禁用Windows Help

# 以管理员身份运行此脚本

# ==================== 配置区 ====================
$searchTargets = @(
    @{
        Path = "D:\Program Files\Common Software\Adobe Acrobat DC\Acrobat"
        FileName = "AcroCEF.exe"
    },
    @{
        Path = "D:\Program Files\Common Software\Adobe Acrobat DC\PDFMaker\Office"
        FileName = "*.dll"
    },
    @{
        Path = "C:\Windows"
        FileName = "HelpPane.exe"
    }
)
# ================================================

Write-Host "========================================" -ForegroundColor Cyan
Write-Host "开始搜索所有目标文件" -ForegroundColor Cyan
Write-Host "========================================`n" -ForegroundColor Cyan

$allFoundFiles = @()

foreach ($target in $searchTargets) {
    $searchPath = $target.Path
    $targetFileName = $target.FileName
    
    Write-Host "正在搜索: $targetFileName" -ForegroundColor Yellow
    Write-Host "路径: $searchPath" -ForegroundColor Gray
    
    if (-not (Test-Path $searchPath)) {
        Write-Host "  ⚠ 路径不存在,跳过" -ForegroundColor Red
        continue
    }
    
    $foundFiles = Get-ChildItem -Path $searchPath -Filter $targetFileName -Recurse -ErrorAction SilentlyContinue
    
    if ($foundFiles.Count -eq 0) {
        Write-Host "  ✗ 未找到任何文件`n" -ForegroundColor Red
    } else {
        Write-Host "  ✓ 找到 $($foundFiles.Count) 个文件`n" -ForegroundColor Green
        $allFoundFiles += $foundFiles
    }
}

Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "搜索完成! 共找到 $($allFoundFiles.Count) 个文件" -ForegroundColor Green
Write-Host "========================================`n" -ForegroundColor Cyan

if ($allFoundFiles.Count -eq 0) { exit }

Write-Host "文件列表:" -ForegroundColor Cyan
for ($i = 0; $i -lt $allFoundFiles.Count; $i++) {
    Write-Host "  [$($i+1)] $($allFoundFiles[$i].FullName)" -ForegroundColor Gray
}

Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "开始处理文件..." -ForegroundColor Cyan
Write-Host "========================================`n" -ForegroundColor Cyan

$successCount = 0
$failCount = 0

foreach ($file in $allFoundFiles) {
    $filePath = $file.FullName
    
    Write-Host "`n========================================" -ForegroundColor Cyan
    Write-Host "处理文件 [$($successCount + $failCount + 1)/$($allFoundFiles.Count)]: $filePath" -ForegroundColor Cyan
    Write-Host "========================================`n" -ForegroundColor Cyan
    
    $fileSuccess = $true

    # -------------------- 步骤 1 --------------------
    try {
        Write-Host "[1/5] 获取文件所有权..." -ForegroundColor Yellow
        takeown /f "$filePath" 2>$null
        Write-Host "    ✅ 已获取文件所有权" -ForegroundColor Green
    } catch {
        Write-Host "    ✗ 获取所有权失败: $_" -ForegroundColor Red
        $fileSuccess = $false
    }

    # -------------------- 步骤 2 --------------------
    try {
        Write-Host "[2/5] 授予 Administrators 完全控制权限..." -ForegroundColor Yellow
        icacls "$filePath" /grant "Administrators:F" 2>$null
        Write-Host "    ✅ 权限授予完成" -ForegroundColor Green
    } catch {
        Write-Host "    ✗ 权限授予失败: $_" -ForegroundColor Red
        $fileSuccess = $false
    }

    # -------------------- 步骤 3 --------------------
    try {
        Write-Host "[3/5] 禁用继承并删除显式权限..." -ForegroundColor Yellow
        icacls "$filePath" /inheritance:r 2>$null
        icacls "$filePath" /remove "Administrators" /remove "SYSTEM" /remove "Users" /remove "Everyone" /remove "Authenticated Users" /remove "$env:USERNAME" 2>$null
        Write-Host "    ✅ 已删除显式权限并禁用继承" -ForegroundColor Green
    } catch {
        Write-Host "    ✗ 删除权限失败: $_" -ForegroundColor Red
        $fileSuccess = $false
    }

    # -------------------- 步骤 4 --------------------
    try {
        Write-Host "[4/5] 设置 TrustedInstaller 为文件所有者..." -ForegroundColor Yellow
        $acl = Get-Acl $filePath
        $owner = New-Object System.Security.Principal.NTAccount("NT SERVICE\TrustedInstaller")
        $acl.SetOwner($owner)
        Set-Acl $filePath $acl
        Write-Host "    ✅ 所有者已修改为 TrustedInstaller" -ForegroundColor Green
    } catch {
        Write-Host "    ✗ 修改所有者失败: $_" -ForegroundColor Red
        $fileSuccess = $false
    }

    # -------------------- 步骤 5 --------------------
    Write-Host "[5/5] 验证结果..." -ForegroundColor Yellow
    $verifyOK = $true

    try {
        $verifyAcl = Get-Acl $filePath
        $currentOwner = $verifyAcl.Owner

        # 所有者验证
        if ($currentOwner -like "*TrustedInstaller") {
            Write-Host "    ✔ 所有者验证通过 (TrustedInstaller)" -ForegroundColor Green
        } else {
            Write-Host "    ✗ 所有者错误: $currentOwner" -ForegroundColor Red
            $verifyOK = $false
        }

        # 继承验证
        if ($verifyAcl.AreAccessRulesProtected) {
            Write-Host "    ✔ 继承已关闭" -ForegroundColor Green
        } else {
            Write-Host "    ✗ 继承未关闭" -ForegroundColor Red
            $verifyOK = $false
        }

        # 忽略系统保留 ACL
        Write-Host "    ⚠ 忽略系统默认显式权限(如 TrustedInstaller 和系统应用包)" -ForegroundColor Magenta

    } catch {
        Write-Host "    ✔ 无法读取 ACL (预期行为: TrustedInstaller 拥有文件)" -ForegroundColor Green
    }

    # -------------------- 总结 --------------------
    if ($fileSuccess -and $verifyOK) {
        Write-Host "`n✅ 文件处理成功: $filePath" -ForegroundColor Green
        $successCount++
    } else {
        Write-Host "`n❌ 文件处理失败: $filePath" -ForegroundColor Red
        $failCount++
    }
}

# -------------------- 最终统计 --------------------
Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "所有文件处理完成!" -ForegroundColor Cyan
Write-Host "成功: $successCount 个 | 失败: $failCount 个 | 总共: $($allFoundFiles.Count) 个" -ForegroundColor Green
Write-Host "========================================`n" -ForegroundColor Cyan

Leave a Reply

Your email address will not be published. Required fields are marked *