Run-in-Sandbox/Add_Structure.ps1 at master · Joly0/Run-in-Sandbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
[CmdletBinding()]
param (
    [Switch]$NoSilent,
    [Switch]$NoCheckpoint
)

$Current_Folder = $PSScriptRoot

# Import modules for installer functionality
$ModulesPath = "$Current_Folder\Sources\Run_in_Sandbox\Modules"
if (Test-Path $ModulesPath) {
    # Import shared modules first (Environment provides global variables)
    Import-Module "$ModulesPath\Shared\Environment.psm1" -Force -Global
    Import-Module "$ModulesPath\Shared\Logging.psm1" -Force -Global
    Import-Module "$ModulesPath\Shared\Config.psm1" -Force -Global
    # Import runtime modules
    Import-Module "$ModulesPath\Runtime\SevenZip.psm1" -Force -Global
    # Import installer modules
    Import-Module "$ModulesPath\Installer\Registry.psm1" -Force -Global
    Import-Module "$ModulesPath\Installer\Validation.psm1" -Force -Global
} else {
    Write-Host "ERROR: Modules folder not found at $ModulesPath" -ForegroundColor Red
    exit 1
}

# Set up Sources path for validation
$Sources = "$Current_Folder\Sources\*"

# Ensure any error from validation functions stops execution
$ErrorActionPreference = 'Stop'


if (Test-Path -Path $Log_File) {
    Remove-Item -Path $Log_File
}
New-Item -Path $Log_File -Type file -Force | Out-Null


Write-LogMessage -Message_Type "INFO" -Message "Starting the configuration of RunInSandbox"

Test-ForAdmin

Test-Prerequisites

Test-ForSandbox

Test-ForSources -Current_Folder $Current_Folder -Sources $Sources


$Progress_Activity = "Enabling Run in Sandbox context menus"
Write-Progress -Activity $Progress_Activity -PercentComplete 1


Copy-Sources -Current_Folder $Current_Folder -Sources $Sources

Unblock-Sources

# Cache initial 7-Zip installer
Write-Progress -Activity $Progress_Activity -PercentComplete 5
Write-LogMessage -Message_Type "INFO" -Message "Downloading and caching latest 7-Zip installer"
if (Update-7ZipCache) {
    Write-LogMessage -Message_Type "SUCCESS" -Message "7-Zip installer cached successfully"
} else {
    Write-LogMessage -Message_Type "WARNING" -Message "Failed to cache 7-Zip installer - will retry on first use"
}

if ($NoSilent) {
    powershell -NoProfile $Current_Folder\Sources\Run_in_Sandbox\RunInSandbox_Config.ps1
}


Get-Config
Write-Progress -Activity $Progress_Activity -PercentComplete 10

New-Checkpoint -NoCheckpoint:$NoCheckpoint
Write-Progress -Activity $Progress_Activity -PercentComplete 20

Write-LogMessage -Message_Type "INFO" -Message "Adding context menu"
Write-LogMessage -Message_Type "INFO" -Message "OS version is: $Windows_Version"


if ($Add_CMD -eq $True) {
    Add-RegItem -Sub_Reg_Path "cmdfile" -Type "CMD"
    Add-RegItem -Sub_Reg_Path "batfile" -Type "CMD" -Entry_Name "BAT"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 25

if ($Add_EXE -eq $True) {
    Add-RegItem -Sub_Reg_Path "exefile" -Type "EXE"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 30

if ($Add_Folder -eq $True) {
    Add-RegItem -Sub_Reg_Path "Directory\Background" -Type "Folder_Inside" -Entry_Name "this folder" -Key_Label "Share this folder in a Sandbox"
    Add-RegItem -Sub_Reg_Path "Directory" -Type "Folder_On" -Entry_Name "this folder" -Key_Label "Share this folder in a Sandbox"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 35

if ($Add_HTML -eq $True) {
    Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.html" -Type "HTML" -Key_Label "Run this web link in Sandbox"
    Add-RegItem -Sub_Reg_Path "MSEdgeHTM" -Type "HTML" -Key_Label "Run this web link in Sandbox"
    Add-RegItem -Sub_Reg_Path "ChromeHTML" -Type "HTML" -Key_Label "Run this web link in Sandbox"
    Add-RegItem -Sub_Reg_Path "IE.AssocFile.HTM" -Type "HTML" -Key_Label "Run this web link in Sandbox"
    Add-RegItem -Sub_Reg_Path "IE.AssocFile.URL" -Type "HTML" -Key_Label "Run this URL in Sandbox"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 40

if ($Add_Intunewin -eq $True) {
    #Add-RegItem -Sub_Reg_Path ".intunewin" -Type "Intunewin"
    Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.intunewin" -Type "Intunewin"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 45

if ($Add_ISO -eq $True) {
    Add-RegItem -Sub_Reg_Path "Windows.IsoFile" -Type "ISO" -Key_Label "Extract ISO file in Sandbox"
    Add-RegItem -Reg_Path "$HKCU_Classes" -Sub_Reg_Path ".iso" -Type "ISO" -Key_Label "Extract ISO file in Sandbox"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 50

if ($Add_MSI -eq $True) {
    Add-RegItem -Sub_Reg_Path "Msi.Package" -Type "MSI"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 55

if ($Add_MSIX -eq $True) {
    $MSIX_Shell_Registry_Key = "Registry::HKEY_CLASSES_ROOT\.msix\OpenWithProgids"
    if (Test-Path -Path $MSIX_Shell_Registry_Key) {
        $Get_Default_Value = (Get-Item -Path $MSIX_Shell_Registry_Key).Property
        if ($Get_Default_Value) {
            Add-RegItem -Sub_Reg_Path "$Get_Default_Value" -Type "MSIX"
        }
    }
    $Default_MSIX_HKCU = "$HKCU_Classes\.msix"
    if (Test-Path -Path $Default_MSIX_HKCU) {
        $Get_Default_Value = (Get-Item -Path "$Default_MSIX_HKCU\OpenWithProgids").Property
        if ($Get_Default_Value) {
            Add-RegItem -Reg_Path $HKCU_Classes -Sub_Reg_Path "$Get_Default_Value" -Type "MSIX"
        }
    }
}
Write-Progress -Activity $Progress_Activity -PercentComplete 60

if ($Add_MultipleApp -eq $True) {
    Add-RegItem -Sub_Reg_Path ".sdbapp" -Type "SDBApp" -Entry_Name "application bundle"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 65

if ($Add_PDF -eq $True) {
    Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.pdf" -Type "PDF" -Key_Label "Open PDF in Sandbox"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 75

if ($Add_PPKG -eq $True) {
    Add-RegItem -Sub_Reg_Path "Microsoft.ProvTool.Provisioning.1" -Type "PPKG"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 80

if ($Add_PS1 -eq $True) {
    Write-LogMessage -Message_Type "INFO" -Message "Checking OS Version for PS1..."
    if ($Windows_Version -like "*Windows 10*") {
        Write-LogMessage -Message_Type "INFO" -Message "Running on Windows 10"

        Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.ps1" -Type "PS1Basic" -Entry_Name "PS1 as user" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
        Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.ps1" -Type "PS1System" -Entry_Name "PS1 as system" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
        Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.ps1" -Type "PS1Params" -Entry_Name "PS1 with Parameters" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
    }

    if ($Windows_Version -like "*Windows 11*") {
        $Registry_Set = $False
        Write-LogMessage -Message_Type "INFO" -Message "Running on Windows 11"

        try {
            if (Test-Path -Path $HKCU_Classes) {
                $Default_PS1_HKCU = "$HKCU_Classes\.ps1"
                $OpenWithProgids_Key = "$Default_PS1_HKCU\OpenWithProgids"
                if (Test-Path -Path $OpenWithProgids_Key) {
                    $Get_OpenWithProgids_Default_Value = (Get-Item -Path $OpenWithProgids_Key).Property
                    ForEach ($Prop in $Get_OpenWithProgids_Default_Value) {
                        Add-RegItem -Reg_Path "$HKCU_Classes" -Sub_Reg_Path "$Prop" -Type "PS1Basic" -Entry_Name "PS1 as user" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
                        Add-RegItem -Reg_Path "$HKCU_Classes" -Sub_Reg_Path "$Prop" -Type "PS1System" -Entry_Name "PS1 as system" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
                        Add-RegItem -Reg_Path "$HKCU_Classes" -Sub_Reg_Path "$Prop" -Type "PS1Params" -Entry_Name "PS1 with Parameters" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
                        $Registry_Set = $True
                    }
                }

                # ADDING CONTEXT MENU UNDER THE USERCHOICE PROGID
                # The userchoice for PS1 is located in: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\UserChoice
                # Write to HKCU_Classes\<ProgID>\Shell\... so the menu shows up via the
                # merged HKCR view even when the ProgID has no machine-wide entry
                $PS1_UserChoice = "$HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\UserChoice"
                if (Test-Path -Path $PS1_UserChoice) {
                    $Get_UserChoice = (Get-ItemProperty -Path $PS1_UserChoice).ProgID
                    if ($Get_UserChoice) {
                        Add-RegItem -Reg_Path "$HKCU_Classes" -Sub_Reg_Path "$Get_UserChoice" -Type "PS1Basic" -Entry_Name "PS1 as user" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
                        Add-RegItem -Reg_Path "$HKCU_Classes" -Sub_Reg_Path "$Get_UserChoice" -Type "PS1System" -Entry_Name "PS1 as system" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
                        Add-RegItem -Reg_Path "$HKCU_Classes" -Sub_Reg_Path "$Get_UserChoice" -Type "PS1Params" -Entry_Name "PS1 with Parameters" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
                        $Registry_Set = $True
                    }
                }
            }
        } catch {
            Write-LogMessage -Message_Type "WARNING" -Message "Failed to set PS1 registry entries: $($_.Exception.Message)"
        }
        if ($Registry_Set -eq $False) {
            Write-LogMessage -Message_Type "WARNING" -Message "Couldn´t set the correct registry keys. You probably don´t have any programs selected as default for .ps1 extension!"
            Write-LogMessage -Message_Type "WARNING" -Message "Will try anyway using the method for Windows 10"
            Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.ps1" -Type "PS1Basic" -Entry_Name "PS1 as user" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
            Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.ps1" -Type "PS1System" -Entry_Name "PS1 as system" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
            Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.ps1" -Type "PS1Params" -Entry_Name "PS1 with Parameters" -Info_Type "PS1" -MainMenuLabel "Run PS1 in Sandbox" -MainMenuSwitch
        }
    }
}
Write-Progress -Activity $Progress_Activity -PercentComplete 85

if ($Add_Reg -eq $True) {
    Add-RegItem -Sub_Reg_Path "regfile" -Type "REG" -Key_Label "Test reg file in Sandbox"
}
Write-Progress -Activity $Progress_Activity -PercentComplete 90

if ($Add_VBS -eq $True) {
    Add-RegItem -Sub_Reg_Path "VBSFile" -Type "VBSBasic" -Entry_Name "VBS" -MainMenuLabel "Run VBS in Sandbox" -MainMenuSwitch
    Add-RegItem -Sub_Reg_Path "VBSFile" -Type "VBSParams" -Entry_Name "VBS with Parameters" -Info_Type "VBS" -MainMenuLabel "Run VBS in Sandbox" -MainMenuSwitch
}
Write-Progress -Activity $Progress_Activity -PercentComplete 95

if ($Add_ZIP -eq $True) {
    # Run on ZIP
    Add-RegItem -Sub_Reg_Path "CompressedFolder" -Type "ZIP" -Key_Label "Extract ZIP in Sandbox"

    # Run on ZIP if WinRAR is installed
    if (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\WinRAR.ZIP") {
        Add-RegItem -Sub_Reg_Path "WinRAR.ZIP" -Type "ZIP" -Key_Label "Extract ZIP (WinRAR) in Sandbox"
    }

    # Run on 7z
    if (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\Applications\7zFM.exe") {
        Add-RegItem -Sub_Reg_Path "Applications\7zFM.exe" -Type "7z" -Info_Type "7z" -Entry_Name "ZIP" -Key_Label "Extract 7z file in Sandbox"
    }
    if (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\7-Zip.7z") {
        Add-RegItem -Sub_Reg_Path "7-Zip.7z" -Type "7z" -Info_Type "7z" -Entry_Name "ZIP" -Key_Label "Extract 7z file in Sandbox"
    }
    if (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\SystemFileAssociations\.7z") {
        Add-RegItem -Sub_Reg_Path "SystemFileAssociations\.7z" -Type "7z" -Info_Type "7z" -Entry_Name "ZIP" -Key_Label "Extract 7z file in Sandbox"
    }
    if (Test-Path -Path "Registry::HKEY_CLASSES_ROOT\7-Zip.rar") {
        Add-RegItem -Sub_Reg_Path "7-Zip.rar" -Type "7z" -Info_Type "7z" -Entry_Name "ZIP" -Key_Label "Extract RAR file in Sandbox"
    }
}
Write-Progress -Activity $Progress_Activity -PercentComplete 100


# Set permissions so non-admin users can edit config files and write the
# runtime caches (temp, NotepadPayload). Lives here rather than in the wrapper
# installer so users who run Add_Structure.ps1 directly from the ZIP also get
# it applied.
try {
    Write-LogMessage -Message_Type "INFO" -Message "Setting folder permissions"
    $permSuccess = $true

    # Ensure temp folder exists for runtime temp files (Intunewin, EXE command files, etc.)
    $tempFolder = Join-Path $Run_in_Sandbox_Folder "temp"
    if (-not (Test-Path $tempFolder)) {
        New-Item -ItemType Directory -Path $tempFolder -Force | Out-Null
    }
    $permSuccess = (Set-UserWritePermissions -Path $tempFolder -IsDirectory) -and $permSuccess

    # NotepadPayload caches notepad.exe and its MUI for the sandbox; the runtime
    # writes here as a non-admin user, so it must be user-writable. Recreate it
    # cleanly so any admin-owned files from a previous install do not block the
    # runtime overwrite (and keep the sandbox from being able to read the
    # mapped folder).
    $notepadPayload = Join-Path $Run_in_Sandbox_Folder "NotepadPayload"
    if (Test-Path $notepadPayload) {
        Remove-Item -LiteralPath $notepadPayload -Recurse -Force -ErrorAction SilentlyContinue
    }
    New-Item -ItemType Directory -Path $notepadPayload -Force | Out-Null
    $permSuccess = (Set-UserWritePermissions -Path $notepadPayload -IsDirectory) -and $permSuccess

    $permSuccess = (Set-UserWritePermissions -Path (Join-Path $Run_in_Sandbox_Folder "startup-scripts") -IsDirectory) -and $permSuccess
    $permSuccess = (Set-UserWritePermissions -Path (Join-Path $Run_in_Sandbox_Folder "Sandbox_Config.xml")) -and $permSuccess

    if ($permSuccess) {
        Write-LogMessage -Message_Type "SUCCESS" -Message "Folder permissions set successfully"
    } else {
        Write-LogMessage -Message_Type "WARNING" -Message "Some permissions could not be set"
    }
} catch {
    Write-LogMessage -Message_Type "WARNING" -Message "Failed to set folder permissions: $($_.Exception.Message)"
}

Copy-Item -Path $Log_File -Destination $Destination_folder -Force