[英]PowerShell: Remove all permissions from a file incl. APPLICATION PACKAGES
I want to remove all permissions from some Windows\System32-files, eg wuauclt.exe and wuaueng.dll.我想从一些 Windows\System32 文件中删除所有权限,例如 wuauclt.exe 和 wuaueng.dll。 Therefore I found that script:因此我找到了那个脚本:
takeown /F $file
$acl = get-acl $file
$acl.Access | % {$acl.purgeaccessrules($_.IdentityReference)}
Set-Acl -aclobject $acl -Path $file
This gives me ownership and removes all permission except those for ALL APPLICATION PACKAGES and ALL RESTRICTED APPLICATION PACKAGES.这给了我所有权并删除了除所有应用程序包和所有受限应用程序包之外的所有权限。 How am I able remove those as well per PowerShell script (not manually and without using a 3rd party tool)?我如何能够根据 PowerShell 脚本(不手动且不使用第 3 方工具)删除它们?
Thanks in advance!提前致谢!
These IdentityReference
are specific.这些IdentityReference
是特定的。 In fact it is an instance of [System.Security.Principal.NTAccount]
and translating them to a [System.Security.Principal.SecurityIdentifier]
output an error.实际上,它是[System.Security.Principal.NTAccount]
的一个实例,并将它们转换为[System.Security.Principal.SecurityIdentifier]
output 时出现错误。 But it is still possible to create them manually.但是仍然可以手动创建它们。 In SDDL format: SDDL 格式:
AC
or S-1-15-2-1
for ALL APPLICATION PACKAGES
ALL APPLICATION PACKAGES
程序包的AC
或S-1-15-2-1
S-1-15-2-2
for ALL RESTRICTED APPLICATION PACKAGES
S-1-15-2-2
适用于ALL RESTRICTED APPLICATION PACKAGES
受限应用程序包You can add the following code to remove them.您可以添加以下代码来删除它们。 But I'm not sure this is a good idea to remove these rights on System files.但我不确定这是删除系统文件的这些权限的好主意。
$acl.Access | % {
if ($_.IdentityReference.Value -imatch "APPLICATION PACKAGES") {
try {
$acl.PurgeAccessRules([System.Security.Principal.SecurityIdentifier]::new("S-1-15-2-2"))
$acl.PurgeAccessRules([System.Security.Principal.SecurityIdentifier]::new("AC"))
} catch { }
}
else {
$acl.purgeaccessrules($_.IdentityReference)
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.