if ($PSVersionTable.PSEdition -ne 'Desktop' -and $env:OS -ne 'Windows_NT') {
    Write-Warning "Please run it on Windows. "
    return 1
}

# Define the embedded REG content
$regContent = @"
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"CmdLine"=""
"OOBEInProgress"=dword:00000000
"RestartSetup"=dword:00000000
"SetupPhase"=dword:00000000
"SetupType"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status]
"AuditBoot"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\ChildCompletion]
"setup.exe"=dword:00000003
"oobeldr.exe"=dword:00000000
"audit.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus]
"GeneralizationState"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\UnattendPasses]
"oobeSystem"=dword:00000002
"auditSystem"=dword:00000000
"auditUser"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\AuditBootVolatile]

"@

# Define path for temporary REG file
$tempRegPath = "$env:TEMP\AuditBreak.reg"

# Write REG content to file
$regContent | Out-File -FilePath $tempRegPath -Encoding ASCII

# Check Audit Mode
$auditKey = "HKLM:\SYSTEM\Setup\Status"
$auditValue = "AuditBoot"
$auditStatus = Get-ItemProperty -Path $auditKey -Name $auditValue -ErrorAction SilentlyContinue

if ($auditStatus.$auditValue -eq 1) {
    Write-Host "Audit Mode enabled. Disabling it"

    # Import the embedded REG file
    reg import $tempRegPath
    Write-Host "Audit Mode is now disabled."

    Start "ms-cxh:localonly"
    Write-Host "Please restart PC when you finish account creation."
} else {
    Write-Host "Audit Mode is not active."
}

# Optional: Clean up
Remove-Item $tempRegPath -Force
Write-Host "Press any key to exit."
$null = [System.Console]::ReadKey($true)