fix(powershell): change to Bypass EP for playbook

Atlas-OS · Nov 24, 2023 · e758add · e758add
1 parent 8e2627d
commit e758add
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 7 deletions.
diff --git a/src/playbook/Executables/AtlasDesktop/1. Software/Remove Edge.ps1 b/src/playbook/Executables/AtlasDesktop/1. Software/Remove Edge.ps1
@@ -242,7 +242,7 @@ Please relaunch this script under a regular admin account.`n" -ForegroundColor Y
 	exit 1
 } else {
 	if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)) {
-		Start-Process cmd "/c PowerShell -NoP -EP Unrestricted -File `"$PSCommandPath`"" -Verb RunAs; exit
+		Start-Process cmd "/c PowerShell -NoP -EP Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit
 	}
 }
 

diff --git a/src/playbook/Executables/AtlasDesktop/7. Security/Defender/Toggle Defender.cmd b/src/playbook/Executables/AtlasDesktop/7. Security/Defender/Toggle Defender.cmd
@@ -93,7 +93,7 @@ function Menu {
 			}
 
 			$arguments = '/c title Finalizing installation - Atlas & echo Do not close this window. & schtasks /delete /tn "AtlasDefenderConfigurationPrompt" /f > nul & ' `
-				+ 'PowerShell -NoP -EP Unrestricted -WindowStyle Hidden -C "& $(Join-Path $env:windir ''\AtlasDesktop\5. Security\Defender\Toggle Defender.cmd'') -NextStartup '
+				+ 'PowerShell -NoP -EP Bypass -WindowStyle Hidden -C "& $(Join-Path $env:windir ''\AtlasDesktop\5. Security\Defender\Toggle Defender.cmd'') -NextStartup '
 			$action = New-ScheduledTaskAction -Execute 'cmd' -Argument $arguments
 			Register-ScheduledTask -TaskName 'AtlasDefenderConfigurationPrompt' -Action $action @taskArgs | Out-Null
 

diff --git a/src/playbook/Executables/AtlasModules/PackagesEnvironment/centralScript.ps1 b/src/playbook/Executables/AtlasModules/PackagesEnvironment/centralScript.ps1
@@ -26,7 +26,7 @@ function SafeMode {
 
     if ($Enable) {
         $bcdeditArgs = '/set {current} safeboot minimal'
-        $shellValue = "PowerShell -NoP -EP Unrestricted -File `"$envPath\centralScript.ps1`" $arguments"
+        $shellValue = "PowerShell -NoP -EP Bypass -File `"$envPath\centralScript.ps1`" $arguments"
     } else {
         $bcdeditArgs = '/deletevalue {current} safeboot'
         $shellValue = 'explorer.exe'
@@ -173,7 +173,7 @@ if ($failedPackages.Count -ne 0) {
             'Force'       = $true
         }
         $arguments = "/c title Finalizing installation - Atlas & echo Do not close this window. & echo Atlas is setting up component removal in Windows Recovery... & echo Your computer will automatically restart. & echo] & schtasks /delete /tn `"$safeModeStartupTitle`" /f > nul & " `
-        + "PowerShell -NoP -EP Unrestricted -C `"& '$envPath\centralScript.ps1' -WinRE`" & pause"
+        + "PowerShell -NoP -EP Bypass -C `"& '$envPath\centralScript.ps1' -WinRE`" & pause"
         $action = New-ScheduledTaskAction -Execute 'cmd' -Argument $arguments
         Register-ScheduledTask -TaskName $safeModeStartupTitle -Action $action @taskArgs | Out-Null
     }

diff --git a/src/playbook/Executables/AtlasModules/PackagesEnvironment/winrePackages.ps1 b/src/playbook/Executables/AtlasModules/PackagesEnvironment/winrePackages.ps1
@@ -130,7 +130,7 @@ $atlasTeamOnGit
 
 function StartupTask {
     $arguments = '/c title Finalizing installation - Atlas & echo Do not close this window. & schtasks /delete /tn "RecoveryFailureCheck" /f > nul & ' `
-        + 'PowerShell -NoP -EP Unrestricted -WindowStyle Hidden -C "& $(Join-Path $env:windir ''\AtlasModules\PackagesEnvironment\winrePackages.ps1'') -NextStartup"'
+        + 'PowerShell -NoP -EP Bypass -WindowStyle Hidden -C "& $(Join-Path $env:windir ''\AtlasModules\PackagesEnvironment\winrePackages.ps1'') -NextStartup"'
     $action = New-ScheduledTaskAction -Execute 'cmd' -Argument $arguments
     Register-ScheduledTask -TaskName $failCheck -Action $action @taskArgs | Out-Null
 }
@@ -257,7 +257,7 @@ $atlasTeamOnGit
             Write-Info -Text 'Writing BitLocker key to WinRE partition...'
             [IO.File]::WriteAllLines($bitlockerRecoveryKeyTxt, $bitlockerRecoveryKey)
             $action = New-ScheduledTaskAction -Execute 'cmd' `
-                    -Argument '/c schtasks /delete /tn "AtlasBitlockerRemovalTask" /f > nul & PowerShell -NoP -EP Unrestricted -WindowStyle Hidden & $(Join-Path $env:windir ''\AtlasModules\PackagesEnvironment\winrePackages.ps1'') -DeleteBitLockerPassword'
+                    -Argument '/c schtasks /delete /tn "AtlasBitlockerRemovalTask" /f > nul & PowerShell -NoP -EP Bypass -WindowStyle Hidden & $(Join-Path $env:windir ''\AtlasModules\PackagesEnvironment\winrePackages.ps1'') -DeleteBitLockerPassword'
             Register-ScheduledTask -TaskName $bitlockerTaskName -Action $action @taskArgs | Out-Null
         } else {
             if (!$?) {

diff --git a/src/playbook/Executables/FINALIZE.cmd b/src/playbook/Executables/FINALIZE.cmd
@@ -148,7 +148,7 @@ for %%a in (
 
 :: Set RunOnce login script
 :: This is the script that will be ran on login for new users
-reg add "HKU\AME_UserHive_Default\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "RunScript" /t REG_SZ /d "powershell -EP Unrestricted -NoP & \"$env:windir\AtlasModules\Scripts\newUsers.ps1\"" /f
+reg add "HKU\AME_UserHive_Default\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "RunScript" /t REG_SZ /d "powershell -EP Bypass -NoP & \"$env:windir\AtlasModules\Scripts\newUsers.ps1\"" /f
 
 :: Remove Fax Recipient from the 'Send to' context menu as Fax feature is removed
 del /f /q "%APPDATA%\Microsoft\Windows\SendTo\Fax Recipient.lnk" > nul 2>&1