Mirrors/Microsoft-Activation-Scripts
1
0
Fork 0
mirror of https://github.com/massgravel/Microsoft-Activation-Scripts.git synced 2025-05-28 06:13:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

1.7

Browse source
This commit is contained in:
DESKTOP-AJSJJMA\Admin 2022-11-07 12:33:01 -08:00
parent d17d7496e0
commit bc8ae03488
13 changed files with 3743 additions and 5910 deletions
Download patch file Download diff file Expand all files Collapse all files

584
MAS/Separate-Files-Version/Activation_Troubleshoot.cmd
View file

@ -55,8 +55,7 @@ if not %errorlevel%==0 (
echo:
echo Error: This is not a correct file. It has LF line ending issue.
echo:
echo Press any key to exit...
pause >nul
ping 127.0.0.1 -n 6 > nul
popd
exit /b
)
@ -86,6 +85,7 @@ set cbs_log=%SystemRoot%\logs\cbs\cbs.log
set "nceline=echo: &echo ==== ERROR ==== &echo:"
set "eline=echo: &call :_color %Red% "==== ERROR ====" &echo:"
set "line=_________________________________________________________________________________________________"
if %~z0 GEQ 200000 (set "_exitmsg=Go back") else (set "_exitmsg=Exit")
::========================================================================================================================================
@ -135,7 +135,7 @@ goto at_done
:: Elevate script as admin and pass arguments and preventing loop
%nul% reg query HKU\S-1-5-19 || (
>nul fltmc || (
if not defined _elev %nul% %psc% "start cmd.exe -arg '/c \"!_PSarg:'=''!\"' -verb runas" && exit /b
%nceline%
echo This script require administrator privileges.
@ -170,33 +170,43 @@ color 07
title Activation Troubleshoot
mode con cols=77 lines=30
echo:
echo:
echo:
echo:
echo: _______________________________________________________________
echo:
echo: [1] ReadMe
echo: ___________________________________________________
call :_color2 %_White% " [1] " %_Green% "Help"
echo: ___________________________________________________
echo:
echo: [2] Dism RestoreHealth
echo: [3] SFC Scannow
echo:
echo: [2] Dism RestoreHealth
echo: [3] SFC Scannow
echo:
echo: [4] Rebuild Licensing Tokens
echo: [5] Clear Office vNext License
echo: ___________________________________________________
echo: [5] Rebuild ClipSVC Licences
echo: [6] Clear Office vNext Licences
echo: ___________________________________________________
echo:
echo: [6] Solution: Office is not genuine banner
echo: [0] Exit
echo: [7] Rebuild WMI Repository
echo: [8] Fix: Issues Caused By Gaming Spoofers
echo: [9] Fix: Issues Caused By KB971033 In Windows 7
echo: [G] Fix: Office Is Not Genuine Banner
echo: [E] Export Event Viewer Logs
echo: ___________________________________________________
echo:
echo: [0] %_exitmsg%
echo: _______________________________________________________________
echo:
call :_color2 %_White% " " %_Green% "Enter a menu option in the Keyboard :"
choice /C:1234560 /N
choice /C:123456789GE0 /N
set _erl=%errorlevel%
if %_erl%==7 exit /b
if %_erl%==6 start https://massgrave.dev/office-license-is-not-genuine &goto at_menu
if %_erl%==5 goto:clearvnext
if %_erl%==12 exit /b
if %_erl%==11 goto:exportevtlogs
if %_erl%==10 start https://massgrave.dev/office-license-is-not-genuine &goto at_menu
if %_erl%==9 goto:fixwindows7
if %_erl%==8 goto:fixspoofer
if %_erl%==7 goto:rewmi
if %_erl%==6 goto:clearvnext
if %_erl%==5 goto:reclipsvc
if %_erl%==4 goto:retokens
if %_erl%==3 goto:sfcscan
if %_erl%==2 goto:dism_rest
@ -242,7 +252,7 @@ call :_color2 %_White% " - " %Gray% "Make sure the Windows update is properl
echo:
echo %line%
echo:
choice /C:29 /N /M "> [9] Continue [2] Go back : "
choice /C:09 /N /M "> [9] Continue [0] Go back : "
if %errorlevel%==1 goto at_menu
cls
@ -260,12 +270,6 @@ echo dism /online /cleanup-image /restorehealth /Logpath:"%SystemRoot%\Temp\RHea
echo:
dism /online /cleanup-image /restorehealth /Logpath:"%SystemRoot%\Temp\RHealth_DISM_%_time%.txt" /loglevel:4
if not exist "!desktop!\" (
echo:
call :_color %Red% "Desktop location is not detected. Failed to copy logs on the dekstop."
goto :at_back
)
if not exist "!desktop!\AT_Logs\" md "!desktop!\AT_Logs\" %nul%
copy /y /b "%SystemRoot%\Temp\RHealth_DISM_%_time%.txt" "!desktop!\AT_Logs\RHealth_DISM_%_time%.txt" %nul%
copy /y /b "%cbs_log%" "!desktop!\AT_Logs\RHealth_CBS_%_time%.txt" %nul%
@ -295,7 +299,7 @@ echo restarting the PC after each time to completely fix everything that it
echo:
echo %line%
echo:
choice /C:29 /N /M "> [9] Continue [2] Go back : "
choice /C:09 /N /M "> [9] Continue [0] Go back : "
if %errorlevel%==1 goto at_menu
cls
@ -312,12 +316,6 @@ echo sfc /scannow
echo:
sfc /scannow
if not exist "!desktop!\" (
echo:
call :_color %Red% "Desktop location is not detected. Failed to copy logs on the dekstop."
goto :at_back
)
if not exist "!desktop!\AT_Logs\" md "!desktop!\AT_Logs\" %nul%
copy /y /b "%cbs_log%" "!desktop!\AT_Logs\SFC_CBS_%_time%.txt" %nul%
@ -346,15 +344,10 @@ echo - KMS option activated Office but Office activation page is not sh
echo:
echo %line%
echo:
choice /C:29 /N /M "> [9] Continue [2] Go back : "
choice /C:09 /N /M "> [9] Continue [0] Go back : "
if %errorlevel%==1 goto at_menu
cls
mode con cols=115 lines=32
%nul% %psc% "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=200;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
echo:
echo %line%
echo:
@ -362,16 +355,30 @@ call :_color %Magenta% "Clearing Office vNext License"
echo:
setlocal DisableDelayedExpansion
set "_locl=%LocalAppData%\Microsoft\Office\Licenses"
set "_Local=%LocalAppData%"
setlocal EnableDelayedExpansion
call :cleanfolder
set "_locl=%ProgramData%\Microsoft\Office\Licenses"
call :cleanfolder
attrib -R "!ProgramData!\Microsoft\Office\Licenses" %nul%
attrib -R "!_Local!\Microsoft\Office\Licenses" %nul%
rd /s /q "!ProgramData!\Microsoft\Office\Licenses\" %nul%
rd /s /q "!_Local!\Microsoft\Office\Licenses\" %nul%
if exist "!ProgramData!\Microsoft\Office\Licenses\" (
echo Failed To Delete - !ProgramData!\Microsoft\Office\Licenses\
) else (
echo Deleted Folder - !ProgramData!\Microsoft\Office\Licenses\
)
if exist "!_Local!\Microsoft\Office\Licenses\" (
echo Failed To Delete - !_Local!\Microsoft\Office\Licenses\
) else (
echo Deleted Folder - !_Local!\Microsoft\Office\Licenses\
)
echo:
for %%# in (
HKCU\Software\Microsoft\Office\16.0\Common\Licensing
HKCU\Software\Microsoft\Office\16.0\Common\Identity
HKCU\Software\Microsoft\Office\16.0\Registration
) do (
reg query %%# %nul% && (
reg delete %%# /f %nul% && (
@ -380,32 +387,12 @@ echo Deleted Registry - %%#
echo Failed to Delete - %%#
)
) || (
echo Already Clean - %%#
echo Deleted Registry - %%#
)
)
goto :at_back
:cleanfolder
2>nul dir /b /a "!_locl!\*" | %nul% findstr "^" && (
pushd "!_locl!\" && (
del /S /F /Q "!_locl!\*"
for /F "delims=" %%i in ('dir /b') do (
RD /S /Q "%%i" %nul%
if not exist "!_locl!\%%i\" (
echo Deleted Folder - !_locl!\%%i
) else (
echo Failed To Delete - !_locl!\%%i
)
)
popd
)
) || (
echo Already Clean - !_locl!\
)
exit /b
::========================================================================================================================================
:retokens
@ -432,11 +419,12 @@ call :_color2 %_White% " - " %Red% "Apply it only when it is necessary."
echo:
echo %line%
echo:
choice /C:29 /N /M "> [9] Continue [2] Go back : "
choice /C:09 /N /M "> [9] Continue [0] Go back : "
if %errorlevel%==1 goto at_menu
cls
:cleanspptoken
echo:
echo %line%
echo:
@ -496,7 +484,7 @@ sc qc osppsvc %nul% || (
echo:
call :_color %Magenta% "OSPP based Office is not installed"
call :_color %Magenta% "Skipping rebuilding OSPP tokens"
goto :cleanclipsvc
goto :repairoffice
)
call :_color %Magenta% "Rebuilding OSPP Licensing Tokens"
@ -545,12 +533,6 @@ call :_color %Green% "tokens.dat file was rebuilt successfully."
::========================================================================================================================================
:cleanclipsvc
:: This section is removed
::========================================================================================================================================
:repairoffice
echo:
@ -597,10 +579,11 @@ set _86=HKLM\SOFTWARE\Wow6432Node\Microsoft\Office
%nul% reg query %_86%\ClickToRun /v InstallPath && (set "c2r16_86=Office 16.0 C2R x86" & set "c2r16repair86=%systemdrive%\Program Files\Microsoft Office 15\Client%arch%\OfficeClickToRun.exe")
set uwp16=
if %winbuild% GEQ 10240 reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msoxmled.exe" %nul% && (
if %winbuild% GEQ 10240 (
dir /b "%ProgramFiles%\WindowsApps\Microsoft.Office.Desktop*" %nul% && set uwp16=Office 16.0 UWP
dir /b "%ProgramW6432%\WindowsApps\Microsoft.Office.Desktop*" %nul% && set uwp16=Office 16.0 UWP
dir /b "%ProgramFiles(x86)%\WindowsApps\Microsoft.Office.Desktop*" %nul% && set uwp16=Office 16.0 UWP
%psc% "Get-AppxPackage -name "Microsoft.Office.Desktop"" | find /i "Office" 1>nul && set uwp16=Office 16.0 UWP
)
set /a counter=0
@ -645,7 +628,7 @@ goto :repairend
echo:
) else (
echo:
call :_color %_Yellow% "A Window will popup, in that Window you need to select Repair Option..."
call :_color %_Yellow% "A Window will popup, in that Window you need to select [Quick] Repair Option..."
call :_color %_Yellow% "Press any key to continue..."
echo:
pause >nul
@ -691,6 +674,405 @@ echo %line%
echo:
echo:
call :_color %Green% "Finished"
goto :at_back
::========================================================================================================================================
:reclipsvc
cls
mode 98, 30
title Rebuild ClipSVC Licences
if %winbuild% LSS 10240 (
%eline%
echo Unsupported OS version Detected.
echo This command is supported only for Windows 10/11 and their Server equivalent..
goto :at_back
)
echo:
echo %line%
echo:
echo Notes:
echo:
echo - Rebuilding ClipSVC Licences helps in troubleshooting HWID-KMS38 activation issues.
echo:
echo - Do not run this option unless you are having issues in HWID-KMS38 activation.
echo:
echo - System restart is recommended after applying it.
echo:
echo %line%
echo:
choice /C:09 /N /M "> [9] Continue [0] Go back : "
if %errorlevel%==1 goto at_menu
cls
echo:
echo Stopping ClipSVC service...
call :_stopservice ClipSVC
timeout /t 2 %nul%
echo:
echo Applying the command to Clean ClipSVC Licences...
echo rundll32 clipc.dll,ClipCleanUpState
rundll32 clipc.dll,ClipCleanUpState
if %winbuild% LEQ 10240 (
call :_color %Green% "[Successful]"
) else (
if exist "%ProgramData%\Microsoft\Windows\ClipSVC\tokens.dat" (
call :_color %Red% "[Failed]"
) else (
call :_color %Green% "[Successful]"
)
)
:: Below registry key (Volatile & Protected) gets created after the ClipSVC License cleanup command, and gets automatically deleted after
:: system restart. It needs to be deleted to activate the system without restart.
set "RegKey=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"
set "_ident=HKU\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL"
reg query "%RegKey%" %nul% && %nul% call :regownstart
reg delete "%RegKey%" /f %nul%
echo:
echo Deleting a Volatile ^& Protected Registry Key...
echo [%RegKey%]
reg query "%RegKey%" %nul% && (
call :_color %Red% "[Failed]"
echo Restart the system, that will delete this registry key automatically.
) || (
call :_color %Green% "[Successful]"
)
:: Clear HWID token related registry to fix activation incase if there is any corruption
echo:
echo Deleting a IdentityCRL Registry Key...
echo [%_ident%]
reg delete "%_ident%" /f %nul%
reg query "%_ident%" %nul% && (
call :_color %Red% "[Failed]"
) || (
call :_color %Green% "[Successful]"
)
echo:
echo Restarting [ClipSVC wlidsvc LicenseManager sppsvc] services...
for %%# in (ClipSVC wlidsvc LicenseManager sppsvc) do (net stop %%# /y %nul% & net start %%# /y %nul%)
goto :at_back
::========================================================================================================================================
:fixspoofer
cls
mode con cols=115 lines=32
%nul% %psc% "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=200;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
title Fix: Issues Caused By Gaming Spoofers
%psc% $ExecutionContext.SessionState.LanguageMode 2>nul | find /i "Full" 1>nul || (
%eline%
echo Powershell is not responding properly. Aborting."
goto :at_back
)
echo:
echo %line%
echo:
echo Notes:
echo:
echo - Gaming unban/spoofers/cleaners often cause Windows activation issues.
echo:
call :_color2 %_White% " - " %Red% "Apply this fix ONLY if you have used these things."
echo:
echo - This option will fix files and registry permissions and rebuild licensing tokens.
echo:
echo - System restart is recommended after applying it.
echo:
echo %line%
echo:
choice /C:09 /N /M "> [9] Continue [0] Go back : "
if %errorlevel%==1 goto at_menu
cls
echo:
echo Fixing registry and files permissions...
call :fixpermissions %nul%
goto :cleanspptoken
:fixpermissions
:: Thanks to skidaim for the fix
takeown /F %windir%\System32\sppsvc.exe
icacls %windir%\System32 /grant administrators:F /T
icacls %windir%\System32\spp /grant administrators:F /T
:: I know it's bad but people have messed up system32 permissions, that's why I don't recommend to run this unless users have messed up systems
%psc% $acl = Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -AclObject $acl
%psc% $acl = Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP' -AclObject $acl
%psc% $acl = Get-Acl 'HKLM:\SYSTEM\CurrentControlSet\Services\SPPSVC'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\SPPSVC' -AclObject $acl
%psc% $acl = Get-Acl 'HKLM:\SYSTEM\WPA'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SYSTEM\WPA' -AclObject $acl
%psc% $acl = Get-Acl '%windir%\System32'; $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path '%windir%\System32' -AclObject $acl
%psc% $acl = Get-Acl '%windir%\System32\spp'; $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path '%windir%\System32\spp' -AclObject $acl
exit /b
::========================================================================================================================================
:fixwindows7
cls
mode 98, 30
title Fix: Issues Caused By KB971033 In Windows 7
if %winbuild% GEQ 9200 (
%eline%
echo Unsupported OS version Detected.
echo This option is supported only for Windows 7 and it's Server equivalent.
goto :at_back
)
echo:
echo %line%
echo:
echo Notes:
echo:
echo - This option fixes issues caused by Update KB971033 in Windows 7.
echo https://support.microsoft.com/en-us/help/4487266
echo:
echo %line%
echo:
choice /C:01 /N /M "> [1] Continue [0] Go back : "
if %errorlevel%==1 goto at_menu
cls
echo:
echo Checking Update KB971033...
dism /online /get-packages | find /i "Microsoft-Windows-Security-WindowsActivationTechnologies-package~31bf3856ad364e35~amd64~~7.1.7600.16395" 1>nul && (
echo [Found]
echo Uninstalling it...
) || (
echo [Not Found]
)
wusa /uninstall /quiet /norestart /kb:971033
echo:
echo Applying Fixes...
echo:
net stop sppuinotify /y
sc config sppuinotify start= disabled
net stop sppsvc /y
del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah
del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah
del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\cache\cache.dat
cscript //nologo %windir%\system32\slmgr.vbs /rilc %nul%
sc config sppuinotify start= demand
goto :at_back
::========================================================================================================================================
:rewmi
cls
mode 98, 30
title Rebuild WMI Repository
:: https://techcommunity.microsoft.com/t5/ask-the-performance-team/wmi-repository-corruption-or-not/ba-p/375484
if exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-Server*Edition~*.mum" (
%eline%
echo WMI rebuild is not recommended on Windows Server. Aborting...
goto :at_back
)
echo:
echo Initializing...
set _wmic=0
for %%# in (wmic.exe) do @if not "%%~$PATH:#"=="" set _wmic=1
set error=
if %_wmic% EQU 1 wmic path Win32_ComputerSystem get CreationClassName /value 2>nul | find /i "computersystem" 1>nul
if %_wmic% EQU 0 %psc% "Get-CIMInstance -Class Win32_ComputerSystem | Select-Object -Property CreationClassName" 2>nul | find /i "computersystem" 1>nul
if %errorlevel% NEQ 0 set error=1
winmgmt /verifyrepository %nul%
if %errorlevel% NEQ 0 set error=1
cls
echo:
echo %line%
echo:
if defined error (
echo WMI Status - [Not Responding] %_wmic%
) else (
call :_color %_Green% " WMI Status - [Working]"
)
echo:
echo Notes:
echo:
call :_color2 %_White% " - " %Magenta% "WMI rebuild can cause some 3rd party apps to not work until reinstall."
echo:
call :_color2 %_White% " - " %Red% "Apply this fix ONLY if WMI is not working."
echo:
echo %line%
echo:
choice /C:09 /N /M "> [9] Continue [0] Go back : "
if %errorlevel%==1 goto at_menu
:: Below fixes are taken from https://kb.acronis.com/content/62731
cls
echo:
sc query Winmgmt %nul% || (
%eline%
echo Winmgmt service is not installed. Aborting...
goto :at_back
)
echo Disabling Winmgmt service...
sc config Winmgmt start= disabled %nul%
if %errorlevel% EQU 0 (
call :_color %Green% "[Successful]"
) else (
call :_color %Red% "[Failed] Aborting..."
goto :wmifixend
)
echo:
echo Stopping Winmgmt service...
call :_stopservice Winmgmt
call :_stopservice Winmgmt
sc query Winmgmt | find /i "1 STOPPED" %nul% && (
call :_color %Green% "[Successful]"
) || (
call :_color %Red% "[Failed] Aborting..."
goto :wmifixend
)
echo:
echo Deleting WMI repository...
if exist "%windir%\System32\wbem\repository\" rmdir /s /q "%windir%\System32\wbem\repository\" %nul%
if exist "%windir%\System32\wbem\repository\" (
call :_color %Red% "[Failed]"
) else (
call :_color %Green% "[Successful]"
)
echo:
echo Enabling Winmgmt service...
sc config Winmgmt start= auto %nul%
if %errorlevel% EQU 0 (
call :_color %Green% "[Successful]"
) else (
call :_color %Red% "[Failed]"
)
echo:
echo Checking WMI...
if %_wmic% EQU 1 wmic path Win32_ComputerSystem get CreationClassName /value 2>nul | find /i "computersystem" 1>nul
if %_wmic% EQU 0 %psc% "Get-CIMInstance -Class Win32_ComputerSystem | Select-Object -Property CreationClassName" 2>nul | find /i "computersystem" 1>nul
if %errorlevel% NEQ 0 (
call :_color %Red% "[Not Responding]"
) else (
call :_color %Green% "[Working]"
)
goto :at_back
:wmifixend
echo:
echo Enabling Winmgmt service...
sc config Winmgmt start= auto %nul%
if %errorlevel% EQU 0 (
call :_color %Green% "[Successful]"
) else (
call :_color %Red% "[Failed]"
)
goto :at_back
::========================================================================================================================================
:exportevtlogs
cls
mode con cols=125 lines=32
%nul% %psc% "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=500;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
title Export Event Viewer Logs
set tdir=%SystemRoot%\Temp\_EventLogs
if exist %tdir%\. rd /s /q %tdir%\ %nul%
if exist %tdir%\ (
%eline%
echo Failed to delete below folder. Aborting...
echo %tdir%\
goto :at_back
)
md %tdir%\
echo:
echo Creating archive file of Event logs...
set _time=
for /f %%a in ('%psc% "Get-Date -format HH_mm_ss"') do set _time=%%a
%nul% robocopy %SystemRoot%\System32\winevt\Logs\ %tdir%\
:: https://stackoverflow.com/a/46268232
set "ddf="%SystemRoot%\Temp\ddf""
%nul% del /q /f %ddf%
echo/.New Cabinet>%ddf%
echo/.set Cabinet=ON>>%ddf%
echo/.set CabinetFileCountThreshold=0;>>%ddf%
echo/.set Compress=ON>>%ddf%
echo/.set CompressionType=LZX>>%ddf%
echo/.set CompressionLevel=7;>>%ddf%
echo/.set CompressionMemory=21;>>%ddf%
echo/.set FolderFileCountThreshold=0;>>%ddf%
echo/.set FolderSizeThreshold=0;>>%ddf%
echo/.set GenerateInf=OFF>>%ddf%
echo/.set InfFileName=nul>>%ddf%
echo/.set MaxCabinetSize=0;>>%ddf%
echo/.set MaxDiskFileCount=0;>>%ddf%
echo/.set MaxDiskSize=0;>>%ddf%
echo/.set MaxErrors=1;>>%ddf%
echo/.set RptFileName=nul>>%ddf%
echo/.set UniqueFiles=ON>>%ddf%
pushd "%tdir%\"
for /f "tokens=* delims=" %%D in ('dir /a:-D/b/s "%tdir%\"') do (
echo/"%%~fD" /inf=no;>>%ddf%
)
makecab /F %ddf% /D DiskDirectory1="" /D CabinetNameTemplate=%tdir%\Logs.cab
del /q /f %ddf%
popd
if not exist "!desktop!\AT_Logs\" md "!desktop!\AT_Logs\" %nul%
copy /y /b "%tdir%\Logs.cab" "!desktop!\AT_Logs\EventLogs_%_time%.cab" %nul%
if exist %tdir%\. rd /s /q %tdir%\ %nul%
echo:
if exist "!desktop!\AT_Logs\EventLogs_%_time%.cab" (
call :_color %Green% "[Successful]"
echo EventLogs_%_time%.cab created inside AT_Logs folder on the dekstop.
) else (
call :_color %Red% "[Failed]"
)
goto :at_back
::========================================================================================================================================
@ -708,7 +1090,7 @@ goto :at_menu
:at_done
echo:
echo Press any key to exit...
echo Press any key to %_exitmsg%...
pause >nul
exit /b
@ -779,7 +1161,57 @@ del /S /F /Q "%%#*.dat"
)
exit /b
::========================================================================================================================================\
::========================================================================================================================================
:regownstart
setlocal
set "TMP=%SystemRoot%\Temp"
set "TEMP=%SystemRoot%\Temp"
%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':regown\:.*';iex ($f[1]);"
endlocal
exit /b
:: Below code takes ownership of a volatile registry key and deletes it
:: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState
:: Thanks to Remko Weijnen for the code and thanks to abbodi1406 for the help
:: remkoweijnen.nl/blog/2012/01/16/take-ownership-of-a-registry-key-in-powershell/
:regown:
$definition = @"
using System;
using System.Runtime.InteropServices;
namespace Win32Api
{
public class NtDll
{
[DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")]
public static extern int RtlAdjustPrivilege(int Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
}
}
"@
Add-Type -TypeDefinition $definition -PassThru | Out-Null
[Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$false) | Out-Null
$SID = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
$IDN = ($SID.Translate([System.Security.Principal.NTAccount])).Value
$Admin = New-Object System.Security.Principal.NTAccount($IDN)
$path = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState'
$key = [Microsoft.Win32.RegistryKey]::OpenBaseKey('LocalMachine', 'Registry64').OpenSubKey($path, 'ReadWriteSubTree', 'takeownership')
$acl = $key.GetAccessControl()
$acl.SetOwner($Admin)
$key.SetAccessControl($acl)
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($Admin,"FullControl","Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
:regown:
::========================================================================================================================================
:_color