From a8534f6872256e0dbb03613da1fc09eb359b6b2b Mon Sep 17 00:00:00 2001
From: Manuel Thalmann <m@nuth.ch>
Date: Tue, 8 Aug 2023 22:08:16 +0200
Subject: [PATCH] Customize NVS installation script

---
 scripts/Windows/Collections/Personal.ps1 |  8 +-------
 scripts/Windows/Software/NVS/Install.ps1 | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 scripts/Windows/Software/NVS/Install.ps1

diff --git a/scripts/Windows/Collections/Personal.ps1 b/scripts/Windows/Collections/Personal.ps1
index af5f0761..b0f60073 100644
--- a/scripts/Windows/Collections/Personal.ps1
+++ b/scripts/Windows/Collections/Personal.ps1
@@ -157,13 +157,7 @@ function Restore-PersonalApps([Context] $context) {
         python `
         visualstudio2019-workload-vctools;
 
-    $env:NVS_HOME="$env:ProgramData\nvs";
-    git clone "https://github.com/jasongin/nvs.git" "$env:NVS_HOME";
-    & "$env:NVS_HOME\nvs.cmd" install;
-
-    refreshenv;
-    nvs add latest;
-    nvs link latest;
+    . "$PSScriptRoot/../Software/NVS/Install.ps1";
 
     # Terminal
     @($PROFILE, (powershell -c '$PROFILE')) | ForEach-Object {
diff --git a/scripts/Windows/Software/NVS/Install.ps1 b/scripts/Windows/Software/NVS/Install.ps1
new file mode 100644
index 00000000..6b8e86c1
--- /dev/null
+++ b/scripts/Windows/Software/NVS/Install.ps1
@@ -0,0 +1,20 @@
+#!/bin/pwsh
+$env:NVS_HOME="$env:ProgramData\nvs";
+git clone "https://github.com/jasongin/nvs.git" "$env:NVS_HOME";
+& "$env:NVS_HOME\nvs.cmd" install;
+
+$acl = Get-Acl "$env:NVS_HOME";
+
+$acl.AddAccessRule(
+    [System.Security.AccessControl.FileSystemAccessRule]::new(
+        [System.Security.Principal.SecurityIdentifier]::new([System.Security.Principal.WellKnownSidType]::BuiltinUsersSid, $null),
+        [System.Security.AccessControl.RegistryRights]::FullControl,
+        [System.Security.AccessControl.InheritanceFlags]::ObjectInherit -bor [System.Security.AccessControl.InheritanceFlags]::ContainerInherit,
+        [System.Security.AccessControl.PropagationFlags]::InheritOnly,
+        [System.Security.AccessControl.AccessControlType]::Allow));
+
+Set-Acl "$env:NVS_HOME" $acl;
+
+refreshenv;
+nvs add latest;
+nvs link latest;