á£ááá á áááááááá á¬áááá, á£ááááá á¡áá¢áá¢ášá áá®áá á¡ áá£ááá 10 á¡ááá£ášáá á¡áááá£á á¡, á áááááá᪠áá£ášááááá Microsoft Windows 8.1-áá. á«áá áááááá, áá®áá ááááá á ááááªááá¡ á¡áá¡á¬áááá áá ááªáá¡áá¡áááá¡ á¡áááá á áá ááá ááá£áá á£áá á£ááááá§áá€áá¡ ááá¡á¢ááááªááá¡ áá á¡ááá áá ášáá¡á á£ááááá¡ á£áá á£ááááá§áá€áá¡.
áááááá£á á¡áááá£á á¡ á°á§ááá¡ 2 áááá®ááá ááááá: ááááááá¡á¢á áá¢áá á áá á¡á¢á£áááá¢á. ááááááá¡á¢á áá¢áá á¡ áá¥áá¡ á¡á á£áá áááá¢á ááá, á¡á¢á£áááá¢á¡ áá áá¥áá¡ áá ááá ááá£áá á£áá á£ááááá§áá€áá¡ ááá¡á¢ááááªááá¡ ášáá¡áá«ááááááá. áááá¡ááááá¡, á áá áá ášáááá¬á£á®áá á¡á¢á£áááá¢á£á á áááá®ááá ááááá¡ ááá¡á£á€áááááá, áá¡ ááááá áášá á£áá áááá áááááááá á¬ááášáááá áá á®áááá®áá áá¥ááááá. áá¡ áá£ááá¡á®áááá¡ áááááá á á€ááááá£á ááá«á ááááá¡, á ááááá᪠á£ááá ášáá¡á á£áááá¡ áááááá£á á¡áááá£á áá.
á¬ááá¡ áááááá¬á§ááá¢á ááá«á ááááááá¡ á£ááá¢áá¡áááá¡ ááá¢áááá¢ááááªáá PowerShell-áá¡ ááááá§áááááá ActiveDirectory-áá¡ ááá áášá áá áá ááá¡á¢ášá ášááááá ááá á áááááááá á ááªááá¢á, á áááááá᪠ááá¢áá ááá¢ášá áááááá.
á¡áá¡á¬áááá
ááášáááá ášááá®ááá áá á€áá¥á¢á¡, á áá PS 4 áá§á ááááá¡á¢áááá ááá£áá á¡áááá£á áááá áá á§ááááá¡ááááªáááá ááá¢áá ááá¢áááá á áááááááá áááááááá áá áá£ášááááá. áááá¢áá, áááŠááá£áá á¡áá ááá¢áááá¡ ááášááááááá, áá¥ááá á£ááá ášááá¡á á£ááá á áááááááá ááá¥áááááá:
- ááá¡á¢ááááªáá
Windows ááá áááá¡ á©áá á©á 5.1 - áááááá¡á¢áááá áá á£áá®ááá¡á ááá á¡áá
PowerShell
ááá¢áááá¢á£á á ááá¥áááááááá
- áááá®ááá ááááá¡ ááááá áášáá¡ á¬áášáá/ášáá¥ááá
- ááá¢áááá¢á£á á ášáá¡ááá áááááááá£áá áááá®ááá ááááá¡áááá¡
- ááá£ášááá á¡áá ááá¢á, á áááá¡á᪠áááá®ááá ááááá ááá ááááá ášáááá¡ á¡áá¡á¢áááášá
áááá®ááá ááááá¡ ááááá áášáá¡ á¬áášáá/ášáá¥ááá
ááááá¬á§á ášáááá¥ááááááá. áá ášáááá®ááááášá, áá¥ááá á£ááá ášááá¡á á£ááá 2 ááááá¯á: ášáá¥ááááá áááá®ááá ááááá (
Function New-User {
<#
.SYNOPSIS
СПзЎаМОе МПвПгП пПлÑзПваÑелÑ
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ ÑÐŸÐ·ÐŽÐ°ÐµÑ ÐœÐŸÐ²ÐŸÐ³ÐŸ пПлÑзПваÑÐµÐ»Ñ Ðž ЎПбавлÑÐµÑ ÐµÐ³ÐŸ в гÑÑÐ¿Ð¿Ñ ÐПлÑзПваÑелО
.EXAMPLE
#New-User "Student" "Student"
.PARAMETER Name
ÐÐŒÑ ÐœÐŸÐ²ÐŸÐ³ÐŸ пПлÑзПваÑÐµÐ»Ñ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER Password
ÐаÑÐŸÐ»Ñ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
#>
[CmdletBinding()]
param (
[PARAMETER(Mandatory=$True)][String]$Name,
[PARAMETER(Mandatory=$True)][String]$Password
)
$Pwd = convertto-securestring $Password -asplaintext -force
$GroupSID = "S-1-5-32-545"
New-LocalUser -User $Name -AccountNeverExpires:$true -FullName $Name -Password $Pwd -PasswordNeverExpires:$true
Add-LocalGroupMember -SID $GroupSID -Member $Name
Write-Host "-- СПзЎаМ пПлÑзПваÑÐµÐ»Ñ $Name Ñ Ð¿Ð°ÑПлеЌ $Password" -foregroundcolor Green
}
á¯áá£á€á¡ ááááááá¢áá SID-áá, á ááááá áá á-áá á á¡á¢áá¢ááášá ááŠááááá©ááá, á áá áááá®ááá ááááááá¡ á¯áá£á€áá¡ SID á§áááááá áá ááááá áá - S-1-5-32-545.
á¬áášáá áá§á áá áááááááá£áá ášáááááá áá áááªáááá: á¬áášáááá á§áááá ááááá áášá, á ááááá᪠ášááá¥ááá ááááááá¡á¢á áá¢áá áá¡ áááá . áááá¡áááá¡ Win32_UserProfile áááá¡áá¡ WMI ááááá¥á¢áá¡ ááááá§áááááá ááááá¡áááŠáá áá á§áááá áááá®ááá ááááá¡, á ááááá᪠ááááááá áá áá áá¡ áá¥á¢áá£á á áá áá áá áá¡ áááá¡ááá£áá ááá£áá.
Function Remove-Users {
<#
.SYNOPSIS
УЎалеМОе пПлÑзПваÑелей
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ ÑЎалÑÐµÑ Ð¿ÐŸÐ»ÑзПваÑелей, кПÑПÑÑе ÑейÑÐ°Ñ ÐœÐµ акÑÐžÐ²ÐœÑ Ðž Ме ÑвлÑÑÑÑÑ ÑпеÑОалÑÐœÑЌО
УЎалÑÑÑÑÑ Ð² ÑПЌ ÑОÑле ÑабПÑОй каÑалПг О ÑееÑÑÑ Ð¿ÐŸÐ»ÑзПваÑелей
.EXAMPLE
#Remove-Users
#>
[CmdletBinding()]
$UsersProfiles = Get-WMIObject -class Win32_UserProfile -ComputerName $env:COMPUTERNAME | Where {!($_.Loaded) -and !($_.Special)}
foreach($Usr in $UsersProfiles) {
$UsrName = $Usr.LocalPath.Split("")[2]
Write-Host "-- УЎалеМОе пПлÑзПваÑÐµÐ»Ñ $UsrName ..." -foregroundcolor Green
Remove-LocalUser -Name $UsrName
Remove-WmiObject -Path $Usr.__PATH
Write-Host "-- ÐПлÑзПваÑÐµÐ»Ñ $UsrName ÑЎалеМ" -foregroundcolor Green
}
}
áááááááá£áá áááá®ááá ááááá¡ ááá¢ááááááá (ááá¢ááááááá).
áᥠá§ááááá€áá á ášááááá€áá ááááááá HKEY_LOCAL_MACHINE á ááá¡á¢á áá¡ ášááªáááá. áá¡ ááá¥áááááááá áá¡ááá áááá áááááá ááªáá á á€á£áá¥áªááášá:
Function Set-AutoLogon {
<#
.SYNOPSIS
ÐклÑÑеМОе авÑПвÑ
ПЎа ÐŽÐ»Ñ Ð¿ÐŸÐ»ÑзПваÑелÑ
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ Ð²ÐºÐ»ÑÑÐ°ÐµÑ Ð°Ð²ÑПвÑ
ПЎ ÐŽÐ»Ñ ÑказаММПгП пПлÑзПваÑелÑ
.EXAMPLE
#Set-AutoLogon "Student" "Student"
.PARAMETER Name
ÐÐŒÑ Ð¿ÐŸÐ»ÑзПваÑÐµÐ»Ñ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER Password
ÐаÑÐŸÐ»Ñ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
#>
[CmdletBinding()]
param (
[PARAMETER(Mandatory=$True)][String]$Name,
[PARAMETER(Mandatory=$True)][String]$Password
)
$PathToWinlogon = "HKLM:SoftwareMicrosoftWindows NTCurrentVersionWinlogon"
New-ItemProperty -Path $PathToWinlogon -Name AutoAdminLogon -Value 1 -PropertyType "String"
New-ItemProperty -Path $PathToWinlogon -Name DefaultUserName -Value $Name -PropertyType "String"
New-ItemProperty -Path $PathToWinlogon -Name DefaultPassword -Value $Password -PropertyType "String"
}
ááá£ášááá á¡áá ááá¢á, á áááá¡á᪠áááá®ááá ááááá ááá ááááá ášáááá¡ á¡áá¡á¢áááášá
ááŠááá©ááá, á áá á§ááááá€á áá¡ áááá€ááá£á ááªáá áá ášááá«áááá áá®ááá áááá®ááá ááááá¡ ááá ááá ášáá¡áááááá (á á᪠ááá áááá£áá¬áááá ááá¡ááááá á áá§á á©áááááá¡). áá¥áááá áááááááááá á, á¡áááá á áá§á á¡áá ááá¢áá¡ ááášáááá, á ááááá᪠áá¡á á£áááá¡ ááá áááá£á ááá¥áááááááá¡ ááá áááá ášáá¡áááá¡ ášááááá:
- áá áá¥á¡áá¡ ááá§ááááá
- ááá¡áá¢áááá á€ááááááá¡ ášáá¥áááá¡ áá áááááªáá
- áááá®ááá ááááá¡ ááá áááá¡ ááááááá¡ ááá áááá
áá ááªááá á áááááááá áááááá, áááá áá ášááááááá áááááááá£ášááá: ááááá§ááá áááááááá. áááá áá áá ááá ááááá¬á§á áááááááá PS-áá¡ ááááá§áááááá. áá¡á ááááŠá áá á«ááá ááá:
schtasks /create /tn LogonUserSettings /tr "pwsh C:ScriptsSettings.ps1" /sc onlogon /ru $env:USERDOMAIN$UserName /rp $Password /f
áááá áá áá¡ áá áá§á á¡ááááá áá¡á - Windows-áá á¡áá®ááá ášáá¡ááá, á áááá ᪠á¯áá£á€á£á á á¡ááá£ášááá¡ ááášáááá (SeBatchLogonRight). ááá¡á£á®áá¡ á«áááá áááá®áááá, áᣠá áááá á£ááá ááááááááá áá¡, áááááá§áááá¡ áááá¡
LsaWrapper
$Source = @'
using System;
using System.Collections.Generic;
using System.Text;
namespace MyLsaWrapper
{
using System.Runtime.InteropServices;
using System.Security;
using System.Management;
using System.Runtime.CompilerServices;
using System.ComponentModel;
using LSA_HANDLE = IntPtr;
[StructLayout(LayoutKind.Sequential)]
struct LSA_OBJECT_ATTRIBUTES
{
internal int Length;
internal IntPtr RootDirectory;
internal IntPtr ObjectName;
internal int Attributes;
internal IntPtr SecurityDescriptor;
internal IntPtr SecurityQualityOfService;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
struct LSA_UNICODE_STRING
{
internal ushort Length;
internal ushort MaximumLength;
[MarshalAs(UnmanagedType.LPWStr)]
internal string Buffer;
}
sealed class Win32Sec
{
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaOpenPolicy(
LSA_UNICODE_STRING[] SystemName,
ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
int AccessMask,
out IntPtr PolicyHandle
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaAddAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr pSID,
LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern int LsaLookupNames2(
LSA_HANDLE PolicyHandle,
uint Flags,
uint Count,
LSA_UNICODE_STRING[] Names,
ref IntPtr ReferencedDomains,
ref IntPtr Sids
);
[DllImport("advapi32")]
internal static extern int LsaNtStatusToWinError(int NTSTATUS);
[DllImport("advapi32")]
internal static extern int LsaClose(IntPtr PolicyHandle);
[DllImport("advapi32")]
internal static extern int LsaFreeMemory(IntPtr Buffer);
}
/// <summary>
/// This class is used to grant "Log on as a service", "Log on as a batchjob", "Log on localy" etc.
/// to a user.
/// </summary>
public sealed class LsaWrapper : IDisposable
{
[StructLayout(LayoutKind.Sequential)]
struct LSA_TRUST_INFORMATION
{
internal LSA_UNICODE_STRING Name;
internal IntPtr Sid;
}
[StructLayout(LayoutKind.Sequential)]
struct LSA_TRANSLATED_SID2
{
internal SidNameUse Use;
internal IntPtr Sid;
internal int DomainIndex;
uint Flags;
}
[StructLayout(LayoutKind.Sequential)]
struct LSA_REFERENCED_DOMAIN_LIST
{
internal uint Entries;
internal LSA_TRUST_INFORMATION Domains;
}
enum SidNameUse : int
{
User = 1,
Group = 2,
Domain = 3,
Alias = 4,
KnownGroup = 5,
DeletedAccount = 6,
Invalid = 7,
Unknown = 8,
Computer = 9
}
enum Access : int
{
POLICY_READ = 0x20006,
POLICY_ALL_ACCESS = 0x00F0FFF,
POLICY_EXECUTE = 0X20801,
POLICY_WRITE = 0X207F8
}
const uint STATUS_ACCESS_DENIED = 0xc0000022;
const uint STATUS_INSUFFICIENT_RESOURCES = 0xc000009a;
const uint STATUS_NO_MEMORY = 0xc0000017;
IntPtr lsaHandle;
public LsaWrapper()
: this(null)
{ }
// // local system if systemName is null
public LsaWrapper(string systemName)
{
LSA_OBJECT_ATTRIBUTES lsaAttr;
lsaAttr.RootDirectory = IntPtr.Zero;
lsaAttr.ObjectName = IntPtr.Zero;
lsaAttr.Attributes = 0;
lsaAttr.SecurityDescriptor = IntPtr.Zero;
lsaAttr.SecurityQualityOfService = IntPtr.Zero;
lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES));
lsaHandle = IntPtr.Zero;
LSA_UNICODE_STRING[] system = null;
if (systemName != null)
{
system = new LSA_UNICODE_STRING[1];
system[0] = InitLsaString(systemName);
}
uint ret = Win32Sec.LsaOpenPolicy(system, ref lsaAttr,
(int)Access.POLICY_ALL_ACCESS, out lsaHandle);
if (ret == 0)
return;
if (ret == STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
{
throw new OutOfMemoryException();
}
throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
}
public void AddPrivileges(string account, string privilege)
{
IntPtr pSid = GetSIDInformation(account);
LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1];
privileges[0] = InitLsaString(privilege);
uint ret = Win32Sec.LsaAddAccountRights(lsaHandle, pSid, privileges, 1);
if (ret == 0)
return;
if (ret == STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
{
throw new OutOfMemoryException();
}
throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
}
public void Dispose()
{
if (lsaHandle != IntPtr.Zero)
{
Win32Sec.LsaClose(lsaHandle);
lsaHandle = IntPtr.Zero;
}
GC.SuppressFinalize(this);
}
~LsaWrapper()
{
Dispose();
}
// helper functions
IntPtr GetSIDInformation(string account)
{
LSA_UNICODE_STRING[] names = new LSA_UNICODE_STRING[1];
LSA_TRANSLATED_SID2 lts;
IntPtr tsids = IntPtr.Zero;
IntPtr tdom = IntPtr.Zero;
names[0] = InitLsaString(account);
lts.Sid = IntPtr.Zero;
//Console.WriteLine("String account: {0}", names[0].Length);
int ret = Win32Sec.LsaLookupNames2(lsaHandle, 0, 1, names, ref tdom, ref tsids);
if (ret != 0)
throw new Win32Exception(Win32Sec.LsaNtStatusToWinError(ret));
lts = (LSA_TRANSLATED_SID2)Marshal.PtrToStructure(tsids,
typeof(LSA_TRANSLATED_SID2));
Win32Sec.LsaFreeMemory(tsids);
Win32Sec.LsaFreeMemory(tdom);
return lts.Sid;
}
static LSA_UNICODE_STRING InitLsaString(string s)
{
// Unicode strings max. 32KB
if (s.Length > 0x7ffe)
throw new ArgumentException("String too long");
LSA_UNICODE_STRING lus = new LSA_UNICODE_STRING();
lus.Buffer = s;
lus.Length = (ushort)(s.Length * sizeof(char));
lus.MaximumLength = (ushort)(lus.Length + sizeof(char));
return lus;
}
}
public class LsaWrapperCaller
{
public static void AddPrivileges(string account, string privilege)
{
using (LsaWrapper lsaWrapper = new LsaWrapper())
{
lsaWrapper.AddPrivileges(account, privilege);
}
}
}
}
'@
Add-Type -TypeDefinition $Source
[MyLsaWrapper.LsaWrapperCaller]::AddPrivileges($Identity, "SeBatchLogonRight")
ášáá¡áááá¡, á áááá ᪠á¯áá£á€á£á á á¡ááá£ášááá¡ ááášááááá áááááªá ášááááááá ááááá¯áá¡ áááááááá - á¡áá ááá¢áá¡ ááá¬áá á, á ááááá᪠ášáá¡á á£áááá£ááá áááá®ááá ááááá¡ á¥ááááááá.
áá áá¥á¡áá¡ ááá§ááááá
áá áá¥á¡áá¡ ááá§ááááá ááá á¢ááá ááŠááá©ááá.
Function Set-Proxy {
<#
.SYNOPSIS
УÑÑаМПвка паÑаЌеÑÑПв пÑПкÑО
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ Ð·Ð°ÐŽÐ°ÐµÑ Ð¿Ð°ÑаЌеÑÑÑ Ð¿ÑПкÑО ÐŽÐ»Ñ Ð¿ÐŸÐ»ÑзПваÑелÑ
.EXAMPLE
#Set-Proxy a.cproxy.ru 8080
.PARAMETER Server
ÐÐŽÑÐµÑ ÐžÐ»Ðž ЎПЌеММПе ÐžÐŒÑ ÑеÑвеÑа (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER Port
ÐПÑÑ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
#>
[CmdletBinding()]
param (
[PARAMETER(Mandatory=$True)][String]$Server,
[PARAMETER(Mandatory=$True)][Int]$Port
)
If ((Test-NetConnection -ComputerName $Server -Port $Port).TcpTestSucceeded) {
Set-ItemProperty -Path 'HKCU:SoftwareMicrosoftWindowsCurrentVersionInternet Settings' -name ProxyServer -Value "$($Server):$($Port)"
Set-ItemProperty -Path 'HKCU:SoftwareMicrosoftWindowsCurrentVersionInternet Settings' -name ProxyEnable -Value 1
} Else {
Write-Error -Message "-- Invalid proxy server address or port: $($Server):$($Port)"
}
}
ááá¡áá¢áááá á€ááááááá¡ ášáá¥áááá¡ áá áááááªáá
ááá¡áá¢áááá á€ááááááá¡ ášáá¥áááá¡ ááá á«ááááá¡ á£á€á á ááá¢á áá á ááá¡ááá áá, áááá á á¥á¡ááášá. á¡áá¥ááŠáááááá ááááá áááááá¡ ááá§ááááá áá ᪠áá¡á ááá á¢ááá ááŠááá©ááá, á áááá ᪠*nix á¡áá¡á¢ááááá. áááá áá áá¥á᪠áá§á ááá¡á£á®ááá, á áááááá᪠á¬áá ááá¢áááá ááááá áá á©ááá¡ áááá¡:
Function Set-AccessRule {
<#
.SYNOPSIS
УÑÑаМПвка пÑав Ма папкÑ
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ ÑÑÑÐ°ÐœÐ°Ð²Ð»ÐžÐ²Ð°ÐµÑ Ð·Ð°ÐŽÐ°ÐœÐœÑе пÑава Ма ЎОÑекÑПÑОÑ
.EXAMPLE
#Set-AccessRule -Folder $env:USERPROFILEDesktop -UserName $env:USERNAME -Rules CreateFiles,AppendData -AccessControlType Deny
.PARAMETER Folder
ÐОÑекÑПÑОÑ, МаЎ кПÑПÑПй пÑПОзвПЎОÑÑÑ ÐŽÐµÐ¹ÑÑвОе (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER UserName
ÐÐŒÑ ÑÑеÑМПй запОÑО пПлÑзПваÑелÑ, ÐŽÐ»Ñ ÐºÐŸÐ³ÐŸ заЎаÑÑÑÑ Ð¿Ñава ЎПÑÑÑпа (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER Rules
ÐÑава ЎПÑÑÑпа ÑеÑез запÑÑÑÑ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER AccessControlType
ÐбÑзаÑелÑÐœÑй паÑаЌеÑÑ, кПÑПÑÑй ÐŒÐŸÐ¶ÐµÑ Ð¿ÑОМОЌаÑÑ ÐŸÐŽÐœÐŸ Оз ЎвÑÑ
зМаÑеМОй: Allow ОлО Deny
#>
[CmdletBinding()]
param (
[PARAMETER(Mandatory=$True)][Path]$Folder,
[PARAMETER(Mandatory=$True)][String]$UserName,
[PARAMETER(Mandatory=$True)][String]$Rules,
[PARAMETER(Mandatory=$True)][String]$AccessControlType
)
#ÑÑОÑÑваеЌ ÑекÑÑОй ÑпОÑПк ACL ÑабПÑегП ÑÑПла
$acl = Get-Acl $Folder
#СПзЎаеЌ пеÑеЌеММÑÑ Ñ ÐœÑжМÑЌО пÑаваЌО
$fileSystemRights = [System.Security.AccessControl.FileSystemRights]"$Rules"
#CПзЎаеЌ пеÑеЌеММÑÑ Ñ ÑказаМОеЌ пПлÑзПваÑелÑ, пÑав ЎПÑÑÑпа О ÑОпа ÑазÑеÑеМОÑ
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($UserName, $fileSystemRights, $AccessControlType)
#ÐеÑеЎаеЌ пеÑеЌеММÑÑ Ð² клаÑÑ FileSystemAccessRule ÐŽÐ»Ñ ÑÐŸÐ·ÐŽÐ°ÐœÐžÑ ÐŸÐ±ÑекÑа
$acl.SetAccessRule($AccessRule)
#ÐÑОЌеМÑеЌ ÑазÑеÑÐµÐœÐžÑ Ðº папке
$acl | Set-Acl $Folder
}
Set-AccessRule -Folder $env:USERPROFILEDesktop -UserName $env:USERNAME -Rules CreateFiles,AppendData,Delete -AccessControlType Deny
FileSystemRights-áá¡ ááŠá¬áá á áá€ááªáááá£á áá
áááá®ááá ááááá¡ ááá áááá¡ ááááááá¡ ááá áááá
áá¡ áá áá§á á¡áááá á, áááá áá áá áá€áá¥á áááá, á áá ááá áá áá¥áááááá, ááááªáá¡ á¡á¢á£áááá¢ááá¡ ááá áááá£áá ááá€á á®ášáá áá ááááá§ááááá£áá áá ááá áááááá. ááá¡á£á®á áááááááá
á©ááááá ááá£áá áááááááªáá
function Set-PinnedApplication
{
<#
.SYNOPSIS
УпÑавлеМОе ÑÑлÑкаЌО Ма паМелО ÑпÑавлеМОÑ
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ ÐŽÐŸÐ±Ð°Ð²Ð»ÑÐµÑ ÐžÐ»Ðž ÑЎалÑÐµÑ ÑÑлÑкО Ма паМелО ÑпÑÐ°Ð²Ð»ÐµÐœÐžÑ Ð¿ÐŸÐ»ÑзПваÑелÑ
.EXAMPLE
#Set-PinnedApplication -Action UnpinfromTaskbar -FilePath "$env:ProgramFilesInternet Exploreriexplore.exe"
.EXAMPLE
#Set-PinnedApplication -Action PintoTaskbar -FilePath "${env:ProgramFiles(x86)}Mozilla Firefoxfirefox.exe"
.PARAMETER Action
ÐбÑзаÑелÑÐœÑй паÑаЌеÑÑ, кПÑПÑÑй ÐŒÐŸÐ¶ÐµÑ Ð¿ÑОМОЌаÑÑ ÐŸÐŽÐœÐŸ Оз ЎвÑÑ
зМаÑеМОй: UnpinfromTaskbar ОлО PintoTaskbar
.PARAMETER FilePath
ÐÐŒÑ ÑÑеÑМПй запОÑО пПлÑзПваÑелÑ, ÐŽÐ»Ñ ÐºÐŸÐ³ÐŸ заЎаÑÑÑÑ Ð¿Ñава ЎПÑÑÑпа (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$True)][String]$Action,
[Parameter(Mandatory=$True)][String]$FilePath
)
if(-not (test-path $FilePath)) {
throw "FilePath does not exist."
}
function InvokeVerb {
param([string]$FilePath,$verb)
$verb = $verb.Replace("&","")
$path = split-path $FilePath
$shell = new-object -com "Shell.Application"
$folder = $shell.Namespace($path)
$item = $folder.Parsename((split-path $FilePath -leaf))
$itemVerb = $item.Verbs() | ? {$_.Name.Replace("&","") -eq $verb}
if($itemVerb -eq $null){
throw "Verb $verb not found."
} else {
$itemVerb.DoIt()
}
}
function GetVerb {
param([int]$verbId)
try {
$t = [type]"CosmosKey.Util.MuiHelper"
} catch {
$def = [Text.StringBuilder]""
[void]$def.AppendLine('[DllImport("user32.dll")]')
[void]$def.AppendLine('public static extern int LoadString(IntPtr h,uint id, System.Text.StringBuilder sb,int maxBuffer);')
[void]$def.AppendLine('[DllImport("kernel32.dll")]')
[void]$def.AppendLine('public static extern IntPtr LoadLibrary(string s);')
Add-Type -MemberDefinition $def.ToString() -name MuiHelper -namespace CosmosKey.Util
}
if($global:CosmosKey_Utils_MuiHelper_Shell32 -eq $null){
$global:CosmosKey_Utils_MuiHelper_Shell32 = [CosmosKey.Util.MuiHelper]::LoadLibrary("shell32.dll")
}
$maxVerbLength=255
$verbBuilder = New-Object Text.StringBuilder "",$maxVerbLength
[void][CosmosKey.Util.MuiHelper]::LoadString($CosmosKey_Utils_MuiHelper_Shell32,$verbId,$verbBuilder,$maxVerbLength)
return $verbBuilder.ToString()
}
$verbs = @{
"PintoTaskbar"=5386
"UnpinfromTaskbar"=5387
}
if($verbs.$Action -eq $null){
Throw "Action $action not supported`nSupported actions are:`n`tPintoTaskbar`n`tUnpinfromTaskbar"
}
InvokeVerb -FilePath $FilePath -Verb $(GetVerb -VerbId $verbs.$action)
}
ááá¡áááá
á¡áá ááá¢ááá áá£ášáááá¡, áááááá£áá á¡áááá£á áá¡áááá¡ áááá¡áá®á£á áááá¡ áá á ášáááªáá áá, áááááá áááŠá¬áá£ááá. á©áááááá¡, á áááá ᪠Linux-áá¡ áááá®ááá ááááá¡áááá¡, áááááá£á¡áá¡ ááá§ááááá áá áá§á á£ááá á¢áááá¡á áááááááá¡ááááá, áááá áá áá¡ áá§á á¡áááááááááááááá. áá áááááááááá áá ááá§áááááá¡ á¡áá ááá¢á¡. áááááááá ááááá¡á¢áááá ááá£áá áá ááá ááá£áá á£áá á£ááááá§áá€áá¡ ášáááá¬ááááá¡ ááááá¢ááá áá ááá¢áááá á£á¡áá¡ ááá¡á¢ááááªáá áá ááášáááá.
á¡áááááá á¡áá ááá¢ááá áááááááá áááá¡
á²áááááá¡á¢á áá¢áá áá¡ á¡áá®áááá ááášáááá
Function New-User {
<#
.SYNOPSIS
СПзЎаМОе МПвПгП пПлÑзПваÑелÑ
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ ÑÐŸÐ·ÐŽÐ°ÐµÑ ÐœÐŸÐ²ÐŸÐ³ÐŸ пПлÑзПваÑÐµÐ»Ñ Ðž ЎПбавлÑÐµÑ ÐµÐ³ÐŸ в гÑÑÐ¿Ð¿Ñ ÐПлÑзПваÑелО
.EXAMPLE
#New-User "Student" "Student"
.PARAMETER Name
ÐÐŒÑ ÐœÐŸÐ²ÐŸÐ³ÐŸ пПлÑзПваÑÐµÐ»Ñ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER Password
ÐаÑÐŸÐ»Ñ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
#>
[CmdletBinding()]
param (
[PARAMETER(Mandatory=$True)][String]$Name,
[PARAMETER(Mandatory=$True)][String]$Password
)
$Pwd = convertto-securestring $Password -asplaintext -force
$GroupSID = "S-1-5-32-545"
New-LocalUser -User $Name -AccountNeverExpires:$true -FullName $Name -Password $Pwd -PasswordNeverExpires:$true
Add-LocalGroupMember -SID $GroupSID -Member $Name
Write-Host "-- СПзЎаМ пПлÑзПваÑÐµÐ»Ñ $Name Ñ Ð¿Ð°ÑПлеЌ $Password" -foregroundcolor Green
}
Function Remove-Users {
<#
.SYNOPSIS
УЎалеМОе пПлÑзПваÑелей
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ ÑЎалÑÐµÑ Ð¿ÐŸÐ»ÑзПваÑелей, кПÑПÑÑе ÑейÑÐ°Ñ ÐœÐµ акÑÐžÐ²ÐœÑ Ðž Ме ÑвлÑÑÑÑÑ ÑпеÑОалÑÐœÑЌО
УЎалÑÑÑÑÑ Ð² ÑПЌ ÑОÑле ÑабПÑОй каÑалПг О ÑееÑÑÑ Ð¿ÐŸÐ»ÑзПваÑелей
.EXAMPLE
#Remove-Users
#>
[CmdletBinding()]
$UsersProfiles = Get-WMIObject -class Win32_UserProfile -ComputerName $env:COMPUTERNAME | Where {!($_.Loaded) -and !($_.Special)}
foreach($Usr in $UsersProfiles) {
$UsrName = $Usr.LocalPath.Split("")[2]
Write-Host "-- УЎалеМОе пПлÑзПваÑÐµÐ»Ñ $UsrName ..." -foregroundcolor Green
Remove-LocalUser -Name $UsrName
Remove-WmiObject -Path $Usr.__PATH
Write-Host "-- ÐПлÑзПваÑÐµÐ»Ñ $UsrName ÑЎалеМ" -foregroundcolor Green
}
}
Function Set-AutoLogon {
<#
.SYNOPSIS
ÐклÑÑеМОе авÑПвÑ
ПЎа ÐŽÐ»Ñ Ð¿ÐŸÐ»ÑзПваÑелÑ
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ Ð²ÐºÐ»ÑÑÐ°ÐµÑ Ð°Ð²ÑПвÑ
ПЎ ÐŽÐ»Ñ ÑказаММПгП пПлÑзПваÑелÑ
.EXAMPLE
#Set-AutoLogon "Student" "Student"
.PARAMETER Name
ÐÐŒÑ Ð¿ÐŸÐ»ÑзПваÑÐµÐ»Ñ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER Password
ÐаÑÐŸÐ»Ñ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
#>
[CmdletBinding()]
param (
[PARAMETER(Mandatory=$True)][String]$Name,
[PARAMETER(Mandatory=$True)][String]$Password
)
$PathToWinlogon = "HKLM:SoftwareMicrosoftWindows NTCurrentVersionWinlogon"
New-ItemProperty -Path $PathToWinlogon -Name AutoAdminLogon -Value 1 -PropertyType "String"
New-ItemProperty -Path $PathToWinlogon -Name DefaultUserName -Value $Name -PropertyType "String"
New-ItemProperty -Path $PathToWinlogon -Name DefaultPassword -Value $Password -PropertyType "String"
}
$Source = @'
using System;
using System.Collections.Generic;
using System.Text;
namespace MyLsaWrapper
{
using System.Runtime.InteropServices;
using System.Security;
using System.Management;
using System.Runtime.CompilerServices;
using System.ComponentModel;
using LSA_HANDLE = IntPtr;
[StructLayout(LayoutKind.Sequential)]
struct LSA_OBJECT_ATTRIBUTES
{
internal int Length;
internal IntPtr RootDirectory;
internal IntPtr ObjectName;
internal int Attributes;
internal IntPtr SecurityDescriptor;
internal IntPtr SecurityQualityOfService;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
struct LSA_UNICODE_STRING
{
internal ushort Length;
internal ushort MaximumLength;
[MarshalAs(UnmanagedType.LPWStr)]
internal string Buffer;
}
sealed class Win32Sec
{
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaOpenPolicy(
LSA_UNICODE_STRING[] SystemName,
ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
int AccessMask,
out IntPtr PolicyHandle
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaAddAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr pSID,
LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern int LsaLookupNames2(
LSA_HANDLE PolicyHandle,
uint Flags,
uint Count,
LSA_UNICODE_STRING[] Names,
ref IntPtr ReferencedDomains,
ref IntPtr Sids
);
[DllImport("advapi32")]
internal static extern int LsaNtStatusToWinError(int NTSTATUS);
[DllImport("advapi32")]
internal static extern int LsaClose(IntPtr PolicyHandle);
[DllImport("advapi32")]
internal static extern int LsaFreeMemory(IntPtr Buffer);
}
/// <summary>
/// This class is used to grant "Log on as a service", "Log on as a batchjob", "Log on localy" etc.
/// to a user.
/// </summary>
public sealed class LsaWrapper : IDisposable
{
[StructLayout(LayoutKind.Sequential)]
struct LSA_TRUST_INFORMATION
{
internal LSA_UNICODE_STRING Name;
internal IntPtr Sid;
}
[StructLayout(LayoutKind.Sequential)]
struct LSA_TRANSLATED_SID2
{
internal SidNameUse Use;
internal IntPtr Sid;
internal int DomainIndex;
uint Flags;
}
[StructLayout(LayoutKind.Sequential)]
struct LSA_REFERENCED_DOMAIN_LIST
{
internal uint Entries;
internal LSA_TRUST_INFORMATION Domains;
}
enum SidNameUse : int
{
User = 1,
Group = 2,
Domain = 3,
Alias = 4,
KnownGroup = 5,
DeletedAccount = 6,
Invalid = 7,
Unknown = 8,
Computer = 9
}
enum Access : int
{
POLICY_READ = 0x20006,
POLICY_ALL_ACCESS = 0x00F0FFF,
POLICY_EXECUTE = 0X20801,
POLICY_WRITE = 0X207F8
}
const uint STATUS_ACCESS_DENIED = 0xc0000022;
const uint STATUS_INSUFFICIENT_RESOURCES = 0xc000009a;
const uint STATUS_NO_MEMORY = 0xc0000017;
IntPtr lsaHandle;
public LsaWrapper()
: this(null)
{ }
// // local system if systemName is null
public LsaWrapper(string systemName)
{
LSA_OBJECT_ATTRIBUTES lsaAttr;
lsaAttr.RootDirectory = IntPtr.Zero;
lsaAttr.ObjectName = IntPtr.Zero;
lsaAttr.Attributes = 0;
lsaAttr.SecurityDescriptor = IntPtr.Zero;
lsaAttr.SecurityQualityOfService = IntPtr.Zero;
lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES));
lsaHandle = IntPtr.Zero;
LSA_UNICODE_STRING[] system = null;
if (systemName != null)
{
system = new LSA_UNICODE_STRING[1];
system[0] = InitLsaString(systemName);
}
uint ret = Win32Sec.LsaOpenPolicy(system, ref lsaAttr,
(int)Access.POLICY_ALL_ACCESS, out lsaHandle);
if (ret == 0)
return;
if (ret == STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
{
throw new OutOfMemoryException();
}
throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
}
public void AddPrivileges(string account, string privilege)
{
IntPtr pSid = GetSIDInformation(account);
LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1];
privileges[0] = InitLsaString(privilege);
uint ret = Win32Sec.LsaAddAccountRights(lsaHandle, pSid, privileges, 1);
if (ret == 0)
return;
if (ret == STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
{
throw new OutOfMemoryException();
}
throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
}
public void Dispose()
{
if (lsaHandle != IntPtr.Zero)
{
Win32Sec.LsaClose(lsaHandle);
lsaHandle = IntPtr.Zero;
}
GC.SuppressFinalize(this);
}
~LsaWrapper()
{
Dispose();
}
// helper functions
IntPtr GetSIDInformation(string account)
{
LSA_UNICODE_STRING[] names = new LSA_UNICODE_STRING[1];
LSA_TRANSLATED_SID2 lts;
IntPtr tsids = IntPtr.Zero;
IntPtr tdom = IntPtr.Zero;
names[0] = InitLsaString(account);
lts.Sid = IntPtr.Zero;
//Console.WriteLine("String account: {0}", names[0].Length);
int ret = Win32Sec.LsaLookupNames2(lsaHandle, 0, 1, names, ref tdom, ref tsids);
if (ret != 0)
throw new Win32Exception(Win32Sec.LsaNtStatusToWinError(ret));
lts = (LSA_TRANSLATED_SID2)Marshal.PtrToStructure(tsids,
typeof(LSA_TRANSLATED_SID2));
Win32Sec.LsaFreeMemory(tsids);
Win32Sec.LsaFreeMemory(tdom);
return lts.Sid;
}
static LSA_UNICODE_STRING InitLsaString(string s)
{
// Unicode strings max. 32KB
if (s.Length > 0x7ffe)
throw new ArgumentException("String too long");
LSA_UNICODE_STRING lus = new LSA_UNICODE_STRING();
lus.Buffer = s;
lus.Length = (ushort)(s.Length * sizeof(char));
lus.MaximumLength = (ushort)(lus.Length + sizeof(char));
return lus;
}
}
public class LsaWrapperCaller
{
public static void AddPrivileges(string account, string privilege)
{
using (LsaWrapper lsaWrapper = new LsaWrapper())
{
lsaWrapper.AddPrivileges(account, privilege);
}
}
}
}
'@
Add-Type -TypeDefinition $Source | Out-Null
# -------------------------
# ÐеÑеÑПзЎаМОе пПлÑзПваÑелÑ
# -------------------------
$UserName = "Student"
$Password = "Student"
Remove-Users | Out-Null
New-User $UserName $Password | Out-Null
Set-AutoLogon $UserName $Password | Out-Null
[MyLsaWrapper.LsaWrapperCaller]::AddPrivileges($UserName, "SeBatchLogonRight") | Out-Null
write-host "-- ÑазÑеÑеМ вÑ
ПЎ в каÑеÑÑве пакеÑМПгП Ð·Ð°ÐŽÐ°ÐœÐžÑ ÐŽÐ»Ñ Ð¿ÐŸÐ»ÑзПваÑÐµÐ»Ñ $UserName" -foregroundcolor Green
schtasks /create /tn LogonUserSettings /tr "pwsh C:ScriptsSetupUser.ps1" /sc onlogon /ru $env:USERDOMAIN$UserName /rp $Password /f
ááášáááá£ááá á¡á¢á£áááá¢á£á á áááá®ááá ááááá¡ á¥áááš
Function Set-Proxy {
<#
.SYNOPSIS
УÑÑаМПвка паÑаЌеÑÑПв пÑПкÑО
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ Ð·Ð°ÐŽÐ°ÐµÑ Ð¿Ð°ÑаЌеÑÑÑ Ð¿ÑПкÑО ÐŽÐ»Ñ Ð¿ÐŸÐ»ÑзПваÑелÑ
.EXAMPLE
#Set-Proxy a.cproxy.ru 8080
.PARAMETER Server
ÐÐŽÑÐµÑ ÐžÐ»Ðž ЎПЌеММПе ÐžÐŒÑ ÑеÑвеÑа (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER Port
ÐПÑÑ (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
#>
[CmdletBinding()]
param (
[PARAMETER(Mandatory=$True)][String]$Server,
[PARAMETER(Mandatory=$True)][Int]$Port
)
If ((Test-NetConnection -ComputerName $Server -Port $Port).TcpTestSucceeded) {
Set-ItemProperty -Path 'HKCU:SoftwareMicrosoftWindowsCurrentVersionInternet Settings' -name ProxyServer -Value "$($Server):$($Port)"
Set-ItemProperty -Path 'HKCU:SoftwareMicrosoftWindowsCurrentVersionInternet Settings' -name ProxyEnable -Value 1
} Else {
Write-Error -Message "-- Invalid proxy server address or port: $($Server):$($Port)"
}
}
Function Set-AccessRule {
<#
.SYNOPSIS
УÑÑаМПвка пÑавк Ма папкÑ
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ ÑÑÑÐ°ÐœÐ°Ð²Ð»ÐžÐ²Ð°ÐµÑ Ð·Ð°ÐŽÐ°ÐœÐœÑе пÑава Ма ЎОÑÑекÑПÑОÑ
.EXAMPLE
#Set-AccessRule -Folder $env:USERPROFILEDesktop -UserName $env:USERNAME -Rules CreateFiles,AppendData -AccessControlType Deny
.PARAMETER Folder
ÐОÑÑекÑПÑОÑ, МаЎ кПÑПÑПй пÑПОзвПЎОÑÑÑ ÐŽÐµÐ¹ÑÑвОе (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER UserName
ÐÐŒÑ ÑÑеÑМПй запОÑО пПлÑзПваÑелÑ, ÐŽÐ»Ñ ÐºÐŸÐ³ÐŸ заЎаÑÑÑÑ Ð¿Ñава ЎПÑÑÑпа (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER Rules
ÐÑава ЎПÑÑÑпа ÑеÑез запÑÑÑÑ(ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
.PARAMETER AccessControlType
ÐбÑзаÑелÑÐœÑй паÑаЌеÑÑ, кПÑПÑÑй ÐŒÐŸÐ¶ÐµÑ Ð¿ÑОМЌаÑÑ ÐŸÐŽÐœÐŸ Оз ЎвÑÑ
зМаÑеМОй: Allow ОлО Deny
#>
[CmdletBinding()]
param (
[PARAMETER(Mandatory=$True)][String]$Folder,
[PARAMETER(Mandatory=$True)][String]$UserName,
[PARAMETER(Mandatory=$True)][String]$Rules,
[PARAMETER(Mandatory=$True)][String]$AccessControlType
)
#ÑÑОÑÑваеЌ ÑекÑÑОй ÑпОÑПк ACL ÑабПÑегП ÑÑПла
$acl = Get-Acl $Folder
#СПзЎаеЌ пеÑÐµÐŒÐµÐœÐœÑ Ñ ÐœÑжМÑЌО пÑаваЌО
$fileSystemRights = [System.Security.AccessControl.FileSystemRights]"$Rules"
#CПзЎаеЌ пеÑеЌеММÑÑ Ñ ÑказаМОеЌ пПлÑзПваÑелÑ, пÑав ЎПÑÑÑпа О ÑОпа ÑазÑеÑеМОÑ
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($UserName, $fileSystemRights, $AccessControlType)
#ÐеÑеЎаеЌ пеÑеЌеММÑÑ Ð² клаÑÑ FileSystemAccessRule ÐŽÐ»Ñ ÑÐŸÐ·ÐŽÐ°ÐœÐžÑ ÐŸÐ±ÑекÑа
$acl.SetAccessRule($AccessRule)
#ÐÑОЌеМÑеЌ ÑазÑеÑÐµÐœÐžÑ Ðº папке
$acl | Set-Acl $Folder
}
function Set-PinnedApplication
{
<#
.SYNOPSIS
УпÑавлеМОе ÑÑлÑкаЌО Ма паМелО ÑпÑавлеМОÑ
.DESCRIPTION
ÐÐ°ÐœÐœÐ°Ñ ÑÑМкÑÐžÑ ÐŽÐŸÐ±Ð°Ð²Ð»ÑÐµÑ ÐžÐ»Ðž ÑЎалÑÐµÑ ÑÑлÑкО Ма паМелО ÑпÑÐ°Ð²Ð»ÐµÐœÐžÑ Ð¿ÐŸÐ»ÑзПваÑелÑ
.EXAMPLE
#Set-PinnedApplication -Action UnpinfromTaskbar -FilePath "$env:ProgramFilesInternet Exploreriexplore.exe"
.EXAMPLE
#Set-PinnedApplication -Action PintoTaskbar -FilePath "${env:ProgramFiles(x86)}Mozilla Firefoxfirefox.exe"
.PARAMETER Action
ÐбÑзаÑелÑÐœÑй паÑаЌеÑÑ, кПÑПÑÑй ÐŒÐŸÐ¶ÐµÑ Ð¿ÑОМОЌаÑÑ ÐŸÐŽÐœÐŸ Оз ЎвÑÑ
зМаÑеМОй: UnpinfromTaskbar ОлО PintoTaskbar
.PARAMETER FilePath
ÐÐŒÑ ÑÑеÑМПй запОÑО пПлÑзПваÑелÑ, ÐŽÐ»Ñ ÐºÐŸÐ³ÐŸ заЎаÑÑÑÑ Ð¿Ñава ЎПÑÑÑпа (ПбÑзаÑелÑÐœÑй паÑаЌеÑÑ)
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$True)][String]$Action,
[Parameter(Mandatory=$True)][String]$FilePath
)
if(-not (test-path $FilePath)) {
throw "FilePath does not exist."
}
function InvokeVerb {
param([string]$FilePath,$verb)
$verb = $verb.Replace("&","")
$path = split-path $FilePath
$shell = new-object -com "Shell.Application"
$folder = $shell.Namespace($path)
$item = $folder.Parsename((split-path $FilePath -leaf))
$itemVerb = $item.Verbs() | ? {$_.Name.Replace("&","") -eq $verb}
if($itemVerb -eq $null){
throw "Verb $verb not found."
} else {
$itemVerb.DoIt()
}
}
function GetVerb {
param([int]$verbId)
try {
$t = [type]"CosmosKey.Util.MuiHelper"
} catch {
$def = [Text.StringBuilder]""
[void]$def.AppendLine('[DllImport("user32.dll")]')
[void]$def.AppendLine('public static extern int LoadString(IntPtr h,uint id, System.Text.StringBuilder sb,int maxBuffer);')
[void]$def.AppendLine('[DllImport("kernel32.dll")]')
[void]$def.AppendLine('public static extern IntPtr LoadLibrary(string s);')
Add-Type -MemberDefinition $def.ToString() -name MuiHelper -namespace CosmosKey.Util
}
if($global:CosmosKey_Utils_MuiHelper_Shell32 -eq $null){
$global:CosmosKey_Utils_MuiHelper_Shell32 = [CosmosKey.Util.MuiHelper]::LoadLibrary("shell32.dll")
}
$maxVerbLength=255
$verbBuilder = New-Object Text.StringBuilder "",$maxVerbLength
[void][CosmosKey.Util.MuiHelper]::LoadString($CosmosKey_Utils_MuiHelper_Shell32,$verbId,$verbBuilder,$maxVerbLength)
return $verbBuilder.ToString()
}
$verbs = @{
"PintoTaskbar"=5386
"UnpinfromTaskbar"=5387
}
if($verbs.$Action -eq $null){
Throw "Action $action not supported`nSupported actions are:`n`tPintoTaskbar`n`tUnpinfromTaskbar"
}
InvokeVerb -FilePath $FilePath -Verb $(GetVerb -VerbId $verbs.$action)
}
Set-Proxy cproxy.udsu.ru 8080
Set-AccessRule -Folder $env:USERPROFILEDesktop -UserName $env:USERNAME -Rules "CreateFiles,AppendData,Delete" -AccessControlType Deny
Set-PinnedApplication -Action UnpinfromTaskbar -FilePath "$env:ProgramFilesInternet Exploreriexplore.exe"
Set-PinnedApplication -Action PintoTaskbar -FilePath "${env:ProgramFiles(x86)}Mozilla Firefoxfirefox.exe"
Set-PinnedApplication -Action PintoTaskbar -FilePath "$env:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Office 2013Excel 2013.lnk"
Set-PinnedApplication -Action PintoTaskbar -FilePath "$env:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Office 2013Word 2013.lnk"
Set-PinnedApplication -Action PintoTaskbar -FilePath "$env:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Office 2013PowerPoint 2013.lnk"
Set-PinnedApplication -Action PintoTaskbar -FilePath "$env:ProgramDataMicrosoftWindowsStart MenuProgramsÐСÐÐÐÐÐÐÐÐС-3D V16ÐÐÐÐÐС-3D V16.lnk"
# УЎалеМОе заЎаÑО, пПÑле ее вÑпПлМеМОÑ
Unregister-ScheduledTask -TaskName UdSUSettingStudent -Confirm:$false
á¬á§áá á: www.habr.com