diff --git a/lib/reg-helper.psm1 b/lib/reg-helper.psm1 index 2a91ff0..7802320 100644 --- a/lib/reg-helper.psm1 +++ b/lib/reg-helper.psm1 @@ -1,28 +1,75 @@ -function Import-Registry($reg) { - # add reg file hander - $reg = "Windows Registry Editor Version 5.00`r`n`r`n" + $reg - - # store, import and remove reg file - $regfile = "$env:windir\Temp\registry.reg" - $reg | Out-File $regfile - Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait - rm $regfile -} - -function Takeown-Registry($key) { - # TODO works only for LocalMachine for now - $key = $key.substring(19) - - # set owner - $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows Defender\Spynet", "ReadWriteSubTree", "TakeOwnership") - $owner = [Security.Principal.NTAccount]"Administrators" - $acl = $key.GetAccessControl() - $acl.SetOwner($owner) - $key.SetAccessControl($acl) - - # set FullControl - $acl = $key.GetAccessControl() - $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow") - $acl.SetAccessRule($rule) - $key.SetAccessControl($acl) -} \ No newline at end of file +function Import-Registry($reg) { + # add reg file hander + $reg = "Windows Registry Editor Version 5.00`r`n`r`n" + $reg + + # store, import and remove reg file + $regfile = "$env:windir\Temp\registry.reg" + $reg | Out-File $regfile + Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait + rm $regfile +} + +function Takeown-Registry($key) { + # TODO works only for LocalMachine for now + $key = $key.substring(19) + + # set owner + $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows Defender\Spynet", "ReadWriteSubTree", "TakeOwnership") + $owner = [Security.Principal.NTAccount]"Administrators" + $acl = $key.GetAccessControl() + $acl.SetOwner($owner) + $key.SetAccessControl($acl) + + # set FullControl + $acl = $key.GetAccessControl() + $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow") + $acl.SetAccessRule($rule) + $key.SetAccessControl($acl) +} + +function Elevate-Privileges { + param($Privilege) + $Definition = @" + using System; + using System.Runtime.InteropServices; + + public class AdjPriv { + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele); + + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); + + [DllImport("advapi32.dll", SetLastError = true)] + internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); + + [StructLayout(LayoutKind.Sequential, Pack = 1)] + internal struct TokPriv1Luid { + public int Count; + public long Luid; + public int Attr; + } + + internal const int SE_PRIVILEGE_ENABLED = 0x00000002; + internal const int TOKEN_QUERY = 0x00000008; + internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; + + public static bool EnablePrivilege(long processHandle, string privilege) { + bool retVal; + TokPriv1Luid tp; + IntPtr hproc = new IntPtr(processHandle); + IntPtr htok = IntPtr.Zero; + retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); + tp.Count = 1; + tp.Luid = 0; + tp.Attr = SE_PRIVILEGE_ENABLED; + retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); + retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); + return retVal; + } + } +"@ + $ProcessHandle = (Get-Process -id $pid).Handle + $type = Add-Type $definition -PassThru + $type[0]::EnablePrivilege($processHandle, $Privilege) +} diff --git a/scripts/disable-defender.ps1 b/scripts/disable-defender.ps1 index 82394f4..bfcb2bd 100644 --- a/scripts/disable-defender.ps1 +++ b/scripts/disable-defender.ps1 @@ -1,7 +1,7 @@ # Description: # This script will disable Windows Defender via Group Policies. -Import-Module $PSScriptRoot\..\lib\reg-helper.psm1 +Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1 echo "Disabling Windows Defender" Import-Registry(@" diff --git a/scripts/disable-telemetry.ps1 b/scripts/disable-telemetry.ps1 index 59742f1..d102441 100644 --- a/scripts/disable-telemetry.ps1 +++ b/scripts/disable-telemetry.ps1 @@ -2,7 +2,7 @@ # This script redirects telemetry related domains to your nowhere using the # hosts file. Additionally telemetry is disallows via Group Policies. -Import-Module $PSScriptRoot\..\lib\reg-helper.psm1 +Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1 echo "Adding telemetry routes to hosts file" $hosts = @" diff --git a/scripts/fix-privacy-settings.ps1 b/scripts/fix-privacy-settings.ps1 index 1832bc0..35efd1d 100644 --- a/scripts/fix-privacy-settings.ps1 +++ b/scripts/fix-privacy-settings.ps1 @@ -2,58 +2,10 @@ # This script will try to fix many of the privacy settings for the user. This # is work in progress! -Import-Module $PSScriptRoot\..\lib\reg-helper.psm1 - -function Enable-Privilege { - param($Privilege) - $Definition = @" - using System; - using System.Runtime.InteropServices; - - public class AdjPriv { - [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] - internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele); - - [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] - internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); - - [DllImport("advapi32.dll", SetLastError = true)] - internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); - - [StructLayout(LayoutKind.Sequential, Pack = 1)] - internal struct TokPriv1Luid { - public int Count; - public long Luid; - public int Attr; - } - - internal const int SE_PRIVILEGE_ENABLED = 0x00000002; - internal const int TOKEN_QUERY = 0x00000008; - internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; - - public static bool EnablePrivilege(long processHandle, string privilege) { - bool retVal; - TokPriv1Luid tp; - IntPtr hproc = new IntPtr(processHandle); - IntPtr htok = IntPtr.Zero; - retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); - tp.Count = 1; - tp.Luid = 0; - tp.Attr = SE_PRIVILEGE_ENABLED; - retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); - retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); - return retVal; - } - } -"@ - $ProcessHandle = (Get-Process -id $pid).Handle - $type = Add-Type $definition -PassThru - $type[0]::EnablePrivilege($processHandle, $Privilege) -} - +Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1 echo "Elevating priviledges for this process" -do {} until (Enable-Privilege SeTakeOwnershipPrivilege) +do {} until (Elevate-Privileges SeTakeOwnershipPrivilege) echo "Defuse Windows search settings" Set-WindowsSearchSetting -EnableWebResultsSetting $false @@ -313,7 +265,7 @@ Import-Registry(@" "SensorPermissionState"=dword:00000000 "@) -echo "Disable submission of Windows Defender findings" +echo "Disable submission of Windows Defender findings (w/ elevated privileges)" Takeown-Registry("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet") Import-Registry(@" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet] diff --git a/scripts/optimize-windows-update.ps1 b/scripts/optimize-windows-update.ps1 index 6850cf6..9e1bd2d 100644 --- a/scripts/optimize-windows-update.ps1 +++ b/scripts/optimize-windows-update.ps1 @@ -2,7 +2,7 @@ # This script optimizes Windows updates by disabling automatic download and # seeding updates to other computers. -Import-Module $PSScriptRoot\..\lib\reg-helper.psm1 +Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1 echo "Disable automatic download and installation of Windows updates" Import-Registry(@" diff --git a/scripts/remove-onedrive.ps1 b/scripts/remove-onedrive.ps1 index 7fb6237..855f904 100644 --- a/scripts/remove-onedrive.ps1 +++ b/scripts/remove-onedrive.ps1 @@ -1,7 +1,7 @@ # Description: # This script will remove and disable OneDrive integration. -Import-Module $PSScriptRoot\..\lib\reg-helper.psm1 +Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1 echo "Kill OneDrive process" taskkill.exe /F /IM "OneDrive.exe"