Back to all tools
PS ScriptConfiguration

Windows Recovery Partition Editor

Windows Recovery Partition Editor resizes the local Windows Recovery Partition to 984MB and injects CAB files to enable optional features and language support. It deploys via a PowerShell script, placing architecture-specific CABs under tools\amd64 or tools\arm64cpu and matching language packs, with an optional backup of OEM images. Detection uses the registry key HKLM:\SOFTWARE\YourCompanyNameHere\Client-Recovery with value 1.0.0.

Works with
Windows
Created by
Niklas Rast
Niklas Rast
GitHub

Security Analysis

5of 6
1 Issue Found

1 files scanned on Jan 8, 2026

Issues Detected
No Malicious Patterns
No known malware techniques
The script performs high-risk disk/partition operations (Resize-Partition, New-Partition, Remove-Partition, Format-Volume) to create and modify the Windows Recovery Environment (RE) partition, including disabling and re-enabling WinRE. If misused or dropped into an unmanaged system, it can brick the system or disable security features. It also copies WinRE images between partitions and moves WinRE, which could be leveraged for persistence or evasion if abused.
Passed Checks
No Obfuscated Code
No Remote Execution
No Credential Theft
No Data Exfiltration
No Hardcoded Secrets
AI Analysis

The script is a legitimate admin tool for managing the Windows Recovery Environment but contains high-risk operations that can brick the system if misused. It does not download/execute remote code, harvest credentials, or exfiltrate data beyond logging. Recommendations: restrict usage to trusted admins, add robust error handling and environment validation, implement safety checks to prevent destructive actions, and review logging practices to avoid leaking sensitive information.

You might also like

PS Script

IntuneFirewallMigration

IntuneFirewallMigration is a public-preview tool that migrates Group Policy and local firewall rules into Intune as Settings Catalog policies. It supports selecting specific firewall profiles (Domain, Private, Public) and importing only inbound or outbound rules, using Microsoft.Graph.Authentication with Invoke-MgGraphRequest. The script disables telemetry, requires Graph permissions (DeviceManagementConfiguration.ReadWrite.All), and works with PowerShell 5 or 7 to modernize firewall management in Intune.

Nick BentonNick Benton
PS Script

PowerShell ADMX wizard

PowerShell ADMX Wizard creates custom ADMX/ADML templates from a CSV of registry keys, enabling Windows policies via Intune. It generates GUID-based templates, adds registry entries (STRING, DWORD, BINARY), and logs progress. After creation, upload the ADM/ADML to Intune as Imported ADMX to apply through a configuration profile.

Niklas RastNiklas Rast
PS Script

Windows Media Creation CLI

Windows Media Creation CLI is a PowerShell-based tool that automates building Windows installation media on a USB drive. It supports Windows 11 (22H2-25H2) and Windows 10, with customizable architecture, language, region and edition, enabling fully automated media creation. It also supports OEM driver injection via AUTOUNATTEND or DISM, single or multi-driver packs, and can generate an installwimdrivers.csv catalog to track installed drivers.

Niklas RastNiklas Rast
Desktop App

Microsoft Team Rooms Wallpaper package wrapper

A Microsoft Intune wrapper that enables deploying a custom wallpaper to Microsoft Teams Rooms devices via a PowerShell installer. It packages a wallpaper into an .INTUNEWIN package, supports install and uninstall commands, and uses registry-based detection to verify the deployed version. It also generates logs under the Intune Management Extension folder for troubleshooting, with a configurable company name for branding.

Niklas RastNiklas Rast