Windows注册表编辑器-使用脚本自动从图片上下文菜单中删除“向右/向左旋转”

令我烦恼的是，Windows 10在上下文菜单中有许多图像文件（例如.png和.jpg）的标题为“向右旋转”和“向左旋转”的项目。我希望对所有图像文件类型都摆脱这些限制，但是我需要能够以自动化的方式做到这一点。我知道我可以通过使用某些外部程序或可能在注册表编辑器中更改某些权限来手动删除这些键，但是正如我所说，它需要自动化。此外，每当我重新启动计算机时，这些上下文菜单项都不应返回。

在注册表编辑器中，我发现：

Computer\HKEY_CLASSES_ROOT\CLSID\{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}

似乎是这些上下文菜单整体的存储位置。因此，我尝试创建一个.reg文件以自动删除此密钥：

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}]

但无济于事，因为运行.reg文件绝对没有任何作用。即使我尝试手动删除密钥，Windows也会给我以下错误：

这显然没有帮助。但是，据我所读，即使人们以某种​​方式设法删除了该密钥，Windows也可能会在重新启动计算机后立即将其重新放回原处，这绝对不是这里的目标。

因此，我想在这里完成两件事：

1. 具有某种脚本（不一定是.reg文件）可以自动删除这些“左右旋转”上下文菜单项。

2. 确保他们再也不会回来。

能做到吗？如果是这样，怎么办？

这是一个简短的过程。从下面给出的链接下载SetACL工具。在记事本中复制以下命令，并将其保存为批处理文件（.bat或.cmd）。

@echo off
set X="HKCR\CLSID\{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
%~dp0\SetACL.exe -on %X% -ot reg -rec cont_obj -actn setowner -ownr "n:Everyone"
%~dp0\SetACL.exe -on %X% -ot reg -rec cont_obj -actn ace -ace "n:Everyone;p:full"
reg delete %X% /F
pause

将批处理文件和SetACL.exe都放在同一文件夹中。以管理员身份运行批处理文件。注册表将被删除。

链接：

1. SetACL主页：https ://helgeklein.com/setacl/
2. SetACL文档：https ://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/
3. SetACL下载页面：https：//helgeklein.com/download/

首先，您不能在不更改所有权的情况下更改或删除该密钥，因为它使用TrustedInstaller凭据。使用Regedit进行更改并不困难：右键单击键，单击Permissions ...，然后单击Advanced按钮。将自己设置为所有者，然后在子容器和对象上替换所有者。然后编辑权限，以便您可以删除密钥。

期望在每个主要Windows更新上，原始所有权和密钥都将被重新声明。

如果要编写更改脚本，则需要使用Powershell进行更改。以下代码来自上面的链接，而我尚未对其进行测试。

function enable-privilege {
 param(
  ## The privilege to adjust. This set is taken from
  ## http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
  [ValidateSet(
   "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
   "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
   "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
   "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
   "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
   "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
   "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
   "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
   "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
   "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
   "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
  $Privilege,
  ## The process on which to adjust the privilege. Defaults to the current process.
  $ProcessId = $pid,
  ## Switch to disable the privilege, rather than enable it.
  [Switch] $Disable
 )
 ## Taken from P/Invoke.NET with minor adjustments.
 $definition = @'
 using System;
 using System.Runtime.InteropServices; 
 public class AdjPriv
 {
  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
   ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);  
  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
  [DllImport("advapi32.dll", SetLastError = true)]
  internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
  [StructLayout(LayoutKind.Sequential, Pack = 1)]
  internal struct TokPriv1Luid
  {
   public int Count;
   public long Luid;
   public int Attr;
  }  
  internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
  internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
  internal const int TOKEN_QUERY = 0x00000008;
  internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
  public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
  {
   bool retVal;
   TokPriv1Luid tp;
   IntPtr hproc = new IntPtr(processHandle);
   IntPtr htok = IntPtr.Zero;
   retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
   tp.Count = 1;
   tp.Luid = 0;
   if(disable)
   {
    tp.Attr = SE_PRIVILEGE_DISABLED;
   }
   else
   {
    tp.Attr = SE_PRIVILEGE_ENABLED;
   }
   retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
   retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
   return retVal;
  }
 }
'@
 $processHandle = (Get-Process -id $ProcessId).Handle
 $type = Add-Type $definition -PassThru
 $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
}
enable-privilege SeTakeOwnershipPrivilege 
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\powertoe",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
\# You must get a blank acl for the key b/c you do not currently have access
$acl = $key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None)
$me = [System.Security.Principal.NTAccount]"t-alien\tome"
$acl.SetOwner($me)
$key.SetAccessControl($acl)
\# After you have set owner you need to get the acl with the perms so you can modify it.
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("T-Alien\Tome","FullControl","Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
$key.Close()