diff --git a/cleanW10.ps1 b/cleanW10.ps1 index 5772a7c..ed86c37 100755 --- a/cleanW10.ps1 +++ b/cleanW10.ps1 @@ -7,7 +7,7 @@ param ( Import-Module NetSecurity #Useful to manipulate firewall rules Set-StrictMode -Version 2 -$PSDefaultParameterValues=@{$dir = "./modules.d"} +#$PSDefaultParameterValues=@{$dir = "./modules.d"} $HOST_FILE = "$env:windir\System32\drivers\etc\hosts" $HOST_IP = "0.0.0.0" $ErrorActionPreference = "Stop" @@ -185,20 +185,59 @@ function AddRegKey { $params.value = "" } if ( -not $params.ContainsKey('type') -or $params.type -eq "" ){ $params.type="DWord" } - Write-Host -NoNewline "`t$($params.key) reg key to $($params.value) : " + + #When keypath start with HKCU, we need to apply it ro all users + if ( ($params.path).StartsWith("HKCU") ) { + $script:users | Foreach { + #If so, we need to put the key on all users hives + AddRegKey @{ + path = (($params.path).replace('HKCU:','HKU:\' + $_.sid)); + key = $params.key; + value = $params.value; + type = $params.type + } + } + #then put key to default user hive + AddRegKey @{ + path = (($params.path).replace('HKCU:','HKU:\Default')); + key = $params.key; + value = $params.value; + type = $params.type + } + return + } + + #Let's begin... + Write-Host -NoNewline "`t$($params.path.substring(0,30))...$($params.key) reg key to $($params.value) : " if ( -not (Test-Path $params.path) ){ - Write-Host -NoNewline "- creating path - " + Write-Host -NoNewline -ForegroundColor DarkGreen "creating path " try { New-Item -Path $params.path -Force | Out-Null } + catch { Write-Host -NoNewLine -ForegroundColor Red "Error`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } } + + # Test if the key already exist try { - Set-ItemProperty -Path $params.path -Name $params.key -Value $($params.value) -Type $params.type -Force + $current_value = Get-ItemPropertyValue -Path $params.path -Name $params.key + if ( $current_value -eq $params.value ) { + Write-Host -ForegroundColor Yellow "Already done" + return + } + else { Write-Host -NoNewline -ForegroundColor DarkGreen "old value $current_value " } + } + catch { + Write-Host -NoNewline -ForegroundColor DarkGreen "new key " + } + + # Put the key + try { + Set-ItemProperty -Path $params.path -Name $params.key -Value $params.value -Type $params.type -Force Write-Host -ForegroundColor Green "done" } catch [System.Security.SecurityException]{ @@ -215,6 +254,22 @@ function DelRegKey { [Parameter(Mandatory=$true)] [object]$params ) + #When keypath start with HKCU, we need to apply it ro all users + if ( ($params.path).StartsWith("HKCU") ) { + $script:users | Foreach { + #If so, we need to put the key on all users hives + DelRegKey @{ + path = (($params.path).replace('HKCU:','HKU:\' + $_.sid)); + key = $params.key; + } + } + #then put key to default user hive + DelRegKey @{ + path = (($params.path).replace('HKCU:','HKU:\Default')); + key = $params.key; + } + return + } Write-Host -NoNewline "`tDelete registery key $($params.key) : " if ( ! (Test-Path $params.path) ){ Write-Host -ForegroundColor Red " Error (path not found)" @@ -300,7 +355,7 @@ function UninstallModernApp { elseif ( $params.ContainsKey('name') ) { Write-Host -NoNewLine "`tUninstall $($params.name) : " try { - $(Get-AppxPackage -AllUsers | Where-Object { $_.name -like "*$($params.name)*" } | Remove-AppxPackage) + $(Get-AppxPackage -AllUsers | Where-Object { $_.name -like "*$($params.name)*" } | Remove-AppxPackage -AllUsers) Write-Host -ForegroundColor Green "done" } catch { @@ -542,6 +597,8 @@ function ProcessModuleFile { Write-Output "`nIt's time to kick ass and chew bubble gum" Write-Output "_________________________________________`n" +$script:users = @() + try { Write-Host -NoNewline "Mount Default user registery hive : " reg load "HKU\Default" "C:\Users\Default\NTUSER.DAT" | Out-Null @@ -555,7 +612,25 @@ try { catch { Write-Host -NoNewline -ForegroundColor Red "Error while mounting Registery`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message - return + #return +} + +#We need access to users registry hive for applying mofidication to existing users +$profile_list = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" +Get-LocalUser | Where-Object { $_.Enabled -eq $true } | foreach { + $current_user_path = Get-ItemPropertyValue -Path "$profile_list$($_.SID.Value)\" -Name "ProfileImagePath" + $script:users += @{name = $_.name;'sid' = $_.SID.Value; 'was_mounted' = $false; 'directory' = $current_user_path} +} + +$script:users | foreach { + if ( -not (Test-Path "HKU:\$($_.sid)") ) { + Write-Host "$($_.name) not mounted" + reg load "HKU\$($_.sid)" "$($_.directory)\NTUSER.DAT" + } + else { + Write-Host "$($_.name) mounted" + $_.was_mounted = $true + } } Write-Host "Folder to process : $module" @@ -567,12 +642,39 @@ else { $_.FullName | ProcessModuleFile } } -#Unmount Registery +Write-Host -Nonewline "`nRemove powershell access to HKCR, HKCU and HKU : " try { - Write-Host -NoNewline "`nUnmount HKU and HKCR : " Remove-PSDrive -Name HKCR Remove-PSDrive -Name HKCU Remove-PSDrive -Name HKU + Write-Host -ForegroundColor Green "done" +} +catch { + Write-Host -NoNewline -ForegroundColor Red "Error`n`t" + Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message +} +0 +[gc]::collect() +Write-Host "`nUnload Users hives : " +#Unmount Registery +$script:users | foreach { + Write-Host -Nonewline "`tUnmount $($_.name) hive : " + #Need to unmount all not-connected users hives" + if ($_.was_mounted -eq $false) { + try { + reg unload "HKU\$($_.sid)" 2>&1 | Out-Null + Write-Host -foregroundColor Green "Done" + } + catch { + Write-Host -NoNewline -ForegroundColor Red "Error`n`t" + Write-Host -ForegroundColor Red $Error[0].Exception.Message + } + } + else { Write-Host -ForegroundColor Yellow "Was mounted (User connected)" } +} + +Write-Host -nonewline "`nUnload default user hive : " +try { reg unload "HKU\Default" 2>&1 | Out-Null Write-Host -ForegroundColor Green "done" }