我正在使用可选的 Windows 10 功能“统一写入过滤器”(uwfmgr.exe) 来保护自助服务终端机器免受不必要的更改。现在,为了部署自定义更新,它包含一个服务用户,可以在该用户下对受保护的卷进行更改。
C:\Windows\system32\UwfServicingMasterScript.cmd为了执行这些自定义更新,应该编辑脚本。(官方文档)
现在我无法编辑此文件,因为它归“TrustedInstaller”用户所有,而该用户的管理员也没有权限。
我这里遗漏了什么?我应该更改此文件的所有者吗?
答案1
我自己对这个问题的理解并不完整,但我相信在进行这类更新时你应该使用一定的程序,特别是你不应该拥有 Windows 文件的所有权。
文章中更好地描述了这个过程 Microsoft UWF(统一写入过滤器)概述,其中有一个简短的摘要:
启用 UWF 后,创建一个新的文本文件,例如
C:\TestPersist使用以下命令将其添加到 UWF:
uwfmgr file add-exclusion c:\testpersist使用以下命令启用 UWF:
uwfmgr filter enable要检查 UWF 设置,请使用:
uwfmgr.exe get-config
参考:
注意:您可能会发现 Windows 10 的新功能 Windows 沙盒。
答案2
我可能有点迟到了,但我刚刚发现了这篇文章,因为我遇到了同样的问题。
通过使用 @vomit-it-chunky-mess-style 的评论,我得到了以下 C# 代码,该代码可用于将 cmd 文件替换为我自己的。希望这可以帮助下一个到达这里的人。
using System.Diagnostics;
var masterScriptLocation = @"C:\Windows\System32\UwfServicingMasterScript.cmd";
var newMasterScript =
"""
REM servicing of the device with UWF installed. The script will
REM call UWF manager application to update the system with the
REM latest available updates.
REM The script will detect whether the update operation
REM ended successfully or requires a reboot.
REM
REM The script will change the "SERVICING" state of the device
REM only when the update operation results in a "SUCCESS".
REM A state change of the device requires a reboot.
REM
REM If the update operation requires a "REBOOT" the script will
REM reboot device without changing the "SERVICING" state. The
REM Will then run again on the following reboot until
REM the update operation either return a "SUCCESS" or a "ERROR"
REM
REM Any third-party script that needs to run before the state
REM change should run in the UPDATE_SUCCESS block
REM
REM Environment :
REM It is expected that UWF is turned "OFF", "SERVICING" mode
REM enabled and all other preconditions
REM for servicing are in place.
REM
REM
REM
echo UpdateAgent starting.
uwfmgr servicing update-windows
if ERRORLEVEL 3010 goto UPDATE_REBOOT
if ERRORLEVEL 0 goto UPDATE_SUCCESS
echo UpdateAgent returned error =%ERRORLEVEL%
:UPDATE_ERROR
uwfmgr servicing disable
echo Restarting system
goto UPDATE_EXIT
:UPDATE_REBOOT
echo UpdateAgent requires a reboot.
echo UpdateAgent restarting system
goto UPDATE_EXIT
:UPDATE_SUCCESS
echo UpdateAgent returned success.
REM
REM echo UpdateAgent executing OEM script
REM OEM can call their custom scripts
REM at this point through a "call".
REM
REM The OEM script should hand control
REM back to this script once it is done.
REM
REM Any error recovery for OEM script
REM should be handled outside of this script
REM post a reboot.
REM
uwfmgr servicing disable
echo Restarting system
goto UPDATE_EXIT
:UPDATE_EXIT
echo UpdateAgent exiting.
shutdown -r -t 5
EXIT /B
""";
using (Process myProcess = new())
{
myProcess.StartInfo.UseShellExecute = false;
myProcess.StartInfo.FileName = "takeown.exe";
myProcess.StartInfo.Arguments = $"""/a /f "{masterScriptLocation}" """;
myProcess.StartInfo.CreateNoWindow = true;
myProcess.StartInfo.RedirectStandardOutput = true;
myProcess.Start();
myProcess.WaitForExit();
string output = myProcess.StandardOutput.ReadToEnd();
Console.WriteLine(output);
}
using (Process myProcess = new())
{
myProcess.StartInfo.UseShellExecute = false;
myProcess.StartInfo.FileName = "icacls";
myProcess.StartInfo.Arguments = $""" "{masterScriptLocation}" /grant everyone:F /t""";
myProcess.StartInfo.CreateNoWindow = true;
myProcess.StartInfo.RedirectStandardOutput = true;
myProcess.Start();
myProcess.WaitForExit();
string output = myProcess.StandardOutput.ReadToEnd();
Console.WriteLine(output);
}
File.Delete(masterScriptLocation);
File.WriteAllText(masterScriptLocation,newMasterScript);