fix(tweaks): replace 3 broken implementations with real code

RajwanYair · RajwanYair · commit a832c2ad6d9a · 2026-04-07T01:00:04.000+03:00
DiskCleanup: cleanup-reduce-recycle-bin-size had a broken PS script
(embedded comment broke execution, wrong NukeOnDelete approach).
Replaced with WMI Win32_Volume iteration that sets MaxCapacity per
drive to 5% (ApplyAction) or 10% (RemoveAction), with real DetectAction.

UserAccount: uac-enforce-password-complexity ApplyAction was applying
Windows default security template (entire policy reset) instead of
only setting PasswordComplexity=1. DetectAction read stdout from
secedit /export instead of the output file. RemoveAction was a no-op.
Fixed to write a minimal INF via PowerShell and call secedit for both
apply and remove; DetectAction now reads and deletes the exported file.

SsdOptimization: ssd-enable-write-caching ApplyAction called
Set-StorageSetting -NewDiskPolicy OnlineAll (storage subsystem policy,
not disk write caching). Replaced with Get-PhysicalDisk | Set-PhysicalDisk
-WriteCacheEnabled for proper per-disk write cache toggle, with matching
RemoveAction and DetectAction.

Total: 7,349 tweaks, 122 categories, 3,230 tests (0 failures)
diff --git a/src/RegiLattice.Core/Tweaks/DiskCleanup.cs b/src/RegiLattice.Core/Tweaks/DiskCleanup.cs
@@ -272,13 +272,40 @@ internal static class DiskCleanup
             Tags = ["cleanup", "disk", "recycle-bin"],
             ApplyAction = _ =>
                 ShellRunner.RunPowerShell(
-                    "$shell = New-Object -ComObject Shell.Application; "
-                        + "$rb = $shell.Namespace(10); "
-                        + "# Note: Recycle Bin size is stored per-drive in the registry "
-                        + "Set-ItemProperty 'HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume' -Name 'NukeOnDelete' -Value 0 -ErrorAction SilentlyContinue"
+                    "Get-WmiObject Win32_Volume -Filter \"DriveType=3\" -ErrorAction SilentlyContinue "
+                        + "| Where-Object DriveLetter "
+                        + "| ForEach-Object { "
+                        + "$id = $_.DeviceID.TrimEnd('\\').Split('{')[1].TrimEnd('}').ToUpper(); "
+                        + "$mb = [math]::Round($_.Capacity / 1048576 * 0.05); "
+                        + "$p = \"HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\$id\"; "
+                        + "if (!(Test-Path $p)) { New-Item $p -Force | Out-Null }; "
+                        + "Set-ItemProperty $p -Name MaxCapacity -Value $mb -ErrorAction SilentlyContinue }"
                 ),
-            RemoveAction = _ => { },
-            DetectAction = () => false,
+            RemoveAction = _ =>
+                ShellRunner.RunPowerShell(
+                    "Get-WmiObject Win32_Volume -Filter \"DriveType=3\" -ErrorAction SilentlyContinue "
+                        + "| Where-Object DriveLetter "
+                        + "| ForEach-Object { "
+                        + "$id = $_.DeviceID.TrimEnd('\\').Split('{')[1].TrimEnd('}').ToUpper(); "
+                        + "$mb = [math]::Round($_.Capacity / 1048576 * 0.10); "
+                        + "$p = \"HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\$id\"; "
+                        + "if (!(Test-Path $p)) { New-Item $p -Force | Out-Null }; "
+                        + "Set-ItemProperty $p -Name MaxCapacity -Value $mb -ErrorAction SilentlyContinue }"
+                ),
+            DetectAction = () =>
+            {
+                var (_, stdout, _) = ShellRunner.RunPowerShell(
+                    "$v = Get-WmiObject Win32_Volume -Filter \"DriveType=3\" -ErrorAction SilentlyContinue "
+                        + "| Where-Object DriveLetter | Select-Object -First 1; "
+                        + "if (!$v) { $false; return }; "
+                        + "$id = $v.DeviceID.TrimEnd('\\').Split('{')[1].TrimEnd('}').ToUpper(); "
+                        + "$fivePct = [math]::Round($v.Capacity / 1048576 * 0.05); "
+                        + "$p = \"HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume\\$id\"; "
+                        + "$cur = (Get-ItemProperty -Path $p -Name MaxCapacity -ErrorAction SilentlyContinue)?.MaxCapacity; "
+                        + "(($cur -ne $null) -and ($cur -le [math]::Round($fivePct * 1.1)))"
+                );
+                return stdout.Trim().Equals("True", StringComparison.OrdinalIgnoreCase);
+            },
         },
         // ── Sprint 41 additions ────────────────────────────────────────────
 
diff --git a/src/RegiLattice.Core/Tweaks/SsdOptimization.cs b/src/RegiLattice.Core/Tweaks/SsdOptimization.cs
@@ -85,11 +85,26 @@ internal static class SsdOptimization
             SideEffects = "Risk of data loss on sudden power failure without UPS.",
             ApplyAction = _ =>
                 ShellRunner.RunPowerShell(
-                    "Get-Disk | Where-Object { $_.BusType -ne 'USB' } | ForEach-Object { "
-                        + "Set-StorageSetting -NewDiskPolicy OnlineAll -ErrorAction SilentlyContinue }"
+                    "Get-PhysicalDisk | Where-Object { $_.BusType -ne 'USB' } "
+                        + "| ForEach-Object { "
+                        + "try { Set-PhysicalDisk -UniqueId $_.UniqueId -WriteCacheEnabled $true -ErrorAction Stop } "
+                        + "catch { } }"
                 ),
-            RemoveAction = _ => { },
-            DetectAction = () => false,
+            RemoveAction = _ =>
+                ShellRunner.RunPowerShell(
+                    "Get-PhysicalDisk | Where-Object { $_.BusType -ne 'USB' } "
+                        + "| ForEach-Object { "
+                        + "try { Set-PhysicalDisk -UniqueId $_.UniqueId -WriteCacheEnabled $false -ErrorAction Stop } "
+                        + "catch { } }"
+                ),
+            DetectAction = () =>
+            {
+                var (_, stdout, _) = ShellRunner.RunPowerShell(
+                    "$d = Get-PhysicalDisk | Where-Object { $_.BusType -ne 'USB' } | Select-Object -First 1; "
+                        + "if (!$d) { $false } else { $d.WriteCacheEnabled -eq $true }"
+                );
+                return stdout.Trim().Equals("True", StringComparison.OrdinalIgnoreCase);
+            },
         },
         new TweakDef
         {
diff --git a/src/RegiLattice.Core/Tweaks/UserAccount.cs b/src/RegiLattice.Core/Tweaks/UserAccount.cs
@@ -211,16 +211,42 @@ internal static class UserAccount
             ApplyAction = dryRun =>
             {
                 if (!dryRun)
-                    ShellRunner.Run(
-                        "secedit",
-                        ["/configure", "/db", "secedit.sdb", "/cfg", "%windir%\\inf\\defltbase.inf", "/areas", "SECURITYPOLICY", "/quiet"]
+                    ShellRunner.RunPowerShell(
+                        "$nl = [System.Environment]::NewLine; "
+                            + "$inf = \"[Unicode]${nl}Unicode=yes${nl}[System Access]${nl}PasswordComplexity = 1${nl}\"; "
+                            + "$path = \"$env:TEMP\\rl_pwcomplex_on.inf\"; "
+                            + "[System.IO.File]::WriteAllText($path, $inf, [System.Text.Encoding]::Unicode); "
+                            + "secedit /configure /db \"$env:TEMP\\secpol.sdb\" /cfg $path /areas SECURITYPOLICY /quiet; "
+                            + "Remove-Item $path -ErrorAction SilentlyContinue"
+                    );
+            },
+            RemoveAction = dryRun =>
+            {
+                if (!dryRun)
+                    ShellRunner.RunPowerShell(
+                        "$nl = [System.Environment]::NewLine; "
+                            + "$inf = \"[Unicode]${nl}Unicode=yes${nl}[System Access]${nl}PasswordComplexity = 0${nl}\"; "
+                            + "$path = \"$env:TEMP\\rl_pwcomplex_off.inf\"; "
+                            + "[System.IO.File]::WriteAllText($path, $inf, [System.Text.Encoding]::Unicode); "
+                            + "secedit /configure /db \"$env:TEMP\\secpol.sdb\" /cfg $path /areas SECURITYPOLICY /quiet; "
+                            + "Remove-Item $path -ErrorAction SilentlyContinue"
                     );
             },
-            RemoveAction = _ => { },
             DetectAction = () =>
             {
-                var (_, stdout, _) = ShellRunner.Run("secedit", ["/export", "/cfg", "%temp%\\rl_secedit.cfg", "/quiet"]);
-                return stdout.Contains("PasswordComplexity = 1", StringComparison.OrdinalIgnoreCase);
+                var cfgPath = Path.Combine(Path.GetTempPath(), "rl_secedit_export.cfg");
+                ShellRunner.Run("secedit", ["/export", "/cfg", cfgPath, "/quiet"]);
+                if (!File.Exists(cfgPath))
+                    return false;
+                try
+                {
+                    var content = File.ReadAllText(cfgPath, System.Text.Encoding.Unicode);
+                    return content.Contains("PasswordComplexity = 1", StringComparison.OrdinalIgnoreCase);
+                }
+                finally
+                {
+                    File.Delete(cfgPath);
+                }
             },
         },
         new TweakDef
