nano11 builder script refinement

Go back to takeown.exe and icacls.exe, the new approach does not
seem to work, which causes some of the resources (e.g. cursors) to not be deleted.

Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>

bootstrap/nano11builder.ps1

@@ -41,6 +41,7 @@ $adminGroup = $adminGroupSid.Translate([System.Security.Principal.NTAccount])
 
 # --- Function to take ownership (language-independent) ---
 # This function replaces all calls to takeown.exe and icacls.exe
+# STKN: Does not seem to work, going back to takeown and icacls for now
 function Set-ItemOwnershipAndAccess {
     param(
         [string]$Path,
@@ -52,17 +53,21 @@ function Set-ItemOwnershipAndAccess {
     }
     Write-Host "Taking ownership and setting permissions for: $Path"
     try {
-        $acl = Get-Acl $Path
-        $acl.SetOwner($adminGroup)
+        # $acl = Get-Acl $Path
+        # $acl.SetOwner($adminGroup)
         if ($Recurse) {
+            & 'takeown' '/f' "$Path" '/r' | Out-Null
+            & 'icacls' "$Path" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null
             # Rule for folders: Full control, inherited by all subfolders and files.
-            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "ContainerInherit, ObjectInherit", "None", "Allow")
+            # $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "ContainerInherit, ObjectInherit", "None", "Allow")
         } else {
+            & 'takeown' '/f' "$Path" | Out-Null
+            & 'icacls' "$Path" '/grant' "$($adminGroup.Value):(F)" | Out-Null
             # Rule for single files (no inheritance)
-            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "Allow")
+            # $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "Allow")
         }
-        $acl.AddAccessRule($rule)
-        Set-Acl -Path $Path -AclObject $acl
+        # $acl.AddAccessRule($rule)
+        # Set-Acl -Path $Path -AclObject $acl
         Write-Host "  - Success."
     } catch {
         Write-Error "Error processing '$Path': $_"
@@ -240,7 +245,7 @@ foreach ($package in $packagesToRemove) {
 
 Write-Host "Removing of system apps complete! Now proceeding to removal of system packages..."
 Start-Sleep -Seconds 1
-#Clear-Host
+Clear-Host
 
 $packagePatterns = @(
     "Microsoft-Windows-InternetExplorer-Optional-Package~",
@@ -543,7 +548,7 @@ Remove-Item -Path $bootWimPath -Force
 & 'dism' /English /Export-Image "/SourceImageFile:$newBootWimPath" /SourceIndex:1 "/DestinationImageFile:$finalBootWimPath" /compress:max
 Remove-Item -Path $newBootWimPath -Force
 Rename-Item -Path $finalBootWimPath -NewName "boot.wim"
-#Clear-Host
+Clear-Host
 
 Write-Host "Exporting final image to highly compressed ESD format..."
 & dism /English /Export-Image /SourceImageFile:"$scratchDrive\nano11\sources\install.wim" /SourceIndex:1 /DestinationImageFile:"$scratchDrive\nano11\sources\install.esd" /Compress:recovery