Last active
March 4, 2021 07:38
-
-
Save fishi0x01/ec5d356b5a189fe6f3f0bdb9a30e0144 to your computer and use it in GitHub Desktop.
Script to configure DCOM remote access on Windows machines. Code for blog post https://fishi.devtail.io/weblog/2015/01/16/enabling-dcom-windows-7-8-and-server-2012/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Original script taken and modified from http://shrekpoint.blogspot.de/2012/08/taking-ownership-of-dcom-registry.html | |
# | |
# Enable remote DCOM access to the WbemScripting.SWbemLocator class on 64-bit Windows 7/8 and Server 2012 machines, | |
# by setting the necessary keys inside the registry. | |
# Use this script at your own risk. | |
# I do not guarantee that it works, nor do I give any kinds of support in case it doesn't | |
Try { | |
[void][TokenAdjuster] | |
} Catch { | |
$AdjustTokenPrivileges = @" | |
using System; | |
using System.Runtime.InteropServices; | |
public class TokenAdjuster | |
{ | |
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] | |
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, | |
ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); | |
[DllImport("kernel32.dll", ExactSpelling = true)] | |
internal static extern IntPtr GetCurrentProcess(); | |
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] | |
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr | |
phtok); | |
[DllImport("advapi32.dll", SetLastError = true)] | |
internal static extern bool LookupPrivilegeValue(string host, string name, | |
ref long pluid); | |
[StructLayout(LayoutKind.Sequential, Pack = 1)] | |
internal struct TokPriv1Luid | |
{ | |
public int Count; | |
public long Luid; | |
public int Attr; | |
} | |
internal const int SE_PRIVILEGE_DISABLED = 0x00000000; | |
internal const int SE_PRIVILEGE_ENABLED = 0x00000002; | |
internal const int TOKEN_QUERY = 0x00000008; | |
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; | |
public static bool AddPrivilege(string privilege) | |
{ | |
try | |
{ | |
bool retVal; | |
TokPriv1Luid tp; | |
IntPtr hproc = GetCurrentProcess(); | |
IntPtr htok = IntPtr.Zero; | |
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); | |
tp.Count = 1; | |
tp.Luid = 0; | |
tp.Attr = SE_PRIVILEGE_ENABLED; | |
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); | |
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); | |
return retVal; | |
} | |
catch (Exception ex) | |
{ | |
throw ex; | |
} | |
} | |
public static bool RemovePrivilege(string privilege) | |
{ | |
try | |
{ | |
bool retVal; | |
TokPriv1Luid tp; | |
IntPtr hproc = GetCurrentProcess(); | |
IntPtr htok = IntPtr.Zero; | |
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); | |
tp.Count = 1; | |
tp.Luid = 0; | |
tp.Attr = SE_PRIVILEGE_DISABLED; | |
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); | |
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); | |
return retVal; | |
} | |
catch (Exception ex) | |
{ | |
throw ex; | |
} | |
} | |
} | |
"@ | |
Add-Type $AdjustTokenPrivileges | |
} | |
echo "Beginning Installation" | |
#Activate necessary admin privileges to make changes without NTFS perms | |
echo "Setting Access Rights ..." | |
[void][TokenAdjuster]::AddPrivilege("SeTakeOwnershipPrivilege") #Necessary to override FilePermissions | |
# ====================== MAIN ====================================== | |
# Take ownership of registry key | |
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{76A64158-CB41-11D1-8B02-00600806D9B6}",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership) | |
# You must get a blank acl for the key b/c you do not currently have access | |
$acl = $key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None) | |
$me = [System.Security.Principal.NTAccount]"$env:userdomain\$env:username" | |
$acl.SetOwner($me) | |
$key.SetAccessControl($acl) | |
# After you have set owner you need to get the acl with the perms so you can modify it. | |
$acl = $key.GetAccessControl() | |
$adm = [System.Security.Principal.NTAccount]"Administrators" | |
$access = [System.Security.AccessControl.RegistryRights]"FullControl" | |
$inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit" | |
$propagation = [System.Security.AccessControl.PropagationFlags]"None" | |
$type = [System.Security.AccessControl.AccessControlType]"Allow" | |
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($adm,$access,$inheritance,$propagation,$type) | |
$acl.SetAccessRule($rule) | |
$key.SetAccessControl($acl) | |
echo "... Success" | |
# Installing Keys | |
echo "Installing Keys ..." | |
REG ADD "HKEY_CLASSES_ROOT\AppID\{76A64158-CB41-11D1-8B02-00600806D9B6}" /v DllSurrogate /t REG_SZ /f | |
REG ADD "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}" /v AppId /t REG_SZ /d "{76A64158-CB41-11D1-8B02-00600806D9B6}" /f | |
echo "... Success" | |
# Reset Ownerships and Priviliges | |
$instUser = [System.Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller" | |
$acl = $key.GetAccessControl() | |
$acl.SetOwner($instUser) | |
[void][TokenAdjuster]::AddPrivilege("SeRestorePrivilege") # necessary to reset to TrustedInstaller | |
$access = [System.Security.AccessControl.RegistryRights]"ReadKey" | |
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($adm,$access,$inheritance,$propagation,$type) | |
$acl.SetAccessRule($rule) | |
$key.SetAccessControl($acl) | |
$key.Close() | |
# ======================================================================= | |
#Remove priviledges that had been granted | |
[void][TokenAdjuster]::RemovePrivilege("SeRestorePrivilege") | |
[void][TokenAdjuster]::RemovePrivilege("SeTakeOwnershipPrivilege") | |
echo "Installation Finished Successfully" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment