135 lines
4.8 KiB
PowerShell
135 lines
4.8 KiB
PowerShell
. "$PSScriptRoot/../Scripts/Context.ps1";
|
|
$uacDisablerName = "PortValhalla UAC Disabler";
|
|
$taskTrigger = 1337;
|
|
|
|
function New-PersonalUser([Context] $context)
|
|
{
|
|
if (-not (Get-LocalUser $context.UserName))
|
|
{
|
|
Write-Host "Creating Personal User";
|
|
|
|
while ($true) {
|
|
Write-Host (
|
|
[string]::Join(
|
|
"`n",
|
|
"So... Windows is too dumb to create users which are bound to a Microsoft Account.",
|
|
"Thus, you have to do it by yourself.",
|
|
"So sorry..."));
|
|
|
|
$users = Get-LocalUser | ForEach-Object { $_.Name };
|
|
Write-Host "Following users exist already:"
|
|
Write-Host $users;
|
|
Read-Host "Please hit enter once you're done...";
|
|
|
|
$user = Get-LocalUser | Where-Object { -not ($users -contains $_.Name) } | Select-Object -Last 1;
|
|
|
|
if ($user) {
|
|
Write-Information "Found New User:";
|
|
Write-Information $user;
|
|
break;
|
|
}
|
|
}
|
|
|
|
Write-Information "Renaming the new User to $($context.UserName)";
|
|
Rename-LocalUser $user $context.UserName;
|
|
Add-LocalGroupMember -Group "Administrators" -Member $user && Set-LocalUser $context.AdminName -Password (ConvertTo-SecureString -AsPlainText "Admin") && Disable-LocalUser $context.AdminName;
|
|
|
|
Write-Information "Enabling UAC for the next login (Microsoft Account login won't work otherwise, lol)";
|
|
Enable-UACNextLogin $context;
|
|
|
|
Write-Information "Disabling Auto login";
|
|
$context.RemoveAutologin();
|
|
Restart-Computer;
|
|
exit;
|
|
}
|
|
elseif ((Get-UACState))
|
|
{
|
|
Write-EventLog -LogName Application -Source "Application" -EventId $taskTrigger -Message "This event was created by $env:Username";
|
|
|
|
for ($i = 0; $i -lt $120; $i++)
|
|
{
|
|
if ((Get-UACState))
|
|
{
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ((Get-UACState))
|
|
{
|
|
Write-Error "UAC Could not be disabled!";
|
|
Read-Host "Press enter to continue anyway";
|
|
}
|
|
|
|
Enable-CurrentUserAutologon $context;
|
|
|
|
Write-Information "Removing Admin Account";
|
|
Get-CimInstance -ClassName "Win32_UserProfile" -Filter "SID = $((Get-LocalUser $context.AdminName).SID)" | Remove-CimInstance;
|
|
|
|
Write-Host "Rebooting";
|
|
$context.Reboot();
|
|
}
|
|
}
|
|
|
|
function Get-SystemPolicyKey() {
|
|
[OutputType([Microsoft.Win32.RegistryKey])]
|
|
param()
|
|
$keyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System";
|
|
return Get-Item "$keyPath";
|
|
}
|
|
|
|
function Get-UACState() {
|
|
return Get-ItemPropertyValue -Path (Get-SystemPolicyKey).PSPath -Name "EnableLUA";
|
|
}
|
|
|
|
function Set-UACState([bool] $value) {
|
|
$null = Set-ItemProperty -Path (Get-SystemPolicyKey).PSPath -Name "EnableLUA" -Value [int]$value;
|
|
}
|
|
|
|
function Enable-UACNextLogin([Context] $context) {
|
|
Set-UACState $true;
|
|
$tempTask = "PortValhalla Temp";
|
|
$key = Get-SystemPolicyKey;
|
|
|
|
$action = New-ScheduledTaskAction -Execute "pwsh.exe" -Argument (
|
|
[string]::Join(
|
|
" ",
|
|
@(
|
|
"-c",
|
|
"Set-ItemProperty '$($key.PSPath)' -Name 'EnableLUA' -Value 0 -Type DWord;",
|
|
"Unregister-ScheduledTask -Confirm:`$false '$uacDisablerName';",
|
|
". '$PSScriptRoot/../Scripts/Context.ps1';",
|
|
"`$context = [Context]::new();",
|
|
"`$context.EntryPoint = '$($context.EntryPoint)';",
|
|
"`$context.RegisterReboot((Get-Item 'Registry::HKEY_USERS\$((Get-LocalUser $context.UserName).SID)'));",
|
|
"Restart-Computer -Force;")));
|
|
|
|
schtasks /Create /SC ONEVENT /EC Application /MO "*[System[Provider[@Name='Application'] and EventID=$taskTrigger]]" /TR cmd.exe /TN "$tempTask";
|
|
$trigger = (Get-ScheduledTask $tempTask).Triggers;
|
|
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest;
|
|
$task = New-ScheduledTask -Action $action -Principal $principal -Trigger $trigger;
|
|
$null = Register-ScheduledTask $uacDisablerName -InputObject $task;
|
|
$null = Unregister-ScheduledTask -Confirm:$false $tempTask;
|
|
}
|
|
|
|
function Enable-CurrentUserAutologon([Context] $context)
|
|
{
|
|
Add-Type -assemblyname System.DirectoryServices.AccountManagement;
|
|
Write-Information "Re-Enabling Autologin for Current User";
|
|
$principalContext = [System.DirectoryServices.AccountManagement.PrincipalContext]::new("Machine");
|
|
|
|
while ($true)
|
|
{
|
|
$password = Read-Host "Please enter the password of your user" -MaskInput;
|
|
|
|
if ($principalContext.ValidateCredentials($context.UserName, $password))
|
|
{
|
|
break;
|
|
}
|
|
else {
|
|
Write-Error "The specified password is incorrect!";
|
|
}
|
|
}
|
|
|
|
$context.SetAutologin($context.UserName, $password);
|
|
}
|