Microsoft Account EVIL: Difference between revisions

wiki.TerraBase.info
Jump to navigation Jump to search
VisualWikitext
Created page with "...have that urge to track down the people at Microsoft that have messed up Windows 11, and made it infuriatingly impossible to get rid of sign ins? Curb your anger instead and just solve the problem with the below "Thor's Hammer";<syntaxhighlight lang="text"> # THOR HAMMER: remove Microsoft cloud-account identity caches from all local profiles. # Run as Administrator. Reboot happens at the end. $ErrorActionPreference = "SilentlyContinue" # Kill Microsoft identity/clo..."
 
mNo edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
...have that urge to track down the people at Microsoft that have messed up Windows 11, and made it infuriatingly impossible to get rid of sign ins?  Curb your anger instead and just solve the problem with the below "Thor's Hammer";<syntaxhighlight lang="text">
...have that urge to track down the people at Microsoft that have messed up Windows 11, and made it infuriatingly impossible to get rid of sign ins?  Curb your anger instead and just solve the problem with the below "Thor's Hammer";<syntaxhighlight lang="text">
# THOR HAMMER: remove Microsoft cloud-account identity caches from all local profiles.
 
# Run as Administrator. Reboot happens at the end.


$ErrorActionPreference = "SilentlyContinue"
$ErrorActionPreference = "SilentlyContinue"


# Kill Microsoft identity/cloud consumers
$Procs = @(
$Procs = @(
"OneDrive","msedge","Teams","ms-teams","outlook","olk","winword","excel","powerpnt",
"OneDrive","msedge","Teams","ms-teams","outlook","olk","winword","excel","powerpnt",
Line 15: Line 13:
}
}


# Stop identity/token services where Windows allows it
$Services = @(
$Services = @(
"TokenBroker",
"TokenBroker",
Line 31: Line 28:
dsregcmd /leave 2>$null
dsregcmd /leave 2>$null


# Disable Microsoft consumer/cloud nagging as much as policy allows
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1
Line 44: Line 40:
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "NoConnectedUser" -Type DWord -Value 3
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "NoConnectedUser" -Type DWord -Value 3


# Remove OneDrive machine/user installs
$OneDriveUninstallers = @(
$OneDriveUninstallers = @(
"$env:SystemRoot\System32\OneDriveSetup.exe",
"$env:SystemRoot\System32\OneDriveSetup.exe",
Line 69: Line 64:
}
}


# All profile filesystem cloud-token/cache locations
$Profiles = Get-ChildItem "C:\Users" -Directory | Where-Object {
$Profiles = Get-ChildItem "C:\Users" -Directory | Where-Object {
$_.Name -notin @("Public","Default","Default User","All Users")
$_.Name -notin @("Public","Default","Default User","All Users")
Line 98: Line 92:
}
}


# Loaded user hives: remove Microsoft identity registry stores
$HiveRoots = Get-ChildItem Registry::HKEY_USERS | Where-Object {
$HiveRoots = Get-ChildItem Registry::HKEY_USERS | Where-Object {
$_.Name -match 'S-1-5-21|\.DEFAULT'
$_.Name -match 'S-1-5-21|\.DEFAULT'
Line 121: Line 114:
}
}


# Offline user hives: load NTUSER.DAT, purge identity stores, unload
foreach ($Profile in $Profiles) {
foreach ($Profile in $Profiles) {
$NtUser = "$($Profile.FullName)\NTUSER.DAT"
$NtUser = "$($Profile.FullName)\NTUSER.DAT"
Line 150: Line 142:
}
}


# Remove Microsoft cloud/account app packages for all users where removable
$Packages = @(
$Packages = @(
"Microsoft.OneDriveSync",
"Microsoft.OneDriveSync",
Line 170: Line 161:


shutdown /r /t 0
shutdown /r /t 0
</syntaxhighlight>The above will whack all Microsoft EVIL, err spying, err, accounts on your PC.  You might also want to go ahead and access your Microsoft account and whack any devices from there too.
</syntaxhighlight>The above will whack all Microsoft EVIL, err spying, err, accounts on your PC.  You might also want to go ahead and access your Microsoft account and whack any devices from there too. Why?  Because even eliminating all possible Microsoft account connections on your computer isn't enough.  Windows acts like ET, and phones home to the Microsoft Store, etc.
 
Bonus: Eliminate Account Nags in Settings;<syntaxhighlight lang="text">
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /f
 
reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications" /v DisableAccountNotifications /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_AccountNotifications /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" /v ScoobeSystemSettingEnabled /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v NoConnectedUser /t REG_DWORD /d 3 /f
 
taskkill /f /im SystemSettings.exe
</syntaxhighlight>

Latest revision as of 19:07, 19 June 2026

...have that urge to track down the people at Microsoft that have messed up Windows 11, and made it infuriatingly impossible to get rid of sign ins? Curb your anger instead and just solve the problem with the below "Thor's Hammer";

$ErrorActionPreference = "SilentlyContinue"

$Procs = @(
	"OneDrive","msedge","Teams","ms-teams","outlook","olk","winword","excel","powerpnt",
	"onenote","msteams","Microsoft.SharePoint","OfficeClickToRun"
)

foreach ($P in $Procs) {
	taskkill /f /im "$P.exe" 2>$null
}

$Services = @(
	"TokenBroker",
	"wlidsvc",
	"OneSyncSvc",
	"UserDataSvc",
	"PimIndexMaintenanceSvc"
)

foreach ($S in $Services) {
	Get-Service "$S*" | Stop-Service -Force
}

# Leave Entra/Azure/Workplace join if somehow present
dsregcmd /leave 2>$null

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableConsumerAccountStateContent" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableCloudOptimizedContent" -Type DWord -Value 1

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSync" -Type DWord -Value 2
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSyncUserOverride" -Type DWord -Value 1

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "NoConnectedUser" -Type DWord -Value 3

$OneDriveUninstallers = @(
	"$env:SystemRoot\System32\OneDriveSetup.exe",
	"$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
)

foreach ($U in $OneDriveUninstallers) {
	if (Test-Path $U) {
		Start-Process $U -ArgumentList "/uninstall" -Wait
	}
}

# Current-user Credential Manager Microsoft cloud creds
$Targets = cmdkey /list | ForEach-Object {
	if ($_ -match '^\s*Target:\s*(.+)$') {
		$Matches[1]
	}
} | Where-Object {
	$_ -match '(?i)Microsoft|WindowsLive|OneDrive|Office|AAD|AzureAD|SSO|TokenBroker|Xbl|Xbox|Teams'
}

foreach ($T in $Targets) {
	cmdkey.exe "/delete:$T"
}

$Profiles = Get-ChildItem "C:\Users" -Directory | Where-Object {
	$_.Name -notin @("Public","Default","Default User","All Users")
}

foreach ($Profile in $Profiles) {
	$Base = $Profile.FullName

	$Paths = @(
		"$Base\AppData\Local\Microsoft\OneAuth",
		"$Base\AppData\Local\Microsoft\Identity",
		"$Base\AppData\Local\Microsoft\IdentityCache",
		"$Base\AppData\Local\Microsoft\TokenBroker",
		"$Base\AppData\Local\Microsoft\Windows\WebCache",
		"$Base\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy",
		"$Base\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy",
		"$Base\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy",
		"$Base\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\CloudStore",
		"$Base\AppData\Local\Microsoft\OneDrive",
		"$Base\AppData\Roaming\Microsoft\Windows\AccountPictures"
	)

	foreach ($Path in $Paths) {
		if (Test-Path -LiteralPath $Path) {
			Remove-Item -LiteralPath $Path -Recurse -Force
		}
	}
}

$HiveRoots = Get-ChildItem Registry::HKEY_USERS | Where-Object {
	$_.Name -match 'S-1-5-21|\.DEFAULT'
}

foreach ($Hive in $HiveRoots) {
	$Root = "Registry::$($Hive.Name)"

	$RegPaths = @(
		"$Root\Software\Microsoft\IdentityCRL",
		"$Root\Software\Microsoft\Office\16.0\Common\Identity",
		"$Root\Software\Microsoft\OneDrive",
		"$Root\Software\Microsoft\Windows\CurrentVersion\SettingSync",
		"$Root\Software\Microsoft\Windows\CurrentVersion\CloudStore"
	)

	foreach ($RegPath in $RegPaths) {
		if (Test-Path -LiteralPath $RegPath) {
			Remove-Item -LiteralPath $RegPath -Recurse -Force
		}
	}
}

foreach ($Profile in $Profiles) {
	$NtUser = "$($Profile.FullName)\NTUSER.DAT"
	$TempHive = "HKU\TEMP_MS_CLOUD_NUKE_$($Profile.Name -replace '[^A-Za-z0-9_]','_')"

	if (Test-Path -LiteralPath $NtUser) {
		reg load $TempHive $NtUser 2>$null | Out-Null

		$Root = "Registry::$TempHive"
		$RegPaths = @(
			"$Root\Software\Microsoft\IdentityCRL",
			"$Root\Software\Microsoft\Office\16.0\Common\Identity",
			"$Root\Software\Microsoft\OneDrive",
			"$Root\Software\Microsoft\Windows\CurrentVersion\SettingSync",
			"$Root\Software\Microsoft\Windows\CurrentVersion\CloudStore"
		)

		foreach ($RegPath in $RegPaths) {
			if (Test-Path -LiteralPath $RegPath) {
				Remove-Item -LiteralPath $RegPath -Recurse -Force
			}
		}

		[gc]::Collect()
		Start-Sleep -Milliseconds 500
		reg unload $TempHive 2>$null | Out-Null
	}
}

$Packages = @(
	"Microsoft.OneDriveSync",
	"Microsoft.MicrosoftOfficeHub",
	"MicrosoftTeams",
	"MSTeams",
	"Microsoft.XboxApp",
	"Microsoft.GamingApp",
	"Microsoft.XboxGamingOverlay",
	"Microsoft.XboxIdentityProvider",
	"Microsoft.GetHelp",
	"Microsoft.Getstarted"
)

foreach ($Pkg in $Packages) {
	Get-AppxPackage -AllUsers -Name $Pkg | Remove-AppxPackage -AllUsers
	Get-AppxProvisionedPackage -Online | Where-Object DisplayName -eq $Pkg | Remove-AppxProvisionedPackage -Online
}

shutdown /r /t 0

The above will whack all Microsoft EVIL, err spying, err, accounts on your PC. You might also want to go ahead and access your Microsoft account and whack any devices from there too. Why? Because even eliminating all possible Microsoft account connections on your computer isn't enough. Windows acts like ET, and phones home to the Microsoft Store, etc. Bonus: Eliminate Account Nags in Settings;

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /f

reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications" /v DisableAccountNotifications /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_AccountNotifications /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" /v ScoobeSystemSettingEnabled /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v NoConnectedUser /t REG_DWORD /d 3 /f

taskkill /f /im SystemSettings.exe
Retrieved from "https://wiki.terrabase.info/index.php?title=Microsoft_Account_EVIL&oldid=2256"