@ -53,7 +53,7 @@ pushd "%~dp0"
@@ -53,7 +53,7 @@ pushd "%~dp0"
> nul findstr /rxc:" .* " " %~nx0 "
if not %errorlevel% == 0 (
echo :
echo Error: This is not a correct file. It has LF line ending issue .
echo Error: Script either has LF line ending issue, or it failed to read itself .
echo :
ping 127.0.0.1 -n 6 > nul
popd
@ -65,7 +65,7 @@ popd
@@ -65,7 +65,7 @@ popd
cls
color 07
title Activation Troubleshoot
title Troubleshoot
set _elev =
if /i " %~1 " == " -el " set _elev = 1
@ -167,9 +167,11 @@ setlocal EnableDelayedExpansion
@@ -167,9 +167,11 @@ setlocal EnableDelayedExpansion
cls
color 07
title Activation Troubleshoot
title Troubleshoot
mode con cols=77 lines=30
echo :
echo :
echo :
echo :
echo : _______________________________________________________________
@ -179,35 +181,23 @@ echo: ___________________________________________________
@@ -179,35 +181,23 @@ echo: ___________________________________________________
echo :
echo : [2] Dism RestoreHealth
echo : [3] SFC Scannow
echo :
echo : [4] Rebuild Licensing Tokens
echo : [5] Rebuild ClipSVC Licences
echo : [6] Clear Office vNext Licences
echo : ___________________________________________________
echo :
echo : [7] Rebuild WMI Repository
echo : [8] Fix: Issues Caused By Gaming Spoofers
echo : [9] Fix: Issues Caused By KB971033 In Windows 7
echo : [G] Fix: Office Is Not Genuine Banner
echo : [E] Export Event Viewer Logs
echo : [4] Fix WMI
echo : [5] Fix Licensing
echo : [6] Fix WPA Registry
echo : ___________________________________________________
echo :
echo : [0] %_exitmsg%
echo : _______________________________________________________________
echo :
call : _color2 %_White% " " %_Green% " Enter a menu option in the Keyboard : "
choice /C:123456789GE 0 /N
choice /C:1234560 /N
set _erl = %errorlevel%
if %_erl% == 12 exit /b
if %_erl% == 11 goto : exportevtlogs
if %_erl% == 10 start https://massgrave.dev/office-license-is-not-genuine & goto at_menu
if %_erl% == 9 goto : fixwindows7
if %_erl% == 8 goto : fixspoofer
if %_erl% == 7 goto : rewmi
if %_erl% == 6 goto : clearvnext
if %_erl% == 5 goto : reclipsvc
if %_erl% == 4 goto : retokens
if %_erl% == 7 exit /b
if %_erl% == 6 start https://massgrave.dev/fix-wpa-registry.html & goto at_menu
if %_erl% == 5 goto : retokens
if %_erl% == 4 goto : fixwmi
if %_erl% == 3 goto : sfcscan
if %_erl% == 2 goto : dism_rest
if %_erl% == 1 start https://massgrave.dev/troubleshoot.html & goto at_menu
@ -219,7 +209,7 @@ goto :at_menu
@@ -219,7 +209,7 @@ goto :at_menu
cls
mode 98, 30
title Dism /Online /Cleanup-Image /RestoreHealth
title Dism /English / Online /Cleanup-Image /RestoreHealth
if %winbuild% LSS 9200 (
%eline%
@ -229,8 +219,9 @@ goto :at_back
@@ -229,8 +219,9 @@ goto :at_back
)
set _int =
for %% a in ( dns.msftncsi.com) do (
if not defined _int ( for /f " delims=[] tokens=2 " %% # in ( 'ping -n 1 %% a' ) do if not [%% #]== [] set _int = 1) )
for %% a in ( l.root-servers.net resolver1.opendns.com download.windowsupdate.com google.com) do if not defined _int (
for /f " delims=[] tokens=2 " %% # in ( 'ping -n 1 %% a' ) do ( if not [%% #]== [] set _int = 1)
)
echo :
if defined _int (
@ -266,9 +257,9 @@ set _time=
@@ -266,9 +257,9 @@ set _time=
for /f %% a in ( ' %psc% "Get-Date -format HH_mm_ss"' ) do set _time = %% a
echo :
echo Applying the command,
echo dism /online /cleanup-image /restorehealth /Logpath:" %SystemRoot% \Temp\RHealth_DISM_ %_time% .txt " /loglevel:4
echo dism /english / online /cleanup-image /restorehealth
echo :
dism /online /cleanup-image /restorehealth /Logpath:" %SystemRoot% \Temp\RHealth_DISM_ %_time% .txt " /loglevel:4
dism /english / online /cleanup-image /restorehealth /Logpath:" %SystemRoot% \Temp\RHealth_DISM_ %_time% .txt " /loglevel:4
if not exist " !desktop! \AT_Logs\ " md " !desktop! \AT_Logs\ " %nul%
copy /y /b " %SystemRoot% \Temp\RHealth_DISM_ %_time% .txt " " !desktop! \AT_Logs\RHealth_DISM_ %_time% .txt " %nul%
@ -319,35 +310,153 @@ sfc /scannow
@@ -319,35 +310,153 @@ sfc /scannow
if not exist " !desktop! \AT_Logs\ " md " !desktop! \AT_Logs\ " %nul%
copy /y /b " %cbs_log% " " !desktop! \AT_Logs\SFC_CBS_ %_time% .txt " %nul%
findstr /i /c:" [SR] " %cbs_log% | findstr /i /v /c:verify > " !desktop! \AT_Logs\SFC_Main_ %_time% .txt "
echo :
call : _color %Gray% " CBS and main extracted logs are copied to the AT_Logs folder on the dekstop. "
call : _color %Gray% " CBS log is copied to the AT_Logs folder on the dekstop. "
goto : at_back
: :========================================================================================================================================
: clea rvn ex t
: retokens
cls
mode 98, 30
title Clear Office vNext License
mode con cols=115 lines=32
%nul% %psc% " &{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=200;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;} "
title Fix Licensing ^( ClipSVC ^+ Office vNext ^+ SPP ^+ OSPP^)
echo :
echo %line%
echo :
echo This options will clear Office vNext ^( subscription^) license
echo :
echo You need to use this option when,
echo - KMS option is not activating office due to existing subscription license
echo - KMS option activated Office but Office activation page is not showing activated
echo :
echo Notes:
echo :
echo - It helps in troubleshooting activation issues.
echo :
echo - This option will,
echo - Deactivate Windows and Office, you may need to reactivate
echo - Clear ClipSVC, Office vNext, SPP and OSPP licenses
echo - Fix SPP permissions of tokens folder and registries
echo - Trigger the repair option for Office.
echo :
call : _color2 %_White% " - " %Red% " Apply it only when it is necessary. "
echo :
echo %line%
echo :
choice /C:09 /N /M " > [9] Continue [0] Go back : "
if %errorlevel% == 1 goto at_menu
: :========================================================================================================================================
: : Rebuild ClipSVC Licences
cls
: cleanlicensing
echo :
echo %line%
echo :
call : _color %Magenta% " Rebuilding ClipSVC Licences "
echo :
if %winbuild% LSS 10240 (
echo ClipSVC Licence rebuilding is supported only on Win 10/11 and Server equivalent.
echo Skipping...
goto : cleanvnext
)
%psc% " (([WMISEARCHER]'SELECT Name FROM SoftwareLicensingProduct WHERE LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL').Get()).Name " 2 > nul | findstr /i " Windows " 1 > nul && (
echo Windows is permanently activated.
echo Skipping rebuilding ClipSVC licences...
goto : cleanvnext
)
echo Stopping ClipSVC service...
call : _stopservice ClipSVC
timeout /t 2 %nul%
echo :
echo Applying the command to Clean ClipSVC Licences...
echo rundll32 clipc.dll,ClipCleanUpState
rundll32 clipc.dll,ClipCleanUpState
if %winbuild% LEQ 10240 (
echo [Successful]
) else (
if exist " %ProgramData% \Microsoft\Windows\ClipSVC\tokens.dat " (
call : _color %Red% " [Failed] "
) else (
echo [Successful]
)
)
: : Below registry key (Volatile & Protected) gets created after the ClipSVC License cleanup command, and gets automatically deleted after
: : system restart. It needs to be deleted to activate the system without restart.
set " RegKey=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState "
set " _ident=HKU\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL "
reg query " %RegKey% " %nul% && %nul% call :regownstart
reg delete " %RegKey% " /f %nul%
echo :
echo Deleting a Volatile ^& Protected Registry Key...
echo [%RegKey% ]
reg query " %RegKey% " %nul% && (
call : _color %Red% " [Failed] "
echo Restart the system, that will delete this registry key automatically.
) || (
echo [Successful]
)
: : Clear HWID token related registry to fix activation incase if there is any corruption
echo :
echo Deleting a IdentityCRL Registry Key...
echo [%_ident% ]
reg delete " %_ident% " /f %nul%
reg query " %_ident% " %nul% && (
call : _color %Red% " [Failed] "
) || (
echo [Successful]
)
call : _stopservice ClipSVC
: : Rebuild ClipSVC folder to fix permission issues
echo :
if %winbuild% GTR 10240 (
echo Deleting Folder %ProgramData% \Microsoft\Windows\ClipSVC\
rmdir /s /q " C:\ProgramData\Microsoft\Windows\ClipSvc " %nul%
if exist " %ProgramData% \Microsoft\Windows\ClipSVC\ " (
call : _color %Red% " [Failed] "
) else (
echo [Successful]
)
echo :
echo Rebuilding Folder %ProgramData% \Microsoft\Windows\ClipSVC\
net start ClipSVC /y %nul%
timeout /t 3 %nul%
if not exist " %ProgramData% \Microsoft\Windows\ClipSVC\ " timeout /t 5 %nul%
if not exist " %ProgramData% \Microsoft\Windows\ClipSVC\ " (
call : _color %Red% " [Failed] "
) else (
echo [Successful]
)
)
echo :
echo Restarting [wlidsvc LicenseManager] services...
for %% # in ( wlidsvc LicenseManager) do ( net stop %% # /y %nul% & net start %% # /y %nul% )
: :========================================================================================================================================
: : Clear Office vNext License
: cleanvnext
echo :
echo %line%
echo :
@ -360,20 +469,28 @@ setlocal EnableDelayedExpansion
@@ -360,20 +469,28 @@ setlocal EnableDelayedExpansion
attrib -R " !ProgramData! \Microsoft\Office\Licenses " %nul%
attrib -R " !_Local! \Microsoft\Office\Licenses " %nul%
rd /s /q " !ProgramData! \Microsoft\Office\Licenses\ " %nul%
rd /s /q " !_Local! \Microsoft\Office\Licenses\ " %nul%
if exist " !ProgramData! \Microsoft\Office\Licenses\ " (
rd /s /q " !ProgramData! \Microsoft\Office\Licenses\ " %nul%
if exist " !ProgramData! \Microsoft\Office\Licenses\ " (
echo Failed To Delete - !ProgramData! \Microsoft\Office\Licenses\
) else (
echo Deleted Folder - !ProgramData! \Microsoft\Office\Licenses\
)
) else (
echo Not Found - !ProgramData! \Microsoft\Office\Licenses\
)
if exist " !_Local! \Microsoft\Office\Licenses\ " (
rd /s /q " !_Local! \Microsoft\Office\Licenses\ " %nul%
if exist " !_Local! \Microsoft\Office\Licenses\ " (
echo Failed To Delete - !_Local! \Microsoft\Office\Licenses\
) else (
echo Deleted Folder - !_Local! \Microsoft\Office\Licenses\
)
) else (
echo Not Found - !_Local! \Microsoft\Office\Licenses\
)
echo :
for %% # in (
@ -387,44 +504,14 @@ echo Deleted Registry - %%#
@@ -387,44 +504,14 @@ echo Deleted Registry - %%#
echo Failed to Delete - %% #
)
) || (
echo Delete d Registry - %% #
echo Not Foun d Registry - %% #
)
)
goto : at_back
: :========================================================================================================================================
: retokens
cls
mode con cols=115 lines=32
%nul% %psc% " &{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=200;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;} "
title Rebuild Licensing Tokens ^( SPP ^+ OSPP)
echo :
echo %line%
echo :
echo Notes:
echo :
echo - It helps in troubleshooting activation issues.
echo :
call : _color2 %_White% " - " %Magenta% " This option will, "
call : _color2 %_White% " " %Magenta% " - Deactivate Windows and Office, you will need to reactivate "
call : _color2 %_White% " " %Magenta% " - Uninstall Office licenses and keys "
call : _color2 %_White% " " %Magenta% " - Clear SPP-OSPP data.dat, tokens.dat, cache.dat "
call : _color2 %_White% " " %Magenta% " - Trigger the repair option for Office "
echo :
call : _color2 %_White% " - " %Red% " Apply it only when it is necessary. "
echo :
echo %line%
echo :
choice /C:09 /N /M " > [9] Continue [0] Go back : "
if %errorlevel% == 1 goto at_menu
: : Rebuild SPP Tokens
cls
: cleanspptoken
echo :
echo %line%
echo :
@ -439,6 +526,64 @@ call :_color %Red% "tokens.dat file not found."
@@ -439,6 +526,64 @@ call :_color %Red% "tokens.dat file not found."
echo tokens.dat file: [%token% ]
)
if %winbuild% GEQ 14393 (
set wpaerror =
set /a count = 0
for /f %% a in ( 'reg query "HKLM\SYSTEM\WPA" 2^>nul' ) do set /a count += 1
for /L %% # in ( 1 ,1 ,!count! ) do (
reg query " HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P- %% # " /ve /t REG_BINARY %nul% || set wpaerror = 1
)
if defined wpaerror (
echo :
echo Checking WPA Registry Keys...
call : _color %Red% " [Error Found] [Registry Count - !count!] "
)
)
set tokenstore =
for /f " skip=2 tokens=2* " %% a in ( 'reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore 2^>nul' ) do call set " tokenstore= %% b "
: : Check sppsvc permissions and apply fixes
if %winbuild% GEQ 10240 (
echo :
echo Checking SPP permission related issues...
call : checkperms
if defined permerror (
mkdir " %tokenstore% " %nul%
set " d=$sddl = 'O:BAG:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICIIO;GR;;;BU)(A;;FR;;;BU)(A;OICI;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)'; "
set " d=!d! $AclObject = New-Object System.Security.AccessControl.DirectorySecurity; "
set " d=!d! $AclObject.SetSecurityDescriptorSddlForm($sddl); "
set " d=!d! Set-Acl -Path %tokenstore% -AclObject $AclObject; "
%psc% " !d! " %nul%
for %% # in (
" HKLM:\SYSTEM\WPA_QueryValues, EnumerateSubKeys, WriteKey "
" HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform_SetValue "
) do for /f "tokens=1,2 delims=_" %%A in (%%#) do (
set " d=$acl = Get-Acl ' %% A'; "
set " d=!d! $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc', ' %% B', 'ContainerInherit, ObjectInherit','None','Allow'); "
set " d=!d! $acl.ResetAccessRule($rule); "
set " d=!d! $acl.SetAccessRule($rule); "
set " d=!d! Set-Acl -Path ' %% A' -AclObject $acl "
%psc% " !d! " %nul%
)
call : checkperms
if defined permerror (
call : _color %Red% " [Failed To Fix] "
) else (
echo [Successfully Fixed]
)
) else (
echo [Error Not Found]
)
)
echo :
echo Stopping sppsvc service...
call : _stopservice sppsvc
@ -469,7 +614,7 @@ echo:
@@ -469,7 +614,7 @@ echo:
if not defined token (
call : _color %Red% " Failed to rebuilt tokens.dat file. "
) else (
call : _color %Green% " tokens.dat file was rebuilt successfully. "
echo tokens.dat file was rebuilt successfully.
)
: :========================================================================================================================================
@ -479,17 +624,15 @@ call :_color %Green% "tokens.dat file was rebuilt successfully."
@@ -479,17 +624,15 @@ call :_color %Green% "tokens.dat file was rebuilt successfully."
echo :
echo %line%
echo :
call : _color %Magenta% " Rebuilding OSPP Licensing Tokens "
echo :
sc qc osppsvc %nul% || (
echo :
call : _color %Magenta% " OSPP based Office is not installed "
call : _color %Magenta% " Skipping rebuilding OSPP tokens "
echo OSPP based Office is not installed
echo Skipping rebuilding OSPP tokens...
goto : repairoffice
)
call : _color %Magenta% " Rebuilding OSPP Licensing Tokens "
echo :
call : scandatospp check
if not defined token (
@ -528,7 +671,7 @@ echo:
@@ -528,7 +671,7 @@ echo:
if not defined token (
call : _color %Red% " Failed to rebuilt tokens.dat file. "
) else (
call : _color %Green% " tokens.dat file was rebuilt successfully. "
echo tokens.dat file was rebuilt successfully.
)
: :========================================================================================================================================
@ -678,401 +821,143 @@ goto :at_back
@@ -678,401 +821,143 @@ goto :at_back
: :========================================================================================================================================
: reclipsvc
cls
mode 98, 30
title Rebuild ClipSVC Licences
if %winbuild% LSS 10240 (
%eline%
echo Unsupported OS version Detected.
echo This command is supported only for Windows 10/11 and their Server equivalent..
goto : at_back
)
echo :
echo %line%
echo :
echo Notes:
echo :
echo - Rebuilding ClipSVC Licences helps in troubleshooting HWID-KMS38 activation issues.
echo :
echo - Do not run this option unless you are having issues in HWID-KMS38 activation.
echo :
echo - System restart is recommended after applying it.
echo :
echo %line%
echo :
choice /C:09 /N /M " > [9] Continue [0] Go back : "
if %errorlevel% == 1 goto at_menu
cls
echo :
echo Stopping ClipSVC service...
call : _stopservice ClipSVC
timeout /t 2 %nul%
echo :
echo Applying the command to Clean ClipSVC Licences...
echo rundll32 clipc.dll,ClipCleanUpState
rundll32 clipc.dll,ClipCleanUpState
if %winbuild% LEQ 10240 (
call : _color %Green% " [Successful] "
) else (
if exist " %ProgramData% \Microsoft\Windows\ClipSVC\tokens.dat " (
call : _color %Red% " [Failed] "
) else (
call : _color %Green% " [Successful] "
)
)
: : Below registry key (Volatile & Protected) gets created after the ClipSVC License cleanup command, and gets automatically deleted after
: : system restart. It needs to be deleted to activate the system without restart.
set " RegKey=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState "
set " _ident=HKU\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL "
reg query " %RegKey% " %nul% && %nul% call :regownstart
reg delete " %RegKey% " /f %nul%
echo :
echo Deleting a Volatile ^& Protected Registry Key...
echo [%RegKey% ]
reg query " %RegKey% " %nul% && (
call : _color %Red% " [Failed] "
echo Restart the system, that will delete this registry key automatically.
) || (
call : _color %Green% " [Successful] "
)
: : Clear HWID token related registry to fix activation incase if there is any corruption
echo :
echo Deleting a IdentityCRL Registry Key...
echo [%_ident% ]
reg delete " %_ident% " /f %nul%
reg query " %_ident% " %nul% && (
call : _color %Red% " [Failed] "
) || (
call : _color %Green% " [Successful] "
)
echo :
echo Restarting [ClipSVC wlidsvc LicenseManager sppsvc] services...
for %% # in ( ClipSVC wlidsvc LicenseManager sppsvc) do ( net stop %% # /y %nul% & net start %% # /y %nul% )
goto : at_back
: :========================================================================================================================================
: fixspoofer
cls
mode con cols=115 lines=32
%nul% %psc% " &{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=200;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;} "
title Fix: Issues Caused By Gaming Spoofers
%psc% $ExecutionContext.SessionState.LanguageMode 2 > nul | find /i " Full " 1 > nul || (
%eline%
echo Powershell is not responding properly. Aborting."
goto : at_back
)
echo :
echo %line%
echo :
echo Notes:
echo :
echo - Gaming unban/spoofers/cleaners often cause Windows activation issues.
echo :
call : _color2 %_White% " - " %Red% " Apply this fix ONLY if you have used these things. "
echo :
echo - This option will fix files and registry permissions and rebuild licensing tokens.
echo :
echo - System restart is recommended after applying it.
echo :
echo %line%
echo :
choice /C:09 /N /M " > [9] Continue [0] Go back : "
if %errorlevel% == 1 goto at_menu
: fixwmi
cls
echo :
echo Fixing registry and files permissions...
call : fixpermissions %nul%
goto : cleanspptoken
: fixpermissions
: : Thanks to skidaim for the fix
takeown /F %windir% \System32\sppsvc.exe
icacls %windir% \System32 /grant administrators:F /T
icacls %windir% \System32\spp /grant administrators:F /T
: : I know it's bad but people have messed up system32 permissions, that's why I don't recommend to run this unless users have messed up systems
%psc% $acl = Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -AclObject $acl
%psc% $acl = Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP' -AclObject $acl
%psc% $acl = Get-Acl 'HKLM:\SYSTEM\CurrentControlSet\Services\SPPSVC'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\SPPSVC' -AclObject $acl
%psc% $acl = Get-Acl 'HKLM:\SYSTEM\WPA'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SYSTEM\WPA' -AclObject $acl
%psc% $acl = Get-Acl '%windir% \System32'; $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path '%windir% \System32' -AclObject $acl
%psc% $acl = Get-Acl '%windir% \System32\spp'; $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path '%windir% \System32\spp' -AclObject $acl
exit /b
: :========================================================================================================================================
: fixwindows7
mode 98, 34
title Fix WMI
cls
mode 98, 30
title Fix: Issues Caused By KB971033 In Windows 7
: : https://techcommunity.microsoft.com/t5/ask-the-performance-team/wmi-repository-corruption-or-not/ba-p/375484
if %winbuild% GEQ 9200 (
if exist " %SystemRoot% \Servicing\Packages\Microsoft-Windows-Server*Edition~*.mum " (
%eline%
echo Unsupported OS version Detected.
echo This option is supported only for Windows 7 and it's Server equivalent.
echo WMI rebuild is not recommended on Windows Server. Aborting...
goto : at_back
)
echo :
echo %line%
echo :
echo Notes:
echo :
echo - This option fixes issues caused by Update KB971033 in Windows 7.
echo https://support.microsoft.com/en-us/help/4487266
echo :
echo %line%
echo :
choice /C:01 /N /M " > [1] Continue [0] Go back : "
if %errorlevel% == 1 goto at_menu
cls
echo :
echo Checking Update KB971033...
dism /online /get-packages | find /i " Microsoft-Windows-Security-WindowsActivationTechnologies-package~31bf3856ad364e35~amd64~~7.1.7600.16395 " 1 > nul && (
echo [Found]
echo Uninstalling it...
) || (
echo [Not Found]
)
wusa /uninstall /quiet /norestart /kb:971033
echo :
echo Applying Fixes...
echo :
net stop sppuinotify /y
sc config sppuinotify start= disabled
net stop sppsvc /y
del %windir% \system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah
del %windir% \system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah
del %windir% \ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
del %windir% \ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\cache\cache.dat
cscript //nologo %windir% \system32\slmgr.vbs /rilc %nul%
sc config sppuinotify start= demand
goto : at_back
: :========================================================================================================================================
: rewmi
cls
mode 98, 30
title Rebuild WMI Repository
: : https://techcommunity.microsoft.com/t5/ask-the-performance-team/wmi-repository-corruption-or-not/ba-p/375484
if exist " %SystemRoot% \Servicing\Packages\Microsoft-Windows-Server*Edition~*.mum " (
for %% # in ( wmic.exe) do @ if " %% ~$PATH:# " == " " (
%eline%
echo WMI rebuild is not recommended on Windows Server . Aborting...
echo wmic.exe file is not found in the system. Aborting...
goto : at_back
)
echo :
echo Initializing...
set _wmic = 0
for %% # in ( wmic.exe) do @ if not " %% ~$PATH:# " == " " set _wmic = 1
echo Checking WMI
set error =
if %_wmic% EQU 1 wmic path Win32_ComputerSystem get CreationClassName /value 2 > nul | find /i " computersystem " 1 > nul
if %_wmic% EQU 0 %psc% " Get-CIMInstance -Class Win32_ComputerSystem | Select-Object -Property CreationClassName " 2 > nul | find /i " computersystem " 1 > nul
wmic path Win32_ComputerSystem get CreationClassName /value 2 > nul | find /i " computersystem " 1 > nul
if %errorlevel% NEQ 0 set error = 1
winmgmt /verifyrepository %nul%
if %errorlevel% NEQ 0 set error = 1
cls
echo :
echo %line%
echo :
if defined error (
echo WMI Status - [Not Responding] %_wmic%
) else (
call : _color %_Green% " WMI Status - [Working] "
if not defined error (
echo [Working]
echo No need to apply this option. Aborting...
goto : at_back
)
echo :
echo Notes:
echo :
call : _color2 %_White% " - " %Magenta% " WMI rebuild can cause some 3rd party apps to not work until reinstall. "
echo :
call : _color2 %_White% " - " %Red% " Apply this fix ONLY if WMI is not working. "
echo :
echo %line%
echo :
choice /C:09 /N /M " > [9] Continue [0] Go back : "
if %errorlevel% == 1 goto at_menu
: : Below fixes are taken from https://kb.acronis.com/content/62731
call : _color %Red% " [Not Responding] "
cls
echo :
sc query Winmgmt %nul% || (
%eline%
echo Winmgmt service is not installed. Aborting...
goto : at_back
)
echo Disabling Winmgmt service...
echo Disabling Winmgmt service
sc config Winmgmt start= disabled %nul%
if %errorlevel% EQU 0 (
call : _color %Green% " [Successful] "
echo [Successful]
) else (
call : _color %Red% " [Failed] Aborting... "
goto : wmifixend
sc config Winmgmt start= auto %nul%
goto : at_back
)
echo :
echo Stopping Winmgmt service...
echo Stopping Winmgmt service
call : _stopservice Winmgmt
call : _stopservice Winmgmt
call : _stopservice Winmgmt
sc query Winmgmt | find /i " 1 STOPPED " %nul% && (
call : _color %Green% " [Successful] "
echo [Successful]
) || (
call : _color %Red% " [Failed] Aborting... "
goto : wmifixend
call : _color %Red% " [Failed] "
echo :
call : _color %Magenta% " Its recommended to select [Restart] option and then apply Fix WMI option again. "
echo %line%
echo :
choice /C:21 /N /M " > [1] Restart [2] Revert Back Changes : "
if !errorlevel! == 1 ( sc config Winmgmt start= auto %nul% & goto : at_back )
echo :
echo Restarting...
shutdown -t 5 -r
exit
)
echo :
echo Deleting WMI repository...
if exist " %windir% \System32\wbem\repository\ " rmdir /s /q " %windir% \System32\wbem\repository\ " %nul%
echo Deleting WMI repository
rmdir /s /q " %windir% \System32\wbem\repository\ " %nul%
if exist " %windir% \System32\wbem\repository\ " (
call : _color %Red% " [Failed] "
) else (
call : _color %Green% " [Successful] "
echo [Successful]
)
echo :
echo Enabling Winmgmt service...
echo Enabling Winmgmt service
sc config Winmgmt start= auto %nul%
if %errorlevel% EQU 0 (
call : _color %Green% " [Successful] "
echo [Successful]
) else (
call : _color %Red% " [Failed] "
)
wmic path Win32_ComputerSystem get CreationClassName /value 2 > nul | find /i " computersystem " 1 > nul
if %errorlevel% EQU 0 (
echo :
echo Checking WMI...
if %_wmic% EQU 1 wmic path Win32_ComputerSystem get CreationClassName /value 2 > nul | find /i " computersystem " 1 > nul
if %_wmic% EQU 0 %psc% " Get-CIMInstance -Class Win32_ComputerSystem | Select-Object -Property CreationClassName " 2 > nul | find /i " computersystem " 1 > nul
if %errorlevel% NEQ 0 (
call : _color %Red% " [Not Responding] "
) else (
echo Checking WMI
call : _color %Green% " [Working] "
)
goto : at_back
)
: wmifixend
echo :
echo Registering .dll's and Compiling .mof's, .mfl's
call : registerobj %nul%
echo :
echo Enabling Winmgmt service...
sc config Winmgmt start= auto %nul%
if %errorlevel% EQU 0 (
call : _color %Green% " [Successful] "
echo Checking WMI
wmic path Win32_ComputerSystem get CreationClassName /value 2 > nul | find /i " computersystem " 1 > nul
if %errorlevel% NEQ 0 (
call : _color %Red% " [Not Responding] "
echo :
echo Run [Dism RestoreHealth] and [SFC Scannow] options and make sure there are no errors.
) else (
call : _color %Red% " [Failed] "
call : _color %Green% " [Working] "
)
goto : at_back
: :========================================================================================================================================
: exportevtlogs
cls
mode con cols=125 lines=32
%nul% %psc% " &{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=500;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;} "
title Export Event Viewer Logs
set tdir = %SystemRoot% \Temp\_EventLogs
if exist %tdir% \. rd /s /q %tdir% \ %nul%
if exist %tdir% \ (
%eline%
echo Failed to delete below folder. Aborting...
echo %tdir% \
goto : at_back
)
md %tdir% \
echo :
echo Creating archive file of Event logs...
: registerobj
set _time =
for /f %% a in ( ' %psc% "Get-Date -format HH_mm_ss"' ) do set _time = %% a
%nul% robocopy %SystemRoot% \System32\winevt\Logs\ %tdir% \
: : https://stackoverflow.com/a/46268232
set " ddf= " %SystemRoot% \Temp\ddf" "
%nul% del /q /f %ddf%
echo /.New Cabinet> %ddf%
echo /.set Cabinet=ON>> %ddf%
echo /.set CabinetFileCountThreshold=0;>> %ddf%
echo /.set Compress=ON>> %ddf%
echo /.set CompressionType=LZX>> %ddf%
echo /.set CompressionLevel=7;>> %ddf%
echo /.set CompressionMemory=21;>> %ddf%
echo /.set FolderFileCountThreshold=0;>> %ddf%
echo /.set FolderSizeThreshold=0;>> %ddf%
echo /.set GenerateInf=OFF>> %ddf%
echo /.set InfFileName=nul>> %ddf%
echo /.set MaxCabinetSize=0;>> %ddf%
echo /.set MaxDiskFileCount=0;>> %ddf%
echo /.set MaxDiskSize=0;>> %ddf%
echo /.set MaxErrors=1;>> %ddf%
echo /.set RptFileName=nul>> %ddf%
echo /.set UniqueFiles=ON>> %ddf%
pushd " %tdir% \ "
for /f " tokens=* delims= " %% D in ( 'dir /a:-D/b/s " %tdir% \"' ) do (
echo /" %% ~fD " /inf=no;>> %ddf%
)
makecab /F %ddf% /D DiskDirectory1=" " /D CabinetNameTemplate=%tdir% \Logs.cab
del /q /f %ddf%
popd
: : https://eskonr.com/2012/01/how-to-fix-wmi-issues-automatically/
if not exist " !desktop! \AT_Logs\ " md " !desktop! \AT_Logs\ " %nul%
copy /y /b " %tdir% \Logs.cab " " !desktop! \AT_Logs\EventLogs_ %_time% .cab " %nul%
if exist %tdir% \. rd /s /q %tdir% \ %nul%
echo :
if exist " !desktop! \AT_Logs\EventLogs_ %_time% .cab " (
call : _color %Green% " [Successful] "
echo EventLogs_%_time% .cab created inside AT_Logs folder on the dekstop.
) else (
call : _color %Red% " [Failed] "
)
goto : at_back
call : _stopservice Winmgmt
cd /d %systemroot% \system32\wbem\
regsvr32 /s %systemroot% \system32\scecli.dll
regsvr32 /s %systemroot% \system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %% s in ( 'dir /b /s *.dll' ) do regsvr32 /s %% s
for /f %% s in ( 'dir /b *.mof' ) do mofcomp %% s
for /f %% s in ( 'dir /b *.mfl' ) do mofcomp %% s
winmgmt /salvagerepository
winmgmt /resetrepository
exit /b
: :========================================================================================================================================
@ -1114,6 +999,23 @@ exit /b
@@ -1114,6 +999,23 @@ exit /b
: :========================================================================================================================================
: checkperms
set permerror =
if not exist " %tokenstore% \ " set permerror = 1
for %% # in (
" %tokenstore% "
" HKLM:\SYSTEM\WPA "
" HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform "
) do if not defined permerror (
%psc% " $acl = Get-Acl ' %% #'; if ($acl.Access.Where{ $_.IdentityReference -eq 'NT SERVICE\sppsvc' -and $_.AccessControlType -eq 'Deny' -or $acl.Access.IdentityReference -notcontains 'NT SERVICE\sppsvc'}) {Exit 2} " %nul%
if !errorlevel! == 2 set permerror = 1
)
exit /b
: :========================================================================================================================================
: scandat
set token =
@ -1165,35 +1067,19 @@ exit /b
@@ -1165,35 +1067,19 @@ exit /b
: regownstart
setlocal
set " TMP= %SystemRoot% \Temp "
set " TEMP= %SystemRoot% \Temp "
%psc% " $f=[io.file]::ReadAllText('!_batp!') -split ':regown\:.*';iex ($f[1]); "
endlocal
exit /b
: : Below code takes ownership of a volatile registry key and deletes it
: : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState
: : Thanks to Remko Weijnen for the code and thanks to abbodi1406 for the help
: : remkoweijnen.nl/blog/2012/01/16/take-ownership-of-a-registry-key-in-powershell/
: regown :
$definition = @"
using System;
using System.Runtime.InteropServices;
namespace Win32Api
{
public class NtDll
{
[DllImport(" ntdll.dll " , EntryPoint=" RtlAdjustPrivilege " )]
public static extern int RtlAdjustPrivilege(int Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
}
}
" @
Add-Type -TypeDefinition $definition -PassThru | Out-Null
[Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$false) | Out-Null
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False)
$TypeBuilder = $ModuleBuilder.DefineType(0)
$TypeBuilder.DefinePInvokeMethod('RtlAdjustPrivilege', 'ntdll.dll', 'Public, Static', 1, [int], @([int], [bool], [bool], [bool].MakeByRefType()), 1, 3) | Out-Null
$TypeBuilder.CreateType()::RtlAdjustPrivilege(9, $true, $false, [ref]$false) | Out-Null
$SID = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
$IDN = ($SID.Translate([System.Security.Principal.NTAccount])).Value