Scribd
Upload
33 views2 pages

Delete Uc Keys

The script creates a temporary copy of reg.exe to bypass restrictions and retrieves the currently logged-on shell user's information. It resolves the user's Security Identifier (SID) and defines a function to remove inaccessible registry keys related to UserChoice. Finally, it cleans up by deleting the temporary reg.exe and restarting the explorer process.

Uploaded by

donaldlee.lkh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
33 views2 pages

Delete Uc Keys

The script creates a temporary copy of reg.exe to bypass restrictions and retrieves the currently logged-on shell user's information. It resolves the user's Security Identifier (SID) and defines a function to remove inaccessible registry keys related to UserChoice. Finally, it cleans up by deleting the temporary reg.exe and restarting the explorer process.

Uploaded by

donaldlee.lkh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

# Define the path for the temporary copy of reg.exe (to bypass ucpd.

sys
restrictions)
$tempReg = "$env:TEMP\upwreg.exe"
$regPath = "$env:windir\System32\reg.exe"
Copy-Item -Path $regPath -Destination $tempReg -Force

# Attempt to determine the currently logged-on shell user by querying the explorer
process
try {
$explorer = Get-Process explorer -ErrorAction Stop | Select-Object -First 1
$explorerWMI = Get-WmiObject Win32_Process -Filter "ProcessId = $
($explorer.Id)"
$ownerInfo = $explorerWMI.GetOwner()
$shellUser = "$($ownerInfo.Domain)\$($ownerInfo.User)"
} catch {
Write-Error "Failed to get shell user."
exit 1
}

# Resolve SID using .NET APIs (works for local, domain, AzureAD)
try {
$ntAccount = New-Object System.Security.Principal.NTAccount($shellUser)
$sid = $ntAccount.Translate([System.Security.Principal.SecurityIdentifier])
$userSID = $sid.Value
if (-not $userSID) { throw "SID not found" }
} catch {
Write-Error "Failed to resolve SID for $shellUser"
exit 1
}

# Function to remove inaccessible UserChoice or UserChoiceLatest keys


function Remove-InaccessibleKeys {
param (
[string]$basePath,
[string[]]$keyNames
)

try {
$subKeys = Get-ChildItem -Path "Registry::$basePath" -ErrorAction Stop |
Select-Object -ExpandProperty PSChildName
foreach ($sub in $subKeys) {
foreach ($keyName in $keyNames) {
$targetKey = "$basePath\$sub\$keyName"
$regKey = "Registry::$targetKey"

if (-not (Test-Path $regKey)) {


Write-Host "No key: $targetKey - skipping"
continue
}

$writeTestFailed = $false
try {
Set-ItemProperty -Path $regKey -Name "TestWriteAccess" -Value
"test" -ErrorAction Stop
Remove-ItemProperty -Path $regKey -Name "TestWriteAccess" -
ErrorAction SilentlyContinue
Write-Host "Writable: $targetKey - skipping"
} catch {
$writeTestFailed = $true
Write-Warning "Inaccessible (write failed): $targetKey -
deleting"
}

if ($writeTestFailed) {
$exitCode = cmd.exe /c "`"$tempReg`" delete `"$targetKey`" /f"
if ($LASTEXITCODE -eq 0) {
Write-Host "Deleted: $targetKey"
} else {
Write-Warning "Delete command failed (exit $LASTEXITCODE)
for $targetKey"
}
}
}
}
} catch {
Write-Warning "Could not process `${basePath}`: $($_.Exception.Message)"
}
}

# Define registry paths to scan


$fileExts = "HKEY_USERS\$userSID\Software\Microsoft\Windows\CurrentVersion\
Explorer\FileExts"
$urlAssoc = "HKEY_USERS\$userSID\Software\Microsoft\Windows\Shell\Associations\
UrlAssociations"

# Remove both UserChoice and UserChoiceLatest keys


Remove-InaccessibleKeys -basePath $fileExts -keyNames @("UserChoice",
"UserChoiceLatest")
Remove-InaccessibleKeys -basePath $urlAssoc -keyNames @("UserChoice",
"UserChoiceLatest")

# Cleanup reg.exe and restart explorer


Remove-Item -Path $tempReg -Force -ErrorAction SilentlyContinue
Stop-Process -Name explorer -Force
Start-Process explorer.exe

Write-Host "`nDone."

You might also like