Improve error check of SPP in HKU\S-1-5-20
This commit is contained in:
parent
962f7e326a
commit
07c4fcdc74
|
@ -1327,14 +1327,7 @@ echo Checking Eval WLMS Service [Found]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
reg query "HKU\S-1-5-20" %nul% && (
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
|
||||||
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
|
|
||||||
set error=1
|
|
||||||
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
|
|
||||||
set fixes=%fixes% %mas%troubleshoot
|
|
||||||
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
||||||
)
|
|
||||||
) || (
|
|
||||||
set error=1
|
set error=1
|
||||||
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
||||||
set fixes=%fixes% %mas%troubleshoot
|
set fixes=%fixes% %mas%troubleshoot
|
||||||
|
@ -1431,25 +1424,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
||||||
|
|
||||||
set permerror=
|
set permerror=
|
||||||
if not exist "%tokenstore%\" set permerror=1
|
if %winbuild% GEQ 9200 (
|
||||||
if %winbuild% GEQ 9200 for %%# in (
|
for %%# in (
|
||||||
"%tokenstore%+FullControl"
|
"%tokenstore%+FullControl"
|
||||||
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
||||||
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
||||||
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
||||||
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
||||||
if !errorlevel!==2 set permerror=1
|
if !errorlevel!==2 set permerror=Error_Found
|
||||||
)
|
)
|
||||||
|
|
||||||
if %winbuild% GEQ 9200 if defined permerror (
|
if not defined permerror (
|
||||||
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
|
||||||
|
set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
|
||||||
|
reg query "!pol!" %nul% || reg add "!pol!" %nul%
|
||||||
|
%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
|
||||||
|
if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
if defined permerror (
|
||||||
set error=1
|
set error=1
|
||||||
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
|
call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
|
||||||
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
||||||
set showfix=1
|
set showfix=1
|
||||||
)
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
||||||
|
|
|
@ -1465,14 +1465,7 @@ echo Checking Eval WLMS Service [Found]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
reg query "HKU\S-1-5-20" %nul% && (
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
|
||||||
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
|
|
||||||
set error=1
|
|
||||||
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
|
|
||||||
set fixes=%fixes% %mas%troubleshoot
|
|
||||||
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
||||||
)
|
|
||||||
) || (
|
|
||||||
set error=1
|
set error=1
|
||||||
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
||||||
set fixes=%fixes% %mas%troubleshoot
|
set fixes=%fixes% %mas%troubleshoot
|
||||||
|
@ -1569,25 +1562,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
||||||
|
|
||||||
set permerror=
|
set permerror=
|
||||||
if not exist "%tokenstore%\" set permerror=1
|
if %winbuild% GEQ 9200 (
|
||||||
if %winbuild% GEQ 9200 for %%# in (
|
for %%# in (
|
||||||
"%tokenstore%+FullControl"
|
"%tokenstore%+FullControl"
|
||||||
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
||||||
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
||||||
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
||||||
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
||||||
if !errorlevel!==2 set permerror=1
|
if !errorlevel!==2 set permerror=Error_Found
|
||||||
)
|
)
|
||||||
|
|
||||||
if %winbuild% GEQ 9200 if defined permerror (
|
if not defined permerror (
|
||||||
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
|
||||||
|
set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
|
||||||
|
reg query "!pol!" %nul% || reg add "!pol!" %nul%
|
||||||
|
%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
|
||||||
|
if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
if defined permerror (
|
||||||
set error=1
|
set error=1
|
||||||
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
|
call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
|
||||||
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
||||||
set showfix=1
|
set showfix=1
|
||||||
)
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
||||||
|
|
|
@ -1777,14 +1777,7 @@ echo Checking Eval WLMS Service [Found]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
reg query "HKU\S-1-5-20" %nul% && (
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
|
||||||
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
|
|
||||||
set error=1
|
|
||||||
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
|
|
||||||
set fixes=%fixes% %mas%troubleshoot
|
|
||||||
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
||||||
)
|
|
||||||
) || (
|
|
||||||
set error=1
|
set error=1
|
||||||
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
||||||
set fixes=%fixes% %mas%troubleshoot
|
set fixes=%fixes% %mas%troubleshoot
|
||||||
|
@ -1881,25 +1874,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
||||||
|
|
||||||
set permerror=
|
set permerror=
|
||||||
if not exist "%tokenstore%\" set permerror=1
|
if %winbuild% GEQ 9200 (
|
||||||
if %winbuild% GEQ 9200 for %%# in (
|
for %%# in (
|
||||||
"%tokenstore%+FullControl"
|
"%tokenstore%+FullControl"
|
||||||
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
||||||
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
||||||
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
||||||
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
||||||
if !errorlevel!==2 set permerror=1
|
if !errorlevel!==2 set permerror=Error_Found
|
||||||
)
|
)
|
||||||
|
|
||||||
if %winbuild% GEQ 9200 if defined permerror (
|
if not defined permerror (
|
||||||
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
|
||||||
|
set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
|
||||||
|
reg query "!pol!" %nul% || reg add "!pol!" %nul%
|
||||||
|
%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
|
||||||
|
if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
if defined permerror (
|
||||||
set error=1
|
set error=1
|
||||||
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
|
call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
|
||||||
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
||||||
set showfix=1
|
set showfix=1
|
||||||
)
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
||||||
|
|
|
@ -2778,14 +2778,7 @@ echo Checking Eval WLMS Service [Found]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
reg query "HKU\S-1-5-20" %nul% && (
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% || (
|
||||||
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
|
|
||||||
set error=1
|
|
||||||
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
|
|
||||||
set fixes=%fixes% %mas%troubleshoot
|
|
||||||
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
||||||
)
|
|
||||||
) || (
|
|
||||||
set error=1
|
set error=1
|
||||||
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
||||||
set fixes=%fixes% %mas%troubleshoot
|
set fixes=%fixes% %mas%troubleshoot
|
||||||
|
@ -2882,25 +2875,35 @@ call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
:: This code checks if SPP has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
||||||
|
|
||||||
set permerror=
|
set permerror=
|
||||||
if not exist "%tokenstore%\" set permerror=1
|
if %winbuild% GEQ 9200 (
|
||||||
if %winbuild% GEQ 9200 for %%# in (
|
for %%# in (
|
||||||
"%tokenstore%+FullControl"
|
"%tokenstore%+FullControl"
|
||||||
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
||||||
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
||||||
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
||||||
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
||||||
if !errorlevel!==2 set permerror=1
|
if !errorlevel!==2 set permerror=Error_Found
|
||||||
)
|
)
|
||||||
|
|
||||||
if %winbuild% GEQ 9200 if defined permerror (
|
if not defined permerror (
|
||||||
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion" %nul% && (
|
||||||
|
set "pol=HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
|
||||||
|
reg query "!pol!" %nul% || reg add "!pol!" %nul%
|
||||||
|
%psc% "$acl = (Get-Acl 'Registry::!pol!' | fl | Out-String); if (-not ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Allow FullControl') -or ($acl -match 'NT AUTHORITY\\NETWORK SERVICE Deny')) {Exit 3}" %nul%
|
||||||
|
if !errorlevel!==3 set "permerror=Error Found In S-1-5-20 SPP"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
if defined permerror (
|
||||||
set error=1
|
set error=1
|
||||||
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
|
call :dk_color %Red% "Checking SPP Permissions [!permerror!]"
|
||||||
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
||||||
set showfix=1
|
set showfix=1
|
||||||
)
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
||||||
|
|
Loading…
Reference in New Issue