KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
System : Windows NT SERVER-PC 10.0 build 26200 (Windows 11) AMD64
User : ServerPC ( 0)
PHP Version : 8.2.12
Disable Function : NONE
Directory :  C:/Windows/diagnostics/system/Search/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : C:/Windows/diagnostics/system/Search/RS_RestorePermissions.ps1
# Copyright © Microsoft Corporation. All rights reserved.

# Restore correct permissions on the indexer data directories.
#
# Correct permissions on the parent of the data directory look like this:
#
# FileSystemRights  : FullControl
# AccessControlType : Allow
# IdentityReference : NT AUTHORITY\SYSTEM
# IsInherited       : True
# InheritanceFlags  : ContainerInherit, ObjectInherit
# PropagationFlags  : None
#
# FileSystemRights  : FullControl
# AccessControlType : Allow
# IdentityReference : BUILTIN\Administrators
# IsInherited       : True
# InheritanceFlags  : ContainerInherit, ObjectInherit
# PropagationFlags  : None
#
# FileSystemRights  : ReadAndExecute, Synchronize
# AccessControlType : Allow
# IdentityReference : BUILTIN\Users
# IsInherited       : True
# InheritanceFlags  : ContainerInherit, ObjectInherit
# PropagationFlags  : None
#
# FileSystemRights  : ReadAndExecute, Synchronize
# AccessControlType : Allow
# IdentityReference : Everyone
# IsInherited       : True
# InheritanceFlags  : ContainerInherit, ObjectInherit
# PropagationFlags  : None

# Load utility library
. .\CL_Utility.ps1

# To change ACEs, SDDL must have BUILTIN\Administrators as owner instead of SYSTEM.
# Otherwise, we get an error because Set-Acl tries to change the owner before the ACEs, and we are not SYSTEM.
$sddl = "O:BAG:SYD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)"

Write-DiagProgress -activity $localizationString.progress_rs_restorePermissions

$dataDirectory = (Get-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows Search").DataDirectory

# Append a trailing slash to the dataDirectory if there isn't one
if (!$dataDirectory.EndsWith("\"))
{
    $dataDirectory += "\"
}
$applications = $dataDirectory + "Applications"
$windows = $applications + "\Windows"

function Restore-Permissions([string]$folderPath)
{
    # First change the ACEs with BUILTIN\Administrators as owner
    $acl = get-acl $folderPath
    $acl.SetSecurityDescriptorSddlForm($sddl)
    set-acl -path $folderPath -aclObject $acl
    # Now change the owner to SYSTEM ("S-1-5-18") (This requires asserting SeRestorePrivilege.)
    Set-RestorePrivilege
    $acl = get-acl $folderPath
    $account = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-18")
    $acl.SetOwner($account)
    set-acl -path $folderPath -aclObject $acl
}

Restore-Permissions $dataDirectory
Restore-Permissions $applications
Restore-Permissions $windows

Anon7 - 2021