Mirrors/Win11Debloat
1
0
Fork 0
mirror of https://github.com/Raphire/Win11Debloat.git synced 2026-06-11 02:56:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clean up access control checks for re-enabling Store search suggestions

Browse Source
This commit is contained in:
Jeffrey
2026-05-28 22:30:18 +02:00
parent 3bed9cafbc
commit 7381c29da2
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Scripts/Features/DisableStoreSearchSuggestions.ps1
View File

@@ -89,13 +89,15 @@ function EnableStoreSearchSuggestions {
takeown /F "$StoreAppsDatabase" /A | Out-Null takeown /F "$StoreAppsDatabase" /A | Out-Null
icacls "$StoreAppsDatabase" /grant *S-1-5-32-544:F /C | Out-Null icacls "$StoreAppsDatabase" /grant *S-1-5-32-544:F /C | Out-Null
$everyoneSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-1-0') # 'EVERYONE' group
try { try {
$acl = Get-Acl -Path $StoreAppsDatabase $acl = Get-Acl -Path $StoreAppsDatabase
$denyRules = @( $denyRules = @(
$acl.Access | Where-Object { $acl.Access | Where-Object {
$_.IdentityReference -eq 'Everyone' -and
$_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Deny -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Deny -and
(($_.FileSystemRights -band [System.Security.AccessControl.FileSystemRights]::FullControl) -ne 0) (($_.FileSystemRights -band [System.Security.AccessControl.FileSystemRights]::FullControl) -ne 0) -and
(try { $_.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier]) -eq $everyoneSid } catch { $false })
} }
) )
@@ -135,10 +137,12 @@ function Test-StoreSearchSuggestionsDisabled {
return $false return $false
} }
$everyoneSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-1-0')
foreach ($accessRule in @($acl.Access)) { foreach ($accessRule in @($acl.Access)) {
if ($accessRule.IdentityReference -eq 'Everyone' -and if ($accessRule.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Deny -and
$accessRule.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Deny -and (($accessRule.FileSystemRights -band [System.Security.AccessControl.FileSystemRights]::FullControl) -ne 0) -and
(($accessRule.FileSystemRights -band [System.Security.AccessControl.FileSystemRights]::FullControl) -ne 0)) { (try { $accessRule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier]) -eq $everyoneSid } catch { $false })) {
return $true return $true
} }
} }