Skip to content

Instantly share code, notes, and snippets.

@eplord

eplord/windows.ps1

Forked from dyavuz/windows.ps1
Created March 2, 2025 09:21
Show Gist options
  • Save eplord/6613f16947f1ee3142d17a131106219b to your computer and use it in GitHub Desktop.
Save eplord/6613f16947f1ee3142d17a131106219b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
windows.ps1
####################################################################################################
# BOOTSTRAP #
####################################################################################################
# Run script as Administrator if the session isn't elevated
if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
$ArgumentList = "-NoExit -NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`""
Start-Process -FilePath "powershell.exe" -ArgumentList "$ArgumentList" -Verb RunAs
Exit
}
# Don't halt the script for any confirmation
$ConfirmPreference = "None"
# Don't show progress bars, as it slows down download speed considerably.
# See: https://stackoverflow.com/a/43477248
$ProgressPreference = "SilentlyContinue"
# Don't exit the script if any error occurs
$ErrorActionPreference = "SilentlyContinue"
# Add HKEY_CLASSES_ROOT PSDrive
if (-not (Test-Path -Path "HKCR:")) {
New-PSDrive -Name "HKCR" -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" | Out-Null
}
####################################################################################################
# Global Variables & Objects #
####################################################################################################
# If provided, take the first parameter of the calling script and set is as device name
# It'll be used for setting hostname and calling device specific script if it exists.
if ($args[0]) {
$DeviceName = $args[0]
} else {
$DeviceName = $Env:ComputerName
}
# User account security identifier
$SID = (Get-CimInstance -ClassName Win32_UserAccount | Where-Object -FilterScript { $_.Name -eq $Env:Username }).SID
####################################################################################################
# Misc. #
####################################################################################################
# Install PoshPrivelege to enable specific privilege or privileges on the current process.
# https://www.powershellgallery.com/packages/PoshPrivilege
if (-not (Get-Module -ListAvailable -Name PoshPrivilege)) {
Install-Module -Name PoshPrivilege -Confirm:$False
}
Import-Module PoshPrivilege
# Helper function to change owner and provide full control of a registry key under HKLM
Function Set-ItemAdminPermissions {
Param(
[Parameter(Mandatory=$False)] [string]$PSDrive,
[Parameter(Mandatory=$True)] [string]$Path
)
Enable-Privilege -Privilege SeTakeOwnershipPrivilege
if ($PSDrive -eq "HKLM") {
$regHive = [Microsoft.Win32.RegistryHive]::LocalMachine
} elseif ($PSDrive -eq "HKCU") {
$regHive = [Microsoft.Win32.RegistryHive]::CurrentUser
} elseif ($PSDrive -eq "HKCR") {
$regHive = [Microsoft.Win32.RegistryHive]::ClassesRoot
}
$regView = [Microsoft.Win32.RegistryView]::Registry64
$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey($regHive, $regView)
$key = $reg.OpenSubKey($Path, 'ReadWriteSubTree', 'TakeOwnership')
$acl = $key.GetAccessControl()
$owner = [System.Security.Principal.NTAccount]"BuiltIn\Administrators"
$acl.SetOwner($owner)
$key.SetAccessControl($acl)
$regRights = [System.Security.AccessControl.RegistryRights]::FullControl
$inhFlags = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit
$prFlags = [System.Security.AccessControl.PropagationFlags]::None
$acType = [System.Security.AccessControl.AccessControlType]::Allow
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($owner, $regRights, $inhFlags, $prFlags, $acType)
$acl.AddAccessRule($rule)
$key.SetAccessControl($acl)
}
####################################################################################################
# ESSENTIALS & DEPENDENCIES #
####################################################################################################
####################################################################################################
# winget #
####################################################################################################
##
# WinGet settings
##
$WinGetSettingsJson = "$Env:LocalAppData\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\settings.json"
# WinGet preferences
$WinGetSettings = [ordered]@{
experimentalFeatures = [ordered]@{
"experimentalMSStore" = $False;
};
network = [ordered]@{
"downloader" = "wininet";
};
source = [ordered]@{
"autoUpdateIntervalInMinutes" = 0;
};
}
# Save to the file with UTF8 without BOM encoding
[System.IO.File]::WriteAllLines("$WinGetSettingsJson", ($WinGetSettings | ConvertTo-Json -Compress))
# Update WinGet sources list
winget source reset --force
winget source update
Remove-Variable -Name WinGetSettings WinGetSettingsJson
####################################################################################################
# Libraries & Frameworks #
####################################################################################################
# Install Microsoft Visual C++ Redistributable Packages
$VcRedists = [ordered]@{
"2005" = "/Q"
"2008" = "/q"
"2010" = "/q /norestart"
"2012" = "/install /quiet /norestart"
"2013" = "/install /quiet /norestart"
"2015+" = "/install /quiet /norestart"
}
foreach ($VcRedistYear in $VcRedists.Keys) {
foreach ($Arch in "x86", "x64") {
& winget install --accept-source-agreements --accept-package-agreements --exact "Microsoft.VCRedist.${VcRedistYear}.${Arch}" --override $VcRedists.$VcRedistYear
}
}
Remove-Variable -Name VcRedists
# Install .NET Framework 3.5 (includes .NET 2.0 and 3.0)
$FeatureName = "NetFx3"
if (Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq $FeatureName -and $_.State -like "Disabled*" }) {
Enable-WindowsOptionalFeature -Online -FeatureName $FeatureName -NoRestart | Out-Null
}
Remove-Variable -Name FeatureName
####################################################################################################
# SETTINGS & SYSTEM CONFIGURATION #
####################################################################################################
####################################################################################################
# System #
####################################################################################################
##
# Notifications
##
# Show me the Windows welcome experience after updated and occasionally when I sign in to highlight
# what's new and suggested: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-310093Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Suggest ways I can finish setting up my device to get the most out of Windows: Off
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement")) {
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Name "ScoobeSystemSettingEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Get tips, tricks, and suggestions as you use Windows: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338389Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Multitasking
##
# Disable Aero Shake
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "DisallowShaking" -PropertyType DWord -Value 1 -Force | Out-Null
# Disable vertical maximizing of Windows
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "SnapSizing" -PropertyType String -Value "0" -Force | Out-Null
# Show suggestions in your timeline: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353698Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Pressing Alt + Tab shows: Open windows only
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "MultiTaskingAltTabFilter" -PropertyType DWord -Value 3 -Force | Out-Null
##
# Shared experiences
##
# Share across devices: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CDP" -Name "CdpSessionUserAuthzPolicy" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CDP" -Name "NearShareChannelUserAuthzPolicy" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CDP" -Name "RomeSdkChannelUserAuthzPolicy" -PropertyType DWord -Value 0 -Force | Out-Null
# Disable Connected Devices Platform Service
$CDPServices = @(
"CDPSvc"
"CDPUserSvc"
)
foreach ($CDPService in $CDPServices) {
Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\$CDPService"
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\$CDPService" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null
Stop-Service -Name "cbdhsvc" -Force
}
Remove-Variable -Name $CDPService
##
# Clipboard
##
# Clipboard history: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Clipboard" -Name "EnableClipboardHistory" -PropertyType DWord -Value 0 -Force | Out-Null
##
# About
##
# Rename the PC if the `DeviceName` variable is set
if ($Env:ComputerName -ne $DeviceName) {
$Env:ComputerName = $DeviceName
Rename-Computer -NewName $Env:ComputerName
}
####################################################################################################
# Devices #
####################################################################################################
##
# Bluetooth & other devices
##
# Show Bluetooth icon in the notification area: Off
New-ItemProperty -Path "HKCU:\Control Panel\Bluetooth" -Name "Notification Area Icon" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Typing
##
# Spelling
# Autocorrect misspelled words: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnableAutocorrection" -PropertyType DWord -Value 0 -Force | Out-Null
# Highlight misspelled words: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnableSpellchecking" -PropertyType DWord -Value 0 -Force | Out-Null
# Typing
# Show text suggestions as I type on the software keyboard: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnableTextPrediction" -PropertyType DWord -Value 0 -Force | Out-Null
# Add a space after I choose a text suggestion: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnablePredictionSpaceInsertion" -PropertyType DWord -Value 0 -Force | Out-Null
# Add a period after I double-tap the Spacebar: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\TabletTip\1.7" -Name "EnableDoubleTapSpace" -PropertyType DWord -Value 0 -Force | Out-Null
# How AI has helped you
# Typing insights: Off
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Input\Settings")) {
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Input")) {
New-Item -Path "HKCU:\Software\Microsoft\Input" | Out-Null
}
New-Item -Path "HKCU:\Software\Microsoft\Input\Settings" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\Settings" -Name "InsightsEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Hardware keyboard
# Show text suggestions as I type: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\Settings" -Name "EnableHwkbTextPrediction" -PropertyType DWord -Value 0 -Force | Out-Null
# Autocorrect misspelled words as I type: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\Settings" -Name "EnableHwkbAutocorrection2" -PropertyType DWord -Value 0 -Force | Out-Null
# Multilingual text suggestions
# Show text suggestions based on the recognized languages you're typing in
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\Settings" -Name "MultilingualEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Autoplay
##
# Use AutoPlay for all media and devices: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -PropertyType DWord -Value 1 -Force | Out-Null
####################################################################################################
# Network & Internet #
####################################################################################################
##
# Wi-Fi
##
# Hotspot 2.0 networks: Off
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\WlanSvc\AnqpCache")) {
New-Item -Path "HKLM:\Software\Microsoft\WlanSvc\AnqpCache" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Microsoft\WlanSvc\AnqpCache" -Name "OsuRegistrationStatus" -PropertyType DWord -Value 0 -Force | Out-Null
####################################################################################################
# Personalization #
####################################################################################################
##
# Background
##
# Increase JPEG background image quality to 100
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "JPEGImportQuality" -PropertyType DWord -Value 100 -Force | Out-Null
##
# Lockscreen
##
# Turn off Windows Spotlight pictures and fun facts, tips, tricks, and more on lock screen
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Disable lockscreen. Because it's annoying having to press an extra key to enter a password
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" -PropertyType DWord -Value 1 -Force | Out-Null
##
# Start
##
# Show recently added apps: Off
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name "HideRecentlyAddedApps" -PropertyType DWord -Value 1 -Force | Out-Null
# Show most used apps: Off
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name "NoStartMenuMFUprogramsList" -PropertyType DWord -Value 1 -Force | Out-Null
# Show suggestions occasionally in Start: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338388Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
# # Show recetly opened items in Jump Lists on Start or the task and in File Explorer Quick Access: Off
# New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Start_TrackDocs" -PropertyType DWord -Value 0 -Force | Out-Null
# Remove all Start menu tiles
$TileCollection = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\*start.tilegrid`$windows.data.curatedtilecollection.tilecollection\Current"
$Value = $TileCollection.Data[0..25] + ([byte[]](202,50,0,226,44,1,1,0,0))
New-ItemProperty -Path $TileCollection.PSPath -Name Data -PropertyType Binary -Value $Value -Force | Out-Null
Remove-Variable -Name TileCollection, Value
##
# Taskbar
##
# Always show all icons in the notification area: On
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -PropertyType DWord -Value 0 -Force | Out-Null
# Search: Hidden
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -PropertyType DWord -Value 0 -Force | Out-Null
# Show Cortana button: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowCortanaButton" -PropertyType DWord -Value 0 -Force | Out-Null
# News and interests: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Feeds" -Name "ShellFeedsTaskbarViewMode" -PropertyType DWord -Value 2 -Force | Out-Null
####################################################################################################
# Apps #
####################################################################################################
##
# Apps & features
##
# Prevent Windows from silently installing suggested apps
$CdmProperties = @(
"OemPreInstalledAppsEnabled"
"PreInstalledAppsEnabled"
"SilentInstalledAppsEnabled"
)
foreach ($CdmProperty in $CdmProperties) {
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name $CdmProperty -PropertyType DWord -Value 0 -Force | Out-Null
}
Remove-Variable -Name CdmProperties
# Remove unnecessary pre-installed or silently installed apps
$ProvisionedApps = @(
"king.com.BubbleWitch3Saga"
"king.com.CandyCrushFriends"
"*Microsoft.549981C3F5F10*"
"Microsoft.BingNews"
"Microsoft.BingWeather"
"Microsoft.GetHelp"
"Microsoft.Getstarted"
"Microsoft.Messaging"
"Microsoft.Microsoft3DViewer"
"Microsoft.MicrosoftBingNews"
"Microsoft.MicrosoftOfficeHub"
"Microsoft.MicrosoftSolitaireCollection"
"Microsoft.MicrosoftStickyNotes"
"Microsoft.MixedReality.Portal"
"Microsoft.MSPaint"
"Microsoft.Office.OneNote"
"Microsoft.OneConnect"
"Microsoft.People"
"Microsoft.Print3D"
"Microsoft.SkypeApp"
"Microsoft.Todos"
"Microsoft.WindowsCamera"
"Microsoft.windowscommunicationsapps"
"Microsoft.WindowsFeedbackHub"
"Microsoft.WindowsMaps"
# "Microsoft.Xbox.TCUI"
# "Microsoft.XboxApp"
# "Microsoft.XboxGameOverlay"
# "Microsoft.XboxGamingOverlay"
# "Microsoft.XboxIdentityProvider"
# "Microsoft.XboxSpeechToTextOverlay"
"Microsoft.YourPhone"
)
foreach ($ProvisionedApp in $ProvisionedApps) {
Get-AppxPackage -AllUsers -Name $ProvisionedApp | Remove-AppxPackage | Out-Null
Get-AppXProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $ProvisionedApp } | Remove-AppxProvisionedPackage -Online | Out-Null
}
Remove-Variable -Name ProvisionedApps
# Remove OneDrive
Stop-Process -Name "onedrive" -Force
Start-Process "$Env:WinDir\SysWOW64\OneDriveSetup.exe" "/uninstall"
Remove-Item -Path "$Env:AppData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"
# Remove PC Health Check
$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -match "Windows PC Health Check" }
$app.Uninstall()
# Optional features
# Uninstall Internet Explorer 11
Remove-WindowsCapability -Online -Name "Browser.InternetExplorer~~~~0.0.11.0" | Out-Null
# Uninstall Microsoft Quick Assist
Remove-WindowsCapability -Online -Name "App.Support.QuickAssist~~~~0.0.1.0" | Out-Null
# Uninstall Steps Recorder
Remove-WindowsCapability -Online -Name "App.StepsRecorder~~~~0.0.1.0" | Out-Null
# Uninstall Windows Hello Face
Remove-WindowsCapability -Online -Name "Hello.Face.18967~~~~0.0.1.0" | Out-Null
Get-ScheduledTask -TaskPath "\Microsoft\Windows\HelloFace\" -TaskName "FODCleanupTask" | Disable-ScheduledTask | Out-Null
# Uninstall Windows Media Player
Remove-WindowsCapability -Online -Name "Media.WindowsMediaPlayer~~~~0.0.12.0" | Out-Null
# Uninstall WordPad
Remove-WindowsCapability -Online -Name "Microsoft.Windows.WordPad~~~~0.0.1.0" | Out-Null
# Uninstall Microsoft XPS Document Writer from legacy Windows Features
$FeatureName = "Printing-XPSServices-Features"
if (Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq $FeatureName -and $_.State -eq "Enabled" }) {
Disable-WindowsOptionalFeature -Online -FeatureName $FeatureName -NoRestart | Out-Null
}
Remove-Variable -Name FeatureName
##
# Offline maps
##
# Automatically update maps: Off
New-ItemProperty -Path "HKLM:\System\Maps" -Name "AutoUpdateEnabled" -Type DWord -Value 0 -Force | Out-Null
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsToastTask" | Disable-ScheduledTask | Out-Null
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsUpdateTask" | Disable-ScheduledTask | Out-Null
####################################################################################################
# Accounts #
####################################################################################################
##
# Sign-in options
##
# Automatically save my restartable apps when I sign out and restart them after I sign in: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "RestartApps" -PropertyType DWord -Value 0 -Force | Out-Null
# Use my sign-in info to automatically finish setting up my device after an update or restart: Off
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$SID")) {
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO")) {
New-Item -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO" | Out-Null
}
New-Item -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$SID" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$SID" -Name "OptOut" -PropertyType DWord -Value 1 -Force | Out-Null
##
# Sync your settings
##
# Sync settings: Off.
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSync" -PropertyType DWord -Value 2 -Force | Out-Null
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\SettingSync" -Name "DisableSettingSyncUserOverride" -PropertyType DWord -Value 1 -Force | Out-Null
####################################################################################################
# Time & Language #
####################################################################################################
##
# Region
##
# Country or Region: Turkey
Set-WinHomeLocation -GeoId 0xeb
##
# Language
##
# Disable hot keys for `Between input languages`
# Switch Input Language: Not Assigned
New-ItemProperty -Path "HKCU:\Keyboard Layout\Toggle" -Name "Hotkey" -PropertyType String -Value "3" -Force | Out-Null
New-ItemProperty -Path "HKCU:\Keyboard Layout\Toggle" -Name "Language Hotkey" -PropertyType String -Value "3" -Force | Out-Null
# Switch Keyboard Language: Not Assigned
New-ItemProperty -Path "HKCU:\Keyboard Layout\Toggle" -Name "Layout Hotkey" -PropertyType String -Value "3" -Force | Out-Null
# Preferred languages
# Add Turkish Q keyboard layout to preferred language (Which is `English (United States)`)
$LanguageList = Get-WinUserLanguageList
$LanguageList[0].InputMethodTips.Clear()
$KeyboardLayouts = @(
# US
"0409:00000409"
# Turkish Q
"0409:0000041F"
)
foreach ($KeyboardLayout in $KeyboardLayouts) {
$LanguageList[0].InputMethodTips.Add($KeyboardLayout)
}
Set-WinUserLanguageList $LanguageList -Force
Remove-Variable -Name LanguageList, KeyboardLayouts
####################################################################################################
# Gaming #
####################################################################################################
# ##
# # Xbox Game Bar
# ##
# # Enable Xbox Game Bar for things like recording game clips, chatting with friends, and receiving
# # game invites.: Off
# New-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name "GameDVR_Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
# New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\GameDVR" -Name "AppCaptureEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
# ##
# # Game Mode
# ##
# # Game Mode: Off
# New-ItemProperty -Path "HKCU:\Software\Microsoft\GameBar" -Name "AutoGameModeEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
####################################################################################################
# Ease of Access #
####################################################################################################
##
# Keyboard
##
# Allow the shortcut key to start Sticky Keys: Off
New-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -PropertyType String -Value "506" -Force | Out-Null
# Allow the shortcut key to start Toggle Keys: Off
New-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -PropertyType String -Value "58" -Force | Out-Null
# Allow the shortcut key to start Filter Keys: Off
New-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -PropertyType String -Value "126" -Force | Out-Null
# Use PrtScn button to open screen snipping: On
New-ItemProperty -Path "HKCU:\Control Panel\Keyboard" -Name "PrintScreenKeyForSnippingEnabled" -PropertyType DWord -Value 1 -Force | Out-Null
####################################################################################################
# Search #
####################################################################################################
##
# Permissions & History
##
# SafeSearch: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\SearchSettings" -Name "SafeSearchMode" -PropertyType DWord -Value 0 -Force | Out-Null
# Cloud content search: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\SearchSettings" -Name "IsMSACloudSearchEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Search history on this device: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\SearchSettings" -Name "IsDeviceSearchHistoryEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Searching Windows
##
# Disable Windows Search indexing
Set-Service -Name "WSearch" -StartupType Disabled
Stop-Service -Name "WSearch" -Force
####################################################################################################
# Privacy #
####################################################################################################
#######################
# Windows permissions #
#######################
##
# General
##
# Let apps use advertising ID to make ads more interesting to you based on your app activity: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Let websites provide locally relevant content by accessing my language list: Off
New-ItemProperty -Path "HKCU:\Control Panel\International\User Profile" -Name "HttpAcceptLanguageOptOut" -PropertyType DWord -Value 1 -Force | Out-Null
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Internet Explorer\International" -Name "AcceptLanguage" -Force | Out-Null
# Let Windows track app launches to improve Start and search results: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Start_TrackProgs" -PropertyType DWord -Value 0 -Force | Out-Null
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Internet Explorer" -Name "TypedURLs" -Force | Out-Null
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "TypedPaths" -Force | Out-Null
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "RunMRU" -Force | Out-Null
# Show me suggested content in the Settings app: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338393Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353694Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353696Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Speech
##
# Online speech recognition: Off
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy")) {
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings")) {
New-Item -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings" | Out-Null
}
New-Item -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" -Name "HasAccepted" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Inking & typing personalization
##
# Use your typing history and handwriting patterns to create a personal dictionary that makes better
# suggestions for you: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -PropertyType DWord -Value 1 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -PropertyType DWord -Value 1 -Force | Out-Null
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) {
New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Diagnostics & feedback
##
# Turn off diagnostic data and telemetry
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "MaxAllowTelemetry" -PropertyType DWord -Value 0 -Force | Out-Null
# Improve inking and typing: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Tailored experiences: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Feedback frequency: Never
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Siuf\Rules")) {
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Siuf")) {
New-Item -Path "HKCU:\Software\Microsoft\Siuf" | Out-Null
}
New-Item -Path "HKCU:\Software\Microsoft\Siuf\Rules" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -PropertyType DWord -Value 0 -Force | Out-Null
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "PeriodInNanoSeconds" -Force | Out-Null
# ...
# Disable Customer Experience Improvement Program
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\SQMClient\Windows")) {
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\SQMClient")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\SQMClient" | Out-Null
}
New-Item -Path "HKLM:\Software\Policies\Microsoft\SQMClient\Windows" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\SQMClient\Windows" -Name "CEIPEnable" -PropertyType DWord -Value 0 -Force | Out-Null
$CeipTasks = [ordered]@{
"Consolidator" = "\Microsoft\Windows\Customer Experience Improvement Program\"
"Microsoft Compatibility Appraiser" = "\Microsoft\Windows\Application Experience\"
"PcaPatchDbTask" = "\Microsoft\Windows\Application Experience\"
"ProgramDataUpdater" = "\Microsoft\Windows\Application Experience\"
"Proxy" = "\Microsoft\Windows\Autochk\"
"StartupAppTask" = "\Microsoft\Windows\Application Experience\"
"UsbCeip" = "\Microsoft\Windows\Customer Experience Improvement Program\"
}
foreach ($CeipTask in $CeipTasks.Keys) {
Get-ScheduledTask -TaskPath $CeipTasks.$CeipTask -TaskName $CeipTask | Disable-ScheduledTask | Out-Null
}
Remove-Variable -Name CeipTasks
# Disable Connected User Experiences and Telemetry service
Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\DiagTrack"
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\DiagTrack" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null
Stop-Service -Name "DiagTrack" -Force
##
# Activity history
##
# Store my activity history on this device: Off
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name "EnableActivityFeed" -PropertyType DWord -Value 0 -Force | Out-Null
# Send my activity history to Microsoft: Off
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name "UploadUserActivities" -PropertyType DWord -Value 0 -Force | Out-Null
# Show activities from these accounts: Off
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name "PublishUserActivities" -PropertyType DWord -Value 0 -Force | Out-Null
###################
# App permissions #
###################
##
# Location
##
# Allow access to location on this device: On
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -PropertyType String -Value "Allow" -Force | Out-Null
# Allow apps to access your location: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -PropertyType String -Value "Deny" -Force | Out-Null
##
# Voice acivation
##
# Allow apps to use voice activation: Off
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps")) {
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation")) {
New-Item -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation" | Out-Null
}
New-Item -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" -Name "AgentActivationEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
##
# ...
##
$AccessConsents = @(
# Notifications
"userNotificationListener"
# Account info
"userAccountInformation"
# Contacts
"contacts"
# Calendar
"appointments"
# Phone calls
"phoneCall"
# Call history
"phoneCallHistory"
# Email
"email"
# Tasks
"userDataTasks"
# Messaging
"chat"
# Radios
"radios"
# Other devices
"bluetoothSync"
# App diagnostics
"appDiagnostics"
)
$KeyPath = "Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore"
foreach ($AccessConsent in $AccessConsents) {
if (-not (Test-Path -Path "HKCU:\$KeyPath\$AccessConsent")) {
New-Item -Path "HKCU:\$KeyPath\$AccessConsent" | Out-Null
}
New-ItemProperty -Path "HKCU:\$KeyPath\$AccessConsent" -Name "Value" -PropertyType String -Value "Deny" -Force | Out-Null
New-ItemProperty -Path "HKLM:\$KeyPath\$AccessConsent" -Name "Value" -PropertyType String -Value "Deny" -Force | Out-Null
}
Remove-Variable -Name AccessConsents, KeyPath
####################################################################################################
# Update & Security #
####################################################################################################
##
# Windows Update
##
# Disable automatic checking and installation of Windows updates
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU")) {
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" | Out-Null
}
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -PropertyType DWord -Value 1 -Force | Out-Null
# Automatically update device drivers
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Delivery Optimization: Off
##
# Allow downloads from other PCs: Off
Set-DODownloadMode -DownloadMode 0
Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\DoSvc"
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\DoSvc" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null
Stop-Service -Name "DoSvc" -Force
Delete-DeliveryOptimizationCache -Force
##
# Windows Security
##
# Disable Windows Defender
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection")) {
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" | Out-Null
}
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" | Out-Null
}
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Features")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Features" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntispyware" -PropertyType DWord -Value 1 -Force | Out-Null
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Features" -Name "TamperProtection" -PropertyType DWord -Value 0 -Force | Out-Null
$WdPolicyProperties = $(
"DisableBehaviorMonitoring"
"DisableIOAVProtection"
"DisableOnAccessProtection"
"DisableRealtimeMonitoring"
"DisableScanOnRealtimeEnable"
)
foreach ($WdPolicyProperty in $WdPolicyProperties) {
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name $WdPolicyProperty -PropertyType DWord -Value 1 -Force | Out-Null
}
Remove-Variable -Name WdPolicyProperties
# $WdServices = $(
# "WdNisSvc"
# "WinDefend"
# )
# foreach ($WdService in $WdServices) {
# Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\$WdService"
# New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\$WdService" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null
# Stop-Service "$WdService" -Force
# }
# Remove-Variable -Name WdServices
$WdScheduledTasks = @(
"Windows Defender Cache Maintenance"
"Windows Defender Cleanup"
"Windows Defender Scheduled Scan"
"Windows Defender Verification"
)
foreach ($WdScheduledTask in $WdScheduledTasks) {
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Windows Defender\" -TaskName $WdScheduledTask | Disable-ScheduledTask | Out-Null
}
Remove-Variable -Name WdScheduledTasks
# Disable SmartScreen
# Check apps and files: Off
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -PropertyType String -Value "Off" -Force | Out-Null
# SmartScreen for Microsoft Edge: Off
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Edge")) {
New-Item -Path "HKCU:\Software\Microsoft\Edge" | Out-Null
}
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Edge\SmartScreenEnabled")) {
New-Item -Path "HKCU:\Software\Microsoft\Edge\SmartScreenEnabled" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Edge\SmartScreenEnabled" -Name "(Default)" -PropertyType DWord -Value 0 -Force | Out-Null
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Edge\SmartScreenPuaEnabled")) {
New-Item -Path "HKCU:\Software\Microsoft\Edge\SmartScreenPuaEnabled" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Edge\SmartScreenPuaEnabled" -Name "(Default)" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows Security Health\State" -Name "AppAndBrowser_EdgeSmartScreenOff" -PropertyType DWord -Value 0 -Force | Out-Null
# SmartScreen for Microsoft Store apps: Off
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppHost")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppHost" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -PropertyType DWord -Value 0 -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows Security Health\State" -Name "AppAndBrowser_StoreAppsSmartScreenOff" -PropertyType DWord -Value 0 -Force | Out-Null
# Prevent Windows Security from running in background
# # Disable "Windows Security Service"
# Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\SecurityHealthService"
# New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\SecurityHealthService" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null
# Stop-Service -Name "SecurityHealthService" -Force
# # Disable "Security Center" service
# Set-ItemAdminPermissions -PSDrive "HKLM" -Path "System\CurrentControlSet\Services\wscsvc"
# New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\wscsvc" -Name "Start" -PropertyType DWord -Value 4 -Force | Out-Null
# Stop-Service -Name "wscsvc" -Force
# Remove "Windows Security notification icon" from startup
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center\Systray")) {
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center" | Out-Null
}
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center\Systray" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender Security Center\Systray" -Name "HideSystray" -PropertyType DWord -Value 1 -Force | Out-Null
Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "SecurityHealth" -Force | Out-Null
Stop-Process -Name "SecurityHealthSystray" -Force
# Windows Security misc.
# No UAC consent prompts for administrators
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -PropertyType DWord -Value 0 -Force | Out-Null
# Disable Attachment Manager (Security warnings when opening files)
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments")) {
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" -Name "SaveZoneInformation" -PropertyType DWord -Value 2 -Force | Out-Null
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" -Name "ScanWithAntiVirus" -PropertyType DWord -Value 1 -Force | Out-Null
# Disable "The publisher couldn't be verified. Are you sure you want to run this software?" dialog
Set-ItemAdminPermissions -PSDrive "HKCU" -Path "Software\Microsoft\Windows\CurrentVersion\Policies"
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Associations")) {
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" -Name "LowRiskFileTypes" -PropertyType String -Value ".zip;.rar;.nfo;.txt;.exe;.bat;.vbs;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;" -Force | Out-Null
##
# Find my device
##
# Find my device: Off
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\Settings\FindMyDevice")) {
if (-not (Test-Path -Path "HKLM:\Software\Microsoft\Settings")) {
New-Item -Path "HKLM:\Software\Microsoft\Settings" | Out-Null
}
New-Item -Path "HKLM:\Software\Microsoft\Settings\FindMyDevice" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Microsoft\Settings\FindMyDevice" -Name "LocationSyncEnabled" -PropertyType DWord -Value 0 -Force | Out-Null
####################################################################################################
# Settings and System Configuration Misc. #
####################################################################################################
# Disable System Protection
Disable-ComputerRestore -Drive "$Env:HomeDrive"
# Disable Windows Error Reporting
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\Windows Error Reporting" -Name "Disabled" -PropertyType DWord -Value 1 -Force | Out-Null
Set-Service -Name "WerSvc" -StartupType Disabled
Stop-Service -Name "WerSvc" -Force
# Disable Offline Files
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\NetCache")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\NetCache" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\NetCache" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
Set-Service -Name "CscService" -StartupType Disabled
Stop-Service -Name "CscService" -Force
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Offline Files\" -TaskName "Background Synchronization" | Disable-ScheduledTask | Out-Null
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Offline Files\" -TaskName "Logon Synchronization" | Disable-ScheduledTask | Out-Null
# Disable NTFS Last Access Time Stamp Updates
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\FileSystem" -Name "NtfsDisableLastAccessUpdate" -PropertyType DWord -Value 0x80000003 -Force | Out-Null
# Enable Win32 Long Paths
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\FileSystem" -Name "LongPathsEnabled" -PropertyType DWord -Value 1 -Force | Out-Null
# Disable Automatic Maintenance
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" -Name "MaintenanceDisabled" -PropertyType DWord -Value 1 -Force | Out-Null
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Diagnosis\" -TaskName "RecommendedTroubleshootingScanner" | Disable-ScheduledTask | Out-Null
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Diagnosis\" -TaskName "Scheduled" | Disable-ScheduledTask | Out-Null
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Maintenance\" -TaskName "WinSAT" | Disable-ScheduledTask | Out-Null
# Disable Security and Maintenance notifications
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance")) {
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null
# Disable "Look for an app in the Store" from the file open with dialogue
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name "NoUseStoreOpenWith" -PropertyType DWord -Value 1 -Force | Out-Null
# Disable Windows Spotlight
if (-not (Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\CloudContent")) {
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\CloudContent" | Out-Null
}
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsSpotlightFeatures" -PropertyType DWord -Value 1 -Force | Out-Null
# Disable some unnecessary services
# http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/
$ServiceNames = @(
# Payments and NFC/SE Manager service
"SEMgrSvc"
# Program Compatibility Assistant Service
"PcaSvc"
)
foreach ($ServiceName in $ServiceNames) {
Set-Service -Name "$ServiceName" -StartupType Disabled
Stop-Service -Name "$ServiceName" -Force
}
Remove-Variable -Name ServiceNames
####################################################################################################
# File Explorer #
####################################################################################################
##
# General
##
# Open File Explorer to: This PC
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -PropertyType DWord -Value 1 -Force | Out-Null
# Show recently used files in Quick access: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowRecent" -PropertyType DWord -Value 0 -Force | Out-Null
# Show frequently used folders in Quick access: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowFrequent" -PropertyType DWord -Value 0 -Force | Out-Null
##
# View
##
# Hide extensions for known file types: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -PropertyType DWord -Value 0 -Force | Out-Null
# Hide protected operating system files: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowSuperHidden" -PropertyType DWord -Value 1 -Force | Out-Null
# Show status bar: Off
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowStatusBar" -PropertyType DWord -Value 0 -Force | Out-Null
##
# Search
##
# Don't use the index when searching in file folders for system files: On
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\Preferences")) {
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search")) {
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search" | Out-Null
}
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\Preferences" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\Preferences" -Name "WholeFileSystem" -PropertyType DWord -Value 1 -Force | Out-Null
##
# Quick Access
##
$Shell = New-Object -ComObject Shell.Application
$QuickAccessItems = $Shell.Namespace("shell:::{679F85CB-0220-4080-B29B-5540CC05AAB6}").Items()
# Remove default pinned items
$ItemsToUnpin = @(
"Desktop"
"Documents"
"Downloads"
"Pictures"
)
foreach ($ItemToUnpin in $ItemsToUnpin) {
($QuickAccessItems | Where-Object { $_.Name -eq $ItemToUnpin }).InvokeVerb("unpinfromhome")
}
# Pin home directory
if (-not ($QuickAccessItems | Where-Object { $_.Path -eq $Home })) {
$Shell.NameSpace($Home).Self.InvokeVerb("pintohome")
}
Remove-Variable -Name QuickAccessItems, ItemsToUnpin
##
# Context Menu
##
# Remove "Share" context menu item
Remove-Item -LiteralPath "HKCR:\*\shellex\ContextMenuHandlers\ModernSharing"
# Remove "Give access to" context menu item
Remove-Item -LiteralPath "HKCR:\*\shellex\ContextMenuHandlers\Sharing"
Remove-Item -Path "HKCR:\Directory\Background\shellex\ContextMenuHandlers\Sharing"
Remove-Item -Path "HKCR:\Directory\shellex\ContextMenuHandlers\Sharing"
Remove-Item -Path "HKCR:\Drive\shellex\ContextMenuHandlers\Sharing"
# Remove "Restore previous versions" context menu item
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "NoPreviousVersionsPage" -PropertyType DWord -Value 1 -Force | Out-Null
# Remove "Include in library" context menu item
Remove-Item -Path "HKCR:\Folder\ShellEx\ContextMenuHandlers\Library Location"
# Remove "Pin to Start" context menu item
Remove-Item -Path "HKCR:\exefile\shellex\ContextMenuHandlers\PintoStartScreen"
Remove-Item -Path "HKCR:\Folder\shellex\ContextMenuHandlers\PintoStartScreen"
Remove-Item -Path "HKCR:\Microsoft.Website\ShellEx\ContextMenuHandlers\PintoStartScreen"
Remove-Item -Path "HKCR:\mscfile\shellex\ContextMenuHandlers\PintoStartScreen"
# Clear "Send to" context menu
$SendToTargets = @(
# Compressed (zipped) folder
"Compressed (zipped) Folder.ZFSendToTarget"
# Documents
"Documents.mydocs"
# Fax recipient
"Fax Recipient.lnk"
# Mail recipient
"Mail Recipient.MAPIMail"
)
foreach ($SendToTarget in $SendToTargets) {
Remove-Item -Path "$Env:AppData\Microsoft\Windows\SendTo\$SendToTarget"
}
Remove-Variable -Name SendToTargets
##
# File Explorer misc.
##
# Disable F1 Help key in Explorer and on the Desktop
$RegKeys = @(
"HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}"
"HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}\1.0"
"HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}\1.0\0"
"HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}\1.0\0\win64"
)
foreach ($RegKey in $RegKeys) {
if (-not (Test-Path -Path $RegKey)) {
New-Item -Path $RegKey | Out-Null
}
}
Remove-Variable -Name RegKeys
New-ItemProperty -Path "HKCU:\Software\Classes\Typelib\{8cec5860-07a1-11d9-b15e-000d56bfe6ee}\1.0\0\win64" -Name "(Default)" -PropertyType String -Value "" -Force | Out-Null
# Remove "3D Objects" folder from This PC
$RegKeyPattern = "Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag"
$RegKeys = @(
"HKLM:\Software\$RegKeyPattern"
"HKLM:\Software\Wow6432Node\$RegKeyPattern"
)
foreach ($RegKey in $RegKeys) {
if (-not (Test-Path -Path $RegKey)) {
New-Item -Path $RegKey | Out-Null
}
New-ItemProperty -Path $RegKey -Name "ThisPCPolicy" -PropertyType String -Value "Hide" -Force | Out-Null
}
Remove-Variable -Name RegKeyPattern, RegKeys
# Hide removable drives from navigation pane
Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}" | Out-Null
Remove-Item -Path "HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}" | Out-Null
# Hide "Network" from navigation pane
Set-ItemAdminPermissions -PSDrive "HKCR" -Path "ClsId\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder"
Set-ItemAdminPermissions -PSDrive "HKLM" -Path "Software\Wow6432Node\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder"
New-ItemProperty -Path "HKCR:\ClsId\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" -Name "Attributes" -PropertyType DWord -Value 2962489444 -Force | Out-Null
New-ItemProperty -Path "HKLM:\Software\Wow6432Node\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" -Name "Attributes" -PropertyType DWord -Value 2962489444 -Force | Out-Null
# Remove "Meet Now" from tray
if (-not (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) {
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null
}
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "HideSCAMeetNow" -PropertyType DWord -Value 1 -Force | Out-Null
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "HideSCAMeetNow" -PropertyType DWord -Value 1 -Force | Out-Null
####################################################################################################
# FINISHING UP #
####################################################################################################
# Clear winget cache
$WinGetData = "$Env:LocalAppData\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe"
Get-ChildItem -Path $WinGetData -Filter "*.exe" -Recurse -File | Remove-Item
Get-ChildItem -Path $WinGetData -Filter "*.msi" -Recurse -File | Remove-Item
Remove-Variable -Name WinGetData
# Run Disk Cleanup for system drive
# Based on: https://www.powershellgallery.com/packages/Invoke-WindowsDiskCleanup/1.0/Content/Invoke-WindowsDiskCleanup.ps1
Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\*" |
Remove-ItemProperty -Name "StateFlags0000"
$Files = @(
"Active Setup Temp Folders"
"D3D Shader Cache"
"Delivery Optimization Files"
"Device Driver Packages"
"Diagnostic Data Viewer database files"
"Downloaded Program Files"
"Internet Cache Files"
"Language Pack"
"Offline Pages Files"
"Old ChkDsk Files"
"Previous Installations"
"RetailDemo Offline Content"
"Setup Log Files"
"System error memory dump files"
"System error minidump files"
"Temporary Files"
"Temporary Setup Files"
"Thumbnail Cache"
"Update Cleanup"
"Upgrade Discarded Files"
"User file versions"
"Windows Defender"
"Windows Error Reporting Files"
"Windows ESD installation files"
"Windows Upgrade Log Files"
)
foreach ($File in $Files) {
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\$File" -Name "StateFlags0000" -PropertyType DWord -Value 2 -Force | Out-Null
}
Remove-Variable -Name Files
Write-Host "==> Running Disk Cleanup for $Env:SystemDrive"
Start-Process -FilePath "CleanMgr.exe" -ArgumentList '/sagerun:0' -Wait
# Clear user temporary files, because some reason disk cleanup skips it
Remove-Item -Path "$Env:Temp" -Recurse -Force
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment