From eecf37cc769e42d7f25a3be91c9b2c226c0b206d Mon Sep 17 00:00:00 2001 From: Stefan Knoblich Date: Sun, 24 May 2026 20:59:38 +0200 Subject: [PATCH] nano11 builder script refinement Go back to takeown.exe and icacls.exe, the new approach does not seem to work, which causes some of the resources (e.g. cursors) to not be deleted. Signed-off-by: Stefan Knoblich --- bootstrap/nano11builder.ps1 | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/bootstrap/nano11builder.ps1 b/bootstrap/nano11builder.ps1 index e40bbe8..2be7674 100644 --- a/bootstrap/nano11builder.ps1 +++ b/bootstrap/nano11builder.ps1 @@ -41,6 +41,7 @@ $adminGroup = $adminGroupSid.Translate([System.Security.Principal.NTAccount]) # --- Function to take ownership (language-independent) --- # This function replaces all calls to takeown.exe and icacls.exe +# STKN: Does not seem to work, going back to takeown and icacls for now function Set-ItemOwnershipAndAccess { param( [string]$Path, @@ -52,17 +53,21 @@ function Set-ItemOwnershipAndAccess { } Write-Host "Taking ownership and setting permissions for: $Path" try { - $acl = Get-Acl $Path - $acl.SetOwner($adminGroup) + # $acl = Get-Acl $Path + # $acl.SetOwner($adminGroup) if ($Recurse) { + & 'takeown' '/f' "$Path" '/r' | Out-Null + & 'icacls' "$Path" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null # Rule for folders: Full control, inherited by all subfolders and files. - $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "ContainerInherit, ObjectInherit", "None", "Allow") + # $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "ContainerInherit, ObjectInherit", "None", "Allow") } else { + & 'takeown' '/f' "$Path" | Out-Null + & 'icacls' "$Path" '/grant' "$($adminGroup.Value):(F)" | Out-Null # Rule for single files (no inheritance) - $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "Allow") + # $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($adminGroup, [System.Security.AccessControl.FileSystemRights]::FullControl, "Allow") } - $acl.AddAccessRule($rule) - Set-Acl -Path $Path -AclObject $acl + # $acl.AddAccessRule($rule) + # Set-Acl -Path $Path -AclObject $acl Write-Host " - Success." } catch { Write-Error "Error processing '$Path': $_" @@ -240,7 +245,7 @@ foreach ($package in $packagesToRemove) { Write-Host "Removing of system apps complete! Now proceeding to removal of system packages..." Start-Sleep -Seconds 1 -#Clear-Host +Clear-Host $packagePatterns = @( "Microsoft-Windows-InternetExplorer-Optional-Package~", @@ -543,7 +548,7 @@ Remove-Item -Path $bootWimPath -Force & 'dism' /English /Export-Image "/SourceImageFile:$newBootWimPath" /SourceIndex:1 "/DestinationImageFile:$finalBootWimPath" /compress:max Remove-Item -Path $newBootWimPath -Force Rename-Item -Path $finalBootWimPath -NewName "boot.wim" -#Clear-Host +Clear-Host Write-Host "Exporting final image to highly compressed ESD format..." & dism /English /Export-Image /SourceImageFile:"$scratchDrive\nano11\sources\install.wim" /SourceIndex:1 /DestinationImageFile:"$scratchDrive\nano11\sources\install.esd" /Compress:recovery