diff --git a/cleanW10.ps1 b/cleanW10.ps1 index aae06e3..5772a7c 100755 --- a/cleanW10.ps1 +++ b/cleanW10.ps1 @@ -7,7 +7,7 @@ param ( Import-Module NetSecurity #Useful to manipulate firewall rules Set-StrictMode -Version 2 -#$PSDefaultParameterValues=@{$dir = "./modules.d"} +$PSDefaultParameterValues=@{$dir = "./modules.d"} $HOST_FILE = "$env:windir\System32\drivers\etc\hosts" $HOST_IP = "0.0.0.0" $ErrorActionPreference = "Stop" @@ -185,59 +185,20 @@ function AddRegKey { $params.value = "" } if ( -not $params.ContainsKey('type') -or $params.type -eq "" ){ $params.type="DWord" } - - #When keypath start with HKCU, we need to apply it ro all users - if ( ($params.path).StartsWith("HKCU") ) { - $script:users | Foreach { - #If so, we need to put the key on all users hives - AddRegKey @{ - path = (($params.path).replace('HKCU:','HKU:\' + $_.sid)); - key = $params.key; - value = $params.value; - type = $params.type - } - } - #then put key to default user hive - AddRegKey @{ - path = (($params.path).replace('HKCU:','HKU:\Default')); - key = $params.key; - value = $params.value; - type = $params.type - } - return - } - - #Let's begin... - Write-Host -NoNewline "`t$($params.path.substring(0,30))...$($params.key) reg key to $($params.value) : " + Write-Host -NoNewline "`t$($params.key) reg key to $($params.value) : " if ( -not (Test-Path $params.path) ){ - Write-Host -NoNewline -ForegroundColor DarkGreen "creating path " + Write-Host -NoNewline "- creating path - " try { New-Item -Path $params.path -Force | Out-Null } - catch { Write-Host -NoNewLine -ForegroundColor Red "Error`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } } - - # Test if the key already exist try { - $current_value = Get-ItemPropertyValue -Path $params.path -Name $params.key - if ( $current_value -eq $params.value ) { - Write-Host -ForegroundColor Yellow "Already done" - return - } - else { Write-Host -NoNewline -ForegroundColor DarkGreen "old value $current_value " } - } - catch { - Write-Host -NoNewline -ForegroundColor DarkGreen "new key " - } - - # Put the key - try { - Set-ItemProperty -Path $params.path -Name $params.key -Value $params.value -Type $params.type -Force + Set-ItemProperty -Path $params.path -Name $params.key -Value $($params.value) -Type $params.type -Force Write-Host -ForegroundColor Green "done" } catch [System.Security.SecurityException]{ @@ -254,37 +215,13 @@ function DelRegKey { [Parameter(Mandatory=$true)] [object]$params ) - #When keypath start with HKCU, we need to apply it ro all users - if ( ($params.path).StartsWith("HKCU") ) { - $script:users | Foreach { - #If so, we need to put the key on all users hives - DelRegKey @{ - path = (($params.path).replace('HKCU:','HKU:\' + $_.sid)); - key = $params.key; - } - } - #then put key to default user hive - DelRegKey @{ - path = (($params.path).replace('HKCU:','HKU:\Default')); - key = $params.key; - } - return - } Write-Host -NoNewline "`tDelete registery key $($params.key) : " if ( ! (Test-Path $params.path) ){ Write-Host -ForegroundColor Red " Error (path not found)" return } try { - Get-ItemProperty -Path $params.path -Name $params.key - } - catch { - Write-Host -ForegroundColor Yellow "key already deleted" - return - } - try { - - #Remove-ItemProperty -Path $params.path -Name $params.key + Remove-ItemProperty -Path $params.path -Name $params.key Write-host -ForegroundColor Green "done" } catch [System.Security.SecurityException]{ @@ -363,7 +300,7 @@ function UninstallModernApp { elseif ( $params.ContainsKey('name') ) { Write-Host -NoNewLine "`tUninstall $($params.name) : " try { - $(Get-AppxPackage -AllUsers | Where-Object { $_.name -like "*$($params.name)*" } | Remove-AppxPackage -AllUsers) + $(Get-AppxPackage -AllUsers | Where-Object { $_.name -like "*$($params.name)*" } | Remove-AppxPackage) Write-Host -ForegroundColor Green "done" } catch { @@ -523,7 +460,6 @@ function DelFile { write-Host -ForegroundColor DarkRed $Error[0].Exception.Message } } - function ExecCommand { param ( [cmdletbinding( @@ -540,7 +476,7 @@ function ExecCommand { $args = $params.arguments.Replace("##mod_path##", $script:current_module_path) Write-Host -NoNewline "`tExecute : $path : " $path = Invoke-Expression """$($path)""" - if ( -not (Test-Path $path) -or -not $path -eq "powershell" ) { + if ( -not (Test-Path $path) -and -not $path -eq "powershell" ) { Write-Host -ForegroundColor Yellow "File not found" return } @@ -606,8 +542,6 @@ function ProcessModuleFile { Write-Output "`nIt's time to kick ass and chew bubble gum" Write-Output "_________________________________________`n" -$script:users = @() - try { Write-Host -NoNewline "Mount Default user registery hive : " reg load "HKU\Default" "C:\Users\Default\NTUSER.DAT" | Out-Null @@ -621,33 +555,7 @@ try { catch { Write-Host -NoNewline -ForegroundColor Red "Error while mounting Registery`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message - #return -} - -#We need access to users registry hive for applying mofidication to existing users -$profile_list = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" -Get-LocalUser | Where-Object { $_.Enabled -eq $true } | foreach { - $current_user_path = Get-ItemPropertyValue -Path "$profile_list$($_.SID.Value)\" -Name "ProfileImagePath" - $script:users += @{name = $_.name;'sid' = $_.SID.Value; 'was_mounted' = $false; 'directory' = $current_user_path} -} - -Write-Host "Mount users registry hives :" -$script:users | foreach { - Write-Host -NoNewline "`tMount $($_.name) hive : " - if ( -not (Test-Path "HKU:\$($_.sid)") ) { - try { - reg load "HKU\$($_.sid)" "$($_.directory)\NTUSER.DAT" 2>&1 | Out-Null - Write-Host -ForegroundColor Green "done" - } - catch { - Write-Host -ForegroundColor Red "Error`n`t" - Write-host $Error[0].Exeption.Message - } - } - else { - $_.was_mounted = $true - Write-Host -ForegroundColor Yellow "Already mounted" - } + return } Write-Host "Folder to process : $module" @@ -659,39 +567,12 @@ else { $_.FullName | ProcessModuleFile } } -Write-Host -Nonewline "`nRemove powershell access to HKCR, HKCU and HKU : " +#Unmount Registery try { + Write-Host -NoNewline "`nUnmount HKU and HKCR : " Remove-PSDrive -Name HKCR Remove-PSDrive -Name HKCU Remove-PSDrive -Name HKU - Write-Host -ForegroundColor Green "done" -} -catch { - Write-Host -NoNewline -ForegroundColor Red "Error`n`t" - Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message -} -0 -[gc]::collect() -Write-Host "`nUnload Users hives : " -#Unmount Registery -$script:users | foreach { - Write-Host -Nonewline "`tUnmount $($_.name) hive : " - #Need to unmount all not-connected users hives" - if ($_.was_mounted -eq $false) { - try { - reg unload "HKU\$($_.sid)" 2>&1 | Out-Null - Write-Host -foregroundColor Green "Done" - } - catch { - Write-Host -NoNewline -ForegroundColor Red "Error`n`t" - Write-Host -ForegroundColor Red $Error[0].Exception.Message - } - } - else { Write-Host -ForegroundColor Yellow "Was mounted (User connected)" } -} - -Write-Host -nonewline "`nUnload default user hive : " -try { reg unload "HKU\Default" 2>&1 | Out-Null Write-Host -ForegroundColor Green "done" }