Update setupScriptInfo.ps1
This commit is contained in:
@@ -42,20 +42,11 @@ function UserReg {
|
|||||||
param (
|
param (
|
||||||
[string] $Username
|
[string] $Username
|
||||||
)
|
)
|
||||||
|
|
||||||
# Get the list of user profiles on the computer
|
|
||||||
$UserProfiles = Get-WmiObject Win32_UserProfile | Where-Object { $_.Special -eq $false }
|
$UserProfiles = Get-WmiObject Win32_UserProfile | Where-Object { $_.Special -eq $false }
|
||||||
|
|
||||||
# Search for the user profile based on the username
|
|
||||||
$UserProfile = $UserProfiles | Where-Object { $_.LocalPath.EndsWith("\$Username") }
|
$UserProfile = $UserProfiles | Where-Object { $_.LocalPath.EndsWith("\$Username") }
|
||||||
|
|
||||||
# Check if the user profile exists
|
|
||||||
if ($UserProfile -ne $null) {
|
if ($UserProfile -ne $null) {
|
||||||
# Construct the path to the user's NTUSER.DAT file (registry hive)
|
|
||||||
$UserSID = $UserProfile.SID
|
$UserSID = $UserProfile.SID
|
||||||
$HivePath = Join-Path -Path $UserProfile.LocalPath -ChildPath "NTUSER.DAT"
|
$HivePath = Join-Path -Path $UserProfile.LocalPath -ChildPath "NTUSER.DAT"
|
||||||
|
|
||||||
# Return the user's SID and HKU registry key
|
|
||||||
return $UserSID, "Registry::HKEY_USERS\$UserSID"
|
return $UserSID, "Registry::HKEY_USERS\$UserSID"
|
||||||
} else {
|
} else {
|
||||||
Write-Host "User profile for $Username not found."
|
Write-Host "User profile for $Username not found."
|
||||||
@@ -63,6 +54,26 @@ function UserReg {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function SetRegistry {
|
||||||
|
param (
|
||||||
|
[string] $regpath,
|
||||||
|
[string] $regproperty
|
||||||
|
)
|
||||||
|
|
||||||
|
if( -not (Test-Path -Path $regpath -PathType Container) ) {
|
||||||
|
New-Item -Path $regpath -Force
|
||||||
|
New-ItemProperty -Path $regpath -Name $regproperty -Value 1 -PropertyType DWord
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$RegistryItem = Get-ItemProperty -Path $regpath
|
||||||
|
if ($RegistryItem.PSObject.Properties.Name -contains $regproperty) {
|
||||||
|
Set-ItemProperty -Path $regpath -Name $regproperty -Value 1
|
||||||
|
} else {
|
||||||
|
New-ItemProperty -Path $regpath -Name $regproperty -Value 1 -PropertyType DWord
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$TargetUsername = "Eleve"
|
$TargetUsername = "Eleve"
|
||||||
$UserSID, $UserHKUPath = UserReg -Username $TargetUsername
|
$UserSID, $UserHKUPath = UserReg -Username $TargetUsername
|
||||||
# Add restriction
|
# Add restriction
|
||||||
@@ -70,67 +81,30 @@ if ($UserSID -ne $null -and $UserHKUPath -ne $null) {
|
|||||||
# Restrict access to Settings
|
# Restrict access to Settings
|
||||||
$ControlPanelKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
|
$ControlPanelKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
|
||||||
$ControlPanelValueName = "NoControlPanel"
|
$ControlPanelValueName = "NoControlPanel"
|
||||||
if (Test-Path -Path $ControlPanelKeyPath) {
|
SetRegistry -regpath $ControlPanelKeyPath -regproperty $ControlPanelValueName
|
||||||
$RegistryItem = Get-ItemProperty -Path $ControlPanelKeyPath
|
|
||||||
if ($RegistryItem.PSObject.Properties.Name -contains $ControlPanelValueName) {
|
|
||||||
Set-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1
|
|
||||||
} else {
|
|
||||||
New-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 -PropertyType DWord
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
New-Item -Path $ControlPanelKeyPath -Force
|
|
||||||
New-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 -PropertyType DWord
|
|
||||||
}
|
|
||||||
|
|
||||||
# Disable access to regedit
|
# Disable access to regedit
|
||||||
$REGKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\System"
|
$REGKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\System"
|
||||||
$REGValueName = "DisableRegistryTools"
|
$REGValueName = "DisableRegistryTools"
|
||||||
if (Test-Path -Path $REGKeyPath) {
|
SetRegistry -regpath $REGKeyPath -regproperty $REGValueName
|
||||||
$RegistryItem = Get-ItemProperty -Path $REGKeyPath
|
|
||||||
if ($RegistryItem.PSObject.Properties.Name -contains $REGValueName) {
|
|
||||||
Set-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1
|
|
||||||
} else {
|
|
||||||
New-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 -PropertyType DWord
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
New-Item -Path $REGKeyPath -Force
|
|
||||||
New-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 -PropertyType DWord
|
|
||||||
}
|
|
||||||
|
|
||||||
# Restrict access to Command Prompt
|
# Restrict access to Command Prompt
|
||||||
$CMDKeyPath = "$UserHKUPath\Software\Policies\Microsoft\Windows\System"
|
$CMDKeyPath = "$UserHKUPath\Software\Policies\Microsoft\Windows\System"
|
||||||
$CMDValueName = "DisableCMD"
|
$CMDValueName = "DisableCMD"
|
||||||
if (Test-Path -Path $CMDKeyPath) {
|
SetRegistry -regpath $CMDKeyPath -regproperty $CMDValueName
|
||||||
$RegistryItem = Get-ItemProperty -Path $CMDKeyPath
|
|
||||||
if ($RegistryItem.PSObject.Properties.Name -contains $CMDValueName) {
|
|
||||||
Set-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1
|
|
||||||
} else {
|
|
||||||
New-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 -PropertyType DWord
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
New-Item -Path $CMDKeyPath -Force
|
|
||||||
New-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 -PropertyType DWord
|
|
||||||
}
|
|
||||||
|
|
||||||
# Add entries to DisallowRun for cmd.exe and powershell.exe
|
# Add entries to DisallowRun for cmd.exe and powershell.exe
|
||||||
$DisallowRunKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"
|
$DisallowRunKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
|
||||||
|
$DisallowRunValueName = "DisallowRun"
|
||||||
|
SetRegistry -regpath $DisallowRunKeyPath -regproperty $DisallowRunValueName
|
||||||
|
Write-Host (Get-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun")
|
||||||
|
|
||||||
if ((Test-Path -Path $DisallowRunKeyPath) -and (Get-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun").DisallowRun -eq 1) {
|
$applications = @("cmd.exe", "powershell.exe", "powershell_ise.exe")
|
||||||
Write-Host "DisallowRun is already set to 1. Skipping the modification."
|
foreach ($valueName in $applications) {
|
||||||
} else {
|
$nameExists = $DisallowRunKeyPath.PSObject.Properties.Name -contains $valueName
|
||||||
if (Test-Path -Path $DisallowRunKeyPath) {
|
$valueExists = $DisallowRunKeyPath.PSObject.Properties.Value -contains $valueName
|
||||||
Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1
|
if (!$valueExists && !$nameExists) {
|
||||||
} else {
|
New-ItemProperty -Path $DisallowRunKeyPath -Name $valueName -Value $valueName -PropertyType String
|
||||||
New-Item -Path $DisallowRunKeyPath -Force
|
|
||||||
Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1
|
|
||||||
}
|
|
||||||
|
|
||||||
$applications = @("cmd.exe", "powershell.exe", "powershell_ise.exe")
|
|
||||||
foreach ($valueName in $applications) {
|
|
||||||
$valueExists = $DisallowRunKeyPath.PSObject.Properties.Name -contains $valueName
|
|
||||||
if (!$valueExists) {
|
|
||||||
New-ItemProperty -Path $DisallowRunKeyPath -Name $valueName -Value $valueName -PropertyType String
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user