PowerShell: How to Replace a System File – For Experimentation Purposes

# When attempting to rename a system protected file such as notepad.exe
$notepadExe='C:\Windows\system32\notepad.exe'
$newNotePadExe='C:\Users\rambo\Desktop\notepad.exe'
rename-item $notepadExe "$notepadExe.bak" -force

# Error message
rename-item : Access to the path is denied.
At line:1 char:1
+ rename-item $notepadExe "$notepadExe.bak"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Windows\system32\notepad.exe:String) [Rename-Item], UnauthorizedAccessException
    + FullyQualifiedErrorId : RenameItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.RenameItemCommand

# Grant local admins full access to the system file
$notepadExe='C:\Windows\system32\notepad.exe'  
$fullAdminPermissions = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","Full","Allow")
$acl = Get-ACL $notepadExe
$acl.AddAccessRule($fullAdminPermissions)
Set-Acl $notepadExe $acl

# Rename the old notepad.exe and then copy the new one into its stead
rename-item $notepadExe "$notepadExe.bak" -force
copy-item $newNotePadExe 'C:\Windows\system32\notepad.exe'


# Result: when trying to open the new notepad.exe, this error occurred
---------------------------
notepad.exe - System Error
---------------------------
The program can't start because api-ms-win-shcore-path-l1-1-0.dll is missing from your computer. Try reinstalling the program to fix this problem. 
---------------------------
OK   
---------------------------

Leave a Reply

Your email address will not be published. Required fields are marked *