윈도우 11 시작 icacls

[동우]

echo 앱관련 보안 기능 강화 해봄 

icacls "%ProgramFiles%\WindowsApps"
takeown /F "%ProgramFiles%\WindowsApps" /A
icacls "%ProgramFiles%\WindowsApps" /grant Administrators:F
icacls "%ProgramFiles%\WindowsApps" /setintegritylevel H 
icacls "%ProgramFiles%\WindowsApps" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%ProgramFiles%\WindowsApps" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%ProgramFiles%\WindowsApps" /grant:r Administrators:RX 
icacls "%ProgramFiles%\WindowsApps"

takeown /F "%ProgramFiles%\WindowsApps" /A
icacls "%ProgramFiles%\WindowsApps" /grant Administrators:F
icacls "%ProgramFiles%\WindowsApps" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%ProgramFiles%\WindowsApps" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%ProgramFiles%\WindowsApps" /grant:r Administrators:RX
icacls "%ProgramFiles%\WindowsApps"

echo 자격증명 UI 'H'로 하면 지문 인식이 안된다. 장점은 H로 했을때 virtualapp/didogical가 생성 되지 않는다.
icacls "%windir%\System32\netplwiz.exe" 
takeown /F "%windir%\System32\netplwiz.exe" /A
icacls "%windir%\System32\netplwiz.exe" /grant Administrators:F
icacls "%windir%\System32\netplwiz.exe" /setintegritylevel M
icacls "%windir%\System32\netplwiz.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\netplwiz.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\netplwiz.exe" /grant:r Administrators:RX

echo 등록한거 삭제
icacls "%windir%\System32\netplwiz.exe" 
takeown /F "%windir%\System32\netplwiz.exe" /A
icacls "%windir%\System32\netplwiz.exe" /grant Administrators:F
icacls "%windir%\System32\netplwiz.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\netplwiz.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\netplwiz.exe" /grant:r Administrators:RX

echo 다른 자격증명
icacls "%windir%\System32\CredentialEnrollmentManager.exe" 
takeown /F "%windir%\System32\CredentialEnrollmentManager.exe" /A
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /grant Administrators:F
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /setintegritylevel H
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /grant:r Administrators:RX

echo 등록한거 삭제
icacls "%windir%\System32\CredentialEnrollmentManager.exe" 
takeown /F "%windir%\System32\CredentialEnrollmentManager.exe" /A
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /grant Administrators:F
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /grant:r Administrators:RX

echo https://cafe.daum.net/candan/BLQD/55 UMFD-0 UMFD-1 문제로 시도해봄 

icacls "%windir%\System32\Fontdrvhost.exe"
takeown /F "%windir%\System32\Fontdrvhost.exe" /A
icacls "%windir%\System32\Fontdrvhost.exe" /grant Administrators:F
icacls "%windir%\System32\Fontdrvhost.exe" /setintegritylevel H 
icacls "%windir%\System32\Fontdrvhost.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\Fontdrvhost.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\Fontdrvhost.exe" /grant:r Administrators:RX 
icacls "%windir%\System32\Fontdrvhost.exe"


icacls "%windir%\System32\Fontdrvhost.exe" 
takeown /F "%windir%\System32\Fontdrvhost.exe" /A
icacls "%windir%\System32\Fontdrvhost.exe" /grant Administrators:F
icacls "%windir%\System32\Fontdrvhost.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\Fontdrvhost.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\Fontdrvhost.exe" /grant:r Administrators:RX

실험중 일뿐이다 하지 마라 

echo 로그온

icacls "%windir%\System32\winlogon.exe"
takeown /F "%windir%\System32\winlogon.exe" /A
icacls "%windir%\System32\winlogon.exe" /grant Administrators:F
icacls "%windir%\System32\winlogon.exe" /setintegritylevel H 
icacls "%windir%\System32\winlogon.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"

icacls "%windir%\System32\winlogon.exe" /deny "UMFD-1:F" "UMFD-0:F"
icacls "%windir%\System32\winlogon.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\winlogon.exe" /grant:r Administrators:RX 
icacls "%windir%\System32\winlogon.exe"


icacls "%windir%\System32\winlogon.exe" 
takeown /F "%windir%\System32\winlogon.exe" /A
icacls "%windir%\System32\winlogon.exe" /grant Administrators:F
icacls "%windir%\System32\winlogon.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"

icacls "%windir%\System32\winlogon.exe" /remove "UMFD-1" "UMFD-0"
icacls "%windir%\System32\winlogon.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\winlogon.exe" /grant:r Administrators:RX

echo 이렇게 하면 지문 인식이 안된다 그리고 UMFD 차단 되지 않는다 ㅎ 실패 

icacls "%windir%\System32\wininit.exe"
takeown /F "%windir%\System32\wininit.exe" /A
icacls "%windir%\System32\wininit.exe" /grant Administrators:F
icacls "%windir%\System32\wininit.exe" /setintegritylevel H 
icacls "%windir%\System32\wininit.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\wininit.exe" /deny "UMFD-1:F" "UMFD-0:F"
icacls "%windir%\System32\wininit.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\wininit.exe" /grant:r Administrators:RX 
icacls "%windir%\System32\wininit.exe"


icacls "%windir%\System32\wininit.exe" 
takeown /F "%windir%\System32\wininit.exe" /A
icacls "%windir%\System32\wininit.exe" /grant Administrators:F
icacls "%windir%\System32\wininit.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\wininit.exe" /remove "UMFD-1" "UMFD-0"
icacls "%windir%\System32\wininit.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\wininit.exe" /grant:r Administrators:RX

echo System imap 붙는 것 때문에 
icacls "%windir%\System32\ntoskrnl.exe" 
takeown /F "%windir%\System32\ntoskrnl.exe" /A
icacls "%windir%\System32\ntoskrnl.exe" /grant Administrators:F
icacls "%windir%\System32\ntoskrnl.exe" /setintegritylevel H
icacls "%windir%\System32\ntoskrnl.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\ntoskrnl.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\ntoskrnl.exe" /grant:r Administrators:RX

echo 등록한거 삭제 
takeown /F "%windir%\System32\ntoskrnl.exe" /A
icacls "%windir%\System32\ntoskrnl.exe" /grant Administrators:F
icacls "%windir%\System32\ntoskrnl.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\ntoskrnl.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\ntoskrnl.exe" /grant:r Administrators:RX
icacls "%windir%\System32\ntoskrnl.exe"  

echo 창관리자 해킹 의심 
icacls "%windir%\System32\dwm.exe" 
takeown /F "%windir%\System32\dwm.exe" /A
icacls "%windir%\System32\dwm.exe" /grant Administrators:F
icacls "%windir%\System32\dwm.exe" /setintegritylevel H
icacls "%windir%\System32\dwm.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\dwm.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\dwm.exe" /grant:r Administrators:RX
icacls "%windir%\System32\dwm.exe" 

echo 등록한거 삭제 
takeown /F "%windir%\System32\dwm.exe" /A
icacls "%windir%\System32\dwm.exe" /grant Administrators:F
icacls "%windir%\System32\dwm.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\dwm.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\dwm.exe" /grant:r Administrators:RX
icacls "%windir%\System32\dwm.exe"  

echo 블루투스 해킹 의심 
icacls "%windir%\System32\fsquirt.exe" 
takeown /F "%windir%\System32\fsquirt.exe" /A
icacls "%windir%\System32\fsquirt.exe" /grant Administrators:F
icacls "%windir%\System32\fsquirt.exe" /setintegritylevel H
icacls "%windir%\System32\fsquirt.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\fsquirt.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\fsquirt.exe" /grant:r Administrators:RX
icacls "%windir%\System32\fsquirt.exe" 

echo 등록한거 삭제 
takeown /F "%windir%\System32\fsquirt.exe" /A
icacls "%windir%\System32\fsquirt.exe" /grant Administrators:F
icacls "%windir%\System32\fsquirt.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\fsquirt.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\fsquirt.exe" /grant:r Administrators:RX
icacls "%windir%\System32\fsquirt.exe"   


echo 폴더표시 확인 난 해킹 의심 
icacls "%windir%\System32\OpenWith.exe" 
takeown /F "%windir%\System32\OpenWith.exe" /A
icacls "%windir%\System32\OpenWith.exe" /grant Administrators:F
icacls "%windir%\System32\OpenWith.exe" /setintegritylevel H
icacls "%windir%\System32\OpenWith.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\OpenWith.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\OpenWith.exe" /grant:r Administrators:RX
icacls "%windir%\System32\OpenWith.exe" 

echo 등록한거 삭제 
takeown /F "%windir%\System32\OpenWith.exe" /A
icacls "%windir%\System32\OpenWith.exe" /grant Administrators:F
icacls "%windir%\System32\OpenWith.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\OpenWith.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\OpenWith.exe" /grant:r Administrators:RX
icacls "%windir%\System32\OpenWith.exe"   


echo 김프 실행 파일 친구로 실행? 해킹 의심 
icacls "%localappdata%\Programs\GIMP 2" 
takeown /F "%localappdata%\Programs\GIMP 2" /A
icacls "%localappdata%\Programs\GIMP 2" /grant Administrators:F
icacls "%localappdata%\Programs\GIMP 2" /setintegritylevel H
icacls "%localappdata%\Programs\GIMP 2" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%localappdata%\Programs\GIMP 2" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%localappdata%\Programs\GIMP 2" /grant:r Administrators:RX
icacls "%localappdata%\Programs\GIMP 2" 

echo 등록한거 삭제 
takeown /F "%localappdata%\Programs\GIMP 2" /A
icacls "%localappdata%\Programs\GIMP 2" /grant Administrators:F
icacls "%localappdata%\Programs\GIMP 2" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%localappdata%\Programs\GIMP 2" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%localappdata%\Programs\GIMP 2" /grant:r Administrators:RX
icacls "%localappdata%\Programs\GIMP 2"   

S-1-5-17 기본 IIS 사용자
S-1-5-32-568 IIS 구릅 Builtin\IIS_IUSRS
S-1-5-2 네트워크

echo Advapi 해킹 의심  "*S-1-0-0" 를 등록 하면 지문인식이 안된다 "*S-1-5-7" 익명성 
icacls "%windir%\System32\services.exe" 
takeown /F "%windir%\System32\services.exe" /A
icacls "%windir%\System32\services.exe" /grant Administrators:F
icacls "%windir%\System32\services.exe" /setintegritylevel L
icacls "%windir%\System32\services.exe" /deny "*S-1-5-32-568:F" "*S-1-5-17:F" "Guest:F" "*S-1-5-32-546:F" "*S-1-5-2:F"
icacls "%windir%\System32\services.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\services.exe" /grant:r Administrators:RX
icacls "%windir%\System32\services.exe" 

echo 등록한거 삭제 
takeown /F "%windir%\System32\services.exe" /A
icacls "%windir%\System32\services.exe" /grant Administrators:F
icacls "%windir%\System32\services.exe" /remove "*S-1-5-32-568" "*S-1-5-17" "Guest" "*S-1-5-32-546" "*S-1-5-2"
icacls "%windir%\System32\services.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\services.exe" /grant:r Administrators:RX
icacls "%windir%\System32\services.exe"   

echo 해커가 explorer.exe 켜는 문제.
icacls "%windir%\explorer.exe" 
takeown /F "%windir%\explorer.exe" /A
icacls "%windir%\explorer.exe" /grant Administrators:F
icacls "%windir%\explorer.exe" /setintegritylevel H
icacls "%windir%\explorer.exe" /deny "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\explorer.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\explorer.exe" /grant:r Administrators:RX
icacls "%windir%\explorer.exe" 

echo 등록한거 삭제 
takeown /F "%windir%\explorer.exe" /A
icacls "%windir%\explorer.exe" /grant Administrators:F
icacls "%windir%\explorer.exe" /remove "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\explorer.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\explorer.exe" /grant:r Administrators:RX
icacls "%windir%\explorer.exe"   

echo 사용자키 켜는 문제 해커가 이것 부터 켜는 것 같다.
icacls "%windir%\System32\CredentialEnrollmentManager.exe" 
takeown /F "%windir%\System32\CredentialEnrollmentManager.exe" /A
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /grant Administrators:F
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /deny "*S-1-5-32-568:F" "*S-1-5-17:F" "Guest:F" "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F"
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /setintegritylevel H
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /grant:r Administrators:RX
icacls "%windir%\System32\CredentialEnrollmentManager.exe" 

echo icacls "%windir%\System32\CredentialEnrollmentManager.exe" /setintegritylevel H
echo icacls "%windir%\System32\CredentialEnrollmentManager.exe" /setintegritylevel L

icacls "%windir%\System32\CredentialEnrollmentManager.exe" 
takeown /F "%windir%\System32\CredentialEnrollmentManager.exe" /A
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /grant Administrators:F
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /remove "*S-1-5-32-568" "*S-1-5-17" "Guest" "*S-1-5-32-546" "*S-1-0-0" "*S-1-5-7"
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /setowner "NT SERVICE\TrustedInstaller" 
icacls "%windir%\System32\CredentialEnrollmentManager.exe" /grant:r Administrators:RX
icacls "%windir%\System32\CredentialEnrollmentManager.exe"