[DISCUSSION] Windows 10 Final Build 19041>>>19045 (PC) [20H1>>>22H2 vb_release]

Microsoft still has not Announced what will take the place of 20H2 on the Beta_Channel.

 

You need to login to view this posts content.

 

I JUST WANT TO KNOW WHO'S THE MOTHERf**kING MS SHILL COMPUTER-ILLITERATE THAT REPORTED MY REG_OWN SNIPPET TO PASTEBIN TODAY. SHOW YOURSELF!

This paste has been deemed potentially harmful. Pastebin took the necessary steps to prevent access on October 29, 2020, 12:26 pm CDT. If you feel this is an incorrect assessment, please contact security@pastebin.com within 14 days to avoid any permanent loss of content.

This was an incorrect assessment!

The snippet uses nothing but built-in, documented powershell functions to legitimately automate registry permissions tasks.
It requires administrator rights!
And it makes no attempts to bypass any security features such as UAC. It simply asks for elevation, and does nothing if not received.
Curious how come it became harmless now after 2 years of up time.
My guess is a ms fanboy lacking any technical expertise whatsoever has reported the post thinking it is something else.

Talking about this:

Code:

@title reg_own snippet usage - 2020.10.30
:: AveYo: csc-less; support any hive; recursively add or delete rights and try to preserve owner; still 12 lines
:: Changelog: abort early if key not found, print cmdline for examples. thanks pastebin for restoring this gem
:: To those reporting it: this provides legitimate registry permission tasks to admins, similar to built-in regini
@echo off & color 07
echo Usage:
echo call :reg_own "key" all[""=key-only] user[""=Administrators] owner[""=Original] access[""=Allow] perm[""=FullControl]
echo;
echo Denying permissions works fine for a specific key, but when doing it recursively you need to be smart about it,
echo as you could get a "cart before the horses" situation, denying yourself making further permission changes to subkeys.
echo Never use FullControl with deny permissions recursively. WriteKey will deny "Read Control" so dont use that either.
echo Instead, deny write permissions explicitly: "SetValue,CreateSubkey,CreateLink,Delete,ChangePermissions,TakeOwnership"
echo Also advised not to set deny permissions for Everyone sid, but use instead non-global individual users or groups
echo;

:::: Define TI sid (TrustedInstaller)
for /f "tokens=3" %%a in ('sc.exe showsid TrustedInstaller') do set TI=%%a >nul
:::: Define USER sid before asking for elevation since it gets replaced for limited accounts
set _=call "%~f0" %* &if "%USER%"=="" for /f "tokens=2" %%u in ('whoami /user /fo list') do set USER=%%u
:::: Ask for elevation passing USER and any batch arguments - ps also enables debug priviledge unlike vbs
reg query HKU\S-1-5-19>nul 2>nul||(powershell -nop -c start cmd -args '/d/x/q/rset USER=%USER%^&',$env:_ -verb runas &exit)

:: lean xp+ color macros by AveYo:  %<%:af " hello "%>>%  &  %<%:cf " w\"or\"ld "%>%    for single \ / " use .%|%\  .%|%/  \"%|%\"
for /f "delims=:" %%\ in ('echo/prompt $h$s$h:^|cmd/d') do set "|=%%\" &set ">>=\..\c nul &set/p \=%%\%%\%%\%%\%%\%%\%%\<nul&popd"
set "<=pushd "%allusersprofile%"&2>nul findstr /c:\ /a" &set ">=%>>%&echo;" &set "|=%|:~0,1%" &set/p \=\<nul>"%allusersprofile%\c"

:: Setup a test key
reg delete HKCU\TEMP\REG_OWN /f >nul 2>nul & reg add HKCU\TEMP\REG_OWN\DEL\ME /f >nul 2>nul

set VO=verbose-output :: now silent by default, only lists rights if VO is defined; to undefine: set "VO="

%<%:af " Allow FullControl from Administrators "%>>% & %<%:f0 " default, just this key "%>%
echo call :reg_own "HKEY_CURRENT_USER\TEMP\REG_OWN"
call :reg_own "HKEY_CURRENT_USER\TEMP\REG_OWN"

%<%:2f " Allow FullControl from Everyone "%>>% & %<%:f0 " recursive, preserve inheritance "%>%
echo call :reg_own "HKEY_CURRENT_USER\TEMP\REG_OWN" preserve S-1-1-0
call :reg_own "HKEY_CURRENT_USER\TEMP\REG_OWN" preserve S-1-1-0

%<%:6f " Allow READ from Users "%>>% & %<%:f0 " recursive, disable inheritance "%>%
echo call :reg_own "HKCU\TEMP\REG_OWN" all S-1-5-32-545 "" Allow "ReadPermissions, ReadKey"
call :reg_own "HKCU\TEMP\REG_OWN" all S-1-5-32-545 "" Allow "ReadPermissions, ReadKey"

%<%:cf " Deny changes from %%USER%% and set owner to TrustedInstaller "%>>% & %<%:f0 " just this key "%>%
echo call :reg_own "HKCU\TEMP\REG_OWN" "" %%USER%% %%TI%% Deny "SetValue,CreateSubkey,CreateLink,Delete,ChangePermissions,TakeOwnership"
call :reg_own "HKCU\TEMP\REG_OWN" "" %USER% %TI% Deny "SetValue,CreateSubkey,CreateLink,Delete,ChangePermissions,TakeOwnership"

%<%:5f " Allow FullControl from %%USER%% and set owner to SYSTEM "%>>% & %<%:f0 " all subkeys "%>%
echo call :reg_own "HKCU\TEMP\REG_OWN" all %%USER%% S-1-5-18 Allow FullControl
call :reg_own "HKCU\TEMP\REG_OWN" all %USER% S-1-5-18 Allow FullControl

%<%:9f " Remove non-inherited rules from Everyone "%>>% & %<%:f0 " recursive, remove + hide output "%>%
echo set VO=^&call :reg_own "HKCU\TEMP\REG_OWN" none S-1-1-0
set VO=&call :reg_own "HKCU\TEMP\REG_OWN" none S-1-1-0

echo;
%<%:bf " Done! "%>%    &    %<%:00 ~%>%
cmd/d/k
exit

::::::::::::::::::::::::::::::::::::::::::::::::
:: Snippet to copy-paste in batch (cmd) scripts:
::::::::::::::::::::::::::::::::::::::::::::::::

:reg_own #key [optional] all user owner access permission  :        call :reg_own "HKCU\My" "" S-1-5-32-545 "" Allow FullControl
powershell -nop -c $A='%~1','%~2','%~3','%~4','%~5','%~6';iex(([io.file]::ReadAllText('%~f0')-split':Own1\:.*')[1])&exit/b:Own1:
$D1=[uri]."M`odule"."G`etType"('System.Diagnostics.Process')."G`etMethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))}
$path=$A[0]; $rk=$path-split'\\',2; $HK=gi -lit Registry::$($rk[0]) -fo; $s=$A[1]; $sps=[Security.Principal.SecurityIdentifier]
$u=($A[2],'S-1-5-32-544')[!$A[2]];$o=($A[3],$u)[!$A[3]];$w=$u,$o |% {new-object $sps($_)}; $old=!$A[3];$own=!$old; $y=$s-eq'all'
$rar=new-object Security.AccessControl.RegistryAccessRule( $w[0], ($A[5],'FullControl')[!$A[5]], 1, 0, ($A[4],'Allow')[!$A[4]] )
$x=$s-eq'none';function Own1($k){$t=$HK.OpenSubKey($k,2,'TakeOwnership');if($t){0,4|%{try{$o=$t.GetAccessControl($_)}catch{$old=0}
};if($old){$own=1;$w[1]=$o.GetOwner($sps)};$o.SetOwner($w[0]);$t.SetAccessControl($o); $c=$HK.OpenSubKey($k,2,'ChangePermissions')
$p=$c.GetAccessControl(2);if($y){$p.SetAccessRuleProtection(1,1)};$p.ResetAccessRule($rar);if($x){$p.RemoveAccessRuleAll($rar)}
$c.SetAccessControl($p);if($own){$o.SetOwner($w[1]);$t.SetAccessControl($o)};if($s){$subkeys=$HK.OpenSubKey($k).GetSubKeyNames()
foreach($n in $subkeys){Own1 "$k\$n"}}}};Own1 $rk[1];if($env:VO){get-acl Registry::$path|fl} #:Own1: lean & mean snippet by AveYo
::-_-::

####################################################################
# Snippet to copy-paste in ps1/hybrid scripts or powershell console:
# hybrid cmd+powershell code block example: pastebin.com/fZ361Yw2
# simpler to just copy it at the top of the script before calling it
####################################################################

function reg_own([string[]]$A){ #key [opt],all,usr,own,acc,perm  : reg_own "HKCU:\My","","S-1-5-32-545","","Allow","FullControl"
$D1=[uri]."M`odule"."G`etType"('System.Diagnostics.Process')."G`etMethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))}
$path=$A[0]; $rk=$path-split':\\',2; $HK=gi -lit Registry::$($rk[0]) -fo; $s=$A[1]; $sps=[Security.Principal.SecurityIdentifier]
$u=($A[2],'S-1-5-32-544')[!$A[2]];$o=($A[3],$u)[!$A[3]];$w=$u,$o |% {new-object $sps($_)}; $old=!$A[3];$own=!$old; $y=$s-eq'all'
$rar=new-object Security.AccessControl.RegistryAccessRule( $w[0], ($A[5],'FullControl')[!$A[5]], 1, 0, ($A[4],'Allow')[!$A[4]] )
$x=$s-eq'none';function Own1($k){$t=$HK.OpenSubKey($k,2,'TakeOwnership');if($t){0,4|%{try{$o=$t.GetAccessControl($_)}catch{$old=0}
};if($old){$own=1;$w[1]=$o.GetOwner($sps)};$o.SetOwner($w[0]);$t.SetAccessControl($o); $c=$HK.OpenSubKey($k,2,'ChangePermissions')
$p=$c.GetAccessControl(2);if($y){$p.SetAccessRuleProtection(1,1)};$p.ResetAccessRule($rar);if($x){$p.RemoveAccessRuleAll($rar)}
$c.SetAccessControl($p);if($own){$o.SetOwner($w[1]);$t.SetAccessControl($o)};if($s){$subkeys=$HK.OpenSubKey($k).GetSubKeyNames()
foreach($n in $subkeys){Own1 "$k\$n"}}}; Own1 $rk[1]; if($env:VO){get-acl Registry::$path|fl}} # lean & mean ps snippet by AveYo
#-_-#

edit: I don't usually get into drama, but when I do, eyes will roll, heads will fall
thank you pastebin for restoring the original snippet link so quick!

 

You need to login to view this posts content.

 

@BAU
pastebin is applying some filters to scan content and mark 'Potentially offensive'.
Same thing happned to this script (reuploaded script was deleted too)
Such thing didn't happen before. Time to look for alternatives.

 

I've noticed that after the last three CUs (572, 608, 610), I've been getting corruption errors (and repairs) from SFC. Any ideas as to why this may be happening?

 

me too even on a fresh install i am ready to go with windows 10 LTSC and scratch 2009 / 20H2 altogether

 

I think it's MS problem

 

You need to login to view this posts content.

 

19042.610 x64 pro from uup right after fresh install ran sfc scannow found corrupted files

 

think sfc bug is just like the past defrag bug ?

 

Someone else also said inplace upgrade problem will be fixed if you do /restorehealth ( or maybe he meant reset this pc after restorehealth on online image)

 

It is definitely Pastebin stupid filters and nothing else, it was flagged just after your posting it here is just a coincidence.

Take a look at, Take_Ownership_Advanced_Context_Menu, MediaCreationTool they are also flagged.

(edit - go through all of your post there, most of them are flagged)

Check, compressed2txt, it's gone. (I remember it was flagged too, wanted to send a PM to you about this)

--------------

But let's suppose someone is reporting it, that means Pastebin staff is being stupid to delete them. Also, a reason to leave pastebin.

 

I'm not sure @mdl052020 has a secret agenda. I certainly hope not. I also hope that people don't think I'm some kind of spy because I worked for MSFT as a contractor in the past. That would be stupid. There's too much good information on MDL for me to let myself get offended at other members. Besides, I've said some stupid things and deserve most of the negative feedback I've got. So I don't take it too personally. It's all good. I'll keep an eye out for anything that looks suspicious on other websites.

 

I was kidding about the guy, I'm sorry if I fed into your.. vigilism? There's no conspiracy, only joyful bitterness.
pastebin is an ass, just noticed myself after logout that even MediaCreationTool.bat gets flagged, after 20K+ downloads. no oversight.

Anyway, back to topic: 4 908 253 184 bytes for iso with install esd for 20H2 x64 consumer editions?!
Now, that's bloated.

 

The image cleanup breaks the SFC with recent CU's

 

and LTSC all good SFC / Scannow is perfect nothing corrupted