Windows Media Creation CLI
Windows Media Creation CLI is a PowerShell-based tool that automates building Windows installation media on a USB drive. It supports Windows 11 (22H2-25H2) and Windows 10, with customizable architecture, language, region and edition, enabling fully automated media creation. It also supports OEM driver injection via AUTOUNATTEND or DISM, single or multi-driver packs, and can generate an installwimdrivers.csv catalog to track installed drivers.
Security Analysis
3 files scanned on Jan 8, 2026
Overall assessment: The script is a legitimate admin tool for automating driver integration into Windows installation media. Security concerns primarily stem from downloading and executing external installers (remote code execution risk and supply-chain risk). There are no credentials or secrets embedded. A reliability/security bug is present due to an undefined baseDownloadUrl variable. Recommendations: validate driver package signatures, implement hash/signature checks on downloads, consider stricter URL trust controls, verify extracted contents before deployment, and run with least-privilege and, where possible, code-signing checks. Also consider adding explicit error handling for missing/undefined variables and runtime validations of downloaded artifacts.
You might also like
IntuneFirewallMigration
IntuneFirewallMigration is a public-preview tool that migrates Group Policy and local firewall rules into Intune as Settings Catalog policies. It supports selecting specific firewall profiles (Domain, Private, Public) and importing only inbound or outbound rules, using Microsoft.Graph.Authentication with Invoke-MgGraphRequest. The script disables telemetry, requires Graph permissions (DeviceManagementConfiguration.ReadWrite.All), and works with PowerShell 5 or 7 to modernize firewall management in Intune.
Nick BentonPowerShell ADMX wizard
PowerShell ADMX Wizard creates custom ADMX/ADML templates from a CSV of registry keys, enabling Windows policies via Intune. It generates GUID-based templates, adds registry entries (STRING, DWORD, BINARY), and logs progress. After creation, upload the ADM/ADML to Intune as Imported ADMX to apply through a configuration profile.
Niklas RastWindows Recovery Partition Editor
Windows Recovery Partition Editor resizes the local Windows Recovery Partition to 984MB and injects CAB files to enable optional features and language support. It deploys via a PowerShell script, placing architecture-specific CABs under tools\amd64 or tools\arm64cpu and matching language packs, with an optional backup of OEM images. Detection uses the registry key HKLM:\SOFTWARE\YourCompanyNameHere\Client-Recovery with value 1.0.0.
Niklas RastAutopilot Branding
A PowerShell-based customization tool packaged as an Intune Win32 app for configuring Windows 10/11 devices during Autopilot deployment. Customizes start menu layout, background/theme, time zone, removes built-in apps, installs OneDrive, configures language packs, and manages Windows features.
Michael Niehaus