dChan
Anonymous ID: b1aff9 Feb. 11, 2023, 10:26 a.m. No.18326235   🗄️.is 🔗kun   >>6237 >>6251

>>18325790

 

You always had the power Dorothy:

 

Once again: RemoveRestrictions.bat from Mike Lindell Sympossium proves widespread election fraud. Essentially what the script does is switches a voting machine local security to point to a temporary database so nefarious activities can be logged there and leave no trace. Then after the machine reboots, it utilizes the normal database that is on the local hard drive.

 

Echo off means no output to console

Echo on means output to console, used for debugging

 

Line by Line

 

1 Shut off output to console window and set a local variable enableextensions to true

 

2 types Removing Security Restrictions out to console, when Echo is on

 

  1. sets the configuration for the database, db, to a temp database and silently overwrites the initiatization file. This is the database that the windows local security authority logs all information, metrics, and changes to the system. It is the machines system of records.

 

  1. Overwrites the GroupPolicy for the windows/system32 giving it new authority rules and policies.

 

  1. Modifies the windows registry to force it to accept the new security providers

 

  1. if errorlevel os negative or 0 pause

 

  1. types Critical restrictions disabled when Echo is on, set on line 1, and types Registry value that indicates the current hardening state

 

  1. Modifies Dominion SQL database registry key Hardened variable and forces a Dehardened-WS2016 string to be set.

 

  1. Sets the local machines SQL server socket network library to disable encryption

 

10 stop the SQL database

11 start the SQL database without encryption

12 starts the SQLServerAgent

 

Because this is a script, it takes a long time to write and test to get correct. This is only done when one wants to repeat the same tasks on many many machines instead of doing commands by interacting with the mouse and keyboard. Because it tampers with a machines local security on a voting machine it is a crime. In addition, to run a web server on a voting machine is remote access; which is also illegal.

Anonymous ID: b1aff9 Feb. 11, 2023, 10:27 a.m. No.18326237   🗄️.is 🔗kun

>>18326235

 

Let me reiterate:

 

Here is the gist of what this script, RemoveRestrictions.bat, is doing.

WS2016 in these file name is Windows Server 2016

 

First line shut off console window output @ECHO OFF and sets a local variable "enableextensions"

 

Second line outputs "Removing Security Restrictions" to the console.

 

Third line, secedit, allows you to configure a system with security settings stored in a database.

 

/db Required. Specifies the path and file name of the database containing the stored configuration. If the file name specifies a database that hasn't had a security template (as represented by the configuration file) associated with it, the /cfg <configuration file nameoption must also be specified.

 

This uses a temporary file in "Windows\temp\temp.sdb"

 

/cfg Specifies the path and file name for the security template that will be imported into the database for analysis. This option is only valid when used with the /db <database file nameparameter. If this parameter isn't also specified, the analysis is performed against any configuration already stored in the database.

 

This file is reading a config file named by line 1 variable combined with -dp0WS2016.inf = "enableextensions-dp0WS2016.inf"

So the database is loaded with the file configuration, overwrites anything in "Windows\temp\temp.sdb", and quite stops output or any user notifications, most likely other MS tools from seeing.

 

 

Fourth line xcopy is a full copies files and directories, including subdirectories, including hidden files.

Xcopy <Source[<Destination>] So they are copying all files from "enableextensions-dp0GPO*.*" to "Windows\System32\GroupPolicy"

the /s is for subdirectories unless empty and /y suppresses prompting to confirm that you want to overwrite an existing destination file.

 

The 5th line adds keys to the systems registry that weren't there for the localuser. Trust Providers are for browsers to accept a digital certificate.

State = 0x00023e00 - Check for publisher's certificate Revocation Unchecked

State = 0x00023c00 - Check for publisher's certificate Revocation Checked

The <trustedProviderselement of the <management> element configures the management providers that are trusted by IIS Manager and the Management Service (WMSVC).

https://docs.microsoft.com/en-us/troubleshoot/windows-server/deployment/error-when-you-validate-copy-windows

The /f Adds the registry entry without prompting for confirmation.

The /v <Valuename Specifies the name of the add registry entry. In this case the "State" value

The return values for the reg add operation are:

 

REMARKS

Value Description

0 Success

1 Failure

 

/t <TypeSpecifies the type for the registry entry. Type must be one of the following:

REG_SZ

REG_MULTI_SZ

REG_DWORD_BIG_ENDIAN

REG_DWORD

REG_BINARY

REG_DWORD_LITTLE_ENDIAN

REG_LINK

REG_FULL_RESOURCE_DESCRIPTOR

REG_EXPAND_SZ

 

So REG_DWORD is just a 32 bit number.

REG_SZ Is a null-terminated string. This will be either a Unicode or an ANSI string, depending on whether you use the Unicode or ANSI functions.

/d <DataSpecifies the data for the new registry entry. In this case 0x00023c00

In order to change ‘State’ value from ‘0x00023c00’ to the magic value ‘0x00023e00’, we need to add flag WTPF_IGNOREREVOKATION. This flag will set policy for trust provider to ignore revocation check.

 

So they are telling MS that it is Successful return from the operation and storing it in the State Variable.

 

So in essence they are subverting MS security to trust their code by adding and configuring a registry key.

 

The 6th line checks for errors or pauses

 

The 7th line prints to the console "Critical restrictions disabled"

 

The 8th line prints to the console "Setting Registry value that indicates the current hardening state" to look legit.

 

The 9th line adds a registry key for the current local machine not user part of the registry, so that this machine can without user prompting or echoing out

add a key for HKEY_LOCAL_MACHINE\SOFTWARE\Dominion Voting System\EMS\Settings" and setting the variable "Hardened" to a null terminated string

called "DeHardened-WS2016"

 

Line ten outputs "–SQL Server Dehardening" at the console script window.

 

They stop all SQL Server Database and all dependent services that it relies on then restarts it to read the new security of Windows Server 2016, in essence they are creating their own trusted version by adding and editing Reigstry keys, so the console, management console snap-ins, use a temporary database that is configured from their own .inf config file to thwart security inclusive of the SQL Server database.