workScripts/Utilities/lockGoogleFileAssociations.ps1 at main · JevonThompsonx/workScripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
# Lock Google File Associations v5
# Run as Administrator
# Purpose: Lock file associations to Egnyte, prevent Google Drive hijacking
# Run AFTER installing Egnyte, BEFORE installing Google Drive

#Requires -RunAsAdministrator

param(
    [switch]$Unlock,  # Use -Unlock to reverse
    [switch]$NoPause
)

$LogPath = "$env:TEMP\GoogleAssocLock_$(Get-Date -Format 'yyyyMMdd_HHmmss').log"
Start-Transcript -Path $LogPath -ErrorAction SilentlyContinue | Out-Null

$extensions = @(".gdoc", ".gsheet", ".gslides")
$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name

Write-Host "`n=== Google File Association Lock v5 ===" -ForegroundColor Cyan
Write-Host "Running as: $currentUser" -ForegroundColor DarkGray
Write-Host "Mode: $(if ($Unlock) { 'UNLOCK' } else { 'LOCK' })" -ForegroundColor $(if ($Unlock) { 'Yellow' } else { 'Green' })
Write-Host "Log: $LogPath" -ForegroundColor DarkGray

# Create HKCR drive
if (!(Test-Path "HKCR:")) {
    New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT -Scope Script | Out-Null
}

# Helper: Apply Deny ACL
function Set-DenyAcl {
    param([string]$RegPath, [string]$User, [Microsoft.Win32.RegistryKey]$Hive = [Microsoft.Win32.Registry]::CurrentUser)
    try {
        $key = $Hive.OpenSubKey($RegPath,
            [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,
            [System.Security.AccessControl.RegistryRights]::ChangePermissions -bor
            [System.Security.AccessControl.RegistryRights]::ReadPermissions)
        if ($key) {
            $acl = $key.GetAccessControl()
            $acl.SetAccessRuleProtection($true, $true)
            $rule = New-Object System.Security.AccessControl.RegistryAccessRule(
                $User,
                [System.Security.AccessControl.RegistryRights]"CreateSubKey,SetValue,Delete,ChangePermissions,TakeOwnership",
                [System.Security.AccessControl.InheritanceFlags]::ContainerInherit,
                [System.Security.AccessControl.PropagationFlags]::None,
                [System.Security.AccessControl.AccessControlType]::Deny)
            $acl.AddAccessRule($rule)
            $key.SetAccessControl($acl)
            $key.Close()
            return $true
        }
    } catch { Write-Host "      ACL Error: $($_.Exception.Message)" -ForegroundColor Red }
    return $false
}

# Helper: Remove Deny ACL
function Remove-DenyAcl {
    param([string]$RegPath, [Microsoft.Win32.RegistryKey]$Hive = [Microsoft.Win32.Registry]::CurrentUser)
    try {
        $key = $Hive.OpenSubKey($RegPath,
            [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,
            [System.Security.AccessControl.RegistryRights]::ChangePermissions)
        if ($key) {
            $acl = $key.GetAccessControl()
            $denyRules = @($acl.Access | Where-Object { $_.AccessControlType -eq 'Deny' })
            if ($denyRules.Count -gt 0) {
                foreach ($rule in $denyRules) { $acl.RemoveAccessRule($rule) | Out-Null }
                $acl.SetAccessRuleProtection($false, $false)
                $key.SetAccessControl($acl)
            }
            $key.Close()
            return $true
        }
    } catch { }
    return $false
}

# === UNLOCK MODE ===
if ($Unlock) {
    Write-Host "`n[1/3] Unlocking HKCU\SOFTWARE\Classes..." -ForegroundColor Yellow
    foreach ($ext in $extensions) {
        Remove-DenyAcl -RegPath "SOFTWARE\Classes\$ext" | Out-Null
        $path = "HKCU:\SOFTWARE\Classes\$ext"
        if (Test-Path $path) {
            Remove-Item -Path $path -Recurse -Force -ErrorAction SilentlyContinue
            Write-Host "      Removed override: $ext" -ForegroundColor Green
        } else {
            Write-Host "      No override found: $ext" -ForegroundColor DarkGray
        }
    }

    Write-Host "`n[2/3] Unlocking HKCU FileExts..." -ForegroundColor Yellow
    foreach ($ext in $extensions) {
        $regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$ext"
        if (Remove-DenyAcl -RegPath $regPath) {
            Write-Host "      Unlocked: $ext" -ForegroundColor Green
        } else {
            Write-Host "      No lock or not found: $ext" -ForegroundColor DarkGray
        }
    }

    Write-Host "`n[3/3] Restarting Explorer..." -ForegroundColor Yellow
    Stop-Process -Name explorer -Force -ErrorAction SilentlyContinue
    Start-Sleep -Seconds 1
    Start-Process explorer

    Write-Host "`n=== Unlock Complete ===" -ForegroundColor Cyan
    Write-Host "Google Drive can now reclaim associations if reinstalled." -ForegroundColor White
    Stop-Transcript -ErrorAction SilentlyContinue | Out-Null
    if (-not $NoPause) {
        Write-Host "`nPress Enter to exit..."
        Read-Host | Out-Null
    }
    exit 0
}

# === LOCK MODE ===

# 1. Detect current handlers (should be Egnyte after fresh install)
Write-Host "`n[1/5] Detecting current file handlers..." -ForegroundColor Yellow

$handlers = @{}
foreach ($ext in $extensions) {
    $handler = $null
    $source = $null

    # Check HKCR for current handler
    $hkcrPath = "HKCR:\$ext\shell\open\command"
    if (Test-Path $hkcrPath) {
        $handler = (Get-ItemProperty -Path $hkcrPath -Name "(default)" -ErrorAction SilentlyContinue).'(default)'
        $source = "HKCR"
    }

    if ($handler -and $handler -notlike "*Google*") {
        $handlers[$ext] = $handler
        Write-Host "      $ext -> $handler" -ForegroundColor Green
    } elseif ($handler -like "*Google*") {
        Write-Host "      $ext -> Google Drive (WARNING: Run cleanup first!)" -ForegroundColor Red
        $handlers[$ext] = $null
    } else {
        Write-Host "      $ext -> No handler found (Egnyte may not be installed)" -ForegroundColor Yellow
        $handlers[$ext] = $null
    }
}

# Check if we have valid handlers
$validHandlers = ($handlers.Values | Where-Object { $_ -ne $null }).Count
if ($validHandlers -eq 0) {
    Write-Host "`nERROR: No valid handlers found. Please ensure:" -ForegroundColor Red
    Write-Host "  1. Egnyte is installed" -ForegroundColor Yellow
    Write-Host "  2. You've opened a .gdoc file with Egnyte at least once" -ForegroundColor Yellow
    Write-Host "  3. Google Drive is not currently registered" -ForegroundColor Yellow
    Stop-Transcript -ErrorAction SilentlyContinue | Out-Null
    exit 1
}

# 2. Create HKCU\SOFTWARE\Classes overrides with Egnyte's handler
Write-Host "`n[2/5] Creating HKCU\SOFTWARE\Classes overrides..." -ForegroundColor Yellow

foreach ($ext in $extensions) {
    $path = "HKCU:\SOFTWARE\Classes\$ext"
    $handler = $handlers[$ext]

    if (-not $handler) {
        Write-Host "      Skipping $ext (no handler)" -ForegroundColor DarkYellow
        continue
    }

    try {
        # Remove existing if present (unlock first)
        Remove-DenyAcl -RegPath "SOFTWARE\Classes\$ext" | Out-Null
        if (Test-Path $path) {
            Remove-Item -Path $path -Recurse -Force -ErrorAction SilentlyContinue
        }

        # Create fresh structure
        New-Item -Path $path -Force | Out-Null
        Set-ItemProperty -Path $path -Name "(default)" -Value ""  # Empty to not follow ProgID chain

        # Create shell\open\command with Egnyte's handler
        $cmdPath = "$path\shell\open\command"
        New-Item -Path $cmdPath -Force | Out-Null
        Set-ItemProperty -Path $cmdPath -Name "(default)" -Value $handler

        Write-Host "      Created override: $ext" -ForegroundColor Green
    } catch {
        Write-Host "      Failed to create $ext : $_" -ForegroundColor Red
    }
}

# 3. Clean OpenWithProgids and OpenWithList (remove any Google entries)
Write-Host "`n[3/5] Cleaning FileExts OpenWith entries..." -ForegroundColor Yellow

foreach ($ext in $extensions) {
    $basePath = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$ext"
    $regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$ext"

    # Unlock if locked from previous run
    Remove-DenyAcl -RegPath $regPath | Out-Null

    # Ensure base key exists
    if (!(Test-Path $basePath)) {
        New-Item -Path $basePath -Force | Out-Null
    }

    # Remove UserChoice if exists
    $userChoice = "$basePath\UserChoice"
    if (Test-Path $userChoice) {
        Remove-DenyAcl -RegPath "$regPath\UserChoice" | Out-Null
        Remove-Item -Path $userChoice -Force -ErrorAction SilentlyContinue
        Write-Host "      Removed UserChoice: $ext" -ForegroundColor Yellow
    }

    # Clean OpenWithProgids
    $progids = "$basePath\OpenWithProgids"
    if (Test-Path $progids) {
        $item = Get-Item $progids -ErrorAction SilentlyContinue
        if ($item) {
            $googleEntries = $item.GetValueNames() | Where-Object { $_ -like "*Google*" }
            foreach ($entry in $googleEntries) {
                Remove-ItemProperty -Path $progids -Name $entry -ErrorAction SilentlyContinue
                Write-Host "      Removed from OpenWithProgids: $entry" -ForegroundColor Yellow
            }
        }
    }

    # Clean OpenWithList
    $list = "$basePath\OpenWithList"
    if (Test-Path $list) {
        $item = Get-Item $list -ErrorAction SilentlyContinue
        if ($item) {
            $toRemove = @()
            foreach ($prop in ($item.GetValueNames() | Where-Object { $_ -ne "MRUList" })) {
                $val = (Get-ItemProperty $list -ErrorAction SilentlyContinue).$prop
                if ($val -like "*Google*") {
                    $toRemove += $prop
                    Remove-ItemProperty -Path $list -Name $prop -ErrorAction SilentlyContinue
                    Write-Host "      Removed from OpenWithList: $prop ($val)" -ForegroundColor Yellow
                }
            }
            # Fix MRUList
            if ($toRemove.Count -gt 0) {
                $mru = (Get-ItemProperty $list -Name MRUList -ErrorAction SilentlyContinue).MRUList
                if ($mru) {
                    $newMru = -join ($mru.ToCharArray() | Where-Object { $toRemove -notcontains $_ })
                    if ($newMru) {
                        Set-ItemProperty -Path $list -Name MRUList -Value $newMru -ErrorAction SilentlyContinue
                    }
                }
            }
        }
    }
}

# 4. Lock HKCU\SOFTWARE\Classes overrides
Write-Host "`n[4/5] Locking HKCU\SOFTWARE\Classes..." -ForegroundColor Yellow
$classesLocked = 0

foreach ($ext in $extensions) {
    if ($handlers[$ext]) {  # Only lock if we created an override
        if (Set-DenyAcl -RegPath "SOFTWARE\Classes\$ext" -User $currentUser) {
            Write-Host "      LOCKED: HKCU\SOFTWARE\Classes\$ext" -ForegroundColor Green
            $classesLocked++
        } else {
            Write-Host "      FAILED: HKCU\SOFTWARE\Classes\$ext" -ForegroundColor Red
        }
    }
}

# 5. Lock HKCU FileExts
Write-Host "`n[5/5] Locking HKCU FileExts..." -ForegroundColor Yellow
$fileExtsLocked = 0

foreach ($ext in $extensions) {
    $regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$ext"
    if (Set-DenyAcl -RegPath $regPath -User $currentUser) {
        Write-Host "      LOCKED: FileExts\$ext" -ForegroundColor Green
        $fileExtsLocked++
    } else {
        Write-Host "      FAILED: FileExts\$ext" -ForegroundColor Red
    }
}

# Cleanup
Remove-PSDrive -Name HKCR -ErrorAction SilentlyContinue

# Summary
$totalLocked = $classesLocked + $fileExtsLocked
Write-Host "`n=== Lock Complete ===" -ForegroundColor Cyan

if ($totalLocked -ge 4) {  # At least some locks applied
    Write-Host @"

SUCCESS: $totalLocked locks applied

What was done:
  1. Created HKCU\SOFTWARE\Classes overrides with Egnyte's handler
  2. Cleaned Google entries from OpenWithProgids/OpenWithList
  3. Locked HKCU\SOFTWARE\Classes (blocks Google from overriding)
  4. Locked HKCU FileExts (blocks UserChoice hijacking)

You can now install Google Drive - it will NOT be able to hijack
these file associations.

To verify after installing Google Drive:
  - Right-click a .gdoc file > Properties
  - Should show Egnyte (or your system default), NOT Google Drive

To unlock later: Run this script with -Unlock parameter

Log: $LogPath
"@ -ForegroundColor White
} else {
    Write-Host "`nWARNING: Only $totalLocked locks applied. Review errors above." -ForegroundColor Yellow
}

# Restart Explorer to apply changes
Write-Host "`nRestarting Explorer to apply changes..." -ForegroundColor Cyan
Stop-Process -Name explorer -Force -ErrorAction SilentlyContinue
Start-Sleep -Seconds 1
Start-Process explorer

Stop-Transcript -ErrorAction SilentlyContinue | Out-Null
if (-not $NoPause) {
    Write-Host "`nPress Enter to exit..."
    Read-Host | Out-Null
}