eabase · January 24, 2025 01:51
diff --git a/badlenovo.ps1 b/badlenovo.ps1
 # Version: 0.1 (2025-01-18)
 # License: MIT, use at your own risk
 #
 # This script disables the Lenovo-installed "Tobii experience" software and "nahimic" software. 
 # Tested on a Lenovo Legion Pro 5 (82WM) with Windows 11 24H2.
 # Run it with `powershell.exe -noprofile -executionPolicy Bypass -File badlenovo.ps1`
 # Following this script, you should be able to uninstall the "Tobii experience" app from the control panel (appwiz.cpl)
 #
 # After major updates, you may need to re-run this script.

 # Disable services (may be re-enabled on reboot)
 Get-Service -Name "Tobii*" | Stop-Service -Force
 Get-Service -Name "Tobii*" | Set-Service -StartupType Disabled
 Get-Service -Name "Nahimic*" | Stop-Service -Force
 Get-Service -Name "Nahimic*" | Set-Service -StartupType Disabled
 # Get the service exe paths
 $services = Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -like "Tobii*" -or $_.Name -like "Nahimic*"} | Select-Object PathName
 $services = $services.PathName -split "`n" | ForEach-Object { $_.Replace('"', '').Trim() }
 $services = $services -replace '\.exe.*', '.exe'
 ## use icacls to deny access to the service exes, so that they can't be started
 $services | ForEach-Object {
    $servicePath = $_
    $acl = Get-Acl $servicePath
    $denyEveryone = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone", "FullControl", "Deny")
    $denySystem = New-Object System.Security.AccessControl.FileSystemAccessRule("SYSTEM", "FullControl", "Deny")
    $acl.SetAccessRule($denyEveryone)
    $acl.SetAccessRule($denySystem)
    Set-Acl $servicePath $acl
 }

 # Find "devices" that are installed by the Tobii or nahimic software and disable them
 $devices = Get-PnpDevice | Where-Object {$_.FriendlyName -like "Tobii*" -or $_.FriendlyName -like "Nahimic*"} | Select-Object FriendlyName,InstanceId

 $devices | ForEach-Object {
    $device = $_
    $instanceId = $device.InstanceId
    $friendlyName = $device.FriendlyName
    Disable-PnpDevice -InstanceId $instanceId -Confirm:$false
    Write-Host "Disabled device: $friendlyName"
 }
	# Version: 0.1 (2025-01-18)
	# License: MIT, use at your own risk
	#
	# This script disables the Lenovo-installed "Tobii experience" software and "nahimic" software.
	# Tested on a Lenovo Legion Pro 5 (82WM) with Windows 11 24H2.
	# Run it with `powershell.exe -noprofile -executionPolicy Bypass -File badlenovo.ps1`
	# Following this script, you should be able to uninstall the "Tobii experience" app from the control panel (appwiz.cpl)
	#
	# After major updates, you may need to re-run this script.

	# Disable services (may be re-enabled on reboot)
	Get-Service -Name "Tobii*" \| Stop-Service -Force
	Get-Service -Name "Tobii*" \| Set-Service -StartupType Disabled
	Get-Service -Name "Nahimic*" \| Stop-Service -Force
	Get-Service -Name "Nahimic*" \| Set-Service -StartupType Disabled
	# Get the service exe paths
	$services = Get-WmiObject -Class Win32_Service \| Where-Object {$_.Name -like "Tobii" -or $_.Name -like "Nahimic"} \| Select-Object PathName
	$services = $services.PathName -split "`n" \| ForEach-Object { $_.Replace('"', '').Trim() }
	$services = $services -replace '\.exe.*', '.exe'
	## use icacls to deny access to the service exes, so that they can't be started
	$services \| ForEach-Object {
	$servicePath = $_
	$acl = Get-Acl $servicePath
	$denyEveryone = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone", "FullControl", "Deny")
	$denySystem = New-Object System.Security.AccessControl.FileSystemAccessRule("SYSTEM", "FullControl", "Deny")
	$acl.SetAccessRule($denyEveryone)
	$acl.SetAccessRule($denySystem)
	Set-Acl $servicePath $acl
	}

	# Find "devices" that are installed by the Tobii or nahimic software and disable them
	$devices = Get-PnpDevice \| Where-Object {$_.FriendlyName -like "Tobii" -or $_.FriendlyName -like "Nahimic"} \| Select-Object FriendlyName,InstanceId

	$devices \| ForEach-Object {
	$device = $_
	$instanceId = $device.InstanceId
	$friendlyName = $device.FriendlyName
	Disable-PnpDevice -InstanceId $instanceId -Confirm:$false
	Write-Host "Disabled device: $friendlyName"
	}