SVS_Public_Repo/SAMY
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update src/samy.functions.ps1

Browse Source
This commit is contained in:
Stephan Yelle
2026-01-26 12:23:51 -05:00
parent 7b85c33253
commit c83b6b33d2
1 changed files with 96 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
src/samy.functions.ps1
View File

@@ -85,38 +85,38 @@ function Initialize-NuGetProvider {
} }
} }
#region re-usable unction #region Re-usable functions
function Set-RegistryValueForCurrentAndAllUsers {
function Set-RegistryValueInHkuRoot {
[CmdletBinding()] [CmdletBinding()]
param( param(
[Parameter(Mandatory)] [string] $HkuRoot, # e.g. "Registry::HKEY_USERS\S-1-5-21-..."
[Parameter(Mandatory)] [string] $RelativeKeyPath, # e.g. "Software\...\Explorer\Advanced" [Parameter(Mandatory)] [string] $RelativeKeyPath, # e.g. "Software\...\Explorer\Advanced"
[Parameter(Mandatory)] [string] $Name, [Parameter(Mandatory)] [string] $Name,
[Parameter(Mandatory)] [ValidateSet('String','ExpandString','DWord','QWord','Binary','MultiString')] [string] $Type, [Parameter(Mandatory)] [ValidateSet('String','ExpandString','DWord','QWord','Binary','MultiString')] [string] $Type,
[Parameter(Mandatory)] $Value [Parameter(Mandatory)] $Value
) )
# Helper: write to a specific HKU root (SID or temp mount)
function _SetValueInHkuRoot {
param([Parameter(Mandatory)] [string] $HkuRoot) # e.g. "Registry::HKEY_USERS\S-1-5-21-..."
$k = Join-Path $HkuRoot $RelativeKeyPath $k = Join-Path $HkuRoot $RelativeKeyPath
if (-not (Test-Path $k)) { New-Item -Path $k -Force | Out-Null } if (-not (Test-Path $k)) { New-Item -Path $k -Force | Out-Null }
if ($Type -in @('String','ExpandString','MultiString','Binary')) { New-ItemProperty -Path $k -Name $Name -PropertyType $Type -Value $Value -Force -err
New-ItemProperty -Path $k -Name $Name -PropertyType $Type -Value $Value -Force | Out-Null Stop | Out-Null
} elseif ($Type -in @('DWord','QWord')) {
New-ItemProperty -Path $k -Name $Name -PropertyType $Type -Value ([int64]$Value) -Force | Out-Null
} else {
# Fallback
New-ItemProperty -Path $k -Name $Name -PropertyType $Type -Value $Value -Force | Out-Null
}
} }
# 1) Current user (HKCU) - if meaningful in this context function Set-RegistryValueForCurrentAndAllUsers {
[CmdletBinding()]
param(
[Parameter(Mandatory)] [string] $RelativeKeyPath,
[Parameter(Mandatory)] [string] $Name,
[Parameter(Mandatory)] [ValidateSet('String','ExpandString','DWord','QWord','Binary','MultiString')] [string] $Type,
[Parameter(Mandatory)] $Value
)
# 1) Current user (HKCU) when meaningful
try { try {
$hkcuKey = "HKCU:\$RelativeKeyPath" $hkcuKey = "HKCU:\$RelativeKeyPath"
if (-not (Test-Path $hkcuKey)) { New-Item -Path $hkcuKey -Force | Out-Null } if (-not (Test-Path $hkcuKey)) { New-Item -Path $hkcuKey -Force | Out-Null }
New-ItemProperty -Path $hkcuKey -Name $Name -PropertyType $Type -Value $Value -Force | Out-Null New-ItemProperty -Path $hkcuKey -Name $Name -PropertyType $Type -Value $Value -Force | Out-Null
} catch { } catch {
# Common during SYSTEM runs; ignore # Common during SYSTEM runs; ignore
@@ -124,32 +124,62 @@ function Initialize-NuGetProvider {
# 2) Default User (future users) # 2) Default User (future users)
$defaultDat = "C:\Users\Default\NTUSER.DAT" $defaultDat = "C:\Users\Default\NTUSER.DAT"
$mountName = "SVS_DefaultUser"
$mount = "HKU\$mountName"
$didLoad = $false
if (Test-Path $defaultDat) { if (Test-Path $defaultDat) {
$mount = "HKU\SVS_DefaultUser"
& reg.exe load $mount $defaultDat 2>$null | Out-Null if (-not (Test-Path "Registry::HKEY_USERS\$mountName")) {
$loadOut = & reg.exe load $mount $defaultDat 2>&1
if ($LASTEXITCODE -eq 0) {
$didLoad = $true
Write-LogHybrid "Loaded Default User hive ($defaultDat) to HKEY_USERS\$mountName" Info Tweaks -LogToEvent
} else {
Write-LogHybrid "Failed to load Default User hive ($defaultDat) to HKEY_USERS\$mountName. reg.exe said: $loadOut" Warning Tweaks -LogToEvent
}
} else {
Write-LogHybrid "Default User hive already loaded at HKEY_USERS\$mountName (skipping reg load)" Info Tweaks -LogToEvent
}
try { try {
_SetValueInHkuRoot -HkuRoot "Registry::HKEY_USERS\SVS_DefaultUser" if (Test-Path "Registry::HKEY_USERS\$mountName") {
} finally { Set-RegistryValueInHkuRoot -HkuRoot "Registry::HKEY_USERS\$mountName" `
& reg.exe unload $mount 2>$null | Out-Null -RelativeKeyPath $RelativeKeyPath -Name $Name -Type $Type -Value $Value
Write-LogHybrid "Default User updated: [$RelativeKeyPath] $Name = $Value ($Type)" Success Tweaks -LogToEvent
} }
} }
finally {
if ($didLoad) {
$unloadOut = & reg.exe unload $mount 2>&1
if ($LASTEXITCODE -eq 0) {
Write-LogHybrid "Unloaded Default User hive from HKEY_USERS\$mountName" Info Tweaks -LogToEvent
} else {
Write-LogHybrid "Failed to unload Default User hive from HKEY_USERS\$mountName. reg.exe said: $unloadOut" Warning Tweaks -LogToEvent
}
}
}
} else {
Write-LogHybrid "Default User hive not found at $defaultDat (skipping future-user tweak)" Warning Tweaks -LogToEvent
}
# 3) All existing user profiles
# 3) Existing profiles
$profileList = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" $profileList = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
Get-ChildItem $profileList -ErrorAction SilentlyContinue | ForEach-Object { Get-ChildItem $profileList -ErrorAction SilentlyContinue | ForEach-Object {
$sid = $_.PSChildName $sid = $_.PSChildName
if ($sid -notmatch '^S-1-5-21-\d+-\d+-\d+-\d+$') { return } if ($sid -notmatch '^S-1-5-21-\d+-\d+-\d+-\d+$') { return }
# If hive is already loaded (user logged in), write directly to HKU:\SID # If already loaded, write directly
$loaded = Test-Path "Registry::HKEY_USERS\$sid" if (Test-Path "Registry::HKEY_USERS\$sid") {
try {
if ($loaded) { Set-RegistryValueInHkuRoot -HkuRoot "Registry::HKEY_USERS\$sid" `
try { _SetValueInHkuRoot -HkuRoot "Registry::HKEY_USERS\$sid" } catch {} -RelativeKeyPath $RelativeKeyPath -Name $Name -Type $Type -Value $Value
} catch {}
return return
} }
# Otherwise load NTUSER.DAT from profile path
$profilePath = (Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue).ProfileImagePath $profilePath = (Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue).ProfileImagePath
if (-not $profilePath) { return } if (-not $profilePath) { return }
@@ -158,9 +188,9 @@ function Initialize-NuGetProvider {
$tempMount = "HKU\SVS_$sid" $tempMount = "HKU\SVS_$sid"
& reg.exe load $tempMount $ntuser 2>$null | Out-Null & reg.exe load $tempMount $ntuser 2>$null | Out-Null
try { try {
_SetValueInHkuRoot -HkuRoot "Registry::HKEY_USERS\SVS_$sid" Set-RegistryValueInHkuRoot -HkuRoot "Registry::HKEY_USERS\SVS_$sid" `
-RelativeKeyPath $RelativeKeyPath -Name $Name -Type $Type -Value $Value
} finally { } finally {
& reg.exe unload $tempMount 2>$null | Out-Null & reg.exe unload $tempMount 2>$null | Out-Null
} }
@@ -171,16 +201,14 @@ function Restart-ExplorerIfInteractive {
[CmdletBinding()] [CmdletBinding()]
param() param()
# Don't kill Explorer during SYSTEM/unboxing contexts where it may not exist or may be harmful # Avoid during SYSTEM/unboxing contexts
$isSystem = ($env:USERNAME -eq 'SYSTEM') if ($env:USERNAME -ne 'SYSTEM') {
if (-not $isSystem) {
Stop-Process -Name explorer -Force -ErrorAction SilentlyContinue Stop-Process -Name explorer -Force -ErrorAction SilentlyContinue
Start-Process explorer.exe Start-Process explorer.exe
} }
} }
#rendegion re-usable function #endregion Re-usable functions
#region App handlers #region App handlers