API tools faq
paste
Guest User

Untitled

a guest
Sep 4th, 2015
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 83.54 KB | None | 0 0
raw download clone embed print report
  1.  
  2. cls
  3. $ErrorActionPreference = "Continue"
  4.  
  5. # =========================================================================================== Variables and Objects
  6. $title = "Settings"
  7. $message = "Do you want to Modify Wndows Settings "
  8. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  9. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  10. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  11. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  12.  
  13. switch ($result)
  14. {
  15. 0 {$settings = $true}
  16. 1 {$settings = $false}
  17. }
  18.  
  19. $title = "Hosts"
  20. $message = "Do you want to Modify Windows Hosts File? "
  21. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  22. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  23. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  24. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  25.  
  26. switch ($result)
  27. {
  28. 0 {$hosts = $true}
  29. 1 {$hosts = $false}
  30. }
  31.  
  32. $title = "Local Policy"
  33. $message = "Do you want to modify Wndows Local Policy Settings? "
  34. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  35. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  36. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  37. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  38.  
  39. switch ($result)
  40. {
  41. 0 {$localpolicy = $true}
  42. 1 {$localpolicy = $false}
  43. }
  44.  
  45. $title = "Registry"
  46. $message = "Do you want to Modify Wndows Registry? "
  47. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  48. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  49. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  50. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  51.  
  52. switch ($result)
  53. {
  54. 0 {$registry = $true}
  55. 1 {$registry = $false}
  56. }
  57.  
  58. $title = "Features"
  59. $message = "Do you want to remove features such as XPS, Internet Explorer, Work folders and enable .NET 3.5 ? "
  60. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  61. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  62. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  63. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  64.  
  65. switch ($result)
  66. {
  67. 0 {$features = $true}
  68. 1 {$features = $false}
  69. }
  70.  
  71. $title = "Services"
  72. $message = "Do you want to modify Wndows Services? "
  73. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  74. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  75. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  76. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  77.  
  78. switch ($result)
  79. {
  80. 0 {$services = $true}
  81. 1 {$services = $false}
  82. }
  83.  
  84. $title = "Scheduled Tasks"
  85. $message = "Do you want to modify Wndows Scheduled Tasks? "
  86. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  87. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  88. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  89. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  90.  
  91. switch ($result)
  92. {
  93. 0 {$schtasks = $true}
  94. 1 {$schtasks = $false}
  95. }
  96.  
  97. $title = "Customize"
  98. $message = "Do you want to Customize misc windows features? "
  99. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  100. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  101. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  102. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  103.  
  104. switch ($result)
  105. {
  106. 0 {$customize = $true}
  107. 1 {$customize = $false}
  108. }
  109.  
  110. $title = "'Metro Apps'"
  111. $message = "Do you want to remove certain metro apps ? "
  112. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  113. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  114. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  115. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  116. switch ($result)
  117. {
  118. 0 {$metroapps = $true}
  119. 1 {$metroapps = $false}
  120. }
  121.  
  122. # ================================================================================= Functions (non script specific)
  123. # Takes Ownership of a registry sub key
  124. # hive values = ClassesRoot, CurrentUser, LocalMachine
  125. function TakeOwnership-RegKey($hive, $subkey)
  126. {
  127. $definition = @"
  128. using System;
  129. using System.Runtime.InteropServices;
  130.  
  131. namespace Win32Api
  132. {
  133.  
  134. public class NtDll
  135. {
  136. [DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")]
  137. public static extern int RtlAdjustPrivilege(ulong Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
  138. }
  139. }
  140. "@
  141.  
  142. Add-Type -TypeDefinition $definition -PassThru
  143.  
  144. $bEnabled = $false
  145.  
  146. # Enable SeTakeOwnershipPrivilege
  147. $res = [Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$bEnabled)
  148.  
  149. # Taking ownership
  150. switch ($hive.ToString().tolower())
  151. {
  152. "classesroot" { $key = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  153. "currentuser" { $key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  154. "localmachine" { $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  155. }
  156. $acl = $key.GetAccessControl()
  157. $acl.SetOwner([System.Security.Principal.NTAccount]"Administrators")
  158. $key.SetAccessControl($acl)
  159.  
  160. # Setting access to the key
  161. $acl = $key.GetAccessControl()
  162. $person = [System.Security.Principal.NTAccount]"Administrators"
  163. $access = [System.Security.AccessControl.RegistryRights]"FullControl"
  164. $inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit"
  165. $propagation = [System.Security.AccessControl.PropagationFlags]"None"
  166. $type = [System.Security.AccessControl.AccessControlType]"Allow"
  167.  
  168. $rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)
  169. $acl.SetAccessRule($rule)
  170. $key.SetAccessControl($acl)
  171.  
  172. $key.Close()
  173. }
  174.  
  175. # ===================================================================================== Functions (script specific)
  176. # Disable scheduled tasks
  177. function Disable-ScheduledTasks($isenable)
  178. {
  179. if ($schdtasks -eq $true)
  180. {
  181. Write-Progress -Activity "Disabling scheduled tasks" -Status "Progress:" -PercentComplete 0
  182.  
  183. schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /Disable | out-null
  184. schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /Disable | out-null
  185. schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable | out-null
  186. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable | out-null
  187. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable | out-null
  188. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /Disable | out-null
  189. schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable | out-null
  190. schtasks /Change /TN "Microsoft\Windows\NetTrace\GatherNetworkInfo" /Disable | out-null
  191. schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable | out-null
  192. # Not sure about the following task, but the reg hack doesn't work either, so this is a pain in the fucking ass, maybe someone will figure it out, leaving it here:
  193. # schtasks /Change /TN "Microsoft\Windows\SettingSync\BackgroundUploadTask" /Disable | Out-Null
  194. # TakeOwnership-RegKey "LocalMachine" "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" | Out-Null
  195. # New-Item -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00524425-019B-4FDD-B1C5-04767424D01B}" -Force | Out-Null
  196. # New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00524425-019B-4FDD-B1C5-04767424D01B}" -Name "Triggers" -PropertyType Binary -Value ([byte[]](0x17,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x4a,0x85,0x00,0x42,0x48,0x48,0x48,0x48,0xd9,0x2b,0x30,0x29,0x48,0x48,0x48,0x48,0x0c,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x55,0x00,0x73,0x00,0x65,0x00,0x72,0x00,0x73,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x00,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x05,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x0c,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x05,0x04,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x58,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x30,0x2a,0x00,0x00,0x80,0xf4,0x03,0x00,0xff,0xff,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa2,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)) -Force | Out-Null
  197.  
  198. Write-Progress -Activity "Disabling scheduled tasks" -Status "Progress:" -PercentComplete 4
  199. }
  200. }
  201. # Disable services
  202. function Disable-Services($isenable)
  203. {
  204. if ($isenable -eq $true)
  205. {
  206. Write-Progress -Activity "Disabling services" -Status "Progress:" -PercentComplete 4
  207. # Disable DiagTrack
  208. cmd /c sc config DiagTrack start= disabled | out-null
  209. cmd /c sc config dmwappushservice start= disabled | out-null
  210. cmd /c sc config diagnosticshub.standardcollector.service start= disabled | out-null
  211. cmd /c sc config TrkWks start= disabled | out-null
  212. cmd /c sc config WMPNetworkSvc start= disabled | out-null # Shouldn't exist but just making sure ...
  213. # Making sure the DiagTrack log is empty (tinfoil)
  214. Set-Content C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl -Value "" -Force
  215. Write-Progress -Activity "Disabling services" -Status "Progress:" -PercentComplete 7
  216. }
  217. }
  218. # Tweak settings app
  219. function Tweak-Settings($isenable)
  220. {
  221. if ($isenable -eq $true)
  222. {
  223. Write-Progress -Activity "Backing up registry" -Status "Progress:" -PercentComplete 10 # Let's be save
  224. if (!(test-path -PathType Leaf C:\registry-backup-hklm.reg)) { reg export HKLM C:\registry-backup-hklm.reg | Out-Null }
  225. if (!(test-path -PathType Leaf C:\registry-backup-hkcu.reg)) { reg export HKCU C:\registry-backup-hkcu.reg | Out-Null }
  226. if (!(test-path -PathType Leaf C:\registry-backup-hkcr.reg)) { reg export HKCR C:\registry-backup-hkcr.reg | Out-Null }
  227.  
  228. Write-Progress -Activity "Tweaking settings app" -Status "Progress:" -PercentComplete 12
  229. # Privacy -> General -> let websites provide locally relevant content by accessing my language list
  230. if ((Get-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Internet Explorer\International\" -Name AcceptLanguage -ErrorAction SilentlyContinue) -ne $null) { Remove-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Internet Explorer\International" -Name "AcceptLanguage" -Force }
  231. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:Control Panel\International\User Profile" -Name HttpAcceptLanguageOptOut -Value 1 | Out-Null
  232. # Privacy -> General -> turn on smartscreen filter to check web content that windows store apps use
  233. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost\" -Name EnableWebContentEvaluation -Value 0 -Force | Out-Null
  234. # Privacy -> Camera -> let apps use my camera
  235. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}" -Name Value -Value "Deny" | Out-Null
  236. # Privacy -> Microphone -> let apps use my microphone
  237. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}\" -Name Value -Value "Deny" | Out-Null
  238. # Privacy -> Account info -> let apps access my name, picture and other account info
  239. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}\" -Name Value -Value "Deny" | Out-Null
  240. # Privacy -> Calendar -> let apps access my calendar
  241. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}\" -Name Value -Value "Deny" | Out-Null
  242. # Privacy -> Messaging -> let apps read or send sms and text messages
  243. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}\" -Name Value -Value "Deny" | Out-Null
  244. # Privacy -> Radio -> let apps control radios
  245. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}\" -Name Value -Value "Deny" | Out-Null
  246. # Privacy -> Other devices -> sync with devices
  247. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled\" -Name Value -Value "Deny" | Out-Null
  248. # Privacy -> Feedback & Diagnostics -> feedback frequency
  249. New-Item -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null
  250. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name NumberOfSIUFInPeriod -Value 0 -Force | Out-Null
  251. if ((Get-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name PeriodInNanoSeconds -ErrorAction SilentlyContinue) -ne $null) { Remove-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name PeriodInNanoSeconds }
  252. # Update & Security -> Windows Update -> Advanced -> Choose how updates are delviered -> Updates from more than one place (this is a GUI bug, registry is set properly even though it may show 'ON')
  253. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DownloadMode" -PropertyType DWORD -Value 0 | Out-Null
  254. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Value 0 | Out-Null
  255. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\" -Name "SystemSettingsDownloadMode" -Value 0 | Out-Null
  256.  
  257. Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:Control Panel\Desktop\WindowMetrics" -Name MinAnimate -Value 0 | Out-Null
  258.  
  259. # Ease of Access -> Other options -> Visual options -> play animations
  260. $title = "Window Animations"
  261. $message = "Do you want to disable window animations? "
  262. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  263. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  264. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  265. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  266.  
  267. switch ($result)
  268. {
  269. 0 {Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:Control Panel\Desktop\WindowMetrics" -Name MinAnimate -Value 0 | Out-Null}
  270. 1 {}
  271. }
  272.  
  273.  
  274. Write-Progress -Activity "Tweaking settings app" -Status "Progress:" -PercentComplete 15
  275. }
  276. }
  277. # Append hosts file entries
  278. function Edit-Hosts($isenable)
  279. {
  280. if ($isenable -eq $true)
  281. {
  282. takeown /f %systemroot%\system32\drivers\etc\hosts /a
  283. Write-Progress -Activity "Appending entries to hosts file" -Status "Progress:" -PercentComplete 15
  284. $file = "C:\Windows\System32\drivers\etc\hosts"
  285.  
  286. "0.0.0.0 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  287. "0.0.0.0 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  288. "0.0.0.0 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  289. "0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  290. "0.0.0.0 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  291. "0.0.0.0 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  292. "0.0.0.0 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  293. "0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  294. "0.0.0.0 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  295. "0.0.0.0 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  296. "0.0.0.0 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  297. "0.0.0.0 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  298. "0.0.0.0 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  299. "0.0.0.0 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  300. "0.0.0.0 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  301. "0.0.0.0 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  302. "0.0.0.0 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  303. "0.0.0.0 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  304. "0.0.0.0 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  305. "0.0.0.0 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  306. "0.0.0.0 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  307. "0.0.0.0 telemetry.appex.bing.net:443" | Out-File -encoding ASCII -append $file
  308. "0.0.0.0 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  309. "0.0.0.0 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  310. "0.0.0.0 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  311. "0.0.0.0 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  312. "0.0.0.0 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  313. "0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  314. "0.0.0.0 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  315. "0.0.0.0 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  316. "0.0.0.0 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  317. "0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  318. "0.0.0.0 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  319. "0.0.0.0 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  320. "0.0.0.0 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  321. "0.0.0.0 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  322. "0.0.0.0 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  323. "0.0.0.0 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  324. "0.0.0.0 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  325. "0.0.0.0 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  326. "0.0.0.0 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  327. "0.0.0.0 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  328. "0.0.0.0 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  329. "0.0.0.0 watson.microsoft.com" | Out-File -encoding ASCII -append $file
  330. "0.0.0.0 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  331. "0.0.0.0 wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  332. "0.0.0.0 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  333. "0.0.0.0 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  334. "0.0.0.0 survey.watson.microsoft.com" | Out-File -encoding ASCII -append $file
  335. "0.0.0.0 watson.live.com" | Out-File -encoding ASCII -append $file
  336. "0.0.0.0 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  337. "0.0.0.0 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  338. "0.0.0.0 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  339. "0.0.0.0 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  340. "0.0.0.0 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  341. "0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  342. "0.0.0.0 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  343. "0.0.0.0 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  344. "0.0.0.0 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  345. "0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  346. "0.0.0.0 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  347. "0.0.0.0 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  348. "0.0.0.0 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  349. "0.0.0.0 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  350. "0.0.0.0 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  351. "0.0.0.0 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  352. "0.0.0.0 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  353. "0.0.0.0 wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  354. "0.0.0.0 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  355. "0.0.0.0 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  356. "0.0.0.0 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  357. "0.0.0.0 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  358. "0.0.0.0 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  359. "0.0.0.0 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  360. "0.0.0.0 telemetry.appex.bing.net:443" | Out-File -encoding ASCII -append $file
  361. "0.0.0.0 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  362. "0.0.0.0 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  363. "0.0.0.0 survey.watson.microsoft.com" | Out-File -encoding ASCII -append $file
  364. "0.0.0.0 watson.live.com" | Out-File -encoding ASCII -append $file
  365. "0.0.0.0 watson.microsoft.com" | Out-File -encoding ASCII -append $file
  366. "0.0.0.0 statsfe2.ws.microsoft.com" | Out-File -encoding ASCII -append $file
  367. "0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com" | Out-File -encoding ASCII -append $file
  368. "0.0.0.0 compatexchange.cloudapp.net" | Out-File -encoding ASCII -append $file
  369. "0.0.0.0 cs1.wpc.v0cdn.net" | Out-File -encoding ASCII -append $file
  370. "0.0.0.0 a-0001.a-msedge.net" | Out-File -encoding ASCII -append $file
  371. "0.0.0.0 a-0002.a-msedge.net" | Out-File -encoding ASCII -append $file
  372. "0.0.0.0 a-0003.a-msedge.net" | Out-File -encoding ASCII -append $file
  373. "0.0.0.0 a-0004.a-msedge.net" | Out-File -encoding ASCII -append $file
  374. "0.0.0.0 a-0005.a-msedge.net" | Out-File -encoding ASCII -append $file
  375. "0.0.0.0 a-0006.a-msedge.net" | Out-File -encoding ASCII -append $file
  376. "0.0.0.0 a-0007.a-msedge.net" | Out-File -encoding ASCII -append $file
  377. "0.0.0.0 a-0008.a-msedge.net" | Out-File -encoding ASCII -append $file
  378. "0.0.0.0 a-0009.a-msedge.net" | Out-File -encoding ASCII -append $file
  379. "0.0.0.0 msedge.net" | Out-File -encoding ASCII -append $file
  380. "0.0.0.0 a-msedge.net" | Out-File -encoding ASCII -append $file
  381. "0.0.0.0 statsfe2.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  382. "0.0.0.0 sls.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  383. "0.0.0.0 fe2.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  384. "0.0.0.0 diagnostics.support.microsoft.com" | Out-File -encoding ASCII -append $file
  385. "0.0.0.0 corp.sts.microsoft.com" | Out-File -encoding ASCII -append $file
  386. "0.0.0.0 statsfe1.ws.microsoft.com" | Out-File -encoding ASCII -append $file
  387. "0.0.0.0 pre.footprintpredict.com" | Out-File -encoding ASCII -append $file
  388. "0.0.0.0 i1.services.social.microsoft.com" | Out-File -encoding ASCII -append $file
  389. "0.0.0.0 i1.services.social.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  390. "0.0.0.0 feedback.windows.com" | Out-File -encoding ASCII -append $file
  391. "0.0.0.0 feedback.microsoft-hohm.com" | Out-File -encoding ASCII -append $file
  392. "0.0.0.0 feedback.search.microsoft.com" | Out-File -encoding ASCII -append $file
  393.  
  394. # Skype ad-free
  395. "0.0.0.0 live.rads.msn.com" | Out-File -encoding ASCII -append $file
  396. "0.0.0.0 ads1.msn.com" | Out-File -encoding ASCII -append $file
  397. "0.0.0.0 static.2mdn.net" | Out-File -encoding ASCII -append $file
  398. "0.0.0.0 g.msn.com" | Out-File -encoding ASCII -append $file
  399. "0.0.0.0 a.ads2.msads.net" | Out-File -encoding ASCII -append $file
  400. "0.0.0.0 b.ads2.msads.net" | Out-File -encoding ASCII -append $file
  401. "0.0.0.0 ad.doubleclick.net" | Out-File -encoding ASCII -append $file
  402. "0.0.0.0 ac3.msn.com" | Out-File -encoding ASCII -append $file
  403. "0.0.0.0 rad.msn.com" | Out-File -encoding ASCII -append $file
  404. "0.0.0.0 msntest.serving-sys.com" | Out-File -encoding ASCII -append $file
  405. "0.0.0.0 bs.serving-sys.com1" | Out-File -encoding ASCII -append $file
  406. "0.0.0.0 flex.msn.com" | Out-File -encoding ASCII -append $file
  407. "0.0.0.0 ec.atdmt.com" | Out-File -encoding ASCII -append $file
  408. "0.0.0.0 cdn.atdmt.com" | Out-File -encoding ASCII -append $file
  409. "0.0.0.0 db3aqu.atdmt.com" | Out-File -encoding ASCII -append $file
  410. "0.0.0.0 cds26.ams9.msecn.net" | Out-File -encoding ASCII -append $file
  411. "0.0.0.0 sO.2mdn.net" | Out-File -encoding ASCII -append $file
  412. "0.0.0.0 aka-cdn-ns.adtech.de" | Out-File -encoding ASCII -append $file
  413. "0.0.0.0 secure.flashtalking.com" | Out-File -encoding ASCII -append $file
  414. "0.0.0.0 adnexus.net" | Out-File -encoding ASCII -append $file
  415. "0.0.0.0 adnxs.com" | Out-File -encoding ASCII -append $file
  416. "0.0.0.0 *.rad.msn.com" | Out-File -encoding ASCII -append $file
  417. "0.0.0.0 *.msads.net" | Out-File -encoding ASCII -append $file
  418. "0.0.0.0 *.msecn.net" | Out-File -encoding ASCII -append $file
  419.  
  420. Write-Progress -Activity "Appending entries to hosts file" -Status "Progress:" -PercentComplete 30
  421. }
  422. }
  423. # Secure local group policy for privacy
  424. # We'll need the PolicyFileEditor module for this
  425. function Tweak-LocalPolicy($isenable)
  426. {
  427. if ($isenable -eq $true)
  428. {
  429. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 30
  430.  
  431. $command = get-command Set-PolicyFileEntry -ErrorAction SilentlyContinue
  432. if ($command -eq $null) # Can't use the Set command so the module likely isn't working
  433. {
  434. Write-Host "No PolicyFileEditor 2.0 found. Please accept the download for NuGet by pressing Y when the prompt appears in a moment:" -ForegroundColor Red
  435. if ((Get-Command Set-PolicyFileEntry -ErrorAction SilentlyContinue) -eq $null) # Don't have the module, download it
  436. {
  437. install-module PolicyFileEditor -Force -Confirm:$true
  438. Start-Sleep 5
  439. $command = get-command Set-PolicyFileEntry -ErrorAction SilentlyContinue
  440. }
  441. }
  442. if ($command -ne $null) # We're good, command found so we can continue
  443. {
  444. Write-Progress -Activity "Securing local group policy for privacy" -Status "Progress:" -PercentComplete 35
  445. # The reason I'm waiting 1s after each edit is to let the filesystem make necessary edits in the background, without the delay this will break local policies
  446. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DataCollection" -ValueName AllowTelemetry -Type DWord -Data 0
  447. Start-Sleep 1
  448. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" -ValueName TurnOffSidebar -Type DWord -Data 1
  449. Start-Sleep 1
  450. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Assistance\Client\1.0" -ValueName NoActiveHelp -Type DWord -Data 1
  451. Start-Sleep 1
  452. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Biometrics" -ValueName Enabled -Type DWord -Data 0
  453. Start-Sleep 1
  454. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Conferencing" -ValueName NoRDS -Type DWord -Data 1
  455. Start-Sleep 1
  456. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\InputPersonalization" -ValueName AllowInputPersonalization -Type DWord -Data 0
  457. Start-Sleep 1
  458. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Geolocation" -ValueName PolicyDisableGeolocation -Type DWord -Data 1
  459. Start-Sleep 1
  460. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions" -ValueName NoUpdateCheck -Type DWord -Data 1
  461. Start-Sleep 1
  462. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Main" -ValueName DoNotTrack -Type DWord -Data 1
  463. Start-Sleep 1
  464. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy" -ValueName EnableInPrivateBrowsing -Type DWord -Data 0
  465. Start-Sleep 1
  466. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\SQM" -ValueName DisableCustomerImprovementProgram -Type DWord -Data 0
  467. Start-Sleep 1
  468. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Messenger\Client" -ValueName CEIP -Type DWord -Data 2
  469. Start-Sleep 1
  470. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Messenger\Client" -ValueName PreventAutoRun -Type DWord -Data 1
  471. Start-Sleep 1
  472. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main" -ValueName Cookies -Type DWord -Data 2
  473. Start-Sleep 1
  474. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 40
  475. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" -ValueName DoReport -Type DWord -Data 0
  476. Start-Sleep 1
  477. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" -ValueName ForceQueueMode -Type DWord -Data 0
  478. Start-Sleep 1
  479. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWFileTreeRoot -Type String -Data ""
  480. Start-Sleep 1
  481. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoExternalURL -Type DWord -Data 1
  482. Start-Sleep 1
  483. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoFileCollection -Type DWord -Data 1
  484. Start-Sleep 1
  485. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoSecondLevelCollection -Type DWord -Data 1
  486. Start-Sleep 1
  487. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWReporteeName -Type String -Data ""
  488. Start-Sleep 1
  489. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\SearchCompanion" -ValueName DisableContentFileUpdates -Type DWord -Data 1
  490. Start-Sleep 1
  491. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\SQMClient\Windows" -ValueName CEIPEnable -Type DWord -Data 0
  492. Start-Sleep 1
  493. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender" -ValueName DisableAntiSpyware -Type DWord -Data 1
  494. Start-Sleep 1
  495. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -ValueName **del.SpynetReporting -Type String -Data ""
  496. Start-Sleep 1
  497. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -ValueName SubmitSamplesConsent -Type DWord -Data 2
  498. Start-Sleep 1
  499. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F0D0B4EB5D3C24F17D10AE531C7DCEF4A94F4A085AD0D4C88B75082573E36F857A" -ValueName Category -Type DWord -Data 1
  500. Start-Sleep 1
  501. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F0D0B4EB5D3C24F17D10AE531C7DCEF4A94F4A085AD0D4C88B75082573E36F857A" -ValueName CategoryReadOnly -Type DWord -Data 0
  502. Start-Sleep 1
  503. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" -ValueName NoGenTicket -Type DWord -Data 1
  504. Start-Sleep 1
  505. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\IIS" -ValueName PreventIISInstall -Type DWord -Data 1
  506. Start-Sleep 1
  507. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\Printers" -ValueName PhysicalLocation -Type String -Data anonymous
  508. Start-Sleep 1
  509. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" -ValueName DisabledByGroupPolicy -Type DWord -Data 1
  510. Start-Sleep 1
  511. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 45
  512. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName AITEnable -Type DWord -Data 0
  513. Start-Sleep 1
  514. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName DisableInventory -Type DWord -Data 1
  515. Start-Sleep 1
  516. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName DisableUAR -Type DWord -Data 1
  517. Start-Sleep 1
  518. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -ValueName PreventDeviceMetadataFromNetwork -Type DWord -Data 1
  519. Start-Sleep 1
  520. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" -ValueName DisableSendGenericDriverNotFoundToWER -Type DWord -Data 1
  521. Start-Sleep 1
  522. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" -ValueName DisableSendRequestAdditionalSoftwareToWER -Type DWord -Data 1
  523. Start-Sleep 1
  524. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Explorer" -ValueName NoUseStoreOpenWith -Type DWord -Data 1
  525. Start-Sleep 1
  526. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName DownloadGameInfo -Type DWord -Data 0
  527. Start-Sleep 1
  528. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName GameUpdateOptions -Type DWord -Data 0
  529. Start-Sleep 1
  530. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName ListRecentlyPlayed -Type DWord -Data 0
  531. Start-Sleep 1
  532. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard" -ValueName ExitOnMSICW -Type DWord -Data 1
  533. Start-Sleep 1
  534. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" -ValueName DisableLocation -Type DWord -Data 1
  535. Start-Sleep 1
  536. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\OneDrive" -ValueName DisableFileSyncNGSC -Type DWord -Data 1
  537. Start-Sleep 1
  538. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PowerShell" -ValueName EnableScripts -Type DWord -Data 1
  539. Start-Sleep 1
  540. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PowerShell" -ValueName ExecutionPolicy -Type String -Data "RemoteSigned"
  541. Start-Sleep 1
  542. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName **del.EnableExperimentation -Type String -Data ""
  543. Start-Sleep 1
  544. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName AllowBuildPreview -Type DWord -Data 0
  545. Start-Sleep 1
  546. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName EnableConfigFlighting -Type DWord -Data 0
  547. Start-Sleep 1
  548. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\System" -ValueName AsyncScriptDelay -Type DWord -Data 1
  549. Start-Sleep 1
  550. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\System" -ValueName EnableLogonScriptDelay -Type DWord -Data 1
  551. Start-Sleep 1
  552. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 50
  553. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{186f47ef-626c-4670-800a-4a30756babad}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  554. Start-Sleep 1
  555. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  556. Start-Sleep 1
  557. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  558. Start-Sleep 1
  559. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  560. Start-Sleep 1
  561. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  562. Start-Sleep 1
  563. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  564. Start-Sleep 1
  565. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  566. Start-Sleep 1
  567. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  568. Start-Sleep 1
  569. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  570. Start-Sleep 1
  571. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  572. Start-Sleep 1
  573. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" -ValueName EnabledScenarioExecutionLevel -Type DWord -Data 1
  574. Start-Sleep 1
  575. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  576. Start-Sleep 1
  577. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  578. Start-Sleep 1
  579. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  580. Start-Sleep 1
  581. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  582. Start-Sleep 1
  583. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" -ValueName Disabled -Type DWord -Data 1
  584. Start-Sleep 1
  585. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 55
  586. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" -ValueName DontSendAdditionalData -Type DWord -Data 1
  587. Start-Sleep 1
  588. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowCortana -Type DWord -Data 0
  589. Start-Sleep 1
  590. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowSearchToUseLocation -Type DWord -Data 0
  591. Start-Sleep 1
  592. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchPrivacy -Type DWord -Data 3
  593. Start-Sleep 1
  594. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchSafeSearch -Type DWord -Data 3
  595. Start-Sleep 1
  596. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWeb -Type DWord -Data 0
  597. Start-Sleep 1
  598. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWebOverMeteredConnections -Type DWord -Data 0
  599. Start-Sleep 1
  600. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName DisableWebSearch -Type DWord -Data 1
  601. Start-Sleep 1
  602. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName DeferUpgrade -Type DWord -Data 1
  603. Start-Sleep 1
  604. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName DoNotConnectToWindowsUpdateInternetLocations -Type DWord -Data 1
  605. Start-Sleep 1
  606. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName **del.AutomaticMaintenanceEnabled -Type String -Data ""
  607. Start-Sleep 1
  608. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 60
  609. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName **del.DetectionFrequency -Type String -Data ""
  610. Start-Sleep 1
  611. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName AUOptions -Type DWord -Data 2
  612. Start-Sleep 1
  613. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName DetectionFrequencyEnabled -Type DWord -Data 0
  614. Start-Sleep 1
  615. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName EnableFeaturedSoftware -Type DWord -Data 1
  616. Start-Sleep 1
  617. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName NoAutoUpdate -Type DWord -Data 0
  618. Start-Sleep 1
  619. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName ScheduledInstallDay -Type DWord -Data 0
  620. Start-Sleep 1
  621. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName ScheduledInstallTime -Type DWord -Data 3
  622. Start-Sleep 1
  623. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\WMDRM" -ValueName DisableOnline -Type DWord -Data 1
  624. Start-Sleep 1
  625. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName NoInstrumentation -Type DWord -Data 1
  626. Start-Sleep 1
  627. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Internet Explorer\Privacy" -ValueName EnableInPrivateBrowsing -Type DWord -Data 0
  628. Start-Sleep 1
  629. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" -ValueName DisableLogging -Type DWord -Data 1
  630. Start-Sleep 1
  631. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Windows\EdgeUI" -ValueName DisableMFUTracking -Type DWord -Data 1
  632. gpupdate /force | Out-Null
  633. }
  634. else
  635. {
  636. Write-Warning "Local policies not configured, did not find the PolicyFileEditor module"
  637. }
  638. Write-Progress -Activity "Securing local group policy for privacy" -Status "Progress:" -PercentComplete 65
  639. }
  640. }
  641. # Tweak registry
  642. function Tweak-Registry($isenable)
  643. {
  644. if ($isenable -eq $true)
  645. {
  646. Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 65
  647. New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  648.  
  649. # PhotoViewer fix so it appears in your Open With... menu and is enabled as your standard viewer
  650. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.ico" -Force | Out-Null
  651. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.tiff" -Force | Out-Null
  652. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.bmp" -Force | Out-Null
  653. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.png" -Force | Out-Null
  654. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.gif" -Force | Out-Null
  655. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpeg" -Force | Out-Null
  656. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpg" -Force | Out-Null
  657. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.ico" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  658. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.tiff" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  659. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.bmp" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  660. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.png" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  661. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.gif" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  662. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpeg" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  663. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpg" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  664.  
  665. # Fix DPI scaling blurry/fuzzy display at 125% (Might get reset by reboot/windows update)
  666.  
  667. $title = "DPI Scaling"
  668. $message = "Do you want to Fix DPI scaling blurry/fuzzy display at 125% (Might get reset by reboot/windows update) and set DPI to 125%"
  669. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  670. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  671. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  672. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  673.  
  674. switch ($result)
  675. {
  676. 0 {
  677. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "DpiScalingVer" -Value "0x00001018" -PropertyType DWORD -Force | Out-Null
  678. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "Win8DpiScaling" -Value "0x00000001" -PropertyType DWORD -Force | Out-Null
  679. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "LogPixels" -Value "0x00000078" -PropertyType DWORD -Force | Out-Null
  680. }
  681. 1 {}
  682. }
  683.  
  684. $title = "DPI Adjust to 125%"
  685. $message = "Do you want to set DPI to 125%"
  686. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  687. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  688. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  689. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  690.  
  691. switch ($result)
  692. {
  693. 0 {
  694. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "LogPixels" -Value "0x00000078" -PropertyType DWORD -Force | Out-Null
  695. }
  696. 1 {}
  697. }
  698.  
  699. # Add a 'Take Owner' option in your right-click menu (Powershell has problems with '*', using reg.exe)
  700.  
  701. $title = "TakeOwnership"
  702. $message = "Do you want to Add a 'Take Ownership' option in your right-click menu? "
  703. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  704. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  705. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  706. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  707.  
  708. switch ($result)
  709. {
  710. 0 {
  711. echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas" /ve /t REG_SZ /d "Take Ownership" /f | Out-Null
  712. echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas" /v NoWorkingDirectory /t REG_SZ /d "" /f | Out-Null
  713. echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas\command" /ve /t REG_SZ /d "cmd.exe /c takeown /f \`"%1\`" && icacls \`"%1\`" /grant administrators:F" /f | Out-Null
  714. echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas\command" /v IsolatedCommand /t REG_SZ /d "cmd.exe /c takeown /f \`"%1\`" && icacls \`"%1\`" /grant administrators:F" /f | Out-Null
  715.  
  716. New-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" | Out-Null
  717. New-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" | Out-Null
  718. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" -Name '(Default)' -Value "Take Ownership" | Out-Null
  719. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" -Name NoWorkingDirectory -Value "" | Out-Null
  720. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" -Name '(Default)' -Value "cmd.exe /c takeown /f `"%1`" /r /d y && icacls `"%1`" /grant administrators:F /t" | Out-Null
  721. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" -Name IsolatedCommand -Value "cmd.exe /c takeown /f `"%1`" /r /d y && icacls `"%1`" /grant administrators:F /t" | Out-Null
  722. }
  723. 1 {}
  724. }
  725.  
  726. # Remove OneDrive completely
  727.  
  728. $title = "Remove OneDrive"
  729. $message = "Do you want to Remove OneDrive and remove it from the Explorer pane "
  730. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  731. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  732. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  733. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  734.  
  735. switch ($result)
  736. {
  737. 0 {
  738.  
  739. # Let's find out if it's already removed first!
  740. $OneDriveEnabled = $false
  741. if ((Get-Process *OneDrive*) -ne $null) # Checking if the process exists
  742. {
  743. # Process exists, therefore you must have OneDrive installed, unless you messed up big time
  744. $OneDriveEnabled = $true
  745. }
  746. if ($OneDriveEnabled -eq $true)
  747. {
  748. $OneDrivex86 = "$env:SystemRoot\System32\OneDriveSetup.exe"
  749. $OneDrivex64 = "$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
  750.  
  751. Get-Process *OneDrive* | Stop-Process -Force | Out-Null
  752. Start-Sleep 3
  753.  
  754. if (Test-Path $OneDrivex86)
  755. {
  756. & $OneDrivex86 "/uninstall" | Out-Null
  757. Start-Sleep 15 # Uninstallation needs time to let go off the files
  758. }
  759.  
  760. if (Test-Path $OneDrivex64)
  761. {
  762. & $OneDrivex64 "/uninstall" | Out-Null
  763. Start-Sleep 20 # Uninstallation needs time to let go off the files
  764. }
  765.  
  766. # Explorer.exe gets in our way by locking the files for some reason
  767.  
  768. taskkill /F /IM explorer.exe | Out-Null
  769.  
  770. if (Test-Path "$env:USERPROFILE\OneDrive") { rd "$env:USERPROFILE\OneDrive" -Recurse -Force | Out-Null }
  771. if (Test-Path "C:\OneDriveTemp") { rd "C:\OneDriveTemp" -Recurse -Force | Out-Null }
  772. if (Test-Path "$env:LOCALAPPDATA\Microsoft\OneDrive")
  773. {
  774. cmd.exe "/c takeown /f `"$env:LOCALAPPDATA\Microsoft\OneDrive`" /r /d y && icacls `"$env:LOCALAPPDATA\Microsoft\OneDrive`" /grant administrators:F /t" | Out-Null
  775. Start-Sleep 1
  776. rd "$env:LOCALAPPDATA\Microsoft\OneDrive" -Recurse -Force | Out-Null
  777. }
  778. if (Test-Path "$env:PROGRAMDATA\Microsoft OneDrive") { rd "$env:PROGRAMDATA\Microsoft OneDrive" -Recurse -Force | Out-Null }
  779.  
  780. if (Test-Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}")
  781. {
  782. TakeOwnership-RegKey "ClassesRoot" "CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" | Out-Null
  783. Remove-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse | Out-Null
  784. }
  785. if (Test-Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}")
  786. {
  787. TakeOwnership-RegKey "ClassesRoot" "Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" | Out-Null
  788. Remove-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse | Out-Null
  789. }
  790. Start-Sleep 1
  791. Start-Process explorer.exe
  792. }
  793.  
  794.  
  795. }
  796. 1 {}
  797. }
  798.  
  799. Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 75
  800. }
  801. }
  802. # Customization
  803. function Customize-Windows($isenable)
  804. {
  805. if ($isenable -eq $true)
  806. {
  807. New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT -ErrorAction SilentlyContinue | Out-Null
  808.  
  809. Write-Progress -Activity "Tweaking registry for customization" -Status "Progress:" -PercentComplete 75
  810.  
  811. # Allows Powershell Invoke-WebRequest to be usable again, without generating a Security Dialog (for developers)
  812.  
  813. $title = "Powershell"
  814. $message = "Do you want to Allow Powershell Invoke-WebRequest to be usable again, without generating a Security Dialog (for developers) "
  815. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  816. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  817. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  818. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  819.  
  820. switch ($result)
  821. {
  822. 0 {
  823. New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" -Name 1A10 -Value 0 | Out-Null
  824. }
  825. 1 {}
  826. }
  827.  
  828. # Use the Windows 7-8.1 Style Volume Mixer
  829.  
  830. $title = "Enable old volume mixer"
  831. $message = "Do you want to enable the old volume mixer? "
  832. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  833. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  834. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  835. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  836.  
  837. switch ($result)
  838. {
  839. 0 {
  840. If (-Not (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC"))
  841. {
  842. New-Item -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name MTCUVC | Out-Null
  843. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC" -Name EnableMtcUvc -Type DWord -Value 0 | Out-Null
  844. }
  845. }
  846. 1 {}
  847. }
  848.  
  849. # Remove tablet lock screen (No need for in LTSB)
  850.  
  851. $title = "Remove tablet lock screen (No need for in LTSB)r"
  852. $message = "Do you want to Remove tablet lock screen? "
  853. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  854. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  855. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  856. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  857.  
  858. switch ($result)
  859. {
  860. 0 {
  861. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Policies\Microsoft\Windows\Personalization" -Name NoLockScreen -Value 1 -PropertyType DWORD -Force | Out-Null
  862. }
  863. 1 {}
  864. }
  865.  
  866. # Remove Action Center from the right
  867.  
  868. $title = "Remove Action Center"
  869. $message = "Do you want to Remove Action Center from the right notification area? "
  870. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  871. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  872. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  873. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  874.  
  875. switch ($result)
  876. {
  877. 0 {
  878. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Force | Out-Null
  879. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name DisableNotificationCenter -PropertyType DWORD -Value 1 -Force | Out-Null
  880. }
  881. 1 {}
  882. }
  883.  
  884. # Disable Hibernation
  885.  
  886. $title = "Disable Hibernation"
  887. $message = "Do you want to Disable Hibernation? "
  888. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  889. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  890. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  891. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  892.  
  893. switch ($result)
  894. {
  895. 0 {
  896. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name "HiberbootEnabled" -PropertyType DWORD -Value 0 -Force | Out-Null
  897. }
  898. 1 {}
  899. }
  900.  
  901. # Removes 'Network' from left pane in explorer (requires ownership of the key)
  902.  
  903. $title = "Remove 'Network' from left pane in explorer"
  904. $message = "Do you want to remove 'Network' from left pane in explorer? "
  905. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  906. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  907. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  908. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  909.  
  910. switch ($result)
  911. {
  912. 0 {
  913. TakeOwnership-RegKey "ClassesRoot" "CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" | Out-Null
  914. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCR:\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 0xb0940064 -Force | Out-Null
  915. }
  916. 1 {}
  917. }
  918.  
  919. # Disable New Windows Update UI and Enable Previous UI (requires ownership of the key)
  920.  
  921. $title = "Windows Update UI"
  922. $message = "Do you want to Disable New Windows Update UI and Enable Previous UI? "
  923. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  924. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  925. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  926. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  927.  
  928. switch ($result)
  929. {
  930. 0 {
  931. TakeOwnership-RegKey "LocalMachine" "Software\Microsoft\WindowsUpdate\UX" | Out-Null
  932. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX" -Name IsConvergedUpdateStackEnabled -PropertyType DWORD -Value 0 -Force | Out-Null
  933. }
  934. 1 {}
  935. }
  936.  
  937. # Set explorer to open to "This PC"
  938.  
  939. $title = "Set explorer to open to 'This PC' "
  940. $message = "Do you want to set explorer to open to 'This PC instead of Quick Access? "
  941. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  942. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  943. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  944. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  945.  
  946. switch ($result)
  947. {
  948. 0 {
  949. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name LaunchTo -PropertyType DWORD -Value 1 -Force | Out-Null
  950. }
  951. 1 {}
  952. }
  953.  
  954. # Hide 'Search' bar (needs reboot or explorer.exe restart)
  955.  
  956. $title = "hide 'Search' Bar"
  957. $message = "Do you want hide 'Search' bar (will cause explorer.exe to restart)? "
  958. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  959. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  960. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  961. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  962.  
  963. switch ($result)
  964. {
  965. 0 {
  966. taskkill /F /IM explorer.exe | Out-Null
  967. Start-Sleep 1
  968. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\" -Name SearchboxTaskbarMode -PropertyType DWORD -Value 0 -Force | Out-Null
  969. Start-Sleep 1
  970. Start-Process explorer.exe
  971. }
  972. 1 {}
  973. }
  974.  
  975.  
  976. # Set UAC not to dim screen, but still display a warning (requires reboot)
  977.  
  978. $title = "UAC"
  979. $message = "Do you want to set UAC not to dim screen, but still display a warning (requires reboot)? "
  980. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  981. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  982. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  983. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  984.  
  985. switch ($result)
  986. {
  987. 0 {
  988. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name ConsentPromptBehaviorAdmin -PropertyType DWord -Value 5 -Force | Out-Null
  989. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name EnableLUA -PropertyType DWord -Value 1 -Force | Out-Null
  990. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name PromptOnSecureDesktop -PropertyType DWord -Value 0 -Force | Out-Null
  991. }
  992. 1 {}
  993. }
  994.  
  995. # This disables UAC, only use it if you're a l33t h4x0r
  996.  
  997. $title = "Disable UAC"
  998. $message = "Do you want to disable UAC, only use it if you're a l33t h4x0r? "
  999. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1000. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1001. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1002. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1003.  
  1004. switch ($result)
  1005. {
  1006. 0 {
  1007. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name EnableLUA -PropertyType DWord -Value 0 -Force | Out-Null
  1008. }
  1009. 1 {}
  1010. }
  1011.  
  1012. # Show file extensions (you should have this on anyways)
  1013.  
  1014. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name HideFileExt -PropertyType DWORD -Value 0 -Force | Out-Null
  1015.  
  1016. # Remove 'Customize this folder' from context menu
  1017.  
  1018. $title = "Remove 'Customize this folder' from context menu"
  1019. $message = "Do you want to remove 'Customize this folder' from context menu? "
  1020. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1021. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1022. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1023. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1024.  
  1025. switch ($result)
  1026. {
  1027. 0 {
  1028. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name NoCustomizeThisFolder -Value 1 -PropertyType DWORD -Force | Out-Null
  1029. New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Force | Out-Null
  1030. }
  1031. 1 {}
  1032. }
  1033.  
  1034. # Remove 'Restore to previous versions' from context menu (might be superflous, just in case)
  1035.  
  1036. $title = "Removes 'Restore to previous versions' from context menu"
  1037. $message = "Do you want to remove 'Restore to previous versions' from context menu (might be superflous, just in case)? "
  1038. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1039. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1040. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1041. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1042.  
  1043. switch ($result)
  1044. {
  1045. 0 {
  1046. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  1047. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  1048. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  1049. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  1050. }
  1051. 1 {}
  1052. }
  1053.  
  1054. # Remove 'Share with' from context menu (First 9 might be superflous, just in case)
  1055.  
  1056. $title = "Remove 'Share with' from context menu "
  1057. $message = "Do you want to remove 'Share with' from context menu ? "
  1058. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1059. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1060. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1061. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1062.  
  1063. switch ($result)
  1064. {
  1065. 0 {
  1066. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\Background\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1067. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1068. reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /f | Out-Null
  1069. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\CopyHookHandlers\Sharing" -Force -Recurse | Out-Null
  1070. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\PropertySheetHandlers\Sharing" -Force -Recurse | Out-Null
  1071. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1072. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\PropertySheetHandlers\Sharing" -Force -Recurse | Out-Null
  1073. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1074. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1075. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name SharingWizardOn -PropertyType DWORD -Value 0 -Force | Out-Null
  1076. }
  1077. 1 {}
  1078. }
  1079.  
  1080. # Remove Homegroup from left explorer pane (requires ownership of the keys)
  1081.  
  1082. $title = "Remove Homegroup from left explorer pane"
  1083. $message = "Do you want to remove 'Homegroup' from left explorer pane? "
  1084. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1085. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1086. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1087. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1088.  
  1089. switch ($result)
  1090. {
  1091. 0 {
  1092. TakeOwnership-RegKey "ClassesRoot" "CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" | Out-Null
  1093. TakeOwnership-RegKey "ClassesRoot" "Wow6432Node\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" | Out-Null
  1094. New-ItemProperty -ErrorAction SilentlyContinue "HKCR:\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 2962489612 -Force | Out-Null # hex: b094010c
  1095. New-ItemProperty -ErrorAction SilentlyContinue "HKCR:\Wow6432Node\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 2962489612 -Force | Out-Null # hex: b094010c
  1096. }
  1097. 1 {}
  1098. }
  1099.  
  1100. # Remove 'Include in library' from context menu (might be superflous, just in case)
  1101.  
  1102. $title = "Remove 'Include in library' from context menu"
  1103. $message = "Do you want to remove 'Include in library' from context menu? "
  1104. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1105. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1106. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1107. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1108.  
  1109. switch ($result)
  1110. {
  1111. 0 {
  1112. Remove-Item -ErrorAction SilentlyContinue "HKCR:\Folder\ShellEx\ContextMenuHandlers\Library Location" -Force -Recurse | Out-Null
  1113. Remove-Item -ErrorAction SilentlyContinue "HKLM:\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Library Location" -Force -Recurse | Out-Null
  1114. }
  1115. 1 {}
  1116. }
  1117.  
  1118. # Remove 'Send to' from context menu (might be superflous, just in case)
  1119.  
  1120. $title = "Remove 'Send to' from context menu"
  1121. $message = "Do you want to remove 'Send to' from context menu? "
  1122. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1123. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1124. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1125. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1126.  
  1127. switch ($result)
  1128. {
  1129. 0 {
  1130. Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo" -Force -Recurse | Out-Null
  1131. }
  1132. 1 {}
  1133. }
  1134.  
  1135. # Disable Cortana, Bing Search and Searchbar
  1136.  
  1137. $title = "Disable Cortana, Bing Search and Searchbar"
  1138. $message = "Do you want to disable Cortana, Bing Search and Searchbar? "
  1139. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1140. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1141. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1142. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1143.  
  1144. switch ($result)
  1145. {
  1146. 0 {
  1147. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name AllowCortana -PropertyType DWORD -Value 0 -Force | Out-Null
  1148. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Microsoft\Windows\Windows Search" -Name CortanaEnabled -PropertyType DWORD -Value 0 -Force | Out-Null
  1149. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Microsoft\Windows\Windows Search" -Name SearchboxTaskbarMode -PropertyType DWORD -Value 0 -Force | Out-Null
  1150. New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Microsoft\Windows\Windows Search" -Name BingSearchEnabled -PropertyType DWORD -Value 0 -Force | Out-Null
  1151. }
  1152. 1 {}
  1153. }
  1154.  
  1155. Write-Progress -Activity "Tweaking registry for customization" -Status "Progress:" -PercentComplete 85
  1156. }
  1157. }
  1158. # Remove features
  1159. function Remove-Features($isenable)
  1160. {
  1161. if ($isenable -eq $true)
  1162. {
  1163. Write-Progress -Activity "Removing features" -Status "Progress:" -PercentComplete 85
  1164.  
  1165. # XPS Viewer
  1166. Dism /online /Disable-Feature /FeatureName:Xps-Foundation-Xps-Viewer /quiet /norestart
  1167. # XPS Services
  1168. Dism /online /Disable-Feature /FeatureName:Printing-XPSServices-Features /quiet /norestart
  1169. # Internet Explorer
  1170. Dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64 /quiet /norestart
  1171. # Work Folders
  1172. Dism /online /Disable-Feature /FeatureName:WorkFolders-Client /quiet /norestart
  1173. # Enabling .NET 3.5 framework because a lot of programs still use it
  1174. Dism /online /Enable-Feature /FeatureName:NetFx3 /quiet /norestart
  1175.  
  1176. Write-Progress -Activity "Removing/enabling features" -Status "Progress:" -PercentComplete 95
  1177. }
  1178. }
  1179. #Remove Metro Apps
  1180. function Tweak-MetroApps($isenable)
  1181. {
  1182. if ($isenable -eq $true)
  1183. {
  1184. Write-Progress -Activity "Removing/enabling features" -Status "Progress:" -PercentComplete 95
  1185. #remove all listed apps
  1186.  
  1187. $Apps =
  1188. "Microsoft.BingFinance"
  1189. "Microsoft.BingWeather"
  1190. "Microsoft.BingNews"
  1191. "Microsoft.BingSports"
  1192. "Microsoft.3DBuilder"
  1193. "Microsoft.ZuneVideo"
  1194. "Microsoft.ZuneMusic"
  1195. "Microsoft.Windows.Photos"
  1196. "microsoft.windowscommunicationsapps"
  1197. "Microsoft.MicrosoftSolitaireCollection"
  1198. "Microsoft.WindowsPhone"
  1199. "Microsoft.WindowsSoundRecorder"
  1200. "Microsoft.WindowsCamera"
  1201. "Microsoft.People"
  1202. "Microsoft.Office.OneNote"
  1203. "Microsoft.MicrosoftOfficeHub"
  1204. "Microsoft.XboxApp"
  1205. "Microsoft.SkypeApp"
  1206. "Microsoft.Getstarted"
  1207. "Microsoft.WindowsAlarms"
  1208. "Microsoft.WindowsMaps"
  1209.  
  1210.  
  1211. write-host $apps
  1212.  
  1213. $title = "Remove all listed apps"
  1214. $message = "Do you want to Remove all listed apps? "
  1215. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1216. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1217. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1218. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1219.  
  1220. switch ($result)
  1221. {
  1222. 0 {
  1223. $Apps =@(
  1224. Get-AppxPackage -name Microsoft.BingFinance
  1225. Get-AppxPackage -name Microsoft.BingWeather
  1226. Get-AppxPackage -name Microsoft.BingNews
  1227. Get-AppxPackage -name Microsoft.BingSports
  1228. Get-AppxPackage -name Microsoft.3DBuilder
  1229. Get-AppxPackage -name Microsoft.ZuneVideo
  1230. Get-AppxPackage -name Microsoft.ZuneMusic
  1231. Get-AppxPackage -name Microsoft.Windows.Photos
  1232. Get-AppxPackage -name microsoft.windowscommunicationsapps
  1233. Get-AppxPackage -name Microsoft.MicrosoftSolitaireCollection
  1234. Get-AppxPackage -name Microsoft.WindowsPhone
  1235. Get-AppxPackage -name Microsoft.WindowsSoundRecorder
  1236. Get-AppxPackage -name Microsoft.WindowsCamera
  1237. Get-AppxPackage -name Microsoft.People
  1238. Get-AppxPackage -name Microsoft.Office.OneNote
  1239. Get-AppxPackage -name Microsoft.MicrosoftOfficeHub
  1240. Get-AppxPackage -name Microsoft.XboxApp
  1241. Get-AppxPackage -name Microsoft.SkypeApp
  1242. Get-AppxPackage -name Microsoft.Getstarted
  1243. Get-AppxPackage -name Microsoft.WindowsAlarms
  1244. Get-AppxPackage -name Microsoft.WindowsMaps
  1245. )
  1246. ForEach ($app in $apps)
  1247. {
  1248. Remove-AppxPackage $app
  1249. }
  1250. }
  1251. 1 {}
  1252. }
  1253. Write-Progress -Activity "Removing/enabling features" -Status "Progress:" -PercentComplete 100
  1254. }
  1255. }
  1256.  
  1257.  
  1258.  
  1259. # ======================================================================================================= Main Code
  1260. Write-Host "YOUR COMPUTER IS BEING HACKED. HOLD ON." -ForegroundColor Green
  1261.  
  1262. Disable-ScheduledTasks $schdtasks
  1263. Disable-Services $services
  1264. Tweak-Settings $settings
  1265. Edit-Hosts $hosts
  1266. Tweak-LocalPolicy $localpolicy
  1267. Tweak-Registry $registry
  1268. Customize-Windows $customize
  1269. Remove-Features $features
  1270. Tweak-MetroApps $MetroApps
  1271.  
  1272. Write-Host "FINISHED. CHECK SYSTEM32 AND CHANGE YOUR SOCIAL SECURITY NUMBER." -ForegroundColor Green
  1273. Read-Host "Debloat complete. Please restart your system to make sure everything works properly."
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!