#!/bin/pwsh $contextScript = "$PSScriptRoot/../../Scripts/Context.ps1"; . "$contextScript"; $preparedUsernameProperty = "AutoLoginUser"; $preparedPasswordProperty = "AutoLoginPassword"; $autoLoginTriggerProperty = "AutoLoginTrigger"; $uacDisablerTriggerProperty = "UACDisablerTrigger"; function New-PersonalUser([Context] $context, [string] $userName) { $userStageProperty = "UserStage"; $creationStage = "Create"; $postProcessStage = "ReEnableFeatures"; $adminRemovalStage = "RemoveAdmin"; $null = New-Module { Get-UserStage { return $context.Get($userStageProperty); } Set-UserStage { param([string]$value); $context.Set($userStageProperty, $value); } } switch (Get-UserStage) { { (-not $_) -or ($_ -eq $creationStage) } { Set-UserStage $creationStage; if (-not (Get-LocalUser $userName -ErrorAction SilentlyContinue)) { Write-Host "Creating Personal User ``$userName``"; Get-LocalUser | Where-Object { $_.Name -in $context.UserNames } | Disable-LocalUser; while ($true) { Write-Host ( [string]::Join( "`n", "So... Windows is too dumb to create users which are bound to a Microsoft Account.", "Thus, you have to do it by yourself.", "So sorry...")); $users = Get-LocalUser | ForEach-Object { $_.Name }; Write-Host "Following users exist already:" Write-Host $users; Read-Host "Please hit enter once you're done..."; $user = Get-LocalUser | Where-Object { -not ($users -contains $_.Name) } | Select-Object -Last 1; if ($user) { Write-Information "Found New User:"; Write-Information $user; break; } } Write-Information "Renaming the new User to $userName"; Rename-LocalUser $user $userName; Add-LocalGroupMember -Group "Administrators" -Member $user && Set-LocalUser $context.AdminName -Password (ConvertTo-SecureString -AsPlainText "Admin") && Disable-LocalUser $context.AdminName; Write-Information "Disabling Auto login"; $context.RemoveAutologin(); Write-Host "Registering setup script for all new users"; $context.RegisterNewUserReboot(); Register-UserPostprocessingTasks $context; Set-UserStage $postProcessStage; Restart-Computer -Force; exit; } } $postProcessStage { Enable-PersonalUserAutologon $context $userName; $context.RegisterReboot(); Set-UserStage $adminRemovalStage; Start-EventDrivenTask $context.Get($uacDisablerTriggerProperty); exit; } $adminRemovalStage { Write-Information "Removing Admin Account"; Get-CimInstance -ClassName "Win32_UserProfile" -Filter "SID = '$((Get-LocalUser $context.AdminName).SID)'" | Remove-CimInstance; $context.Remove($userStageProperty); break; } } } function Register-UserPostprocessingTasks([Context] $context) { Write-Information "Enabling UAC for the next login (Microsoft Account login won't work otherwise, lol)"; $context.SetUACState($true); $tempTask = "PortValhalla Temp"; $autoLoginName = "PortValhalla AutoLogin Setup"; $uacDisablerName = "PortValhalla UAC Disabler"; $autoLoginTrigger = Get-Random -Maximum 0xFFFF; $uacDisablerTrigger = Get-Random -Maximum 0xFFFF; $context.Set($autoLoginTriggerProperty, $autoLoginTrigger, "DWord"); $context.Set($uacDisablerTriggerProperty, $uacDisablerTrigger, "DWord"); Write-Information "Registering tasks for re-enabling autologon and re-enabling UAC on next login"; $optionCollection = [System.Tuple[int, string, string[]][]]@( [System.Tuple]::Create( $autoLoginTrigger, $autoLoginName, @( ". `"$PSScriptRoot/AutoLogin.ps1`"", " $autoLoginTrigger", " '$preparedUsernameProperty'", " '$preparedPasswordProperty'")), [System.Tuple]::Create( $uacDisablerTrigger, $uacDisablerName, @( ". `"$PSScriptRoot/UACDisabler.ps1`"", " $uacDisablerTrigger", " '$autoLoginName'", " '$uacDisablerName'", " '$autoLoginTriggerProperty'", " '$uacDisablerTriggerProperty'"))); foreach ($options in $optionCollection) { $action = New-ScheduledTaskAction -Execute "pwsh.exe" -Argument ((@("-c") + $options.Item3) -join " "); schtasks /Create /SC ONEVENT /EC Application /MO "*[System[Provider[@Name='Application'] and EventID=$($options.Item1)]]" /TR cmd.exe /TN "$tempTask"; $trigger = (Get-ScheduledTask $tempTask).Triggers; $principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest; $task = New-ScheduledTask -Action $action -Principal $principal -Trigger $trigger; $null = Register-ScheduledTask $options.Item2 -InputObject $task; $null = Unregister-ScheduledTask -Confirm:$false $tempTask; } } function Enable-PersonalUserAutologon([Context] $context, [string] $userName) { Add-Type -assemblyname System.DirectoryServices.AccountManagement; Write-Information "Re-Enabling Autologin for Current User"; $principalContext = [System.DirectoryServices.AccountManagement.PrincipalContext]::new("Machine"); while ($true) { $password = Read-Host "Please enter the password of your Microsoft Account" -MaskInput; if ($principalContext.ValidateCredentials($userName, $password)) { break; } else { Write-Error "The specified password is incorrect!"; } } $context.Set($preparedUsernameProperty, $userName); $context.Set($preparedPasswordProperty, $password); Start-EventDrivenTask $context.Get($autoLoginTriggerProperty); } function Start-EventDrivenTask() { param( [int]$EventID ); powershell -c { param ( [int]$EventID ) $identifier = "EventLog$EventID"; $applicationLog = Get-EventLog -List | Where-Object { $_.Log -eq "Application" }; Register-ObjectEvent -InputObject $applicationLog -EventName EntryWritten -Action { $entry = $event.SourceEventArgs.Entry; if ($entry.EventID -eq $EventID) { New-Event -SourceIdentifier $identifier; } }; $job = Start-Job { Wait-Event -SourceIdentifier $identifier; Wait-Event -SourceIdentifier $identifier; }; Write-EventLog -LogName Application -Source "Application" -EventId $EventID -Message "This event was created by $env:Username"; Wait-Job $job; } -args $EventID }