diff --git a/scripts/Windows/OS/User/Add.ps1 b/scripts/Windows/OS/User/Add.ps1 index 3ce66497..34a4b8b1 100644 --- a/scripts/Windows/OS/User/Add.ps1 +++ b/scripts/Windows/OS/User/Add.ps1 @@ -57,7 +57,7 @@ function New-PersonalUser([Context] $context) Enable-PersonalUserAutologon $context; $context.RegisterReboot(); $context.SetStage("RemoveAdmin"); - Write-EventLog -LogName Application -Source "Application" -EventId $context.Get($uacDisablerTriggerProperty) -Message "This event was created by $env:Username"; + Start-EventDrivenTask $context.Get($uacDisablerTriggerProperty); exit; } elseif ($context.GetStage() -eq "RemoveAdmin") @@ -83,11 +83,11 @@ function Enable-UACNextLogin([Context] $context) { [System.Tuple]::Create( $autoLoginTrigger, $autoLoginName, - "{ $((Get-AutoLoginScript)) }.Invoke('$contextScript', '$preparedUsernameProperty', '$preparedPasswordProperty')") + "{ $((Get-AutoLoginScript)) }.Invoke($autoLoginTrigger, '$contextScript', '$preparedUsernameProperty', '$preparedPasswordProperty')") [System.Tuple]::Create( $uacDisablerTrigger, $uacDisablerName, - "{ $((Get-UACDisablerScript)) }.Invoke('$contextScript', '$autoLoginName', '$uacDisablerName', '$autoLoginTriggerProperty', '$uacDisablerTriggerProperty')")); + "{ $((Get-UACDisablerScript)) }.Invoke($uacDisablerTrigger, '$contextScript', '$autoLoginName', '$uacDisablerName', '$autoLoginTriggerProperty', '$uacDisablerTriggerProperty')")); foreach ($options in $optionCollection) { $action = New-ScheduledTaskAction -Execute "pwsh.exe" -Argument ( @@ -127,5 +127,16 @@ function Enable-PersonalUserAutologon([Context] $context) $context.Set($preparedUsernameProperty, $context.UserName, "ExpandString"); $context.Set($preparedPasswordProperty, $password, "ExpandString"); - Write-EventLog -LogName Application -Source "Application" -EventId $context.Get($autoLoginTriggerProperty) -Message "This event was created by $env:Username"; + Start-EventDrivenTask $context.Get($autoLoginTriggerProperty); +} + +function Start-EventDrivenTask() { + param( + [int]$EventID + ); + + $identifier = "EventLog$_"; + Write-EventLog -LogName Application -Source "Application" -EventId $EventID -Message "This event was created by $env:Username"; + Register-WmiEvent -Query "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' AND EventIdentifier=$EventID" -SourceIdentifier "$identifier"; + Wait-Event -SourceIdentifier $identifier; } diff --git a/scripts/Windows/OS/User/AutoLogin.ps1 b/scripts/Windows/OS/User/AutoLogin.ps1 index d98d061c..e16cbebb 100644 --- a/scripts/Windows/OS/User/AutoLogin.ps1 +++ b/scripts/Windows/OS/User/AutoLogin.ps1 @@ -4,6 +4,7 @@ function Get-AutoLoginScript() { return { param( + [int]$EventID, [string]$ContextScriptPath, [string]$PreparedUsernameProperty, [string]$PreparedSecretProperty @@ -14,5 +15,6 @@ function Get-AutoLoginScript() { $userName = $context.Get($PreparedUsernameProperty); $password = $context.Get($PreparedSecretProperty); $context.SetAutologin($userName, $password); + Write-EventLog -LogName Application -Source "Application" -EventId $EventID -Message "This event was created by $env:Username"; }; } diff --git a/scripts/Windows/OS/User/UACDisabler.ps1 b/scripts/Windows/OS/User/UACDisabler.ps1 index 8ad78ba9..373a3b93 100644 --- a/scripts/Windows/OS/User/UACDisabler.ps1 +++ b/scripts/Windows/OS/User/UACDisabler.ps1 @@ -4,6 +4,7 @@ function Get-UACDisablerScript() { return { param ( + [int]$EventID, [string]$ContextScriptPath, [string]$AutoLoginTaskName, [string]$UACDisablerTaskName, @@ -19,6 +20,7 @@ function Get-UACDisablerScript() { $context.Remove($AutoLoginTriggerProperty); $context.Remove($UACDisablerTriggerProperty); $context.DeregisterNewUserReboot(); + Write-EventLog -LogName Application -Source "Application" -EventId $EventID -Message "This event was created by $env:Username"; Restart-Computer -Force; }; }