Setting ACL
Romain
parent
4df1d9fa72
commit
c83f030b75
|
|
@ -15,6 +15,20 @@ Write-Output "Uninstall: $Uninstall"
|
||||||
|
|
||||||
<# FUNCTIONS #>
|
<# FUNCTIONS #>
|
||||||
|
|
||||||
|
function Add-ACLRule {
|
||||||
|
param (
|
||||||
|
[System.Security.AccessControl.DirectorySecurity]$acl,
|
||||||
|
[string]$sid,
|
||||||
|
[string]$access,
|
||||||
|
[string]$inheritance = "ContainerInherit,ObjectInherit",
|
||||||
|
[string]$propagation = "None",
|
||||||
|
[string]$type = "Allow"
|
||||||
|
)
|
||||||
|
$userSID = New-Object System.Security.Principal.SecurityIdentifier($sid)
|
||||||
|
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userSID, $access, $inheritance, $propagation, $type)
|
||||||
|
$acl.SetAccessRule($rule)
|
||||||
|
}
|
||||||
|
|
||||||
function Install-WingetAutoUpdate {
|
function Install-WingetAutoUpdate {
|
||||||
|
|
||||||
Write-Host "### Post install actions ###"
|
Write-Host "### Post install actions ###"
|
||||||
|
|
@ -106,7 +120,42 @@ function Install-WingetAutoUpdate {
|
||||||
Copy-Item -Path $AppListPath -Destination $InstallPath
|
Copy-Item -Path $AppListPath -Destination $InstallPath
|
||||||
}
|
}
|
||||||
|
|
||||||
#Add 1 to counter file
|
#Secure folders if not installed to ProgramFiles
|
||||||
|
if ($InstallPath -notlike "$env:ProgramFiles*") {
|
||||||
|
|
||||||
|
Write-Output "-> Securing functions and mods folders"
|
||||||
|
$directories = @("$InstallPath\functions", "$InstallPath\mods")
|
||||||
|
|
||||||
|
foreach ($directory in $directories) {
|
||||||
|
try {
|
||||||
|
#Get dir
|
||||||
|
$dirPath = Get-Item -Path $directory
|
||||||
|
#Get ACL
|
||||||
|
$acl = Get-Acl -Path $dirPath.FullName
|
||||||
|
#Disable inheritance
|
||||||
|
$acl.SetAccessRuleProtection($True, $True)
|
||||||
|
#Remove any existing rules
|
||||||
|
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) }
|
||||||
|
|
||||||
|
# Add new ACL rules
|
||||||
|
Add-ACLRule -acl $acl -sid "S-1-5-18" -access "FullControl" # SYSTEM Full
|
||||||
|
Add-ACLRule -acl $acl -sid "S-1-5-32-544" -access "FullControl" # Administrators Full
|
||||||
|
Add-ACLRule -acl $acl -sid "S-1-5-32-545" -access "ReadAndExecute" # Local Users ReadAndExecute
|
||||||
|
Add-ACLRule -acl $acl -sid "S-1-5-11" -access "ReadAndExecute" # Authenticated Users ReadAndExecute
|
||||||
|
|
||||||
|
# Save the updated ACL to the directory
|
||||||
|
Set-Acl -Path $dirPath.FullName -AclObject $acl
|
||||||
|
|
||||||
|
Write-Host "Permissions for '$directory' have been updated successfully."
|
||||||
|
}
|
||||||
|
catch {
|
||||||
|
Write-Host "Error setting ACL for '$directory' : $($_.Exception.Message)"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#Add 1 to Github counter file
|
||||||
try {
|
try {
|
||||||
Invoke-RestMethod -Uri "https://github.com/Romanitho/Winget-AutoUpdate/releases/download/v$($WAUconfig.ProductVersion)/WAU_InstallCounter" | Out-Null
|
Invoke-RestMethod -Uri "https://github.com/Romanitho/Winget-AutoUpdate/releases/download/v$($WAUconfig.ProductVersion)/WAU_InstallCounter" | Out-Null
|
||||||
Write-Host "-> Reported installation."
|
Write-Host "-> Reported installation."
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue