From 2284f5593d2a83e66526f13d150f081de71a0eaa Mon Sep 17 00:00:00 2001 From: Dmitry Nefedov Date: Thu, 3 Oct 2024 01:02:11 +0300 Subject: [PATCH] Added bypass for UCPD driver restriction --- .../Localizations/de-DE/Sophia.psd1 | 1 - .../Localizations/en-US/Sophia.psd1 | 1 - .../Localizations/es-ES/Sophia.psd1 | 1 - .../Localizations/fr-FR/Sophia.psd1 | 1 - .../Localizations/hu-HU/Sophia.psd1 | 1 - .../Localizations/it-IT/Sophia.psd1 | 1 - .../Localizations/pl-PL/Sophia.psd1 | 1 - .../Localizations/pt-BR/Sophia.psd1 | 1 - .../Localizations/ru-RU/Sophia.psd1 | 1 - .../Localizations/tr-TR/Sophia.psd1 | 1 - .../Localizations/uk-UA/Sophia.psd1 | 1 - .../Localizations/zh-CN/Sophia.psd1 | 1 - .../Module/Sophia.psm1 | 148 ++++++++----- .../Localizations/de-DE/Sophia.psd1 | 1 - .../Localizations/en-US/Sophia.psd1 | 1 - .../Localizations/es-ES/Sophia.psd1 | 1 - .../Localizations/fr-FR/Sophia.psd1 | 1 - .../Localizations/hu-HU/Sophia.psd1 | 1 - .../Localizations/it-IT/Sophia.psd1 | 1 - .../Localizations/pl-PL/Sophia.psd1 | 1 - .../Localizations/pt-BR/Sophia.psd1 | 1 - .../Localizations/ru-RU/Sophia.psd1 | 1 - .../Localizations/tr-TR/Sophia.psd1 | 1 - .../Localizations/uk-UA/Sophia.psd1 | 1 - .../Localizations/zh-CN/Sophia.psd1 | 1 - .../Module/Sophia.psm1 | 84 +++++--- .../Localizations/de-DE/Sophia.psd1 | 1 - .../Localizations/en-US/Sophia.psd1 | 1 - .../Localizations/es-ES/Sophia.psd1 | 1 - .../Localizations/fr-FR/Sophia.psd1 | 1 - .../Localizations/hu-HU/Sophia.psd1 | 1 - .../Localizations/it-IT/Sophia.psd1 | 1 - .../Localizations/pl-PL/Sophia.psd1 | 1 - .../Localizations/pt-BR/Sophia.psd1 | 1 - .../Localizations/ru-RU/Sophia.psd1 | 1 - .../Localizations/tr-TR/Sophia.psd1 | 1 - .../Localizations/uk-UA/Sophia.psd1 | 1 - .../Localizations/zh-CN/Sophia.psd1 | 1 - .../Module/Sophia.psm1 | 88 +++++--- .../Localizations/de-DE/Sophia.psd1 | 1 - .../Localizations/en-US/Sophia.psd1 | 1 - .../Localizations/es-ES/Sophia.psd1 | 1 - .../Localizations/fr-FR/Sophia.psd1 | 1 - .../Localizations/hu-HU/Sophia.psd1 | 1 - .../Localizations/it-IT/Sophia.psd1 | 1 - .../Localizations/pl-PL/Sophia.psd1 | 1 - .../Localizations/pt-BR/Sophia.psd1 | 1 - .../Localizations/ru-RU/Sophia.psd1 | 1 - .../Localizations/tr-TR/Sophia.psd1 | 1 - .../Localizations/uk-UA/Sophia.psd1 | 1 - .../Localizations/zh-CN/Sophia.psd1 | 1 - .../Module/Sophia.psm1 | 140 ++++++++----- .../Localizations/de-DE/Sophia.psd1 | 1 - .../Localizations/en-US/Sophia.psd1 | 1 - .../Localizations/es-ES/Sophia.psd1 | 1 - .../Localizations/fr-FR/Sophia.psd1 | 1 - .../Localizations/hu-HU/Sophia.psd1 | 1 - .../Localizations/it-IT/Sophia.psd1 | 1 - .../Localizations/pl-PL/Sophia.psd1 | 1 - .../Localizations/pt-BR/Sophia.psd1 | 1 - .../Localizations/ru-RU/Sophia.psd1 | 1 - .../Localizations/tr-TR/Sophia.psd1 | 1 - .../Localizations/uk-UA/Sophia.psd1 | 1 - .../Localizations/zh-CN/Sophia.psd1 | 1 - .../Module/Sophia.psm1 | 197 +++++++++++------- .../Localizations/de-DE/Sophia.psd1 | 1 - .../Localizations/en-US/Sophia.psd1 | 1 - .../Localizations/es-ES/Sophia.psd1 | 1 - .../Localizations/fr-FR/Sophia.psd1 | 1 - .../Localizations/hu-HU/Sophia.psd1 | 1 - .../Localizations/it-IT/Sophia.psd1 | 1 - .../Localizations/pl-PL/Sophia.psd1 | 1 - .../Localizations/pt-BR/Sophia.psd1 | 1 - .../Localizations/ru-RU/Sophia.psd1 | 1 - .../Localizations/tr-TR/Sophia.psd1 | 1 - .../Localizations/uk-UA/Sophia.psd1 | 1 - .../Localizations/zh-CN/Sophia.psd1 | 1 - .../Module/Sophia.psm1 | 197 +++++++++++------- 78 files changed, 540 insertions(+), 386 deletions(-) diff --git a/src/Sophia_Script_for_Windows_10/Localizations/de-DE/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/de-DE/Sophia.psd1 index 56376412..52c12353 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/de-DE/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/de-DE/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Fehler/Warnungen DialogBoxOpening = Anzeigen des Dialogfensters... Disable = Deaktivieren Enable = Aktivieren -UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt. AllFilesFilter = Alle Dateien FolderSelect = Einen Ordner auswählen FilesWontBeMoved = Dateien werden nicht verschoben. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/en-US/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/en-US/Sophia.psd1 index d22f1225..07ecd635 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/en-US/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/en-US/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Errors/Warnings DialogBoxOpening = Displaying the dialog box... Disable = Disable Enable = Enable -UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release. AllFilesFilter = All Files FolderSelect = Select a folder FilesWontBeMoved = Files will not be moved. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/es-ES/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/es-ES/Sophia.psd1 index 52401c8c..5465afae 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/es-ES/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/es-ES/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Errores/Advertencias DialogBoxOpening = Viendo el cuadro de diálogo... Disable = Desactivar Enable = Habilitar -UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765. AllFilesFilter = Todos los Archivos FolderSelect = Seleccione una carpeta FilesWontBeMoved = Los archivos no se transferirán. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/fr-FR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/fr-FR/Sophia.psd1 index c220e211..3dbb5973 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/fr-FR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/fr-FR/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Erreurs/Avertissements DialogBoxOpening = Afficher la boîte de dialogue... Disable = Désactiver Enable = Activer -UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765. AllFilesFilter = Tous les Fichiers FolderSelect = Sélectionner un dossier FilesWontBeMoved = Les fichiers ne seront pas déplacés. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/hu-HU/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/hu-HU/Sophia.psd1 index ce38b96b..4f18f28a 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/hu-HU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/hu-HU/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Hibák/Figyelmeztetések DialogBoxOpening = Párbeszédablak megjelenítése... Disable = Kikapcsolás Enable = Engedélyezés -UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz. AllFilesFilter = Minden fájl FolderSelect = Válasszon ki egy könyvtárat FilesWontBeMoved = A fájlok nem lesznek áthelyezve. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/it-IT/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/it-IT/Sophia.psd1 index 56442b10..ba556a1b 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/it-IT/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/it-IT/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Errori/avvisi DialogBoxOpening = Visualizzazione della finestra di dialogo... Disable = Disattivare Enable = Abilitare -UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765. AllFilesFilter = Tutti i file FolderSelect = Selezionare una cartella FilesWontBeMoved = I file non verranno trasferiti. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/pl-PL/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/pl-PL/Sophia.psd1 index b62889a0..ccb63236 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/pl-PL/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/pl-PL/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Błędy/Ostrzeżenia DialogBoxOpening = Wyświetlanie okna dialogowego... Disable = Wyłączyć Enable = Włączać -UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765. AllFilesFilter = Wszystkie pliki FolderSelect = Wybierz folder FilesWontBeMoved = Pliki nie zostaną przeniesione. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/pt-BR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/pt-BR/Sophia.psd1 index 044bb276..9474f2c4 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/pt-BR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/pt-BR/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Erros/Avisos DialogBoxOpening = Exibindo a caixa de diálogo... Disable = Desativar Enable = Habilitar -UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765. AllFilesFilter = Todos os arquivos FolderSelect = Escolha uma pasta FilesWontBeMoved = Os arquivos não serão transferidos. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/ru-RU/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/ru-RU/Sophia.psd1 index ae6cf3a4..dc8c6f3a 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/ru-RU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/ru-RU/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Ошибки/предупрежде DialogBoxOpening = Диалоговое окно открывается... Disable = Отключить Enable = Включить -UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765. AllFilesFilter = Все файлы FolderSelect = Выберите папку FilesWontBeMoved = Файлы не будут перенесены. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/tr-TR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/tr-TR/Sophia.psd1 index 465c3994..ee691332 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/tr-TR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/tr-TR/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Hatalar/Uyarılar DialogBoxOpening = İletişim kutusu görüntüleniyor... Disable = Devre dışı bırak Enable = Aktif et -UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir. AllFilesFilter = Tüm Dosyalar FolderSelect = Klasör seç FilesWontBeMoved = Dosyalar taşınmayacak. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/uk-UA/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/uk-UA/Sophia.psd1 index c3e9aa08..6bbba916 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/uk-UA/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/uk-UA/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Помилки/попереджен DialogBoxOpening = Діалогове вікно відкривається... Disable = Вимкнути Enable = Увімкнути -UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765. AllFilesFilter = Усі файли FolderSelect = Виберіть папку FilesWontBeMoved = Файли не будуть перенесені. diff --git a/src/Sophia_Script_for_Windows_10/Localizations/zh-CN/Sophia.psd1 b/src/Sophia_Script_for_Windows_10/Localizations/zh-CN/Sophia.psd1 index 49e901d7..9f972ac2 100644 --- a/src/Sophia_Script_for_Windows_10/Localizations/zh-CN/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10/Localizations/zh-CN/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = 错误/警告 DialogBoxOpening = 显示对话窗口..... Disable = 禁用 Enable = 启用 -UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问。 AllFilesFilter = 所有文件 FolderSelect = 选择一个文件夹 FilesWontBeMoved = 文件将不会被移动。 diff --git a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 index b5203538..7c8d64ef 100644 --- a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 @@ -63,7 +63,7 @@ function InitialActions # Extract strings from %SystemRoot%\System32\shell32.dll using its number # https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1 - # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100") + # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100") # https://github.com/PowerShell/PowerShell/issues/21070 $Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll") @@ -3671,8 +3671,8 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou Add-Type @Signature } - # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry - Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force + # We cannot set a value to EnShellFeedsTaskbarViewMode, having called any of APIs, except of copying powershell.exe (or any other tricks) with a different name, due to a UCPD driver tracks all executables to block the access to the registry + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force switch ($PSCmdlet.ParameterSetName) { @@ -3690,10 +3690,7 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou # Get value to save in EnShellFeedsTaskbarViewMode key $DWordData = [System.BitConverter]::ToUInt32($bytesOut,0) - # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token - # We cannot put --% inside the command below as it breaks parsing of $DWordData variable - $EscapeParser = "--%" - & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds -Name EnShellFeedsTaskbarViewMode -PropertyType DWord -Value $DWordData -Force} } "Enable" { @@ -3709,14 +3706,11 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou # Get value to save in EnShellFeedsTaskbarViewMode key $DWordData = [System.BitConverter]::ToUInt32($bytesOut,0) - # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token - # We cannot put --% inside the command below as it breaks parsing of $DWordData variable - $EscapeParser = "--%" - & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds -Name EnShellFeedsTaskbarViewMode -PropertyType DWord -Value $DWordData -Force} } } - Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force + Remove-Item -Path "$env:SystemRoot\System32\reg_temp.exe" -Force } <# @@ -8919,16 +8913,13 @@ function WindowsLatestUpdate Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0" .EXAMPLE - Set-Association -ProgramPath MSEdgeMHT -Extension .html + Set-Association -ProgramPath MSEdgeHTM -Extension .html .LINK https://github.com/DanysysTeam/PS-SFTA https://github.com/default-username-was-already-taken/set-fileassoc https://forum.ru-board.com/profile.cgi?action=show&member=westlife - .NOTES - Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release - .NOTES Machine-wide #> @@ -8959,18 +8950,9 @@ function Set-Association $Icon ) - # Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release - if (@(".pdf", "http", "https") -contains $Extension) - { - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.UserChoiceWarning -Verbose - Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue - - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.Skipped -Verbose - - return - } + # Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions + # UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force $ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath) @@ -9309,7 +9291,25 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + } # Getting a hash based on the time of the section's last modification. After creating and setting the first parameter $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" @@ -9318,7 +9318,15 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + if (@(".pdf", "http", "https") -contains $Extension) + { + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } # Setting a block on changing the UserChoice section # Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey() @@ -9736,9 +9744,29 @@ public static long MakeLong(uint left, uint right) { New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force } + $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } } # Setting additional parameters to comply with the requirements before configuring the extension @@ -9767,6 +9795,8 @@ public static void Refresh() } [WinAPI.Signature]::Refresh() + + Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force } <# @@ -10101,7 +10131,7 @@ function InstallVCRedist return } - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -10212,7 +10242,7 @@ function InstallDotNetRuntimes { NET6x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -10259,7 +10289,7 @@ function InstallDotNetRuntimes } NET8x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -11824,29 +11854,31 @@ function CortanaAutostart $Enable ) + if (-not (Get-AppxPackage -Name Microsoft.549981C3F5F10)) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if (Get-AppxPackage -Name Microsoft.549981C3F5F10) + if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) { - if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) - { - New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force - } - New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force + New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force } + New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force } "Enable" { - if (Get-AppxPackage -Name Microsoft.549981C3F5F10) + if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) { - if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) - { - New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force - } - New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force + New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force } + New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force } } } @@ -12022,21 +12054,23 @@ function XboxGameTips $Enable ) + if (-not ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or(Get-AppxPackage -Name Microsoft.GamingApp))) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp)) - { - New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force - } + New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force } "Enable" { - if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp)) - { - New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force - } + New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force } } } @@ -12154,14 +12188,14 @@ function GPUScheduling $WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null) if ($WddmVersion_Min -ge 2700) { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force } } } } "Disable" { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force } } } diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/de-DE/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/de-DE/Sophia.psd1 index 4425a1fc..d1d57981 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/de-DE/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/de-DE/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Fehler/Warnungen DialogBoxOpening = Anzeigen des Dialogfensters... Disable = Deaktivieren Enable = Aktivieren -UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt. AllFilesFilter = Alle Dateien FolderSelect = Einen Ordner auswählen FilesWontBeMoved = Dateien werden nicht verschoben. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/en-US/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/en-US/Sophia.psd1 index a348571f..002224b6 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/en-US/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/en-US/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Errors/Warnings DialogBoxOpening = Displaying the dialog box... Disable = Disable Enable = Enable -UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release. AllFilesFilter = All Files FolderSelect = Select a folder FilesWontBeMoved = Files will not be moved. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/es-ES/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/es-ES/Sophia.psd1 index e7345a1f..5fb8e5fb 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/es-ES/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/es-ES/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Errores/Advertencias DialogBoxOpening = Viendo el cuadro de diálogo... Disable = Desactivar Enable = Habilitar -UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765. AllFilesFilter = Todos los Archivos FolderSelect = Seleccione una carpeta FilesWontBeMoved = Los archivos no se transferirán. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/fr-FR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/fr-FR/Sophia.psd1 index 6bde01b0..505fc4b3 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/fr-FR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/fr-FR/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Erreurs/Avertissements DialogBoxOpening = Afficher la boîte de dialogue... Disable = Désactiver Enable = Activer -UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765. AllFilesFilter = Tous les Fichiers FolderSelect = Sélectionner un dossier FilesWontBeMoved = Les fichiers ne seront pas déplacés. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/hu-HU/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/hu-HU/Sophia.psd1 index 77bd11e8..50817dfe 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/hu-HU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/hu-HU/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Hibák/Figyelmeztetések DialogBoxOpening = Párbeszédablak megjelenítése... Disable = Kikapcsolás Enable = Engedélyezés -UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz. AllFilesFilter = Minden fájl FolderSelect = Válasszon ki egy könyvtárat FilesWontBeMoved = A fájlok nem lesznek áthelyezve. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/it-IT/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/it-IT/Sophia.psd1 index 87d0fcd3..b1c5484d 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/it-IT/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/it-IT/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Errori/avvisi DialogBoxOpening = Visualizzazione della finestra di dialogo... Disable = Disattivare Enable = Abilitare -UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765. AllFilesFilter = Tutti i file FolderSelect = Selezionare una cartella FilesWontBeMoved = I file non verranno trasferiti. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pl-PL/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pl-PL/Sophia.psd1 index 8cb4b0c7..d207a587 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pl-PL/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pl-PL/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Błędy/Ostrzeżenia DialogBoxOpening = Wyświetlanie okna dialogowego... Disable = Wyłączyć Enable = Włączać -UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765. AllFilesFilter = Wszystkie pliki FolderSelect = Wybierz folder FilesWontBeMoved = Pliki nie zostaną przeniesione. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pt-BR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pt-BR/Sophia.psd1 index 57c75042..754dae31 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pt-BR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/pt-BR/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Erros/Avisos DialogBoxOpening = Exibindo a caixa de diálogo... Disable = Desativar Enable = Habilitar -UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765. AllFilesFilter = Todos os arquivos FolderSelect = Escolha uma pasta FilesWontBeMoved = Os arquivos não serão transferidos. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/ru-RU/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/ru-RU/Sophia.psd1 index 402af9de..c1ab3dd0 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/ru-RU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/ru-RU/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Ошибки/предупрежде DialogBoxOpening = Диалоговое окно открывается... Disable = Отключить Enable = Включить -UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765. AllFilesFilter = Все файлы FolderSelect = Выберите папку FilesWontBeMoved = Файлы не будут перенесены. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/tr-TR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/tr-TR/Sophia.psd1 index baf4fafa..92b2adb2 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/tr-TR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/tr-TR/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = Hatalar/Uyarılar DialogBoxOpening = İletişim kutusu görüntüleniyor... Disable = Devre dışı bırak Enable = Aktif et -UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir. AllFilesFilter = Tüm Dosyalar FolderSelect = Klasör seç FilesWontBeMoved = Dosyalar taşınmayacak. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/uk-UA/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/uk-UA/Sophia.psd1 index 2c299fd3..012092ba 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/uk-UA/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/uk-UA/Sophia.psd1 @@ -46,7 +46,6 @@ ErrorsMessage = Помилки/попереджен DialogBoxOpening = Діалогове вікно відкривається... Disable = Вимкнути Enable = Увімкнути -UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765. AllFilesFilter = Усі файли FolderSelect = Виберіть папку FilesWontBeMoved = Файли не будуть перенесені. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/zh-CN/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/zh-CN/Sophia.psd1 index 8d867e69..aede0876 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/zh-CN/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Localizations/zh-CN/Sophia.psd1 @@ -48,7 +48,6 @@ ErrorsMessage = 错误/警告 DialogBoxOpening = 显示对话窗口..... Disable = 禁用 Enable = 启用 -UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问。 AllFilesFilter = 所有文件 FolderSelect = 选择一个文件夹 FilesWontBeMoved = 文件将不会被移动。 diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 index 873c9f7a..082ddcb0 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 @@ -63,7 +63,7 @@ function InitialActions # Extract strings from %SystemRoot%\System32\shell32.dll using its number # https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1 - # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100") + # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100") # https://github.com/PowerShell/PowerShell/issues/21070 $Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll") @@ -7156,16 +7156,13 @@ function ActiveHours Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0" .EXAMPLE - Set-Association -ProgramPath MSEdgeMHT -Extension .html + Set-Association -ProgramPath MSEdgeHTM -Extension .html .LINK https://github.com/DanysysTeam/PS-SFTA https://github.com/default-username-was-already-taken/set-fileassoc https://forum.ru-board.com/profile.cgi?action=show&member=westlife - .NOTES - Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release - .NOTES Machine-wide #> @@ -7196,18 +7193,9 @@ function Set-Association $Icon ) - # Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release - if (@(".pdf", "http", "https") -contains $Extension) - { - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.UserChoiceWarning -Verbose - Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue - - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.Skipped -Verbose - - return - } + # Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions + # UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force $ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath) @@ -7546,7 +7534,25 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + } # Getting a hash based on the time of the section's last modification. After creating and setting the first parameter $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" @@ -7555,7 +7561,15 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + if (@(".pdf", "http", "https") -contains $Extension) + { + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } # Setting a block on changing the UserChoice section # Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey() @@ -7973,9 +7987,29 @@ public static long MakeLong(uint left, uint right) { New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force } + $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } } # Setting additional parameters to comply with the requirements before configuring the extension @@ -8004,6 +8038,8 @@ public static void Refresh() } [WinAPI.Signature]::Refresh() + + Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force } <# @@ -8286,7 +8322,7 @@ function InstallVCRedist return } - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -8397,7 +8433,7 @@ function InstallDotNetRuntimes { NET6x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -8444,7 +8480,7 @@ function InstallDotNetRuntimes } NET8x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/de-DE/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/de-DE/Sophia.psd1 index b320f40b..4a7ea595 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/de-DE/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/de-DE/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Fehler/Warnungen DialogBoxOpening = Anzeigen des Dialogfensters... Disable = Deaktivieren Enable = Aktivieren -UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt. AllFilesFilter = Alle Dateien FolderSelect = Einen Ordner auswählen FilesWontBeMoved = Dateien werden nicht verschoben. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/en-US/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/en-US/Sophia.psd1 index 6a4e5cdb..065074b8 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/en-US/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/en-US/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Errors/Warnings DialogBoxOpening = Displaying the dialog box... Disable = Disable Enable = Enable -UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release. AllFilesFilter = All Files FolderSelect = Select a folder FilesWontBeMoved = Files will not be moved. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/es-ES/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/es-ES/Sophia.psd1 index be8954d0..59568106 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/es-ES/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/es-ES/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Errores/Advertencias DialogBoxOpening = Viendo el cuadro de diálogo... Disable = Desactivar Enable = Habilitar -UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765. AllFilesFilter = Todos los Archivos FolderSelect = Seleccione una carpeta FilesWontBeMoved = Los archivos no se transferirán. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/fr-FR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/fr-FR/Sophia.psd1 index fd2a4310..a03bba79 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/fr-FR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/fr-FR/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Erreurs/Avertissements DialogBoxOpening = Afficher la boîte de dialogue... Disable = Désactiver Enable = Activer -UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765. AllFilesFilter = Tous les Fichiers FolderSelect = Sélectionner un dossier FilesWontBeMoved = Les fichiers ne seront pas déplacés. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/hu-HU/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/hu-HU/Sophia.psd1 index 0cbf94b8..2d92027c 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/hu-HU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/hu-HU/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Hibák/Figyelmeztetések DialogBoxOpening = Párbeszédablak megjelenítése... Disable = Kikapcsolás Enable = Engedélyezés -UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz. AllFilesFilter = Minden fájl FolderSelect = Válasszon ki egy könyvtárat FilesWontBeMoved = A fájlok nem lesznek áthelyezve. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/it-IT/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/it-IT/Sophia.psd1 index 13a083af..419869f6 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/it-IT/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/it-IT/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Errori/avvisi DialogBoxOpening = Visualizzazione della finestra di dialogo... Disable = Disattivare Enable = Abilitare -UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765. AllFilesFilter = Tutti i file FolderSelect = Selezionare una cartella FilesWontBeMoved = I file non verranno trasferiti. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pl-PL/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pl-PL/Sophia.psd1 index 01ad4b4a..39529c8f 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pl-PL/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pl-PL/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Błędy/Ostrzeżenia DialogBoxOpening = Wyświetlanie okna dialogowego... Disable = Wyłączyć Enable = Włączać -UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765. AllFilesFilter = Wszystkie pliki FolderSelect = Wybierz folder FilesWontBeMoved = Pliki nie zostaną przeniesione. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pt-BR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pt-BR/Sophia.psd1 index 90fb4647..655579f9 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pt-BR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/pt-BR/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Erros/Avisos DialogBoxOpening = Exibindo a caixa de diálogo... Disable = Desativar Enable = Habilitar -UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765. AllFilesFilter = Todos os arquivos FolderSelect = Escolha uma pasta FilesWontBeMoved = Os arquivos não serão transferidos. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/ru-RU/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/ru-RU/Sophia.psd1 index 60b9b3bf..cd3a8553 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/ru-RU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/ru-RU/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Ошибки/предупрежде DialogBoxOpening = Диалоговое окно открывается... Disable = Отключить Enable = Включить -UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765. AllFilesFilter = Все файлы FolderSelect = Выберите папку FilesWontBeMoved = Файлы не будут перенесены. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/tr-TR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/tr-TR/Sophia.psd1 index 88b3fc8b..c1a6b856 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/tr-TR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/tr-TR/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Hatalar/Uyarılar DialogBoxOpening = İletişim kutusu görüntüleniyor... Disable = Devre dışı bırak Enable = Aktif et -UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir. AllFilesFilter = Tüm Dosyalar FolderSelect = Klasör seç FilesWontBeMoved = Dosyalar taşınmayacak. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/uk-UA/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/uk-UA/Sophia.psd1 index 29de3a77..4d8c3499 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/uk-UA/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/uk-UA/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = Помилки/попереджен DialogBoxOpening = Діалогове вікно відкривається... Disable = Вимкнути Enable = Увімкнути -UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765. AllFilesFilter = Усі файли FolderSelect = Виберіть папку FilesWontBeMoved = Файли не будуть перенесені. diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/zh-CN/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/zh-CN/Sophia.psd1 index 6faa4017..a6dfca7a 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/zh-CN/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Localizations/zh-CN/Sophia.psd1 @@ -50,7 +50,6 @@ ErrorsMessage = 错误/警告 DialogBoxOpening = 显示对话窗口..... Disable = 禁用 Enable = 启用 -UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问。 AllFilesFilter = 所有文件 FolderSelect = 选择一个文件夹 FilesWontBeMoved = 文件将不会被移动。 diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 index 4768ae2b..96ed6452 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 @@ -63,7 +63,7 @@ function InitialActions # Extract strings from %SystemRoot%\System32\shell32.dll using its number # https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1 - # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100") + # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100") # https://github.com/PowerShell/PowerShell/issues/21070 $Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll") @@ -7787,16 +7787,13 @@ function ActiveHours Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0" .EXAMPLE - Set-Association -ProgramPath MSEdgeMHT -Extension .html + Set-Association -ProgramPath MSEdgeHTM -Extension .html .LINK https://github.com/DanysysTeam/PS-SFTA https://github.com/default-username-was-already-taken/set-fileassoc https://forum.ru-board.com/profile.cgi?action=show&member=westlife - .NOTES - Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release - .NOTES Machine-wide #> @@ -7827,18 +7824,9 @@ function Set-Association $Icon ) - # Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release - if (@(".pdf", "http", "https") -contains $Extension) - { - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.UserChoiceWarning -Verbose - Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue - - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.Skipped -Verbose - - return - } + # Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions + # UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force $ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath) @@ -8177,7 +8165,25 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + } # Getting a hash based on the time of the section's last modification. After creating and setting the first parameter $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" @@ -8186,7 +8192,15 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + if (@(".pdf", "http", "https") -contains $Extension) + { + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } # Setting a block on changing the UserChoice section # Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey() @@ -8604,9 +8618,29 @@ public static long MakeLong(uint left, uint right) { New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force } + $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } } # Setting additional parameters to comply with the requirements before configuring the extension @@ -8635,6 +8669,8 @@ public static void Refresh() } [WinAPI.Signature]::Refresh() + + Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force } <# @@ -8917,7 +8953,7 @@ function InstallVCRedist return } - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -9028,7 +9064,7 @@ function InstallDotNetRuntimes { NET6x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -9075,7 +9111,7 @@ function InstallDotNetRuntimes } NET8x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -10075,14 +10111,14 @@ function GPUScheduling $WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null) if ($WddmVersion_Min -ge 2700) { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force } } } } "Disable" { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force } } } diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/de-DE/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/de-DE/Sophia.psd1 index 56376412..52c12353 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/de-DE/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/de-DE/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Fehler/Warnungen DialogBoxOpening = Anzeigen des Dialogfensters... Disable = Deaktivieren Enable = Aktivieren -UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt. AllFilesFilter = Alle Dateien FolderSelect = Einen Ordner auswählen FilesWontBeMoved = Dateien werden nicht verschoben. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/en-US/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/en-US/Sophia.psd1 index d22f1225..07ecd635 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/en-US/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/en-US/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Errors/Warnings DialogBoxOpening = Displaying the dialog box... Disable = Disable Enable = Enable -UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release. AllFilesFilter = All Files FolderSelect = Select a folder FilesWontBeMoved = Files will not be moved. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/es-ES/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/es-ES/Sophia.psd1 index 52401c8c..5465afae 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/es-ES/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/es-ES/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Errores/Advertencias DialogBoxOpening = Viendo el cuadro de diálogo... Disable = Desactivar Enable = Habilitar -UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765. AllFilesFilter = Todos los Archivos FolderSelect = Seleccione una carpeta FilesWontBeMoved = Los archivos no se transferirán. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/fr-FR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/fr-FR/Sophia.psd1 index c220e211..3dbb5973 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/fr-FR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/fr-FR/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Erreurs/Avertissements DialogBoxOpening = Afficher la boîte de dialogue... Disable = Désactiver Enable = Activer -UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765. AllFilesFilter = Tous les Fichiers FolderSelect = Sélectionner un dossier FilesWontBeMoved = Les fichiers ne seront pas déplacés. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/hu-HU/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/hu-HU/Sophia.psd1 index ce38b96b..4f18f28a 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/hu-HU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/hu-HU/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Hibák/Figyelmeztetések DialogBoxOpening = Párbeszédablak megjelenítése... Disable = Kikapcsolás Enable = Engedélyezés -UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz. AllFilesFilter = Minden fájl FolderSelect = Válasszon ki egy könyvtárat FilesWontBeMoved = A fájlok nem lesznek áthelyezve. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/it-IT/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/it-IT/Sophia.psd1 index 56442b10..ba556a1b 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/it-IT/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/it-IT/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Errori/avvisi DialogBoxOpening = Visualizzazione della finestra di dialogo... Disable = Disattivare Enable = Abilitare -UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765. AllFilesFilter = Tutti i file FolderSelect = Selezionare una cartella FilesWontBeMoved = I file non verranno trasferiti. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pl-PL/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pl-PL/Sophia.psd1 index b62889a0..ccb63236 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pl-PL/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pl-PL/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Błędy/Ostrzeżenia DialogBoxOpening = Wyświetlanie okna dialogowego... Disable = Wyłączyć Enable = Włączać -UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765. AllFilesFilter = Wszystkie pliki FolderSelect = Wybierz folder FilesWontBeMoved = Pliki nie zostaną przeniesione. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pt-BR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pt-BR/Sophia.psd1 index 044bb276..9474f2c4 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pt-BR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/pt-BR/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Erros/Avisos DialogBoxOpening = Exibindo a caixa de diálogo... Disable = Desativar Enable = Habilitar -UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765. AllFilesFilter = Todos os arquivos FolderSelect = Escolha uma pasta FilesWontBeMoved = Os arquivos não serão transferidos. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/ru-RU/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/ru-RU/Sophia.psd1 index ae6cf3a4..dc8c6f3a 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/ru-RU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/ru-RU/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Ошибки/предупрежде DialogBoxOpening = Диалоговое окно открывается... Disable = Отключить Enable = Включить -UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765. AllFilesFilter = Все файлы FolderSelect = Выберите папку FilesWontBeMoved = Файлы не будут перенесены. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/tr-TR/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/tr-TR/Sophia.psd1 index 465c3994..ee691332 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/tr-TR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/tr-TR/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Hatalar/Uyarılar DialogBoxOpening = İletişim kutusu görüntüleniyor... Disable = Devre dışı bırak Enable = Aktif et -UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir. AllFilesFilter = Tüm Dosyalar FolderSelect = Klasör seç FilesWontBeMoved = Dosyalar taşınmayacak. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/uk-UA/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/uk-UA/Sophia.psd1 index c3e9aa08..6bbba916 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/uk-UA/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/uk-UA/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = Помилки/попереджен DialogBoxOpening = Діалогове вікно відкривається... Disable = Вимкнути Enable = Увімкнути -UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765. AllFilesFilter = Усі файли FolderSelect = Виберіть папку FilesWontBeMoved = Файли не будуть перенесені. diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/zh-CN/Sophia.psd1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/zh-CN/Sophia.psd1 index 49e901d7..9f972ac2 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/zh-CN/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Localizations/zh-CN/Sophia.psd1 @@ -57,7 +57,6 @@ ErrorsMessage = 错误/警告 DialogBoxOpening = 显示对话窗口..... Disable = 禁用 Enable = 启用 -UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问。 AllFilesFilter = 所有文件 FolderSelect = 选择一个文件夹 FilesWontBeMoved = 文件将不会被移动。 diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 index abc15deb..f30c091f 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 @@ -62,7 +62,7 @@ function InitialActions # Extract strings from %SystemRoot%\System32\shell32.dll using its number # https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1 - # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100") + # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100") # https://github.com/PowerShell/PowerShell/issues/21070 $Script:CompilerOptions = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll") @@ -3675,8 +3675,8 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou Add-Type @Signature } - # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry - Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force + # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to block the access to the registry + Copy-Item -Path "$env:SystemRoot\System32\reg.exe" -Destination "$env:SystemRoot\System32\reg_temp.exe" -Force switch ($PSCmdlet.ParameterSetName) { @@ -3697,7 +3697,7 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token # We cannot put --% inside the command below as it breaks parsing of $DWordData variable $EscapeParser = "--%" - & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f + & "$env:SystemRoot\System32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f } "Enable" { @@ -3716,11 +3716,11 @@ public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int ou # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token # We cannot put --% inside the command below as it breaks parsing of $DWordData variable $EscapeParser = "--%" - & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f + & "$env:SystemRoot\System32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f } } - Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force + Remove-Item -Path "$env:SystemRoot\System32\reg_temp.exe" -Force } <# @@ -8925,16 +8925,13 @@ function WindowsLatestUpdate Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0" .EXAMPLE - Set-Association -ProgramPath MSEdgeMHT -Extension .html + Set-Association -ProgramPath MSEdgeHTM -Extension .html .LINK https://github.com/DanysysTeam/PS-SFTA https://github.com/default-username-was-already-taken/set-fileassoc https://forum.ru-board.com/profile.cgi?action=show&member=westlife - .NOTES - Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release - .NOTES Machine-wide #> @@ -8965,18 +8962,9 @@ function Set-Association $Icon ) - # Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034763 release - if (@(".pdf", "http", "https") -contains $Extension) - { - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.UserChoiceWarning -Verbose - Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue - - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.Skipped -Verbose - - return - } + # Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions + # UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force $ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath) @@ -9315,7 +9303,25 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + } # Getting a hash based on the time of the section's last modification. After creating and setting the first parameter $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" @@ -9324,7 +9330,15 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + if (@(".pdf", "http", "https") -contains $Extension) + { + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } # Setting a block on changing the UserChoice section # Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey() @@ -9742,9 +9756,29 @@ public static long MakeLong(uint left, uint right) { New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force } + $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } } # Setting additional parameters to comply with the requirements before configuring the extension @@ -10107,7 +10141,7 @@ function InstallVCRedist return } - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -10218,7 +10252,7 @@ function InstallDotNetRuntimes { NET6x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -10265,7 +10299,7 @@ function InstallDotNetRuntimes } NET8x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -11840,29 +11874,31 @@ function CortanaAutostart $Enable ) + if (-not (Get-AppxPackage -Name Microsoft.549981C3F5F10)) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if (Get-AppxPackage -Name Microsoft.549981C3F5F10) + if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) { - if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) - { - New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force - } - New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force + New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force } + New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force } "Enable" { - if (Get-AppxPackage -Name Microsoft.549981C3F5F10) + if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) { - if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) - { - New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force - } - New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force + New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force } + New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force } } } @@ -12038,21 +12074,23 @@ function XboxGameTips $Enable ) + if (-not ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or(Get-AppxPackage -Name Microsoft.GamingApp))) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp)) - { - New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force - } + New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force } "Enable" { - if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp)) - { - New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force - } + New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force } } } @@ -12170,14 +12208,14 @@ function GPUScheduling $WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null) if ($WddmVersion_Min -ge 2700) { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force } } } } "Disable" { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force } } } diff --git a/src/Sophia_Script_for_Windows_11/Localizations/de-DE/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/de-DE/Sophia.psd1 index b596ee08..8d94e82c 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/de-DE/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/de-DE/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Fehler/Warnungen DialogBoxOpening = Anzeigen des Dialogfensters... Disable = Deaktivieren Enable = Aktivieren -UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt. AllFilesFilter = Alle Dateien FolderSelect = Einen Ordner auswählen FilesWontBeMoved = Dateien werden nicht verschoben. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/en-US/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/en-US/Sophia.psd1 index bb4b26e4..0823caca 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/en-US/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/en-US/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Errors/Warnings DialogBoxOpening = Displaying the dialog box... Disable = Disable Enable = Enable -UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release. AllFilesFilter = All Files FolderSelect = Select a folder FilesWontBeMoved = Files will not be moved. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/es-ES/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/es-ES/Sophia.psd1 index ee8d2ff9..d9cfaee4 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/es-ES/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/es-ES/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Errores/Advertencias DialogBoxOpening = Viendo el cuadro de diálogo... Disable = Desactivar Enable = Habilitar -UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765. AllFilesFilter = Todos los Archivos FolderSelect = Seleccione una carpeta FilesWontBeMoved = Los archivos no se transferirán. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/fr-FR/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/fr-FR/Sophia.psd1 index 878b4236..5dc0d7bb 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/fr-FR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/fr-FR/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Erreurs/Avertissements DialogBoxOpening = Afficher la boîte de dialogue... Disable = Désactiver Enable = Activer -UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765. AllFilesFilter = Tous les Fichiers FolderSelect = Sélectionner un dossier FilesWontBeMoved = Les fichiers ne seront pas déplacés. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/hu-HU/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/hu-HU/Sophia.psd1 index 7901b30c..19330030 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/hu-HU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/hu-HU/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Hibák/Figyelmeztetések DialogBoxOpening = Párbeszédablak megjelenítése... Disable = Kikapcsolás Enable = Engedélyezés -UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz. AllFilesFilter = Minden fájl FolderSelect = Válasszon ki egy könyvtárat FilesWontBeMoved = A fájlok nem lesznek áthelyezve. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/it-IT/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/it-IT/Sophia.psd1 index 47a56809..234e7f7c 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/it-IT/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/it-IT/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Errori/avvisi DialogBoxOpening = Visualizzazione della finestra di dialogo... Disable = Disattivare Enable = Abilitare -UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765. AllFilesFilter = Tutti i file FolderSelect = Selezionare una cartella FilesWontBeMoved = I file non verranno trasferiti. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/pl-PL/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/pl-PL/Sophia.psd1 index e2c78877..f70585f6 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/pl-PL/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/pl-PL/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Błędy/Ostrzeżenia DialogBoxOpening = Wyświetlanie okna dialogowego... Disable = Wyłączyć Enable = Włączać -UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765. AllFilesFilter = Wszystkie pliki FolderSelect = Wybierz folder FilesWontBeMoved = Pliki nie zostaną przeniesione. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/pt-BR/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/pt-BR/Sophia.psd1 index 846625c9..00d9b0b9 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/pt-BR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/pt-BR/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Erros/Avisos DialogBoxOpening = Exibindo a caixa de diálogo... Disable = Desativar Enable = Habilitar -UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765. AllFilesFilter = Todos os arquivos FolderSelect = Escolha uma pasta FilesWontBeMoved = Os arquivos não serão transferidos. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/ru-RU/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/ru-RU/Sophia.psd1 index 1e340280..5c212fee 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/ru-RU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/ru-RU/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Ошибки/предупрежде DialogBoxOpening = Диалоговое окно открывается... Disable = Отключить Enable = Включить -UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765. AllFilesFilter = Все файлы FolderSelect = Выберите папку FilesWontBeMoved = Файлы не будут перенесены. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/tr-TR/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/tr-TR/Sophia.psd1 index ef4efe56..9c340970 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/tr-TR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/tr-TR/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Hatalar/Uyarılar DialogBoxOpening = İletişim kutusu görüntüleniyor... Disable = Devre dışı bırak Enable = Aktif et -UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir. AllFilesFilter = Tüm Dosyalar FolderSelect = Klasör seç FilesWontBeMoved = Dosyalar taşınmayacak. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/uk-UA/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/uk-UA/Sophia.psd1 index 87a826b2..cebb4bae 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/uk-UA/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/uk-UA/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Помилки/попереджен DialogBoxOpening = Діалогове вікно відкривається... Disable = Вимкнути Enable = Увімкнути -UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765. AllFilesFilter = Усі файли FolderSelect = Виберіть папку FilesWontBeMoved = Файли не будуть перенесені. diff --git a/src/Sophia_Script_for_Windows_11/Localizations/zh-CN/Sophia.psd1 b/src/Sophia_Script_for_Windows_11/Localizations/zh-CN/Sophia.psd1 index 10cd79a7..e524d7ae 100644 --- a/src/Sophia_Script_for_Windows_11/Localizations/zh-CN/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11/Localizations/zh-CN/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = 错误/警告 DialogBoxOpening = 显示对话窗口..... Disable = 禁用 Enable = 启用 -UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问。 AllFilesFilter = 所有文件 FolderSelect = 选择一个文件夹 FilesWontBeMoved = 文件将不会被移动。 diff --git a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 index 774be04c..888d4037 100644 --- a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 @@ -62,7 +62,7 @@ function InitialActions # Extract strings from %SystemRoot%\System32\shell32.dll using its number # https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1 - # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100") + # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100") # https://github.com/PowerShell/PowerShell/issues/21070 $Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll") @@ -3191,34 +3191,30 @@ function TaskbarWidgets $Show ) - # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry - Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force + if (-not (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience)) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + + # We cannot set a value to TaskbarDa, having called any of APIs, except of copying powershell.exe (or any other tricks) with a different name, due to a UCPD driver tracks all executables to block the access to the registry + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force switch ($PSCmdlet.ParameterSetName) { "Hide" { - if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience) - { - # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token - # We cannot put --% inside the command below as it breaks parsing of $DWordData variable - $EscapeParser = "--%" - & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0 /f - } + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 0 -Force} } "Show" { - if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience) - { - # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token - # We cannot put --% inside the command below as it breaks parsing of $DWordData variable - $EscapeParser = "--%" - & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 1 /f - } + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 1 -Force} } } - Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force + Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force } <# @@ -8507,16 +8503,13 @@ function NetworkDiscovery Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0" .EXAMPLE - Set-Association -ProgramPath MSEdgeMHT -Extension .html + Set-Association -ProgramPath MSEdgeHTM -Extension .html .LINK https://github.com/DanysysTeam/PS-SFTA https://github.com/default-username-was-already-taken/set-fileassoc https://forum.ru-board.com/profile.cgi?action=show&member=westlife - .NOTES - Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034765 release - .NOTES Machine-wide #> @@ -8547,18 +8540,9 @@ function Set-Association $Icon ) - # Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034765 release - if (@(".pdf", "http", "https") -contains $Extension) - { - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.UserChoiceWarning -Verbose - Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue - - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.Skipped -Verbose - - return - } + # Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions + # UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force $ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath) @@ -8897,7 +8881,25 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + } # Getting a hash based on the time of the section's last modification. After creating and setting the first parameter $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" @@ -8906,7 +8908,15 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + if (@(".pdf", "http", "https") -contains $Extension) + { + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } # Setting a block on changing the UserChoice section # Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey() @@ -9324,9 +9334,29 @@ public static long MakeLong(uint left, uint right) { New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force } + $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } } # Setting additional parameters to comply with the requirements before configuring the extension @@ -9355,6 +9385,8 @@ public static void Refresh() } [WinAPI.Signature]::Refresh() + + Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force } <# @@ -9679,8 +9711,8 @@ function DefaultTerminalApp } "ConsoleHost" { - New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationConsole -PropertyType String -Value "{00000000-0000-0000-0000-000000000000}" -Force - New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationTerminal -PropertyType String -Value "{00000000-0000-0000-0000-000000000000}" -Force + New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationConsole -PropertyType String -Value "{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}" -Force + New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationTerminal -PropertyType String -Value "{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}" -Force } } } @@ -9714,7 +9746,7 @@ function InstallVCRedist return } - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -9825,7 +9857,7 @@ function InstallDotNetRuntimes { NET6x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -9872,7 +9904,7 @@ function InstallDotNetRuntimes } NET8x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -10457,17 +10489,17 @@ function StartLayout "Default" { # Default - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 0 -Force + New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 0 -Force } "ShowMorePins" { # Show More Pins - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 1 -Force + New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 1 -Force } "ShowMoreRecommendations" { # Show More Recommendations - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 2 -Force + New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 2 -Force } } } @@ -11007,29 +11039,31 @@ function CortanaAutostart $Enable ) + if (-not (Get-AppxPackage -Name Microsoft.549981C3F5F10)) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if (Get-AppxPackage -Name Microsoft.549981C3F5F10) + if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) { - if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) - { - New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force - } - New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force + New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force } + New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force } "Enable" { - if (Get-AppxPackage -Name Microsoft.549981C3F5F10) + if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) { - if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) - { - New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force - } - New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force + New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force } + New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force } } } @@ -11072,18 +11106,23 @@ function TeamsAutostart $Enable ) - if (Get-AppxPackage -Name MSTeams) + if (-not (Get-AppxPackage -Name MSTeams)) { - switch ($PSCmdlet.ParameterSetName) + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + + switch ($PSCmdlet.ParameterSetName) + { + "Disable" { - "Disable" - { - New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 1 -Force - } - "Enable" - { - New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 2 -Force - } + New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 1 -Force + } + "Enable" + { + New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 2 -Force } } } @@ -11184,21 +11223,23 @@ function XboxGameTips $Enable ) + if (-not ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or(Get-AppxPackage -Name Microsoft.GamingApp))) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp)) - { - New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force - } + New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force } "Enable" { - if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp)) - { - New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force - } + New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force } } } @@ -11316,14 +11357,14 @@ function GPUScheduling $WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null) if ($WddmVersion_Min -ge 2700) { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force } } } } "Disable" { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force } } } diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/de-DE/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/de-DE/Sophia.psd1 index b596ee08..8d94e82c 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/de-DE/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/de-DE/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Fehler/Warnungen DialogBoxOpening = Anzeigen des Dialogfensters... Disable = Deaktivieren Enable = Aktivieren -UserChoiceWarning = Microsoft hat den Schreibzugriff auf den UserChoice-Schlüssel für die .pdf-Erweiterung und das http/https-Protokoll mit der Version KB5034765 gesperrt. AllFilesFilter = Alle Dateien FolderSelect = Einen Ordner auswählen FilesWontBeMoved = Dateien werden nicht verschoben. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/en-US/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/en-US/Sophia.psd1 index bb4b26e4..0823caca 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/en-US/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/en-US/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Errors/Warnings DialogBoxOpening = Displaying the dialog box... Disable = Disable Enable = Enable -UserChoiceWarning = Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release. AllFilesFilter = All Files FolderSelect = Select a folder FilesWontBeMoved = Files will not be moved. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/es-ES/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/es-ES/Sophia.psd1 index ee8d2ff9..d9cfaee4 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/es-ES/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/es-ES/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Errores/Advertencias DialogBoxOpening = Viendo el cuadro de diálogo... Disable = Desactivar Enable = Habilitar -UserChoiceWarning = Microsoft ha bloqueado el acceso de escritura a la clave UserChoice para la extensión .pdf y el protocolo http/https con el lanzamiento de KB5034765. AllFilesFilter = Todos los Archivos FolderSelect = Seleccione una carpeta FilesWontBeMoved = Los archivos no se transferirán. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/fr-FR/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/fr-FR/Sophia.psd1 index 878b4236..5dc0d7bb 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/fr-FR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/fr-FR/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Erreurs/Avertissements DialogBoxOpening = Afficher la boîte de dialogue... Disable = Désactiver Enable = Activer -UserChoiceWarning = Microsoft a bloqué l'accès en écriture à la clé UserChoice pour l'extension .pdf et le protocole http/https avec la version KB5034765. AllFilesFilter = Tous les Fichiers FolderSelect = Sélectionner un dossier FilesWontBeMoved = Les fichiers ne seront pas déplacés. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/hu-HU/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/hu-HU/Sophia.psd1 index 7901b30c..19330030 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/hu-HU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/hu-HU/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Hibák/Figyelmeztetések DialogBoxOpening = Párbeszédablak megjelenítése... Disable = Kikapcsolás Enable = Engedélyezés -UserChoiceWarning = A Microsoft a KB5034765 kiadással blokkolta a UserChoice kulcs írási hozzáférését a .pdf kiterjesztéshez és a http/https protokollhoz. AllFilesFilter = Minden fájl FolderSelect = Válasszon ki egy könyvtárat FilesWontBeMoved = A fájlok nem lesznek áthelyezve. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/it-IT/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/it-IT/Sophia.psd1 index 47a56809..234e7f7c 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/it-IT/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/it-IT/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Errori/avvisi DialogBoxOpening = Visualizzazione della finestra di dialogo... Disable = Disattivare Enable = Abilitare -UserChoiceWarning = Microsoft ha bloccato l'accesso in scrittura alla chiave UserChoice per l'estensione .pdf e il protocollo http/https con il rilascio della KB5034765. AllFilesFilter = Tutti i file FolderSelect = Selezionare una cartella FilesWontBeMoved = I file non verranno trasferiti. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pl-PL/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pl-PL/Sophia.psd1 index e2c78877..f70585f6 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pl-PL/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pl-PL/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Błędy/Ostrzeżenia DialogBoxOpening = Wyświetlanie okna dialogowego... Disable = Wyłączyć Enable = Włączać -UserChoiceWarning = Microsoft zablokował dostęp do zapisu klucza UserChoice dla rozszerzenia .pdf i protokołu http/https wraz z wydaniem KB5034765. AllFilesFilter = Wszystkie pliki FolderSelect = Wybierz folder FilesWontBeMoved = Pliki nie zostaną przeniesione. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pt-BR/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pt-BR/Sophia.psd1 index 846625c9..00d9b0b9 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pt-BR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/pt-BR/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Erros/Avisos DialogBoxOpening = Exibindo a caixa de diálogo... Disable = Desativar Enable = Habilitar -UserChoiceWarning = A Microsoft bloqueou o acesso de gravação à chave UserChoice para extensão .pdf e protocolo http/https com a versão KB5034765. AllFilesFilter = Todos os arquivos FolderSelect = Escolha uma pasta FilesWontBeMoved = Os arquivos não serão transferidos. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/ru-RU/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/ru-RU/Sophia.psd1 index 1e340280..5c212fee 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/ru-RU/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/ru-RU/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Ошибки/предупрежде DialogBoxOpening = Диалоговое окно открывается... Disable = Отключить Enable = Включить -UserChoiceWarning = Microsoft заблокировала возможность записать в раздел реестра UserChoice для расширения .pdf и протоколов http/https с релизом обновления KB5034765. AllFilesFilter = Все файлы FolderSelect = Выберите папку FilesWontBeMoved = Файлы не будут перенесены. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/tr-TR/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/tr-TR/Sophia.psd1 index ef4efe56..9c340970 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/tr-TR/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/tr-TR/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Hatalar/Uyarılar DialogBoxOpening = İletişim kutusu görüntüleniyor... Disable = Devre dışı bırak Enable = Aktif et -UserChoiceWarning = Microsoft, KB5034765 sürümü ile .pdf uzantısı ve http/https protokolü için UserChoice anahtarına yazma erişimini engellemiştir. AllFilesFilter = Tüm Dosyalar FolderSelect = Klasör seç FilesWontBeMoved = Dosyalar taşınmayacak. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/uk-UA/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/uk-UA/Sophia.psd1 index 87a826b2..cebb4bae 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/uk-UA/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/uk-UA/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = Помилки/попереджен DialogBoxOpening = Діалогове вікно відкривається... Disable = Вимкнути Enable = Увімкнути -UserChoiceWarning = Microsoft заблокувала можливість писати в розділ реєстру UserChoice для розширення .pdf, а також протоколів http/https з релізом оновлення KB5034765. AllFilesFilter = Усі файли FolderSelect = Виберіть папку FilesWontBeMoved = Файли не будуть перенесені. diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/zh-CN/Sophia.psd1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/zh-CN/Sophia.psd1 index 10cd79a7..e524d7ae 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/zh-CN/Sophia.psd1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Localizations/zh-CN/Sophia.psd1 @@ -56,7 +56,6 @@ ErrorsMessage = 错误/警告 DialogBoxOpening = 显示对话窗口..... Disable = 禁用 Enable = 启用 -UserChoiceWarning = 微软在发布 KB5034765 时阻止了对 .pdf 扩展和 http/https 协议的 UserChoice 密钥的写入访问。 AllFilesFilter = 所有文件 FolderSelect = 选择一个文件夹 FilesWontBeMoved = 文件将不会被移动。 diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 index b9e8b055..7cab24df 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 @@ -61,7 +61,7 @@ function InitialActions # Extract strings from %SystemRoot%\System32\shell32.dll using its number # https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1 - # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100") + # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\System32\schedsvc.dll,-100") # https://github.com/PowerShell/PowerShell/issues/21070 $Script:CompilerOptions = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll") @@ -3195,34 +3195,30 @@ function TaskbarWidgets $Show ) - # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry - Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force + if (-not (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience)) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + + # We cannot set a value to TaskbarDa, having called any of APIs, except of copying powershell.exe (or any other tricks) with a different name, due to a UCPD driver tracks all executables to block the access to the registry + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force switch ($PSCmdlet.ParameterSetName) { "Hide" { - if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience) - { - # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token - # We cannot put --% inside the command below as it breaks parsing of $DWordData variable - $EscapeParser = "--%" - & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0 /f - } + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 0 -Force} } "Show" { - if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience) - { - # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token - # We cannot put --% inside the command below as it breaks parsing of $DWordData variable - $EscapeParser = "--%" - & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 1 /f - } + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command {New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 1 -Force} } } - Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force + Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force } <# @@ -8513,16 +8509,13 @@ function NetworkDiscovery Set-Association -ProgramPath "%ProgramFiles%\Notepad++\notepad++.exe" -Extension .txt -Icon "%ProgramFiles%\Notepad++\notepad++.exe,0" .EXAMPLE - Set-Association -ProgramPath MSEdgeMHT -Extension .html + Set-Association -ProgramPath MSEdgeHTM -Extension .html .LINK https://github.com/DanysysTeam/PS-SFTA https://github.com/default-username-was-already-taken/set-fileassoc https://forum.ru-board.com/profile.cgi?action=show&member=westlife - .NOTES - Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034765 release - .NOTES Machine-wide #> @@ -8553,18 +8546,9 @@ function Set-Association $Icon ) - # Microsoft blocked ability to write to UserChoice key for .pdf extention and http and https protocols with KB5034765 release - if (@(".pdf", "http", "https") -contains $Extension) - { - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.UserChoiceWarning -Verbose - Write-Error -Message $Localization.UserChoiceWarning -ErrorAction SilentlyContinue - - Write-Information -MessageData "" -InformationAction Continue - Write-Verbose -Message $Localization.Skipped -Verbose - - return - } + # Microsoft has blocked write access to UserChoice key for .pdf extention and http/https protocols with KB5034765 release, so we have to write values with a copy of powershell.exe to bypass a UCPD driver restrictions + # UCPD driver tracks all executables to block the access to the registry so all registry records will be made within powershell_temp.exe in this function just in case + Copy-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -Destination "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force $ProgramPath = [System.Environment]::ExpandEnvironmentVariables($ProgramPath) @@ -8903,7 +8887,25 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgID -Force + } # Getting a hash based on the time of the section's last modification. After creating and setting the first parameter $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" @@ -8912,7 +8914,15 @@ public static int UnloadHive(RegistryHives hive, string subKey) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Force } - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + if (@(".pdf", "http", "https") -contains $Extension) + { + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } # Setting a block on changing the UserChoice section # Due to "Set-StrictMode -Version Latest" we have to use OpenSubKey() @@ -9330,9 +9340,29 @@ public static long MakeLong(uint left, uint right) { New-Item -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Force } + $ProgHash = Get-Hash -ProgId $ProgId -Extension $Extension -SubKey "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + + # We need to remove DENY permission set for user before setting a value + if (@(".pdf", "http", "https") -contains $Extension) + { + # https://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/ + $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) + $ACL = $key.GetAccessControl() + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + # https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights + $Rule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList ($Principal,"FullControl","Deny") + $ACL.RemoveAccessRule($Rule) + $Key.SetAccessControl($ACL) + + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name ProgId -PropertyType String -Value $ProgID -Force}" + & "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Command "& {New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice' -Name Hash -PropertyType String -Value $ProgHash -Force}" + } + else + { + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name ProgId -PropertyType String -Value $ProgId -Force + New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\$Extension\UserChoice" -Name Hash -PropertyType String -Value $ProgHash -Force + } } # Setting additional parameters to comply with the requirements before configuring the extension @@ -9361,6 +9391,8 @@ public static void Refresh() } [WinAPI.Signature]::Refresh() + + Remove-Item -Path "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell_temp.exe" -Force } <# @@ -9685,8 +9717,8 @@ function DefaultTerminalApp } "ConsoleHost" { - New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationConsole -PropertyType String -Value "{00000000-0000-0000-0000-000000000000}" -Force - New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationTerminal -PropertyType String -Value "{00000000-0000-0000-0000-000000000000}" -Force + New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationConsole -PropertyType String -Value "{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}" -Force + New-ItemProperty -Path "HKCU:\Console\%%Startup" -Name DelegationTerminal -PropertyType String -Value "{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}" -Force } } } @@ -9720,7 +9752,7 @@ function InstallVCRedist return } - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -9831,7 +9863,7 @@ function InstallDotNetRuntimes { NET6x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -9878,7 +9910,7 @@ function InstallDotNetRuntimes } NET8x64 { - if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller -ErrorAction Ignore) + if (Get-AppxPackage -Name Microsoft.DesktopAppInstaller) { if ([System.Version](Get-AppxPackage -Name Microsoft.DesktopAppInstaller).Version -ge [System.Version]"1.17") { @@ -10463,17 +10495,17 @@ function StartLayout "Default" { # Default - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 0 -Force + New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 0 -Force } "ShowMorePins" { # Show More Pins - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 1 -Force + New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 1 -Force } "ShowMoreRecommendations" { # Show More Recommendations - New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_Layout -PropertyType DWord -Value 2 -Force + New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Start_Layout -PropertyType DWord -Value 2 -Force } } } @@ -11023,29 +11055,31 @@ function CortanaAutostart $Enable ) + if (-not (Get-AppxPackage -Name Microsoft.549981C3F5F10)) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if (Get-AppxPackage -Name Microsoft.549981C3F5F10) + if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) { - if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) - { - New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force - } - New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force + New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force } + New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 1 -Force } "Enable" { - if (Get-AppxPackage -Name Microsoft.549981C3F5F10) + if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) { - if (-not (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId")) - { - New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force - } - New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force + New-Item -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Force } + New-ItemProperty -Path "Registry::HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CortanaStartupId" -Name State -PropertyType DWord -Value 2 -Force } } } @@ -11088,18 +11122,23 @@ function TeamsAutostart $Enable ) - if (Get-AppxPackage -Name MSTeams) + if (-not (Get-AppxPackage -Name MSTeams)) { - switch ($PSCmdlet.ParameterSetName) + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + + switch ($PSCmdlet.ParameterSetName) + { + "Disable" { - "Disable" - { - New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 1 -Force - } - "Enable" - { - New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 2 -Force - } + New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 1 -Force + } + "Enable" + { + New-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask" -Name State -PropertyType DWord -Value 2 -Force } } } @@ -11200,21 +11239,23 @@ function XboxGameTips $Enable ) + if (-not ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or(Get-AppxPackage -Name Microsoft.GamingApp))) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp)) - { - New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force - } + New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 0 -Force } "Enable" { - if ((Get-AppxPackage -Name Microsoft.XboxGamingOverlay) -or (Get-AppxPackage -Name Microsoft.GamingApp)) - { - New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force - } + New-ItemProperty -Path HKCU:\Software\Microsoft\GameBar -Name ShowStartupPanel -PropertyType DWord -Value 1 -Force } } } @@ -11332,14 +11373,14 @@ function GPUScheduling $WddmVersion_Min = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\FeatureSetUsage", "WddmVersion_Min", $null) if ($WddmVersion_Min -ge 2700) { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 2 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 2 -Force } } } } "Disable" { - New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name HwSchMode -PropertyType DWord -Value 1 -Force + New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers -Name HwSchMode -PropertyType DWord -Value 1 -Force } } }