diff --git a/bootstrap/nano11builder.ps1 b/bootstrap/nano11builder.ps1 index e40bbe8..2be7674 100644 --- a/bootstrap/nano11builder.ps1 +++ b/bootstrap/nano11builder.ps1 @@ -41,6 +41,7 @@ $adminGroup = $adminGroupSid.Translate([System.Security.Principal.NTAccount]) # --- Function to take ownership (language-independent) --- # This function replaces all calls to takeown.exe and icacls.exe +# STKN: Does not seem to work, going back to takeown and icacls for now function Set-ItemOwnershipAndAccess { param( [string]$Path, @@ -52,17 +53,21 @@ function Set-ItemOwnershipAndAccess { } Write-Host "Taking ownership and setting permissions for: $Path" try { - $acl = Get-Acl $Path - $acl.SetOwner($adminGroup) + # $acl = Get-Acl $Path + # $acl.SetOwner($adminGroup) if ($Recurse) { + & 'takeown' '/f' "$Path" '/r' | Out-Null + & 'icacls' "$Path" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null # Rule for folders: Full control, inherited by all subfolders and files. - $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "ContainerInherit, ObjectInherit", "None", "Allow") + # $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "ContainerInherit, ObjectInherit", "None", "Allow") } else { + & 'takeown' '/f' "$Path" | Out-Null + & 'icacls' "$Path" '/grant' "$($adminGroup.Value):(F)" | Out-Null # Rule for single files (no inheritance) - $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "Allow") + # $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "Allow") } - $acl.AddAccessRule($rule) - Set-Acl -Path $Path -AclObject $acl + # $acl.AddAccessRule($rule) + # Set-Acl -Path $Path -AclObject $acl Write-Host " - Success." } catch { Write-Error "Error processing '$Path': $_" @@ -240,7 +245,7 @@ foreach ($package in $packagesToRemove) { Write-Host "Removing of system apps complete! Now proceeding to removal of system packages..." Start-Sleep -Seconds 1 -#Clear-Host +Clear-Host $packagePatterns = @( "Microsoft-Windows-InternetExplorer-Optional-Package~", @@ -543,7 +548,7 @@ Remove-Item -Path $bootWimPath -Force & 'dism' /English /Export-Image "/SourceImageFile:$newBootWimPath" /SourceIndex:1 "/DestinationImageFile:$finalBootWimPath" /compress:max Remove-Item -Path $newBootWimPath -Force Rename-Item -Path $finalBootWimPath -NewName "boot.wim" -#Clear-Host +Clear-Host Write-Host "Exporting final image to highly compressed ESD format..." & dism /English /Export-Image /SourceImageFile:"$scratchDrive\nano11\sources\install.wim" /SourceIndex:1 /DestinationImageFile:"$scratchDrive\nano11\sources\install.esd" /Compress:recovery