User Tools

Site Tools


microsoft:scripting:vbscript:scripts:tssetpowershellexerights

Version 1

Removes Users group from powershell(_ise).exe as there is no GPO or other setting to prevent the usage of PowerShell like there is for the command prompt (cmd.exe).

Tested and used on Windows Server 2008 R2 Remote Desktop Session Host (aka Terminal Server).

'TSSetPowerShellExeRights.vbs
'Remove Execute rights for Users on PowerShell.
'Meant to be used as a computer startup script
'20111115, v1
 
On Error Resume Next
 
Const HideWindow = 0
Const WaitOnReturn = True
 
Set objFso = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")
 
strTakeOwn = objShell.ExpandEnvironmentStrings("%SystemRoot%") & "\system32\takeown.exe"
stricacls = objShell.ExpandEnvironmentStrings("%SystemRoot%") & "\system32\icacls.exe"
 
Function SetExeRights(strExe)
 
	If objFso.FileExists(strExe) Then
 
		'Take ownership.
		objShell.Run chr(34) & strTakeOwn & chr(34) & " /F " & chr(34) & strExe & chr(34), HideWindow, WaitOnReturn
 
		'Remove the Users group.
		objShell.Run chr(34) & stricacls & chr(34) & " " & chr(34) & strExe & chr(34) & " /remove Users", HideWindow, WaitOnReturn
 
	End If
 
End Function
 
SetExeRights objShell.ExpandEnvironmentStrings("%SystemRoot%") & "\system32\WindowsPowerShell\v1.0\powershell.exe"
SetExeRights objShell.ExpandEnvironmentStrings("%SystemRoot%") & "\system32\WindowsPowerShell\v1.0\powershell_ise.exe"
SetExeRights objShell.ExpandEnvironmentStrings("%SystemRoot%") & "\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
SetExeRights objShell.ExpandEnvironmentStrings("%SystemRoot%") & "\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe"
 
'Cleanup
Set objShell = Nothing
Set objFso = Nothing
microsoft/scripting/vbscript/scripts/tssetpowershellexerights.txt · Last modified: 2011/11/15 16:04 by bas

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki