API tools faq
paste
Guest User

Windows 10 Debloat v1.0

a guest
Aug 4th, 2015
3,573
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 46.74 KB | None | 0 0
raw download clone embed print report
  1. <# ||||| Windows 10 Enterprise N LTSB ~debloat~ V1.0 ||||| #>
  2. <# Prerequisites:
  3. - Clean Windows installation
  4.  
  5. - Internet connection
  6.  
  7. - Execute this from an elevated Powershell Console
  8. - You have to manually allow scripts to run (one time only) so execute this command:
  9. Set-ExecutionPolicy RemoteSigned
  10.  
  11. - This is important, you have to wait for the OneDrive installation after your first Windows login
  12. - it might take 5 minutes to pop up but you have to wait for it to install completely so we can nuke it
  13. #>
  14. $settings = $true # Set to false to disable editing settings
  15. $hosts = $true # Set to false to disable editing hosts file
  16. $localpolicy = $true # Set to false to disable editing local policy
  17. $registry = $true # Set to false to disable editing registry
  18. $features = $true # Set to false to disable removing features
  19. $services = $true # Set to false to disable removing services
  20. $schdtasks = $true # Set to false to disable OOTB scheduled tasks
  21.  
  22. # Disable scheduled tasks
  23. if ($schdtasks -eq $true)
  24. {
  25. Write-Progress -Activity "Disabling scheduled tasks" -Status "Progress:" -PercentComplete 0
  26. schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /Disable | out-null
  27. schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable | out-null
  28. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable | out-null
  29. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable | out-null
  30. schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /Disable | out-null
  31. schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable | out-null
  32. schtasks /Change /TN "Microsoft\Windows\NetTrace\GatherNetworkInfo" /Disable | out-null
  33. schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable | out-null
  34. Write-Progress -Activity "Disabling scheduled tasks" -Status "Progress:" -PercentComplete 4
  35. }
  36. # Disable services
  37. if ($services -eq $true)
  38. {
  39. Write-Progress -Activity "Disabling services" -Status "Progress:" -PercentComplete 4
  40. # Disable DiagTrack
  41. cmd /c sc config DiagTrack start= disabled | out-null
  42. cmd /c sc config dmwappushservice start= disabled | out-null
  43. cmd /c sc config diagnosticshub.standardcollector.service start= disabled | out-null
  44. cmd /c sc config TrkWks start= disabled | out-null
  45. cmd /c sc config HomeGroupProvider start= disabled | out-null
  46. cmd /c sc config WMPNetworkSvc start= disabled | out-null # Shouldn't exist but just making sure ...
  47. # Making sure the DiagTrack log is empty (tinfoil)
  48. Set-Content C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl -Value "" -Force
  49. Write-Progress -Activity "Disabling services" -Status "Progress:" -PercentComplete 7
  50. }
  51. # Tweak settings app
  52. if ($settings -eq $true)
  53. {
  54. Write-Progress -Activity "Backing up registry" -Status "Progress:" -PercentComplete 10 # Let's be save
  55. if (!(test-path -PathType Leaf C:\registry-backup-hklm.reg)) { reg export HKLM C:\registry-backup-hklm.reg | Out-Null }
  56. if (!(test-path -PathType Leaf C:\registry-backup-hkcu.reg)) { reg export HKCU C:\registry-backup-hkcu.reg | Out-Null }
  57. if (!(test-path -PathType Leaf C:\registry-backup-hkcr.reg)) { reg export HKCR C:\registry-backup-hkcr.reg | Out-Null }
  58.  
  59. Write-Progress -Activity "Tweaking settings app" -Status "Progress:" -PercentComplete 12
  60. # Privacy -> General -> let websites provide locally relevant content by accessing my language list
  61. if ((Get-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Internet Explorer\International\" -Name AcceptLanguage -ErrorAction SilentlyContinue) -ne $null) { Remove-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Internet Explorer\International" -Name "AcceptLanguage" -Force }
  62. Set-ItemProperty -Path "HKCU:Control Panel\International\User Profile" -Name HttpAcceptLanguageOptOut -Value 1 | Out-Null
  63. # Privacy -> General -> turn on smartscreen filter to check web content that windows store apps use
  64. Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost\" -Name EnableWebContentEvaluation -Value 0 -Force | Out-Null
  65. # Privacy -> Camera -> let apps use my camera
  66. Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}" -Name Value -Value "Deny" | Out-Null
  67. # Privacy -> Microphone -> let apps use my microphone
  68. Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}\" -Name Value -Value "Deny" | Out-Null
  69. # Privacy -> Account info -> let apps access my name, picture and other account info
  70. Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}\" -Name Value -Value "Deny" | Out-Null
  71. # Privacy -> Calendar -> let apps access my calendar
  72. Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}\" -Name Value -Value "Deny" | Out-Null
  73. # Privacy -> Messaging -> let apps read or send sms and text messages
  74. Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}\" -Name Value -Value "Deny" | Out-Null
  75. # Privacy -> Radio -> let apps control radios
  76. Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}\" -Name Value -Value "Deny" | Out-Null
  77. # Privacy -> Other devices -> sync with devices
  78. Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled\" -Name Value -Value "Deny" | Out-Null
  79. # Privacy -> Feedback & Diagnostics -> feedback frequency
  80. New-Item -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null
  81. Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name NumberOfSIUFInPeriod -Value 0 -Force | Out-Null
  82. if ((Get-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name PeriodInNanoSeconds -ErrorAction SilentlyContinue) -ne $null) { Remove-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Siuf\Rules" -Name PeriodInNanoSeconds }
  83. # Ease of Access -> Other options -> Visual options -> play animations
  84. Set-ItemProperty -Path "HKCU:Control Panel\Desktop\WindowMetrics" -Name MinAnimate -Value 0 | Out-Null
  85. Write-Progress -Activity "Tweaking settings app" -Status "Progress:" -PercentComplete 15
  86. }
  87. # Append hosts file entries
  88. if ($hosts -eq $true)
  89. {
  90. Write-Progress -Activity "Appending entries to hosts file" -Status "Progress:" -PercentComplete 15
  91. $file = "C:\Windows\System32\drivers\etc\hosts"
  92.  
  93. "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  94. "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  95. "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  96. "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  97. "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  98. "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  99. "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  100. "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  101. "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  102. "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  103. "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  104. "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  105. "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  106. "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  107. "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  108. "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  109. "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  110. "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  111. "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  112. "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  113. "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  114. "127.0.0.1 telemetry.appex.bing.net:443" | Out-File -encoding ASCII -append $file
  115. "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  116. "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  117. "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  118. "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  119. "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  120. "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  121. "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  122. "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  123. "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  124. "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  125. "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  126. "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  127. "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  128. "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  129. "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  130. "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  131. "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  132. "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  133. "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  134. "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  135. "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  136. "127.0.0.1 watson.microsoft.com" | Out-File -encoding ASCII -append $file
  137. "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  138. "127.0.0.1 wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  139. "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  140. "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  141. "127.0.0.1 survey.watson.microsoft.com" | Out-File -encoding ASCII -append $file
  142. "127.0.0.1 watson.live.com" | Out-File -encoding ASCII -append $file
  143. "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  144. "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  145. "127.0.0.1 vortex.data.microsoft.com" | Out-File -encoding ASCII -append $file
  146. "127.0.0.1 vortex-win.data.microsoft.com" | Out-File -encoding ASCII -append $file
  147. "127.0.0.1 telecommand.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  148. "127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  149. "127.0.0.1 oca.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  150. "127.0.0.1 oca.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  151. "127.0.0.1 sqm.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  152. "127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  153. "127.0.0.1 watson.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  154. "127.0.0.1 watson.telemetry.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  155. "127.0.0.1 redir.metaservices.microsoft.com" | Out-File -encoding ASCII -append $file
  156. "127.0.0.1 choice.microsoft.com" | Out-File -encoding ASCII -append $file
  157. "127.0.0.1 choice.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  158. "127.0.0.1 df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  159. "127.0.0.1 reports.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  160. "127.0.0.1 wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  161. "127.0.0.1 services.wes.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  162. "127.0.0.1 sqm.df.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  163. "127.0.0.1 telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  164. "127.0.0.1 watson.ppe.telemetry.microsoft.com" | Out-File -encoding ASCII -append $file
  165. "127.0.0.1 telemetry.appex.bing.net" | Out-File -encoding ASCII -append $file
  166. "127.0.0.1 telemetry.urs.microsoft.com" | Out-File -encoding ASCII -append $file
  167. "127.0.0.1 telemetry.appex.bing.net:443" | Out-File -encoding ASCII -append $file
  168. "127.0.0.1 settings-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  169. "127.0.0.1 vortex-sandbox.data.microsoft.com" | Out-File -encoding ASCII -append $file
  170. "127.0.0.1 survey.watson.microsoft.com" | Out-File -encoding ASCII -append $file
  171. "127.0.0.1 watson.live.com" | Out-File -encoding ASCII -append $file
  172. "127.0.0.1 watson.microsoft.com" | Out-File -encoding ASCII -append $file
  173. "127.0.0.1 statsfe2.ws.microsoft.com" | Out-File -encoding ASCII -append $file
  174. "127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com" | Out-File -encoding ASCII -append $file
  175. "127.0.0.1 compatexchange.cloudapp.net" | Out-File -encoding ASCII -append $file
  176. "127.0.0.1 cs1.wpc.v0cdn.net" | Out-File -encoding ASCII -append $file
  177. "127.0.0.1 a-0001.a-msedge.net" | Out-File -encoding ASCII -append $file
  178. "127.0.0.1 a-0002.a-msedge.net" | Out-File -encoding ASCII -append $file
  179. "127.0.0.1 a-0003.a-msedge.net" | Out-File -encoding ASCII -append $file
  180. "127.0.0.1 a-0004.a-msedge.net" | Out-File -encoding ASCII -append $file
  181. "127.0.0.1 a-0005.a-msedge.net" | Out-File -encoding ASCII -append $file
  182. "127.0.0.1 a-0006.a-msedge.net" | Out-File -encoding ASCII -append $file
  183. "127.0.0.1 a-0007.a-msedge.net" | Out-File -encoding ASCII -append $file
  184. "127.0.0.1 a-0008.a-msedge.net" | Out-File -encoding ASCII -append $file
  185. "127.0.0.1 a-0009.a-msedge.net" | Out-File -encoding ASCII -append $file
  186. "127.0.0.1 msedge.net" | Out-File -encoding ASCII -append $file
  187. "127.0.0.1 a-msedge.net" | Out-File -encoding ASCII -append $file
  188. "127.0.0.1 statsfe2.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  189. "127.0.0.1 sls.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  190. "127.0.0.1 fe2.update.microsoft.com.akadns.net" | Out-File -encoding ASCII -append $file
  191. "127.0.0.1 diagnostics.support.microsoft.com" | Out-File -encoding ASCII -append $file
  192. "127.0.0.1 corp.sts.microsoft.com" | Out-File -encoding ASCII -append $file
  193. "127.0.0.1 statsfe1.ws.microsoft.com" | Out-File -encoding ASCII -append $file
  194. "127.0.0.1 pre.footprintpredict.com" | Out-File -encoding ASCII -append $file
  195. "127.0.0.1 i1.services.social.microsoft.com" | Out-File -encoding ASCII -append $file
  196. "127.0.0.1 i1.services.social.microsoft.com.nsatc.net" | Out-File -encoding ASCII -append $file
  197. "127.0.0.1 feedback.windows.com" | Out-File -encoding ASCII -append $file
  198. "127.0.0.1 feedback.microsoft-hohm.com" | Out-File -encoding ASCII -append $file
  199. "127.0.0.1 feedback.search.microsoft.com" | Out-File -encoding ASCII -append $file
  200.  
  201. Write-Progress -Activity "Appending entries to hosts file" -Status "Progress:" -PercentComplete 30
  202. }
  203. # Secure local group policy for privacy
  204. # We'll need the PolicyFileEditor module for this
  205. if ($localpolicy -eq $true)
  206. {
  207. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 30
  208. Write-Host "Please accept the download for NuGet by pressing Y when the prompt appears in a moment:" -ForegroundColor Red
  209. if ((Get-Command Set-PolicyFileEntry -ErrorAction SilentlyContinue) -eq $null) # Don't have the module, download it
  210. {
  211. install-module PolicyFileEditor -Force -Confirm:$true
  212. Start-Sleep 5
  213. }
  214. Write-Progress -Activity "Securing local group policy for privacy" -Status "Progress:" -PercentComplete 35
  215. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DataCollection" -ValueName AllowTelemetry -Type DWord -Data 0
  216. Start-Sleep 1
  217. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" -ValueName TurnOffSidebar -Type DWord -Data 1
  218. Start-Sleep 1
  219. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Assistance\Client\1.0" -ValueName NoActiveHelp -Type DWord -Data 1
  220. Start-Sleep 1
  221. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Biometrics" -ValueName Enabled -Type DWord -Data 0
  222. Start-Sleep 1
  223. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Conferencing" -ValueName NoRDS -Type DWord -Data 1
  224. Start-Sleep 1
  225. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\InputPersonalization" -ValueName AllowInputPersonalization -Type DWord -Data 0
  226. Start-Sleep 1
  227. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Geolocation" -ValueName PolicyDisableGeolocation -Type DWord -Data 1
  228. Start-Sleep 1
  229. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions" -ValueName NoUpdateCheck -Type DWord -Data 1
  230. Start-Sleep 1
  231. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Main" -ValueName DoNotTrack -Type DWord -Data 1
  232. Start-Sleep 1
  233. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy" -ValueName EnableInPrivateBrowsing -Type DWord -Data 0
  234. Start-Sleep 1
  235. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Internet Explorer\SQM" -ValueName DisableCustomerImprovementProgram -Type DWord -Data 0
  236. Start-Sleep 1
  237. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Messenger\Client" -ValueName CEIP -Type DWord -Data 2
  238. Start-Sleep 1
  239. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Messenger\Client" -ValueName PreventAutoRun -Type DWord -Data 1
  240. Start-Sleep 1
  241. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main" -ValueName Cookies -Type DWord -Data 2
  242. Start-Sleep 1
  243. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 40
  244. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" -ValueName DoReport -Type DWord -Data 0
  245. Start-Sleep 1
  246. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" -ValueName ForceQueueMode -Type DWord -Data 0
  247. Start-Sleep 1
  248. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWFileTreeRoot -Type String -Data ""
  249. Start-Sleep 1
  250. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoExternalURL -Type DWord -Data 1
  251. Start-Sleep 1
  252. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoFileCollection -Type DWord -Data 1
  253. Start-Sleep 1
  254. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWNoSecondLevelCollection -Type DWord -Data 1
  255. Start-Sleep 1
  256. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" -ValueName DWReporteeName -Type String -Data ""
  257. Start-Sleep 1
  258. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\SearchCompanion" -ValueName DisableContentFileUpdates -Type DWord -Data 1
  259. Start-Sleep 1
  260. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\SQMClient\Windows" -ValueName CEIPEnable -Type DWord -Data 0
  261. Start-Sleep 1
  262. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender" -ValueName DisableAntiSpyware -Type DWord -Data 1
  263. Start-Sleep 1
  264. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -ValueName **del.SpynetReporting -Type String -Data ""
  265. Start-Sleep 1
  266. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -ValueName SubmitSamplesConsent -Type DWord -Data 2
  267. Start-Sleep 1
  268. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F0D0B4EB5D3C24F17D10AE531C7DCEF4A94F4A085AD0D4C88B75082573E36F857A" -ValueName Category -Type DWord -Data 1
  269. Start-Sleep 1
  270. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F0D0B4EB5D3C24F17D10AE531C7DCEF4A94F4A085AD0D4C88B75082573E36F857A" -ValueName CategoryReadOnly -Type DWord -Data 0
  271. Start-Sleep 1
  272. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" -ValueName NoGenTicket -Type DWord -Data 1
  273. Start-Sleep 1
  274. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\IIS" -ValueName PreventIISInstall -Type DWord -Data 1
  275. Start-Sleep 1
  276. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows NT\Printers" -ValueName PhysicalLocation -Type String -Data anonymous
  277. Start-Sleep 1
  278. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" -ValueName DisabledByGroupPolicy -Type DWord -Data 1
  279. Start-Sleep 1
  280. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 50
  281. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName AITEnable -Type DWord -Data 0
  282. Start-Sleep 1
  283. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName DisableInventory -Type DWord -Data 1
  284. Start-Sleep 1
  285. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\AppCompat" -ValueName DisableUAR -Type DWord -Data 1
  286. Start-Sleep 1
  287. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -ValueName PreventDeviceMetadataFromNetwork -Type DWord -Data 1
  288. Start-Sleep 1
  289. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" -ValueName DisableSendGenericDriverNotFoundToWER -Type DWord -Data 1
  290. Start-Sleep 1
  291. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" -ValueName DisableSendRequestAdditionalSoftwareToWER -Type DWord -Data 1
  292. Start-Sleep 1
  293. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Explorer" -ValueName NoUseStoreOpenWith -Type DWord -Data 1
  294. Start-Sleep 1
  295. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName DownloadGameInfo -Type DWord -Data 0
  296. Start-Sleep 1
  297. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName GameUpdateOptions -Type DWord -Data 0
  298. Start-Sleep 1
  299. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\GameUX" -ValueName ListRecentlyPlayed -Type DWord -Data 0
  300. Start-Sleep 1
  301. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard" -ValueName ExitOnMSICW -Type DWord -Data 1
  302. Start-Sleep 1
  303. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" -ValueName DisableLocation -Type DWord -Data 1
  304. Start-Sleep 1
  305. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\OneDrive" -ValueName DisableFileSyncNGSC -Type DWord -Data 1
  306. Start-Sleep 1
  307. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PowerShell" -ValueName EnableScripts -Type DWord -Data 1
  308. Start-Sleep 1
  309. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PowerShell" -ValueName ExecutionPolicy -Type String -Data "RemoteSigned"
  310. Start-Sleep 1
  311. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName **del.EnableExperimentation -Type String -Data ""
  312. Start-Sleep 1
  313. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName AllowBuildPreview -Type DWord -Data 0
  314. Start-Sleep 1
  315. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -ValueName EnableConfigFlighting -Type DWord -Data 0
  316. Start-Sleep 1
  317. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\System" -ValueName AsyncScriptDelay -Type DWord -Data 1
  318. Start-Sleep 1
  319. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\System" -ValueName EnableLogonScriptDelay -Type DWord -Data 1
  320. Start-Sleep 1
  321. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{186f47ef-626c-4670-800a-4a30756babad}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  322. Start-Sleep 1
  323. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  324. Start-Sleep 1
  325. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  326. Start-Sleep 1
  327. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  328. Start-Sleep 1
  329. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  330. Start-Sleep 1
  331. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  332. Start-Sleep 1
  333. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  334. Start-Sleep 1
  335. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  336. Start-Sleep 1
  337. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  338. Start-Sleep 1
  339. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  340. Start-Sleep 1
  341. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" -ValueName EnabledScenarioExecutionLevel -Type DWord -Data 1
  342. Start-Sleep 1
  343. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  344. Start-Sleep 1
  345. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  346. Start-Sleep 1
  347. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" -ValueName **del.EnabledScenarioExecutionLevel -Type String -Data ""
  348. Start-Sleep 1
  349. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" -ValueName ScenarioExecutionEnabled -Type DWord -Data 0
  350. Start-Sleep 1
  351. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" -ValueName Disabled -Type DWord -Data 1
  352. Start-Sleep 1
  353. Write-Progress -Activity "Securing local group policy for privacy (this might take a minute or two)" -Status "Progress:" -PercentComplete 60
  354. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" -ValueName DontSendAdditionalData -Type DWord -Data 1
  355. Start-Sleep 1
  356. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowCortana -Type DWord -Data 0
  357. Start-Sleep 1
  358. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowSearchToUseLocation -Type DWord -Data 0
  359. Start-Sleep 1
  360. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchPrivacy -Type DWord -Data 3
  361. Start-Sleep 1
  362. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchSafeSearch -Type DWord -Data 3
  363. Start-Sleep 1
  364. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWeb -Type DWord -Data 0
  365. Start-Sleep 1
  366. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWebOverMeteredConnections -Type DWord -Data 0
  367. Start-Sleep 1
  368. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName DisableWebSearch -Type DWord -Data 1
  369. Start-Sleep 1
  370. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName DeferUpgrade -Type DWord -Data 1
  371. Start-Sleep 1
  372. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName DoNotConnectToWindowsUpdateInternetLocations -Type DWord -Data 1
  373. Start-Sleep 1
  374. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName **del.AutomaticMaintenanceEnabled -Type String -Data ""
  375. Start-Sleep 1
  376. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName **del.DetectionFrequency -Type String -Data ""
  377. Start-Sleep 1
  378. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName AUOptions -Type DWord -Data 2
  379. Start-Sleep 1
  380. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName DetectionFrequencyEnabled -Type DWord -Data 0
  381. Start-Sleep 1
  382. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName EnableFeaturedSoftware -Type DWord -Data 1
  383. Start-Sleep 1
  384. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName NoAutoUpdate -Type DWord -Data 0
  385. Start-Sleep 1
  386. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName ScheduledInstallDay -Type DWord -Data 0
  387. Start-Sleep 1
  388. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName ScheduledInstallTime -Type DWord -Data 3
  389. Start-Sleep 1
  390. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\WMDRM" -ValueName DisableOnline -Type DWord -Data 1
  391. Start-Sleep 1
  392. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName NoInstrumentation -Type DWord -Data 1
  393. Start-Sleep 1
  394. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Internet Explorer\Privacy" -ValueName EnableInPrivateBrowsing -Type DWord -Data 0
  395. Start-Sleep 1
  396. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" -ValueName DisableLogging -Type DWord -Data 1
  397. Start-Sleep 1
  398. Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\User\registry.pol -Key "Software\Policies\Microsoft\Windows\EdgeUI" -ValueName DisableMFUTracking -Type DWord -Data 1
  399. gpupdate /force | Out-Null
  400. Write-Progress -Activity "Securing local group policy for privacy" -Status "Progress:" -PercentComplete 70
  401. }
  402. # Tweak registry
  403. if ($registry -eq $true)
  404. {
  405. Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 70
  406. New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  407.  
  408. # Remove Action Center from the right
  409. New-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name DisableNotificationCenter -PropertyType DWORD -Value 1 -Force | Out-Null
  410.  
  411. # Disable New Windows Update UI and Enable Previous UI (requires ownership of the key)
  412. # New-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX" -Name IsConvergedUpdateStackEnabled -PropertyType DWORD -Value 0 -Force | Out-Null
  413.  
  414. # Set explorer to open to "This PC"
  415. New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name LaunchTo -PropertyType DWORD -Value 1 -Force | Out-Null
  416.  
  417. # Hide 'Search' bar (needs reboot or explorer.exe restart)
  418. New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\" -Name SearchboxTaskbarMode -PropertyType DWORD -Value 0 -Force | Out-Null
  419.  
  420. # Disable UAC (requires reboot)
  421. New-ItemProperty -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name EnableLUA -PropertyType DWord -Value 0 -Force | Out-Null
  422.  
  423. # Show file extensions
  424. New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name HideFileExt -PropertyType DWORD -Value 0 -Force | Out-Null
  425.  
  426. # Remove 'Customize this folder' from context menu
  427. New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name NoCustomizeThisFolder -Value 1 -PropertyType DWORD -Force | Out-Null
  428.  
  429. # Remove 'Restore to previous versions' from context menu
  430. Remove-Item -Path "HKCR:\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  431. Remove-Item -Path "HKCR:\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  432. Remove-Item -Path "HKCR:\Directory\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  433. Remove-Item -Path "HKCR:\Drive\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}" -Force -Recurse | Out-Null
  434.  
  435. # Remove 'Share with' from context menu
  436. Remove-Item -Path "HKCR:\Directory\Background\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  437. Remove-Item -Path "HKCR:\Directory\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  438. reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /f | Out-Null
  439. Remove-Item -Path "HKCR:\Directory\shellex\CopyHookHandlers\Sharing" -Force -Recurse | Out-Null
  440. Remove-Item -Path "HKCR:\Directory\shellex\PropertySheetHandlers\Sharing" -Force -Recurse | Out-Null
  441. Remove-Item -Path "HKCR:\Drive\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  442. Remove-Item -Path "HKCR:\Drive\shellex\PropertySheetHandlers\Sharing" -Force -Recurse | Out-Null
  443. Remove-Item -Path "HKCR:\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  444. Remove-Item -Path "HKCR:\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" -Force -Recurse | Out-Null
  445. New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name SharingWizardOn -PropertyType DWORD -Value 0 -Force | Out-Null
  446.  
  447. # Remove Homegroup from left explorer pane
  448. # ~need to take ownership of the registry key and it's a PITA, so doing the easy thing instead by disabling the service
  449. # New-ItemProperty "HKCR:\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 2962489612 -Force | Out-Null # hex: b094010c
  450. # New-ItemProperty "HKCR:\Wow6432Node\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder" -Name Attributes -PropertyType DWORD -Value 2962489612 -Force | Out-Null # hex: b094010c
  451.  
  452. # Remove 'Include in library' from context menu
  453. # Remove-Item "HKCR:\Folder\ShellEx\ContextMenuHandlers\Library Location" -Force -Recurse | Out-Null
  454. Remove-Item "HKLM:\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Library Location" -Force -Recurse | Out-Null
  455.  
  456. # Remove 'Send to' from context menu
  457. Remove-Item -Path "HKCR:\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo" -Force -Recurse | Out-Null
  458.  
  459. Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 85
  460.  
  461. # Fix DPI scaling blurry/fuzzy display at 125% (Might get reset by reboot/windows update)
  462. New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "DpiScalingVer" -Value "0x00001018" -PropertyType DWORD -Force | Out-Null
  463. New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "Win8DpiScaling" -Value "0x00000001" -PropertyType DWORD -Force | Out-Null
  464. New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "LogPixels" -Value "0x00000078" -PropertyType DWORD -Force | Out-Null
  465.  
  466. # Add a 'Take Owner' option in your right-click menu (Powershell has problems with '*', using reg.exe)
  467. reg add "HKEY_CLASSES_ROOT\*\shell\runas" /ve /t REG_SZ /d "Take Ownership" /f | Out-Null
  468. reg add "HKEY_CLASSES_ROOT\*\shell\runas" /v NoWorkingDirectory /t REG_SZ /d "" /f | Out-Null
  469. reg add "HKEY_CLASSES_ROOT\*\shell\runas\command" /ve /t REG_SZ /d "cmd.exe /c takeown /f \`"%1\`" && icacls \`"%1\`" /grant administrators:F" /f | Out-Null
  470. reg add "HKEY_CLASSES_ROOT\*\shell\runas\command" /v IsolatedCommand /t REG_SZ /d "cmd.exe /c takeown /f \`"%1\`" && icacls \`"%1\`" /grant administrators:F" /f | Out-Null
  471.  
  472. New-Item -Force -Path "HKCR:\Directory\shell\runas" | Out-Null
  473. New-Item -Force -Path "HKCR:\Directory\shell\runas\command" | Out-Null
  474. New-ItemProperty -Force -Path "HKCR:\Directory\shell\runas" -Name '(Default)' -Value "Take Ownership" | Out-Null
  475. New-ItemProperty -Force -Path "HKCR:\Directory\shell\runas" -Name NoWorkingDirectory -Value "" | Out-Null
  476. New-ItemProperty -Force -Path "HKCR:\Directory\shell\runas\command" -Name '(Default)' -Value "cmd.exe /c takeown /f `"%1`" /r /d y && icacls `"%1`" /grant administrators:F /t" | Out-Null
  477. New-ItemProperty -Force -Path "HKCR:\Directory\shell\runas\command" -Name IsolatedCommand -Value "cmd.exe /c takeown /f `"%1`" /r /d y && icacls `"%1`" /grant administrators:F /t" | Out-Null
  478.  
  479. # Allows Powershell Invoke-WebRequest to be usable again, without generating a Security Dialog (for developers)
  480. New-ItemProperty -Force -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" -Name 1A10 -Value 0 | Out-Null
  481.  
  482. # Remove tablet lock screen (No need for in LTSB)
  483. # New-ItemProperty -Path "HKLM:SOFTWARE\Policies\Microsoft\Windows\Personalization" -Name NoLockScreen -Value 1 -PropertyType DWORD -Force | Out-Null
  484.  
  485. # Remove OneDrive completely
  486. $OneDrivex86 = "$env:SystemRoot\System32\OneDriveSetup.exe"
  487. $OneDrivex64 = "$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
  488.  
  489. Get-Process *OneDrive* | Stop-Process -Force | Out-Null
  490. Start-Sleep 3
  491.  
  492. if (Test-Path $OneDrivex86)
  493. {
  494. & $OneDrivex86 "/uninstall" | Out-Null
  495. }
  496.  
  497. if (Test-Path $OneDrivex64)
  498. {
  499. & $OneDrivex64 "/uninstall" | Out-Null
  500. }
  501. Start-Sleep 15 # Uninstallation needs time to let go off the files
  502.  
  503. # Explorer.exe gets in our way by locking the files for some reason
  504. taskkill /F /IM explorer.exe | Out-Null
  505. if (Test-Path "$env:USERPROFILE\OneDrive") { rd "$env:USERPROFILE\OneDrive" -Recurse -Force | Out-Null }
  506. if (Test-Path "C:\OneDriveTemp") { rd "C:\OneDriveTemp" -Recurse -Force | Out-Null }
  507. if (Test-Path "$env:LOCALAPPDATA\Microsoft\OneDrive") { rd "$env:LOCALAPPDATA\Microsoft\OneDrive" -Recurse -Force | Out-Null }
  508. if (Test-Path "$env:PROGRAMDATA\Microsoft OneDrive") { rd "$env:PROGRAMDATA\Microsoft OneDrive" -Recurse -Force | Out-Null }
  509. Start-Process explorer.exe
  510. # Remove OneDrive from the Explorer Side Panel
  511. if (Test-Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}") { Remove-Item -Force -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse | Out-Null }
  512. if (Test-Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}") { Remove-Item -Force -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse | Out-Null }
  513.  
  514. Write-Progress -Activity "Tweaking registry" -Status "Progress:" -PercentComplete 90
  515. }
  516. # Remove features
  517. if ($features -eq $true)
  518. {
  519. Write-Progress -Activity "Removing features" -Status "Progress:" -PercentComplete 90
  520.  
  521. # XPS Viewer
  522. Dism /online /Disable-Feature /FeatureName:Xps-Foundation-Xps-Viewer /quiet /norestart
  523. # XPS Services
  524. Dism /online /Disable-Feature /FeatureName:Printing-XPSServices-Features /quiet /norestart
  525. # Internet Explorer
  526. Dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64 /quiet /norestart
  527. # Work Folders
  528. Dism /online /Disable-Feature /FeatureName:WorkFolders-Client /quiet /norestart
  529.  
  530. Write-Progress -Activity "Removing features" -Status "Progress:" -PercentComplete 100
  531. }
  532. Write-Host "FINISHED." -ForegroundColor Green
  533. Read-Host "Debloat complete. Please restart your system to make sure everything works properly."
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!