Jump to content

Recommended Posts

Posted

This script changes the state of Hidden files, if hidden files are set to show this turns them off, if hidden files are set to hide this shows them.

Comments?





 
# This key contains all of the profiles on the machine (including non-user profiles)
$profileList = Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
 
# This key contains the path to the folder that contains all the profiles (typically c:\users)
$profileFolder = (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList').ProfilesDirectory
 
# This key contains the path to the default user profile (e.g. C:\Users\Default).  This is **NOT** HKEY_USERS\.DEFAULT!
# We don't do anything with it in this sample script, but it can be loaded and modified just like any other profile.
$defaultFolder = (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList').Default
 
# HKEY_USER key is not loaded into PowerShell by default and we'll need it, so we'll create new PSDrive to reference it.
New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null
 
$profileList | % {
    
    $profileKeys = Get-ItemProperty $_.PSPath
    
    $sid = $profileKeys.PSChildName
    $profilePath = $profileKeys.ProfileImagePath
    
    # This is an easy way to exclude profiles outside of the default USERS profile folder, e.g. LocalSystem.
    # You may or may not want to do this depending on your requirements.
    if ($profilePath -like "$($profileFolder)*") {
        
        # Check if the profile is already loaded.        
        if (Get-ChildItem "HKU:\$sid" -ErrorAction SilentlyContinue) {
            $profileLoaded = $true
        } else {
            $profileLoaded = $false
        }
        
        Write-Output "$sid `t $profilePath `t $profileLoaded"
        
        # Load the key if necessary
        if ($profileLoaded) {
            $userKeyPath = "HKU:\$sid"
        } else {
            $userKeyPath = "HKLM:\TempHive_$sid"
            & reg.exe load "HKLM\TempHive_$sid" "$profilePath\ntuser.dat"
        }
        
        # DO SOMETHING WITH $USERKEYPATH HERE.
#############################################################################################


$hide = (Get-ItemProperty -path $USERKEYPATH\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced).Hidden

If ($hide -eq 0) { 

Set-ItemProperty -Path $USERKEYPATH\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Hidden -Value "1"

}
 
IF ($hide -eq 1) { 

Set-ItemProperty -Path $USERKEYPATH\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name Hidden -Value "0"

}


##############################################################################################        
        if (!$profileLoaded) {
            & reg.exe unload "HKLM\TempHive_$sid"
        }
        
    }
}
 
Remove-PSDrive -Name HKU

################################################################

$TasknameStop = "ExplorerStop"
$TasknameStart = "ExplorerStart"
$lastlogon = (New-Object -ComObject WScript.Shell).RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser")

SCHTASKS /CREATE /sc ONCE /st 00:00 /TN $TasknameStop /RU $lastlogon /TR "taskkill /f /im explorer.exe"
SCHTASKS /CREATE /sc ONCE /st 00:00 /TN $TasknameStart /RU $lastlogon /TR "explorer.exe" 
start-sleep -s 1
schtasks /Run /TN $TasknameStop
start-sleep -s 1
schtasks /Run /TN $TasknameStart
start-sleep -s 1
schtasks /delete /tn $TasknameStop /f
schtasks /delete /tn $TasknameStart /f

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...