This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$win10_builtin = @('AppVClient', 'ClickToRunSvc', 'COMSysApp', 'diagnosticshub.standardcollector.service', | |
'msiserver', 'ose', 'perceptionsimulation', 'SecurityHealthService', 'Sense', | |
'SensorDataService', 'SgrmBroker', 'Spooler', 'ssh-agent', 'TieringEngineService', | |
'TrustedInstaller', 'UevAgentService', 'vds', 'VSS', 'wbengine', 'WinDefend', 'wmiApSrv', | |
'WSearch', 'XboxNetApiSvc', 'XboxGipSvc', 'XblGameSave', 'XblAuthManager', 'WwanSvc', 'wuauserv', | |
'WwanSvc', 'wuauserv', 'WpnService', 'WPDBusEnum', 'WpcMonSvc', 'WManSvc', 'wlidsvc', 'WlanSvc', | |
'wisvc', 'Winmgmt', 'WiaRpc', 'WerSvc', 'wercplsupport', 'WdiSystemHost', 'WbioSrvc', 'WalletService', | |
'WaaSMedicSvc', 'vmvss', 'vmicvss', 'vmicvmsession', 'vmicshutdown', 'vmicrdv', 'vmickvpexchange', | |
'vmicheartbeat', 'vmicguestinterface', 'VaultSvc', 'UsoSvc', 'UserManager', 'UmRdpService', | |
'TroubleshootingSvc', 'TrkWks', 'TokenBroker', 'Themes', 'TabletInputService', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { | |
Write-Warning "This script will not function with administrative privileges. Please run as a normal user." | |
Break | |
} | |
$outfile = "acltestfile" | |
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";") | |
Foreach ($path in $paths) { | |
# This prints a table of ACLs | |
# get-acl $path | %{ $_.Access } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) | |
if (-Not $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { | |
Write-Warning "We don't have elevated privileges. The following results may not be complete." | |
} | |
schtasks /query /fo csv -v | ConvertFrom-Csv | ? {$_.Status -notlike "Disabled" -and $_.TaskName -notlike "\Microsoft\Windows\*" -and $_.TaskName -notlike "\Microsoft\Office\*" -and $_.TaskName -notlike "\Microsoft\XblGameSave\*" -and $_.TaskName -notlike "TaskName" -and ($_."Run As User" -like "*system" -or $_."Run As User" -like "Administrator*")} | fl taskname,"Comment","Task To Run","Run As User" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[-HKEY_CLASSES_ROOT\.iso] | |
[-HKEY_CLASSES_ROOT\Windows.IsoFile\shell\mount\command] | |
[-HKEY_CLASSES_ROOT\.img] | |
[-HKEY_CLASSES_ROOT\.vhdx] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sc start 0023ca0ca16a62d93ef51f3df98b2f94.bin | |
[SC] StartService FAILED 87: | |
The parameter is incorrect. | |
sc start 0067c788e1cb174f008c325ebde56c22.bin | |
[SC] StartService FAILED 4551: | |
Your organization used Device Guard to block this app. Contact your support person for more info. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sc start 0023ca0ca16a62d93ef51f3df98b2f94.bin | |
[SC] StartService FAILED 87: | |
The parameter is incorrect. | |
sc start 0067c788e1cb174f008c325ebde56c22.bin | |
[SC] StartService FAILED 2148204812: | |
A certificate was explicitly revoked by its issuer. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<ns0:SiPolicy xmlns:ns0="urn:schemas-microsoft-com:sipolicy"> | |
<ns0:VersionEx>10.0.25310.0</ns0:VersionEx> | |
<ns0:PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</ns0:PlatformID> | |
<ns0:Rules> | |
<ns0:Rule> | |
<ns0:Option>Enabled:Unsigned System Integrity Policy</ns0:Option> | |
</ns0:Rule> | |
<ns0:Rule> | |
<ns0:Option>Enabled:Advanced Boot Options Menu</ns0:Option> | |
</ns0:Rule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sc start 0023ca0ca16a62d93ef51f3df98b2f94.bin | |
[SC] StartService FAILED 577: | |
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. | |
sc start 0067c788e1cb174f008c325ebde56c22.bin | |
[SC] StartService FAILED 4551: | |
Your organization used Device Guard to block this app. Contact your support person for more info. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sc start 0023ca0ca16a62d93ef51f3df98b2f94.bin | |
[SC] StartService FAILED 577: | |
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. | |
sc start 0067c788e1cb174f008c325ebde56c22.bin | |
[SC] StartService FAILED 2148204812: | |
A certificate was explicitly revoked by its issuer. |
NewerOlder