Last active
July 9, 2025 06:07
-
-
Save LuemmelSec/20e2b6429eccf0bac91ac6f17bc98c87 to your computer and use it in GitHub Desktop.
Give Back Control over Windows functions script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $elevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) | |
| function Show-Menu { | |
| Clear-Host | |
| Write-Host "======================================================" | |
| Write-Host "================ Give Back Control ================" | |
| Write-Host "======================================================" | |
| if($elevated -eq $true){ | |
| Write-Host "Local Admin: " -ForegroundColor white -NoNewline; Write-Host $elevated -ForegroundColor Green | |
| Write-Host "We have superpowers. Ready to continue." | |
| } | |
| else{ | |
| Write-Host "Local Admin: " -ForegroundColor white -NoNewline; Write-Host $elevated -ForegroundColor Red | |
| Write-Host "You need local admin rights to continue. Please start in elevated prompt!!!" | |
| } | |
| Write-Host "" | |
| Write-Host "1: Press '1' to enable configuration of Windows Defender." | |
| Write-Host "2: Press '2' to enable configuration of Windows Firewall." | |
| Write-Host "3: Press '3' to disable Virtual Protection features of Credential Guard to allow nested virtualization." | |
| Write-Host "4: Press '4' to enable free Browser config." | |
| Write-Host "5: Press '5' to remove multi connection network restrictions" | |
| Write-Host "6: Press '6' to enable the Microsoft Store" | |
| Write-Host "7: Press '7' to get rid of whole Bing integration into the search function, start menu etc" | |
| Write-Host "8: Press '7' to reboot. Close all open files before using!!!" | |
| Write-Host "q: Press 'q' to quit." | |
| } | |
| function Browser{ | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "HomepageLocation" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "HomeButton" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v "HomepageLocation" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v "HomeButton" /f' | |
| Pause | |
| } | |
| function Defender{ | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Defender\Features" -Name "TamperProtection" -Value 0 | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "UILockdown" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection" /v "UILockdown" /f' | |
| cmd /c 'reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v' | |
| Pause | |
| } | |
| function Firewall{ | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy" /f' | |
| Pause | |
| } | |
| function DeviceGuard{ | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard" /v "RequirePlatformSecurityFeatures" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /f' | |
| cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /f' | |
| dism /online /disable-feature /featurename:Microsoft-hyper-v-all /norestart | |
| dism /online /disable-feature /featurename:WindowsHypervisorPlatform /norestart | |
| dism /online /disable-feature /featurename:VirtualMachinePlatform /norestart | |
| mountvol X: /s | |
| copy-item c:\windows\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi | |
| cmd /c 'bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader' | |
| cmd /c 'bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"' | |
| cmd /c 'bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}' | |
| cmd /c 'bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO' | |
| cmd /c 'bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:' | |
| cmd /c 'bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS' | |
| cmd /c 'bcdedit /set vsmlaunchtype off' | |
| mountvol X: /d | |
| Pause | |
| } | |
| function Network{ | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy" -Name "fMinimizeConnections" -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy" -Name "fBlockNonDomain" -Value 0 | |
| Pause | |
| } | |
| function Store{ | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsStore" -Name "RemoveWindowsStore" -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" -Name "RemoveWindowsStore" -Value 0 | |
| Pause | |
| } | |
| function Bing { | |
| $basePath = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" | |
| New-Item -Path $basePath -Force | Out-Null | |
| Set-ItemProperty -Path $basePath -Name "InstalledPackagedAppsRevision" -Value "{5477445D-59E5-4042-A222-670ECC68FE97}" | |
| Set-ItemProperty -Path $basePath -Name "InstalledWin32AppsRevision" -Value "{08037A0B-E73D-458A-97DF-E79522877D9B}" | |
| Set-ItemProperty -Path $basePath -Name "SearchGlyphType" -Value 2 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "TraySearchBoxVisible" -Value 0 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "TraySearchBoxVisibleOnAnyMonitor" -Value 0 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "SearchboxMonitorWidth" -Value 3440 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "SearchboxMonitorDPI" -Value 96 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "SearchboxWidthOld" -Value 288 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "SearchboxWidth" -Value 344 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "CortanaStateLastRun" -Value ([byte[]](0x76,0x82,0x30,0x66,0x00,0x00,0x00,0x00)) -Type Binary | |
| Set-ItemProperty -Path $basePath -Name "SnrBundleVersion" -Value "2023.09.21.39636813" | |
| Set-ItemProperty -Path $basePath -Name "IsAssignedAccess" -Value 0 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "OnboardSBEmode" -Value 1 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "NamespaceSettingsRevision" -Value "{A656A2E8-6400-4BB9-AE5F-7FFF6218ABAE}" | |
| Set-ItemProperty -Path $basePath -Name "SearchboxTaskbarMode" -Value 0 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "AnyAboveLockAppsActive" -Value 0 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "OnboardSearchboxOnTaskbar" -Value 2 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "SearchboxTaskbarModePrevious" -Value 2 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "LaunchSearchHome" -Value 1 -Type DWord | |
| Set-ItemProperty -Path $basePath -Name "SearchBoxDisabledReason" -Value "FromServer" | |
| Set-ItemProperty -Path $basePath -Name "BingSearchEnabled" -Value 0 -Type DWord | |
| $flightingPath = Join-Path $basePath "Flighting" | |
| New-Item -Path $flightingPath -Force | Out-Null | |
| Set-ItemProperty -Path $flightingPath -Name "RotateFlight" -Value 0 -Type DWord | |
| Set-ItemProperty -Path $flightingPath -Name "Current" -Value 0 -Type DWord | |
| # Create empty subkeys | |
| New-Item -Path "$flightingPath\0" -Force | Out-Null | |
| New-Item -Path "$flightingPath\1" -Force | Out-Null | |
| # Set additional Flighting values (a subset shown here) | |
| Set-ItemProperty -Path "$flightingPath\1" -Name "UILanguage" -Value "en-US" | |
| Set-ItemProperty -Path "$flightingPath\1\CloudMusic" -Name "Value" -Value 0 -Type DWord | |
| Set-ItemProperty -Path "$flightingPath\1\DesktopLocationTriggering" -Name "Value" -Value 0 -Type DWord | |
| # ... repeat for the rest as needed ... | |
| Write-Host "Registry values applied." | |
| } | |
| function Reboot { | |
| Restart-Computer -Confirm:$true | |
| } | |
| do | |
| { | |
| Show-Menu | |
| $selection = Read-Host "Please make a selection" | |
| switch ($selection) | |
| { | |
| '1' {Defender} | |
| '2' {Firewall} | |
| '3' {DeviceGuard} | |
| '4' {Browser} | |
| '5' {Network} | |
| '6' {Store} | |
| '7' {Bing} | |
| '8' {Reboot} | |
| } | |
| } | |
| until ($selection -eq 'q') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment