This is an old revision of the document!
Commands
http://technet.microsoft.com/en-us/library/ee176949.aspx
Get-ExecutionPolicy
Set-ExecutionPolicy RemoteSigned
& "C:\My Scripts\Test.ps1" Get-Service | Sort-Object Status | Format-Table
Removing Security protected files from c:\ after infection of bProtector
Solution: (First: Thanks to AlfredHall & Sheng Jiang for starting me in the right direction in their discussion here) 0) Run PS as administrator if UAC is enabled. 1) Use PSCX to elevate your privileges Import-Module “PSCX”
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
2) Create a new, Owner-only ACL with only the Owner specified with the administrative group as the owner.
$blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
3) Use SetAccessControl to set that Owner.
(Get-Item "F:\testpath\locked").SetAccessControl($blankdirAcl)
4) Modify File Permissions, Auditing, Ownership using Get-Acl, Set-Acl as normal.
By using the new Owner-only ACL object and SetAccessControl, Ownership has now changed to Administrators and you can use Get-Acl,Set-Acl as desired.
In honor of Diana - goddess of the hunt -
Import-Module -Name "C:\Users\Diana\Downloads\Pscx-2.1.1\PSCX" -verbose
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
$blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
$blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'Diana-PC\Diana')
(Get-Item "c:\6dc5d7208340ab9995c48afe1508").SetAccessControl($blankdirAcl)
takeown /F "c:\6dc5d7208340ab9995c48afe1508" /R /D Y
$Acl = Get-Acl "C:\6dc5d7208340ab9995c48afe1508"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "C:\6dc5d7208340ab9995c48afe1508" $Acl
$Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Acl
$Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\searchplugins"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Acl
$Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows\2.2.453.59"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows\2.2.453.59" $Acl
rmdir "c:\6dc5d7208340ab9995c48afe1508"
Done!