-
-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathRemove-BrowserHijack.ps1
121 lines (101 loc) · 5.18 KB
/
Remove-BrowserHijack.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#Requires -RunAsAdministrator
<#
.SYNOPSIS
Removes corporate browser hijacking (default home page, broken Restore Pages feature, etc)
.DESCRIPTION
Removes group policy registry keys that are created by IT in an attempt to waste
time by constantly directing users to a site they are not trying to visit.
.PARAMETER Install
Creates a schedueled task that will periodically remove the hijack.
.PARAMETER Uninstall
Removes the schedule task.
#>
[CmdletBinding(DefaultParameterSetName = 'Fix')]
param(
[Parameter(ParameterSetName = 'Install')]
[switch] $Install = $false,
[Parameter(ParameterSetName = 'Uninstall')]
[switch] $Uninstall = $false
)
Begin
{
$taskName = 'Remove-BrowserHijack'
function RegisterTask
{
$user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$pwsh = [System.Diagnostics.Process]::GetCurrentProcess().Path
$command = "& '${PSCommandPath}'"
$command = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command))
$action = New-ScheduledTaskAction -Execute $pwsh `
-Argument "-NonInteractive -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -EncodedCommand ${command}"
$dailyTrigger = New-ScheduledTaskTrigger -Daily -At '7:00'
$logonTrigger = New-ScheduledTaskTrigger -AtLogOn -User $user
Register-ScheduledTask $taskName -Action $action -Trigger $dailyTrigger, $logonTrigger -User $user -RunLevel Highest
}
function UnregisterTask
{
Unregister-ScheduledTask $taskName
}
function RemoveHijack
{
param($0, $p)
if (Test-Path $0)
{
$p | foreach {
if ((Get-ItemProperty $0).$_ -ne $null) {
Write-Host "removing $0 " -NoNewline -ForegroundColor DarkGray
Write-Host $_
Remove-ItemProperty $0 $_
}
}
}
}
function RemoveHijackKey
{
param($0)
if (Test-Path $0) {
Write-Host "removing $0"
Remove-Item -Force -Recurse $0
}
}
}
Process
{
if ($PSCmdlet.ParameterSetName -eq 'Install')
{
RegisterTask
return
}
if ($PSCmdlet.ParameterSetName -eq 'Uninstall')
{
UnregisterTask
return
}
# fix it now!
# Chrome
RemoveHijack 'HKCU:\SOFTWARE\Policies\Google\Chrome' @('HomePageLocation', 'RestoreOnStartup', 'ShowHomeButton')
RemoveHijack 'HKLM:\SOFTWARE\Policies\Google\Chrome' @('HomePageLocation', 'RestoreOnStartup', 'ShowHomeButton')
RemoveHijack 'HKCU:\SOFTWARE\Policies\Google\Chrome\Recommended' @('HomePageLocation', 'RestoreOnStartup', 'ShowHomeButton')
RemoveHijack 'HKLM:\SOFTWARE\Policies\Google\Chrome\Recommended' @('HomePageLocation', 'RestoreOnStartup', 'ShowHomeButton')
RemoveHijack 'HKCU:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs' @('HomepageLocation')
RemoveHijack 'HKCU:\SOFTWARE\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs' @('HomepageLocation')
RemoveHijackKey 'HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Chrome~Policy~googlechrome~Startup'
RemoveHijackKey 'HKLM:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs'
RemoveHijackKey 'HKLM:\SOFTWARE\WOW6432Node\Policies\Google\Chrome\RestoreOnStartupURLs'
RemoveHijackKey 'HKLM:\SOFTWARE\WOW6432Node\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs'
RemoveHijackKey 'HKLM:\SOFTWARE\Microsoft\PolicyManager\AdmxDefault\89FA9032-04AF-4BA8-BD43-936A846F7EFE\Chrome~Policy~googlechrome_recommended~Startup_recommended'
RemoveHijackKey 'HKLM:\SOFTWARE\Microsoft\PolicyManager\AdmxDefault\89FA9032-04AF-4BA8-BD43-936A846F7EFE\Chrome~Policy~googlechrome~Startup'
RemoveHijackKey 'HKLM:\SOFTWARE\Microsoft\PolicyManager\Providers\89FA9032-04AF-4BA8-BD43-936A846F7EFE\default\Device\Chrome~Policy~googlechrome~Startup'
# Edge
RemoveHijack 'HKCU:\SOFTWARE\Policies\Microsoft\Edge\Recommended' @('HomepageLocation', 'RestoreOnStartup', 'ShowHomeButton', 'InternetExplorerIntegrationSiteList')
RemoveHijack 'HKCU:\SOFTWARE\Policies\Microsoft\Edge\Internet Settings' @('ProvisionedHomePages')
RemoveHijack 'HKLM:\SOFTWARE\Policies\Microsoft\Edge' @('HomepageLocation', 'RestoreOnStartup', 'ShowHomeButton', 'InternetExplorerIntegrationSiteList')
RemoveHijackKey 'HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\microsoft_edge~Policy~microsoft_edge~Startup'
RemoveHijackKey 'HKLM:\SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs'
RemoveHijackKey 'HKLM:\SOFTWARE\WOW6432Node\Policies\Microsoft\Policies\Microsoft\Edge\RestoreOnStartupURLs'
RemoveHijackKey 'HKLM:\SOFTWARE\Microsoft\PolicyManager\AdmxDefault\89FA9032-04AF-4BA8-BD43-936A846F7EFE\microsoft_edge~Policy~microsoft_edge_recommended~Startup_recommended'
RemoveHijackKey 'HKLM:\SOFTWARE\Microsoft\PolicyManager\AdmxDefault\89FA9032-04AF-4BA8-BD43-936A846F7EFE\microsoft_edge~Policy~microsoft_edge~Startup'
RemoveHijackKey 'HKLM:\SOFTWARE\Microsoft\PolicyManager\Providers\89FA9032-04AF-4BA8-BD43-936A846F7EFE\default\Device\microsoft_edge~Policy~microsoft_edge~Startup'
# Firefox
RemoveHijackKey 'HKCU:\SOFTWARE\Policies\Mozilla\Firefox\Homepage'
}