ftype-audit-safe

πŸ“˜ FtypeAudit Documentation

Secure File Association Management for Windows
Version 1.0.0 | MIT License | GitHub Repository

Overview

FtypeAudit is a PowerShell-based toolkit for:

πŸ›  Installation

Method 1: Script Deployment

# Download and run directly
irm https://ftypeaudit.example.com/latest.ps1 | iex

Method 2: Module Installation

# Install from PowerShell Gallery
Install-Module -Name FtypeAudit -Scope CurrentUser

# Manual module placement
Copy-Item -Path .\FtypeAudit -Destination $env:PSModulePath -Recurse

Requirements:

πŸ”₯ Core Features

Feature Description Safety Level
Elevation Guard Warns when running unprivileged ⚠️ Advisory
Dry-Run Mode Preview changes without execution πŸ›‘οΈ Protected
Registry Backup Automatic .REG file snapshots πŸ”„ Reversible
Signature Validation Verify script integrity via PGP πŸ” Trusted
MRU Forensics Detect historical handler drift πŸ” Investigative

πŸ–₯ Basic Usage

1. Analyze Associations

# Single extension analysis
Get-FileAssociation -Extension .pdf -Verbose

# Full system scan
Invoke-FullAssociationAudit -OutputFormat JSON

2. Cleanup Workflow

# Safe removal of invalid entries
Clear-AssociationArtifacts -Extension .docx -BackupPath ~/backups

# Force repair with confirmation
Repair-FileHandlers -Extension .ps1 -Force -Confirm:$false

3. System Integration

# Export settings for compliance
Export-AssociationPolicy -Path .\policy.json

# Import organizational standards
Import-AssociationPolicy -Path .\enterprise_rules.json

πŸ“‹ Command Reference

Primary Commands

Command Parameters Output
Get-FileAssociation -Extension, -Depth Object
Clear-AssociationArtifacts -Backup, -Force Log
Compare-AssociationProfiles -Source, -Target Diff

Common Options

Flag Purpose
-WhatIf Simulation mode
-Historical Show 30-day changes
-DigitalSignature Verify code signature

🚨 Security

Critical Considerations

  1. Registry Edits: Always validate backups 
    New-RegistryCheckpoint -Name "PreAudit"
  2. Signature Verification 
    Get-AuthenticodeSignature .\FtypeAudit.ps1 | Verify-Signature
  3. Least Privilege
    Run user-level audits first: 
    Invoke-UserScopeAnalysis -CurrentUser
graph LR A[Start Audit] --> B{Admin Needed?} B -->|No| C[User-Level Scan] B -->|Yes| D[Elevated Session] C --> E[Review Findings] D --> E E --> F{Changes Required?} F -->|Yes| G[Backup β†’ Dry-Run β†’ Apply] F -->|No| H[Generate Report]

🧩 Advanced Scenarios

1. Pipeline Integration

# Bulk handler repair
Get-ChildItem *.log | ForEach-Object {
    Get-FileAssociation $_.Extension |
    Repair-FileHandlers -Policy Strict
}

2. Enterprise Automation

# Scheduled audit task
Register-ScheduledJob -Name "DailyFtypeCheck" -ScriptBlock {
    Import-Module FtypeAudit
    Invoke-FullAssociationAudit |
    Export-Clixml "\\server\audits\$(Get-Date -Format yyyyMMdd).xml"
} -Trigger (New-JobTrigger -Daily -At 2AM)

3. Forensic Analysis

# Compare user vs system defaults
$user = Get-FileAssociation .pdf -Scope CurrentUser
$system = Get-FileAssociation .pdf -Scope AllUsers
Compare-AssociationProfiles -Reference $user -Difference $system

πŸš‘ Troubleshooting

Common Issues

Symptom Solution
Access Denied Run as Admin β†’ Start-Process powershell -Verb RunAs
Missing Handlers Restore-DefaultHandlers -Extension .xlsx
Ghost Entries Clear-AssociationArtifacts -Force -Backup

Diagnostic Commands

# Registry health check
Test-AssociationStore -Scope AllUsers

# Handler resolution test
Resolve-FileHandler -Path example.rtf -Simulate

❓ FAQ

Q: How to handle UWP app associations?
A: Use Get-AppxHandlers for modern apps:

Get-AppxHandlers -Package *Microsoft.Paint*

Q: Why can’t I modify certain associations?
A: Some system-protected types require Group Policy overrides.

Q: Cross-user association management?
A: Use -Scope parameter:

Get-FileAssociation .mp3 -Scope AllUsers

πŸ“œ License

MIT License
Copyright (c) 2024 William Stetar

Permission is hereby granted... (standard MIT terms)

For full license text, see LICENSE.md

Need Help?
Open an Issue |

This site is open source. Improve this page.