diff --git a/tiny11maker.ps1 b/tiny11maker.ps1 index 859c547..11e4806 100644 --- a/tiny11maker.ps1 +++ b/tiny11maker.ps1 @@ -14,6 +14,8 @@ if ((Get-ExecutionPolicy) -eq 'Restricted') { } # Check and run the script as admin if required +$adminSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") +$adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount]) $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent() $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID) $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator @@ -66,8 +68,6 @@ Write-Host "Getting image information:" & 'dism' '/English' "/Get-WimInfo" "/wimfile:$mainOSDrive\tiny11\sources\install.wim" $index = Read-Host "Please enter the image index" Write-Host "Mounting Windows image. This may take a while." -$adminSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") -$adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount]) $wimFilePath = "$($env:SystemDrive)\tiny11\sources\install.wim" & takeown "/F" $wimFilePath & icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)" @@ -313,14 +313,13 @@ Enable-Privilege SeTakeOwnershipPrivilege $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) $regACL = $regKey.GetAccessControl() -$regACL.SetOwner([System.Security.Principal.NTAccount]"Administrators") +$regACL.SetOwner($adminGroup) $regKey.SetAccessControl($regACL) $regKey.Close() Write-Host "Owner changed to Administrators." - $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) $regACL = $regKey.GetAccessControl() -$regRule = New-Object System.Security.AccessControl.RegistryAccessRule ("Administrators","FullControl","ContainerInherit","None","Allow") +$regRule = New-Object System.Security.AccessControl.RegistryAccessRule ($adminGroup,"FullControl","ContainerInherit","None","Allow") $regACL.SetAccessRule($regRule) $regKey.SetAccessControl($regACL) Write-Host "Permissions modified for Administrators group."