-
Notifications
You must be signed in to change notification settings - Fork 3
/
Unelevated.ps1
172 lines (143 loc) · 12.3 KB
/
Unelevated.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
<#
Global Variables
#>
$ErrorActionPreference = 'SilentlyContinue'
$model = (gwmi Win32_ComputerSystem).Model
# AppX Packages
Write-Host "Installing UWP AppX and Libraries" -ForegroundColor Green
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name AllowAllTrustedApps -PropertyType Dword -Value 1 -Force
cd ".\Runtime Libraries\UWP"
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.VCLibs.140.00*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.VCLibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe.appx -SkipLicense
}
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.AV1VideoExtension*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.AV1VideoExtension_1.1.51091.0_x64__8wekyb3d8bbwe.Appx -SkipLicense
}
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.VP9VideoExtensions*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.VP9VideoExtensions_1.0.51171.0_x64__8wekyb3d8bbwe.Appx -SkipLicense
}
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.HEIFImageExtension*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.HEIFImageExtension_1.0.50272.0_x64__8wekyb3d8bbwe.Appx -SkipLicense
}
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.MPEG2VideoExtension*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe.Appx -SkipLicense
}
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.WebpImageExtension*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.WebpImageExtension_1.0.42351.0_x64__8wekyb3d8bbwe.Appx -SkipLicense
}
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.HEVCVideoExtensions*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.HEVCVideoExtensions_2.0.51122.0_x64__8wekyb3d8bbwe.Appx -SkipLicense
}
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.RawImageExtension*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.RawImageExtension_2.1.31392.0_neutral_~_8wekyb3d8bbwe.AppxBundle -SkipLicense
}
$Installed = Get-AppxPackage -AllUsers | where-object {$_.PackageFullName -like "Microsoft.WebMediaExtensions*"}; if(-not $Installed) {
Add-AppxProvisionedPackage -Online -PackagePath .\Microsoft.WebMediaExtensions_1.0.42192.0_neutral_~_8wekyb3d8bbwe.AppxBundle -SkipLicense
}
cd ..\..
# Custom Tasks
Write-Host "Generating Custom Tasks" -ForegroundColor Green
Unregister-ScheduledTask -TaskName "*" -TaskPath "\Script\*" -Confirm:$false -erroraction 'silentlycontinue'
$Sta = New-ScheduledTaskAction -Execute "gpupdate" -Argument "/force"
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtStartUp
$principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest
Register-ScheduledTask "Script\Group Policy Update" -Action $Sta -Settings $Stset -Trigger $Sttrig -Principal $principal -Description 'Update Group Policy, required for QoS rules to apply properly.'
$Sta = New-ScheduledTaskAction -Execute "diskpart" -Argument "/s C:\Windows\Scripts\Diskpart.txt"
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtStartUp
$principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest
Register-ScheduledTask "Script\Diskpart" -Action $Sta -Settings $Stset -Trigger $Sttrig -Principal $principal -Description 'Run Diskpart script.'
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoExit -WindowStyle Hidden -File C:\Windows\Scripts\Monitor.ps1"
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask "Script\Monitor" -Action $Sta -Settings $Stset -Trigger $Sttrig -Description 'Monitor WMI events.'
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument '-NonInteractive -WindowStyle Hidden "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe ExecuteQueuedItems; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe ExecuteQueuedItems"'
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask "Script\.NET Assembly Compiler" -Action $Sta -Settings $Stset -Trigger $Sttrig
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument '-NonInteractive -WindowStyle Hidden -Command "REG SAVE HKLM\SOFTWARE C:\Windows\System32\config\RegBack\SOFTWARE /Y; REG SAVE HKLM\SYSTEM C:\Windows\System32\config\RegBack\SYSTEM /Y; REG SAVE HKLM\SECURITY C:\Windows\System32\config\RegBack\SECURITY /Y; REG SAVE HKLM\SAM C:\Windows\System32\config\RegBack\SAM /Y; REG SAVE HKU\.DEFAULT C:\Windows\System32\config\RegBack\DEFAULT /Y; REG SAVE HKCU C:\Windows\System32\config\RegBack\NTUSER.DAT /Y; REG SAVE HKCU\Software\Classes C:\Windows\System32\config\RegBack\USRCLASS.DAT /Y; REG SAVE HKLM\BCD00000000 C:\Windows\System32\config\RegBack\BCD /Y" -WorkingDirectory "C:\Windows\System32\config"'
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask "Script\Registry Backup" -Action $Sta -Settings $Stset -Trigger $Sttrig -Description 'Backup registry after each logon.'
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument '-NonInteractive -WindowStyle Hidden -File C:\Windows\Scripts\Update.ps1' -WorkingDirectory 'C:\Windows\System32'
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -RunOnlyIfNetworkAvailable -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask "Script\Update" -Action $Sta -Settings $Stset -Trigger $Sttrig -Description 'Update Certificate store, hosts file, etc.'
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument '-NonInteractive -WindowStyle Hidden -File C:\Windows\Scripts\Run.ps1'
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask "Script\Run" -Action $Sta -Settings $Stset -Trigger $Sttrig -Description 'Run various commands at logon.'
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoExit -WindowStyle Hidden -File C:\Windows\Scripts\Share.ps1"
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask "Script\Share" -Action $Sta -Settings $Stset -Trigger $Sttrig -Description 'Share $Admin Drives on new drive mounts.'
if ( $model -notlike 'Blade Stealth 13 (Early 2020) - RZ09-0310') {
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument '-NonInteractive -WindowStyle Hidden -File C:\Windows\Scripts\Ping.ps1' -WorkingDirectory 'C:\Windows\System32'
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtStartUp
$principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest
Register-ScheduledTask "Script\Ping" -Action $Sta -Settings $Stset -Trigger $Sttrig -Principal $principal -Description 'Ping.'
}
if ( $model -like 'MS-7B12' -or $model -like 'Blade Stealth 13 (Early 2020) - RZ09-0310') {
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument 'Start-Process -NoNewWindow -LoadUserProfile -FilePath \"C:\Program Files\AutoHotkey\AutoHotkey.exe\" -ArgumentList "C:\Users\Administrator\Desktop\MTHaxTool\mthaxtool-systemwide_module.ahk" -WorkingDirectory "C:\Users\Administrator\Desktop\MTHaxTool"'
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -ExecutionTimeLimit '00:00:00'
$Stset.Priority = 4 # Default priority for tasks is 'Below Normal' which is troublesome as all the child processes AHK spawns consequently start at the same priority level rather than 'Normal'.
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask Script\MTHaxTool -Action $Sta -Settings $Stset -Trigger $Sttrig -Description 'Start AHK Script.'
}
<#
if ( $model -like 'Blade Stealth 13 (Early 2020) - RZ09-0310') {
$Sta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument '-NonInteractive -WindowStyle Hidden -File C:\Windows\Scripts\MonitorKeyboard.ps1'
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask Script\MonitorKeyboard -Action $Sta -Settings $Stset -Trigger $Sttrig -Description 'Monitor Keyboard input and suspend Razer Device on idle for extra power savings.'
}
#>
# Install user-space applications
Write-Host "Install Userspace Applications" -ForegroundColor Green
Resources\AutoHotkey_1.1.33.10_setup\AutoHotkey_1.1.33.10_setup.exe /S
Resources\7z2104-x64\7z2104-x64.exe /S /D="C:\Program Files\7-Zip"
# Inject Registry Keys
Write-Host "Import Registry Keys from Files" -ForegroundColor Green
reg import ".\Registry\Context Add Menu Full Screen Optimizations.reg"
reg import ".\Registry\Context Add Menu Bypass Tunnel.reg"
reg import ".\Registry\Context Add Run As Different User.reg"
reg import ".\Registry\Context Add Run Unelevated.reg"
reg import ".\Registry\Context Add Menu GPU Preference.reg"
reg import ".\Registry\Context Add Menu Advanced System Settings.reg"
reg import ".\Registry\Restore Windows Photo Viewer.reg"
reg import ".\Registry\Sysinternals Eula Prompts.reg"
reg import ".\Registry\Context Add Block Executable.reg"
reg import ".\Registry\Context Add Menu Classic Customize.reg"
reg import ".\Registry\Context Add Menu Command Prompt.reg"
reg import ".\Registry\Context Add Menu Powershell.reg"
reg import ".\Registry\Context Add Menu DPI Scaling.reg"
reg import ".\Registry\Context Add Menu Firewall.reg"
reg import ".\Registry\Context Add Menu Ownership.reg"
if ( $model -notlike 'VMware*') {
reg import ".\Registry\Context Add Security Performance Mode.reg"
}
if ( $model -like 'MS-7B12') {
reg import ".\Registry\XonarSwitch Profiles.reg"
}
# One-shot verification of Windows integrity
$Path = 'HKLM:\SOFTWARE\LiveScript'; if(-not (Test-Path -Path $Path)){ New-Item -ItemType String -Path $Path }
if( -not [String]::IsNullOrEmpty((Get-ItemProperty "HKLM:\SOFTWARE\LiveScript" -Name "IntegrityVerified" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty IntegrityVerified))){
} else {
New-ItemProperty -Path "HKLM:\SOFTWARE\LiveScript" -Name "IntegrityVerified" -Value "0" -PropertyType "DWORD" -Force | Out-Null
}
$integrity = Get-ItemProperty -Path 'HKLM:\SOFTWARE\LiveScript' -Name 'IntegrityVerified'
if($integrity.IntegrityVerified -ne 1)
{
Write-Host "Verifying Windows integrity" -ForegroundColor Green
Unregister-ScheduledTask -TaskName "Verify Integrity" -Confirm:$false -erroraction 'silentlycontinue'
$Sta = New-ScheduledTaskAction -Execute "cmd" -Argument '/c sfc /scannow && schtasks /delete /tn "Verify Integrity" /f'
$Stset = New-ScheduledTaskSettingsSet -Compatibility Win8 -Hidden -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit '00:00:00'
$Sttrig = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask "Verify Integrity" -Action $Sta -Settings $Stset -Trigger $Sttrig
New-ItemProperty -Path "HKLM:\SOFTWARE\LiveScript" -Name 'IntegrityVerified' -PropertyType DWord -Value 1 -Force
}
<#
End of script
#>