From 07c4fcdc7466aca2c3d62a9c3f741f5d89d1606b Mon Sep 17 00:00:00 2001
From: WindowsAddict <windowsaddict@protonmail.com>
Date: Thu, 18 Jul 2024 04:36:50 +0530
Subject: [PATCH] Improve error check of SPP in HKU\S-1-5-20
---
.../Activators/HWID_Activation.cmd | 31 ++++++++++---------
.../Activators/KMS38_Activation.cmd | 31 ++++++++++---------
.../Activators/Ohook_Activation_AIO.cmd | 31 ++++++++++---------
.../Activators/Online_KMS_Activation.cmd | 31 ++++++++++---------
4 files changed, 68 insertions(+), 56 deletions(-)
diff --git a/MAS/Separate-Files-Version/Activators/HWID_Activation.cmd b/MAS/Separate-Files-Version/Activators/HWID_Activation.cmd
index 862099d..71b0653 100644
--- a/MAS/Separate-Files-Version/Activators/HWID_Activation.cmd
+++ b/MAS/Separate-Files-Version/Activators/HWID_Activation.cmd
@@ -1327,14 +1327,7 @@ echo Checking Eval WLMS Service [Found]
)
-reg query "HKU\S-1-5-20" %nul% && (
-if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
-set error=1
-call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
-set fixes=%fixes% %mas%troubleshoot
-call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
-)
-) || (
+reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
set error=1
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
@@ -1431,25 +1424,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
)
-:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
+:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
set permerror=
-if not exist "%tokenstore%\" set permerror=1
-if %winbuild% GEQ 9200 for %%# in (
+if %winbuild% GEQ 9200 (
+for %%# in (
"%tokenstore%+FullControl"
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
-if !errorlevel!==2 set permerror=1
+if !errorlevel!==2 set permerror=Error_Found
)
-if %winbuild% GEQ 9200 if defined permerror (
+if not defined permerror (
+reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
+set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
+reg query "!pol!" %nul% || reg add "!pol!" %nul%
+%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
+if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
+)
+)
+
+if defined permerror (
set error=1
-call :dk_color %Red% "Checking SPP Permissions [Error Found]"
+call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
set showfix=1
)
+)
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
diff --git a/MAS/Separate-Files-Version/Activators/KMS38_Activation.cmd b/MAS/Separate-Files-Version/Activators/KMS38_Activation.cmd
index 846e657..d89e2b5 100644
--- a/MAS/Separate-Files-Version/Activators/KMS38_Activation.cmd
+++ b/MAS/Separate-Files-Version/Activators/KMS38_Activation.cmd
@@ -1465,14 +1465,7 @@ echo Checking Eval WLMS Service [Found]
)
-reg query "HKU\S-1-5-20" %nul% && (
-if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
-set error=1
-call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
-set fixes=%fixes% %mas%troubleshoot
-call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
-)
-) || (
+reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
set error=1
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
@@ -1569,25 +1562,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
)
-:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
+:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
set permerror=
-if not exist "%tokenstore%\" set permerror=1
-if %winbuild% GEQ 9200 for %%# in (
+if %winbuild% GEQ 9200 (
+for %%# in (
"%tokenstore%+FullControl"
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
-if !errorlevel!==2 set permerror=1
+if !errorlevel!==2 set permerror=Error_Found
)
-if %winbuild% GEQ 9200 if defined permerror (
+if not defined permerror (
+reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
+set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
+reg query "!pol!" %nul% || reg add "!pol!" %nul%
+%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
+if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
+)
+)
+
+if defined permerror (
set error=1
-call :dk_color %Red% "Checking SPP Permissions [Error Found]"
+call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
set showfix=1
)
+)
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
diff --git a/MAS/Separate-Files-Version/Activators/Ohook_Activation_AIO.cmd b/MAS/Separate-Files-Version/Activators/Ohook_Activation_AIO.cmd
index b6843b3..2f090f5 100644
--- a/MAS/Separate-Files-Version/Activators/Ohook_Activation_AIO.cmd
+++ b/MAS/Separate-Files-Version/Activators/Ohook_Activation_AIO.cmd
@@ -1777,14 +1777,7 @@ echo Checking Eval WLMS Service [Found]
)
-reg query "HKU\S-1-5-20" %nul% && (
-if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
-set error=1
-call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
-set fixes=%fixes% %mas%troubleshoot
-call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
-)
-) || (
+reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
set error=1
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
@@ -1881,25 +1874,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
)
-:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
+:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
set permerror=
-if not exist "%tokenstore%\" set permerror=1
-if %winbuild% GEQ 9200 for %%# in (
+if %winbuild% GEQ 9200 (
+for %%# in (
"%tokenstore%+FullControl"
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
-if !errorlevel!==2 set permerror=1
+if !errorlevel!==2 set permerror=Error_Found
)
-if %winbuild% GEQ 9200 if defined permerror (
+if not defined permerror (
+reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
+set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
+reg query "!pol!" %nul% || reg add "!pol!" %nul%
+%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
+if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
+)
+)
+
+if defined permerror (
set error=1
-call :dk_color %Red% "Checking SPP Permissions [Error Found]"
+call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
set showfix=1
)
+)
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
diff --git a/MAS/Separate-Files-Version/Activators/Online_KMS_Activation.cmd b/MAS/Separate-Files-Version/Activators/Online_KMS_Activation.cmd
index 401d812..aae5e2a 100644
--- a/MAS/Separate-Files-Version/Activators/Online_KMS_Activation.cmd
+++ b/MAS/Separate-Files-Version/Activators/Online_KMS_Activation.cmd
@@ -2778,14 +2778,7 @@ echo Checking Eval WLMS Service [Found]
)
-reg query "HKU\S-1-5-20" %nul% && (
-if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
-set error=1
-call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
-set fixes=%fixes% %mas%troubleshoot
-call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
-)
-) || (
+reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
set error=1
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
set fixes=%fixes% %mas%troubleshoot
@@ -2882,25 +2875,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
)
-:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
+:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
set permerror=
-if not exist "%tokenstore%\" set permerror=1
-if %winbuild% GEQ 9200 for %%# in (
+if %winbuild% GEQ 9200 (
+for %%# in (
"%tokenstore%+FullControl"
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
-if !errorlevel!==2 set permerror=1
+if !errorlevel!==2 set permerror=Error_Found
)
-if %winbuild% GEQ 9200 if defined permerror (
+if not defined permerror (
+reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
+set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
+reg query "!pol!" %nul% || reg add "!pol!" %nul%
+%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
+if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
+)
+)
+
+if defined permerror (
set error=1
-call :dk_color %Red% "Checking SPP Permissions [Error Found]"
+call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
set showfix=1
)
+)
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before