diff --git a/scripts/fix-privacy-settings.ps1 b/scripts/fix-privacy-settings.ps1 index 858b98c..2eea1b4 100644 --- a/scripts/fix-privacy-settings.ps1 +++ b/scripts/fix-privacy-settings.ps1 @@ -14,6 +14,51 @@ function regimport($reg) { rm $regfile } +function Enable-Privilege { + param($Privilege) + $Definition = @" + using System; + using System.Runtime.InteropServices; + public class AdjPriv { + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, + ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele); + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); + [DllImport("advapi32.dll", SetLastError = true)] + internal static extern bool LookupPrivilegeValue(string host, string name, + ref long pluid); + [StructLayout(LayoutKind.Sequential, Pack = 1)] + internal struct TokPriv1Luid { + public int Count; + public long Luid; + public int Attr; + } + internal const int SE_PRIVILEGE_ENABLED = 0x00000002; + internal const int TOKEN_QUERY = 0x00000008; + internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; + public static bool EnablePrivilege(long processHandle, string privilege) { + bool retVal; + TokPriv1Luid tp; + IntPtr hproc = new IntPtr(processHandle); + IntPtr htok = IntPtr.Zero; + retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, + ref htok); + tp.Count = 1; + tp.Luid = 0; + tp.Attr = SE_PRIVILEGE_ENABLED; + retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); + retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, + IntPtr.Zero); + return retVal; + } + } +"@ + $ProcessHandle = (Get-Process -id $pid).Handle + $type = Add-Type $definition -PassThru + $type[0]::EnablePrivilege($processHandle, $Privilege) +} + echo "Defuse Windows search settings" Set-WindowsSearchSetting -EnableWebResultsSetting $false @@ -274,6 +319,18 @@ regimport(@" "@) echo "Disable submission of Windows Defender findings" +do {} until (Enable-Privilege SeTakeOwnershipPrivilege) +$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows Defender\Spynet", "ReadWriteSubTree", "TakeOwnership") +$owner = [Security.Principal.NTAccount]"Administrators" +$acl = $key.GetAccessControl() +$acl.SetOwner($owner) +$key.SetAccessControl($acl) + +$acl = $key.GetAccessControl() +$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow") +$acl.SetAccessRule($rule) +$key.SetAccessControl($acl) + regimport(@" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet] "SpyNetReporting"=dword:00000000