Microsoft Account EVIL
...have that urge to track down the people at Microsoft that have messed up Windows 11, and made it infuriatingly impossible to get rid of sign ins? Curb your anger instead and just solve the problem with the below "Thor's Hammer";
# THOR HAMMER: remove Microsoft cloud-account identity caches from all local profiles.
# Run as Administrator. Reboot happens at the end.
$ErrorActionPreference = "SilentlyContinue"
# Kill Microsoft identity/cloud consumers
$Procs = @(
"OneDrive","msedge","Teams","ms-teams","outlook","olk","winword","excel","powerpnt",
"onenote","msteams","Microsoft.SharePoint","OfficeClickToRun"
)
foreach ($P in $Procs) {
taskkill /f /im "$P.exe" 2>$null
}
# Stop identity/token services where Windows allows it
$Services = @(
"TokenBroker",
"wlidsvc",
"OneSyncSvc",
"UserDataSvc",
"PimIndexMaintenanceSvc"
)
foreach ($S in $Services) {
Get-Service "$S*" | Stop-Service -Force
}
# Leave Entra/Azure/Workplace join if somehow present
dsregcmd /leave 2>$null
# Disable Microsoft consumer/cloud nagging as much as policy allows
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableConsumerAccountStateContent" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableCloudOptimizedContent" -Type DWord -Value 1
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSync" -Type DWord -Value 2
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSyncUserOverride" -Type DWord -Value 1
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "NoConnectedUser" -Type DWord -Value 3
# Remove OneDrive machine/user installs
$OneDriveUninstallers = @(
"$env:SystemRoot\System32\OneDriveSetup.exe",
"$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
)
foreach ($U in $OneDriveUninstallers) {
if (Test-Path $U) {
Start-Process $U -ArgumentList "/uninstall" -Wait
}
}
# Current-user Credential Manager Microsoft cloud creds
$Targets = cmdkey /list | ForEach-Object {
if ($_ -match '^\s*Target:\s*(.+)$') {
$Matches[1]
}
} | Where-Object {
$_ -match '(?i)Microsoft|WindowsLive|OneDrive|Office|AAD|AzureAD|SSO|TokenBroker|Xbl|Xbox|Teams'
}
foreach ($T in $Targets) {
cmdkey.exe "/delete:$T"
}
# All profile filesystem cloud-token/cache locations
$Profiles = Get-ChildItem "C:\Users" -Directory | Where-Object {
$_.Name -notin @("Public","Default","Default User","All Users")
}
foreach ($Profile in $Profiles) {
$Base = $Profile.FullName
$Paths = @(
"$Base\AppData\Local\Microsoft\OneAuth",
"$Base\AppData\Local\Microsoft\Identity",
"$Base\AppData\Local\Microsoft\IdentityCache",
"$Base\AppData\Local\Microsoft\TokenBroker",
"$Base\AppData\Local\Microsoft\Windows\WebCache",
"$Base\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy",
"$Base\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy",
"$Base\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy",
"$Base\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\CloudStore",
"$Base\AppData\Local\Microsoft\OneDrive",
"$Base\AppData\Roaming\Microsoft\Windows\AccountPictures"
)
foreach ($Path in $Paths) {
if (Test-Path -LiteralPath $Path) {
Remove-Item -LiteralPath $Path -Recurse -Force
}
}
}
# Loaded user hives: remove Microsoft identity registry stores
$HiveRoots = Get-ChildItem Registry::HKEY_USERS | Where-Object {
$_.Name -match 'S-1-5-21|\.DEFAULT'
}
foreach ($Hive in $HiveRoots) {
$Root = "Registry::$($Hive.Name)"
$RegPaths = @(
"$Root\Software\Microsoft\IdentityCRL",
"$Root\Software\Microsoft\Office\16.0\Common\Identity",
"$Root\Software\Microsoft\OneDrive",
"$Root\Software\Microsoft\Windows\CurrentVersion\SettingSync",
"$Root\Software\Microsoft\Windows\CurrentVersion\CloudStore"
)
foreach ($RegPath in $RegPaths) {
if (Test-Path -LiteralPath $RegPath) {
Remove-Item -LiteralPath $RegPath -Recurse -Force
}
}
}
# Offline user hives: load NTUSER.DAT, purge identity stores, unload
foreach ($Profile in $Profiles) {
$NtUser = "$($Profile.FullName)\NTUSER.DAT"
$TempHive = "HKU\TEMP_MS_CLOUD_NUKE_$($Profile.Name -replace '[^A-Za-z0-9_]','_')"
if (Test-Path -LiteralPath $NtUser) {
reg load $TempHive $NtUser 2>$null | Out-Null
$Root = "Registry::$TempHive"
$RegPaths = @(
"$Root\Software\Microsoft\IdentityCRL",
"$Root\Software\Microsoft\Office\16.0\Common\Identity",
"$Root\Software\Microsoft\OneDrive",
"$Root\Software\Microsoft\Windows\CurrentVersion\SettingSync",
"$Root\Software\Microsoft\Windows\CurrentVersion\CloudStore"
)
foreach ($RegPath in $RegPaths) {
if (Test-Path -LiteralPath $RegPath) {
Remove-Item -LiteralPath $RegPath -Recurse -Force
}
}
[gc]::Collect()
Start-Sleep -Milliseconds 500
reg unload $TempHive 2>$null | Out-Null
}
}
# Remove Microsoft cloud/account app packages for all users where removable
$Packages = @(
"Microsoft.OneDriveSync",
"Microsoft.MicrosoftOfficeHub",
"MicrosoftTeams",
"MSTeams",
"Microsoft.XboxApp",
"Microsoft.GamingApp",
"Microsoft.XboxGamingOverlay",
"Microsoft.XboxIdentityProvider",
"Microsoft.GetHelp",
"Microsoft.Getstarted"
)
foreach ($Pkg in $Packages) {
Get-AppxPackage -AllUsers -Name $Pkg | Remove-AppxPackage -AllUsers
Get-AppxProvisionedPackage -Online | Where-Object DisplayName -eq $Pkg | Remove-AppxProvisionedPackage -Online
}
shutdown /r /t 0The above will whack all Microsoft EVIL, err spying, err, accounts on your PC. You might also want to go ahead and access your Microsoft account and whack any devices from there too.