PortValhalla/scripts/Windows/OS/User/Add.ps1

#!/bin/pwsh
$contextScript = "$PSScriptRoot/../../Scripts/Context.ps1";
. "$PSScriptRoot/AutoLogin.ps1";
. "$PSScriptRoot/UACDisabler.ps1";
. "$contextScript";
$preparedUsernameProperty = "AutoLoginUser";
$preparedPasswordProperty = "AutoLoginPassword";
$autoLoginTriggerProperty = "AutoLoginTrigger";
$uacDisablerTriggerProperty = "UACDisablerTrigger";

function New-PersonalUser([Context] $context)
{
    if (-not (Get-LocalUser $context.UserName -ErrorAction SilentlyContinue))
    {
        Write-Host "Creating Personal User";

        while ($true) {
            Write-Host (
                [string]::Join(
                    "`n",
                    "So... Windows is too dumb to create users which are bound to a Microsoft Account.",
                    "Thus, you have to do it by yourself.",
                    "So sorry..."));

            $users = Get-LocalUser | ForEach-Object { $_.Name };
            Write-Host "Following users exist already:"
            Write-Host $users;
            Read-Host "Please hit enter once you're done...";

            $user = Get-LocalUser | Where-Object { -not ($users -contains $_.Name) } | Select-Object -Last 1;

            if ($user) {
                Write-Information "Found New User:";
                Write-Information $user;
                break;
            }
        }

        Write-Information "Renaming the new User to $($context.UserName)";
        Rename-LocalUser $user $context.UserName;
        Add-LocalGroupMember -Group "Administrators" -Member $user && Set-LocalUser $context.AdminName -Password (ConvertTo-SecureString -AsPlainText "Admin") && Disable-LocalUser $context.AdminName;

        Write-Host "Registering setup script for all new users";
        $context.RegisterNewUserReboot();

        Write-Information "Enabling UAC for the next login (Microsoft Account login won't work otherwise, lol)";
        Enable-UACNextLogin $context;

        Write-Information "Disabling Auto login";
        $context.RemoveAutologin();
        $context.SetStage("DisableUAC");
        Restart-Computer -Force;
        exit;
    }
    elseif ($context.GetStage() -eq "DisableUAC")
    {
        Enable-PersonalUserAutologon $context;
        $context.RegisterReboot();
        $context.SetStage("RemoveAdmin");
        Start-EventDrivenTask $context.Get($uacDisablerTriggerProperty);
        exit;
    }
    elseif ($context.GetStage() -eq "RemoveAdmin")
    {
        Write-Information "Removing Admin Account";
        Get-CimInstance -ClassName "Win32_UserProfile" -Filter "SID = '$((Get-LocalUser $context.AdminName).SID)'" | Remove-CimInstance;
        $context.RemoveStage();
    }
}

function Enable-UACNextLogin([Context] $context) {
    $context.SetUACState($true);
    $tempTask = "PortValhalla Temp";
    $autoLoginName = "PortValhalla AutoLogin Setup";
    $uacDisablerName = "PortValhalla UAC Disabler";
    $autoLoginTrigger = Get-Random -Maximum 65535;
    $uacDisablerTrigger = Get-Random -Maximum 65535;

    $context.Set($autoLoginTriggerProperty, $autoLoginTrigger, "DWord");
    $context.Set($uacDisablerTriggerProperty, $uacDisablerTrigger, "DWord");

    $optionCollection = [System.Tuple[int, string, string][]]@(
        [System.Tuple]::Create(
            $autoLoginTrigger,
            $autoLoginName,
            "{ $((Get-AutoLoginScript)) }.Invoke($autoLoginTrigger, '$contextScript', '$preparedUsernameProperty', '$preparedPasswordProperty')")
        [System.Tuple]::Create(
            $uacDisablerTrigger,
            $uacDisablerName,
            "{ $((Get-UACDisablerScript)) }.Invoke($uacDisablerTrigger, '$contextScript', '$autoLoginName', '$uacDisablerName', '$autoLoginTriggerProperty', '$uacDisablerTriggerProperty')"));

    foreach ($options in $optionCollection) {
        $action = New-ScheduledTaskAction -Execute "pwsh.exe" -Argument (
            [string]::Join(
                " ",
                (
                    @("-c") +
                    ($options.Item3 | ForEach-Object { $_.TrimEnd(";") + ";" }))));

        schtasks /Create /SC ONEVENT /EC Application /MO "*[System[Provider[@Name='Application'] and EventID=$($options.Item1)]]" /TR cmd.exe /TN "$tempTask";
        $trigger = (Get-ScheduledTask $tempTask).Triggers;
        $principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest;
        $task = New-ScheduledTask -Action $action -Principal $principal -Trigger $trigger;
        $null = Register-ScheduledTask $options.Item2 -InputObject $task;
        $null = Unregister-ScheduledTask -Confirm:$false $tempTask;
    }
}

function Enable-PersonalUserAutologon([Context] $context)
{
    Add-Type -assemblyname System.DirectoryServices.AccountManagement;
    Write-Information "Re-Enabling Autologin for Current User";
    $principalContext = [System.DirectoryServices.AccountManagement.PrincipalContext]::new("Machine");

    while ($true)
    {
        $password = Read-Host "Please enter the password of your Microsoft Account" -MaskInput;

        if ($principalContext.ValidateCredentials($context.UserName, $password))
        {
            break;
        }
        else {
            Write-Error "The specified password is incorrect!";
        }
    }

    $context.Set($preparedUsernameProperty, $context.UserName, "ExpandString");
    $context.Set($preparedPasswordProperty, $password, "ExpandString");
    Start-EventDrivenTask $context.Get($autoLoginTriggerProperty);
}

function Start-EventDrivenTask() {
    param(
        [int]$EventID
    );

    powershell -c {
        param (
            [int]$EventID
        )
        $identifier = "EventLog$EventID";
        Write-EventLog -LogName Application -Source "Application" -EventId $EventID -Message "This event was created by $env:Username";
        Register-WmiEvent -Query "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' AND EventIdentifier=$EventID" -SourceIdentifier "$identifier";
        Wait-Event -SourceIdentifier $identifier;
    } -args $EventID
}