mirror of
https://github.com/zoicware/RemoveWindowsAI.git
synced 2026-03-19 17:16:19 +01:00
414 lines
19 KiB
PowerShell
414 lines
19 KiB
PowerShell
function Run-Trusted([String]$command, $psversion) {
|
|
|
|
function RunAsTI {
|
|
param(
|
|
[Parameter(Position = 0)]$cmd,
|
|
[Parameter(ValueFromRemainingArguments)]$xargs
|
|
)
|
|
|
|
$Ex = $xargs -contains '-Exit'
|
|
$xargs = $xargs | Where-Object { $_ -ne '-Exit' }
|
|
$wi = [Security.Principal.WindowsIdentity]::GetCurrent()
|
|
$id = 'RunAsTI'
|
|
$key = "Registry::HKU\$($wi.User.Value)\Volatile Environment"
|
|
$arg = ''
|
|
$rs = $false
|
|
$csf = Get-PSCallStack | Where-Object { $_.ScriptName -and $_.ScriptName -like '*.ps1' } | Select-Object -l 1
|
|
$cs = if ($csf) { $csf.ScriptName } else { $null }
|
|
|
|
if (!$cmd) {
|
|
if ((whoami /groups) -like '*S-1-16-16384*') { return }
|
|
|
|
$rs = $true
|
|
$arr = [Environment]::GetCommandLineArgs()
|
|
$i = [array]::IndexOf($arr, '-File')
|
|
if ($i -lt 0) {
|
|
$i = [array]::IndexOf($arr, '-f')
|
|
}
|
|
|
|
if ($i -ge 0 -and ($i + 1) -lt $arr.Count) {
|
|
if (!$cs) {
|
|
$cs = $arr[$i + 1]
|
|
}
|
|
|
|
if (($i + 2) -lt $arr.Count) {
|
|
$arg = ($arr[($i + 2)..($arr.Count - 1)] | ForEach-Object { "`"$($_-replace'"','""')`"" }) -join ' '
|
|
}
|
|
}
|
|
else {
|
|
$cp = if ($csf) { $csf.InvocationInfo.BoundParameters } else { Get-Variable PSBoundParameters -sc 1 -va -ea 0 }
|
|
|
|
$ca = if ($csf) { $csf.InvocationInfo.UnboundArguments } else { Get-Variable args -sc 1 -va -ea 0 }
|
|
|
|
if ($null -eq $cp) {
|
|
$cp = @{}
|
|
}
|
|
if ($null -eq $ca) {
|
|
$ca = @()
|
|
}
|
|
|
|
$arg = (@($cp.GetEnumerator() | ForEach-Object { if (($_.Value -is [switch] -and $_.Value.IsPresent) -or ($_.Value -eq $true)) { "-$($_.Key)" }elseif ($_.Value -isnot [switch] -and $_.Value -ne $true -and $_.Value -ne $false) { "-$($_.Key) `"$($_.Value-replace'"','""')`"" } }) + @($ca | ForEach-Object { "`"$($_-replace'"','""')`"" })) -join ' '
|
|
}
|
|
|
|
if ($cs) {
|
|
$cmd = 'powershell'
|
|
$arg = "-nop -ep bypass -f `"$cs`" $arg"
|
|
}
|
|
else {
|
|
$cmd = 'powershell'
|
|
$arg = '-nop -ep bypass'
|
|
}
|
|
}
|
|
elseif ($xargs) {
|
|
$arg = $xargs -join ' '
|
|
}
|
|
|
|
$V = ''
|
|
'cmd', 'arg', 'id', 'key' | ForEach-Object { $V += "`n`$$_='$($(Get-Variable $_ -val)-replace"'","''")';" }
|
|
|
|
Set-ItemProperty $key $id $($V, @'
|
|
$I=[int32];$M=$I.module.gettype("System.Runtime.Interop`Services.Mar`shal");$P=$I.module.gettype("System.Int`Ptr");$S=[string]
|
|
$D=@();$T=@();$DM=[AppDomain]::CurrentDomain."DefineDynami`cAssembly"(1,1)."DefineDynami`cModule"(1);$Z=[uintptr]::size
|
|
0..5|%{$D+=$DM."Defin`eType"("AveYo_$_",1179913,[ValueType])};$D+=[uintptr];4..6|%{$D+=$D[$_]."MakeByR`efType"()}
|
|
$F='kernel','advapi','advapi',($S,$S,$I,$I,$I,$I,$I,$S,$D[7],$D[8]),([uintptr],$S,$I,$I,$D[9]),([uintptr],$S,$I,$I,[byte[]],$I)
|
|
0..2|%{$9=$D[0]."DefinePInvok`eMethod"(('CreateProcess','RegOpenKeyEx','RegSetValueEx')[$_],$F[$_]+'32',8214,1,$S,$F[$_+3],1,4)}
|
|
$DF=($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$S,$S,$S,$I,$I,$I,$I,$I,$I,$I,$I,[int16],[int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I)
|
|
1..5|%{$k=$_;$n=1;$DF[$_-1]|%{$9=$D[$k]."Defin`eField"('f'+$n++,$_,6)}};0..5|%{$T+=$D[$_]."Creat`eType"()}
|
|
0..5|%{nv "A$_" ([Activator]::CreateInstance($T[$_])) -fo};function F($1,$2){$T[0]."G`etMethod"($1).invoke(0,$2)}
|
|
$TI=(whoami /groups)-like'*S-1-16-16384*';$As=0
|
|
if(!$TI){'TrustedInstaller','lsass','winlogon'|%{if(!$As){$9=sc.exe start $_;$As=@(gps -name $_ -ea 0|%{$_})[0]}}
|
|
function M($1,$2,$3){$M."G`etMethod"($1,[type[]]$2).invoke(0,$3)};$H=@();$Z,(4*$Z+16)|%{$H+=M "AllocHG`lobal" $I $_}
|
|
M "WriteInt`Ptr" ($P,$P) ($H[0],$As.Handle);$A1.f1=131072;$A1.f2=$Z;$A1.f3=$H[0];$A2.f1=1;$A2.f2=1;$A2.f3=1;$A2.f4=1
|
|
$A2.f6=$A1;$A3.f1=10*$Z+32;$A4.f1=$A3;$A4.f2=$H[1];M "StructureTo`Ptr" ($D[2],$P,[boolean]) (($A2-as$D[2]),$A4.f2,$false)
|
|
$Run=@($null,"powershell -win hidden -nop -c iex `$env:R; # $id",0,0,0,0x0E080600,0,$null,($A4-as$T[4]),($A5-as$T[5]))
|
|
F 'CreateProcess' $Run;return};$env:R='';rp $key $id -force;$priv=[diagnostics.process]."GetM`ember"('SetPrivilege',42)[0]
|
|
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|%{$priv.Invoke($null,@("$_",2))}
|
|
$HKU=[uintptr][uint32]2147483651;$NT='S-1-5-18';$reg=($HKU,$NT,8,2,($HKU-as$D[9]));F 'RegOpenKeyEx' $reg;$LNK=$reg[4]
|
|
function L($1,$2,$3){sp 'HKLM\Software\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}' 'RunAs' $3
|
|
$b=[Text.Encoding]::Unicode.GetBytes("\Registry\User\$1");F 'RegSetValueEx' @($2,'SymbolicLinkValue',0,6,[byte[]]$b,$b.Length)}
|
|
L ($key-split'\\')[1] $LNK '';$R=[diagnostics.process]::start($cmd,$arg);if($R){$R.WaitForExit()};L '.Default' $LNK 'Interactive User'
|
|
'@) -type 7
|
|
|
|
$a = "-win hidden -nop -c `n$V `$env:R=(gi `$key -ea 0).getvalue(`$id)-join''; iex `$env:R"
|
|
if ($Ex) {
|
|
$wshell = New-Object -ComObject WScript.Shell
|
|
$exe = 'powershell.exe'
|
|
$wshell.Run("$exe $a", 0, $false) >$null
|
|
}
|
|
else {
|
|
$wshell = New-Object -ComObject WScript.Shell
|
|
$exe = 'powershell.exe'
|
|
$wshell.Run("$exe $a", 0, $true) >$null # true to -wait
|
|
}
|
|
|
|
# if ($rs -or $Ex) { exit }
|
|
}
|
|
# lean & mean snippet by AveYo; refined by RapidOS [haslate]
|
|
# zoicware change log:
|
|
# changed start-process to wshell run to avoid the first powershell instance window from flashing
|
|
|
|
|
|
$psexe = 'PowerShell.exe'
|
|
|
|
#convert command to base64 to avoid errors with spaces
|
|
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
|
|
$base64Command = [Convert]::ToBase64String($bytes)
|
|
|
|
|
|
try {
|
|
Stop-Service -Name TrustedInstaller -Force -ErrorAction Stop -WarningAction Stop
|
|
}
|
|
catch {
|
|
taskkill /im trustedinstaller.exe /f >$null
|
|
}
|
|
|
|
# trusted installer proc not found (128) or access denied (1)
|
|
if ($LASTEXITCODE -eq 128 -or $LASTEXITCODE -eq 1) {
|
|
RunAsTI $psexe "-win hidden -encodedcommand $base64Command"
|
|
Start-Sleep 1
|
|
return
|
|
}
|
|
|
|
#get bin path to revert later
|
|
$service = Get-CimInstance -ClassName Win32_Service -Filter "Name='TrustedInstaller'"
|
|
$DefaultBinPath = $service.PathName
|
|
#make sure path is valid and the correct location
|
|
$trustedInstallerPath = "$env:SystemRoot\servicing\TrustedInstaller.exe"
|
|
if ($DefaultBinPath -ne $trustedInstallerPath) {
|
|
$DefaultBinPath = $trustedInstallerPath
|
|
}
|
|
#change bin to command
|
|
sc.exe config TrustedInstaller binPath= "cmd.exe /c $psexe -encodedcommand $base64Command" | Out-Null
|
|
#run the command
|
|
sc.exe start TrustedInstaller | Out-Null
|
|
#set bin back to default
|
|
sc.exe config TrustedInstaller binpath= "`"$DefaultBinPath`"" | Out-Null
|
|
try {
|
|
Stop-Service -Name TrustedInstaller -Force -ErrorAction Stop -WarningAction Stop
|
|
}
|
|
catch {
|
|
taskkill /im trustedinstaller.exe /f >$null
|
|
}
|
|
|
|
}
|
|
|
|
|
|
$Global:tempDir = ([System.IO.Path]::GetTempPath())
|
|
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey('SOFTWARE\Microsoft\Windows NT\CurrentVersion')
|
|
$OSBuild = "$($key.GetValue('CurrentBuild')).$($key.GetValue('UBR'))"
|
|
$key.Close()
|
|
try {
|
|
$key2 = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey('SOFTWARE\RemoveWindowsAI')
|
|
$CurrentCachedBuild = "$($key2.GetValue('CachedBuild'))"
|
|
$key2.Close()
|
|
}
|
|
catch {
|
|
$CurrentCachedBuild = $null
|
|
}
|
|
$regValName = 'CachedBuild'
|
|
if ($CurrentCachedBuild -ne $OSBuild) {
|
|
#update has occured because current cached build is not equal to current reported build
|
|
#updated cached build
|
|
Reg.exe add 'HKLM\SOFTWARE\RemoveWindowsAI' /v $regValName /d "$OSBuild" /t REG_SZ /f >$null
|
|
|
|
#run through checks for reinstalled ai
|
|
#===================================================================================================
|
|
$code = @'
|
|
$aipackages = @(
|
|
'MicrosoftWindows.Client.AIX'
|
|
'MicrosoftWindows.Client.CoPilot'
|
|
'Microsoft.Windows.Ai.Copilot.Provider'
|
|
'Microsoft.Copilot'
|
|
'Microsoft.MicrosoftOfficeHub'
|
|
'MicrosoftWindows.Client.CoreAI'
|
|
'Microsoft.Edge.GameAssist'
|
|
'Microsoft.Office.ActionsServer'
|
|
'aimgr'
|
|
'Microsoft.WritingAssistant'
|
|
'MicrosoftWindows.*.Voiess'
|
|
'MicrosoftWindows.*.Speion'
|
|
'MicrosoftWindows.*.Livtop'
|
|
'MicrosoftWindows.*.InpApp'
|
|
'MicrosoftWindows.*.Filons'
|
|
'WindowsWorkload.Data.Analysis.Stx.*'
|
|
'WindowsWorkload.Manager.*'
|
|
'WindowsWorkload.PSOnnxRuntime.Stx.*'
|
|
'WindowsWorkload.PSTokenizer.Stx.*'
|
|
'WindowsWorkload.QueryBlockList.*'
|
|
'WindowsWorkload.QueryProcessor.Data.*'
|
|
'WindowsWorkload.QueryProcessor.Stx.*'
|
|
'WindowsWorkload.SemanticText.Data.*'
|
|
'WindowsWorkload.SemanticText.Stx.*'
|
|
'WindowsWorkload.Data.ContentExtraction.Stx.*'
|
|
'WindowsWorkload.ScrRegDetection.Data.*'
|
|
'WindowsWorkload.ScrRegDetection.Stx.*'
|
|
'WindowsWorkload.TextRecognition.Stx.*'
|
|
'WindowsWorkload.Data.ImageSearch.Stx.*'
|
|
'WindowsWorkload.ImageContentModeration.*'
|
|
'WindowsWorkload.ImageContentModeration.Data.*'
|
|
'WindowsWorkload.ImageSearch.Data.*'
|
|
'WindowsWorkload.ImageSearch.Stx.*'
|
|
'WindowsWorkload.ImageTextSearch.Data.*'
|
|
'WindowsWorkload.PSOnnxRuntime.Stx.*'
|
|
'WindowsWorkload.PSTokenizerShared.Data.*'
|
|
'WindowsWorkload.PSTokenizerShared.Stx.*'
|
|
'WindowsWorkload.ImageTextSearch.Stx.*'
|
|
)
|
|
|
|
$provisioned = get-appxprovisionedpackage -online
|
|
$appxpackage = get-appxpackage -allusers
|
|
$store = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore'
|
|
$users = @('S-1-5-18'); if (test-path $store) { $users += $((Get-ChildItem $store -ea 0 | Where-Object { $_ -like '*S-1-5-21*' }).PSChildName) }
|
|
|
|
#use eol trick to uninstall some locked packages
|
|
foreach ($choice in $aipackages) {
|
|
foreach ($appx in $($provisioned | Where-Object { $_.PackageName -like "*$choice*" })) {
|
|
|
|
$PackageName = $appx.PackageName
|
|
$PackageFamilyName = ($appxpackage | Where-Object { $_.Name -eq $appx.DisplayName }).PackageFamilyName
|
|
New-Item "$store\Deprovisioned\$PackageFamilyName" -force
|
|
|
|
Set-NonRemovableAppsPolicy -Online -PackageFamilyName $PackageFamilyName -NonRemovable 0
|
|
remove-appxprovisionedpackage -packagename $PackageName -online -allusers
|
|
}
|
|
foreach ($appx in $($appxpackage | Where-Object { $_.PackageFullName -like "*$choice*" })) {
|
|
|
|
$PackageFullName = $appx.PackageFullName
|
|
$PackageFamilyName = $appx.PackageFamilyName
|
|
New-Item "$store\Deprovisioned\$PackageFamilyName" -force
|
|
Set-NonRemovableAppsPolicy -Online -PackageFamilyName $PackageFamilyName -NonRemovable 0
|
|
|
|
#remove inbox apps
|
|
$inboxApp = "$store\InboxApplications\$PackageFullName"
|
|
Remove-Item -Path $inboxApp -Force
|
|
|
|
#get all installed user sids for package due to not all showing up in reg
|
|
foreach ($user in $appx.PackageUserInformation) {
|
|
$sid = $user.UserSecurityID.SID
|
|
New-Item "$store\EndOfLife\$sid\$PackageFullName" -force -verbose
|
|
remove-appxpackage -package $PackageFullName -User $sid
|
|
}
|
|
remove-appxpackage -package $PackageFullName -allusers
|
|
|
|
foreach ($sid in $users) {
|
|
New-Item "$store\EndOfLife\$sid\$PackageFullName" -force
|
|
}
|
|
}
|
|
}
|
|
'@
|
|
$packageRemovalPath = "$($tempDir)aiPackageRemoval.ps1"
|
|
if (!(test-path $packageRemovalPath)) {
|
|
New-Item $packageRemovalPath -Force | Out-Null
|
|
}
|
|
|
|
Set-Content -Path $packageRemovalPath -Value $code -Force
|
|
#allow removal script to run
|
|
try {
|
|
Set-ExecutionPolicy Unrestricted -Force -ErrorAction Stop
|
|
}
|
|
catch {
|
|
#user has set powershell execution policy via group policy or via settings, to change it we need to update the registry
|
|
try {
|
|
$Global:ogExecutionPolicy = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell' -Name 'ExecutionPolicy' -ErrorAction Stop
|
|
Reg.exe add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell' /v 'EnableScripts' /t REG_DWORD /d '1' /f >$null
|
|
Reg.exe add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d 'Unrestricted' /f >$null
|
|
$Global:executionPolicyUser = $false
|
|
$Global:executionPolicyMachine = $false
|
|
$Global:executionPolicyWow64 = $false
|
|
$Global:executionPolicyUserPol = $false
|
|
}
|
|
catch {
|
|
try {
|
|
$Global:ogExecutionPolicy = Get-ItemPropertyValue -Path 'HKCU:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name 'ExecutionPolicy' -ErrorAction Stop
|
|
Reg.exe add 'HKCU\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d 'Unrestricted' /f >$null
|
|
$Global:executionPolicyUser = $true
|
|
$Global:executionPolicyMachine = $false
|
|
$Global:executionPolicyWow64 = $false
|
|
$Global:executionPolicyUserPol = $false
|
|
}
|
|
catch {
|
|
try {
|
|
$Global:ogExecutionPolicy = Get-ItemPropertyValue -Path 'HKLM:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name 'ExecutionPolicy' -ErrorAction Stop
|
|
Reg.exe add 'HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d 'Unrestricted' /f >$null
|
|
$Global:executionPolicyUser = $false
|
|
$Global:executionPolicyMachine = $true
|
|
$Global:executionPolicyWow64 = $false
|
|
$Global:executionPolicyUserPol = $false
|
|
}
|
|
catch {
|
|
try {
|
|
$Global:ogExecutionPolicy = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name 'ExecutionPolicy' -ErrorAction Stop
|
|
Reg.exe add 'HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d 'Unrestricted' /f >$null
|
|
$Global:executionPolicyUser = $false
|
|
$Global:executionPolicyMachine = $false
|
|
$Global:executionPolicyWow64 = $true
|
|
$Global:executionPolicyUserPol = $false
|
|
|
|
}
|
|
catch {
|
|
$Global:ogExecutionPolicy = Get-ItemPropertyValue -Path 'HKCU:\SOFTWARE\Policies\Microsoft\Windows\PowerShell' -Name 'ExecutionPolicy'
|
|
Reg.exe add 'HKCU\SOFTWARE\Policies\Microsoft\Windows\PowerShell' /v 'EnableScripts' /t REG_DWORD /d '1' /f >$null
|
|
Reg.exe add 'HKCU\SOFTWARE\Policies\Microsoft\Windows\PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d 'Unrestricted' /f >$null
|
|
$Global:executionPolicyUser = $false
|
|
$Global:executionPolicyMachine = $false
|
|
$Global:executionPolicyWow64 = $false
|
|
$Global:executionPolicyUserPol = $true
|
|
}
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
$command = "&`"$($tempDir)aiPackageRemoval.ps1`""
|
|
Run-Trusted -command $command
|
|
|
|
#needed for separate powershell sessions
|
|
$aipackages = @(
|
|
# 'MicrosoftWindows.Client.Photon'
|
|
'MicrosoftWindows.Client.AIX'
|
|
'MicrosoftWindows.Client.CoPilot'
|
|
'Microsoft.Windows.Ai.Copilot.Provider'
|
|
'Microsoft.Copilot'
|
|
'Microsoft.MicrosoftOfficeHub'
|
|
'MicrosoftWindows.Client.CoreAI'
|
|
'Microsoft.Edge.GameAssist'
|
|
'Microsoft.Office.ActionsServer'
|
|
'aimgr'
|
|
'Microsoft.WritingAssistant'
|
|
#ai component packages installed on copilot+ pcs
|
|
'MicrosoftWindows.*.Voiess'
|
|
'MicrosoftWindows.*.Speion'
|
|
'MicrosoftWindows.*.Livtop'
|
|
'MicrosoftWindows.*.InpApp'
|
|
'MicrosoftWindows.*.Filons'
|
|
'WindowsWorkload.Data.Analysis.Stx.*'
|
|
'WindowsWorkload.Manager.*'
|
|
'WindowsWorkload.PSOnnxRuntime.Stx.*'
|
|
'WindowsWorkload.PSTokenizer.Stx.*'
|
|
'WindowsWorkload.QueryBlockList.*'
|
|
'WindowsWorkload.QueryProcessor.Data.*'
|
|
'WindowsWorkload.QueryProcessor.Stx.*'
|
|
'WindowsWorkload.SemanticText.Data.*'
|
|
'WindowsWorkload.SemanticText.Stx.*'
|
|
'WindowsWorkload.Data.ContentExtraction.Stx.*'
|
|
'WindowsWorkload.ScrRegDetection.Data.*'
|
|
'WindowsWorkload.ScrRegDetection.Stx.*'
|
|
'WindowsWorkload.TextRecognition.Stx.*'
|
|
'WindowsWorkload.Data.ImageSearch.Stx.*'
|
|
'WindowsWorkload.ImageContentModeration.*'
|
|
'WindowsWorkload.ImageContentModeration.Data.*'
|
|
'WindowsWorkload.ImageSearch.Data.*'
|
|
'WindowsWorkload.ImageSearch.Stx.*'
|
|
'WindowsWorkload.ImageTextSearch.Data.*'
|
|
'WindowsWorkload.PSOnnxRuntime.Stx.*'
|
|
'WindowsWorkload.PSTokenizerShared.Data.*'
|
|
'WindowsWorkload.PSTokenizerShared.Stx.*'
|
|
'WindowsWorkload.ImageTextSearch.Stx.*'
|
|
)
|
|
|
|
#check packages removal
|
|
#exit loop after 10 tries
|
|
$attempts = 0
|
|
do {
|
|
Start-Sleep 1
|
|
$packages = get-appxpackage -AllUsers | Where-Object { $aipackages -contains $_.Name }
|
|
if ($packages) {
|
|
$attempts++
|
|
$command = "&`"$($tempDir)aiPackageRemoval.ps1`""
|
|
Run-Trusted -command $command
|
|
}
|
|
|
|
}while ($packages -and $attempts -lt 10)
|
|
|
|
|
|
#add registry keys even tho im pretty sure they dont get changed
|
|
#add maybe some file cleanup
|
|
|
|
|
|
|
|
|
|
#set executionpolicy back to what it was
|
|
if ($ogExecutionPolicy) {
|
|
if ($Global:executionPolicyUser) {
|
|
Reg.exe add 'HKCU\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d $ogExecutionPolicy /f >$null
|
|
}
|
|
elseif ($Global:executionPolicyMachine) {
|
|
Reg.exe add 'HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d $ogExecutionPolicy /f >$null
|
|
}
|
|
elseif ($Global:executionPolicyWow64) {
|
|
Reg.exe add 'HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d $ogExecutionPolicy /f >$null
|
|
}
|
|
elseif ($Global:executionPolicyUserPol) {
|
|
Reg.exe add 'HKCU\SOFTWARE\Policies\Microsoft\Windows\PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d $ogExecutionPolicy /f >$null
|
|
}
|
|
else {
|
|
Reg.exe add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell' /v 'ExecutionPolicy' /t REG_SZ /d $ogExecutionPolicy /f >$null
|
|
}
|
|
}
|
|
} |