Improve error check of SPP in HKU\S-1-5-20

pull/542/head
WindowsAddict
parent 962f7e326a
commit 07c4fcdc74

@ -1327,14 +1327,7 @@ echo Checking Eval WLMS Service [Found]
)
reg query "HKU\S-1-5-20" %nul% && (
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
set error=1
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
)
) || (
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
set error=1
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
@ -1431,25 +1424,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
)
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
set permerror=
if not exist "%tokenstore%\" set permerror=1
if %winbuild% GEQ 9200 for %%# in (
if %winbuild% GEQ 9200 (
for %%# in (
"%tokenstore%+FullControl"
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
if !errorlevel!==2 set permerror=1
if !errorlevel!==2 set permerror=Error_Found
)
if %winbuild% GEQ 9200 if defined permerror (
if not defined permerror (
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
reg query "!pol!" %nul% || reg add "!pol!" %nul%
%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
)
)
if defined permerror (
set error=1
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
set showfix=1
)
)
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before

@ -1465,14 +1465,7 @@ echo Checking Eval WLMS Service [Found]
)
reg query "HKU\S-1-5-20" %nul% && (
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
set error=1
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
)
) || (
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
set error=1
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
@ -1569,25 +1562,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
)
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
set permerror=
if not exist "%tokenstore%\" set permerror=1
if %winbuild% GEQ 9200 for %%# in (
if %winbuild% GEQ 9200 (
for %%# in (
"%tokenstore%+FullControl"
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
if !errorlevel!==2 set permerror=1
if !errorlevel!==2 set permerror=Error_Found
)
if %winbuild% GEQ 9200 if defined permerror (
if not defined permerror (
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
reg query "!pol!" %nul% || reg add "!pol!" %nul%
%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
)
)
if defined permerror (
set error=1
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
set showfix=1
)
)
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before

@ -1777,14 +1777,7 @@ echo Checking Eval WLMS Service [Found]
)
reg query "HKU\S-1-5-20" %nul% && (
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
set error=1
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
)
) || (
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
set error=1
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
@ -1881,25 +1874,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
)
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
set permerror=
if not exist "%tokenstore%\" set permerror=1
if %winbuild% GEQ 9200 for %%# in (
if %winbuild% GEQ 9200 (
for %%# in (
"%tokenstore%+FullControl"
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
if !errorlevel!==2 set permerror=1
if !errorlevel!==2 set permerror=Error_Found
)
if %winbuild% GEQ 9200 if defined permerror (
if not defined permerror (
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
reg query "!pol!" %nul% || reg add "!pol!" %nul%
%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
)
)
if defined permerror (
set error=1
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
set showfix=1
)
)
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before

@ -2778,14 +2778,7 @@ echo Checking Eval WLMS Service [Found]
)
reg query "HKU\S-1-5-20" %nul% && (
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
set error=1
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
)
) || (
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
set error=1
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
@ -2882,25 +2875,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
)
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
set permerror=
if not exist "%tokenstore%\" set permerror=1
if %winbuild% GEQ 9200 for %%# in (
if %winbuild% GEQ 9200 (
for %%# in (
"%tokenstore%+FullControl"
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
if !errorlevel!==2 set permerror=1
if !errorlevel!==2 set permerror=Error_Found
)
if %winbuild% GEQ 9200 if defined permerror (
if not defined permerror (
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
reg query "!pol!" %nul% || reg add "!pol!" %nul%
%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
)
)
if defined permerror (
set error=1
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
set showfix=1
)
)
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before

Loading…
Cancel
Save