问题描述
详细信息:
Windows 10版本1909 在C:\ Users \ AppData \ Local \ Programs \ Microsoft VS Code \
中安装了VS Code尝试打开VS Code失败,尝试运行安装程序说它无法覆盖code.exe
安全性说它无法显示当前所有者,并且单击“继续”使我收到消息“您无权查看或编辑该对象的权限设置。”
但是Powershell显示我是唯一拥有用户和访问权限的人(并且我的帐户是本地管理员):
尝试通过Powershell删除似乎给出了RemoveFileSSystemItemIOError:
任何想法或协助将不胜感激。
谢谢!
解决方法
假设我是本地管理员组的成员,我将保留此功能来解决对遇到的文件或文件夹的访问问题。
代码:
Function PWN-Item{
[CmdletBinding()]
Param(
[Parameter(ValueFromPipeline=$True)]
$Path
)
Begin{
If(!$Script:PWNInit){
#P/Invoke'd C# code to enable required privileges to take ownership and make changes when NTFS permissions are lacking
$AdjustTokenPrivileges = @"
using System;
using System.Runtime.InteropServices;
public class TokenManipulator
{
[DllImport("advapi32.dll",ExactSpelling = true,SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok,bool disall,ref TokPriv1Luid newst,int len,IntPtr prev,IntPtr relen);
[DllImport("kernel32.dll",ExactSpelling = true)]
internal static extern IntPtr GetCurrentProcess();
[DllImport("advapi32.dll",SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr h,int acc,ref IntPtr
phtok);
[DllImport("advapi32.dll",SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host,string name,ref long pluid);
[StructLayout(LayoutKind.Sequential,Pack = 1)]
internal struct TokPriv1Luid
{
public int Count;
public long Luid;
public int Attr;
}
internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public static bool AddPrivilege(string privilege)
{
try
{
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = GetCurrentProcess();
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc,TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_ENABLED;
retVal = LookupPrivilegeValue(null,privilege,ref tp.Luid);
retVal = AdjustTokenPrivileges(htok,false,ref tp,IntPtr.Zero,IntPtr.Zero);
return retVal;
}
catch (Exception ex)
{
throw ex;
}
}
public static bool RemovePrivilege(string privilege)
{
try
{
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = GetCurrentProcess();
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc,ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_DISABLED;
retVal = LookupPrivilegeValue(null,IntPtr.Zero);
return retVal;
}
catch (Exception ex)
{
throw ex;
}
}
}
"@
add-type $AdjustTokenPrivileges
#Activate necessary admin privileges to make changes without NTFS perms
[void][TokenManipulator]::AddPrivilege("SeRestorePrivilege") #Necessary to set Owner Permissions
[void][TokenManipulator]::AddPrivilege("SeBackupPrivilege") #Necessary to bypass Traverse Checking
[void][TokenManipulator]::AddPrivilege("SeTakeOwnershipPrivilege") #Necessary to override FilePermissions
$Script:PWNInit = $True
}
#Obtain a copy of the initial ACL
#$FSOACL = Get-ACL $FSO - gives error when run against a folder with no admin perms or ownership
}
Process{
ForEach($Item in $Path){
$FSO = Get-Item $Item
#Create a new ACL object for the sole purpose of defining a new owner,and apply that update to the existing folder's ACL
$NewOwnerACL = If($FSO -is [System.IO.DirectoryInfo]){New-Object System.Security.AccessControl.DirectorySecurity}else{New-Object System.Security.AccessControl.FileSecurity}
#Establish the folder as owned by BUILTIN\Administrators,guaranteeing the following ACL changes can be applied
$Admin = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators")
$NewOwnerACL.SetOwner($Admin)
#Merge the proposed changes (new owner) into the file/folder's actual ACL
$FSO.SetAccessControl($NewOwnerACL)
#Add full control for administrators
$Rights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$InheritanceFlag = If($FSO -is [System.IO.DirectoryInfo]){[System.Security.AccessControl.InheritanceFlags]"ObjectInherit,ContainerInherit"}else{[System.Security.AccessControl.InheritanceFlags]::None}
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($Admin,$Rights,$InheritanceFlag,$PropagationFlag,$objType)
#Get fresh copy of ACL
$objACL = Get-Acl $FSO.FullName
#Clear any DENY rules for the local admin group
$objACL.Access|?{$_.IdentityReference -eq $admin -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Deny}|%{$objACL.RemoveAccessRule($_)}
#Add Full Control here
$objACL.AddAccessRule($objACE)
#Set updated ACL
Set-Acl $FSO.FullName $objACL
}
}
}
是的,函数名称很俗气,但除此之外,它确实很好用。它运行一些C#代码来设置[TokenManipulator]类(我在网上捡到的代码,但是忘记记录从哪里来。如果是您的代码,请给我发送源代码链接,以便我功劳!) 。这使我们能够拥有所有权。然后,一旦我们成为文件的所有者,就确保本地Administrators组具有完全访问权限,并且本地Administrators组没有拒绝规则。除此之外,您还可以对运行它的文件或文件夹进行任何操作。
用法:运行下面的代码将脚本加载到您的会话中。然后,您可以像这样通过管道将字符串输入其中:
Get-ChildItem C:\Temp |Select -Expand FullName | PWN-Item
或者您可以对一个字符串或字符串数组正常运行它:
PWN-Item 'C:\Temp','C:\Temp\MyFile.exe'