$name = 'Windows-Defender-Client-Package'
$packages = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages'
$found = split-path -leaf (reg query $packages.replace(':','') /f $name | findstr HKEY)

function reg_own([string[]]$A){ #key [opt],all,usr,own,acc,perm : reg_own "HKCU:\My","","S-1-5-32-545","","Allow","FullControl"
$D1=[uri]."M`odule"."G`etType"('System.Diagnostics.Process')."G`etMethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))}
$path=$A[0]; $rk=$path-split':\\',2; $HK=gi -lit Registry::$($rk[0]) -fo; $s=$A[1]; $sps=[Security.Principal.SecurityIdentifier]
$u=($A[2],'S-1-5-32-544')[!$A[2]];$o=($A[3],$u)[!$A[3]];$w=$u,$o |% {new-object $sps($_)}; $old=!$A[3];$own=!$old; $y=$s-eq'all'
$rar=new-object Security.AccessControl.RegistryAccessRule( $w[0], ($A[5],'FullControl')[!$A[5]], 1, 0, ($A[4],'Allow')[!$A[4]] )
$x=$s-eq'none';function Own1($k){$t=$HK.OpenSubKey($k,2,'TakeOwnership');if($t){0,4|%{try{$o=$t.GetAccessControl($_)}catch{$old=0}
};if($old){$own=1;$w[1]=$o.GetOwner($sps)};$o.SetOwner($w[0]);$t.SetAccessControl($o); $c=$HK.OpenSubKey($k,2,'ChangePermissions')
$p=$c.GetAccessControl(2);if($y){$p.SetAccessRuleProtection(1,1)};$p.ResetAccessRule($rar);if($x){$p.RemoveAccessRuleAll($rar)}
$c.SetAccessControl($p);if($own){$o.SetOwner($w[1]);$t.SetAccessControl($o)};if($s){$subkeys=$HK.OpenSubKey($k).GetSubKeyNames()
foreach($n in $subkeys){Own1 "$k\$n"}}}}; Own1 $rk[1]; if($env:VO){get-acl Registry::$path|fl}} # lean & mean ps snippet by AveYo

foreach ($item in $found) {
reg_own "$packages\$item" 'preserve' 'S-1-1-0'
set-itemproperty -Path "$packages\$item" -Name "Visibility" -Value 1
remove-item -Path "$packages\$item\Owners"
remove-windowspackage -Online -PackageName "$item" -NoRestart
}