Created
March 29, 2024 07:20
-
-
Save DavidArsene/2e27dd3cf33dc357d1092392f5ef41d0 to your computer and use it in GitHub Desktop.
Disable VBS UEFI Lock. Disable in Group Policy first (System\Device Guard\Turn On VBS). Reboot after running and follow the prompts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Security.Principal | |
| if (-Not ([WindowsPrincipal] [WindowsIdentity]::GetCurrent()).IsInRole([WindowsBuiltInRole]::Administrator)) { | |
| Start-Process PowerShell -Verb RunAs -ArgumentList "-NoProfile -File `"$PSCommandPath`"" | |
| Exit | |
| } | |
| $id = "0cb3b571-2f2e-4343-a879-d86a476d7215" | |
| mountvol X: /s # EFI Partition | |
| try { | |
| # Run the script again to delete leftovers | |
| Get-BcdEntry -Id $id | Remove-BcdEntry -Force | |
| Remove-Item "X:\EFI\Microsoft\Boot\SecConfig.efi" -Force | |
| } catch { | |
| Copy-Item "C:\Windows\System32\SecConfig.efi" "X:\EFI\Microsoft\Boot\SecConfig.efi" -Force | |
| New-BcdEntry -Id $id -Description "VBSDisabler" -Application "osloader" | |
| Set-BcdElement -Id $id -Element path -Type String -Value "\EFI\Microsoft\Boot\SecConfig.efi" | |
| Set-BcdElement -Id $id -Element loadoptions -Type String -Value "DISABLE-LSA-ISO,DISABLE-VBS" | |
| Set-BcdElement -Id $id -Element device -Device Partition -Value X: | |
| Set-BcdBootSequence -Id $id | |
| Set-BcdElement -Element vsmlaunchtype -Type Integer -Value 0 | |
| } | |
| mountvol X: /d | |
| Pause |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment