From 5c9fe664112bfcb27f592b27ff1a4269027fab65 Mon Sep 17 00:00:00 2001 From: Calyx Hikari Date: Sun, 2 Nov 2025 00:14:14 +0800 Subject: [PATCH] Delete auditbreak --- auditbreak | 64 ------------------------------------------------------ 1 file changed, 64 deletions(-) delete mode 100644 auditbreak diff --git a/auditbreak b/auditbreak deleted file mode 100644 index 1f5a3c7..0000000 --- a/auditbreak +++ /dev/null @@ -1,64 +0,0 @@ -if ($PSVersionTable.PSEdition -ne 'Desktop' -and $env:OS -ne 'Windows_NT') { - Write-Warning "Please run it on Windows. " - return 1 -} - -# Define the embedded REG content -$regContent = @" -Windows Registry Editor Version 5.00 - -[HKEY_LOCAL_MACHINE\SYSTEM\Setup] -"CmdLine"="" -"OOBEInProgress"=dword:00000000 -"RestartSetup"=dword:00000000 -"SetupPhase"=dword:00000000 -"SetupType"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status] -"AuditBoot"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\ChildCompletion] -"setup.exe"=dword:00000003 -"oobeldr.exe"=dword:00000000 -"audit.exe"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus] -"GeneralizationState"=dword:00000007 - -[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\UnattendPasses] -"oobeSystem"=dword:00000002 -"auditSystem"=dword:00000000 -"auditUser"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\AuditBootVolatile] - -"@ - -# Define path for temporary REG file -$tempRegPath = "$env:TEMP\AuditBreak.reg" - -# Write REG content to file -$regContent | Out-File -FilePath $tempRegPath -Encoding ASCII - -# Check Audit Mode -$auditKey = "HKLM:\SYSTEM\Setup\Status" -$auditValue = "AuditBoot" -$auditStatus = Get-ItemProperty -Path $auditKey -Name $auditValue -ErrorAction SilentlyContinue - -if ($auditStatus.$auditValue -eq 1) { - Write-Host "Audit Mode enabled. Disabling it" - - # Import the embedded REG file - reg import $tempRegPath - Write-Host "Audit Mode is now disabled." - - Start "ms-cxh:localonly" - Write-Host "Please restart PC when you finish account creation." -} else { - Write-Host "Audit Mode is not active." -} - -# Optional: Clean up -Remove-Item $tempRegPath -Force -Write-Host "Press any key to exit." -$null = [System.Console]::ReadKey($true)