How to undo this powershell script?

[imported_smile]

I ran this script but it seems that now even desktop icon sizes are not saved!

I ran CMD prompt:
PowerShell -ExecutionPolicy Bypass -Command "& 'PATH_TO_SCRIPT'"

$ErrorActionPreference="silentlycontinue"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule (([System.Security.Principal.SecurityIdentifier]("S-1-1-0")).Translate([System.Security.Principal.NTAccount]).Value,"SetValue, CreateSubKey","deny")
$keys = @(
"HKCU:\Software\Microsoft\Windows\Shell\Bags",
"HKCU:\Software\Microsoft\Windows\Shell\BagMRU",
"HKCU:\Software\Microsoft\Windows\ShellNoRoam\Bags",
"HKCU:\Software\Microsoft\Windows\ShellNoRoam\BagMRU",
"HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags",
"HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU",
"HKCU:\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags",
"HKCU:\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\BagMRU",
"HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU")
foreach ($i in $keys)
{
Remove-Item -Path $i -Recurse -Force
New-Item -Path $i -Force
$acl = Get-Acl $i
$acl.SetAccessRule($rule)
$acl | Set-Acl -Path $i
}

 

[Elixer]

Undo registry edits?
Roll back is one way, unless you know exactly what the values were before...

 

[imported_smile]

Undo registry edits?
Roll back is one way, unless you know exactly what the values were before...

Isn't the script changing writing from allowed to denied? I don't think it deletes the keys?
Isn't it changing access rules, like you can remove permissions from files does not mean they are deleted?

No?

 

[quikah]

Isn't the script changing writing from allowed to denied? I don't think it deletes the keys?
Isn't it changing access rules, like you can remove permissions from files does not mean they are deleted?

No?

It deletes the keys AND all subkeys (the -recurse), then it recreates it with the new access rules. Unless you know all the subkeys, there is no way to undo this.

What were you trying to do anyway?

 

[imported_smile]

I read this article
http://www.ghacks.net/2014/06/09/remove-old-shellbag-entries-windows-privacy/

Then used the comment that suggested this same script

 Dexter June 9, 2014 at 8:24 pm #

Here's my PowerShell script that I use after installing Windows, it disables saving ShellBag and few other things by setting ACL to deny write for Everyone http://pastebin.com/Suq9iPYX
Save it with ps1 extension and run with admin privilages
PowerShell -ExecutionPolicy Bypass -Command "& 'PATH_TO_SCRIPT'"
If you have any other keys that can be disabled this way please post it here

I wanted to remove what was mentioned in article and prevent it.

 

[imported_smile]

My main problem is that icons on desktop do not remember their size !
How can I fix this? Obviously some key needs permission change.

 

[imported_smile]

As my system is win32 I created new user account exported these keys, then imported by double clicking them into the problem account.

"HKCU:\Software\Microsoft\Windows\Shell\Bags",
"HKCU:\Software\Microsoft\Windows\Shell\BagMRU",
"HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags",
"HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU",
"HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache",

Now icon size is remembered. But windows still stores all the crap on opened folders and everything !
shellbag_analyzer_cleaner shows this clearly !

 

[quikah]

This is a good lesson for you, don't run powershell scripts you find on the internet unless you know what they will do and how to revert them. You can brick your system with powershell pretty easily.

In the $rule line, S-1-1-0 is the SID of Everyone. It is setting deny to Everyone. I fiddled with powershell to try to remove the ACL, but it seems like it is being blocked, I am not going to spend time trying to figure it out.

Easiest method would be to open regedit window, go to each key in that script and remove the Everyone permission Deny. (Just right click the key, select Permission, there should be an Everyone listed, just remove it)

 

[imported_smile]

Easiest method would be to open regedit window, go to each key in that script and remove the Everyone permission Deny. (Just right click the key, select Permission, there should be an Everyone listed, just remove it)

Like I said I exported the keys above and imported them to the problem account. To be able to import I had to manually remove the deny everyone with regedit.

I did not modify the keys

"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU")

As these seems clear example of explorer trying to track user opened folders and files, am I wrong?

 

[imported_smile]

It would be nice if somebody posted a working powershell script that denies spying but does not interfere in normal windows usage, like my problems with icon sizes.

 

[J3S73R]

It would be nice if somebody posted a working powershell script that denies spying but does not interfere in normal windows usage, like my problems with icon sizes.

Do you know what keys you want blocked? The scripting part is easy. I can look into it later but I honestly haven't cared about the spying aspect.

 

[JimmiG]

It would be nice if somebody posted a working powershell script that denies spying but does not interfere in normal windows usage, like my problems with icon sizes.

It's not really "spying", it's just saving folder viewing preferences. If you deny access to those keys, it's obviously not going to save things like icon sizes any more. From the article linked, it looks like it's just a lack of housekeeping by the OS (invalid Shellbags not being removed - the OS wouldn't know which folders aren't going to be accessed again anyway). It's hardly an issue unless you're doing something illegal and the authorities are going to seize the computer. In that case, full drive encryption is probably the way to go because there will be lots of other evidence in addition to those Shellbags.