Ok, I need some help. My coworker threatened to write something for me in VBscript since I haven’t been able to crack this. I really don’t want that to happen.
My goal is to delete out-of-date Adobe Flash files from C:\Windows\System32\Macromed\Flash. I can do this remotely just fine, but we have implemented a script to take care of several things, one of which is to take care of Flash if it is out-of-date by removing the files. When it runs as a scheduled task, I get an error that “Access to the path is denied.” My first round of googling says that I need to take ownership which I did with Icacls, but no luck afterward, same error. Has anyone seen this behavior before? Is there a bug I am running into? This is running on Windows 7+ with PowerShell 5.1
My code segment is below:
#// Adobe Flash Player <= 32.0.0.156 (APSB19-19) (123938) $FileVersion = $null $AppInfo = $null $PluginID = "123938" $PluginDescription = "Adobe Flash Player <= 32.0.0.156 (APSB19-19)" $Product = "Adobe Flash Player 32 NPAPI" [System.Version]$FixedVersion = "32.0.0.171" $files = @() $files += Get-ChildItem -Path "C:\Windows\System32\Macromed\Flash\Flash.ocx" $files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "Flash64*.ocx" $files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "Flash64*.dll" $files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "Flash64*.exe" $files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "NPSWF64*.ocx" $files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "NPSWF64*.dll" $files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "NPSWF64*.exe"$filesRemoved = @()
$filesErrored = @()ForEach ($file in $files) {
$FileVersion= [System.Version]$file.versioninfo.fileversion.replace(‘,’,‘.’)
If ($FileVersion-lt$FixedVersion) {
$test= icacls $file.fullname/SETOWNER “NT AUTHORITY\SYSTEM”
$file.Delete()if(Test-Path-path $file.fullname){ Send-MailMessage-Subject "Remediation Status - $hostname"-To $NotifyList-Body "$($remerr.exception) $test"-From "email@org.org"-SmtpServer "server.org.org" $filesErrored+=$file }else{ $filesRemoved+=$file } }
}
if($filesRemoved -or $filesErrored){
Send-MailMessage-Subject “Remediation Status - $hostname”-To $NotifyList-Body “Host Name: $hostname`n`rNessus Plugin ID: $PluginID`n`rDescription: $PluginDescription`n`rSuccess: $($filesRemoved.fullname)`n`rError: $($filesErrored.fullname)`n`rAll wrapped up here, sir. Will there be anything else?”-From “email@org.org”-SmtpServer “server.org.org”
}