From 61d2de8bfca02267a9d207e86a23c611fcee68de Mon Sep 17 00:00:00 2001 From: Lightemerald Date: Wed, 11 Oct 2023 09:50:37 +0000 Subject: [PATCH] Update setupScriptInfo.ps1 --- setupScriptInfo.ps1 | 92 ++++++++++++++++----------------------------- 1 file changed, 33 insertions(+), 59 deletions(-) diff --git a/setupScriptInfo.ps1 b/setupScriptInfo.ps1 index e39bf8f..4ad7ffb 100644 --- a/setupScriptInfo.ps1 +++ b/setupScriptInfo.ps1 @@ -42,20 +42,11 @@ function UserReg { param ( [string] $Username ) - - # Get the list of user profiles on the computer $UserProfiles = Get-WmiObject Win32_UserProfile | Where-Object { $_.Special -eq $false } - - # Search for the user profile based on the username $UserProfile = $UserProfiles | Where-Object { $_.LocalPath.EndsWith("\$Username") } - - # Check if the user profile exists if ($UserProfile -ne $null) { - # Construct the path to the user's NTUSER.DAT file (registry hive) $UserSID = $UserProfile.SID $HivePath = Join-Path -Path $UserProfile.LocalPath -ChildPath "NTUSER.DAT" - - # Return the user's SID and HKU registry key return $UserSID, "Registry::HKEY_USERS\$UserSID" } else { Write-Host "User profile for $Username not found." @@ -63,6 +54,26 @@ function UserReg { } } +function SetRegistry { + param ( + [string] $regpath, + [string] $regproperty + ) + + if( -not (Test-Path -Path $regpath -PathType Container) ) { + New-Item -Path $regpath -Force + New-ItemProperty -Path $regpath -Name $regproperty -Value 1 -PropertyType DWord + } + else { + $RegistryItem = Get-ItemProperty -Path $regpath + if ($RegistryItem.PSObject.Properties.Name -contains $regproperty) { + Set-ItemProperty -Path $regpath -Name $regproperty -Value 1 + } else { + New-ItemProperty -Path $regpath -Name $regproperty -Value 1 -PropertyType DWord + } + } +} + $TargetUsername = "Eleve" $UserSID, $UserHKUPath = UserReg -Username $TargetUsername # Add restriction @@ -70,67 +81,30 @@ if ($UserSID -ne $null -and $UserHKUPath -ne $null) { # Restrict access to Settings $ControlPanelKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" $ControlPanelValueName = "NoControlPanel" - if (Test-Path -Path $ControlPanelKeyPath) { - $RegistryItem = Get-ItemProperty -Path $ControlPanelKeyPath - if ($RegistryItem.PSObject.Properties.Name -contains $ControlPanelValueName) { - Set-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 - } else { - New-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 -PropertyType DWord - } - } else { - New-Item -Path $ControlPanelKeyPath -Force - New-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 -PropertyType DWord - } + SetRegistry -regpath $ControlPanelKeyPath -regproperty $ControlPanelValueName # Disable access to regedit $REGKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\System" $REGValueName = "DisableRegistryTools" - if (Test-Path -Path $REGKeyPath) { - $RegistryItem = Get-ItemProperty -Path $REGKeyPath - if ($RegistryItem.PSObject.Properties.Name -contains $REGValueName) { - Set-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 - } else { - New-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 -PropertyType DWord - } - } else { - New-Item -Path $REGKeyPath -Force - New-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 -PropertyType DWord - } + SetRegistry -regpath $REGKeyPath -regproperty $REGValueName # Restrict access to Command Prompt $CMDKeyPath = "$UserHKUPath\Software\Policies\Microsoft\Windows\System" $CMDValueName = "DisableCMD" - if (Test-Path -Path $CMDKeyPath) { - $RegistryItem = Get-ItemProperty -Path $CMDKeyPath - if ($RegistryItem.PSObject.Properties.Name -contains $CMDValueName) { - Set-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 - } else { - New-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 -PropertyType DWord - } - } else { - New-Item -Path $CMDKeyPath -Force - New-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 -PropertyType DWord - } + SetRegistry -regpath $CMDKeyPath -regproperty $CMDValueName # Add entries to DisallowRun for cmd.exe and powershell.exe - $DisallowRunKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" + $DisallowRunKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" + $DisallowRunValueName = "DisallowRun" + SetRegistry -regpath $DisallowRunKeyPath -regproperty $DisallowRunValueName + Write-Host (Get-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun") - if ((Test-Path -Path $DisallowRunKeyPath) -and (Get-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun").DisallowRun -eq 1) { - Write-Host "DisallowRun is already set to 1. Skipping the modification." - } else { - if (Test-Path -Path $DisallowRunKeyPath) { - Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1 - } else { - New-Item -Path $DisallowRunKeyPath -Force - Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1 - } - - $applications = @("cmd.exe", "powershell.exe", "powershell_ise.exe") - foreach ($valueName in $applications) { - $valueExists = $DisallowRunKeyPath.PSObject.Properties.Name -contains $valueName - if (!$valueExists) { - New-ItemProperty -Path $DisallowRunKeyPath -Name $valueName -Value $valueName -PropertyType String - } + $applications = @("cmd.exe", "powershell.exe", "powershell_ise.exe") + foreach ($valueName in $applications) { + $nameExists = $DisallowRunKeyPath.PSObject.Properties.Name -contains $valueName + $valueExists = $DisallowRunKeyPath.PSObject.Properties.Value -contains $valueName + if (!$valueExists && !$nameExists) { + New-ItemProperty -Path $DisallowRunKeyPath -Name $valueName -Value $valueName -PropertyType String } } } else {