Browse Source

Added bypass for UCPD driver restriction

master
Dmitry Nefedov 3 months ago
parent
commit
2284f5593d
  1. 1
      src/Sophia_Script_for_Windows_10/Localizations/de-DE/Sophia.psd1
  2. 1
      src/Sophia_Script_for_Windows_10/Localizations/en-US/Sophia.psd1
  3. 1
      src/Sophia_Script_for_Windows_10/Localizations/es-ES/Sophia.psd1
  4. 1
      src/Sophia_Script_for_Windows_10/Localizations/fr-FR/Sophia.psd1
  5. 1
      src/Sophia_Script_for_Windows_10/Localizations/hu-HU/Sophia.psd1
  6. 1
      src/Sophia_Script_for_Windows_10/Localizations/it-IT/Sophia.psd1
  7. 1
      src/Sophia_Script_for_Windows_10/Localizations/pl-PL/Sophia.psd1
  8. 1
      src/Sophia_Script_for_Windows_10/Localizations/pt-BR/Sophia.psd1
  9. 1
      src/Sophia_Script_for_Windows_10/Localizations/ru-RU/Sophia.psd1
  10. 1
      src/Sophia_Script_for_Windows_10/Localizations/tr-TR/Sophia.psd1
  11. 1
      src/Sophia_Script_for_Windows_10/Localizations/uk-UA/Sophia.psd1
  12. 1
      src/Sophia_Script_for_Windows_10/Localizations/zh-CN/Sophia.psd1
  13. 148
      src/Sophia_Script_for_Windows_10/Module/Sophia.psm1
  14. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/de-DE/Sophia.psd1
  15. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/en-US/Sophia.psd1
  16. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/es-ES/Sophia.psd1
  17. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/fr-FR/Sophia.psd1
  18. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/hu-HU/Sophia.psd1
  19. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/it-IT/Sophia.psd1
  20. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pl-PL/Sophia.psd1
  21. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pt-BR/Sophia.psd1
  22. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/ru-RU/Sophia.psd1
  23. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/tr-TR/Sophia.psd1
  24. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/uk-UA/Sophia.psd1
  25. 1
      src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/zh-CN/Sophia.psd1
  26. 84
      src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1
  27. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/de-DE/Sophia.psd1
  28. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/en-US/Sophia.psd1
  29. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/es-ES/Sophia.psd1
  30. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/fr-FR/Sophia.psd1
  31. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/hu-HU/Sophia.psd1
  32. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/it-IT/Sophia.psd1
  33. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pl-PL/Sophia.psd1
  34. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pt-BR/Sophia.psd1
  35. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/ru-RU/Sophia.psd1
  36. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/tr-TR/Sophia.psd1
  37. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/uk-UA/Sophia.psd1
  38. 1
      src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/zh-CN/Sophia.psd1
  39. 88
      src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1
  40. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/de-DE/Sophia.psd1
  41. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/en-US/Sophia.psd1
  42. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/es-ES/Sophia.psd1
  43. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/fr-FR/Sophia.psd1
  44. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/hu-HU/Sophia.psd1
  45. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/it-IT/Sophia.psd1
  46. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pl-PL/Sophia.psd1
  47. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pt-BR/Sophia.psd1
  48. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/ru-RU/Sophia.psd1
  49. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/tr-TR/Sophia.psd1
  50. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/uk-UA/Sophia.psd1
  51. 1
      src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/zh-CN/Sophia.psd1
  52. 140
      src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1
  53. 1
      src/Sophia_Script_for_Windows_11/Localizations/de-DE/Sophia.psd1
  54. 1
      src/Sophia_Script_for_Windows_11/Localizations/en-US/Sophia.psd1
  55. 1
      src/Sophia_Script_for_Windows_11/Localizations/es-ES/Sophia.psd1
  56. 1
      src/Sophia_Script_for_Windows_11/Localizations/fr-FR/Sophia.psd1
  57. 1
      src/Sophia_Script_for_Windows_11/Localizations/hu-HU/Sophia.psd1
  58. 1
      src/Sophia_Script_for_Windows_11/Localizations/it-IT/Sophia.psd1
  59. 1
      src/Sophia_Script_for_Windows_11/Localizations/pl-PL/Sophia.psd1
  60. 1
      src/Sophia_Script_for_Windows_11/Localizations/pt-BR/Sophia.psd1
  61. 1
      src/Sophia_Script_for_Windows_11/Localizations/ru-RU/Sophia.psd1
  62. 1
      src/Sophia_Script_for_Windows_11/Localizations/tr-TR/Sophia.psd1
  63. 1
      src/Sophia_Script_for_Windows_11/Localizations/uk-UA/Sophia.psd1
  64. 1
      src/Sophia_Script_for_Windows_11/Localizations/zh-CN/Sophia.psd1
  65. 197
      src/Sophia_Script_for_Windows_11/Module/Sophia.psm1
  66. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/de-DE/Sophia.psd1
  67. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/en-US/Sophia.psd1
  68. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/es-ES/Sophia.psd1
  69. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/fr-FR/Sophia.psd1
  70. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/hu-HU/Sophia.psd1
  71. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/it-IT/Sophia.psd1
  72. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pl-PL/Sophia.psd1
  73. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pt-BR/Sophia.psd1
  74. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/ru-RU/Sophia.psd1
  75. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/tr-TR/Sophia.psd1
  76. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/uk-UA/Sophia.psd1
  77. 1
      src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/zh-CN/Sophia.psd1
  78. 197
      src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1

1
src/Sophia_Script_for_Windows_10/Localizations/de-DE/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Fehler/Warnungen
DialogBoxOpening = Anzeigen des Dialogfensters...
Disable = Deaktivieren
Enable = Aktivieren
UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt.
AllFilesFilter = Alle Dateien
FolderSelect = Einen Ordner auswählen
FilesWontBeMoved = Dateien werden nicht verschoben.

1
src/Sophia_Script_for_Windows_10/Localizations/en-US/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Errors/Warnings
DialogBoxOpening = Displaying the dialog box...
Disable = Disable
Enable = Enable
UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release.
AllFilesFilter = All Files
FolderSelect = Select a folder
FilesWontBeMoved = Files will not be moved.

1
src/Sophia_Script_for_Windows_10/Localizations/es-ES/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Errores/Advertencias
DialogBoxOpening = Viendo el cuadro de diálogo...
Disable = Desactivar
Enable = Habilitar
UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765.
AllFilesFilter = Todos los Archivos
FolderSelect = Seleccione una carpeta
FilesWontBeMoved = Los archivos no se transferirán.

1
src/Sophia_Script_for_Windows_10/Localizations/fr-FR/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Erreurs/Avertissements
DialogBoxOpening = Afficher la boîte de dialogue...
Disable = Désactiver
Enable = Activer
UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765.
AllFilesFilter = Tous les Fichiers
FolderSelect = Sélectionner un dossier
FilesWontBeMoved = Les fichiers ne seront pas déplacés.

1
src/Sophia_Script_for_Windows_10/Localizations/hu-HU/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Hibák/Figyelmeztetések
DialogBoxOpening = Párbeszédablak megjelenítése...
Disable = Kikapcsolás
Enable = Engedélyezés
UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz.
AllFilesFilter = Minden fájl
FolderSelect = Válasszon ki egy könyvtárat
FilesWontBeMoved = A fájlok nem lesznek áthelyezve.

1
src/Sophia_Script_for_Windows_10/Localizations/it-IT/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Errori/avvisi
DialogBoxOpening = Visualizzazione della finestra di dialogo...
Disable = Disattivare
Enable = Abilitare
UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765.
AllFilesFilter = Tutti i file
FolderSelect = Selezionare una cartella
FilesWontBeMoved = I file non verranno trasferiti.

1
src/Sophia_Script_for_Windows_10/Localizations/pl-PL/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Błędy/Ostrzeżenia
DialogBoxOpening = Wyświetlanie okna dialogowego...
Disable = Wyłączyć
Enable = Włączać
UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765.
AllFilesFilter = Wszystkie pliki
FolderSelect = Wybierz folder
FilesWontBeMoved = Pliki nie zostaną przeniesione.

1
src/Sophia_Script_for_Windows_10/Localizations/pt-BR/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Erros/Avisos
DialogBoxOpening = Exibindo a caixa de diálogo...
Disable = Desativar
Enable = Habilitar
UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765.
AllFilesFilter = Todos os arquivos
FolderSelect = Escolha uma pasta
FilesWontBeMoved = Os arquivos não serão transferidos.

1
src/Sophia_Script_for_Windows_10/Localizations/ru-RU/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Ошибки/предупрежде
DialogBoxOpening = Диалоговое окно открывается...
Disable = Отключить
Enable = Включить
UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765.
AllFilesFilter = Все файлы
FolderSelect = Выберите папку
FilesWontBeMoved = Файлы не будут перенесены.

1
src/Sophia_Script_for_Windows_10/Localizations/tr-TR/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Hatalar/Uyarılar
DialogBoxOpening = İletişim kutusu görüntüleniyor...
Disable = Devre dışı bırak
Enable = Aktif et
UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir.
AllFilesFilter = Tüm Dosyalar
FolderSelect = Klasör seç
FilesWontBeMoved = Dosyalar taşınmayacak.

1
src/Sophia_Script_for_Windows_10/Localizations/uk-UA/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Помилки/попереджен
DialogBoxOpening = Діалогове вікно відкривається...
Disable = Вимкнути
Enable = Увімкнути
UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765.
AllFilesFilter = Усі файли
FolderSelect = Виберіть папку
FilesWontBeMoved = Файли не будуть перенесені.

1
src/Sophia_Script_for_Windows_10/Localizations/zh-CN/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = 错误/警告
DialogBoxOpening = 显示对话窗口.....
Disable = 禁用
Enable = 启用
UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问
AllFilesFilter = 所有文件
FolderSelect = 选择一个文件夹
FilesWontBeMoved = 文件将不会被移动

148
src/Sophia_Script_for_Windows_10/Module/Sophia.psm1

@ -63,7 +63,7 @@ function InitialActions
# Extract strings from %SystemRoot%\System32\shell32.dll using its number
# https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100")
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100")
# https://github.com/PowerShell/PowerShell/issues/21070
$Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll")
@ -3671,8 +3671,8 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou
Add-Type @Signature
}
# We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry
Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force
# We cannot set a value to EnShellFeedsTaskbarViewMode, having called any of APIs, except of copying powershell.exe (or any other tricks) with a different name, due to a UCPD driver tracks all executables to block the access to the registry
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
switch ($PSCmdlet.ParameterSetName)
{
@ -3690,10 +3690,7 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou
# Get value to save in EnShellFeedsTaskbarViewMode key
$DWordData = [System.BitConverter]::ToUInt32($bytesOut,0)
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token
# We cannot put --% inside the command below as it breaks parsing of $DWordData variable
$EscapeParser = "--%"
& "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds -Name EnShellFeedsTaskbarViewMode -PropertyType DWord -Value $DWordData -Force}
}
"Enable"
{
@ -3709,14 +3706,11 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou
# Get value to save in EnShellFeedsTaskbarViewMode key
$DWordData = [System.BitConverter]::ToUInt32($bytesOut,0)
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token
# We cannot put --% inside the command below as it breaks parsing of $DWordData variable
$EscapeParser = "--%"
& "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds -Name EnShellFeedsTaskbarViewMode -PropertyType DWord -Value $DWordData -Force}
}
}
Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force
Remove-Item -Path "$env:SystemRoot\System32\reg_temp.exe" -Force
}
<#
@ -8919,16 +8913,13 @@ function WindowsLatestUpdate
Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0"
.EXAMPLE
Set-Association -ProgramPath MSEdgeMHT -Extension .html
Set-Association -ProgramPath MSEdgeHTM -Extension .html
.LINK
https://github.com/DanysysTeam/PS-SFTA
https://github.com/default-username-was-already-taken/set-fileassoc
https://forum.ru-board.com/profile.cgi?action=show&member=westlife
.NOTES
Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release
.NOTES
Machine-wide
#>
@ -8959,18 +8950,9 @@ function Set-Association
$Icon
)
# Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release
if (@(".pdf", "http", "https") -contains $Extension)
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.UserChoiceWarning -Verbose
Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
# Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions
# UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
$ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath)
@ -9309,7 +9291,25 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
}
# Getting a hash based on the time of the section's last modification. After creating and setting the first parameter
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice"
@ -9318,7 +9318,15 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
if (@(".pdf", "http", "https") -contains $Extension)
{
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
# Setting a block on changing the UserChoice section
# Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey()
@ -9736,9 +9744,29 @@ public static long MakeLong(uint left, uint right)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force
}
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice"
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
}
# Setting additional parameters to comply with the requirements before configuring the extension
@ -9767,6 +9795,8 @@ public static void Refresh()
}
[WinAPI.Signature]::Refresh()
Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
}
<#
@ -10101,7 +10131,7 @@ function InstallVCRedist
return
}
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -10212,7 +10242,7 @@ function InstallDotNetRuntimes
{
NET6x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -10259,7 +10289,7 @@ function InstallDotNetRuntimes
}
NET8x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -11824,29 +11854,31 @@ function CortanaAutostart
$Enable
)
if (-not (Get-AppxPackage -Name Microsoft.549981C3F5F10))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
if (Get-AppxPackage -Name Microsoft.549981C3F5F10)
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force
}
"Enable"
{
if (Get-AppxPackage -Name Microsoft.549981C3F5F10)
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force
}
}
}
@ -12022,21 +12054,23 @@ function XboxGameTips
$Enable
)
if (-not ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or(Get-AppxPackage -Name Microsoft.GamingApp)))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp))
{
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force
}
"Enable"
{
if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp))
{
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force
}
}
}
@ -12154,14 +12188,14 @@ function GPUScheduling
$WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null)
if ($WddmVersion_Min -ge 2700)
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force
}
}
}
}
"Disable"
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force
}
}
}

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/de-DE/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Fehler/Warnungen
DialogBoxOpening = Anzeigen des Dialogfensters...
Disable = Deaktivieren
Enable = Aktivieren
UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt.
AllFilesFilter = Alle Dateien
FolderSelect = Einen Ordner auswählen
FilesWontBeMoved = Dateien werden nicht verschoben.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/en-US/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Errors/Warnings
DialogBoxOpening = Displaying the dialog box...
Disable = Disable
Enable = Enable
UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release.
AllFilesFilter = All Files
FolderSelect = Select a folder
FilesWontBeMoved = Files will not be moved.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/es-ES/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Errores/Advertencias
DialogBoxOpening = Viendo el cuadro de diálogo...
Disable = Desactivar
Enable = Habilitar
UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765.
AllFilesFilter = Todos los Archivos
FolderSelect = Seleccione una carpeta
FilesWontBeMoved = Los archivos no se transferirán.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/fr-FR/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Erreurs/Avertissements
DialogBoxOpening = Afficher la boîte de dialogue...
Disable = Désactiver
Enable = Activer
UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765.
AllFilesFilter = Tous les Fichiers
FolderSelect = Sélectionner un dossier
FilesWontBeMoved = Les fichiers ne seront pas déplacés.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/hu-HU/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Hibák/Figyelmeztetések
DialogBoxOpening = Párbeszédablak megjelenítése...
Disable = Kikapcsolás
Enable = Engedélyezés
UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz.
AllFilesFilter = Minden fájl
FolderSelect = Válasszon ki egy könyvtárat
FilesWontBeMoved = A fájlok nem lesznek áthelyezve.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/it-IT/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Errori/avvisi
DialogBoxOpening = Visualizzazione della finestra di dialogo...
Disable = Disattivare
Enable = Abilitare
UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765.
AllFilesFilter = Tutti i file
FolderSelect = Selezionare una cartella
FilesWontBeMoved = I file non verranno trasferiti.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pl-PL/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Błędy/Ostrzeżenia
DialogBoxOpening = Wyświetlanie okna dialogowego...
Disable = Wyłączyć
Enable = Włączać
UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765.
AllFilesFilter = Wszystkie pliki
FolderSelect = Wybierz folder
FilesWontBeMoved = Pliki nie zostaną przeniesione.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pt-BR/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Erros/Avisos
DialogBoxOpening = Exibindo a caixa de diálogo...
Disable = Desativar
Enable = Habilitar
UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765.
AllFilesFilter = Todos os arquivos
FolderSelect = Escolha uma pasta
FilesWontBeMoved = Os arquivos não serão transferidos.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/ru-RU/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Ошибки/предупрежде
DialogBoxOpening = Диалоговое окно открывается...
Disable = Отключить
Enable = Включить
UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765.
AllFilesFilter = Все файлы
FolderSelect = Выберите папку
FilesWontBeMoved = Файлы не будут перенесены.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/tr-TR/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = Hatalar/Uyarılar
DialogBoxOpening = İletişim kutusu görüntüleniyor...
Disable = Devre dışı bırak
Enable = Aktif et
UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir.
AllFilesFilter = Tüm Dosyalar
FolderSelect = Klasör seç
FilesWontBeMoved = Dosyalar taşınmayacak.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/uk-UA/Sophia.psd1

@ -46,7 +46,6 @@ ErrorsMessage = Помилки/попереджен
DialogBoxOpening = Діалогове вікно відкривається...
Disable = Вимкнути
Enable = Увімкнути
UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765.
AllFilesFilter = Усі файли
FolderSelect = Виберіть папку
FilesWontBeMoved = Файли не будуть перенесені.

1
src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/zh-CN/Sophia.psd1

@ -48,7 +48,6 @@ ErrorsMessage = 错误/警告
DialogBoxOpening = 显示对话窗口.....
Disable = 禁用
Enable = 启用
UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问
AllFilesFilter = 所有文件
FolderSelect = 选择一个文件夹
FilesWontBeMoved = 文件将不会被移动

84
src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1

@ -63,7 +63,7 @@ function InitialActions
# Extract strings from %SystemRoot%\System32\shell32.dll using its number
# https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100")
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100")
# https://github.com/PowerShell/PowerShell/issues/21070
$Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll")
@ -7156,16 +7156,13 @@ function ActiveHours
Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0"
.EXAMPLE
Set-Association -ProgramPath MSEdgeMHT -Extension .html
Set-Association -ProgramPath MSEdgeHTM -Extension .html
.LINK
https://github.com/DanysysTeam/PS-SFTA
https://github.com/default-username-was-already-taken/set-fileassoc
https://forum.ru-board.com/profile.cgi?action=show&member=westlife
.NOTES
Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release
.NOTES
Machine-wide
#>
@ -7196,18 +7193,9 @@ function Set-Association
$Icon
)
# Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release
if (@(".pdf", "http", "https") -contains $Extension)
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.UserChoiceWarning -Verbose
Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
# Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions
# UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
$ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath)
@ -7546,7 +7534,25 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
}
# Getting a hash based on the time of the section's last modification. After creating and setting the first parameter
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice"
@ -7555,7 +7561,15 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
if (@(".pdf", "http", "https") -contains $Extension)
{
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
# Setting a block on changing the UserChoice section
# Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey()
@ -7973,9 +7987,29 @@ public static long MakeLong(uint left, uint right)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force
}
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice"
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
}
# Setting additional parameters to comply with the requirements before configuring the extension
@ -8004,6 +8038,8 @@ public static void Refresh()
}
[WinAPI.Signature]::Refresh()
Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
}
<#
@ -8286,7 +8322,7 @@ function InstallVCRedist
return
}
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -8397,7 +8433,7 @@ function InstallDotNetRuntimes
{
NET6x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -8444,7 +8480,7 @@ function InstallDotNetRuntimes
}
NET8x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/de-DE/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Fehler/Warnungen
DialogBoxOpening = Anzeigen des Dialogfensters...
Disable = Deaktivieren
Enable = Aktivieren
UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt.
AllFilesFilter = Alle Dateien
FolderSelect = Einen Ordner auswählen
FilesWontBeMoved = Dateien werden nicht verschoben.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/en-US/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Errors/Warnings
DialogBoxOpening = Displaying the dialog box...
Disable = Disable
Enable = Enable
UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release.
AllFilesFilter = All Files
FolderSelect = Select a folder
FilesWontBeMoved = Files will not be moved.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/es-ES/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Errores/Advertencias
DialogBoxOpening = Viendo el cuadro de diálogo...
Disable = Desactivar
Enable = Habilitar
UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765.
AllFilesFilter = Todos los Archivos
FolderSelect = Seleccione una carpeta
FilesWontBeMoved = Los archivos no se transferirán.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/fr-FR/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Erreurs/Avertissements
DialogBoxOpening = Afficher la boîte de dialogue...
Disable = Désactiver
Enable = Activer
UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765.
AllFilesFilter = Tous les Fichiers
FolderSelect = Sélectionner un dossier
FilesWontBeMoved = Les fichiers ne seront pas déplacés.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/hu-HU/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Hibák/Figyelmeztetések
DialogBoxOpening = Párbeszédablak megjelenítése...
Disable = Kikapcsolás
Enable = Engedélyezés
UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz.
AllFilesFilter = Minden fájl
FolderSelect = Válasszon ki egy könyvtárat
FilesWontBeMoved = A fájlok nem lesznek áthelyezve.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/it-IT/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Errori/avvisi
DialogBoxOpening = Visualizzazione della finestra di dialogo...
Disable = Disattivare
Enable = Abilitare
UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765.
AllFilesFilter = Tutti i file
FolderSelect = Selezionare una cartella
FilesWontBeMoved = I file non verranno trasferiti.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pl-PL/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Błędy/Ostrzeżenia
DialogBoxOpening = Wyświetlanie okna dialogowego...
Disable = Wyłączyć
Enable = Włączać
UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765.
AllFilesFilter = Wszystkie pliki
FolderSelect = Wybierz folder
FilesWontBeMoved = Pliki nie zostaną przeniesione.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pt-BR/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Erros/Avisos
DialogBoxOpening = Exibindo a caixa de diálogo...
Disable = Desativar
Enable = Habilitar
UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765.
AllFilesFilter = Todos os arquivos
FolderSelect = Escolha uma pasta
FilesWontBeMoved = Os arquivos não serão transferidos.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/ru-RU/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Ошибки/предупрежде
DialogBoxOpening = Диалоговое окно открывается...
Disable = Отключить
Enable = Включить
UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765.
AllFilesFilter = Все файлы
FolderSelect = Выберите папку
FilesWontBeMoved = Файлы не будут перенесены.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/tr-TR/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Hatalar/Uyarılar
DialogBoxOpening = İletişim kutusu görüntüleniyor...
Disable = Devre dışı bırak
Enable = Aktif et
UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir.
AllFilesFilter = Tüm Dosyalar
FolderSelect = Klasör seç
FilesWontBeMoved = Dosyalar taşınmayacak.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/uk-UA/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = Помилки/попереджен
DialogBoxOpening = Діалогове вікно відкривається...
Disable = Вимкнути
Enable = Увімкнути
UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765.
AllFilesFilter = Усі файли
FolderSelect = Виберіть папку
FilesWontBeMoved = Файли не будуть перенесені.

1
src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/zh-CN/Sophia.psd1

@ -50,7 +50,6 @@ ErrorsMessage = 错误/警告
DialogBoxOpening = 显示对话窗口.....
Disable = 禁用
Enable = 启用
UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问
AllFilesFilter = 所有文件
FolderSelect = 选择一个文件夹
FilesWontBeMoved = 文件将不会被移动

88
src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1

@ -63,7 +63,7 @@ function InitialActions
# Extract strings from %SystemRoot%\System32\shell32.dll using its number
# https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100")
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100")
# https://github.com/PowerShell/PowerShell/issues/21070
$Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll")
@ -7787,16 +7787,13 @@ function ActiveHours
Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0"
.EXAMPLE
Set-Association -ProgramPath MSEdgeMHT -Extension .html
Set-Association -ProgramPath MSEdgeHTM -Extension .html
.LINK
https://github.com/DanysysTeam/PS-SFTA
https://github.com/default-username-was-already-taken/set-fileassoc
https://forum.ru-board.com/profile.cgi?action=show&member=westlife
.NOTES
Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release
.NOTES
Machine-wide
#>
@ -7827,18 +7824,9 @@ function Set-Association
$Icon
)
# Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release
if (@(".pdf", "http", "https") -contains $Extension)
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.UserChoiceWarning -Verbose
Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
# Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions
# UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
$ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath)
@ -8177,7 +8165,25 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
}
# Getting a hash based on the time of the section's last modification. After creating and setting the first parameter
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice"
@ -8186,7 +8192,15 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
if (@(".pdf", "http", "https") -contains $Extension)
{
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
# Setting a block on changing the UserChoice section
# Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey()
@ -8604,9 +8618,29 @@ public static long MakeLong(uint left, uint right)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force
}
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice"
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
}
# Setting additional parameters to comply with the requirements before configuring the extension
@ -8635,6 +8669,8 @@ public static void Refresh()
}
[WinAPI.Signature]::Refresh()
Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
}
<#
@ -8917,7 +8953,7 @@ function InstallVCRedist
return
}
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -9028,7 +9064,7 @@ function InstallDotNetRuntimes
{
NET6x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -9075,7 +9111,7 @@ function InstallDotNetRuntimes
}
NET8x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -10075,14 +10111,14 @@ function GPUScheduling
$WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null)
if ($WddmVersion_Min -ge 2700)
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force
}
}
}
}
"Disable"
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force
}
}
}

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/de-DE/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Fehler/Warnungen
DialogBoxOpening = Anzeigen des Dialogfensters...
Disable = Deaktivieren
Enable = Aktivieren
UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt.
AllFilesFilter = Alle Dateien
FolderSelect = Einen Ordner auswählen
FilesWontBeMoved = Dateien werden nicht verschoben.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/en-US/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Errors/Warnings
DialogBoxOpening = Displaying the dialog box...
Disable = Disable
Enable = Enable
UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release.
AllFilesFilter = All Files
FolderSelect = Select a folder
FilesWontBeMoved = Files will not be moved.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/es-ES/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Errores/Advertencias
DialogBoxOpening = Viendo el cuadro de diálogo...
Disable = Desactivar
Enable = Habilitar
UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765.
AllFilesFilter = Todos los Archivos
FolderSelect = Seleccione una carpeta
FilesWontBeMoved = Los archivos no se transferirán.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/fr-FR/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Erreurs/Avertissements
DialogBoxOpening = Afficher la boîte de dialogue...
Disable = Désactiver
Enable = Activer
UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765.
AllFilesFilter = Tous les Fichiers
FolderSelect = Sélectionner un dossier
FilesWontBeMoved = Les fichiers ne seront pas déplacés.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/hu-HU/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Hibák/Figyelmeztetések
DialogBoxOpening = Párbeszédablak megjelenítése...
Disable = Kikapcsolás
Enable = Engedélyezés
UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz.
AllFilesFilter = Minden fájl
FolderSelect = Válasszon ki egy könyvtárat
FilesWontBeMoved = A fájlok nem lesznek áthelyezve.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/it-IT/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Errori/avvisi
DialogBoxOpening = Visualizzazione della finestra di dialogo...
Disable = Disattivare
Enable = Abilitare
UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765.
AllFilesFilter = Tutti i file
FolderSelect = Selezionare una cartella
FilesWontBeMoved = I file non verranno trasferiti.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pl-PL/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Błędy/Ostrzeżenia
DialogBoxOpening = Wyświetlanie okna dialogowego...
Disable = Wyłączyć
Enable = Włączać
UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765.
AllFilesFilter = Wszystkie pliki
FolderSelect = Wybierz folder
FilesWontBeMoved = Pliki nie zostaną przeniesione.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pt-BR/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Erros/Avisos
DialogBoxOpening = Exibindo a caixa de diálogo...
Disable = Desativar
Enable = Habilitar
UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765.
AllFilesFilter = Todos os arquivos
FolderSelect = Escolha uma pasta
FilesWontBeMoved = Os arquivos não serão transferidos.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/ru-RU/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Ошибки/предупрежде
DialogBoxOpening = Диалоговое окно открывается...
Disable = Отключить
Enable = Включить
UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765.
AllFilesFilter = Все файлы
FolderSelect = Выберите папку
FilesWontBeMoved = Файлы не будут перенесены.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/tr-TR/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Hatalar/Uyarılar
DialogBoxOpening = İletişim kutusu görüntüleniyor...
Disable = Devre dışı bırak
Enable = Aktif et
UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir.
AllFilesFilter = Tüm Dosyalar
FolderSelect = Klasör seç
FilesWontBeMoved = Dosyalar taşınmayacak.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/uk-UA/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = Помилки/попереджен
DialogBoxOpening = Діалогове вікно відкривається...
Disable = Вимкнути
Enable = Увімкнути
UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765.
AllFilesFilter = Усі файли
FolderSelect = Виберіть папку
FilesWontBeMoved = Файли не будуть перенесені.

1
src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/zh-CN/Sophia.psd1

@ -57,7 +57,6 @@ ErrorsMessage = 错误/警告
DialogBoxOpening = 显示对话窗口.....
Disable = 禁用
Enable = 启用
UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问
AllFilesFilter = 所有文件
FolderSelect = 选择一个文件夹
FilesWontBeMoved = 文件将不会被移动

140
src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1

@ -62,7 +62,7 @@ function InitialActions
# Extract strings from %SystemRoot%\System32\shell32.dll using its number
# https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100")
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100")
# https://github.com/PowerShell/PowerShell/issues/21070
$Script:CompilerOptions = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll")
@ -3675,8 +3675,8 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou
Add-Type @Signature
}
# We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry
Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force
# We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to block the access to the registry
Copy-Item -Path "$env:SystemRoot\System32\reg.exe" -Destination "$env:SystemRoot\System32\reg_temp.exe" -Force
switch ($PSCmdlet.ParameterSetName)
{
@ -3697,7 +3697,7 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token
# We cannot put --% inside the command below as it breaks parsing of $DWordData variable
$EscapeParser = "--%"
& "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f
& "$env:SystemRoot\System32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f
}
"Enable"
{
@ -3716,11 +3716,11 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token
# We cannot put --% inside the command below as it breaks parsing of $DWordData variable
$EscapeParser = "--%"
& "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f
& "$env:SystemRoot\System32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f
}
}
Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force
Remove-Item -Path "$env:SystemRoot\System32\reg_temp.exe" -Force
}
<#
@ -8925,16 +8925,13 @@ function WindowsLatestUpdate
Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0"
.EXAMPLE
Set-Association -ProgramPath MSEdgeMHT -Extension .html
Set-Association -ProgramPath MSEdgeHTM -Extension .html
.LINK
https://github.com/DanysysTeam/PS-SFTA
https://github.com/default-username-was-already-taken/set-fileassoc
https://forum.ru-board.com/profile.cgi?action=show&member=westlife
.NOTES
Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release
.NOTES
Machine-wide
#>
@ -8965,18 +8962,9 @@ function Set-Association
$Icon
)
# Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release
if (@(".pdf", "http", "https") -contains $Extension)
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.UserChoiceWarning -Verbose
Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
# Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions
# UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
$ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath)
@ -9315,7 +9303,25 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
}
# Getting a hash based on the time of the section's last modification. After creating and setting the first parameter
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice"
@ -9324,7 +9330,15 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
if (@(".pdf", "http", "https") -contains $Extension)
{
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
# Setting a block on changing the UserChoice section
# Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey()
@ -9742,9 +9756,29 @@ public static long MakeLong(uint left, uint right)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force
}
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice"
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
}
# Setting additional parameters to comply with the requirements before configuring the extension
@ -10107,7 +10141,7 @@ function InstallVCRedist
return
}
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -10218,7 +10252,7 @@ function InstallDotNetRuntimes
{
NET6x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -10265,7 +10299,7 @@ function InstallDotNetRuntimes
}
NET8x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -11840,29 +11874,31 @@ function CortanaAutostart
$Enable
)
if (-not (Get-AppxPackage -Name Microsoft.549981C3F5F10))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
if (Get-AppxPackage -Name Microsoft.549981C3F5F10)
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force
}
"Enable"
{
if (Get-AppxPackage -Name Microsoft.549981C3F5F10)
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force
}
}
}
@ -12038,21 +12074,23 @@ function XboxGameTips
$Enable
)
if (-not ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or(Get-AppxPackage -Name Microsoft.GamingApp)))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp))
{
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force
}
"Enable"
{
if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp))
{
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force
}
}
}
@ -12170,14 +12208,14 @@ function GPUScheduling
$WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null)
if ($WddmVersion_Min -ge 2700)
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force
}
}
}
}
"Disable"
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force
}
}
}

1
src/Sophia_Script_for_Windows_11/Localizations/de-DE/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Fehler/Warnungen
DialogBoxOpening = Anzeigen des Dialogfensters...
Disable = Deaktivieren
Enable = Aktivieren
UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt.
AllFilesFilter = Alle Dateien
FolderSelect = Einen Ordner auswählen
FilesWontBeMoved = Dateien werden nicht verschoben.

1
src/Sophia_Script_for_Windows_11/Localizations/en-US/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Errors/Warnings
DialogBoxOpening = Displaying the dialog box...
Disable = Disable
Enable = Enable
UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release.
AllFilesFilter = All Files
FolderSelect = Select a folder
FilesWontBeMoved = Files will not be moved.

1
src/Sophia_Script_for_Windows_11/Localizations/es-ES/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Errores/Advertencias
DialogBoxOpening = Viendo el cuadro de diálogo...
Disable = Desactivar
Enable = Habilitar
UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765.
AllFilesFilter = Todos los Archivos
FolderSelect = Seleccione una carpeta
FilesWontBeMoved = Los archivos no se transferirán.

1
src/Sophia_Script_for_Windows_11/Localizations/fr-FR/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Erreurs/Avertissements
DialogBoxOpening = Afficher la boîte de dialogue...
Disable = Désactiver
Enable = Activer
UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765.
AllFilesFilter = Tous les Fichiers
FolderSelect = Sélectionner un dossier
FilesWontBeMoved = Les fichiers ne seront pas déplacés.

1
src/Sophia_Script_for_Windows_11/Localizations/hu-HU/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Hibák/Figyelmeztetések
DialogBoxOpening = Párbeszédablak megjelenítése...
Disable = Kikapcsolás
Enable = Engedélyezés
UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz.
AllFilesFilter = Minden fájl
FolderSelect = Válasszon ki egy könyvtárat
FilesWontBeMoved = A fájlok nem lesznek áthelyezve.

1
src/Sophia_Script_for_Windows_11/Localizations/it-IT/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Errori/avvisi
DialogBoxOpening = Visualizzazione della finestra di dialogo...
Disable = Disattivare
Enable = Abilitare
UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765.
AllFilesFilter = Tutti i file
FolderSelect = Selezionare una cartella
FilesWontBeMoved = I file non verranno trasferiti.

1
src/Sophia_Script_for_Windows_11/Localizations/pl-PL/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Błędy/Ostrzeżenia
DialogBoxOpening = Wyświetlanie okna dialogowego...
Disable = Wyłączyć
Enable = Włączać
UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765.
AllFilesFilter = Wszystkie pliki
FolderSelect = Wybierz folder
FilesWontBeMoved = Pliki nie zostaną przeniesione.

1
src/Sophia_Script_for_Windows_11/Localizations/pt-BR/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Erros/Avisos
DialogBoxOpening = Exibindo a caixa de diálogo...
Disable = Desativar
Enable = Habilitar
UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765.
AllFilesFilter = Todos os arquivos
FolderSelect = Escolha uma pasta
FilesWontBeMoved = Os arquivos não serão transferidos.

1
src/Sophia_Script_for_Windows_11/Localizations/ru-RU/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Ошибки/предупрежде
DialogBoxOpening = Диалоговое окно открывается...
Disable = Отключить
Enable = Включить
UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765.
AllFilesFilter = Все файлы
FolderSelect = Выберите папку
FilesWontBeMoved = Файлы не будут перенесены.

1
src/Sophia_Script_for_Windows_11/Localizations/tr-TR/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Hatalar/Uyarılar
DialogBoxOpening = İletişim kutusu görüntüleniyor...
Disable = Devre dışı bırak
Enable = Aktif et
UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir.
AllFilesFilter = Tüm Dosyalar
FolderSelect = Klasör seç
FilesWontBeMoved = Dosyalar taşınmayacak.

1
src/Sophia_Script_for_Windows_11/Localizations/uk-UA/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Помилки/попереджен
DialogBoxOpening = Діалогове вікно відкривається...
Disable = Вимкнути
Enable = Увімкнути
UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765.
AllFilesFilter = Усі файли
FolderSelect = Виберіть папку
FilesWontBeMoved = Файли не будуть перенесені.

1
src/Sophia_Script_for_Windows_11/Localizations/zh-CN/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = 错误/警告
DialogBoxOpening = 显示对话窗口.....
Disable = 禁用
Enable = 启用
UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问
AllFilesFilter = 所有文件
FolderSelect = 选择一个文件夹
FilesWontBeMoved = 文件将不会被移动

197
src/Sophia_Script_for_Windows_11/Module/Sophia.psm1

@ -62,7 +62,7 @@ function InitialActions
# Extract strings from %SystemRoot%\System32\shell32.dll using its number
# https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100")
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100")
# https://github.com/PowerShell/PowerShell/issues/21070
$Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll")
@ -3191,34 +3191,30 @@ function TaskbarWidgets
$Show
)
# We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry
Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force
if (-not (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
# We cannot set a value to TaskbarDa, having called any of APIs, except of copying powershell.exe (or any other tricks) with a different name, due to a UCPD driver tracks all executables to block the access to the registry
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
switch ($PSCmdlet.ParameterSetName)
{
"Hide"
{
if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience)
{
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token
# We cannot put --% inside the command below as it breaks parsing of $DWordData variable
$EscapeParser = "--%"
& "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0 /f
}
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 0 -Force}
}
"Show"
{
if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience)
{
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token
# We cannot put --% inside the command below as it breaks parsing of $DWordData variable
$EscapeParser = "--%"
& "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 1 /f
}
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 1 -Force}
}
}
Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force
Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
}
<#
@ -8507,16 +8503,13 @@ function NetworkDiscovery
Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0"
.EXAMPLE
Set-Association -ProgramPath MSEdgeMHT -Extension .html
Set-Association -ProgramPath MSEdgeHTM -Extension .html
.LINK
https://github.com/DanysysTeam/PS-SFTA
https://github.com/default-username-was-already-taken/set-fileassoc
https://forum.ru-board.com/profile.cgi?action=show&member=westlife
.NOTES
Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034765 release
.NOTES
Machine-wide
#>
@ -8547,18 +8540,9 @@ function Set-Association
$Icon
)
# Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034765 release
if (@(".pdf", "http", "https") -contains $Extension)
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.UserChoiceWarning -Verbose
Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
# Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions
# UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
$ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath)
@ -8897,7 +8881,25 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
}
# Getting a hash based on the time of the section's last modification. After creating and setting the first parameter
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice"
@ -8906,7 +8908,15 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
if (@(".pdf", "http", "https") -contains $Extension)
{
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
# Setting a block on changing the UserChoice section
# Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey()
@ -9324,9 +9334,29 @@ public static long MakeLong(uint left, uint right)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force
}
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice"
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
}
# Setting additional parameters to comply with the requirements before configuring the extension
@ -9355,6 +9385,8 @@ public static void Refresh()
}
[WinAPI.Signature]::Refresh()
Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
}
<#
@ -9679,8 +9711,8 @@ function DefaultTerminalApp
}
"ConsoleHost"
{
New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationConsole -PropertyType String -Value "{00000000-0000-0000-0000-000000000000}" -Force
New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationTerminal -PropertyType String -Value "{00000000-0000-0000-0000-000000000000}" -Force
New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationConsole -PropertyType String -Value "{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}" -Force
New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationTerminal -PropertyType String -Value "{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}" -Force
}
}
}
@ -9714,7 +9746,7 @@ function InstallVCRedist
return
}
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -9825,7 +9857,7 @@ function InstallDotNetRuntimes
{
NET6x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -9872,7 +9904,7 @@ function InstallDotNetRuntimes
}
NET8x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -10457,17 +10489,17 @@ function StartLayout
"Default"
{
# Default
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 0 -Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 0 -Force
}
"ShowMorePins"
{
# Show More Pins
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 1 -Force
}
"ShowMoreRecommendations"
{
# Show More Recommendations
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 2 -Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 2 -Force
}
}
}
@ -11007,29 +11039,31 @@ function CortanaAutostart
$Enable
)
if (-not (Get-AppxPackage -Name Microsoft.549981C3F5F10))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
if (Get-AppxPackage -Name Microsoft.549981C3F5F10)
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force
}
"Enable"
{
if (Get-AppxPackage -Name Microsoft.549981C3F5F10)
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force
}
}
}
@ -11072,18 +11106,23 @@ function TeamsAutostart
$Enable
)
if (Get-AppxPackage -Name MSTeams)
if (-not (Get-AppxPackage -Name MSTeams))
{
switch ($PSCmdlet.ParameterSetName)
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
"Disable"
{
New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 1 -Force
}
"Enable"
{
New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 2 -Force
}
New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 1 -Force
}
"Enable"
{
New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 2 -Force
}
}
}
@ -11184,21 +11223,23 @@ function XboxGameTips
$Enable
)
if (-not ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or(Get-AppxPackage -Name Microsoft.GamingApp)))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp))
{
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force
}
"Enable"
{
if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp))
{
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force
}
}
}
@ -11316,14 +11357,14 @@ function GPUScheduling
$WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null)
if ($WddmVersion_Min -ge 2700)
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force
}
}
}
}
"Disable"
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force
}
}
}

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/de-DE/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Fehler/Warnungen
DialogBoxOpening = Anzeigen des Dialogfensters...
Disable = Deaktivieren
Enable = Aktivieren
UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt.
AllFilesFilter = Alle Dateien
FolderSelect = Einen Ordner auswählen
FilesWontBeMoved = Dateien werden nicht verschoben.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/en-US/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Errors/Warnings
DialogBoxOpening = Displaying the dialog box...
Disable = Disable
Enable = Enable
UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release.
AllFilesFilter = All Files
FolderSelect = Select a folder
FilesWontBeMoved = Files will not be moved.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/es-ES/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Errores/Advertencias
DialogBoxOpening = Viendo el cuadro de diálogo...
Disable = Desactivar
Enable = Habilitar
UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765.
AllFilesFilter = Todos los Archivos
FolderSelect = Seleccione una carpeta
FilesWontBeMoved = Los archivos no se transferirán.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/fr-FR/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Erreurs/Avertissements
DialogBoxOpening = Afficher la boîte de dialogue...
Disable = Désactiver
Enable = Activer
UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765.
AllFilesFilter = Tous les Fichiers
FolderSelect = Sélectionner un dossier
FilesWontBeMoved = Les fichiers ne seront pas déplacés.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/hu-HU/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Hibák/Figyelmeztetések
DialogBoxOpening = Párbeszédablak megjelenítése...
Disable = Kikapcsolás
Enable = Engedélyezés
UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz.
AllFilesFilter = Minden fájl
FolderSelect = Válasszon ki egy könyvtárat
FilesWontBeMoved = A fájlok nem lesznek áthelyezve.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/it-IT/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Errori/avvisi
DialogBoxOpening = Visualizzazione della finestra di dialogo...
Disable = Disattivare
Enable = Abilitare
UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765.
AllFilesFilter = Tutti i file
FolderSelect = Selezionare una cartella
FilesWontBeMoved = I file non verranno trasferiti.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pl-PL/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Błędy/Ostrzeżenia
DialogBoxOpening = Wyświetlanie okna dialogowego...
Disable = Wyłączyć
Enable = Włączać
UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765.
AllFilesFilter = Wszystkie pliki
FolderSelect = Wybierz folder
FilesWontBeMoved = Pliki nie zostaną przeniesione.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pt-BR/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Erros/Avisos
DialogBoxOpening = Exibindo a caixa de diálogo...
Disable = Desativar
Enable = Habilitar
UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765.
AllFilesFilter = Todos os arquivos
FolderSelect = Escolha uma pasta
FilesWontBeMoved = Os arquivos não serão transferidos.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/ru-RU/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Ошибки/предупрежде
DialogBoxOpening = Диалоговое окно открывается...
Disable = Отключить
Enable = Включить
UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765.
AllFilesFilter = Все файлы
FolderSelect = Выберите папку
FilesWontBeMoved = Файлы не будут перенесены.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/tr-TR/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Hatalar/Uyarılar
DialogBoxOpening = İletişim kutusu görüntüleniyor...
Disable = Devre dışı bırak
Enable = Aktif et
UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir.
AllFilesFilter = Tüm Dosyalar
FolderSelect = Klasör seç
FilesWontBeMoved = Dosyalar taşınmayacak.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/uk-UA/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = Помилки/попереджен
DialogBoxOpening = Діалогове вікно відкривається...
Disable = Вимкнути
Enable = Увімкнути
UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765.
AllFilesFilter = Усі файли
FolderSelect = Виберіть папку
FilesWontBeMoved = Файли не будуть перенесені.

1
src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/zh-CN/Sophia.psd1

@ -56,7 +56,6 @@ ErrorsMessage = 错误/警告
DialogBoxOpening = 显示对话窗口.....
Disable = 禁用
Enable = 启用
UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问
AllFilesFilter = 所有文件
FolderSelect = 选择一个文件夹
FilesWontBeMoved = 文件将不会被移动

197
src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1

@ -61,7 +61,7 @@ function InitialActions
# Extract strings from %SystemRoot%\System32\shell32.dll using its number
# https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100")
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100")
# https://github.com/PowerShell/PowerShell/issues/21070
$Script:CompilerOptions = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll")
@ -3195,34 +3195,30 @@ function TaskbarWidgets
$Show
)
# We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry
Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force
if (-not (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
# We cannot set a value to TaskbarDa, having called any of APIs, except of copying powershell.exe (or any other tricks) with a different name, due to a UCPD driver tracks all executables to block the access to the registry
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
switch ($PSCmdlet.ParameterSetName)
{
"Hide"
{
if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience)
{
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token
# We cannot put --% inside the command below as it breaks parsing of $DWordData variable
$EscapeParser = "--%"
& "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0 /f
}
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 0 -Force}
}
"Show"
{
if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience)
{
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token
# We cannot put --% inside the command below as it breaks parsing of $DWordData variable
$EscapeParser = "--%"
& "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 1 /f
}
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 1 -Force}
}
}
Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force
Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
}
<#
@ -8513,16 +8509,13 @@ function NetworkDiscovery
Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0"
.EXAMPLE
Set-Association -ProgramPath MSEdgeMHT -Extension .html
Set-Association -ProgramPath MSEdgeHTM -Extension .html
.LINK
https://github.com/DanysysTeam/PS-SFTA
https://github.com/default-username-was-already-taken/set-fileassoc
https://forum.ru-board.com/profile.cgi?action=show&member=westlife
.NOTES
Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034765 release
.NOTES
Machine-wide
#>
@ -8553,18 +8546,9 @@ function Set-Association
$Icon
)
# Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034765 release
if (@(".pdf", "http", "https") -contains $Extension)
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.UserChoiceWarning -Verbose
Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
# Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions
# UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case
Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
$ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath)
@ -8903,7 +8887,25 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force
}
# Getting a hash based on the time of the section's last modification. After creating and setting the first parameter
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice"
@ -8912,7 +8914,15 @@ public static int UnloadHive(RegistryHives hive, string subKey)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
if (@(".pdf", "http", "https") -contains $Extension)
{
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
# Setting a block on changing the UserChoice section
# Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey()
@ -9330,9 +9340,29 @@ public static long MakeLong(uint left, uint right)
{
New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force
}
$ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice"
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
# We need to remove DENY permission set for user before setting a value
if (@(".pdf", "http", "https") -contains $Extension)
{
# https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
$Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$ACL = $key.GetAccessControl()
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights
$Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny")
$ACL.RemoveAccessRule($Rule)
$Key.SetAccessControl($ACL)
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}"
& "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}"
}
else
{
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force
}
}
# Setting additional parameters to comply with the requirements before configuring the extension
@ -9361,6 +9391,8 @@ public static void Refresh()
}
[WinAPI.Signature]::Refresh()
Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force
}
<#
@ -9685,8 +9717,8 @@ function DefaultTerminalApp
}
"ConsoleHost"
{
New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationConsole -PropertyType String -Value "{00000000-0000-0000-0000-000000000000}" -Force
New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationTerminal -PropertyType String -Value "{00000000-0000-0000-0000-000000000000}" -Force
New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationConsole -PropertyType String -Value "{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}" -Force
New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationTerminal -PropertyType String -Value "{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}" -Force
}
}
}
@ -9720,7 +9752,7 @@ function InstallVCRedist
return
}
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -9831,7 +9863,7 @@ function InstallDotNetRuntimes
{
NET6x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -9878,7 +9910,7 @@ function InstallDotNetRuntimes
}
NET8x64
{
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore)
if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller)
{
if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17")
{
@ -10463,17 +10495,17 @@ function StartLayout
"Default"
{
# Default
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 0 -Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 0 -Force
}
"ShowMorePins"
{
# Show More Pins
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 1 -Force
}
"ShowMoreRecommendations"
{
# Show More Recommendations
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 2 -Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 2 -Force
}
}
}
@ -11023,29 +11055,31 @@ function CortanaAutostart
$Enable
)
if (-not (Get-AppxPackage -Name Microsoft.549981C3F5F10))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
if (Get-AppxPackage -Name Microsoft.549981C3F5F10)
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force
}
"Enable"
{
if (Get-AppxPackage -Name Microsoft.549981C3F5F10)
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId"))
{
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force
New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force
}
New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force
}
}
}
@ -11088,18 +11122,23 @@ function TeamsAutostart
$Enable
)
if (Get-AppxPackage -Name MSTeams)
if (-not (Get-AppxPackage -Name MSTeams))
{
switch ($PSCmdlet.ParameterSetName)
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
"Disable"
{
New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 1 -Force
}
"Enable"
{
New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 2 -Force
}
New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 1 -Force
}
"Enable"
{
New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 2 -Force
}
}
}
@ -11200,21 +11239,23 @@ function XboxGameTips
$Enable
)
if (-not ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or(Get-AppxPackage -Name Microsoft.GamingApp)))
{
Write-Information -MessageData "" -InformationAction Continue
Write-Verbose -Message $Localization.Skipped -Verbose
return
}
switch ($PSCmdlet.ParameterSetName)
{
"Disable"
{
if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp))
{
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force
}
"Enable"
{
if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp))
{
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force
}
}
}
@ -11332,14 +11373,14 @@ function GPUScheduling
$WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null)
if ($WddmVersion_Min -ge 2700)
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force
}
}
}
}
"Disable"
{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force
}
}
}

Loading…
Cancel
Save