What about the single elevate line s1ave77 got me using lately: Code: powershell -command Start-Process '%0' -Verb runAs -ArgumentList '%* ' can you work with that?
ok ran the PS script and got this message "File D:\Unzip1\Tracking 1.08\Tracking Wiz.ps1 cannot be loaded because the execution of scripts is disabled on this system." don't know anything about PS. is there a way to enable just for this script? btw, running on Win7 just to see what it does. gotta try a VM over the weekend.
In Powershell prompt: Code: Set-ExecutionPolicy RemoteSigned or from cmd (after navigating to directory with cd) Code: powershell -executionpolicy bypass -File "Tracking Wiz.ps1"
We still need Mr Jinjes 'PS Fu' to get rid or that: Code: Set-Service : Service 'dmwappushsvc (dmwappushsvc)' cannot be configured due to the following error: Access is denied At C:\Users\s1ave77\Desktop\###.TELEMETRY.###\MrJinjes.telemetry.ps1:79 char:1 + Set-Service dmwappushsvc -startupType disabled + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (System.ServiceProcess.ServiceController:ServiceController) [Set-Servi ce], ServiceCommandException + FullyQualifiedErrorId : CouldNotSetService,Microsoft.PowerShell.Commands.SetServiceCommand While the first command is processed the second fails: Code: Set-Service DiagTrack -startupType disabled Set-Service dmwappushsvc -startupType disabled
Looks like they've give that service system privileges. Gimme a sec while I pull out regedit in a Windows 10 VM
nice rewrite. see you solved the ::localhost problem. not a criticism, on my computer i'm going to edit to use numbers for menu choices. then i can rename to what ever i want ( i.e. (D)nable can be renamed Enable with no conflict). just a matter of astetics for me. i'm weird that way.
OK after much digging. There is not clean way to do this. The DMWAPPUSHSVC is being run from the SVCHOST.exe in SYSTEM32 as a dll. This means the process is being executed as a system service. While being access from the network via netsvcs. I just tried to edit the required privileges without making a dent in it.
I then tried the following: Set the privileges in the registry so I can do it. Set the permissions on svchost.exe Set the permissions on dmwappushsvc.exe Tried to do net stop... Tried to Log off while the service was disabled to restart the services. Can't stop it because its a remote network service. I think we found the logger .... I have no idea what they did but we're gonna have to use the registry edit then restart the explorer to make it all work.
Doing it my way, I get these privileges enabled vs as Administrator -- notice the SeImpersonatePrivilege, all admin's have this right. It's the reason we can "Impersonate a client after authentication"
Very cool. Any idea how they steal the permissions from trustedinstaller with that runastokens thing?
I'm on board with the gaining superuser over Windows because this is ridiculous. What will the impersonation app be limited in doing or will it be unlimited in terms of restoring justice? In making the administrators account be able to do just as much as the Trusted-installer?
I dont know whether this is relevant to your research but I've nuked both the services using Helge Klein's SetACL studio (free 30 day trial). No ill effects till now.