Microsoft Account EVIL: Difference between revisions

Revision as of 18:56, 19 June 2026

...have that urge to track down the people at Microsoft that have messed up Windows 11, and made it infuriatingly impossible to get rid of sign ins? Curb your anger instead and just solve the problem with the below "Thor's Hammer";

$ErrorActionPreference = "SilentlyContinue"

$Procs = @(
	"OneDrive","msedge","Teams","ms-teams","outlook","olk","winword","excel","powerpnt",
	"onenote","msteams","Microsoft.SharePoint","OfficeClickToRun"
)

foreach ($P in $Procs) {
	taskkill /f /im "$P.exe" 2>$null
}

$Services = @(
	"TokenBroker",
	"wlidsvc",
	"OneSyncSvc",
	"UserDataSvc",
	"PimIndexMaintenanceSvc"
)

foreach ($S in $Services) {
	Get-Service "$S*" | Stop-Service -Force
}

# Leave Entra/Azure/Workplace join if somehow present
dsregcmd /leave 2>$null

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableConsumerAccountStateContent" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableCloudOptimizedContent" -Type DWord -Value 1

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSync" -Type DWord -Value 2
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSyncUserOverride" -Type DWord -Value 1

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "NoConnectedUser" -Type DWord -Value 3

$OneDriveUninstallers = @(
	"$env:SystemRoot\System32\OneDriveSetup.exe",
	"$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
)

foreach ($U in $OneDriveUninstallers) {
	if (Test-Path $U) {
		Start-Process $U -ArgumentList "/uninstall" -Wait
	}
}

# Current-user Credential Manager Microsoft cloud creds
$Targets = cmdkey /list | ForEach-Object {
	if ($_ -match '^\s*Target:\s*(.+)$') {
		$Matches[1]
	}
} | Where-Object {
	$_ -match '(?i)Microsoft|WindowsLive|OneDrive|Office|AAD|AzureAD|SSO|TokenBroker|Xbl|Xbox|Teams'
}

foreach ($T in $Targets) {
	cmdkey.exe "/delete:$T"
}

$Profiles = Get-ChildItem "C:\Users" -Directory | Where-Object {
	$_.Name -notin @("Public","Default","Default User","All Users")
}

foreach ($Profile in $Profiles) {
	$Base = $Profile.FullName

	$Paths = @(
		"$Base\AppData\Local\Microsoft\OneAuth",
		"$Base\AppData\Local\Microsoft\Identity",
		"$Base\AppData\Local\Microsoft\IdentityCache",
		"$Base\AppData\Local\Microsoft\TokenBroker",
		"$Base\AppData\Local\Microsoft\Windows\WebCache",
		"$Base\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy",
		"$Base\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy",
		"$Base\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy",
		"$Base\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\CloudStore",
		"$Base\AppData\Local\Microsoft\OneDrive",
		"$Base\AppData\Roaming\Microsoft\Windows\AccountPictures"
	)

	foreach ($Path in $Paths) {
		if (Test-Path -LiteralPath $Path) {
			Remove-Item -LiteralPath $Path -Recurse -Force
		}
	}
}

$HiveRoots = Get-ChildItem Registry::HKEY_USERS | Where-Object {
	$_.Name -match 'S-1-5-21|\.DEFAULT'
}

foreach ($Hive in $HiveRoots) {
	$Root = "Registry::$($Hive.Name)"

	$RegPaths = @(
		"$Root\Software\Microsoft\IdentityCRL",
		"$Root\Software\Microsoft\Office\16.0\Common\Identity",
		"$Root\Software\Microsoft\OneDrive",
		"$Root\Software\Microsoft\Windows\CurrentVersion\SettingSync",
		"$Root\Software\Microsoft\Windows\CurrentVersion\CloudStore"
	)

	foreach ($RegPath in $RegPaths) {
		if (Test-Path -LiteralPath $RegPath) {
			Remove-Item -LiteralPath $RegPath -Recurse -Force
		}
	}
}

foreach ($Profile in $Profiles) {
	$NtUser = "$($Profile.FullName)\NTUSER.DAT"
	$TempHive = "HKU\TEMP_MS_CLOUD_NUKE_$($Profile.Name -replace '[^A-Za-z0-9_]','_')"

	if (Test-Path -LiteralPath $NtUser) {
		reg load $TempHive $NtUser 2>$null | Out-Null

		$Root = "Registry::$TempHive"
		$RegPaths = @(
			"$Root\Software\Microsoft\IdentityCRL",
			"$Root\Software\Microsoft\Office\16.0\Common\Identity",
			"$Root\Software\Microsoft\OneDrive",
			"$Root\Software\Microsoft\Windows\CurrentVersion\SettingSync",
			"$Root\Software\Microsoft\Windows\CurrentVersion\CloudStore"
		)

		foreach ($RegPath in $RegPaths) {
			if (Test-Path -LiteralPath $RegPath) {
				Remove-Item -LiteralPath $RegPath -Recurse -Force
			}
		}

		[gc]::Collect()
		Start-Sleep -Milliseconds 500
		reg unload $TempHive 2>$null | Out-Null
	}
}

$Packages = @(
	"Microsoft.OneDriveSync",
	"Microsoft.MicrosoftOfficeHub",
	"MicrosoftTeams",
	"MSTeams",
	"Microsoft.XboxApp",
	"Microsoft.GamingApp",
	"Microsoft.XboxGamingOverlay",
	"Microsoft.XboxIdentityProvider",
	"Microsoft.GetHelp",
	"Microsoft.Getstarted"
)

foreach ($Pkg in $Packages) {
	Get-AppxPackage -AllUsers -Name $Pkg | Remove-AppxPackage -AllUsers
	Get-AppxProvisionedPackage -Online | Where-Object DisplayName -eq $Pkg | Remove-AppxProvisionedPackage -Online
}

shutdown /r /t 0

The above will whack all Microsoft EVIL, err spying, err, accounts on your PC. You might also want to go ahead and access your Microsoft account and whack any devices from there too.

Microsoft Account EVIL: Difference between revisions

Revision as of 18:56, 19 June 2026

Navigation menu

Search