protected override void DoExecute(IScriptExecutionEnvironment environment)
{
using (RegistryKey key = rootKey.OpenSubKey(registryKeyPath, true))
{
if (key == null)
{
throw new RunnerFailedException(
String.Format(
System.Globalization.CultureInfo.InvariantCulture,
"Registry key '{0}' does not exist.",
registryKeyPath));
}
RegistrySecurity security = key.GetAccessControl(AccessControlSections.Access);
AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(NTAccount));
RegistryAccessRule accessRule = new RegistryAccessRule(
identity,
registryRights,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
accessControlType);
security.SetAccessRule(accessRule);
key.SetAccessControl(security);
}
}
static void Main(string[] args)
{
// Reload Registry Hive Trick
CommonUtilities.ExecuteCommand("REG SAVE HKLM\\SYSTEM " + CommonUtilities.EscapePath(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv"), true);
CommonUtilities.ExecuteCommand("REG RESTORE HKLM\\SYSTEM " + CommonUtilities.EscapePath(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv"), true);
CommonUtilities.FileDelete(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv");
// Rename and Delete WPA Key
using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SYSTEM", true))
{
if (key != null)
{
// TODO : Powershell Bundled Vista+ ???
CommonUtilities.ExecuteCommand(@"POWERSHELL -command rename-item HKLM:\SYSTEM\WPA -NewName WPA_Delete", true);
key.DeleteSubKeyTree("WPA_DELETE");
key.CreateSubKey("WPA");
// Create Default Values
CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_BINARY /ve /d 20c0c44b5d68c7085f442818128270ea642e5b5dba2d8885a7831a85c3d1ece262b36911a0d5bdb5e55106656d12578af73f942ffe1562ba665b18ce8969bbf74ff8ceacf3c424de22cf36560c8633b92173d5f38abbe0fbe3f408ca314725a94d599a4587daea29aa207b5cefbfcf2361b7a9beeaacc754513fdce82c16828d", true);
CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_BINARY /v Time /d e318ad15241c695f751c6b19fe1ba41cebfb91bf29367de3146d79a76ace067c", true);
CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_DWORD /v Type /d 2111353691", true);
CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-1 /t REG_BINARY /ve /d 6979d03b99a73c736882ceadf1a96320c15405927dc0b721f83cad674fb340496d75f608189d84dcd18fdaff8ea3866a3f37edc3d1eb5c0647e97bb7bea79f5dd05a66062fabb480d137cd3623563962e200b1bd42531cc3e6e4c1ffff693a208e9937f7a4d48b7463e68faf0df08811", true);
CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-2 /t REG_BINARY /ve /d 79e3ad3e68302e43bc97f4aceb98f3e328155f42df9684935abbc4f3c1652637a70f81fdf5f469d8586bf1d1a8ff96af9ead400b1c9d5621f4b4c57ad44fc2b129ca20a19a64bcfc481c52738b876b64", true);
CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-3 /t REG_BINARY /ve /d 65a7778c965816a2df869e044edf4671f2ac716502d74d5b30c531c1469dc758dc25c2b480393d6fb7336d3d915668a7f05ff3847468228168833bed8947b4bc", true);
}
}
// Set WPA Key Permissions
using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SYSTEM\\WPA", true))
{
if (key != null)
{
RegistrySecurity acl = new RegistrySecurity();
acl.SetAccessRuleProtection(true, false);
acl.SetAccessRule(new RegistryAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
key.SetAccessControl(acl);
}
}
}
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that denies the current user the right
// to set the name/value pairs in a key. This rule
// has no inheritance or propagation flags, so it
// affects only the key itself.
rule = new RegistryAccessRule(user,
RegistryRights.SetValue,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create a rule that allows the current user
// only read access to a key, with no inheritance
// or propagation flags. SetAccessRule removes
// all the existing rules that allow access for
// the current user, replacing them with this
// rule. Rules that deny access do not match,
// and so are not affected.
rule = new RegistryAccessRule(user,
RegistryRights.ReadKey,
AccessControlType.Allow);
mSec.SetAccessRule(rule);
// Display the rules in the security object.
// removed.
ShowSecurity(mSec);
}
protected override void ProcessRecord()
{
if (Inherit != Item.NONE || !string.IsNullOrEmpty(Access))
{
using (RegistryKey regKey = RegistryControl.GetRegistryKey(Path, true, true))
{
RegistrySecurity security = regKey.GetAccessControl();
// 上位からのアクセス権継承の設定変更
switch (Inherit)
{
case Item.ENABLE:
TestGenerator.RegistryInherit(Path, true);
security.SetAccessRuleProtection(false, false);
break;
case Item.DISABLE:
TestGenerator.RegistryInherit(Path, false);
security.SetAccessRuleProtection(true, true);
break;
case Item.REMOVE:
TestGenerator.RegistryInherit(Path, false);
security.SetAccessRuleProtection(true, false);
break;
}
// Access文字列からのアクセス権設定
if (!string.IsNullOrEmpty(Access))
{
foreach (string ruleString in
Access.Contains("/") ? Access.Split('/') : new string[1] {
Access
})
{
// テスト自動生成
TestGenerator.RegistryAccess(Path, ruleString, true);
security.SetAccessRule(RegistryControl.StringToAccessRule(ruleString));
}
}
/*
* foreach (RegistryAccessRule accessRule in RegistryControl.StringToAccess(Access))
* {
* security.SetAccessRule(accessRule);
* }
*/
regKey.SetAccessControl(security);
}
}
// 所有者変更
if (Owner != null)
{
// テスト自動生成
TestGenerator.RegistryOwner(Path, Owner);
// 埋め込みのsubinacl.exeを展開
string tempDir = System.IO.Path.Combine(
Environment.ExpandEnvironmentVariables("%TEMP%"),
"PowerReg");
string subinacl = System.IO.Path.Combine(tempDir, "subinacl.exe");
if (!File.Exists(subinacl))
{
EmbeddedResource.Expand(tempDir);
}
// 管理者実行確認
Message.CheckAdmin();
using (Process proc = new Process())
{
proc.StartInfo.FileName = subinacl;
proc.StartInfo.Arguments = $"/subkeyreg \"{Path}\" /owner=\"{Owner}\"";
proc.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
proc.Start();
proc.WaitForExit();
}
}
// レジストリ値の設定
if (Name != null)
{
// テスト自動生成
TestGenerator.RegistryName(Path, Name);
TestGenerator.RegistryType(Path, Name, Type);
TestGenerator.RegistryValue(Path, Name, Value);
switch (Type)
{
case Item.REG_SZ:
Registry.SetValue(Path, Name, Value, RegistryValueKind.String);
break;
case Item.REG_BINARY:
Registry.SetValue(Path, Name, RegistryControl.RegBinaryStringToBytes(Value), RegistryValueKind.Binary);
break;
case Item.REG_DWORD:
Registry.SetValue(Path, Name, int.Parse(Value), RegistryValueKind.DWord);
break;
case Item.REG_QWORD:
Registry.SetValue(Path, Name, long.Parse(Value), RegistryValueKind.QWord);
break;
case Item.REG_MULTI_SZ:
Registry.SetValue(Path, Name, Regex.Split(Value, "\\\\0"), RegistryValueKind.MultiString);
break;
case Item.REG_EXPAND_SZ:
Registry.SetValue(Path, Name, Value, RegistryValueKind.ExpandString);
break;
case Item.REG_NONE:
Registry.SetValue(Path, Name, new byte[2] {
0, 0
}, RegistryValueKind.None);
break;
}
}
}
protected override void ProcessRecord()
{
bool isChange = false;
using (RegistryKey regKey = RegistryControl.GetRegistryKey(Path, false, true))
{
if (regKey == null)
{
return;
}
RegistrySecurity security = regKey.GetAccessControl();
// アクセス権設定
if (!string.IsNullOrEmpty(Account))
{
RegistryAccessRule rule = new RegistryAccessRule(
new NTAccount(Account),
(RegistryRights)Enum.Parse(typeof(RegistryRights), _Rights),
Recursive ?
InheritanceFlags.ContainerInherit :
InheritanceFlags.None,
PropagationFlags.None,
(AccessControlType)Enum.Parse(typeof(AccessControlType), AccessControl));
// テスト自動生成
TestGenerator.RegistryAccess(Path, RegistryControl.AccessRuleToString(rule), true);
security.SetAccessRule(rule);
isChange = true;
}
// Access文字列からの設定
if (!string.IsNullOrEmpty(Access))
{
/*
* foreach (RegistryAccessRule accessRule in RegistryControl.StringToAccess(Access))
* {
* security.SetAccessRule(accessRule);
* isChange = true;
* }
*/
foreach (string ruleString in
Access.Contains("/") ? Access.Split('/') : new string[1] {
Access
})
{
// テスト自動生成
TestGenerator.RegistryAccess(Path, ruleString, true);
security.SetAccessRule(RegistryControl.StringToAccessRule(ruleString));
isChange = true;
}
}
// 上位からのアクセス権継承の設定変更
switch (Inherit)
{
case Item.ENABLE:
TestGenerator.RegistryInherit(Path, true);
security.SetAccessRuleProtection(false, false);
isChange = true;
break;
case Item.DISABLE:
TestGenerator.RegistryInherit(Path, false);
security.SetAccessRuleProtection(true, true);
isChange = true;
break;
case Item.REMOVE:
TestGenerator.RegistryInherit(Path, false);
security.SetAccessRuleProtection(true, false);
isChange = true;
break;
}
if (isChange)
{
regKey.SetAccessControl(security);
}
}
WriteObject(new RegistryKeyInfo(Path, true));
}
