Changing NTFS Permissions on a USB Flash Drive |Access Denied|

Discussion in 'Windows 7' started by Mr.X, Nov 25, 2021.

  1. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #1 Mr.X, Nov 25, 2021
    Last edited: Nov 25, 2021
  2. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #2 Mr.X, Nov 25, 2021 (OP)
    No one? Really?
    Anything?
     
  3. coleoptere2007

    coleoptere2007 MDL Guru

    Apr 8, 2008
    3,302
    1,939
    120
    #3 coleoptere2007, Nov 25, 2021
  4. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #4 Mr.X, Nov 25, 2021 (OP)
    @coleoptere2007
    Tried. Right click on the blank UFD...
    Code:
    ERROR: File or Directory not found.
Press any key to continue . . .
    error.png
     
  5. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #5 Mr.X, Nov 26, 2021 (OP)
    @coleoptere2007

    Tried on an Example Folder and seemingly it worked out.
    Code:
    SUCCESS: The file (or folder): "D:\Desktop\Example" now owned by user "LAPPY\MrX".
Successfully processed 1 files; Failed processing 0 files
Press any key to continue . . .
    Also it created a new ntfs user: OWNER RIGHTS
    However it does not seem to have any permissions Allowed or Denied...

    EXAMPLE FOLDER.png
     
  6. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #6 Mr.X, Nov 26, 2021 (OP)
  7. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #7 Mr.X, Nov 26, 2021
    Last edited: Nov 26, 2021
    (OP)
  8. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,836
    5,737
    60
    #8 AveYo, Nov 26, 2021
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Deleted member 190847

    Deleted member 190847 Guest

    #9 Deleted member 190847, Nov 26, 2021
    If you use Windows PE + NSudo + Total Commander, you could forget about permissions, files in use, etc.
    Another option is Linux + NTFS-3G with the same effect.

    But the simplest option is just to take ownership recursively, and then change permissions (also recursively).
     
  10. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #10 Mr.X, Nov 26, 2021 (OP)
    Geez, sadly no one said whether my issue is normal or not. If not what could be the cause.
     
  11. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #11 Mr.X, Nov 28, 2021
    Last edited: Nov 28, 2021
    (OP)
    BAU does it work on an up to date Windows 7?
    OK I mean I can actually merge the reg file into the registry, no problem at all, and the context menu entries show properly. Also, clicking on any of them nothing seems to happen, nothing at all.
    Code:
    Windows Registry Editor Version 5.00

; Take_Ownership_Advanced_Context_Menu.reg by AveYo v2018-07-19
; =================================================================================================================================
; GAIN ACCESS: Inherit from parent: YES, Owner = current user, Owner Rights = Modify
; GAIN EXCLUSIVE ACCESS: Inherit from parent: NO, Owner = current user, Owner Rights = FullControl
; USERS GAIN EXCLUSIVE ACCESS FOR NEW FILES: Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl
; CLEAR GAINED ACCESS: Inherit from parent: YES, Owner = Inherited or Administrators, Authenticated Users = Inherited or Modify
; =================================================================================================================================
; Single context menu entry added for files, folders (except C:\Windows etc.) and drives (except C:) with the 4 choices above
; Properly gain access for limited accounts. SYSTEM and TrustedInstaller safeguard. Restore Inheritance recursively if possible.
; ~25% faster than conventional takeown + icacls (mechanical drive, folder with 4000 subfolders, 36000 files, 8GiB as test)

[-HKEY_CLASSES_ROOT\*\shell\runas]
[-HKEY_CLASSES_ROOT\Directory\shell\runas]
[-HKEY_CLASSES_ROOT\*\shell\322takeown]
[-HKEY_CLASSES_ROOT\Directory\shell\322takeown]
[-HKEY_CLASSES_ROOT\Drive\shell\322takeown]
[-HKEY_CLASSES_ROOT\*\shell\322clearown]
[-HKEY_CLASSES_ROOT\Directory\shell\322clearown]
[-HKEY_CLASSES_ROOT\Drive\shell\322clearown]
[-HKEY_CLASSES_ROOT\*\shell\322freeown]
[-HKEY_CLASSES_ROOT\Directory\shell\322freeown]
[-HKEY_CLASSES_ROOT\Drive\shell\322freeown]
; Cleanup older versions and concurrent scripts

[-HKEY_CLASSES_ROOT\*\shell\TakeOwnership]
[-HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership]
[-HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership]
; To remove context-menu entries, copy paste into a new .reg everything above

; Main context-menu entries and idiotproof filters
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership]
"MuiVerb"="Take Ownership"
"SubCommands"=""
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership]
"MuiVerb"="Take Ownership"
"SubCommands"=""
"HasLUAShield"=""
"AppliesTo"="NOT (System.ItemPathDisplay:=\"C:\\Users\" OR System.ItemPathDisplay:=\"C:\\ProgramData\" OR System.ItemPathDisplay:=\"C:\\Program Files\" OR System.ItemPathDisplay:=\"C:\\Program Files (x86)\" OR System.ItemPathDisplay:=\"C:\\Windows\")"
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership]
"MuiVerb"="Take Ownership"
"SubCommands"=""
"HasLUAShield"=""
"AppliesTo"="NOT (System.ItemPathDisplay:=\"C:\\\")"

;==================================================================================================================================
; GAIN RIGHTS: Inherit from parent: YES, Owner = current user, Owner Rights = Modify
;==================================================================================================================================
; All file types
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\01addme]
"MuiVerb"="Gain access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\01addme\command]
@="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
; Folders
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\01addme]
"MuiVerb"="Gain access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\01addme\command]
@="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''ContainerInherit,ObjectInherit'',''None'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs \""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $c=[System.Security.Principal.SecurityIdentifier]''S-1-3-4''; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $r=New-Object System.Security.AccessControl.FileSystemAccessRule($c,''Modify'',''ContainerInherit,ObjectInherit'',''None'',''Allow''); $acl.AddAccessRule($r); Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs \""
; Partitions
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\01addme]
"MuiVerb"="Gain access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\01addme\command]
@="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadAndExecute, CreateFiles, CreateDirectories'', ''FullControl'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadAndExecute, CreateFiles, CreateDirectories'', ''FullControl'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""

;==================================================================================================================================
; GAIN EXCLUSIVE RIGHTS: Inherit from parent: NO, Owner = current user, Owner Rights = FullControl
;==================================================================================================================================
; All file types
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\02justme]
"MuiVerb"="Gain exclusive access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\02justme\command]
@="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
; Folders
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\02justme]
"MuiVerb"="Gain exclusive access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\02justme\command]
@="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
; Partitions
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\02justme]
"MuiVerb"="Gain exclusive access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\02justme\command]
@="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"$myself=[System.Security.Principal.NTAccount]'''+$env:username+''';write-host '+$env:username+''' exclusively owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''FullControl'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($myself); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""

;==================================================================================================================================
; USERS GAIN EXCLUSIVE RIGHTS FOR NEW FILES: Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl
;==================================================================================================================================
; All file types
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\03users]
"MuiVerb"="Users gain exclusive access for new files"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\03users\command]
@="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
; Folders
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\03users]
"MuiVerb"="Users gain exclusive access for new files"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\03users\command]
@="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
; Partitions
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\03users]
"MuiVerb"="Users gain exclusive access for new files"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\03users\command]
@="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Users owning [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-3-4'', ''S-1-5-11'', ''S-1-5-18'', ''S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''ReadPermissions'', ''FullControl'', ''FullControl'', ''ReadPermissions'', ''ReadPermissions''; $u=0,0,0,0,0,0; $r=0,0,0,0,0,0; For($i=0;$i -le 5;$i++){ $u[$i]= [System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[1]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""

;==================================================================================================================================
; CLEAR GAINED RIGHTS: Inherit from parent: YES, Owner = Default / Administrators, Authenticated Users = Default / Modify
;==================================================================================================================================
; All file types
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\04clear]
"MuiVerb"="Clear gained access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\*\shell\TakeOwnership\shell\04clear\command]
@="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
; Folders
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\04clear]
"MuiVerb"="Clear gained access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\TakeOwnership\shell\04clear\command]
@="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList ('-c \\\"write-host ''Clear ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $acl=Get-Acl $dst; $acl.SetAccessRuleProtection($false,$true); foreach($ace in $acl.access){try{ $acl.RemoveAccessRuleAll($ace) }catch{}}; Set-Acl -Path $dst -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"') -verb RunAs\""
; Partitions
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\04clear]
"MuiVerb"="Clear gained access"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Drive\shell\TakeOwnership\shell\04clear\command]
@="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Clear Ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-5-11'', ''S-1-5-18'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0; $r=0,0,0,0; For($i=0;$i -le 3;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[2]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
"IsolatedCommand"="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"write-host ''Clear Ownership [%1] please wait..''; $dll0=''[DllImport(\\\\\\\"ntdll.dll\\\\\\\")]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);''; $ntdll=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)}; $dst=''%1''; $s=''S-1-5-11'', ''S-1-5-18'', ''S-1-5-32-544'', ''S-1-5-32-545''; $p=''Modify'', ''FullControl'', ''FullControl'', ''ReadAndExecute''; $u=0,0,0,0; $r=0,0,0,0; For($i=0;$i -le 3;$i++){ $u[$i]=[System.Security.Principal.SecurityIdentifier]$s[$i]; $r[$i]=New-Object System.Security.AccessControl.FileSystemAccessRule($u[$i], $p[$i],''ContainerInherit,ObjectInherit'',''None'',''Allow'')}; $acl=New-Object System.Security.AccessControl.DirectorySecurity; $acl.SetOwner($u[2]); $acl.SetAccessRuleProtection($true,$false); foreach($rule in $r){$acl.AddAccessRule($rule)}; Set-Acl -Path $dst -AclObject $acl; foreach($ace in $acl.access){try{$acl.RemoveAccessRuleAll($ace)}catch{}}; $acl.SetAccessRuleProtection($false,$true); Get-ChildItem $dst -Recurse -Force -Attributes !ReparsePoint|Where FullName -notmatch ''[$]RECYCLE[.]BIN|System Volume Information''|Set-Acl -AclObject $acl; get-acl $dst|fl; timeout /t -1\\\"' -verb RunAs\""
;
     
  12. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,836
    5,737
    60
    #12 AveYo, Nov 28, 2021
    I usually make scripts that work starting with powershell 2.0 / windows 7, but this one was focused on 10 only and I did not get to test it in 7, my bad.
    Will provide an update soon.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,554
    15,642
    270
    #13 Mr.X, Nov 28, 2021 (OP)
    Wonderful, thanks a lot. If you could add support for Windows 8.1 by the way that would be awesome.