I have an issue regarding the same script above given by Razor2.3. I use SCCM to push this script to all 1000 machines. It is able to delete everything except the desktop icon. As per the person using SCCM to push this script, it is not deleting the desktop icon because it is looking for the SCCM profile desktop and not the user profile.
Cubase 5 torrent. So the subfolders and files will not have the same exact permission settings as their parent folders. Due to a requirement by management we must set this existing NTFS permissions on this folder, subfolders and files all to 'read-only'.
Is there a way i can enumerate folders in the documents and settings? Its surprising that the start menu folder is deleted in the user profile and not the SCCM profile.I don't get this. Any kind of advise is appreciated. It works fine when i run it manually, but when SCCM runs it all test machines, it doesn't delete the icons. I figured, it is unable to find the user profile. So, from this link i could get the correct user profile. I used the subkey and enumerated through Profile Image Path for the system as follows: oReg.EnumKey HKEY_LOCAL_MACHINE, 'SOFTWARE Microsoft Windows NT CurrentVersion ProfileList', arrSubKeys For Each SubKey In arrSubKeys oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE, 'SOFTWARE Microsoft Windows NT CurrentVersion ProfileList ' & SubKey, 'ProfileImagePath', ValueData If InStr(ValueData, 'Documents and Settings') Then 'Clean up.
Remove possible spaces at the beginning and end of string ValueData = Trim(ValueData) and deleted the files as follows: fso.DeleteFile ValueData & ' Desktop shortcut.lnk' It worked.
Something along the lines of: FILE_DISPOSITION_INFORMATION disp; IO_STATUS_BLOCK IoStat; disp.DeleteFile = TRUE; // h is a handle to file with the DELETE access status = ZwSetInformationFile( h, &IoStat, &disp, sizeof(FILE_DISPOSITION_INFORMATION), FileDispositionInformation); ZwClose( h ); The file will be deleted on the close of the last handle. The handle h should be opened with a technique of your choice, to ensure you can access the file, IoCreateFileEx is your friend. Don Burn Windows Driver Consulting Website: http://www.windrvr.com. Look up any classic tree walk, and apply it. You use ZwQueryDirectoryFile to enumerate the files in the directory, if it is a regular file delete it, if it is a directory save the current directory handle, then open the directory you just found and enumerate those files. At some point you need to learn to code things like this yourself, especially since you have stated you are working on anti-malware. If you can't figure out something simple like this, how are you going to figure out what a malware writer is trying to do?
Don Burn Windows Driver Consulting Website: http://www.windrvr.com. Something along the lines of: FILE_DISPOSITION_INFORMATION disp; IO_STATUS_BLOCK IoStat; disp.DeleteFile = TRUE; // h is a handle to file with the DELETE access status = ZwSetInformationFile( h, &IoStat, &disp, sizeof(FILE_DISPOSITION_INFORMATION), FileDispositionInformation); ZwClose( h ); The file will be deleted on the close of the last handle. The handle h should be opened with a technique of your choice, to ensure you can access the file, IoCreateFileEx is your friend. Don Burn Windows Driver Consulting Website: http://www.windrvr.com. Look up any classic tree walk, and apply it. You use ZwQueryDirectoryFile to enumerate the files in the directory, if it is a regular file delete it, if it is a directory save the current directory handle, then open the directory you just found and enumerate those files.