API tools faq
paste
Guest User

Windows 10 Debloat v1.4.0.0

a guest
Aug 5th, 2015
4,604
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 68.79 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. NAME
  3. Debloat-Windows10.ps1
  4. DESCRIPTION
  5. Debloats and customizes Windows 10 Enterprise N LTSB. Please contain this on /g/ and don't leak it outside.
  6. It changes your privacy options in the settings app and disables scheduled tasks and services that are there
  7. to gather information about you. It also tweaks the registry to customize settings, make your font display properly
  8. on DPI scaling 125% and disable OneDrive completely. Windows Features are also disabled, such as Internet Explorer
  9. and XPS Viewer, while others are enabled such as .NET framework 3.5. On top of it all, it appends new lines to your
  10. hosts file that block Microsoft from collecting data on you, as well as enables or disables local policies to
  11. strengthen your privacy and security. This is a webm that illustrates the installation process:
  12. https://fuwa.se/m6b9oq.webm/debloat-windows.webm
  13. NOTES
  14. Website | the world is burning, everyone all together collectively install gentoo
  15. Author | Microsoft Engineer !JeCZI7VUg2
  16. Date | 8/5/2015
  17. Version | 1.4.0.0
  18. REQUIREMENTS
  19. ° Clean Windows installation
  20. ° Internet connection because I'm using 'PolicyFileEditor' module,
  21. if you need this to work offline, download the v2.0 of that module (google) and make sure it's installed
  22. ° You have to manually allow scripts to run (one time only, elevated powershell) so execute this command:
  23. Set-ExecutionPolicy RemoteSigned
  24. ° This is important! You have to wait for the OneDrive installation, after your first Windows login.
  25. It might take 5 minutes to pop up but you have to wait for it to install completely so we can nuke it properly.
  26. You'll know when it's done, because you'll have an icon in the bottom right tray bar.
  27. CHANGELOG
  28. 8/5/2015, 1.4.0.0 | tested with installing KB3081424 after script+reboot; no issues, no reset of settings
  29. settings: disabled sharing updates in local area network
  30. customize: added the old windows 7-8.1 volume mixer
  31. customize: disabling hibernation
  32. fixed the issue where you'll see errors when running the script multiple times (it's ok now)
  33.  
  34. 8/5/2015, 1.3.0.0 | disabling new scheduled task: microsoft\windows\application experience\programdataupdater
  35. added another customization which removes 'Network' in your explorer's left pane
  36. added another customization which removes 'HomeGroup' in your explorer's left pane
  37. added another customization which restores old windows update ui
  38. added more entries to the hosts file to make Skype ad-free
  39. doesn't download/prompt for PolicyFileEditor if you already have the module installed
  40. onedrive doesn't hang up the script anymore if it has been previously removed
  41. KNOWN ISSUES
  42. ° If another process is accessing your hosts file or your OneDrive folders, you will see error messages.
  43. I've only tested this on a barebone Windows 10 Enterprise N LTSB installation, so please make sure you're
  44. not syncing fils and folders with OneDrive and you don't have some weird virus.
  45. #>
  46.  
  47. cls
  48. $ErrorActionPreference = "Continue"
  49.  
  50. # =========================================================================================== Variables and Objects
  51. $settings = $true # Set to false to disable editing settings
  52. $hosts = $true # Set to false to disable editing hosts file
  53. $localpolicy = $true # Set to false to disable editing local policy
  54. $registry = $true # Set to false to disable editing registry
  55. $features = $false # Set to true to enable removing and enabling features
  56. $services = $true # Set to false to disable removing services
  57. $schdtasks = $true # Set to false to disable OOTB scheduled tasks
  58. $customize = $false # Set to true to enable customization tweaks
  59.  
  60. # ================================================================================= Functions (non script specific)
  61. # Takes Ownership of a registry sub key
  62. # hive values = ClassesRoot, CurrentUser, LocalMachine
  63. function TakeOwnership-RegKey($hive, $subkey)
  64. {
  65. $definition = @"
  66. using System;
  67. using System.Runtime.InteropServices;
  68.  
  69. namespace Win32Api
  70. {
  71.  
  72. public class NtDll
  73. {
  74. [DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")]
  75. public static extern int RtlAdjustPrivilege(ulong Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
  76. }
  77. }
  78. "@
  79.  
  80. Add-Type -TypeDefinition $definition -PassThru
  81.  
  82. $bEnabled = $false
  83.  
  84. # Enable SeTakeOwnershipPrivilege
  85. $res = [Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$bEnabled)
  86.  
  87. # Taking ownership
  88. switch ($hive.ToString().tolower())
  89. {
  90. "classesroot" { $key = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  91. "currentuser" { $key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  92. "localmachine" { $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  93. }
  94. $acl = $key.GetAccessControl()
  95. $acl.SetOwner([System.Security.Principal.NTAccount]"Administrators")
  96. $key.SetAccessControl($acl)
  97.  
  98. # Setting access to the key
  99. $acl = $key.GetAccessControl()
  100. $person = [System.Security.Principal.NTAccount]"Administrators"
  101. $access = [System.Security.AccessControl.RegistryRights]"FullControl"
  102. $inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit"
  103. $propagation = [System.Security.AccessControl.PropagationFlags]"None"
  104. $type = [System.Security.AccessControl.AccessControlType]"Allow"
  105.  
  106. $rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)
  107. $acl.SetAccessRule($rule)
  108. $key.SetAccessControl($acl)
  109.  
  110. $key.Close()
  111. }
  112.  
  113. # ===================================================================================== Functions (script specific)
  114. # Disable scheduled tasks
  115. function Disable-ScheduledTasks($isenable)
  116. {
  117. if ($schdtasks -eq $true)
  118. {
  119. Write-Progress -Activity "Disabling scheduled tasks" -Status "Progress:" -PercentComplete 0
  120.  
  121. schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /Disable | out-null
  122. schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /Disable | out-null
  123. schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable | out-null
  124. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable | out-null
  125. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable | out-null
  126. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /Disable | out-null
  127. schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable | out-null
  128. schtasks /Change /TN "Microsoft\Windows\NetTrace\GatherNetworkInfo" /Disable | out-null
  129. schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable | out-null
  130. # Not sure about the following task, but the reg hack doesn't work either, so this is a pain in the fucking ass, maybe someone will figure it out, leaving it here:
  131. # schtasks /Change /TN "Microsoft\Windows\SettingSync\BackgroundUploadTask" /Disable | Out-Null
  132. # TakeOwnership-RegKey "LocalMachine" "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" | Out-Null
  133. # New-Item -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00524425-019B-4FDD-B1C5-04767424D01B}" -Force | Out-Null
  134. # New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00524425-019B-4FDD-B1C5-04767424D01B}" -Name "Triggers" -PropertyType Binary -Value ([byte[]](0x17,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x4a,0x85,0x00,0x42,0x48,0x48,0x48,0x48,0xd9,0x2b,0x30,0x29,0x48,0x48,0x48,0x48,0x0c,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x55,0x00,0x73,0x00,0x65,0x00,0x72,0x00,0x73,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x00,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x05,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x0c,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x05,0x04,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x58,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x30,0x2a,0x00,0x00,0x80,0xf4,0x03,0x00,0xff,0xff,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa2,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)) -Force | Out-Null
  135.  
  136. Write-Progress -Activity "Disabling scheduled tasks" -Status "Progress:" -PercentComplete 4
  137. }
  138. }
  139. # Disable services
  140. function Disable-Services($isenable)
  141. {
  142. if ($isenable -eq $true)
  143. {
  144. Write-Progress -Activity "Disabling services" -Status "Progress:" -PercentComplete 4
  145. # Disable DiagTrack
  146. cmd /c sc config DiagTrack start= disabled | out-null
  147. cmd /c sc config dmwappushservice start= disabled | out-null
  148. cmd /c sc config diagnosticshub.standardcollector.service start= disabled | out-null
  149. cmd /c sc config TrkWks start= disabled | out-null
  150. cmd /c sc config WMPNetworkSvc start= disabled | out-null # Shouldn't exist but just making sure ...
  151. # Making sure the DiagTrack log is empty (tinfoil)
  152. Set-Content C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl -Value "" -Force
  153. Write-Progress -Activity "Disabling services" -Status "Progress:" -PercentComplete 7
  154. }
  155. }
  156. # Tweak settings app
  157. function Tweak-Settings($isenable)
  158. {
  159. if ($isenable -eq $true)
  160. {
  161. Write-Progress -Activity "Backing up registry" -Status "Progress:" -PercentComplete 10 # Let's be save
  162. if (!(test-path -PathType Leaf C:\registry-backup-hklm.reg)) { reg export HKLM C:\registry-backup-hklm.reg | Out-Null }
  163. if (!(test-path -PathType Leaf C:\registry-backup-hkcu.reg)) { reg export HKCU C:\registry-backup-hkcu.reg | Out-Null }
  164. if (!(test-path -PathType Leaf C:\registry-backup-hkcr.reg)) { reg export HKCR C:\registry-backup-hkcr.reg | Out-Null }
  165.  
  166. Write-Progress -Activity "Tweaking settings app" -Status "Progress:" -PercentComplete 12
  167. # Privacy -> General -> let websites provide locally relevant content by accessing my language list
  168. if ((Get-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Internet Explorer\International\" -Name AcceptLanguage -ErrorAction SilentlyContinue) -ne $null) { Remove-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Internet Explorer\International" -Name "AcceptLanguage" -Force }
  169. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:Control Panel\International\User Profile" -Name HttpAcceptLanguageOptOut -Value 1 | Out-Null
  170. # Privacy -> General -> turn on smartscreen filter to check web content that windows store apps use
  171. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost\" -Name EnableWebContentEvaluation -Value 0 -Force | Out-Null
  172. # Privacy -> Camera -> let apps use my camera
  173. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}" -Name Value -Value "Deny" | Out-Null
  174. # Privacy -> Microphone -> let apps use my microphone
  175. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}\" -Name Value -Value "Deny" | Out-Null
  176. # Privacy -> Account info -> let apps access my name, picture and other account info
  177. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}\" -Name Value -Value "Deny" | Out-Null
  178. # Privacy -> Calendar -> let apps access my calendar
  179. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}\" -Name Value -Value "Deny" | Out-Null
  180. # Privacy -> Messaging -> let apps read or send sms and text messages
  181. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}\" -Name Value -Value "Deny" | Out-Null
  182. # Privacy -> Radio -> let apps control radios
  183. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}\" -Name Value -Value "Deny" | Out-Null
  184. # Privacy -> Other devices -> sync with devices
  185. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled\" -Name Value -Value "Deny" | Out-Null
  186. # Privacy -> Feedback & Diagnostics -> feedback frequency
  187. New-Item -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null
  188. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name NumberOfSIUFInPeriod -Value 0 -Force | Out-Null
  189. if ((Get-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name PeriodInNanoSeconds -ErrorAction SilentlyContinue) -ne $null) { Remove-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name PeriodInNanoSeconds }
  190. # Ease of Access -> Other options -> Visual options -> play animations
  191. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:Control Panel\Desktop\WindowMetrics" -Name MinAnimate -Value 0 | Out-Null
  192. # Update & Security -> Windows Update -> Advanced -> Choose how updates are delviered -> Updates from more than one place (this is a GUI bug, registry is set properly even though it may show 'ON')
  193. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DownloadMode" -PropertyType DWORD -Value 0 | Out-Null
  194. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Value 0 | Out-Null
  195. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\" -Name "SystemSettingsDownloadMode" -Value 0 | Out-Null
  196.  
  197. Write-Progress -Activity "Tweaking settings app" -Status "Progress:" -PercentComplete 15
  198. }
  199. }
  200. # Append hosts file entries
  201. function Edit-Hosts($isenable)
  202. {
  203. if ($isenable -eq $true)
  204. {
  205. Write-Progress -Activity "Appending entries to hosts file" -Status "Progress:" -PercentComplete 15
  206. $file = "C:\Windows\System32\drivers\etc\hosts"
  207.  
  208. "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  209. "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  210. "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  211. "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  212. "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  213. "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  214. "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  215. "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  216. "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  217. "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  218. "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  219. "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  220. "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  221. "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  222. "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  223. "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  224. "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  225. "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  226. "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  227. "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  228. "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  229. "127.0.0.1 telemetry.appex.bing.net:443" | Out-File -encoding ASCII -append $file
  230. "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  231. "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  232. "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  233. "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  234. "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  235. "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  236. "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  237. "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  238. "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  239. "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  240. "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  241. "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  242. "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  243. "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  244. "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  245. "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  246. "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  247. "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  248. "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  249. "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  250. "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  251. "127.0.0.1 watson.microsoft.com" | Out-File -encoding ASCII -append $file
  252. "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  253. "127.0.0.1 wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  254. "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  255. "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  256. "127.0.0.1 survey.watson.microsoft.com" | Out-File -encoding ASCII -append $file
  257. "127.0.0.1 watson.live.com" | Out-File -encoding ASCII -append $file
  258. "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  259. "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  260. "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  261. "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  262. "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  263. "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  264. "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  265. "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  266. "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  267. "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  268. "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  269. "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  270. "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  271. "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  272. "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  273. "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  274. "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  275. "127.0.0.1 wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  276. "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  277. "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  278. "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  279. "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  280. "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  281. "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  282. "127.0.0.1 telemetry.appex.bing.net:443" | Out-File -encoding ASCII -append $file
  283. "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  284. "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  285. "127.0.0.1 survey.watson.microsoft.com" | Out-File -encoding ASCII -append $file
  286. "127.0.0.1 watson.live.com" | Out-File -encoding ASCII -append $file
  287. "127.0.0.1 watson.microsoft.com" | Out-File -encoding ASCII -append $file
  288. "127.0.0.1 statsfe2.ws.microsoft.com" | Out-File -encoding ASCII -append $file
  289. "127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com" | Out-File -encoding ASCII -append $file
  290. "127.0.0.1 compatexchange.cloudapp.net" | Out-File -encoding ASCII -append $file
  291. "127.0.0.1 cs1.wpc.v0cdn.net" | Out-File -encoding ASCII -append $file
  292. "127.0.0.1 a-0001.a-msedge.net" | Out-File -encoding ASCII -append $file
  293. "127.0.0.1 a-0002.a-msedge.net" | Out-File -encoding ASCII -append $file
  294. "127.0.0.1 a-0003.a-msedge.net" | Out-File -encoding ASCII -append $file
  295. "127.0.0.1 a-0004.a-msedge.net" | Out-File -encoding ASCII -append $file
  296. "127.0.0.1 a-0005.a-msedge.net" | Out-File -encoding ASCII -append $file
  297. "127.0.0.1 a-0006.a-msedge.net" | Out-File -encoding ASCII -append $file
  298. "127.0.0.1 a-0007.a-msedge.net" | Out-File -encoding ASCII -append $file
  299. "127.0.0.1 a-0008.a-msedge.net" | Out-File -encoding ASCII -append $file
  300. "127.0.0.1 a-0009.a-msedge.net" | Out-File -encoding ASCII -append $file
  301. "127.0.0.1 msedge.net" | Out-File -encoding ASCII -append $file
  302. "127.0.0.1 a-msedge.net" | Out-File -encoding ASCII -append $file
  303. "127.0.0.1 statsfe2.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  304. "127.0.0.1 sls.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  305. "127.0.0.1 fe2.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  306. "127.0.0.1 diagnostics.support.microsoft.com" | Out-File -encoding ASCII -append $file
  307. "127.0.0.1 corp.sts.microsoft.com" | Out-File -encoding ASCII -append $file
  308. "127.0.0.1 statsfe1.ws.microsoft.com" | Out-File -encoding ASCII -append $file
  309. "127.0.0.1 pre.footprintpredict.com" | Out-File -encoding ASCII -append $file
  310. "127.0.0.1 i1.services.social.microsoft.com" | Out-File -encoding ASCII -append $file
  311. "127.0.0.1 i1.services.social.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  312. "127.0.0.1 feedback.windows.com" | Out-File -encoding ASCII -append $file
  313. "127.0.0.1 feedback.microsoft-hohm.com" | Out-File -encoding ASCII -append $file
  314. "127.0.0.1 feedback.search.microsoft.com" | Out-File -encoding ASCII -append $file
  315.  
  316. # Skype ad-free
  317. "127.0.0.1 live.rads.msn.com" | Out-File -encoding ASCII -append $file
  318. "127.0.0.1 ads1.msn.com" | Out-File -encoding ASCII -append $file
  319. "127.0.0.1 static.2mdn.net" | Out-File -encoding ASCII -append $file
  320. "127.0.0.1 g.msn.com" | Out-File -encoding ASCII -append $file
  321. "127.0.0.1 a.ads2.msads.net" | Out-File -encoding ASCII -append $file
  322. "127.0.0.1 b.ads2.msads.net" | Out-File -encoding ASCII -append $file
  323. "127.0.0.1 ad.doubleclick.net" | Out-File -encoding ASCII -append $file
  324. "127.0.0.1 ac3.msn.com" | Out-File -encoding ASCII -append $file
  325. "127.0.0.1 rad.msn.com" | Out-File -encoding ASCII -append $file
  326. "127.0.0.1 msntest.serving-sys.com" | Out-File -encoding ASCII -append $file
  327. "127.0.0.1 bs.serving-sys.com1" | Out-File -encoding ASCII -append $file
  328. "127.0.0.1 flex.msn.com" | Out-File -encoding ASCII -append $file
  329. "127.0.0.1 ec.atdmt.com" | Out-File -encoding ASCII -append $file
  330. "127.0.0.1 cdn.atdmt.com" | Out-File -encoding ASCII -append $file
  331. "127.0.0.1 db3aqu.atdmt.com" | Out-File -encoding ASCII -append $file
  332. "127.0.0.1 cds26.ams9.msecn.net" | Out-File -encoding ASCII -append $file
  333. "127.0.0.1 sO.2mdn.net" | Out-File -encoding ASCII -append $file
  334. "127.0.0.1 aka-cdn-ns.adtech.de" | Out-File -encoding ASCII -append $file
  335. "127.0.0.1 secure.flashtalking.com" | Out-File -encoding ASCII -append $file
  336. "127.0.0.1 adnexus.net" | Out-File -encoding ASCII -append $file
  337. "127.0.0.1 adnxs.com" | Out-File -encoding ASCII -append $file
  338. "127.0.0.1 *.rad.msn.com" | Out-File -encoding ASCII -append $file
  339. "127.0.0.1 *.msads.net" | Out-File -encoding ASCII -append $file
  340. "127.0.0.1 *.msecn.net" | Out-File -encoding ASCII -append $file
  341.  
  342. Write-Progress -Activity "Appending entries to hosts file" -Status "Progress:" -PercentComplete 30
  343. }
  344. }
  345. # Secure local group policy for privacy
  346. # We'll need the PolicyFileEditor module for this
  347. function Tweak-LocalPolicy($isenable)
  348. {
  349. if ($isenable -eq $true)
  350. {
  351. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 30
  352.  
  353. $command = get-command Set-PolicyFileEntry -ErrorAction SilentlyContinue
  354. if ($command -eq $null) # Can't use the Set command so the module likely isn't working
  355. {
  356. Write-Host "No PolicyFileEditor 2.0 found. Please accept the download for NuGet by pressing Y when the prompt appears in a moment:" -ForegroundColor Red
  357. if ((Get-Command Set-PolicyFileEntry -ErrorAction SilentlyContinue) -eq $null) # Don't have the module, download it
  358. {
  359. install-module PolicyFileEditor -Force -Confirm:$true
  360. Start-Sleep 5
  361. $command = get-command Set-PolicyFileEntry -ErrorAction SilentlyContinue
  362. }
  363. }
  364. if ($command -ne $null) # We're good, command found so we can continue
  365. {
  366. Write-Progress -Activity "Securing local group policy for privacy" -Status "Progress:" -PercentComplete 35
  367. # The reason I'm waiting 1s after each edit is to let the filesystem make necessary edits in the background, without the delay this will break local policies
  368. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DataCollection" -ValueName AllowTelemetry -Type DWord -Data 0
  369. Start-Sleep 1
  370. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" -ValueName TurnOffSidebar -Type DWord -Data 1
  371. Start-Sleep 1
  372. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Assistance\Client\1.0" -ValueName NoActiveHelp -Type DWord -Data 1
  373. Start-Sleep 1
  374. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Biometrics" -ValueName Enabled -Type DWord -Data 0
  375. Start-Sleep 1
  376. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Conferencing" -ValueName NoRDS -Type DWord -Data 1
  377. Start-Sleep 1
  378. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\InputPersonalization" -ValueName AllowInputPersonalization -Type DWord -Data 0
  379. Start-Sleep 1
  380. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Geolocation" -ValueName PolicyDisableGeolocation -Type DWord -Data 1
  381. Start-Sleep 1
  382. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions" -ValueName NoUpdateCheck -Type DWord -Data 1
  383. Start-Sleep 1
  384. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Main" -ValueName DoNotTrack -Type DWord -Data 1
  385. Start-Sleep 1
  386. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy" -ValueName EnableInPrivateBrowsing -Type DWord -Data 0
  387. Start-Sleep 1
  388. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\SQM" -ValueName DisableCustomerImprovementProgram -Type DWord -Data 0
  389. Start-Sleep 1
  390. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Messenger\Client" -ValueName CEIP -Type DWord -Data 2
  391. Start-Sleep 1
  392. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Messenger\Client" -ValueName PreventAutoRun -Type DWord -Data 1
  393. Start-Sleep 1
  394. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main" -ValueName Cookies -Type DWord -Data 2
  395. Start-Sleep 1
  396. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 40
  397. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" -ValueName DoReport -Type DWord -Data 0
  398. Start-Sleep 1
  399. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" -ValueName ForceQueueMode -Type DWord -Data 0
  400. Start-Sleep 1
  401. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWFileTreeRoot -Type String -Data ""
  402. Start-Sleep 1
  403. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoExternalURL -Type DWord -Data 1
  404. Start-Sleep 1
  405. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoFileCollection -Type DWord -Data 1
  406. Start-Sleep 1
  407. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoSecondLevelCollection -Type DWord -Data 1
  408. Start-Sleep 1
  409. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWReporteeName -Type String -Data ""
  410. Start-Sleep 1
  411. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\SearchCompanion" -ValueName DisableContentFileUpdates -Type DWord -Data 1
  412. Start-Sleep 1
  413. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\SQMClient\Windows" -ValueName CEIPEnable -Type DWord -Data 0
  414. Start-Sleep 1
  415. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender" -ValueName DisableAntiSpyware -Type DWord -Data 1
  416. Start-Sleep 1
  417. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -ValueName **del.SpynetReporting -Type String -Data ""
  418. Start-Sleep 1
  419. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -ValueName SubmitSamplesConsent -Type DWord -Data 2
  420. Start-Sleep 1
  421. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F0D0B4EB5D3C24F17D10AE531C7DCEF4A94F4A085AD0D4C88B75082573E36F857A" -ValueName Category -Type DWord -Data 1
  422. Start-Sleep 1
  423. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F0D0B4EB5D3C24F17D10AE531C7DCEF4A94F4A085AD0D4C88B75082573E36F857A" -ValueName CategoryReadOnly -Type DWord -Data 0
  424. Start-Sleep 1
  425. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" -ValueName NoGenTicket -Type DWord -Data 1
  426. Start-Sleep 1
  427. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\IIS" -ValueName PreventIISInstall -Type DWord -Data 1
  428. Start-Sleep 1
  429. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\Printers" -ValueName PhysicalLocation -Type String -Data anonymous
  430. Start-Sleep 1
  431. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" -ValueName DisabledByGroupPolicy -Type DWord -Data 1
  432. Start-Sleep 1
  433. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 50
  434. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName AITEnable -Type DWord -Data 0
  435. Start-Sleep 1
  436. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName DisableInventory -Type DWord -Data 1
  437. Start-Sleep 1
  438. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName DisableUAR -Type DWord -Data 1
  439. Start-Sleep 1
  440. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -ValueName PreventDeviceMetadataFromNetwork -Type DWord -Data 1
  441. Start-Sleep 1
  442. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" -ValueName DisableSendGenericDriverNotFoundToWER -Type DWord -Data 1
  443. Start-Sleep 1
  444. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" -ValueName DisableSendRequestAdditionalSoftwareToWER -Type DWord -Data 1
  445. Start-Sleep 1
  446. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Explorer" -ValueName NoUseStoreOpenWith -Type DWord -Data 1
  447. Start-Sleep 1
  448. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName DownloadGameInfo -Type DWord -Data 0
  449. Start-Sleep 1
  450. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName GameUpdateOptions -Type DWord -Data 0
  451. Start-Sleep 1
  452. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName ListRecentlyPlayed -Type DWord -Data 0
  453. Start-Sleep 1
  454. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard" -ValueName ExitOnMSICW -Type DWord -Data 1
  455. Start-Sleep 1
  456. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" -ValueName DisableLocation -Type DWord -Data 1
  457. Start-Sleep 1
  458. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\OneDrive" -ValueName DisableFileSyncNGSC -Type DWord -Data 1
  459. Start-Sleep 1
  460. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PowerShell" -ValueName EnableScripts -Type DWord -Data 1
  461. Start-Sleep 1
  462. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PowerShell" -ValueName ExecutionPolicy -Type String -Data "RemoteSigned"
  463. Start-Sleep 1
  464. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName **del.EnableExperimentation -Type String -Data ""
  465. Start-Sleep 1
  466. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName AllowBuildPreview -Type DWord -Data 0
  467. Start-Sleep 1
  468. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName EnableConfigFlighting -Type DWord -Data 0
  469. Start-Sleep 1
  470. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\System" -ValueName AsyncScriptDelay -Type DWord -Data 1
  471. Start-Sleep 1
  472. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\System" -ValueName EnableLogonScriptDelay -Type DWord -Data 1
  473. Start-Sleep 1
  474. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 55
  475. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{186f47ef-626c-4670-800a-4a30756babad}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  476. Start-Sleep 1
  477. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  478. Start-Sleep 1
  479. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  480. Start-Sleep 1
  481. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  482. Start-Sleep 1
  483. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  484. Start-Sleep 1
  485. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  486. Start-Sleep 1
  487. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  488. Start-Sleep 1
  489. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  490. Start-Sleep 1
  491. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  492. Start-Sleep 1
  493. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  494. Start-Sleep 1
  495. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" -ValueName EnabledScenarioExecutionLevel -Type DWord -Data 1
  496. Start-Sleep 1
  497. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  498. Start-Sleep 1
  499. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  500. Start-Sleep 1
  501. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  502. Start-Sleep 1
  503. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  504. Start-Sleep 1
  505. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" -ValueName Disabled -Type DWord -Data 1
  506. Start-Sleep 1
  507. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 60
  508. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" -ValueName DontSendAdditionalData -Type DWord -Data 1
  509. Start-Sleep 1
  510. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowCortana -Type DWord -Data 0
  511. Start-Sleep 1
  512. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowSearchToUseLocation -Type DWord -Data 0
  513. Start-Sleep 1
  514. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchPrivacy -Type DWord -Data 3
  515. Start-Sleep 1
  516. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchSafeSearch -Type DWord -Data 3
  517. Start-Sleep 1
  518. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWeb -Type DWord -Data 0
  519. Start-Sleep 1
  520. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWebOverMeteredConnections -Type DWord -Data 0
  521. Start-Sleep 1
  522. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName DisableWebSearch -Type DWord -Data 1
  523. Start-Sleep 1
  524. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName DeferUpgrade -Type DWord -Data 1
  525. Start-Sleep 1
  526. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName DoNotConnectToWindowsUpdateInternetLocations -Type DWord -Data 1
  527. Start-Sleep 1
  528. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName **del.AutomaticMaintenanceEnabled -Type String -Data ""
  529. Start-Sleep 1
  530. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 65
  531. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName **del.DetectionFrequency -Type String -Data ""
  532. Start-Sleep 1
  533. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName AUOptions -Type DWord -Data 2
  534. Start-Sleep 1
  535. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName DetectionFrequencyEnabled -Type DWord -Data 0
  536. Start-Sleep 1
  537. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName EnableFeaturedSoftware -Type DWord -Data 1
  538. Start-Sleep 1
  539. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName NoAutoUpdate -Type DWord -Data 0
  540. Start-Sleep 1
  541. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName ScheduledInstallDay -Type DWord -Data 0
  542. Start-Sleep 1
  543. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName ScheduledInstallTime -Type DWord -Data 3
  544. Start-Sleep 1
  545. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\WMDRM" -ValueName DisableOnline -Type DWord -Data 1
  546. Start-Sleep 1
  547. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName NoInstrumentation -Type DWord -Data 1
  548. Start-Sleep 1
  549. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Internet Explorer\Privacy" -ValueName EnableInPrivateBrowsing -Type DWord -Data 0
  550. Start-Sleep 1
  551. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" -ValueName DisableLogging -Type DWord -Data 1
  552. Start-Sleep 1
  553. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Windows\EdgeUI" -ValueName DisableMFUTracking -Type DWord -Data 1
  554. gpupdate /force | Out-Null
  555. }
  556. else
  557. {
  558. Write-Warning "Local policies not configured, did not find the PolicyFileEditor module"
  559. }
  560. Write-Progress -Activity "Securing local group policy for privacy" -Status "Progress:" -PercentComplete 70
  561. }
  562. }
  563. # Tweak registry
  564. function Tweak-Registry($isenable)
  565. {
  566. if ($isenable -eq $true)
  567. {
  568. Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 70
  569. New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  570.  
  571. # PhotoViewer fix so it appears in your Open With... menu and is enabled as your standard viewer
  572. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.ico" -Force | Out-Null
  573. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.tiff" -Force | Out-Null
  574. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.bmp" -Force | Out-Null
  575. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.png" -Force | Out-Null
  576. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.gif" -Force | Out-Null
  577. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpeg" -Force | Out-Null
  578. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpg" -Force | Out-Null
  579. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.ico" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  580. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.tiff" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  581. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.bmp" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  582. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.png" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  583. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.gif" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  584. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpeg" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  585. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpg" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  586.  
  587. # Fix DPI scaling blurry/fuzzy display at 125% (Might get reset by reboot/windows update)
  588.  
  589. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "DpiScalingVer" -Value "0x00001018" -PropertyType DWORD -Force | Out-Null
  590. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "Win8DpiScaling" -Value "0x00000001" -PropertyType DWORD -Force | Out-Null
  591. # This sets it to 125% DPI scaling, un-comment if you do need it (you use 125% dpi scaling)
  592. # New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "LogPixels" -Value "0x00000078" -PropertyType DWORD -Force | Out-Null
  593.  
  594. # Add a 'Take Owner' option in your right-click menu (Powershell has problems with '*', using reg.exe)
  595.  
  596. echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas" /ve /t REG_SZ /d "Take Ownership" /f | Out-Null
  597. echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas" /v NoWorkingDirectory /t REG_SZ /d "" /f | Out-Null
  598. echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas\command" /ve /t REG_SZ /d "cmd.exe /c takeown /f \`"%1\`" && icacls \`"%1\`" /grant administrators:F" /f | Out-Null
  599. echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas\command" /v IsolatedCommand /t REG_SZ /d "cmd.exe /c takeown /f \`"%1\`" && icacls \`"%1\`" /grant administrators:F" /f | Out-Null
  600.  
  601. New-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" | Out-Null
  602. New-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" | Out-Null
  603. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" -Name '(Default)' -Value "Take Ownership" | Out-Null
  604. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" -Name NoWorkingDirectory -Value "" | Out-Null
  605. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" -Name '(Default)' -Value "cmd.exe /c takeown /f `"%1`" /r /d y && icacls `"%1`" /grant administrators:F /t" | Out-Null
  606. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" -Name IsolatedCommand -Value "cmd.exe /c takeown /f `"%1`" /r /d y && icacls `"%1`" /grant administrators:F /t" | Out-Null
  607.  
  608. # Remove OneDrive completely
  609. # Let's find out if it's already removed first!
  610. $OneDriveEnabled = $false
  611. if ((Get-Process *OneDrive*) -ne $null) # Checking if the process exists
  612. {
  613. # Process exists, therefore you must have OneDrive installed, unless you messed up big time
  614. $OneDriveEnabled = $true
  615. }
  616. if ($OneDriveEnabled -eq $true)
  617. {
  618. $OneDrivex86 = "$env:SystemRoot\System32\OneDriveSetup.exe"
  619. $OneDrivex64 = "$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
  620.  
  621. Get-Process *OneDrive* | Stop-Process -Force | Out-Null
  622. Start-Sleep 3
  623.  
  624. if (Test-Path $OneDrivex86)
  625. {
  626. & $OneDrivex86 "/uninstall" | Out-Null
  627. Start-Sleep 15 # Uninstallation needs time to let go off the files
  628. }
  629.  
  630. if (Test-Path $OneDrivex64)
  631. {
  632. & $OneDrivex64 "/uninstall" | Out-Null
  633. Start-Sleep 20 # Uninstallation needs time to let go off the files
  634. }
  635.  
  636. # Explorer.exe gets in our way by locking the files for some reason
  637.  
  638. taskkill /F /IM explorer.exe | Out-Null
  639.  
  640. if (Test-Path "$env:USERPROFILE\OneDrive") { rd "$env:USERPROFILE\OneDrive" -Recurse -Force | Out-Null }
  641. if (Test-Path "C:\OneDriveTemp") { rd "C:\OneDriveTemp" -Recurse -Force | Out-Null }
  642. if (Test-Path "$env:LOCALAPPDATA\Microsoft\OneDrive")
  643. {
  644. cmd.exe "/c takeown /f `"$env:LOCALAPPDATA\Microsoft\OneDrive`" /r /d y && icacls `"$env:LOCALAPPDATA\Microsoft\OneDrive`" /grant administrators:F /t" | Out-Null
  645. Start-Sleep 1
  646. rd "$env:LOCALAPPDATA\Microsoft\OneDrive" -Recurse -Force | Out-Null
  647. }
  648. if (Test-Path "$env:PROGRAMDATA\Microsoft OneDrive") { rd "$env:PROGRAMDATA\Microsoft OneDrive" -Recurse -Force | Out-Null }
  649.  
  650. if (Test-Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}")
  651. {
  652. TakeOwnership-RegKey "ClassesRoot" "CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" | Out-Null
  653. Remove-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse | Out-Null
  654. }
  655. if (Test-Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}")
  656. {
  657. TakeOwnership-RegKey "ClassesRoot" "Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" | Out-Null
  658. Remove-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse | Out-Null
  659. }
  660. Start-Sleep 1
  661. Start-Process explorer.exe
  662. }
  663.  
  664. Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 90
  665. }
  666. }
  667. # Customization
  668. function Customize-Windows($isenable)
  669. {
  670. if ($isenable -eq $true)
  671. {
  672. New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT -ErrorAction SilentlyContinue | Out-Null
  673.  
  674. Write-Progress -Activity "Tweaking registry for customization" -Status "Progress:" -PercentComplete 90
  675.  
  676. # Allows Powershell Invoke-WebRequest to be usable again, without generating a Security Dialog (for developers)
  677. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" -Name 1A10 -Value 0 | Out-Null
  678.  
  679. # Use the Windows 7-8.1 Style Volume Mixer
  680. If (-Not (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC"))
  681. {
  682. New-Item -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name MTCUVC | Out-Null
  683. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC" -Name EnableMtcUvc -Type DWord -Value 0 | Out-Null
  684. }
  685.  
  686. # Remove tablet lock screen (No need for in LTSB)
  687. # New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Policies\Microsoft\Windows\Personalization" -Name NoLockScreen -Value 1 -PropertyType DWORD -Force | Out-Null
  688.  
  689. # Remove Action Center from the right
  690. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Force | Out-Null
  691. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name DisableNotificationCenter -PropertyType DWORD -Value 1 -Force | Out-Null
  692.  
  693. # Disable Hibernation
  694. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name "HiberbootEnabled" -PropertyType DWORD -Value 0 -Force | Out-Null
  695.  
  696. # Removes 'Network' from left pane in explorer (requires ownership of the key)
  697. TakeOwnership-RegKey "ClassesRoot" "CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" | Out-Null
  698. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCR:\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 0xb0940064 -Force | Out-Null
  699.  
  700. # Disable New Windows Update UI and Enable Previous UI (requires ownership of the key)
  701. TakeOwnership-RegKey "LocalMachine" "Software\Microsoft\WindowsUpdate\UX" | Out-Null
  702. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX" -Name IsConvergedUpdateStackEnabled -PropertyType DWORD -Value 0 -Force | Out-Null
  703.  
  704. # Set explorer to open to "This PC"
  705. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name LaunchTo -PropertyType DWORD -Value 1 -Force | Out-Null
  706.  
  707. # Hide 'Search' bar (needs reboot or explorer.exe restart)
  708. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\" -Name SearchboxTaskbarMode -PropertyType DWORD -Value 0 -Force | Out-Null
  709.  
  710. # Set UAC not to dim screen, but still display a warning (requires reboot)
  711. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name ConsentPromptBehaviorAdmin -PropertyType DWord -Value 5 -Force | Out-Null
  712. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name EnableLUA -PropertyType DWord -Value 1 -Force | Out-Null
  713. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name PromptOnSecureDesktop -PropertyType DWord -Value 0 -Force | Out-Null
  714.  
  715. # This disables UAC, only use it if you're a l33t h4x0r
  716. # New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name EnableLUA -PropertyType DWord -Value 0 -Force | Out-Null
  717.  
  718. # Show file extensions
  719. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name HideFileExt -PropertyType DWORD -Value 0 -Force | Out-Null
  720.  
  721. # Remove 'Customize this folder' from context menu
  722. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Force | Out-Null
  723. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name NoCustomizeThisFolder -Value 1 -PropertyType DWORD -Force | Out-Null
  724.  
  725. # Remove 'Restore to previous versions' from context menu (might be superflous, just in case)
  726. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  727. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  728. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  729. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  730.  
  731. # Remove 'Share with' from context menu (First 9 might be superflous, just in case)
  732. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\Background\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  733. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  734. reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /f | Out-Null
  735. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\CopyHookHandlers\Sharing" -Force -Recurse | Out-Null
  736. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\PropertySheetHandlers\Sharing" -Force -Recurse | Out-Null
  737. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  738. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\PropertySheetHandlers\Sharing" -Force -Recurse | Out-Null
  739. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  740. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  741. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name SharingWizardOn -PropertyType DWORD -Value 0 -Force | Out-Null
  742.  
  743. # Remove Homegroup from left explorer pane (requires ownership of the keys)
  744. TakeOwnership-RegKey "ClassesRoot" "CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" | Out-Null
  745. TakeOwnership-RegKey "ClassesRoot" "Wow6432Node\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" | Out-Null
  746. New-ItemProperty -ErrorAction SilentlyContinue "HKCR:\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 2962489612 -Force | Out-Null # hex: b094010c
  747. New-ItemProperty -ErrorAction SilentlyContinue "HKCR:\Wow6432Node\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 2962489612 -Force | Out-Null # hex: b094010c
  748.  
  749. # Remove 'Include in library' from context menu (might be superflous, just in case)
  750. Remove-Item -ErrorAction SilentlyContinue "HKCR:\Folder\ShellEx\ContextMenuHandlers\Library Location" -Force -Recurse | Out-Null
  751. Remove-Item -ErrorAction SilentlyContinue "HKLM:\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Library Location" -Force -Recurse | Out-Null
  752.  
  753. # Remove 'Send to' from context menu (might be superflous, just in case)
  754. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo" -Force -Recurse | Out-Null
  755.  
  756. Write-Progress -Activity "Tweaking registry for customization" -Status "Progress:" -PercentComplete 95
  757. }
  758. }
  759. # Remove features
  760. function Remove-Features($isenable)
  761. {
  762. if ($isenable -eq $true)
  763. {
  764. Write-Progress -Activity "Removing features" -Status "Progress:" -PercentComplete 95
  765.  
  766. # XPS Viewer
  767. Dism /online /Disable-Feature /FeatureName:Xps-Foundation-Xps-Viewer /quiet /norestart
  768. # XPS Services
  769. Dism /online /Disable-Feature /FeatureName:Printing-XPSServices-Features /quiet /norestart
  770. # Internet Explorer
  771. Dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64 /quiet /norestart
  772. # Work Folders
  773. Dism /online /Disable-Feature /FeatureName:WorkFolders-Client /quiet /norestart
  774. # Enabling .NET 3.5 framework because a lot of programs still use it
  775. Dism /online /Enable-Feature /FeatureName:NetFx3 /quiet /norestart
  776.  
  777. Write-Progress -Activity "Removing features" -Status "Progress:" -PercentComplete 100
  778. }
  779. }
  780.  
  781. # ======================================================================================================= Main Code
  782. Write-Host "YOUR COMPUTER IS BEING HACKED. HOLD ON." -ForegroundColor Green
  783.  
  784. Disable-ScheduledTasks $schdtasks
  785. Disable-Services $services
  786. Tweak-Settings $settings
  787. Edit-Hosts $hosts
  788. Tweak-LocalPolicy $localpolicy
  789. Tweak-Registry $registry
  790. Customize-Windows $customize
  791. Remove-Features $features
  792.  
  793. Write-Host "FINISHED. CHECK SYSTEM32 AND CHANGE YOUR SOCIAL SECURITY NUMBER." -ForegroundColor Green
  794. Read-Host "Debloat complete. Please restart your system to make sure everything works properly."
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!