Guest User

Debloat win10

a guest
Aug 22nd, 2015
6,105
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <#
  2.     NAME
  3.         Debloat-Windows10.ps1
  4.     DESCRIPTION
  5.         Debloats and customizes Windows 10 Enterprise N LTSB. Please contain this on /g/ and don't leak it outside.
  6.         It changes your privacy options in the settings app and disables scheduled tasks and services that are there
  7.         to gather information about you. It also tweaks the registry to customize settings, make your font display properly
  8.         on DPI scaling 125% and disable OneDrive completely. Windows Features are also disabled, such as Internet Explorer
  9.         and XPS Viewer, while others are enabled such as .NET framework 3.5. On top of it all, it appends new lines to your
  10.         hosts file that block Microsoft from collecting data on you, as well as enables or disables local policies to
  11.         strengthen your privacy and security. This is a webm that illustrates the installation process:
  12.         https://fuwa.se/m6b9oq.webm/debloat-windows.webm
  13.     NOTES
  14.         Website         | the world is burning, everyone all together collectively install gentoo
  15.         Original Author     | Microsoft Engineer !JeCZI7VUg2
  16.         Contributors        | Anon
  17.         Date            | 8/9/2015
  18.         Version         | 1.5.0.0
  19.     REQUIREMENTS
  20.         ° Clean Windows installation
  21.         ° Internet connection because I'm using 'PolicyFileEditor' module,
  22.           if you need this to work offline, download the v2.0 of that module (google) and make sure it's installed
  23.         ° You have to manually allow scripts to run (one time only, elevated powershell) so execute this command:
  24.           Set-ExecutionPolicy RemoteSigned
  25.         ° This is important! You have to wait for the OneDrive installation, after your first Windows login.
  26.           It might take 5 minutes to pop up but you have to wait for it to install completely so we can nuke it properly.
  27.           You'll know when it's done, because you'll have an icon in the bottom right tray bar.
  28.     CHANGELOG
  29.     8/9/2015, 1.5.0.0
  30.             added yes no options to initial config variables, defaults to No
  31.             added yes no options to various config options, defaults to No
  32.             Merged parts of Windows 10 TNBT batch script into this one
  33.    
  34.     8/5/2015, 1.4.0.0   | tested with installing KB3081424 after script+reboot; no issues, no reset of settings
  35.                           settings: disabled sharing updates in local area network
  36.                           customize: added the old windows 7-8.1 volume mixer
  37.                           customize: disabling hibernation
  38.                           fixed the issue where you'll see errors when running the script multiple times (it's ok now)
  39.  
  40.     8/5/2015, 1.3.0.0   | disabling new scheduled task: microsoft\windows\application experience\programdataupdater
  41.                           added another customization which removes 'Network' in your explorer's left pane
  42.                           added another customization which removes 'HomeGroup' in your explorer's left pane
  43.                           added another customization which restores old windows update ui
  44.                           added more entries to the hosts file to make Skype ad-free
  45.                           doesn't download/prompt for PolicyFileEditor if you already have the module installed
  46.                           onedrive doesn't hang up the script anymore if it has been previously removed
  47.     KNOWN ISSUES
  48.         ° If another process is accessing your hosts file or your OneDrive folders, you will see error messages.
  49.           I've only tested this on a barebone Windows 10 Enterprise N LTSB installation, so please make sure you're
  50.           not syncing fils and folders with OneDrive and you don't have some weird virus.
  51. #>
  52.  
  53. cls
  54. $ErrorActionPreference  = "Continue"
  55.  
  56. # =========================================================================================== Variables and Objects
  57. $title = "Settings"
  58. $message = "Do you want to Modify Wndows Settings "
  59. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  60. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  61. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  62. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  63.  
  64. switch ($result)
  65.     {
  66.         0 {$settings = $true}
  67.         1 {$settings = $false}
  68.     }
  69.  
  70. $title = "Hosts"
  71. $message = "Do you want to Modify Windows Hosts File? "
  72. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  73. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  74. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  75. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  76.  
  77. switch ($result)
  78.     {
  79.         0 {$hosts = $true}
  80.         1 {$hosts = $false}
  81.     }
  82.  
  83. $title = "Local Policy"
  84. $message = "Do you want to modify  Wndows Local Policy Settings? "
  85. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  86. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  87. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  88. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  89.  
  90. switch ($result)
  91.     {
  92.         0 {$localpolicy = $true}
  93.         1 {$localpolicy = $false}
  94.     }
  95.  
  96. $title = "Registry"
  97. $message = "Do you want to Modify Wndows Registry? "
  98. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  99. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  100. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  101. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  102.  
  103. switch ($result)
  104.     {
  105.         0 {$registry = $true}
  106.         1 {$registry = $false}
  107.     }
  108.    
  109. $title = "Features"
  110. $message = "Do you want to remove features such as XPS, Internet Explorer, Work folders and enable .NET 3.5 ? "
  111. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  112. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  113. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  114. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  115.  
  116. switch ($result)
  117.     {
  118.         0 {$features = $true}
  119.         1 {$features = $false}
  120.     }  
  121.    
  122. $title = "Services"
  123. $message = "Do you want to modify Wndows Services? "
  124. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  125. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  126. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  127. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  128.  
  129. switch ($result)
  130.     {
  131.         0 {$services = $true}
  132.         1 {$services = $false}
  133.     }  
  134.    
  135. $title = "Scheduled Tasks"
  136. $message = "Do you want to modify Wndows Scheduled Tasks? "
  137. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  138. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  139. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  140. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  141.  
  142. switch ($result)
  143.     {
  144.         0 {$schtasks = $true}
  145.         1 {$schtasks = $false}
  146.     }
  147.    
  148. $title = "Customize"
  149. $message = "Do you want to Customize misc windows features? "
  150. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  151. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  152. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  153. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  154.  
  155. switch ($result)
  156.     {
  157.         0 {$customize = $true}
  158.         1 {$customize = $false}
  159.     }  
  160.    
  161. $title = "'Metro Apps'"
  162. $message = "Do you want to remove certain metro apps ? "
  163. $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  164. $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  165. $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  166. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  167.     switch ($result)
  168.     {
  169.         0 {$metroapps = $true}
  170.         1 {$metroapps = $false}
  171.     }  
  172.    
  173. # ================================================================================= Functions (non script specific)
  174. # Takes Ownership of a registry sub key
  175. # hive values = ClassesRoot, CurrentUser, LocalMachine
  176. function TakeOwnership-RegKey($hive, $subkey)
  177. {
  178. $definition = @"
  179. using System;
  180. using System.Runtime.InteropServices;
  181.  
  182. namespace Win32Api
  183. {
  184.  
  185.     public class NtDll
  186.     {
  187.         [DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")]
  188.         public static extern int RtlAdjustPrivilege(ulong Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
  189.     }
  190. }
  191. "@
  192.  
  193.     Add-Type -TypeDefinition $definition -PassThru
  194.    
  195.     $bEnabled = $false
  196.  
  197.     # Enable SeTakeOwnershipPrivilege
  198.     $res = [Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$bEnabled)
  199.  
  200.     # Taking ownership
  201.     switch ($hive.ToString().tolower())
  202.     {
  203.         "classesroot" { $key = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  204.         "currentuser" { $key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  205.         "localmachine" { $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) }
  206.     }
  207.     $acl = $key.GetAccessControl()
  208.     $acl.SetOwner([System.Security.Principal.NTAccount]"Administrators")
  209.     $key.SetAccessControl($acl)
  210.  
  211.     # Setting access to the key
  212.     $acl = $key.GetAccessControl()
  213.     $person = [System.Security.Principal.NTAccount]"Administrators"
  214.     $access = [System.Security.AccessControl.RegistryRights]"FullControl"
  215.     $inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit"
  216.     $propagation = [System.Security.AccessControl.PropagationFlags]"None"
  217.     $type = [System.Security.AccessControl.AccessControlType]"Allow"
  218.  
  219.     $rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)
  220.     $acl.SetAccessRule($rule)
  221.     $key.SetAccessControl($acl)
  222.  
  223.     $key.Close()
  224. }
  225.  
  226. # ===================================================================================== Functions (script specific)
  227. # Disable scheduled tasks
  228. function Disable-ScheduledTasks($isenable)
  229. {
  230.     if ($schdtasks -eq $true)
  231.     {
  232.         Write-Progress -Activity "Disabling scheduled tasks" -Status "Progress:" -PercentComplete 0
  233.        
  234.         schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /Disable | out-null
  235.         schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /Disable | out-null
  236.         schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable | out-null
  237.         schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable | out-null
  238.         schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable | out-null
  239.         schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /Disable | out-null
  240.         schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable | out-null
  241.         schtasks /Change /TN "Microsoft\Windows\NetTrace\GatherNetworkInfo" /Disable | out-null
  242.         schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable | out-null
  243.         # Not sure about the following task, but the reg hack doesn't work either, so this is a pain in the fucking ass, maybe someone will figure it out, leaving it here:
  244.         # schtasks /Change /TN "Microsoft\Windows\SettingSync\BackgroundUploadTask" /Disable | Out-Null
  245.         # TakeOwnership-RegKey "LocalMachine" "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" | Out-Null
  246.         # New-Item -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00524425-019B-4FDD-B1C5-04767424D01B}" -Force | Out-Null
  247.         # New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00524425-019B-4FDD-B1C5-04767424D01B}" -Name "Triggers" -PropertyType Binary -Value ([byte[]](0x17,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x4a,0x85,0x00,0x42,0x48,0x48,0x48,0x48,0xd9,0x2b,0x30,0x29,0x48,0x48,0x48,0x48,0x0c,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x55,0x00,0x73,0x00,0x65,0x00,0x72,0x00,0x73,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x00,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x05,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x0c,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x05,0x04,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x58,0x00,0x00,0x00,0x48,0x48,0x48,0x48,0x00,0x00,0x00,0x00,0x30,0x2a,0x00,0x00,0x80,0xf4,0x03,0x00,0xff,0xff,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa2,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)) -Force | Out-Null
  248.        
  249.         Write-Progress -Activity "Disabling scheduled tasks" -Status "Progress:" -PercentComplete 4
  250.     }
  251. }
  252. # Disable services
  253. function Disable-Services($isenable)
  254. {
  255.     if ($isenable -eq $true)
  256.     {
  257.         Write-Progress -Activity "Disabling services" -Status "Progress:" -PercentComplete 4
  258.         # Disable DiagTrack
  259.         cmd /c sc config DiagTrack start= disabled | out-null
  260.         cmd /c sc config dmwappushservice start= disabled | out-null
  261.         cmd /c sc config diagnosticshub.standardcollector.service start= disabled | out-null
  262.         cmd /c sc config TrkWks start= disabled | out-null
  263.         cmd /c sc config WMPNetworkSvc start= disabled | out-null # Shouldn't exist but just making sure ...
  264.         # Making sure the DiagTrack log is empty (tinfoil)
  265.         Set-Content C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl -Value "" -Force
  266.         Write-Progress -Activity "Disabling services" -Status "Progress:" -PercentComplete 7
  267.     }
  268. }
  269. # Tweak settings app
  270. function Tweak-Settings($isenable)
  271. {
  272.     if ($isenable -eq $true)
  273.     {
  274.         Write-Progress -Activity "Backing up registry" -Status "Progress:" -PercentComplete 10 # Let's be save
  275.         if (!(test-path -PathType Leaf C:\registry-backup-hklm.reg)) { reg export HKLM C:\registry-backup-hklm.reg | Out-Null }
  276.         if (!(test-path -PathType Leaf C:\registry-backup-hkcu.reg)) { reg export HKCU C:\registry-backup-hkcu.reg | Out-Null }
  277.         if (!(test-path -PathType Leaf C:\registry-backup-hkcr.reg)) { reg export HKCR C:\registry-backup-hkcr.reg | Out-Null }
  278.  
  279.         Write-Progress -Activity "Tweaking settings app" -Status "Progress:" -PercentComplete 12
  280.         # Privacy -> General -> let websites provide locally relevant content by accessing my language list
  281.         if ((Get-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Internet Explorer\International\" -Name AcceptLanguage -ErrorAction SilentlyContinue) -ne $null) { Remove-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Internet Explorer\International" -Name "AcceptLanguage" -Force }
  282.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:Control Panel\International\User Profile" -Name HttpAcceptLanguageOptOut -Value 1 | Out-Null
  283.         # Privacy -> General -> turn on smartscreen filter to check web content that windows store apps use
  284.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost\" -Name EnableWebContentEvaluation -Value 0 -Force | Out-Null
  285.         # Privacy -> Camera -> let apps use my camera
  286.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}" -Name Value -Value "Deny" | Out-Null
  287.         # Privacy -> Microphone -> let apps use my microphone
  288.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}\" -Name Value -Value "Deny" | Out-Null
  289.         # Privacy -> Account info -> let apps access my name, picture and other account info
  290.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}\" -Name Value -Value "Deny" | Out-Null
  291.         # Privacy -> Calendar -> let apps access my calendar
  292.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}\" -Name Value -Value "Deny" | Out-Null
  293.         # Privacy -> Messaging -> let apps read or send sms and text messages
  294.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}\" -Name Value -Value "Deny" | Out-Null
  295.         # Privacy -> Radio -> let apps control radios
  296.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}\" -Name Value -Value "Deny" | Out-Null
  297.         # Privacy -> Other devices -> sync with devices
  298.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled\" -Name Value -Value "Deny" | Out-Null
  299.         # Privacy -> Feedback & Diagnostics -> feedback frequency
  300.         New-Item -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null
  301.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name NumberOfSIUFInPeriod -Value 0 -Force | Out-Null
  302.         if ((Get-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name PeriodInNanoSeconds -ErrorAction SilentlyContinue) -ne $null) { Remove-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name PeriodInNanoSeconds }
  303.         # Update & Security -> Windows Update -> Advanced -> Choose how updates are delviered -> Updates from more than one place (this is a GUI bug, registry is set properly even though it may show 'ON')
  304.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DownloadMode" -PropertyType DWORD -Value 0 | Out-Null
  305.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Value 0 | Out-Null
  306.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\" -Name "SystemSettingsDownloadMode" -Value 0 | Out-Null
  307.        
  308.         Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:Control Panel\Desktop\WindowMetrics" -Name MinAnimate -Value 0 | Out-Null
  309.        
  310.         # Ease of Access -> Other options -> Visual options -> play animations
  311.         $title = "Window Animations"
  312.         $message = "Do you want to disable window animations? "
  313.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  314.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  315.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  316.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  317.  
  318.         switch ($result)
  319.             {
  320.                 0 {Set-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:Control Panel\Desktop\WindowMetrics" -Name MinAnimate -Value 0 | Out-Null}
  321.                 1 {}
  322.             }  
  323.    
  324.        
  325.         Write-Progress -Activity "Tweaking settings app" -Status "Progress:" -PercentComplete 15
  326.     }
  327. }
  328. # Append hosts file entries
  329. function Edit-Hosts($isenable)
  330. {
  331.     if ($isenable -eq $true)
  332.     {
  333.         takeown /f %systemroot%\system32\drivers\etc\hosts /a
  334.         Write-Progress -Activity "Appending entries to hosts file" -Status "Progress:" -PercentComplete 15
  335.         $file = "C:\Windows\System32\drivers\etc\hosts"
  336.    
  337.         "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  338.         "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  339.         "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  340.         "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  341.         "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  342.         "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  343.         "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  344.         "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  345.         "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  346.         "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  347.         "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  348.         "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  349.         "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  350.         "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  351.         "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  352.         "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  353.         "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  354.         "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  355.         "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  356.         "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  357.         "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  358.         "127.0.0.1 telemetry.appex.bing.net:443" | Out-File -encoding ASCII -append $file
  359.         "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  360.         "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  361.         "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  362.         "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  363.         "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  364.         "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  365.         "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  366.         "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  367.         "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  368.         "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  369.         "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  370.         "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  371.         "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  372.         "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  373.         "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  374.         "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  375.         "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  376.         "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  377.         "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  378.         "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  379.         "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  380.         "127.0.0.1 watson.microsoft.com" | Out-File -encoding ASCII -append $file
  381.         "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  382.         "127.0.0.1 wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  383.         "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  384.         "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  385.         "127.0.0.1 survey.watson.microsoft.com" | Out-File -encoding ASCII -append $file
  386.         "127.0.0.1 watson.live.com" | Out-File -encoding ASCII -append $file
  387.         "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  388.         "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  389.         "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  390.         "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  391.         "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  392.         "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  393.         "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  394.         "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  395.         "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  396.         "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  397.         "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  398.         "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  399.         "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  400.         "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  401.         "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  402.         "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  403.         "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  404.         "127.0.0.1 wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  405.         "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  406.         "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  407.         "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  408.         "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  409.         "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  410.         "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  411.         "127.0.0.1 telemetry.appex.bing.net:443" | Out-File -encoding ASCII -append $file
  412.         "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  413.         "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  414.         "127.0.0.1 survey.watson.microsoft.com" | Out-File -encoding ASCII -append $file
  415.         "127.0.0.1 watson.live.com" | Out-File -encoding ASCII -append $file
  416.         "127.0.0.1 watson.microsoft.com" | Out-File -encoding ASCII -append $file
  417.         "127.0.0.1 statsfe2.ws.microsoft.com" | Out-File -encoding ASCII -append $file
  418.         "127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com" | Out-File -encoding ASCII -append $file
  419.         "127.0.0.1 compatexchange.cloudapp.net" | Out-File -encoding ASCII -append $file
  420.         "127.0.0.1 cs1.wpc.v0cdn.net" | Out-File -encoding ASCII -append $file
  421.         "127.0.0.1 a-0001.a-msedge.net" | Out-File -encoding ASCII -append $file
  422.         "127.0.0.1 a-0002.a-msedge.net" | Out-File -encoding ASCII -append $file
  423.         "127.0.0.1 a-0003.a-msedge.net" | Out-File -encoding ASCII -append $file
  424.         "127.0.0.1 a-0004.a-msedge.net" | Out-File -encoding ASCII -append $file
  425.         "127.0.0.1 a-0005.a-msedge.net" | Out-File -encoding ASCII -append $file
  426.         "127.0.0.1 a-0006.a-msedge.net" | Out-File -encoding ASCII -append $file
  427.         "127.0.0.1 a-0007.a-msedge.net" | Out-File -encoding ASCII -append $file
  428.         "127.0.0.1 a-0008.a-msedge.net" | Out-File -encoding ASCII -append $file
  429.         "127.0.0.1 a-0009.a-msedge.net" | Out-File -encoding ASCII -append $file
  430.         "127.0.0.1 msedge.net" | Out-File -encoding ASCII -append $file
  431.         "127.0.0.1 a-msedge.net" | Out-File -encoding ASCII -append $file
  432.         "127.0.0.1 statsfe2.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  433.         "127.0.0.1 sls.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  434.         "127.0.0.1 fe2.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  435.         "127.0.0.1 diagnostics.support.microsoft.com" | Out-File -encoding ASCII -append $file
  436.         "127.0.0.1 corp.sts.microsoft.com" | Out-File -encoding ASCII -append $file
  437.         "127.0.0.1 statsfe1.ws.microsoft.com" | Out-File -encoding ASCII -append $file
  438.         "127.0.0.1 pre.footprintpredict.com" | Out-File -encoding ASCII -append $file
  439.         "127.0.0.1 i1.services.social.microsoft.com" | Out-File -encoding ASCII -append $file
  440.         "127.0.0.1 i1.services.social.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  441.         "127.0.0.1 feedback.windows.com" | Out-File -encoding ASCII -append $file
  442.         "127.0.0.1 feedback.microsoft-hohm.com" | Out-File -encoding ASCII -append $file
  443.         "127.0.0.1 feedback.search.microsoft.com" | Out-File -encoding ASCII -append $file
  444.  
  445.         # Skype ad-free
  446.         "127.0.0.1 live.rads.msn.com" | Out-File -encoding ASCII -append $file
  447.         "127.0.0.1 ads1.msn.com" | Out-File -encoding ASCII -append $file
  448.         "127.0.0.1 static.2mdn.net" | Out-File -encoding ASCII -append $file
  449.         "127.0.0.1 g.msn.com" | Out-File -encoding ASCII -append $file
  450.         "127.0.0.1 a.ads2.msads.net" | Out-File -encoding ASCII -append $file
  451.         "127.0.0.1 b.ads2.msads.net" | Out-File -encoding ASCII -append $file
  452.         "127.0.0.1 ad.doubleclick.net" | Out-File -encoding ASCII -append $file
  453.         "127.0.0.1 ac3.msn.com" | Out-File -encoding ASCII -append $file
  454.         "127.0.0.1 rad.msn.com" | Out-File -encoding ASCII -append $file
  455.         "127.0.0.1 msntest.serving-sys.com" | Out-File -encoding ASCII -append $file
  456.         "127.0.0.1 bs.serving-sys.com1" | Out-File -encoding ASCII -append $file
  457.         "127.0.0.1 flex.msn.com" | Out-File -encoding ASCII -append $file
  458.         "127.0.0.1 ec.atdmt.com" | Out-File -encoding ASCII -append $file
  459.         "127.0.0.1 cdn.atdmt.com" | Out-File -encoding ASCII -append $file
  460.         "127.0.0.1 db3aqu.atdmt.com" | Out-File -encoding ASCII -append $file
  461.         "127.0.0.1 cds26.ams9.msecn.net" | Out-File -encoding ASCII -append $file
  462.         "127.0.0.1 sO.2mdn.net" | Out-File -encoding ASCII -append $file
  463.         "127.0.0.1 aka-cdn-ns.adtech.de" | Out-File -encoding ASCII -append $file
  464.         "127.0.0.1 secure.flashtalking.com" | Out-File -encoding ASCII -append $file
  465.         "127.0.0.1 adnexus.net" | Out-File -encoding ASCII -append $file
  466.         "127.0.0.1 adnxs.com" | Out-File -encoding ASCII -append $file
  467.         "127.0.0.1 *.rad.msn.com" | Out-File -encoding ASCII -append $file
  468.         "127.0.0.1 *.msads.net" | Out-File -encoding ASCII -append $file
  469.         "127.0.0.1 *.msecn.net" | Out-File -encoding ASCII -append $file
  470.  
  471.         Write-Progress -Activity "Appending entries to hosts file" -Status "Progress:" -PercentComplete 30
  472.     }
  473. }
  474. # Secure local group policy for privacy
  475. # We'll need the PolicyFileEditor module for this
  476. function Tweak-LocalPolicy($isenable)
  477. {
  478.     if ($isenable -eq $true)
  479.     {
  480.         Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 30
  481.    
  482.         $command = get-command Set-PolicyFileEntry -ErrorAction SilentlyContinue
  483.         if ($command -eq $null) # Can't use the Set command so the module likely isn't working
  484.         {
  485.             Write-Host "No PolicyFileEditor 2.0 found. Please accept the download for NuGet by pressing Y when the prompt appears in a moment:" -ForegroundColor Red
  486.             if ((Get-Command Set-PolicyFileEntry -ErrorAction SilentlyContinue) -eq $null) # Don't have the module, download it
  487.             {
  488.                 install-module PolicyFileEditor -Force -Confirm:$true
  489.                 Start-Sleep 5
  490.                 $command = get-command Set-PolicyFileEntry -ErrorAction SilentlyContinue
  491.             }
  492.         }
  493.         if ($command -ne $null) # We're good, command found so we can continue
  494.         {
  495.             Write-Progress -Activity "Securing local group policy for privacy" -Status "Progress:" -PercentComplete 35
  496.             # The reason I'm waiting 1s after each edit is to let the filesystem make necessary edits in the background, without the delay this will break local policies
  497.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DataCollection" -ValueName AllowTelemetry -Type DWord -Data 0
  498.             Start-Sleep 1
  499.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" -ValueName TurnOffSidebar -Type DWord -Data 1
  500.             Start-Sleep 1
  501.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Assistance\Client\1.0" -ValueName NoActiveHelp -Type DWord -Data 1
  502.             Start-Sleep 1
  503.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Biometrics" -ValueName Enabled -Type DWord -Data 0
  504.             Start-Sleep 1
  505.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Conferencing" -ValueName NoRDS -Type DWord -Data 1
  506.             Start-Sleep 1
  507.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\InputPersonalization" -ValueName AllowInputPersonalization -Type DWord -Data 0
  508.             Start-Sleep 1
  509.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Geolocation" -ValueName PolicyDisableGeolocation -Type DWord -Data 1
  510.             Start-Sleep 1
  511.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions" -ValueName NoUpdateCheck -Type DWord -Data 1
  512.             Start-Sleep 1
  513.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Main" -ValueName DoNotTrack -Type DWord -Data 1
  514.             Start-Sleep 1
  515.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy" -ValueName EnableInPrivateBrowsing -Type DWord -Data 0
  516.             Start-Sleep 1
  517.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\SQM" -ValueName DisableCustomerImprovementProgram -Type DWord -Data 0
  518.             Start-Sleep 1
  519.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Messenger\Client" -ValueName CEIP -Type DWord -Data 2
  520.             Start-Sleep 1
  521.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Messenger\Client" -ValueName PreventAutoRun -Type DWord -Data 1
  522.             Start-Sleep 1
  523.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main" -ValueName Cookies -Type DWord -Data 2
  524.             Start-Sleep 1
  525.             Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 40
  526.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" -ValueName DoReport -Type DWord -Data 0
  527.             Start-Sleep 1
  528.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" -ValueName ForceQueueMode -Type DWord -Data 0
  529.             Start-Sleep 1
  530.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWFileTreeRoot -Type String -Data ""
  531.             Start-Sleep 1
  532.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoExternalURL -Type DWord -Data 1
  533.             Start-Sleep 1
  534.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoFileCollection -Type DWord -Data 1
  535.             Start-Sleep 1
  536.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoSecondLevelCollection -Type DWord -Data 1
  537.             Start-Sleep 1
  538.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWReporteeName -Type String -Data ""
  539.             Start-Sleep 1
  540.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\SearchCompanion" -ValueName DisableContentFileUpdates -Type DWord -Data 1
  541.             Start-Sleep 1
  542.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\SQMClient\Windows" -ValueName CEIPEnable -Type DWord -Data 0
  543.             Start-Sleep 1
  544.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender" -ValueName DisableAntiSpyware -Type DWord -Data 1
  545.             Start-Sleep 1
  546.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -ValueName **del.SpynetReporting -Type String -Data ""
  547.             Start-Sleep 1
  548.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -ValueName SubmitSamplesConsent -Type DWord -Data 2
  549.             Start-Sleep 1
  550.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F0D0B4EB5D3C24F17D10AE531C7DCEF4A94F4A085AD0D4C88B75082573E36F857A" -ValueName Category -Type DWord -Data 1
  551.             Start-Sleep 1
  552.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F0D0B4EB5D3C24F17D10AE531C7DCEF4A94F4A085AD0D4C88B75082573E36F857A" -ValueName CategoryReadOnly -Type DWord -Data 0
  553.             Start-Sleep 1
  554.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" -ValueName NoGenTicket -Type DWord -Data 1
  555.             Start-Sleep 1
  556.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\IIS" -ValueName PreventIISInstall -Type DWord -Data 1
  557.             Start-Sleep 1
  558.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\Printers" -ValueName PhysicalLocation -Type String -Data anonymous
  559.             Start-Sleep 1
  560.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" -ValueName DisabledByGroupPolicy -Type DWord -Data 1
  561.             Start-Sleep 1
  562.             Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 45
  563.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName AITEnable -Type DWord -Data 0
  564.             Start-Sleep 1
  565.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName DisableInventory -Type DWord -Data 1
  566.             Start-Sleep 1
  567.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName DisableUAR -Type DWord -Data 1
  568.             Start-Sleep 1
  569.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -ValueName PreventDeviceMetadataFromNetwork -Type DWord -Data 1
  570.             Start-Sleep 1
  571.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" -ValueName DisableSendGenericDriverNotFoundToWER -Type DWord -Data 1
  572.             Start-Sleep 1
  573.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" -ValueName DisableSendRequestAdditionalSoftwareToWER -Type DWord -Data 1
  574.             Start-Sleep 1
  575.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Explorer" -ValueName NoUseStoreOpenWith -Type DWord -Data 1
  576.             Start-Sleep 1
  577.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName DownloadGameInfo -Type DWord -Data 0
  578.             Start-Sleep 1
  579.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName GameUpdateOptions -Type DWord -Data 0
  580.             Start-Sleep 1
  581.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName ListRecentlyPlayed -Type DWord -Data 0
  582.             Start-Sleep 1
  583.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard" -ValueName ExitOnMSICW -Type DWord -Data 1
  584.             Start-Sleep 1
  585.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" -ValueName DisableLocation -Type DWord -Data 1
  586.             Start-Sleep 1
  587.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\OneDrive" -ValueName DisableFileSyncNGSC -Type DWord -Data 1
  588.             Start-Sleep 1
  589.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PowerShell" -ValueName EnableScripts -Type DWord -Data 1
  590.             Start-Sleep 1
  591.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PowerShell" -ValueName ExecutionPolicy -Type String -Data "RemoteSigned"
  592.             Start-Sleep 1
  593.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName **del.EnableExperimentation -Type String -Data ""
  594.             Start-Sleep 1
  595.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName AllowBuildPreview -Type DWord -Data 0
  596.             Start-Sleep 1
  597.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName EnableConfigFlighting -Type DWord -Data 0
  598.             Start-Sleep 1
  599.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\System" -ValueName AsyncScriptDelay -Type DWord -Data 1
  600.             Start-Sleep 1
  601.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\System" -ValueName EnableLogonScriptDelay -Type DWord -Data 1
  602.             Start-Sleep 1
  603.             Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 50
  604.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{186f47ef-626c-4670-800a-4a30756babad}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  605.             Start-Sleep 1
  606.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  607.             Start-Sleep 1
  608.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  609.             Start-Sleep 1
  610.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  611.             Start-Sleep 1
  612.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  613.             Start-Sleep 1
  614.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  615.             Start-Sleep 1
  616.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  617.             Start-Sleep 1
  618.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  619.             Start-Sleep 1
  620.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  621.             Start-Sleep 1
  622.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  623.             Start-Sleep 1
  624.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" -ValueName EnabledScenarioExecutionLevel -Type DWord -Data 1
  625.             Start-Sleep 1
  626.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  627.             Start-Sleep 1
  628.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  629.             Start-Sleep 1
  630.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  631.             Start-Sleep 1
  632.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  633.             Start-Sleep 1
  634.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" -ValueName Disabled -Type DWord -Data 1
  635.             Start-Sleep 1
  636.             Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 55
  637.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" -ValueName DontSendAdditionalData -Type DWord -Data 1
  638.             Start-Sleep 1
  639.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowCortana -Type DWord -Data 0
  640.             Start-Sleep 1
  641.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowSearchToUseLocation -Type DWord -Data 0
  642.             Start-Sleep 1
  643.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchPrivacy -Type DWord -Data 3
  644.             Start-Sleep 1
  645.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchSafeSearch -Type DWord -Data 3
  646.             Start-Sleep 1
  647.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWeb -Type DWord -Data 0
  648.             Start-Sleep 1
  649.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWebOverMeteredConnections -Type DWord -Data 0
  650.             Start-Sleep 1
  651.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName DisableWebSearch -Type DWord -Data 1
  652.             Start-Sleep 1
  653.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName DeferUpgrade -Type DWord -Data 1
  654.             Start-Sleep 1
  655.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName DoNotConnectToWindowsUpdateInternetLocations -Type DWord -Data 1
  656.             Start-Sleep 1
  657.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName **del.AutomaticMaintenanceEnabled -Type String -Data ""
  658.             Start-Sleep 1
  659.             Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 60
  660.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName **del.DetectionFrequency -Type String -Data ""
  661.             Start-Sleep 1
  662.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName AUOptions -Type DWord -Data 2
  663.             Start-Sleep 1
  664.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName DetectionFrequencyEnabled -Type DWord -Data 0
  665.             Start-Sleep 1
  666.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName EnableFeaturedSoftware -Type DWord -Data 1
  667.             Start-Sleep 1
  668.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName NoAutoUpdate -Type DWord -Data 0
  669.             Start-Sleep 1
  670.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName ScheduledInstallDay -Type DWord -Data 0
  671.             Start-Sleep 1
  672.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName ScheduledInstallTime -Type DWord -Data 3
  673.             Start-Sleep 1
  674.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\WMDRM" -ValueName DisableOnline -Type DWord -Data 1
  675.             Start-Sleep 1
  676.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName NoInstrumentation -Type DWord -Data 1
  677.             Start-Sleep 1
  678.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Internet Explorer\Privacy" -ValueName EnableInPrivateBrowsing -Type DWord -Data 0
  679.             Start-Sleep 1
  680.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" -ValueName DisableLogging -Type DWord -Data 1
  681.             Start-Sleep 1
  682.             Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Windows\EdgeUI" -ValueName DisableMFUTracking -Type DWord -Data 1
  683.             gpupdate /force | Out-Null
  684.         }
  685.         else
  686.         {
  687.             Write-Warning "Local policies not configured, did not find the PolicyFileEditor module"
  688.         }
  689.         Write-Progress -Activity "Securing local group policy for privacy" -Status "Progress:" -PercentComplete 65
  690.     }
  691. }
  692. # Tweak registry
  693. function Tweak-Registry($isenable)
  694. {
  695.     if ($isenable -eq $true)
  696.     {
  697.         Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 65
  698.         New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  699.  
  700.         # PhotoViewer fix so it appears in your Open With... menu and is enabled as your standard viewer
  701.         New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.ico" -Force | Out-Null
  702.         New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.tiff" -Force | Out-Null
  703.         New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.bmp" -Force | Out-Null
  704.         New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.png" -Force | Out-Null
  705.         New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.gif" -Force | Out-Null
  706.         New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpeg" -Force | Out-Null
  707.         New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpg" -Force | Out-Null
  708.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.ico" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  709.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.tiff" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  710.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.bmp" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  711.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.png" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  712.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.gif" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  713.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpeg" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  714.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Classes\.jpg" -Name '(Default)' -Value "PhotoViewer.FileAssoc.Tiff" -Force | Out-Null
  715.  
  716.         # Fix DPI scaling blurry/fuzzy display at 125% (Might get reset by reboot/windows update)
  717.        
  718.         $title = "DPI Scaling"
  719.         $message = "Do you want to Fix DPI scaling blurry/fuzzy display at 125% (Might get reset by reboot/windows update) and set DPI to 125%"
  720.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  721.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  722.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  723.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  724.  
  725.         switch ($result)
  726.             {
  727.                 0 {
  728.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "DpiScalingVer" -Value "0x00001018" -PropertyType DWORD -Force | Out-Null
  729.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "Win8DpiScaling" -Value "0x00000001" -PropertyType DWORD -Force | Out-Null
  730.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "LogPixels" -Value "0x00000078" -PropertyType DWORD -Force | Out-Null
  731.                 }
  732.                 1 {}
  733.             }  
  734.        
  735.         $title = "DPI Adjust to 125%"
  736.         $message = "Do you want to set DPI to 125%"
  737.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  738.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  739.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  740.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  741.  
  742.         switch ($result)
  743.             {
  744.                 0 {
  745.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Control Panel\Desktop" -Name "LogPixels" -Value "0x00000078" -PropertyType DWORD -Force | Out-Null
  746.                 }
  747.                 1 {}
  748.             }          
  749.        
  750.         # Add a 'Take Owner' option in your right-click menu (Powershell has problems with '*', using reg.exe)
  751.        
  752.         $title = "TakeOwnership"
  753.         $message = "Do you want to Add a 'Take Ownership' option in your right-click menu? "
  754.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  755.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  756.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  757.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  758.  
  759.         switch ($result)
  760.             {
  761.                 0 {
  762.                     echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas" /ve /t REG_SZ /d "Take Ownership" /f | Out-Null
  763.                     echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas" /v NoWorkingDirectory /t REG_SZ /d "" /f | Out-Null
  764.                     echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas\command" /ve /t REG_SZ /d "cmd.exe /c takeown /f \`"%1\`" && icacls \`"%1\`" /grant administrators:F" /f | Out-Null
  765.                     echo Y | reg add "HKEY_CLASSES_ROOT\*\shell\runas\command" /v IsolatedCommand /t REG_SZ /d "cmd.exe /c takeown /f \`"%1\`" && icacls \`"%1\`" /grant administrators:F" /f | Out-Null
  766.    
  767.                     New-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" | Out-Null
  768.                     New-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" | Out-Null
  769.                     New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" -Name '(Default)' -Value "Take Ownership" | Out-Null
  770.                     New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas" -Name NoWorkingDirectory -Value "" | Out-Null
  771.                     New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" -Name '(Default)' -Value "cmd.exe /c takeown /f `"%1`" /r /d y && icacls `"%1`" /grant administrators:F /t" | Out-Null
  772.                     New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCR:\Directory\shell\runas\command" -Name IsolatedCommand -Value "cmd.exe /c takeown /f `"%1`" /r /d y && icacls `"%1`" /grant administrators:F /t" | Out-Null
  773.                 }
  774.                 1 {}
  775.             }  
  776.        
  777.         # Remove OneDrive completely
  778.        
  779.         $title = "Remove OneDrive"
  780.         $message = "Do you want to Remove OneDrive and remove it from the Explorer pane "
  781.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  782.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  783.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  784.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  785.  
  786.         switch ($result)
  787.             {
  788.                 0 {
  789.                
  790.                         # Let's find out if it's already removed first!
  791.                         $OneDriveEnabled = $false
  792.                         if ((Get-Process *OneDrive*) -ne $null) # Checking if the process exists
  793.                         {
  794.                             # Process exists, therefore you must have OneDrive installed, unless you messed up big time
  795.                             $OneDriveEnabled = $true
  796.                         }
  797.                         if ($OneDriveEnabled -eq $true)
  798.                         {
  799.                             $OneDrivex86 = "$env:SystemRoot\System32\OneDriveSetup.exe"
  800.                             $OneDrivex64 = "$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
  801.  
  802.                             Get-Process *OneDrive* | Stop-Process -Force | Out-Null
  803.                             Start-Sleep 3
  804.        
  805.                             if (Test-Path $OneDrivex86)
  806.                             {
  807.                                 & $OneDrivex86 "/uninstall" | Out-Null
  808.                                 Start-Sleep 15 # Uninstallation needs time to let go off the files
  809.                             }
  810.  
  811.                             if (Test-Path $OneDrivex64)
  812.                             {
  813.                                 & $OneDrivex64 "/uninstall" | Out-Null
  814.                                 Start-Sleep 20 # Uninstallation needs time to let go off the files
  815.                             }
  816.    
  817.                             # Explorer.exe gets in our way by locking the files for some reason
  818.        
  819.                             taskkill /F /IM explorer.exe | Out-Null
  820.  
  821.                             if (Test-Path "$env:USERPROFILE\OneDrive") { rd "$env:USERPROFILE\OneDrive" -Recurse -Force | Out-Null }
  822.                             if (Test-Path "C:\OneDriveTemp") { rd "C:\OneDriveTemp" -Recurse -Force | Out-Null }
  823.                             if (Test-Path "$env:LOCALAPPDATA\Microsoft\OneDrive")
  824.                             {
  825.                                 cmd.exe "/c takeown /f `"$env:LOCALAPPDATA\Microsoft\OneDrive`" /r /d y && icacls `"$env:LOCALAPPDATA\Microsoft\OneDrive`" /grant administrators:F /t" | Out-Null
  826.                                 Start-Sleep 1
  827.                                 rd "$env:LOCALAPPDATA\Microsoft\OneDrive" -Recurse -Force | Out-Null
  828.                             }
  829.                             if (Test-Path "$env:PROGRAMDATA\Microsoft OneDrive") { rd "$env:PROGRAMDATA\Microsoft OneDrive" -Recurse -Force | Out-Null }
  830.        
  831.                             if (Test-Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}")
  832.                             {
  833.                                 TakeOwnership-RegKey "ClassesRoot" "CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" | Out-Null
  834.                                 Remove-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse | Out-Null
  835.                             }
  836.                             if (Test-Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}")
  837.                             {
  838.                                 TakeOwnership-RegKey "ClassesRoot" "Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" | Out-Null
  839.                                 Remove-Item -ErrorAction SilentlyContinue -Force -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse | Out-Null
  840.                             }
  841.                             Start-Sleep 1
  842.                             Start-Process explorer.exe
  843.                         }
  844.                
  845.                
  846.                 }
  847.                 1 {}
  848.             }  
  849.        
  850.         Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 75
  851.     }
  852. }
  853. # Customization
  854. function Customize-Windows($isenable)
  855. {
  856.     if ($isenable -eq $true)
  857.     {
  858.         New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT -ErrorAction SilentlyContinue | Out-Null
  859.  
  860.         Write-Progress -Activity "Tweaking registry for customization" -Status "Progress:" -PercentComplete 75
  861.  
  862.         # Allows Powershell Invoke-WebRequest to be usable again, without generating a Security Dialog (for developers)
  863.        
  864.         $title = "Powershell"
  865.         $message = "Do you want to Allow Powershell Invoke-WebRequest to be usable again, without generating a Security Dialog (for developers) "
  866.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  867.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  868.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  869.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  870.  
  871.         switch ($result)
  872.             {
  873.                 0 {
  874.                     New-ItemProperty -ErrorAction SilentlyContinue -Force -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" -Name 1A10 -Value 0 | Out-Null
  875.                 }
  876.                 1 {}
  877.             }  
  878.  
  879.         # Use the Windows 7-8.1 Style Volume Mixer
  880.        
  881.         $title = "enable photo viewer"
  882.         $message = "Do you want to enable photo viewer? "
  883.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  884.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  885.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  886.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  887.  
  888.         switch ($result)
  889.             {
  890.                 0 {
  891.                     If (-Not (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC"))
  892.                     {
  893.                         New-Item -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name MTCUVC | Out-Null
  894.                         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC" -Name EnableMtcUvc -Type DWord -Value 0 | Out-Null
  895.                     }              
  896.                 }
  897.                 1 {}
  898.             }  
  899.        
  900.         # Remove tablet lock screen (No need for in LTSB)
  901.        
  902.         $title = "Remove tablet lock screen (No need for in LTSB)r"
  903.         $message = "Do you want to Remove tablet lock screen? "
  904.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  905.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  906.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  907.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  908.  
  909.         switch ($result)
  910.             {
  911.                 0 {
  912.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Policies\Microsoft\Windows\Personalization" -Name NoLockScreen -Value 1 -PropertyType DWORD -Force | Out-Null
  913.                 }
  914.                 1 {}
  915.             }  
  916.  
  917.         # Remove Action Center from the right
  918.        
  919.         $title = "Remove Action Center"
  920.         $message = "Do you want to Remove Action Center from the right notification area? "
  921.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  922.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  923.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  924.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  925.  
  926.         switch ($result)
  927.             {
  928.                 0 {
  929.                     New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Force | Out-Null
  930.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name DisableNotificationCenter -PropertyType DWORD -Value 1 -Force | Out-Null
  931.                 }
  932.                 1 {}
  933.             }  
  934.        
  935.         # Disable Hibernation
  936.        
  937.         $title = "Disable Hibernation"
  938.         $message = "Do you want to Disable Hibernation? "
  939.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  940.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  941.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  942.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  943.  
  944.         switch ($result)
  945.             {
  946.                 0 {
  947.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name "HiberbootEnabled" -PropertyType DWORD -Value 0 -Force | Out-Null
  948.                 }
  949.                 1 {}
  950.             }  
  951.        
  952.         # Removes 'Network' from left pane in explorer (requires ownership of the key)
  953.        
  954.         $title = "Remove 'Network' from left pane in explorer"
  955.         $message = "Do you want to remove 'Network' from left pane in explorer? "
  956.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  957.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  958.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  959.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  960.  
  961.         switch ($result)
  962.             {
  963.                 0 {
  964.                     TakeOwnership-RegKey "ClassesRoot" "CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" | Out-Null
  965.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCR:\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 0xb0940064 -Force | Out-Null
  966.                 }
  967.                 1 {}
  968.             }  
  969.        
  970.         # Disable New Windows Update UI and Enable Previous UI (requires ownership of the key)
  971.        
  972.         $title = "Windows Update UI"
  973.         $message = "Do you want to  Disable New Windows Update UI and Enable Previous UI? "
  974.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  975.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  976.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  977.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  978.  
  979.         switch ($result)
  980.             {
  981.                 0 {
  982.                     TakeOwnership-RegKey "LocalMachine" "Software\Microsoft\WindowsUpdate\UX" | Out-Null
  983.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX" -Name IsConvergedUpdateStackEnabled -PropertyType DWORD -Value 0 -Force | Out-Null
  984.                 }
  985.                 1 {}
  986.             }  
  987.            
  988.         # Set explorer to open to "This PC"
  989.        
  990.         $title = "Set explorer to open to 'This PC' "
  991.         $message = "Do you want to set explorer to open to 'This PC instead of Quick Access? "
  992.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  993.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  994.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  995.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  996.  
  997.         switch ($result)
  998.             {
  999.                 0 {
  1000.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name LaunchTo -PropertyType DWORD -Value 1 -Force | Out-Null
  1001.                 }
  1002.                 1 {}
  1003.             }  
  1004.        
  1005.         # Hide 'Search' bar (needs reboot or explorer.exe restart)
  1006.        
  1007.         $title = "hide 'Search' Bar"
  1008.         $message = "Do you want hide 'Search' bar (will cause explorer.exe to restart)? "
  1009.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1010.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1011.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1012.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1013.  
  1014.         switch ($result)
  1015.             {
  1016.                 0 {
  1017.                     taskkill /F /IM explorer.exe | Out-Null
  1018.                     Start-Sleep 1
  1019.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\" -Name SearchboxTaskbarMode -PropertyType DWORD -Value 0 -Force | Out-Null
  1020.                     Start-Sleep 1
  1021.                     Start-Process explorer.exe
  1022.                 }
  1023.                 1 {}
  1024.             }  
  1025.        
  1026.    
  1027.         # Set UAC not to dim screen, but still display a warning (requires reboot)
  1028.        
  1029.         $title = "UAC"
  1030.         $message = "Do you want to set UAC not to dim screen, but still display a warning (requires reboot)? "
  1031.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1032.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1033.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1034.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1035.  
  1036.         switch ($result)
  1037.             {
  1038.                 0 {
  1039.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name ConsentPromptBehaviorAdmin -PropertyType DWord -Value 5 -Force | Out-Null
  1040.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name EnableLUA -PropertyType DWord -Value 1 -Force | Out-Null
  1041.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name PromptOnSecureDesktop -PropertyType DWord -Value 0 -Force | Out-Null
  1042.                 }
  1043.                 1 {}
  1044.             }  
  1045.  
  1046.         # This disables UAC, only use it if you're a l33t h4x0r
  1047.        
  1048.         $title = "Disable UAC"
  1049.         $message = "Do you want to disable UAC, only use it if you're a l33t h4x0r? "
  1050.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1051.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1052.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1053.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1054.  
  1055.         switch ($result)
  1056.             {
  1057.                 0 {
  1058.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name EnableLUA -PropertyType DWord -Value 0 -Force | Out-Null
  1059.                 }
  1060.                 1 {}
  1061.             }  
  1062.        
  1063.         # Show file extensions (you should have this on anyways)
  1064.        
  1065.         New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name HideFileExt -PropertyType DWORD -Value 0 -Force | Out-Null
  1066.  
  1067.         # Remove 'Customize this folder' from context menu
  1068.        
  1069.         $title = "Remove 'Customize this folder' from context menu"
  1070.         $message = "Do you want to remove 'Customize this folder' from context menu? "
  1071.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1072.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1073.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1074.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1075.  
  1076.         switch ($result)
  1077.             {
  1078.                 0 {
  1079.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name NoCustomizeThisFolder -Value 1 -PropertyType DWORD -Force | Out-Null
  1080.                     New-Item -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Force | Out-Null             
  1081.                 }
  1082.                 1 {}
  1083.             }  
  1084.            
  1085.         # Remove 'Restore to previous versions' from context menu (might be superflous, just in case)
  1086.        
  1087.         $title = "Removes 'Restore to previous versions' from context menu"
  1088.         $message = "Do you want to remove 'Restore to previous versions' from context menu (might be superflous, just in case)? "
  1089.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1090.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1091.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1092.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1093.  
  1094.         switch ($result)
  1095.             {
  1096.                 0 {
  1097.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  1098.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  1099.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  1100.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  1101.                 }
  1102.                 1 {}
  1103.             }  
  1104.        
  1105.         # Remove 'Share with' from context menu (First 9 might be superflous, just in case)
  1106.        
  1107.         $title = "Remove 'Share with' from context menu "
  1108.         $message = "Do you want to remove 'Share with' from context menu ? "
  1109.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1110.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1111.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1112.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1113.  
  1114.         switch ($result)
  1115.             {
  1116.                 0 {
  1117.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\Background\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1118.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1119.                     reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /f | Out-Null
  1120.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\CopyHookHandlers\Sharing" -Force -Recurse | Out-Null
  1121.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Directory\shellex\PropertySheetHandlers\Sharing" -Force -Recurse | Out-Null
  1122.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1123.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\Drive\shellex\PropertySheetHandlers\Sharing" -Force -Recurse | Out-Null
  1124.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1125.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  1126.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name SharingWizardOn -PropertyType DWORD -Value 0 -Force | Out-Null
  1127.                 }
  1128.                 1 {}
  1129.             }  
  1130.        
  1131.         # Remove Homegroup from left explorer pane (requires ownership of the keys)
  1132.        
  1133.         $title = "Remove Homegroup from left explorer pane"
  1134.         $message = "Do you want to remove 'Homegroup' from left explorer pane? "
  1135.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1136.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1137.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1138.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1139.  
  1140.         switch ($result)
  1141.             {
  1142.                 0 {
  1143.                     TakeOwnership-RegKey "ClassesRoot" "CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" | Out-Null
  1144.                     TakeOwnership-RegKey "ClassesRoot" "Wow6432Node\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" | Out-Null
  1145.                     New-ItemProperty -ErrorAction SilentlyContinue "HKCR:\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 2962489612 -Force | Out-Null # hex: b094010c
  1146.                     New-ItemProperty -ErrorAction SilentlyContinue "HKCR:\Wow6432Node\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 2962489612 -Force | Out-Null # hex: b094010c
  1147.                 }
  1148.                 1 {}
  1149.             }  
  1150.  
  1151.         # Remove 'Include in library' from context menu (might be superflous, just in case)
  1152.        
  1153.         $title = "Remove 'Include in library' from context menu"
  1154.         $message = "Do you want to remove 'Include in library' from context menu? "
  1155.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1156.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1157.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1158.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1159.  
  1160.         switch ($result)
  1161.             {
  1162.                 0 {
  1163.                     Remove-Item -ErrorAction SilentlyContinue "HKCR:\Folder\ShellEx\ContextMenuHandlers\Library Location" -Force -Recurse | Out-Null
  1164.                     Remove-Item -ErrorAction SilentlyContinue "HKLM:\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Library Location" -Force -Recurse | Out-Null
  1165.                 }
  1166.                 1 {}
  1167.             }  
  1168.        
  1169.         # Remove 'Send to' from context menu (might be superflous, just in case)
  1170.        
  1171.         $title = "Remove 'Send to' from context menu"
  1172.         $message = "Do you want to remove 'Send to' from context menu? "
  1173.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1174.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1175.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1176.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1177.  
  1178.         switch ($result)
  1179.             {
  1180.                 0 {
  1181.                     Remove-Item -ErrorAction SilentlyContinue -Path "HKCR:\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo" -Force -Recurse | Out-Null
  1182.                 }
  1183.                 1 {}
  1184.             }  
  1185.        
  1186.         # Disable Cortana, Bing Search and Searchbar
  1187.        
  1188.         $title = "Disable Cortana, Bing Search and Searchbar"
  1189.         $message = "Do you want to disable Cortana, Bing Search and Searchbar? "
  1190.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1191.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1192.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1193.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1194.  
  1195.         switch ($result)
  1196.             {
  1197.                 0 {
  1198.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name AllowCortana -PropertyType DWORD -Value 0 -Force | Out-Null
  1199.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Microsoft\Windows\Windows Search" -Name CortanaEnabled -PropertyType DWORD -Value 0 -Force | Out-Null
  1200.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Microsoft\Windows\Windows Search" -Name SearchboxTaskbarMode -PropertyType DWORD -Value 0 -Force | Out-Null
  1201.                     New-ItemProperty -ErrorAction SilentlyContinue -Path "HKLM:SOFTWARE\Microsoft\Windows\Windows Search" -Name BingSearchEnabled -PropertyType DWORD -Value 0 -Force | Out-Null
  1202.                 }
  1203.                 1 {}
  1204.             }  
  1205.            
  1206.         Write-Progress -Activity "Tweaking registry for customization" -Status "Progress:" -PercentComplete 85
  1207.     }
  1208. }
  1209. # Remove features
  1210. function Remove-Features($isenable)
  1211. {
  1212.     if ($isenable -eq $true)
  1213.     {
  1214.         Write-Progress -Activity "Removing features" -Status "Progress:" -PercentComplete 85
  1215.    
  1216.         # XPS Viewer
  1217.         Dism /online /Disable-Feature /FeatureName:Xps-Foundation-Xps-Viewer /quiet /norestart
  1218.         # XPS Services
  1219.         Dism /online /Disable-Feature /FeatureName:Printing-XPSServices-Features /quiet /norestart
  1220.         # Internet Explorer
  1221.         Dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64 /quiet /norestart
  1222.         # Work Folders
  1223.         Dism /online /Disable-Feature /FeatureName:WorkFolders-Client /quiet /norestart
  1224.         # Enabling .NET 3.5 framework because a lot of programs still use it
  1225.         Dism /online /Enable-Feature /FeatureName:NetFx3 /quiet /norestart
  1226.  
  1227.         Write-Progress -Activity "Removing/enabling features" -Status "Progress:" -PercentComplete 95
  1228.     }
  1229. }
  1230. #Remove Metro Apps
  1231. function Tweak-MetroApps($isenable)
  1232. {
  1233.     if ($isenable -eq $true)
  1234.     {
  1235.         Write-Progress -Activity "Removing/enabling features" -Status "Progress:" -PercentComplete 95
  1236.         #remove all listed apps
  1237.        
  1238.         $Apps =
  1239.         "Microsoft.BingFinance"
  1240.         "Microsoft.BingWeather"
  1241.         "Microsoft.BingNews"
  1242.         "Microsoft.BingSports"
  1243.         "Microsoft.3DBuilder"
  1244.         "Microsoft.ZuneVideo"
  1245.         "Microsoft.ZuneMusic"
  1246.         "Microsoft.Windows.Photos"
  1247.         "microsoft.windowscommunicationsapps"
  1248.         "Microsoft.MicrosoftSolitaireCollection"
  1249.         "Microsoft.WindowsPhone"
  1250.         "Microsoft.WindowsSoundRecorder"
  1251.         "Microsoft.WindowsCamera"
  1252.         "Microsoft.People"
  1253.         "Microsoft.Office.OneNote"
  1254.         "Microsoft.MicrosoftOfficeHub"
  1255.         "Microsoft.XboxApp"
  1256.         "Microsoft.SkypeApp"
  1257.         "Microsoft.Getstarted"
  1258.         "Microsoft.WindowsAlarms"
  1259.         "Microsoft.WindowsMaps"
  1260.  
  1261.        
  1262.         write-host $apps
  1263.  
  1264.         $title = "Remove all listed apps"
  1265.         $message = "Do you want to Remove all listed apps? "
  1266.         $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes"
  1267.         $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No"
  1268.         $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  1269.         $result = $host.ui.PromptForChoice($title, $message, $options, 1)
  1270.  
  1271.         switch ($result)
  1272.             {
  1273.                 0 {
  1274.                         $Apps =@(
  1275.                         Get-AppxPackage -name Microsoft.BingFinance
  1276.                         Get-AppxPackage -name Microsoft.BingWeather
  1277.                         Get-AppxPackage -name Microsoft.BingNews
  1278.                         Get-AppxPackage -name Microsoft.BingSports
  1279.                         Get-AppxPackage -name Microsoft.3DBuilder
  1280.                         Get-AppxPackage -name Microsoft.ZuneVideo
  1281.                         Get-AppxPackage -name Microsoft.ZuneMusic
  1282.                         Get-AppxPackage -name Microsoft.Windows.Photos
  1283.                         Get-AppxPackage -name microsoft.windowscommunicationsapps
  1284.                         Get-AppxPackage -name Microsoft.MicrosoftSolitaireCollection
  1285.                         Get-AppxPackage -name Microsoft.WindowsPhone
  1286.                         Get-AppxPackage -name Microsoft.WindowsSoundRecorder
  1287.                         Get-AppxPackage -name Microsoft.WindowsCamera
  1288.                         Get-AppxPackage -name Microsoft.People
  1289.                         Get-AppxPackage -name Microsoft.Office.OneNote
  1290.                         Get-AppxPackage -name Microsoft.MicrosoftOfficeHub
  1291.                         Get-AppxPackage -name Microsoft.XboxApp
  1292.                         Get-AppxPackage -name Microsoft.SkypeApp
  1293.                         Get-AppxPackage -name Microsoft.Getstarted
  1294.                         Get-AppxPackage -name Microsoft.WindowsAlarms
  1295.                         Get-AppxPackage -name Microsoft.WindowsMaps
  1296.                         )
  1297.                         ForEach ($app in $apps)
  1298.                         {
  1299.                             Remove-AppxPackage $app
  1300.                         }
  1301.                 }
  1302.                 1 {}
  1303.             }  
  1304.     Write-Progress -Activity "Removing/enabling features" -Status "Progress:" -PercentComplete 100
  1305.     }
  1306. }
  1307.  
  1308.  
  1309.  
  1310. # ======================================================================================================= Main Code
  1311. Write-Host "YOUR COMPUTER IS BEING HACKED. HOLD ON." -ForegroundColor Green
  1312.  
  1313. Disable-ScheduledTasks $schdtasks
  1314. Disable-Services $services
  1315. Tweak-Settings $settings
  1316. Edit-Hosts $hosts
  1317. Tweak-LocalPolicy $localpolicy
  1318. Tweak-Registry $registry
  1319. Customize-Windows $customize
  1320. Remove-Features $features
  1321. Tweak-MetroApps $MetroApps
  1322.  
  1323. Write-Host "FINISHED. CHECK SYSTEM32 AND CHANGE YOUR SOCIAL SECURITY NUMBER." -ForegroundColor Green
  1324. Read-Host  "Debloat complete. Please restart your system to make sure everything works properly."
Add Comment
Please, Sign In to add comment