protected override void DoExecute(IScriptExecutionEnvironment environment) { using (RegistryKey key = rootKey.OpenSubKey(registryKeyPath, true)) { if (key == null) { throw new RunnerFailedException( String.Format( System.Globalization.CultureInfo.InvariantCulture, "Registry key '{0}' does not exist.", registryKeyPath)); } RegistrySecurity security = key.GetAccessControl(AccessControlSections.Access); AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(NTAccount)); RegistryAccessRule accessRule = new RegistryAccessRule( identity, registryRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, accessControlType); security.SetAccessRule(accessRule); key.SetAccessControl(security); } }
static void Main(string[] args) { // Reload Registry Hive Trick CommonUtilities.ExecuteCommand("REG SAVE HKLM\\SYSTEM " + CommonUtilities.EscapePath(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv"), true); CommonUtilities.ExecuteCommand("REG RESTORE HKLM\\SYSTEM " + CommonUtilities.EscapePath(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv"), true); CommonUtilities.FileDelete(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv"); // Rename and Delete WPA Key using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SYSTEM", true)) { if (key != null) { // TODO : Powershell Bundled Vista+ ??? CommonUtilities.ExecuteCommand(@"POWERSHELL -command rename-item HKLM:\SYSTEM\WPA -NewName WPA_Delete", true); key.DeleteSubKeyTree("WPA_DELETE"); key.CreateSubKey("WPA"); // Create Default Values CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_BINARY /ve /d 20c0c44b5d68c7085f442818128270ea642e5b5dba2d8885a7831a85c3d1ece262b36911a0d5bdb5e55106656d12578af73f942ffe1562ba665b18ce8969bbf74ff8ceacf3c424de22cf36560c8633b92173d5f38abbe0fbe3f408ca314725a94d599a4587daea29aa207b5cefbfcf2361b7a9beeaacc754513fdce82c16828d", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_BINARY /v Time /d e318ad15241c695f751c6b19fe1ba41cebfb91bf29367de3146d79a76ace067c", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_DWORD /v Type /d 2111353691", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-1 /t REG_BINARY /ve /d 6979d03b99a73c736882ceadf1a96320c15405927dc0b721f83cad674fb340496d75f608189d84dcd18fdaff8ea3866a3f37edc3d1eb5c0647e97bb7bea79f5dd05a66062fabb480d137cd3623563962e200b1bd42531cc3e6e4c1ffff693a208e9937f7a4d48b7463e68faf0df08811", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-2 /t REG_BINARY /ve /d 79e3ad3e68302e43bc97f4aceb98f3e328155f42df9684935abbc4f3c1652637a70f81fdf5f469d8586bf1d1a8ff96af9ead400b1c9d5621f4b4c57ad44fc2b129ca20a19a64bcfc481c52738b876b64", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-3 /t REG_BINARY /ve /d 65a7778c965816a2df869e044edf4671f2ac716502d74d5b30c531c1469dc758dc25c2b480393d6fb7336d3d915668a7f05ff3847468228168833bed8947b4bc", true); } } // Set WPA Key Permissions using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SYSTEM\\WPA", true)) { if (key != null) { RegistrySecurity acl = new RegistrySecurity(); acl.SetAccessRuleProtection(true, false); acl.SetAccessRule(new RegistryAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow)); key.SetAccessControl(acl); } } }
public static void Main() { string user = Environment.UserDomainName + "\\" + Environment.UserName; // Create a security object that grants no access. RegistrySecurity mSec = new RegistrySecurity(); // Add a rule that grants the current user the right // to read and enumerate the name/value pairs in a key, // to read its access and audit rules, to enumerate // its subkeys, to create subkeys, and to delete the key. // The rule is inherited by all contained subkeys. // RegistryAccessRule rule = new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.WriteKey | RegistryRights.Delete, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); mSec.AddAccessRule(rule); // Add a rule that allows the current user the right // right to set the name/value pairs in a key. // This rule is inherited by contained subkeys, but // propagation flags limit it to immediate child // subkeys. rule = new RegistryAccessRule(user, RegistryRights.ChangePermissions, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit, AccessControlType.Allow); mSec.AddAccessRule(rule); // Add a rule that denies the current user the right // to set the name/value pairs in a key. This rule // has no inheritance or propagation flags, so it // affects only the key itself. rule = new RegistryAccessRule(user, RegistryRights.SetValue, AccessControlType.Deny); mSec.AddAccessRule(rule); // Display the rules in the security object. ShowSecurity(mSec); // Create a rule that allows the current user // only read access to a key, with no inheritance // or propagation flags. SetAccessRule removes // all the existing rules that allow access for // the current user, replacing them with this // rule. Rules that deny access do not match, // and so are not affected. rule = new RegistryAccessRule(user, RegistryRights.ReadKey, AccessControlType.Allow); mSec.SetAccessRule(rule); // Display the rules in the security object. // removed. ShowSecurity(mSec); }
protected override void ProcessRecord() { if (Inherit != Item.NONE || !string.IsNullOrEmpty(Access)) { using (RegistryKey regKey = RegistryControl.GetRegistryKey(Path, true, true)) { RegistrySecurity security = regKey.GetAccessControl(); // 上位からのアクセス権継承の設定変更 switch (Inherit) { case Item.ENABLE: TestGenerator.RegistryInherit(Path, true); security.SetAccessRuleProtection(false, false); break; case Item.DISABLE: TestGenerator.RegistryInherit(Path, false); security.SetAccessRuleProtection(true, true); break; case Item.REMOVE: TestGenerator.RegistryInherit(Path, false); security.SetAccessRuleProtection(true, false); break; } // Access文字列からのアクセス権設定 if (!string.IsNullOrEmpty(Access)) { foreach (string ruleString in Access.Contains("/") ? Access.Split('/') : new string[1] { Access }) { // テスト自動生成 TestGenerator.RegistryAccess(Path, ruleString, true); security.SetAccessRule(RegistryControl.StringToAccessRule(ruleString)); } } /* * foreach (RegistryAccessRule accessRule in RegistryControl.StringToAccess(Access)) * { * security.SetAccessRule(accessRule); * } */ regKey.SetAccessControl(security); } } // 所有者変更 if (Owner != null) { // テスト自動生成 TestGenerator.RegistryOwner(Path, Owner); // 埋め込みのsubinacl.exeを展開 string tempDir = System.IO.Path.Combine( Environment.ExpandEnvironmentVariables("%TEMP%"), "PowerReg"); string subinacl = System.IO.Path.Combine(tempDir, "subinacl.exe"); if (!File.Exists(subinacl)) { EmbeddedResource.Expand(tempDir); } // 管理者実行確認 Message.CheckAdmin(); using (Process proc = new Process()) { proc.StartInfo.FileName = subinacl; proc.StartInfo.Arguments = $"/subkeyreg \"{Path}\" /owner=\"{Owner}\""; proc.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; proc.Start(); proc.WaitForExit(); } } // レジストリ値の設定 if (Name != null) { // テスト自動生成 TestGenerator.RegistryName(Path, Name); TestGenerator.RegistryType(Path, Name, Type); TestGenerator.RegistryValue(Path, Name, Value); switch (Type) { case Item.REG_SZ: Registry.SetValue(Path, Name, Value, RegistryValueKind.String); break; case Item.REG_BINARY: Registry.SetValue(Path, Name, RegistryControl.RegBinaryStringToBytes(Value), RegistryValueKind.Binary); break; case Item.REG_DWORD: Registry.SetValue(Path, Name, int.Parse(Value), RegistryValueKind.DWord); break; case Item.REG_QWORD: Registry.SetValue(Path, Name, long.Parse(Value), RegistryValueKind.QWord); break; case Item.REG_MULTI_SZ: Registry.SetValue(Path, Name, Regex.Split(Value, "\\\\0"), RegistryValueKind.MultiString); break; case Item.REG_EXPAND_SZ: Registry.SetValue(Path, Name, Value, RegistryValueKind.ExpandString); break; case Item.REG_NONE: Registry.SetValue(Path, Name, new byte[2] { 0, 0 }, RegistryValueKind.None); break; } } }
protected override void ProcessRecord() { bool isChange = false; using (RegistryKey regKey = RegistryControl.GetRegistryKey(Path, false, true)) { if (regKey == null) { return; } RegistrySecurity security = regKey.GetAccessControl(); // アクセス権設定 if (!string.IsNullOrEmpty(Account)) { RegistryAccessRule rule = new RegistryAccessRule( new NTAccount(Account), (RegistryRights)Enum.Parse(typeof(RegistryRights), _Rights), Recursive ? InheritanceFlags.ContainerInherit : InheritanceFlags.None, PropagationFlags.None, (AccessControlType)Enum.Parse(typeof(AccessControlType), AccessControl)); // テスト自動生成 TestGenerator.RegistryAccess(Path, RegistryControl.AccessRuleToString(rule), true); security.SetAccessRule(rule); isChange = true; } // Access文字列からの設定 if (!string.IsNullOrEmpty(Access)) { /* * foreach (RegistryAccessRule accessRule in RegistryControl.StringToAccess(Access)) * { * security.SetAccessRule(accessRule); * isChange = true; * } */ foreach (string ruleString in Access.Contains("/") ? Access.Split('/') : new string[1] { Access }) { // テスト自動生成 TestGenerator.RegistryAccess(Path, ruleString, true); security.SetAccessRule(RegistryControl.StringToAccessRule(ruleString)); isChange = true; } } // 上位からのアクセス権継承の設定変更 switch (Inherit) { case Item.ENABLE: TestGenerator.RegistryInherit(Path, true); security.SetAccessRuleProtection(false, false); isChange = true; break; case Item.DISABLE: TestGenerator.RegistryInherit(Path, false); security.SetAccessRuleProtection(true, true); isChange = true; break; case Item.REMOVE: TestGenerator.RegistryInherit(Path, false); security.SetAccessRuleProtection(true, false); isChange = true; break; } if (isChange) { regKey.SetAccessControl(security); } } WriteObject(new RegistryKeyInfo(Path, true)); }