Archives
/
Debloat-Windows-10
mirror of https://github.com/W4RH4WK/Debloat-Windows-10
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix most of anniversary stuff

Browse Source 
close #66
pull/73/head
Alex Hirsch 8 years ago
parent a36d990784
commit 2236687c1f
7 changed files with 476 additions and 496 deletions
Show Stats Download Patch File Download Diff File

11
lib/force-mkdir.psm1
Unescape Escape View File

@ -0,0 +1,11 @@
# Thanks to raydric, this function should be used instead of `mkdir -force`.
#
# While `mkdir -force` works fine when dealing with regular folders, it behaves
# strange when using it at registry level. If the target registry key is
# already present, all values within that key are purged.
function force-mkdir($path) {
if (!(Test-Path $path)) {
#Write-Host "-- Creating full path to: " $path -ForegroundColor White -BackgroundColor DarkGreen
New-Item -ItemType Directory -Force -Path $path
}
}

346
scripts/block-telemetry.ps1
Unescape Escape View File

@ -1,172 +1,174 @@
# Description:
# This script blocks telemetry related domains via the hosts file and related
# IPs via Windows Firewall.
echo "Disabling telemetry via Group Policies"
mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0
echo "Adding telemetry domains to hosts file"
$hosts_file = "$env:systemroot\System32\drivers\etc\hosts"
$domains = @(
"a-0001.a-msedge.net"
"a-0002.a-msedge.net"
"a-0003.a-msedge.net"
"a-0004.a-msedge.net"
"a-0005.a-msedge.net"
"a-0006.a-msedge.net"
"a-0007.a-msedge.net"
"a-0008.a-msedge.net"
"a-0009.a-msedge.net"
"a1621.g.akamai.net"
"a1856.g2.akamai.net"
"a1961.g.akamai.net"
#"a248.e.akamai.net" # makes iTunes download button disappear (#43)
"a978.i6g1.akamai.net"
"a.ads1.msn.com"
"a.ads2.msads.net"
"a.ads2.msn.com"
"ac3.msn.com"
"ad.doubleclick.net"
"adnexus.net"
"adnxs.com"
"ads1.msads.net"
"ads1.msn.com"
"ads.msn.com"
"aidps.atdmt.com"
"aka-cdn-ns.adtech.de"
"a-msedge.net"
"any.edge.bing.com"
"a.rad.msn.com"
"az361816.vo.msecnd.net"
"az512334.vo.msecnd.net"
"b.ads1.msn.com"
"b.ads2.msads.net"
"bingads.microsoft.com"
"b.rad.msn.com"
"bs.serving-sys.com"
"c.atdmt.com"
"cdn.atdmt.com"
"cds26.ams9.msecn.net"
"choice.microsoft.com"
"choice.microsoft.com.nsatc.net"
"c.msn.com"
"compatexchange.cloudapp.net"
"corpext.msitadfs.glbdns2.microsoft.com"
"corp.sts.microsoft.com"
"cs1.wpc.v0cdn.net"
"db3aqu.atdmt.com"
"df.telemetry.microsoft.com"
"diagnostics.support.microsoft.com"
"e2835.dspb.akamaiedge.net"
"e7341.g.akamaiedge.net"
"e7502.ce.akamaiedge.net"
"e8218.ce.akamaiedge.net"
"ec.atdmt.com"
"fe2.update.microsoft.com.akadns.net"
"feedback.microsoft-hohm.com"
"feedback.search.microsoft.com"
"feedback.windows.com"
"flex.msn.com"
"g.msn.com"
"h1.msn.com"
"h2.msn.com"
"hostedocsp.globalsign.com"
"i1.services.social.microsoft.com"
"i1.services.social.microsoft.com.nsatc.net"
"ipv6.msftncsi.com"
"ipv6.msftncsi.com.edgesuite.net"
"lb1.www.ms.akadns.net"
"live.rads.msn.com"
"m.adnxs.com"
"msedge.net"
"msftncsi.com"
"msnbot-65-55-108-23.search.msn.com"
"msntest.serving-sys.com"
"oca.telemetry.microsoft.com"
"oca.telemetry.microsoft.com.nsatc.net"
"onesettings-db5.metron.live.nsatc.net"
"pre.footprintpredict.com"
"preview.msn.com"
"rad.live.com"
"rad.msn.com"
"redir.metaservices.microsoft.com"
"reports.wes.df.telemetry.microsoft.com"
"schemas.microsoft.akadns.net"
"secure.adnxs.com"
"secure.flashtalking.com"
"services.wes.df.telemetry.microsoft.com"
"settings-sandbox.data.microsoft.com"
"settings-win.data.microsoft.com"
"sls.update.microsoft.com.akadns.net"
"sqm.df.telemetry.microsoft.com"
"sqm.telemetry.microsoft.com"
"sqm.telemetry.microsoft.com.nsatc.net"
"ssw.live.com"
"static.2mdn.net"
"statsfe1.ws.microsoft.com"
"statsfe2.update.microsoft.com.akadns.net"
"statsfe2.ws.microsoft.com"
"survey.watson.microsoft.com"
"telecommand.telemetry.microsoft.com"
"telecommand.telemetry.microsoft.com.nsatc.net"
"telemetry.appex.bing.net"
"telemetry.appex.bing.net:443"
"telemetry.microsoft.com"
"telemetry.urs.microsoft.com"
"vortex-bn2.metron.live.com.nsatc.net"
"vortex-cy2.metron.live.com.nsatc.net"
"vortex.data.microsoft.com"
"vortex-sandbox.data.microsoft.com"
"vortex-win.data.microsoft.com"
"watson.live.com"
"watson.microsoft.com"
"watson.ppe.telemetry.microsoft.com"
"watson.telemetry.microsoft.com"
"watson.telemetry.microsoft.com.nsatc.net"
"wes.df.telemetry.microsoft.com"
"win10.ipv6.microsoft.com"
"www.bingads.microsoft.com"
"www.go.microsoft.akadns.net"
"www.msftncsi.com"
# extra
"fe2.update.microsoft.com.akadns.net"
"s0.2mdn.net"
"statsfe2.update.microsoft.com.akadns.net",
"survey.watson.microsoft.com"
"view.atdmt.com"
"watson.microsoft.com",
"watson.ppe.telemetry.microsoft.com"
"watson.telemetry.microsoft.com",
"watson.telemetry.microsoft.com.nsatc.net"
"wes.df.telemetry.microsoft.com"
"ui.skype.com",
"pricelist.skype.com"
"apps.skype.com"
"m.hotmail.com"
"s.gateway.messenger.live.com"
)
echo "" | Out-File -Encoding ASCII -Append $hosts_file
foreach ($domain in $domains) {
if (-Not (Select-String -Path $hosts_file -Pattern $domain)) {
echo "0.0.0.0 $domain" | Out-File -Encoding ASCII -Append $hosts_file
}
}
echo "Adding telemetry ips to firewall"
$ips = @(
"134.170.30.202"
"137.116.81.24"
"157.56.106.189"
"2.22.61.43"
"2.22.61.66"
"204.79.197.200"
"23.218.212.69"
"65.39.117.230"
"65.52.108.33"
"65.55.108.23"
)
Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound `
-Action Block -RemoteAddress ([string[]]$ips)
# Description:
# This script blocks telemetry related domains via the hosts file and related
# IPs via Windows Firewall.
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1
echo "Disabling telemetry via Group Policies"
force-mkdir "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0
echo "Adding telemetry domains to hosts file"
$hosts_file = "$env:systemroot\System32\drivers\etc\hosts"
$domains = @(
"a-0001.a-msedge.net"
"a-0002.a-msedge.net"
"a-0003.a-msedge.net"
"a-0004.a-msedge.net"
"a-0005.a-msedge.net"
"a-0006.a-msedge.net"
"a-0007.a-msedge.net"
"a-0008.a-msedge.net"
"a-0009.a-msedge.net"
"a1621.g.akamai.net"
"a1856.g2.akamai.net"
"a1961.g.akamai.net"
#"a248.e.akamai.net" # makes iTunes download button disappear (#43)
"a978.i6g1.akamai.net"
"a.ads1.msn.com"
"a.ads2.msads.net"
"a.ads2.msn.com"
"ac3.msn.com"
"ad.doubleclick.net"
"adnexus.net"
"adnxs.com"
"ads1.msads.net"
"ads1.msn.com"
"ads.msn.com"
"aidps.atdmt.com"
"aka-cdn-ns.adtech.de"
"a-msedge.net"
"any.edge.bing.com"
"a.rad.msn.com"
"az361816.vo.msecnd.net"
"az512334.vo.msecnd.net"
"b.ads1.msn.com"
"b.ads2.msads.net"
"bingads.microsoft.com"
"b.rad.msn.com"
"bs.serving-sys.com"
"c.atdmt.com"
"cdn.atdmt.com"
"cds26.ams9.msecn.net"
"choice.microsoft.com"
"choice.microsoft.com.nsatc.net"
"c.msn.com"
"compatexchange.cloudapp.net"
"corpext.msitadfs.glbdns2.microsoft.com"
"corp.sts.microsoft.com"
"cs1.wpc.v0cdn.net"
"db3aqu.atdmt.com"
"df.telemetry.microsoft.com"
"diagnostics.support.microsoft.com"
"e2835.dspb.akamaiedge.net"
"e7341.g.akamaiedge.net"
"e7502.ce.akamaiedge.net"
"e8218.ce.akamaiedge.net"
"ec.atdmt.com"
"fe2.update.microsoft.com.akadns.net"
"feedback.microsoft-hohm.com"
"feedback.search.microsoft.com"
"feedback.windows.com"
"flex.msn.com"
"g.msn.com"
"h1.msn.com"
"h2.msn.com"
"hostedocsp.globalsign.com"
"i1.services.social.microsoft.com"
"i1.services.social.microsoft.com.nsatc.net"
"ipv6.msftncsi.com"
"ipv6.msftncsi.com.edgesuite.net"
"lb1.www.ms.akadns.net"
"live.rads.msn.com"
"m.adnxs.com"
"msedge.net"
"msftncsi.com"
"msnbot-65-55-108-23.search.msn.com"
"msntest.serving-sys.com"
"oca.telemetry.microsoft.com"
"oca.telemetry.microsoft.com.nsatc.net"
"onesettings-db5.metron.live.nsatc.net"
"pre.footprintpredict.com"
"preview.msn.com"
"rad.live.com"
"rad.msn.com"
"redir.metaservices.microsoft.com"
"reports.wes.df.telemetry.microsoft.com"
"schemas.microsoft.akadns.net"
"secure.adnxs.com"
"secure.flashtalking.com"
"services.wes.df.telemetry.microsoft.com"
"settings-sandbox.data.microsoft.com"
"settings-win.data.microsoft.com"
"sls.update.microsoft.com.akadns.net"
"sqm.df.telemetry.microsoft.com"
"sqm.telemetry.microsoft.com"
"sqm.telemetry.microsoft.com.nsatc.net"
"ssw.live.com"
"static.2mdn.net"
"statsfe1.ws.microsoft.com"
"statsfe2.update.microsoft.com.akadns.net"
"statsfe2.ws.microsoft.com"
"survey.watson.microsoft.com"
"telecommand.telemetry.microsoft.com"
"telecommand.telemetry.microsoft.com.nsatc.net"
"telemetry.appex.bing.net"
"telemetry.appex.bing.net:443"
"telemetry.microsoft.com"
"telemetry.urs.microsoft.com"
"vortex-bn2.metron.live.com.nsatc.net"
"vortex-cy2.metron.live.com.nsatc.net"
"vortex.data.microsoft.com"
"vortex-sandbox.data.microsoft.com"
"vortex-win.data.microsoft.com"
"watson.live.com"
"watson.microsoft.com"
"watson.ppe.telemetry.microsoft.com"
"watson.telemetry.microsoft.com"
"watson.telemetry.microsoft.com.nsatc.net"
"wes.df.telemetry.microsoft.com"
"win10.ipv6.microsoft.com"
"www.bingads.microsoft.com"
"www.go.microsoft.akadns.net"
"www.msftncsi.com"
# extra
"fe2.update.microsoft.com.akadns.net"
"s0.2mdn.net"
"statsfe2.update.microsoft.com.akadns.net",
"survey.watson.microsoft.com"
"view.atdmt.com"
"watson.microsoft.com",
"watson.ppe.telemetry.microsoft.com"
"watson.telemetry.microsoft.com",
"watson.telemetry.microsoft.com.nsatc.net"
"wes.df.telemetry.microsoft.com"
"ui.skype.com",
"pricelist.skype.com"
"apps.skype.com"
"m.hotmail.com"
"s.gateway.messenger.live.com"
)
echo "" | Out-File -Encoding ASCII -Append $hosts_file
foreach ($domain in $domains) {
if (-Not (Select-String -Path $hosts_file -Pattern $domain)) {
echo "0.0.0.0 $domain" | Out-File -Encoding ASCII -Append $hosts_file
}
}
echo "Adding telemetry ips to firewall"
$ips = @(
"134.170.30.202"
"137.116.81.24"
"157.56.106.189"
"2.22.61.43"
"2.22.61.66"
"204.79.197.200"
"23.218.212.69"
"65.39.117.230"
"65.52.108.33"
"65.55.108.23"
)
Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound `
-Action Block -RemoteAddress ([string[]]$ips)

58
scripts/disable-windows-defender.ps1
Unescape Escape View File

@ -1,28 +1,30 @@
# Description:
# This script disables Windows Defender.
$tasks = @(
"\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"
"\Microsoft\Windows\Windows Defender\Windows Defender Cleanup"
"\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"
"\Microsoft\Windows\Windows Defender\Windows Defender Verification"
)
foreach ($task in $tasks) {
$parts = $task.split('\')
$name = $parts[-1]
$path = $parts[0..($parts.length-2)] -join '\'
echo "Trying to disable scheduled task $name"
Disable-ScheduledTask -TaskName "$name" -TaskPath "$path"
}
echo "Disabling Windows Defender via Group Policies"
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1
echo "Removing Windows Defender context menu item"
si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" ""
# Description:
# This script disables Windows Defender.
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1
$tasks = @(
"\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"
"\Microsoft\Windows\Windows Defender\Windows Defender Cleanup"
"\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"
"\Microsoft\Windows\Windows Defender\Windows Defender Verification"
)
foreach ($task in $tasks) {
$parts = $task.split('\')
$name = $parts[-1]
$path = $parts[0..($parts.length-2)] -join '\'
echo "Trying to disable scheduled task $name"
Disable-ScheduledTask -TaskName "$name" -TaskPath "$path"
}
echo "Disabling Windows Defender via Group Policies"
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1
echo "Removing Windows Defender context menu item"
si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" ""

201
scripts/fix-privacy-settings.ps1
Unescape Escape View File

@ -1,100 +1,101 @@
# Description:
# This script will try to fix many of the privacy settings for the user. This
# is work in progress!
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
echo "Elevating priviledges for this process"
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
echo "Defuse Windows search settings"
Set-WindowsSearchSetting -EnableWebResultsSetting $false
echo "Set general privacy options"
sp "HKCU:\Control Panel\International\User Profile" "HttpAcceptLanguageOptOut" 1
mkdir -Force "HKCU:\Printers\Defaults"
sp "HKCU:\Printers\Defaults" "NetID" "{00000000-0000-0000-0000-000000000000}"
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Input\TIPC"
sp "HKCU:\SOFTWARE\Microsoft\Input\TIPC" "Enabled" 0
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" "Enabled" 0
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" "EnableWebContentEvaluation" 0
echo "Disable synchronisation of settings"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "BackupPolicy" 0x3c
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "DeviceMetadataUploaded" 0
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "PriorLogons" 1
$groups = @(
"Accessibility"
"AppSync"
"BrowserSettings"
"Credentials"
"DesktopTheme"
"Language"
"PackageState"
"Personalization"
"StartLayout"
"Windows"
)
foreach ($group in $groups) {
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" "Enabled" 0
}
echo "Set privacy policy accepted state to 0"
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Personalization\Settings"
sp "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" "AcceptedPrivacyPolicy" 0
echo "Do not scan contact informations"
mkdir -Force "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore"
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" "HarvestContacts" 0
echo "Inking and typing settings"
mkdir -Force "HKCU:\SOFTWARE\Microsoft\InputPersonalization"
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization" "RestrictImplicitInkCollection" 1
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization" "RestrictImplicitTextCollection" 1
echo "Microsoft Edge settings"
mkdir -Force "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main"
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" "DoNotTrack" 1
mkdir -Force "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes"
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes" "ShowSearchSuggestionsGlobal" 0
mkdir -Force "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead"
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead" "FPEnabled" 0
mkdir -Force "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter"
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" "EnabledV9" 0
echo "Disable background access of default apps"
foreach ($key in (ls "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications")) {
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\" + $key.PSChildName) "Disabled" 1
}
echo "Denying device access"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "Type" "LooselyCoupled"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "Value" "Deny"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "InitialAppValue" "Unspecified"
foreach ($key in (ls "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global")) {
if ($key.PSChildName -EQ "LooselyCoupled") {
continue
}
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "Type" "InterfaceClass"
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "Value" "Deny"
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "InitialAppValue" "Unspecified"
}
echo "Disable location sensor"
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}"
sp "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" "SensorPermissionState" 0
echo "Disable submission of Windows Defender findings (w/ elevated privileges)"
Takeown-Registry("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet")
sp "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SpyNetReporting" 0
sp "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SubmitSamplesConsent" 0
echo "Do not share wifi networks"
$user = New-Object System.Security.Principal.NTAccount($env:UserName)
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier]).value
mkdir -Force ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid)
sp ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) "FeatureStates" 0x33c
sp "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseCredShared" 0
sp "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseOpen" 0
# Description:
# This script will try to fix many of the privacy settings for the user. This
# is work in progress!
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
echo "Elevating priviledges for this process"
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
echo "Defuse Windows search settings"
Set-WindowsSearchSetting -EnableWebResultsSetting $false
echo "Set general privacy options"
sp "HKCU:\Control Panel\International\User Profile" "HttpAcceptLanguageOptOut" 1
force-mkdir "HKCU:\Printers\Defaults"
sp "HKCU:\Printers\Defaults" "NetID" "{00000000-0000-0000-0000-000000000000}"
force-mkdir "HKCU:\SOFTWARE\Microsoft\Input\TIPC"
sp "HKCU:\SOFTWARE\Microsoft\Input\TIPC" "Enabled" 0
force-mkdir "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" "Enabled" 0
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" "EnableWebContentEvaluation" 0
echo "Disable synchronisation of settings"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "BackupPolicy" 0x3c
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "DeviceMetadataUploaded" 0
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "PriorLogons" 1
$groups = @(
"Accessibility"
"AppSync"
"BrowserSettings"
"Credentials"
"DesktopTheme"
"Language"
"PackageState"
"Personalization"
"StartLayout"
"Windows"
)
foreach ($group in $groups) {
force-mkdir "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" "Enabled" 0
}
echo "Set privacy policy accepted state to 0"
force-mkdir "HKCU:\SOFTWARE\Microsoft\Personalization\Settings"
sp "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" "AcceptedPrivacyPolicy" 0
echo "Do not scan contact informations"
force-mkdir "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore"
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" "HarvestContacts" 0
echo "Inking and typing settings"
force-mkdir "HKCU:\SOFTWARE\Microsoft\InputPersonalization"
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization" "RestrictImplicitInkCollection" 1
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization" "RestrictImplicitTextCollection" 1
echo "Microsoft Edge settings"
force-mkdir "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main"
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" "DoNotTrack" 1
force-mkdir "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes"
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes" "ShowSearchSuggestionsGlobal" 0
force-mkdir "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead"
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead" "FPEnabled" 0
force-mkdir "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter"
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" "EnabledV9" 0
echo "Disable background access of default apps"
foreach ($key in (ls "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications")) {
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\" + $key.PSChildName) "Disabled" 1
}
echo "Denying device access"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "Type" "LooselyCoupled"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "Value" "Deny"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "InitialAppValue" "Unspecified"
foreach ($key in (ls "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global")) {
if ($key.PSChildName -EQ "LooselyCoupled") {
continue
}
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "Type" "InterfaceClass"
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "Value" "Deny"
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "InitialAppValue" "Unspecified"
}
echo "Disable location sensor"
force-mkdir "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}"
sp "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" "SensorPermissionState" 0
echo "Disable submission of Windows Defender findings (w/ elevated privileges)"
Takeown-Registry("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet")
sp "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SpyNetReporting" 0 # write-protected even after takeown ?!
sp "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SubmitSamplesConsent" 0
echo "Do not share wifi networks"
$user = New-Object System.Security.Principal.NTAccount($env:UserName)
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier]).value
force-mkdir ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid)
sp ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) "FeatureStates" 0x33c
sp "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseCredShared" 0
sp "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseOpen" 0

197
scripts/optimize-user-interface.ps1
Unescape Escape View File

@ -1,118 +1,79 @@
# Description
# This script will apply MarkC's mouse acceleration fix (for 100% DPI) and
# disable some accessibility features regarding keyboard input. Additional
# some UI elements will be changed.
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
echo "Elevating priviledges for this process"
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
echo "Apply MarkC's mouse acceleration fix"
sp "HKCU:\Control Panel\Mouse" "MouseSensitivity" "10"
sp "HKCU:\Control Panel\Mouse" "MouseSpeed" "0"
sp "HKCU:\Control Panel\Mouse" "MouseThreshold1" "0"
sp "HKCU:\Control Panel\Mouse" "MouseThreshold2" "0"
sp "HKCU:\Control Panel\Mouse" "SmoothMouseXCurve" ([byte[]](0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0xCC, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x99, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x66, 0x26, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x33, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00))
sp "HKCU:\Control Panel\Mouse" "SmoothMouseYCurve" ([byte[]](0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xA8, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00))
echo "Disable mouse pointer hiding"
sp "HKCU:\Control Panel\Desktop" "UserPreferencesMask" ([byte[]](0x9e,
0x1e, 0x06, 0x80, 0x12, 0x00, 0x00, 0x00))
echo "Disable easy access keyboard stuff"
sp "HKCU:\Control Panel\Accessibility\StickyKeys" "Flags" "506"
sp "HKCU:\Control Panel\Accessibility\Keyboard Response" "Flags" "122"
sp "HKCU:\Control Panel\Accessibility\ToggleKeys" "Flags" "58"
echo "Restoring old volume slider"
mkdir -Force "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\MTCUVC"
sp "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\MTCUVC" "EnableMtcUvc" 0
echo "Setting folder view options"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "Hidden" 1
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "HideFileExt" 0
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "HideDrivesWithNoMedia" 0
echo "Setting default explorer view to This PC"
sp "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "LaunchTo" 1
# Explorer will throw an error if quick acess is removed and default view has
# not been changed to This PC.
#echo "Removing Quick Access from explorer"
#Takeown-Registry("HKEY_CLASSES_ROOT\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder")
#New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR"
#sp "HKCR:\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder" "Attributes" 0xa0600000
#Remove-PSDrive "HKCR"
echo "Removing user folders under This PC"
# Remove Desktop from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
# Remove Documents from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}"
# Remove Downloads from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}"
# Remove Music from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
# Remove Pictures from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
# Remove Videos from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
echo "Disabling login screen background image"
mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\System"
sp "HKLM:\Software\Policies\Microsoft\Windows\System" "DisableLogonBackgroundImage" 1
echo "Disabling new lock screen"
mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" "NoLockScreen" 1
echo "Disable startmenu search features"
mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\Windows Search"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowCortana 0
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" DisableWebSearch 1
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowSearchToUseLocation 0
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" ConnectedSearchUseWeb 0
echo "Disable AutoRun"
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" "NoDriveTypeAutoRun" 0xff
mkdir -Force "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
sp "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" "NoDriveTypeAutoRun" 0xff
#echo "Disabling tile push notification"
#mkdir -Force "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications"
#sp "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" "NoTileApplicationNotification" 1
#echo "Disabling screen saver"
#sp "HKCU:\Control Panel\Desktop\" "ScreenSaveActive" "0"
#echo "Use legacy advanced boot menu"
#bcdedit.exe /set `{current`} bootmenupolicy Legacy
# src: https://social.technet.microsoft.com/Forums/en-US/fa742f1a-38be-4ca2-9660-da58068214ed
echo "Remove all tiles from start menu"
$e = (New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}')
$e.Items() | %{$_.Verbs()} | ?{$_.Name.replace('&','') -match 'Unpin from Start'} | %{$_.DoIt()}
# Description
# This script will apply MarkC's mouse acceleration fix (for 100% DPI) and
# disable some accessibility features regarding keyboard input. Additional
# some UI elements will be changed.
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
echo "Elevating priviledges for this process"
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
echo "Apply MarkC's mouse acceleration fix"
sp "HKCU:\Control Panel\Mouse" "MouseSensitivity" "10"
sp "HKCU:\Control Panel\Mouse" "MouseSpeed" "0"
sp "HKCU:\Control Panel\Mouse" "MouseThreshold1" "0"
sp "HKCU:\Control Panel\Mouse" "MouseThreshold2" "0"
sp "HKCU:\Control Panel\Mouse" "SmoothMouseXCurve" ([byte[]](0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0xCC, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x99, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x66, 0x26, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x33, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00))
sp "HKCU:\Control Panel\Mouse" "SmoothMouseYCurve" ([byte[]](0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xA8, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00))
echo "Disable mouse pointer hiding"
sp "HKCU:\Control Panel\Desktop" "UserPreferencesMask" ([byte[]](0x9e,
0x1e, 0x06, 0x80, 0x12, 0x00, 0x00, 0x00))
echo "Disable easy access keyboard stuff"
sp "HKCU:\Control Panel\Accessibility\StickyKeys" "Flags" "506"
sp "HKCU:\Control Panel\Accessibility\Keyboard Response" "Flags" "122"
sp "HKCU:\Control Panel\Accessibility\ToggleKeys" "Flags" "58"
echo "Restoring old volume slider"
force-mkdir "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\MTCUVC"
sp "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\MTCUVC" "EnableMtcUvc" 0
echo "Setting folder view options"
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "Hidden" 1
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "HideFileExt" 0
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "HideDrivesWithNoMedia" 0
echo "Setting default explorer view to This PC"
sp "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "LaunchTo" 1
echo "Removing user folders under This PC"
# Remove Desktop from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
# Remove Documents from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}"
# Remove Downloads from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}"
# Remove Music from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
# Remove Pictures from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
# Remove Videos from This PC
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}"
rm "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}"
rm "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
#echo "Disabling tile push notification"
#force-mkdir "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications"
#sp "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" "NoTileApplicationNotification" 1

48
scripts/optimize-windows-update.ps1
Unescape Escape View File

@ -1,23 +1,25 @@
# Description:
# This script optimizes Windows updates by disabling automatic download and
# seeding updates to other computers.
echo "Disable automatic download and installation of Windows updates"
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "NoAutoUpdate" 0
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "AUOptions" 2
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "ScheduledInstallDay" 0
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "ScheduledInstallTime" 3
echo "Disable seeding of updates to other computers via Group Policies"
mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" "DODownloadMode" 0
#echo "Disabling automatic driver update"
#sp "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" "SearchOrderConfig" 0
echo "Disable 'Updates are available' message"
takeown /F "$env:WinDIR\System32\MusNotification.exe"
icacls "$env:WinDIR\System32\MusNotification.exe" /deny "Everyone:(X)"
takeown /F "$env:WinDIR\System32\MusNotificationUx.exe"
icacls "$env:WinDIR\System32\MusNotificationUx.exe" /deny "Everyone:(X)"
# Description:
# This script optimizes Windows updates by disabling automatic download and
# seeding updates to other computers.
#
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1
echo "Disable automatic download and installation of Windows updates"
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "NoAutoUpdate" 0
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "AUOptions" 2
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "ScheduledInstallDay" 0
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "ScheduledInstallTime" 3
echo "Disable seeding of updates to other computers via Group Policies"
force-mkdir "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" "DODownloadMode" 0
#echo "Disabling automatic driver update"
#sp "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" "SearchOrderConfig" 0
echo "Disable 'Updates are available' message"
takeown /F "$env:WinDIR\System32\MusNotification.exe"
icacls "$env:WinDIR\System32\MusNotification.exe" /deny "Everyone:(X)"
takeown /F "$env:WinDIR\System32\MusNotificationUx.exe"
icacls "$env:WinDIR\System32\MusNotificationUx.exe" /deny "Everyone:(X)"

111
scripts/remove-onedrive.ps1
Unescape Escape View File

@ -1,55 +1,56 @@
# Description:
# This script will remove and disable OneDrive integration.
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
echo "Kill OneDrive process"
taskkill.exe /F /IM "OneDrive.exe"
taskkill.exe /F /IM "explorer.exe"
echo "Remove OneDrive"
if (Test-Path "$env:systemroot\System32\OneDriveSetup.exe") {
& "$env:systemroot\System32\OneDriveSetup.exe" /uninstall
}
if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") {
& "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall
}
echo "Removing OneDrive leftovers"
rm -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive"
rm -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive"
rm -Recurse -Force -ErrorAction SilentlyContinue "$env:userprofile\OneDrive"
rm -Recurse -Force -ErrorAction SilentlyContinue "C:\OneDriveTemp"
echo "Disable OneDrive via Group Policies"
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive" "DisableFileSyncNGSC" 1
echo "Remove Onedrive from explorer sidebar"
New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR"
mkdir -Force "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
sp "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
mkdir -Force "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
sp "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
Remove-PSDrive "HKCR"
# Thank you Matthew Israelsson
echo "Removing run hook for new users"
reg load "hku\Default" "C:\Users\Default\NTUSER.DAT"
reg delete "HKEY_USERS\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f
reg unload "hku\Default"
echo "Removing startmenu entry"
rm -Force -ErrorAction SilentlyContinue "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"
echo "Restarting explorer"
start "explorer.exe"
echo "Waiting for explorer to complete loading"
sleep 10
echo "Removing additional OneDrive leftovers"
foreach ($item in (ls "$env:WinDir\WinSxS\*onedrive*")) {
Takeown-Folder $item.FullName
rm -Recurse -Force $item.FullName
}
# Description:
# This script will remove and disable OneDrive integration.
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
echo "Kill OneDrive process"
taskkill.exe /F /IM "OneDrive.exe"
taskkill.exe /F /IM "explorer.exe"
echo "Remove OneDrive"
if (Test-Path "$env:systemroot\System32\OneDriveSetup.exe") {
& "$env:systemroot\System32\OneDriveSetup.exe" /uninstall
}
if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") {
& "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall
}
echo "Removing OneDrive leftovers"
rm -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive"
rm -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive"
rm -Recurse -Force -ErrorAction SilentlyContinue "$env:userprofile\OneDrive"
rm -Recurse -Force -ErrorAction SilentlyContinue "C:\OneDriveTemp"
echo "Disable OneDrive via Group Policies"
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive" "DisableFileSyncNGSC" 1
echo "Remove Onedrive from explorer sidebar"
New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR"
mkdir -Force "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
sp "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
mkdir -Force "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
sp "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
Remove-PSDrive "HKCR"
# Thank you Matthew Israelsson
echo "Removing run hook for new users"
reg load "hku\Default" "C:\Users\Default\NTUSER.DAT"
reg delete "HKEY_USERS\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f
reg unload "hku\Default"
echo "Removing startmenu entry"
rm -Force -ErrorAction SilentlyContinue "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"
echo "Restarting explorer"
start "explorer.exe"
echo "Waiting for explorer to complete loading"
sleep 10
echo "Removing additional OneDrive leftovers"
foreach ($item in (ls "$env:WinDir\WinSxS\*onedrive*")) {
Takeown-Folder $item.FullName
rm -Recurse -Force $item.FullName
}

Write Preview
Loading…
Cancel
Save