Created
April 8, 2024 20:25
-
-
Save dyavuz/64f6ca31e1bb583a4c93505f387092ce to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#################################################################################################### | |
# BOOTSTRAP # | |
#################################################################################################### | |
# Run script as Administrator if the session isn't elevated | |
if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { | |
$ArgumentList = "-NoExit -NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" | |
Start-Process -FilePath "powershell.exe" -ArgumentList "$ArgumentList" -Verb RunAs | |
Exit | |
} | |
# Don't halt the script for any confirmation | |
$ConfirmPreference = "None" | |
# Don't show progress bars, as it slows down download speed considerably. | |
# See: https://stackoverflow.com/a/43477248 | |
$ProgressPreference = "SilentlyContinue" | |
# Don't exit the script if any error occurs | |
$ErrorActionPreference = "SilentlyContinue" | |
# Add HKEY_CLASSES_ROOT PSDrive | |
if (-not (Test-Path -Path "HKCR:")) { | |
New-PSDrive -Name "HKCR" -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" | Out-Null | |
} | |
#################################################################################################### | |
# Global Variables & Objects # | |
#################################################################################################### | |
# If provided, take the first parameter of the calling script and set is as device name | |
# It'll be used for setting hostname and calling device specific script if it exists. | |
if ($args[0]) { | |
$DeviceName = $args[0] | |
} else { | |
$DeviceName = $Env:ComputerName | |
} | |
# User account security identifier | |
$SID = (Get-CimInstance -ClassName Win32_UserAccount | Where-Object -FilterScript { $_.Name -eq $Env:Username }).SID | |
#################################################################################################### | |
# Misc. # | |
#################################################################################################### | |
# Install PoshPrivelege to enable specific privilege or privileges on the current process. | |
# https://www.powershellgallery.com/packages/PoshPrivilege | |
if (-not (Get-Module -ListAvailable -Name PoshPrivilege)) { | |
Install-Module -Name PoshPrivilege -Confirm:$False | |
} | |
Import-Module PoshPrivilege | |
# Helper function to change owner and provide full control of a registry key under HKLM | |
Function Set-ItemAdminPermissions { | |
Param( | |
[Parameter(Mandatory=$False)] [string]$PSDrive, | |
[Parameter(Mandatory=$True)] [string]$Path | |
) | |
Enable-Privilege -Privilege SeTakeOwnershipPrivilege | |
if ($PSDrive -eq "HKLM") { | |
$regHive = [Microsoft.Win32.RegistryHive]::LocalMachine | |
} elseif ($PSDrive -eq "HKCU") { | |
$regHive = [Microsoft.Win32.RegistryHive]::CurrentUser | |
} elseif ($PSDrive -eq "HKCR") { | |
$regHive = [Microsoft.Win32.RegistryHive]::ClassesRoot | |
} | |
$regView = [Microsoft.Win32.RegistryView]::Registry64 | |
$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey($regHive, $regView) | |
$key = $reg.OpenSubKey($Path, 'ReadWriteSubTree', 'TakeOwnership') | |
$acl = $key.GetAccessControl() | |
$owner = [System.Security.Principal.NTAccount]"BuiltIn\Administrators" | |
$acl.SetOwner($owner) | |
$key.SetAccessControl($acl) | |
$regRights = [System.Security.AccessControl.RegistryRights]::FullControl | |
$inhFlags = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit | |
$prFlags = [System.Security.AccessControl.PropagationFlags]::None | |
$acType = [System.Security.AccessControl.AccessControlType]::Allow | |
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($owner, $regRights, $inhFlags, $prFlags, $acType) | |
$acl.AddAccessRule($rule) | |
$key.SetAccessControl($acl) | |
} | |
#################################################################################################### | |
# ESSENTIALS & DEPENDENCIES # | |
#################################################################################################### | |
#################################################################################################### | |
# winget # | |
#################################################################################################### | |
## | |
# WinGet settings | |
## | |
$WinGetSettingsJson = "$Env:LocalAppData\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\settings.json" | |
# WinGet preferences | |
$WinGetSettings = [ordered]@{ | |
experimentalFeatures = [ordered]@{ | |
"experimentalMSStore" = $False; | |
}; | |
network = [ordered]@{ | |
"downloader" = "wininet"; | |
}; | |
source = [ordered]@{ | |
"autoUpdateIntervalInMinutes" = 0; | |
}; | |
} | |
# Save to the file with UTF8 without BOM encoding | |
[System.IO.File]::WriteAllLines("$WinGetSettingsJson", ($WinGetSettings | ConvertTo-Json -Compress)) | |
# Update WinGet sources list | |
winget source reset --force | |
winget source update | |
Remove-Variable -Name WinGetSettings WinGetSettingsJson | |
#################################################################################################### | |
# Libraries & Frameworks # | |
#################################################################################################### | |
# Install Microsoft Visual C++ Redistributable Packages | |
$VcRedists = [ordered]@{ | |
"2005" = "/Q" | |
"2008" = "/q" | |
"2010" = "/q /norestart" | |
"2012" = "/install /quiet /norestart" | |
"2013" = "/install /quiet /norestart" | |
"2015+" = "/install /quiet /norestart" | |
} | |
foreach ($VcRedistYear in $VcRedists.Keys) { | |
foreach ($Arch in "x86", "x64") { | |
& winget install --accept-source-agreements --accept-package-agreements --exact "Microsoft.VCRedist.${VcRedistYear}.${Arch}" --override $VcRedists.$VcRedistYear | |
} | |
} | |
Remove-Variable -Name VcRedists | |
# Install .NET Framework 3.5 (includes .NET 2.0 and 3.0) | |
$FeatureName = "NetFx3" | |
if (Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq $FeatureName -and $_.State -like "Disabled*" }) { | |
Enable-WindowsOptionalFeature -Online -FeatureName $FeatureName -NoRestart | Out-Null | |
} | |
Remove-Variable -Name FeatureName | |
#################################################################################################### | |
# SETTINGS & SYSTEM CONFIGURATION # | |
#################################################################################################### | |
#################################################################################################### | |
# System # | |
#################################################################################################### | |
## | |
# Notifications | |
## | |
# Show me the Windows welcome experience after updated and occasionally when I sign in to highlight | |
# what's new and suggested: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-310093Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Suggest ways I can finish setting up my device to get the most out of Windows: Off | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Name "ScoobeSystemSettingEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Get tips, tricks, and suggestions as you use Windows: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338389Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Multitasking | |
## | |
# Disable Aero Shake | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "DisallowShaking" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Disable vertical maximizing of Windows | |
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "SnapSizing" -PropertyType String -Value "0" -Force | Out-Null | |
# Show suggestions in your timeline: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353698Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Pressing Alt + Tab shows: Open windows only | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "MultiTaskingAltTabFilter" -PropertyType DWord -Value 3 -Force | Out-Null | |
## | |
# Shared experiences | |
## | |
# Share across devices: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CDP" -Name "CdpSessionUserAuthzPolicy" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CDP" -Name "NearShareChannelUserAuthzPolicy" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CDP" -Name "RomeSdkChannelUserAuthzPolicy" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Disable Connected Devices Platform Service | |
$CDPServices = @( | |
"CDPSvc" | |
"CDPUserSvc" | |
) | |
foreach ($CDPService in $CDPServices) { | |
Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\$CDPService" | |
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\$CDPService" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null | |
Stop-Service -Name "cbdhsvc" -Force | |
} | |
Remove-Variable -Name $CDPService | |
## | |
# Clipboard | |
## | |
# Clipboard history: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Clipboard" -Name "EnableClipboardHistory" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# About | |
## | |
# Rename the PC if the `DeviceName` variable is set | |
if ($Env:ComputerName -ne $DeviceName) { | |
$Env:ComputerName = $DeviceName | |
Rename-Computer -NewName $Env:ComputerName | |
} | |
#################################################################################################### | |
# Devices # | |
#################################################################################################### | |
## | |
# Bluetooth & other devices | |
## | |
# Show Bluetooth icon in the notification area: Off | |
New-ItemProperty -Path "HKCU:\Control Panel\Bluetooth" -Name "Notification Area Icon" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Typing | |
## | |
# Spelling | |
# Autocorrect misspelled words: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnableAutocorrection" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Highlight misspelled words: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnableSpellchecking" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Typing | |
# Show text suggestions as I type on the software keyboard: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnableTextPrediction" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Add a space after I choose a text suggestion: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnablePredictionSpaceInsertion" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Add a period after I double-tap the Spacebar: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnableDoubleTapSpace" -PropertyType DWord -Value 0 -Force | Out-Null | |
# How AI has helped you | |
# Typing insights: Off | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Input\Settings")) { | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Input")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Input" | Out-Null | |
} | |
New-Item -Path "HKCU:\Software\Microsoft\Input\Settings" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\Settings" -Name "InsightsEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Hardware keyboard | |
# Show text suggestions as I type: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\Settings" -Name "EnableHwkbTextPrediction" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Autocorrect misspelled words as I type: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\Settings" -Name "EnableHwkbAutocorrection2" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Multilingual text suggestions | |
# Show text suggestions based on the recognized languages you're typing in | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\Settings" -Name "MultilingualEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Autoplay | |
## | |
# Use AutoPlay for all media and devices: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -PropertyType DWord -Value 1 -Force | Out-Null | |
#################################################################################################### | |
# Network & Internet # | |
#################################################################################################### | |
## | |
# Wi-Fi | |
## | |
# Hotspot 2.0 networks: Off | |
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\WlanSvc\AnqpCache")) { | |
New-Item -Path "HKLM:\Software\Microsoft\WlanSvc\AnqpCache" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\WlanSvc\AnqpCache" -Name "OsuRegistrationStatus" -PropertyType DWord -Value 0 -Force | Out-Null | |
#################################################################################################### | |
# Personalization # | |
#################################################################################################### | |
## | |
# Background | |
## | |
# Increase JPEG background image quality to 100 | |
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "JPEGImportQuality" -PropertyType DWord -Value 100 -Force | Out-Null | |
## | |
# Lockscreen | |
## | |
# Turn off Windows Spotlight pictures and fun facts, tips, tricks, and more on lock screen | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Disable lockscreen. Because it's annoying having to press an extra key to enter a password | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" -PropertyType DWord -Value 1 -Force | Out-Null | |
## | |
# Start | |
## | |
# Show recently added apps: Off | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name "HideRecentlyAddedApps" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Show most used apps: Off | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name "NoStartMenuMFUprogramsList" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Show suggestions occasionally in Start: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338388Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# # Show recetly opened items in Jump Lists on Start or the task and in File Explorer Quick Access: Off | |
# New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Start_TrackDocs" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Remove all Start menu tiles | |
$TileCollection = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\*start.tilegrid`$windows.data.curatedtilecollection.tilecollection\Current" | |
$Value = $TileCollection.Data[0..25] + ([byte[]](202,50,0,226,44,1,1,0,0)) | |
New-ItemProperty -Path $TileCollection.PSPath -Name Data -PropertyType Binary -Value $Value -Force | Out-Null | |
Remove-Variable -Name TileCollection, Value | |
## | |
# Taskbar | |
## | |
# Always show all icons in the notification area: On | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Search: Hidden | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Show Cortana button: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowCortanaButton" -PropertyType DWord -Value 0 -Force | Out-Null | |
# News and interests: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Feeds" -Name "ShellFeedsTaskbarViewMode" -PropertyType DWord -Value 2 -Force | Out-Null | |
#################################################################################################### | |
# Apps # | |
#################################################################################################### | |
## | |
# Apps & features | |
## | |
# Prevent Windows from silently installing suggested apps | |
$CdmProperties = @( | |
"OemPreInstalledAppsEnabled" | |
"PreInstalledAppsEnabled" | |
"SilentInstalledAppsEnabled" | |
) | |
foreach ($CdmProperty in $CdmProperties) { | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name $CdmProperty -PropertyType DWord -Value 0 -Force | Out-Null | |
} | |
Remove-Variable -Name CdmProperties | |
# Remove unnecessary pre-installed or silently installed apps | |
$ProvisionedApps = @( | |
"king.com.BubbleWitch3Saga" | |
"king.com.CandyCrushFriends" | |
"*Microsoft.549981C3F5F10*" | |
"Microsoft.BingNews" | |
"Microsoft.BingWeather" | |
"Microsoft.GetHelp" | |
"Microsoft.Getstarted" | |
"Microsoft.Messaging" | |
"Microsoft.Microsoft3DViewer" | |
"Microsoft.MicrosoftBingNews" | |
"Microsoft.MicrosoftOfficeHub" | |
"Microsoft.MicrosoftSolitaireCollection" | |
"Microsoft.MicrosoftStickyNotes" | |
"Microsoft.MixedReality.Portal" | |
"Microsoft.MSPaint" | |
"Microsoft.Office.OneNote" | |
"Microsoft.OneConnect" | |
"Microsoft.People" | |
"Microsoft.Print3D" | |
"Microsoft.SkypeApp" | |
"Microsoft.Todos" | |
"Microsoft.WindowsCamera" | |
"Microsoft.windowscommunicationsapps" | |
"Microsoft.WindowsFeedbackHub" | |
"Microsoft.WindowsMaps" | |
# "Microsoft.Xbox.TCUI" | |
# "Microsoft.XboxApp" | |
# "Microsoft.XboxGameOverlay" | |
# "Microsoft.XboxGamingOverlay" | |
# "Microsoft.XboxIdentityProvider" | |
# "Microsoft.XboxSpeechToTextOverlay" | |
"Microsoft.YourPhone" | |
) | |
foreach ($ProvisionedApp in $ProvisionedApps) { | |
Get-AppxPackage -AllUsers -Name $ProvisionedApp | Remove-AppxPackage | Out-Null | |
Get-AppXProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $ProvisionedApp } | Remove-AppxProvisionedPackage -Online | Out-Null | |
} | |
Remove-Variable -Name ProvisionedApps | |
# Remove OneDrive | |
Stop-Process -Name "onedrive" -Force | |
Start-Process "$Env:WinDir\SysWOW64\OneDriveSetup.exe" "/uninstall" | |
Remove-Item -Path "$Env:AppData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk" | |
# Remove PC Health Check | |
$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -match "Windows PC Health Check" } | |
$app.Uninstall() | |
# Optional features | |
# Uninstall Internet Explorer 11 | |
Remove-WindowsCapability -Online -Name "Browser.InternetExplorer~~~~0.0.11.0" | Out-Null | |
# Uninstall Microsoft Quick Assist | |
Remove-WindowsCapability -Online -Name "App.Support.QuickAssist~~~~0.0.1.0" | Out-Null | |
# Uninstall Steps Recorder | |
Remove-WindowsCapability -Online -Name "App.StepsRecorder~~~~0.0.1.0" | Out-Null | |
# Uninstall Windows Hello Face | |
Remove-WindowsCapability -Online -Name "Hello.Face.18967~~~~0.0.1.0" | Out-Null | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\HelloFace\" -TaskName "FODCleanupTask" | Disable-ScheduledTask | Out-Null | |
# Uninstall Windows Media Player | |
Remove-WindowsCapability -Online -Name "Media.WindowsMediaPlayer~~~~0.0.12.0" | Out-Null | |
# Uninstall WordPad | |
Remove-WindowsCapability -Online -Name "Microsoft.Windows.WordPad~~~~0.0.1.0" | Out-Null | |
# Uninstall Microsoft XPS Document Writer from legacy Windows Features | |
$FeatureName = "Printing-XPSServices-Features" | |
if (Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq $FeatureName -and $_.State -eq "Enabled" }) { | |
Disable-WindowsOptionalFeature -Online -FeatureName $FeatureName -NoRestart | Out-Null | |
} | |
Remove-Variable -Name FeatureName | |
## | |
# Offline maps | |
## | |
# Automatically update maps: Off | |
New-ItemProperty -Path "HKLM:\System\Maps" -Name "AutoUpdateEnabled" -Type DWord -Value 0 -Force | Out-Null | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsToastTask" | Disable-ScheduledTask | Out-Null | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsUpdateTask" | Disable-ScheduledTask | Out-Null | |
#################################################################################################### | |
# Accounts # | |
#################################################################################################### | |
## | |
# Sign-in options | |
## | |
# Automatically save my restartable apps when I sign out and restart them after I sign in: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "RestartApps" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Use my sign-in info to automatically finish setting up my device after an update or restart: Off | |
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$SID")) { | |
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO")) { | |
New-Item -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO" | Out-Null | |
} | |
New-Item -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$SID" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$SID" -Name "OptOut" -PropertyType DWord -Value 1 -Force | Out-Null | |
## | |
# Sync your settings | |
## | |
# Sync settings: Off. | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSync" -PropertyType DWord -Value 2 -Force | Out-Null | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSyncUserOverride" -PropertyType DWord -Value 1 -Force | Out-Null | |
#################################################################################################### | |
# Time & Language # | |
#################################################################################################### | |
## | |
# Region | |
## | |
# Country or Region: Turkey | |
Set-WinHomeLocation -GeoId 0xeb | |
## | |
# Language | |
## | |
# Disable hot keys for `Between input languages` | |
# Switch Input Language: Not Assigned | |
New-ItemProperty -Path "HKCU:\Keyboard Layout\Toggle" -Name "Hotkey" -PropertyType String -Value "3" -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Keyboard Layout\Toggle" -Name "Language Hotkey" -PropertyType String -Value "3" -Force | Out-Null | |
# Switch Keyboard Language: Not Assigned | |
New-ItemProperty -Path "HKCU:\Keyboard Layout\Toggle" -Name "Layout Hotkey" -PropertyType String -Value "3" -Force | Out-Null | |
# Preferred languages | |
# Add Turkish Q keyboard layout to preferred language (Which is `English (United States)`) | |
$LanguageList = Get-WinUserLanguageList | |
$LanguageList[0].InputMethodTips.Clear() | |
$KeyboardLayouts = @( | |
# US | |
"0409:00000409" | |
# Turkish Q | |
"0409:0000041F" | |
) | |
foreach ($KeyboardLayout in $KeyboardLayouts) { | |
$LanguageList[0].InputMethodTips.Add($KeyboardLayout) | |
} | |
Set-WinUserLanguageList $LanguageList -Force | |
Remove-Variable -Name LanguageList, KeyboardLayouts | |
#################################################################################################### | |
# Gaming # | |
#################################################################################################### | |
# ## | |
# # Xbox Game Bar | |
# ## | |
# # Enable Xbox Game Bar for things like recording game clips, chatting with friends, and receiving | |
# # game invites.: Off | |
# New-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name "GameDVR_Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\GameDVR" -Name "AppCaptureEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# ## | |
# # Game Mode | |
# ## | |
# # Game Mode: Off | |
# New-ItemProperty -Path "HKCU:\Software\Microsoft\GameBar" -Name "AutoGameModeEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
#################################################################################################### | |
# Ease of Access # | |
#################################################################################################### | |
## | |
# Keyboard | |
## | |
# Allow the shortcut key to start Sticky Keys: Off | |
New-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -PropertyType String -Value "506" -Force | Out-Null | |
# Allow the shortcut key to start Toggle Keys: Off | |
New-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -PropertyType String -Value "58" -Force | Out-Null | |
# Allow the shortcut key to start Filter Keys: Off | |
New-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -PropertyType String -Value "126" -Force | Out-Null | |
# Use PrtScn button to open screen snipping: On | |
New-ItemProperty -Path "HKCU:\Control Panel\Keyboard" -Name "PrintScreenKeyForSnippingEnabled" -PropertyType DWord -Value 1 -Force | Out-Null | |
#################################################################################################### | |
# Search # | |
#################################################################################################### | |
## | |
# Permissions & History | |
## | |
# SafeSearch: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\SearchSettings" -Name "SafeSearchMode" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Cloud content search: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\SearchSettings" -Name "IsMSACloudSearchEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Search history on this device: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\SearchSettings" -Name "IsDeviceSearchHistoryEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Searching Windows | |
## | |
# Disable Windows Search indexing | |
Set-Service -Name "WSearch" -StartupType Disabled | |
Stop-Service -Name "WSearch" -Force | |
#################################################################################################### | |
# Privacy # | |
#################################################################################################### | |
####################### | |
# Windows permissions # | |
####################### | |
## | |
# General | |
## | |
# Let apps use advertising ID to make ads more interesting to you based on your app activity: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Let websites provide locally relevant content by accessing my language list: Off | |
New-ItemProperty -Path "HKCU:\Control Panel\International\User Profile" -Name "HttpAcceptLanguageOptOut" -PropertyType DWord -Value 1 -Force | Out-Null | |
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Internet Explorer\International" -Name "AcceptLanguage" -Force | Out-Null | |
# Let Windows track app launches to improve Start and search results: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Start_TrackProgs" -PropertyType DWord -Value 0 -Force | Out-Null | |
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Internet Explorer" -Name "TypedURLs" -Force | Out-Null | |
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "TypedPaths" -Force | Out-Null | |
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "RunMRU" -Force | Out-Null | |
# Show me suggested content in the Settings app: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338393Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353694Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353696Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Speech | |
## | |
# Online speech recognition: Off | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy")) { | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings" | Out-Null | |
} | |
New-Item -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" -Name "HasAccepted" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Inking & typing personalization | |
## | |
# Use your typing history and handwriting patterns to create a personal dictionary that makes better | |
# suggestions for you: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -PropertyType DWord -Value 1 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -PropertyType DWord -Value 1 -Force | Out-Null | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) { | |
New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Diagnostics & feedback | |
## | |
# Turn off diagnostic data and telemetry | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "MaxAllowTelemetry" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Improve inking and typing: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Tailored experiences: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Feedback frequency: Never | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Siuf\Rules")) { | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Siuf")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Siuf" | Out-Null | |
} | |
New-Item -Path "HKCU:\Software\Microsoft\Siuf\Rules" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -PropertyType DWord -Value 0 -Force | Out-Null | |
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "PeriodInNanoSeconds" -Force | Out-Null | |
# ... | |
# Disable Customer Experience Improvement Program | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\SQMClient\Windows")) { | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\SQMClient")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\SQMClient" | Out-Null | |
} | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\SQMClient\Windows" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\SQMClient\Windows" -Name "CEIPEnable" -PropertyType DWord -Value 0 -Force | Out-Null | |
$CeipTasks = [ordered]@{ | |
"Consolidator" = "\Microsoft\Windows\Customer Experience Improvement Program\" | |
"Microsoft Compatibility Appraiser" = "\Microsoft\Windows\Application Experience\" | |
"PcaPatchDbTask" = "\Microsoft\Windows\Application Experience\" | |
"ProgramDataUpdater" = "\Microsoft\Windows\Application Experience\" | |
"Proxy" = "\Microsoft\Windows\Autochk\" | |
"StartupAppTask" = "\Microsoft\Windows\Application Experience\" | |
"UsbCeip" = "\Microsoft\Windows\Customer Experience Improvement Program\" | |
} | |
foreach ($CeipTask in $CeipTasks.Keys) { | |
Get-ScheduledTask -TaskPath $CeipTasks.$CeipTask -TaskName $CeipTask | Disable-ScheduledTask | Out-Null | |
} | |
Remove-Variable -Name CeipTasks | |
# Disable Connected User Experiences and Telemetry service | |
Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\DiagTrack" | |
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\DiagTrack" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null | |
Stop-Service -Name "DiagTrack" -Force | |
## | |
# Activity history | |
## | |
# Store my activity history on this device: Off | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name "EnableActivityFeed" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Send my activity history to Microsoft: Off | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name "UploadUserActivities" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Show activities from these accounts: Off | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name "PublishUserActivities" -PropertyType DWord -Value 0 -Force | Out-Null | |
################### | |
# App permissions # | |
################### | |
## | |
# Location | |
## | |
# Allow access to location on this device: On | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -PropertyType String -Value "Allow" -Force | Out-Null | |
# Allow apps to access your location: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -PropertyType String -Value "Deny" -Force | Out-Null | |
## | |
# Voice acivation | |
## | |
# Allow apps to use voice activation: Off | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps")) { | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation" | Out-Null | |
} | |
New-Item -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" -Name "AgentActivationEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# ... | |
## | |
$AccessConsents = @( | |
# Notifications | |
"userNotificationListener" | |
# Account info | |
"userAccountInformation" | |
# Contacts | |
"contacts" | |
# Calendar | |
"appointments" | |
# Phone calls | |
"phoneCall" | |
# Call history | |
"phoneCallHistory" | |
"email" | |
# Tasks | |
"userDataTasks" | |
# Messaging | |
"chat" | |
# Radios | |
"radios" | |
# Other devices | |
"bluetoothSync" | |
# App diagnostics | |
"appDiagnostics" | |
) | |
$KeyPath = "Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore" | |
foreach ($AccessConsent in $AccessConsents) { | |
if (-not (Test-Path -Path "HKCU:\$KeyPath\$AccessConsent")) { | |
New-Item -Path "HKCU:\$KeyPath\$AccessConsent" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\$KeyPath\$AccessConsent" -Name "Value" -PropertyType String -Value "Deny" -Force | Out-Null | |
New-ItemProperty -Path "HKLM:\$KeyPath\$AccessConsent" -Name "Value" -PropertyType String -Value "Deny" -Force | Out-Null | |
} | |
Remove-Variable -Name AccessConsents, KeyPath | |
#################################################################################################### | |
# Update & Security # | |
#################################################################################################### | |
## | |
# Windows Update | |
## | |
# Disable automatic checking and installation of Windows updates | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU")) { | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" | Out-Null | |
} | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Automatically update device drivers | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Delivery Optimization: Off | |
## | |
# Allow downloads from other PCs: Off | |
Set-DODownloadMode -DownloadMode 0 | |
Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\DoSvc" | |
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\DoSvc" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null | |
Stop-Service -Name "DoSvc" -Force | |
Delete-DeliveryOptimizationCache -Force | |
## | |
# Windows Security | |
## | |
# Disable Windows Defender | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection")) { | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" | Out-Null | |
} | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" | Out-Null | |
} | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Features")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Features" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntispyware" -PropertyType DWord -Value 1 -Force | Out-Null | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Features" -Name "TamperProtection" -PropertyType DWord -Value 0 -Force | Out-Null | |
$WdPolicyProperties = $( | |
"DisableBehaviorMonitoring" | |
"DisableIOAVProtection" | |
"DisableOnAccessProtection" | |
"DisableRealtimeMonitoring" | |
"DisableScanOnRealtimeEnable" | |
) | |
foreach ($WdPolicyProperty in $WdPolicyProperties) { | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name $WdPolicyProperty -PropertyType DWord -Value 1 -Force | Out-Null | |
} | |
Remove-Variable -Name WdPolicyProperties | |
# $WdServices = $( | |
# "WdNisSvc" | |
# "WinDefend" | |
# ) | |
# foreach ($WdService in $WdServices) { | |
# Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\$WdService" | |
# New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\$WdService" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null | |
# Stop-Service "$WdService" -Force | |
# } | |
# Remove-Variable -Name WdServices | |
$WdScheduledTasks = @( | |
"Windows Defender Cache Maintenance" | |
"Windows Defender Cleanup" | |
"Windows Defender Scheduled Scan" | |
"Windows Defender Verification" | |
) | |
foreach ($WdScheduledTask in $WdScheduledTasks) { | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Windows Defender\" -TaskName $WdScheduledTask | Disable-ScheduledTask | Out-Null | |
} | |
Remove-Variable -Name WdScheduledTasks | |
# Disable SmartScreen | |
# Check apps and files: Off | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -PropertyType String -Value "Off" -Force | Out-Null | |
# SmartScreen for Microsoft Edge: Off | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Edge")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Edge" | Out-Null | |
} | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Edge\SmartScreenEnabled")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Edge\SmartScreenEnabled" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Edge\SmartScreenEnabled" -Name "(Default)" -PropertyType DWord -Value 0 -Force | Out-Null | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Edge\SmartScreenPuaEnabled")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Edge\SmartScreenPuaEnabled" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Edge\SmartScreenPuaEnabled" -Name "(Default)" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows Security Health\State" -Name "AppAndBrowser_EdgeSmartScreenOff" -PropertyType DWord -Value 0 -Force | Out-Null | |
# SmartScreen for Microsoft Store apps: Off | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppHost")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppHost" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -PropertyType DWord -Value 0 -Force | Out-Null | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows Security Health\State" -Name "AppAndBrowser_StoreAppsSmartScreenOff" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Prevent Windows Security from running in background | |
# # Disable "Windows Security Service" | |
# Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\SecurityHealthService" | |
# New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\SecurityHealthService" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null | |
# Stop-Service -Name "SecurityHealthService" -Force | |
# # Disable "Security Center" service | |
# Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\wscsvc" | |
# New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\wscsvc" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null | |
# Stop-Service -Name "wscsvc" -Force | |
# Remove "Windows Security notification icon" from startup | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center\Systray")) { | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center" | Out-Null | |
} | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center\Systray" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center\Systray" -Name "HideSystray" -PropertyType DWord -Value 1 -Force | Out-Null | |
Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "SecurityHealth" -Force | Out-Null | |
Stop-Process -Name "SecurityHealthSystray" -Force | |
# Windows Security misc. | |
# No UAC consent prompts for administrators | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Disable Attachment Manager (Security warnings when opening files) | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" -Name "SaveZoneInformation" -PropertyType DWord -Value 2 -Force | Out-Null | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" -Name "ScanWithAntiVirus" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Disable "The publisher couldn't be verified. Are you sure you want to run this software?" dialog | |
Set-ItemAdminPermissions -PSDrive "HKCU" -Path "Software\Microsoft\Windows\CurrentVersion\Policies" | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Associations")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" -Name "LowRiskFileTypes" -PropertyType String -Value ".zip;.rar;.nfo;.txt;.exe;.bat;.vbs;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;" -Force | Out-Null | |
## | |
# Find my device | |
## | |
# Find my device: Off | |
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\Settings\FindMyDevice")) { | |
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\Settings")) { | |
New-Item -Path "HKLM:\Software\Microsoft\Settings" | Out-Null | |
} | |
New-Item -Path "HKLM:\Software\Microsoft\Settings\FindMyDevice" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Settings\FindMyDevice" -Name "LocationSyncEnabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
#################################################################################################### | |
# Settings and System Configuration Misc. # | |
#################################################################################################### | |
# Disable System Protection | |
Disable-ComputerRestore -Drive "$Env:HomeDrive" | |
# Disable Windows Error Reporting | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\Windows Error Reporting" -Name "Disabled" -PropertyType DWord -Value 1 -Force | Out-Null | |
Set-Service -Name "WerSvc" -StartupType Disabled | |
Stop-Service -Name "WerSvc" -Force | |
# Disable Offline Files | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\NetCache")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\NetCache" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\NetCache" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
Set-Service -Name "CscService" -StartupType Disabled | |
Stop-Service -Name "CscService" -Force | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Offline Files\" -TaskName "Background Synchronization" | Disable-ScheduledTask | Out-Null | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Offline Files\" -TaskName "Logon Synchronization" | Disable-ScheduledTask | Out-Null | |
# Disable NTFS Last Access Time Stamp Updates | |
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\FileSystem" -Name "NtfsDisableLastAccessUpdate" -PropertyType DWord -Value 0x80000003 -Force | Out-Null | |
# Enable Win32 Long Paths | |
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\FileSystem" -Name "LongPathsEnabled" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Disable Automatic Maintenance | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" -Name "MaintenanceDisabled" -PropertyType DWord -Value 1 -Force | Out-Null | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Diagnosis\" -TaskName "RecommendedTroubleshootingScanner" | Disable-ScheduledTask | Out-Null | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Diagnosis\" -TaskName "Scheduled" | Disable-ScheduledTask | Out-Null | |
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Maintenance\" -TaskName "WinSAT" | Disable-ScheduledTask | Out-Null | |
# Disable Security and Maintenance notifications | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Disable "Look for an app in the Store" from the file open with dialogue | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name "NoUseStoreOpenWith" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Disable Windows Spotlight | |
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\CloudContent")) { | |
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\CloudContent" | Out-Null | |
} | |
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsSpotlightFeatures" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Disable some unnecessary services | |
# http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/ | |
$ServiceNames = @( | |
# Payments and NFC/SE Manager service | |
"SEMgrSvc" | |
# Program Compatibility Assistant Service | |
"PcaSvc" | |
) | |
foreach ($ServiceName in $ServiceNames) { | |
Set-Service -Name "$ServiceName" -StartupType Disabled | |
Stop-Service -Name "$ServiceName" -Force | |
} | |
Remove-Variable -Name ServiceNames | |
#################################################################################################### | |
# File Explorer # | |
#################################################################################################### | |
## | |
# General | |
## | |
# Open File Explorer to: This PC | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Show recently used files in Quick access: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowRecent" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Show frequently used folders in Quick access: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowFrequent" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# View | |
## | |
# Hide extensions for known file types: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -PropertyType DWord -Value 0 -Force | Out-Null | |
# Hide protected operating system files: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowSuperHidden" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Show status bar: Off | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowStatusBar" -PropertyType DWord -Value 0 -Force | Out-Null | |
## | |
# Search | |
## | |
# Don't use the index when searching in file folders for system files: On | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\Preferences")) { | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search" | Out-Null | |
} | |
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\Preferences" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\Preferences" -Name "WholeFileSystem" -PropertyType DWord -Value 1 -Force | Out-Null | |
## | |
# Quick Access | |
## | |
$Shell = New-Object -ComObject Shell.Application | |
$QuickAccessItems = $Shell.Namespace("shell:::{679F85CB-0220-4080-B29B-5540CC05AAB6}").Items() | |
# Remove default pinned items | |
$ItemsToUnpin = @( | |
"Desktop" | |
"Documents" | |
"Downloads" | |
"Pictures" | |
) | |
foreach ($ItemToUnpin in $ItemsToUnpin) { | |
($QuickAccessItems | Where-Object { $_.Name -eq $ItemToUnpin }).InvokeVerb("unpinfromhome") | |
} | |
# Pin home directory | |
if (-not ($QuickAccessItems | Where-Object { $_.Path -eq $Home })) { | |
$Shell.NameSpace($Home).Self.InvokeVerb("pintohome") | |
} | |
Remove-Variable -Name QuickAccessItems, ItemsToUnpin | |
## | |
# Context Menu | |
## | |
# Remove "Share" context menu item | |
Remove-Item -LiteralPath "HKCR:\*\shellex\ContextMenuHandlers\ModernSharing" | |
# Remove "Give access to" context menu item | |
Remove-Item -LiteralPath "HKCR:\*\shellex\ContextMenuHandlers\Sharing" | |
Remove-Item -Path "HKCR:\Directory\Background\shellex\ContextMenuHandlers\Sharing" | |
Remove-Item -Path "HKCR:\Directory\shellex\ContextMenuHandlers\Sharing" | |
Remove-Item -Path "HKCR:\Drive\shellex\ContextMenuHandlers\Sharing" | |
# Remove "Restore previous versions" context menu item | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "NoPreviousVersionsPage" -PropertyType DWord -Value 1 -Force | Out-Null | |
# Remove "Include in library" context menu item | |
Remove-Item -Path "HKCR:\Folder\ShellEx\ContextMenuHandlers\Library Location" | |
# Remove "Pin to Start" context menu item | |
Remove-Item -Path "HKCR:\exefile\shellex\ContextMenuHandlers\PintoStartScreen" | |
Remove-Item -Path "HKCR:\Folder\shellex\ContextMenuHandlers\PintoStartScreen" | |
Remove-Item -Path "HKCR:\Microsoft.Website\ShellEx\ContextMenuHandlers\PintoStartScreen" | |
Remove-Item -Path "HKCR:\mscfile\shellex\ContextMenuHandlers\PintoStartScreen" | |
# Clear "Send to" context menu | |
$SendToTargets = @( | |
# Compressed (zipped) folder | |
"Compressed (zipped) Folder.ZFSendToTarget" | |
# Documents | |
"Documents.mydocs" | |
# Fax recipient | |
"Fax Recipient.lnk" | |
# Mail recipient | |
"Mail Recipient.MAPIMail" | |
) | |
foreach ($SendToTarget in $SendToTargets) { | |
Remove-Item -Path "$Env:AppData\Microsoft\Windows\SendTo\$SendToTarget" | |
} | |
Remove-Variable -Name SendToTargets | |
## | |
# File Explorer misc. | |
## | |
# Disable F1 Help key in Explorer and on the Desktop | |
$RegKeys = @( | |
"HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}" | |
"HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}\1.0" | |
"HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}\1.0\0" | |
"HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}\1.0\0\win64" | |
) | |
foreach ($RegKey in $RegKeys) { | |
if (-not (Test-Path -Path $RegKey)) { | |
New-Item -Path $RegKey | Out-Null | |
} | |
} | |
Remove-Variable -Name RegKeys | |
New-ItemProperty -Path "HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}\1.0\0\win64" -Name "(Default)" -PropertyType String -Value "" -Force | Out-Null | |
# Remove "3D Objects" folder from This PC | |
$RegKeyPattern = "Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" | |
$RegKeys = @( | |
"HKLM:\Software\$RegKeyPattern" | |
"HKLM:\Software\Wow6432Node\$RegKeyPattern" | |
) | |
foreach ($RegKey in $RegKeys) { | |
if (-not (Test-Path -Path $RegKey)) { | |
New-Item -Path $RegKey | Out-Null | |
} | |
New-ItemProperty -Path $RegKey -Name "ThisPCPolicy" -PropertyType String -Value "Hide" -Force | Out-Null | |
} | |
Remove-Variable -Name RegKeyPattern, RegKeys | |
# Hide removable drives from navigation pane | |
Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}" | Out-Null | |
Remove-Item -Path "HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}" | Out-Null | |
# Hide "Network" from navigation pane | |
Set-ItemAdminPermissions -PSDrive "HKCR" -Path "ClsId\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" | |
Set-ItemAdminPermissions -PSDrive "HKLM" -Path "Software\Wow6432Node\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" | |
New-ItemProperty -Path "HKCR:\ClsId\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" -Name "Attributes" -PropertyType DWord -Value 2962489444 -Force | Out-Null | |
New-ItemProperty -Path "HKLM:\Software\Wow6432Node\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" -Name "Attributes" -PropertyType DWord -Value 2962489444 -Force | Out-Null | |
# Remove "Meet Now" from tray | |
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { | |
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null | |
} | |
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "HideSCAMeetNow" -PropertyType DWord -Value 1 -Force | Out-Null | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "HideSCAMeetNow" -PropertyType DWord -Value 1 -Force | Out-Null | |
#################################################################################################### | |
# FINISHING UP # | |
#################################################################################################### | |
# Clear winget cache | |
$WinGetData = "$Env:LocalAppData\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe" | |
Get-ChildItem -Path $WinGetData -Filter "*.exe" -Recurse -File | Remove-Item | |
Get-ChildItem -Path $WinGetData -Filter "*.msi" -Recurse -File | Remove-Item | |
Remove-Variable -Name WinGetData | |
# Run Disk Cleanup for system drive | |
# Based on: https://www.powershellgallery.com/packages/Invoke-WindowsDiskCleanup/1.0/Content/Invoke-WindowsDiskCleanup.ps1 | |
Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\*" | | |
Remove-ItemProperty -Name "StateFlags0000" | |
$Files = @( | |
"Active Setup Temp Folders" | |
"D3D Shader Cache" | |
"Delivery Optimization Files" | |
"Device Driver Packages" | |
"Diagnostic Data Viewer database files" | |
"Downloaded Program Files" | |
"Internet Cache Files" | |
"Language Pack" | |
"Offline Pages Files" | |
"Old ChkDsk Files" | |
"Previous Installations" | |
"RetailDemo Offline Content" | |
"Setup Log Files" | |
"System error memory dump files" | |
"System error minidump files" | |
"Temporary Files" | |
"Temporary Setup Files" | |
"Thumbnail Cache" | |
"Update Cleanup" | |
"Upgrade Discarded Files" | |
"User file versions" | |
"Windows Defender" | |
"Windows Error Reporting Files" | |
"Windows ESD installation files" | |
"Windows Upgrade Log Files" | |
) | |
foreach ($File in $Files) { | |
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\$File" -Name "StateFlags0000" -PropertyType DWord -Value 2 -Force | Out-Null | |
} | |
Remove-Variable -Name Files | |
Write-Host "==> Running Disk Cleanup for $Env:SystemDrive" | |
Start-Process -FilePath "CleanMgr.exe" -ArgumentList '/sagerun:0' -Wait | |
# Clear user temporary files, because some reason disk cleanup skips it | |
Remove-Item -Path "$Env:Temp" -Recurse -Force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment