Give Back Control over Windows functions script

GBC.ps1

$elevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

function Show-Menu {
    Clear-Host
    Write-Host "======================================================"
    Write-Host "================ Give Back Control ================"
    Write-Host "======================================================"
    if($elevated -eq $true){
        Write-Host "Local Admin: " -ForegroundColor white -NoNewline; Write-Host $elevated -ForegroundColor Green 
        Write-Host "We have superpowers. Ready to continue."        
    }
    else{
        Write-Host "Local Admin: " -ForegroundColor white -NoNewline; Write-Host $elevated -ForegroundColor Red
        Write-Host "You need local admin rights to continue. Please start in elevated prompt!!!"        
    }
    Write-Host ""
    Write-Host "1: Press '1' to enable configuration of Windows Defender."
    Write-Host "2: Press '2' to enable configuration of Windows Firewall."
    Write-Host "3: Press '3' to disable Virtual Protection features of Credential Guard to allow nested virtualization."
    Write-Host "4: Press '4' to enable free Browser config."
    Write-Host "5: Press '5' to reboot. Close all open files before using!!!"
    Write-Host "q: Press 'q' to quit."
}

function Browser{
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs" /f'
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "HomepageLocation" /f'
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "HomeButton" /f'
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs" /f'
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v "HomepageLocation" /f'
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v "HomeButton" /f'
    Pause 
 }

 function Defender{
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /f'
    Pause 
 }
 

 function Firewall{
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy" /f'
    Pause 
 }

 function DeviceGuard{
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /f'
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard" /v "RequirePlatformSecurityFeatures" /f'
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /f'
    cmd /c 'REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /f'
    
    mountvol X: /s
    copy-item c:\windows\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi
    cmd /c 'bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader'
    cmd /c 'bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"'
    cmd /c 'bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}'
    cmd /c 'bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO'
    cmd /c 'bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:'
    cmd /c 'bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS'
    cmd /c 'bcdedit /set vsmlaunchtype off'
    mountvol X: /d
    Pause 
 }

 function Reboot {
    Restart-Computer -Confirm:$true
 }

 do
 {
    Show-Menu
    $selection = Read-Host "Please make a selection"
    switch ($selection)
    {
        '1' {Defender}
        '2' {Firewall}
        '3' {DeviceGuard}
        '4' {Browser}
        '5' {Reboot}
    }
 }
 until ($selection -eq 'q')