This is an old revision of the document!
Table of Contents
Set-ExecutionPolicy and About Signing
The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy. The Restricted execution policy does not permit any scripts to run. The AllSigned and RemoteSigned execution policies prevent Windows PowerShell from running scripts that do not have a digital signature.+ This topic explains how to run selected scripts that are not signed, even while the execution policy is RemoteSigned, and how to sign scripts for your own use.
Commands
http://technet.microsoft.com/en-us/library/ee176949.aspx
Get-ExecutionPolicy
http://technet.microsoft.com/en-us/library/ee176961.aspx
Set-ExecutionPolicy RemoteSigned
& "C:\My Scripts\Test.ps1" Get-Service | Sort-Object Status | Format-Table
Removing Security protected files from c:\ after infection of bProtector
PowerShell Community Extensions (PSCX)
http://pscx.codeplex.com/releases
Solution: (First: Thanks to AlfredHall & Sheng Jiang for starting me in the right direction in their discussion here) 0) Run PS as administrator if UAC is enabled. 1) Use PSCX to elevate your privileges Import-Module “PSCX”
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
2) Create a new, Owner-only ACL with only the Owner specified with the administrative group as the owner.
$blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
3) Use SetAccessControl to set that Owner.
(Get-Item "F:\testpath\locked").SetAccessControl($blankdirAcl)
4) Modify File Permissions, Auditing, Ownership using Get-Acl, Set-Acl as normal.
By using the new Owner-only ACL object and SetAccessControl, Ownership has now changed to Administrators and you can use Get-Acl,Set-Acl as desired.
In honor of Diana - goddess of the hunt -
Import-Module -Name "C:\Users\Diana\Downloads\Pscx-2.1.1\PSCX" -verbose Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'Diana-PC\Diana') (Get-Item "c:\6dc5d7208340ab9995c48afe1508").SetAccessControl($blankdirAcl) takeown /F "c:\6dc5d7208340ab9995c48afe1508" /R /D Y $Acl = Get-Acl "C:\6dc5d7208340ab9995c48afe1508" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "C:\6dc5d7208340ab9995c48afe1508" $Acl $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Acl $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\searchplugins" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows" $Acl $Acl = Get-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows\2.2.453.59" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "c:\6dc5d7208340ab9995c48afe1508\bProtectorForWindows\2.2.453.59" $Acl rmdir "c:\6dc5d7208340ab9995c48afe1508"
Did it for one!
Import-Module -Name "C:\Users\Diana\Downloads\Pscx-2.1.1\PSCX" -verbose Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'Diana-PC\Diana') $excluded = @("hp","users","PerfLogs","Program Files","ProgramData","Qoobox","speedDIAL","System Volume Information","Windows","autoexec.bat","bootmgr","BOOTSECT.BAK","config.sys","hiberfil.sys","IO.SYS","MSDOS.SYS","pagefile.sys","TDSSKiller.2.8.16.0_23.02.2013_08.59.56_log.txt","TDSSKiller.2.8.16.0_23.02.2013_09.20.12_log.txt","updatedatfix.log","Windows Sidebar","Boot","ComboFix","Config.Msi","Documents and Settings","*.BIN") $LockedDirs = Get-ChildItem $Directorypath -force -name -exclude $excluded # get all of the locked directories. #$LockedDirs Foreach ($Locked in $LockedDirs) { $Locked $FileName = "c:\$Locked" $FileName (Get-Item $FileName).SetAccessControl($blankdirAcl) takeown /F $FileName /R /D Y $Acl = Get-Acl $FileName $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl $FileName $Acl $Acl = Get-Acl "$FileName\bProtectorForWindows" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "$FileName\bProtectorForWindows" $Acl $Acl = Get-Acl "$FileName\searchplugins" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "$FileName\bProtectorForWindows" $Acl $Acl = Get-Acl "$FileName\bProtectorForWindows\2.2.453.59" $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("Diana-PC\Diana","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl "$FileName\bProtectorForWindows\2.2.453.59" $Acl rmdir $FileName }
Done!