txt.gz · Last modified: 2013/02/24 21:50 by superwizard