From 24466aef7af090e78000d963b5141095cb347909 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Fri, 30 Jun 2023 04:29:59 +0200 Subject: [PATCH] Remove admin account in a separate stage --- scripts/Windows/OS/User.ps1 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/Windows/OS/User.ps1 b/scripts/Windows/OS/User.ps1 index 85954013..ff8c5458 100644 --- a/scripts/Windows/OS/User.ps1 +++ b/scripts/Windows/OS/User.ps1 @@ -51,13 +51,16 @@ function New-PersonalUser([Context] $context) elseif ($context.GetStage() -eq "DisableUAC") { Enable-PersonalUserAutologon $context; - Write-Information "Removing Admin Account"; - Get-CimInstance -ClassName "Win32_UserProfile" -Filter "SID = '$((Get-LocalUser $context.AdminName).SID)'" | Remove-CimInstance; $context.RegisterReboot(); - $context.RemoveStage(); + $context.SetStage("RemoveAdmin"); Write-EventLog -LogName Application -Source "Application" -EventId $context.Get($uacDisablerTriggerProperty) -Message "This event was created by $env:Username"; exit; } + elseif ($context.GetStage() -eq "RemoveAdmin") + { + Write-Information "Removing Admin Account"; + Get-CimInstance -ClassName "Win32_UserProfile" -Filter "SID = '$((Get-LocalUser $context.AdminName).SID)'" | Remove-CimInstance; + } } function Get-SystemPolicyKey() {