RemoveWindowsAI

Removes Windows AppX packages marked as NonRemovable by leveraging privilege escalation to TrustedInstaller context via the Run-Trusted function, which spawns a secondary PowerShell process with system-level permissions. This bypasses Windows Package Manager restrictions that normally prevent removal of built-in packages like Copilot and Recall. The implementation uses SYSTEM token impersonation to execute removal commands that would otherwise fail with access denied errors.

Identifies and removes hidden CBS packages that Windows Update uses to reinstall AI features by querying the Component-Based Servicing database and targeting specific component manifests. The implementation enumerates CBS packages via WMI or registry inspection, identifies AI-related components by manifest analysis, and removes them using DISM or direct CBS API calls. This prevents Windows Update from automatically restoring removed AppX packages during system updates.

Provides multiple execution modes that control how operations are applied: dry-run (preview without changes), removal (standard execution with safety checks), force (bypass safety checks), backup (create state snapshot before removal), and revert (restore from backup). The implementation uses a mode parameter to control operation behavior, with each mode having different safety guardrails and logging requirements. This enables users to choose the appropriate risk/safety tradeoff for their use case.

Generates comprehensive logs of all removal operations including timestamps, operation names, success/failure status, and error details when -EnableLogging flag is used. The implementation writes to log files in addition to console output, capturing both successful operations and failures with full error context. This enables troubleshooting of failed operations and provides audit trail of what was executed and when.

Disables Windows services associated with AI features by modifying service startup type to Disabled and stopping running service instances. The implementation enumerates Windows services, identifies AI-related services by name and description matching, and uses sc.exe or PowerShell Service cmdlets to disable them. This prevents AI services from starting automatically on system boot while allowing other services to function normally.

Hides AI feature UI elements from the Windows Settings app by modifying registry keys that control visibility of Copilot, Recall, and image generation settings pages. The implementation modifies HKCU registry keys that control Settings app page visibility, preventing users from accessing AI feature configuration options through the GUI. This is a UI-level hiding mechanism that does not remove packages but prevents user access to settings.

Disables the AI-powered Rewrite feature in Notepad by modifying registry keys and Group Policy settings that control Rewrite availability. The implementation targets registry keys that enable/disable the Rewrite button and policy settings that control AI feature availability in Notepad. This prevents users from accessing the Rewrite feature while keeping Notepad functional.

Disables AI features by modifying Windows registry keys and Group Policy settings that control Copilot availability, voice effects, DLL contracts, and AI service activation. The implementation writes to HKLM and HKCU registry hives to set policies like DisableCopilot, modifies IntegratedServicesRegionPolicySet.json to restrict regional AI availability, and disables related Windows services. This approach disables features at the OS level without removing packages, allowing for reversible changes.

Identifies and removes Windows scheduled tasks associated with AI features (Copilot, Recall, image generation) by enumerating the Task Scheduler database and targeting tasks in Microsoft\Windows\AI, Microsoft\Windows\Recall, and related folders. The implementation queries task metadata to confirm AI association, then removes tasks using Task Scheduler APIs or PowerShell cmdlets. This prevents background AI processes from running even if packages remain installed.

Prevents Windows Update from reinstalling removed AI packages by injecting a custom deployment package into the Windows servicing stack that marks AI components as permanently removed. The implementation creates or modifies deployment package manifests that Windows Update consults during feature provisioning, effectively blocking the restoration of Copilot, Recall, and related packages. This uses the Windows Servicing Integration mechanism to persist removal decisions across updates.

Removes AI-related binary files, libraries, and configuration files from the Windows file system after AppX package removal, targeting directories like Program Files, System32, and AppData that contain Copilot, Recall, and image generation tool binaries. The implementation enumerates known AI component file paths, verifies they are not in use by other processes, and deletes them with appropriate privilege escalation. This ensures complete removal of AI executables and prevents orphaned files from consuming disk space or being exploited.

Provides a PowerShell-based interactive menu interface that allows users to select individual removal operations (DisableRegKeys, RemoveAppxPackages, RemoveCBSPackages, etc.) before execution, with dry-run mode to preview changes without applying them. The implementation renders a menu using Write-Host and Read-Host, maps user selections to operation functions, and executes with -WhatIf equivalent behavior in dry-run mode. This enables safe exploration of removal options and verification of impact before committing changes.

Creates backup snapshots of system state before removal operations (registry keys, AppX packages, CBS packages, scheduled tasks) and provides restore functionality to revert changes. The implementation exports registry hives, captures AppX package manifests, and logs operation details to a backup directory, then provides a restore mode that reapplies backed-up state. This enables users to undo removal operations if they cause system issues or if AI features are needed again.

Enables automated, scriptable execution of removal operations via PowerShell command-line parameters (-Options, -AllOptions, -nonInteractive) without requiring user interaction or UI navigation. The implementation parses parameter arrays to identify which operations to execute, validates prerequisites, and runs operations in sequence with logging. This enables integration into deployment automation, CI/CD pipelines, and fleet management systems.

Automatically detects if the script is running with administrator privileges and self-elevates if needed using UAC prompts, then switches to TrustedInstaller context for operations requiring system-level file and registry access. The implementation uses the Run-Trusted function to spawn a secondary PowerShell process with SYSTEM token impersonation, enabling operations that standard administrator context cannot perform. This abstracts privilege escalation complexity from users while maintaining security boundaries.