Pastebin
Retrouvez, créez et partagez vos snippets en temps réel.
Rechercher un Pastebin
Aucun paste trouvé.
Créer un paste
Pastebin
Blog
Vb
# lock_peda_ntfs_WORKING.ps1 # A lancer en tant qu'ADMINISTRATEUR # Vérifier admin $principal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) if (-not $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)) { Write-Error "Merci de lancer ce script en administrateur." exit 1 } Write-Host "=== Création des groupes Eleves / Profs / AdminPedago ===" function Ensure-LocalGroup { param([string]$Name) if (-not (Get-LocalGroup -Name $Name -ErrorAction SilentlyContinue)) { net localgroup "$Name" /add | Out-Null Write-Host "[OK] Groupe créé : $Name" } else { Write-Host "[OK] Groupe déjà présent : $Name" } } Ensure-LocalGroup "Eleves" Ensure-LocalGroup "Profs" Ensure-LocalGroup "AdminPedago" Write-Host "`n=== Création comptes eleve / prof ===" function Ensure-LocalUser { param([string]$UserName, [string]$Password, [string]$GroupName) if (-not (Get-LocalUser -Name $UserName -ErrorAction SilentlyContinue)) { net user "$UserName" "$Password" /add /y /passwordchg:no /passwordreq:yes | Out-Null Write-Host "[OK] Compte créé : $UserName" } else { Write-Host "[OK] Compte déjà existant : $UserName" } net localgroup "$GroupName" "$UserName" /add | Out-Null net localgroup "Users" "$UserName" /add | Out-Null } Ensure-LocalUser "eleve" "eleve" "Eleves" Ensure-LocalUser "prof" "prof" "Profs" Write-Host "`n=== Blocage NTFS — outils Windows ===" # SIDs PROTÉGÉS EN STRING LITTERALE => AUCUNE ERREUR POSSIBLE $SIDAdmins = '*S-1-5-32-544' $SIDSystem = 'SYSTEM' $SIDUsers = '*S-1-5-32-545' $SIDAuthUsers = '*S-1-5-11' $SIDEveryone = '*S-1-1-0' # Programmes Windows à bloquer $targets = @( "$env:WINDIR\System32\cmd.exe", "$env:WINDIR\System32\WindowsPowerShell\v1.0\powershell.exe", "$env:WINDIR\System32\WindowsPowerShell\v1.0\powershell_ise.exe", "$env:WINDIR\regedit.exe", "$env:WINDIR\System32\mmc.exe", "$env:WINDIR\System32\taskmgr.exe", "$env:WINDIR\System32\control.exe", "$env:WINDIR\ImmersiveControlPanel\SystemSettings.exe" ) foreach ($t in $targets) { if (-not (Test-Path $t)) { Write-Warning "[SKIP] Introuvable : $t" continue } Write-Host "[*] Durcissement : $t" # 1 : Prendre possession Start-Process -FilePath "takeown.exe" -ArgumentList "/F `"$t`" /A" -Wait -NoNewWindow # 2 : Donner Full aux admins pour réparer ACL Start-Process -FilePath "icacls.exe" -ArgumentList "`"$t`" /grant:r '$SIDAdmins:(F)'" -Wait -NoNewWindow # 3 : Enlever les droits aux Users / Auth Users / Everyone Start-Process -FilePath "icacls.exe" -ArgumentList "`"$t`" /remove '$SIDUsers' '$SIDAuthUsers' '$SIDEveryone'" -Wait -NoNewWindow # 4 : Désactiver héritage Start-Process -FilePath "icacls.exe" -ArgumentList "`"$t`" /inheritance:d" -Wait -NoNewWindow # 5 : ACL propres : SYSTEM full, ADMIN lecture/exécution Start-Process -FilePath "icacls.exe" -ArgumentList "`"$t`" /grant:r '$SIDSystem:(F)' '$SIDAdmins:(RX)'" -Wait -NoNewWindow Write-Host " → [OK] Bloqué pour NON-admins" } Write-Host "`n=== FIN ===" Write-Host "Non-admin = Bloqué : CMD, PowerShell, Regedit, MMC, Taskmgr, Paramètres, Panneau de config." Write-Host "Non-admin = Autorisé : Explorer, apps du bureau, fichiers." Write-Host "Admin = accès complet."
Créé il y a 2 mois.
