API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 26th, 2020
1,795
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.82 KB | None | 0 0
raw download clone embed print report
  1. #Windows 10 Decrapifier 18XX/19XX
  2. #By CSAND
  3. #Feb 11 2020
  4. #
  5. #
  6. #PURPOSE: Eliminate much of the bloat that comes with Windows 10. Change many privacy settings to be off by default. Remove built-in advertising, Cortana, OneDrive, Cortana stuff (all optional). Disable some data collection.
  7. # Clean up the start menu for new user accounts. Remove a bunch of pre-installed apps, or all of them (including the store). Create a more professional looking W10 experience. Changes some settings no longer
  8. # available via GPO for Professional edition. All of this without breaking Windows.
  9. #
  10. #DISCLAIMER: Most of the changes are easily undone, but some like removing the store are difficult to undo. You should use local/group policy to remove the store if you want.
  11. # The -allapps switch is there but I do not recommend most people use it.
  12. # I encourage you to research these changes beforehand, and read through the script.
  13. # Each section is described with comments, to make it easier to see what's going on.
  14. #
  15. #
  16. #INSTRUCTIONS: For best results use the following how-tos. Running from an existing profile on an "in-use" machine won't affect any already-existing user profiles and won't give the best results.
  17. # Read through the script to see what is disabled, and comment out anything you want to keep. By default a transcript is saved at SYSTEMDRIVE\WindowsDCtranscript.txt.
  18. #
  19. #Single machine how-to:
  20. #https://community.spiceworks.com/how_to/148624-how-to-clean-up-a-single-windows-10-machine-image-using-decrapifier
  21. #
  22. #Basic MDT how-to:
  23. #https://community.spiceworks.com/how_to/150455-shoehorn-decrapifier-into-your-mdt-task
  24. #
  25. #
  26. #Join the Spiceworks Decrapifier community group on Spiceworks!
  27. #https://community.spiceworks.com/user-groups/windows-decrapifier-group
  28. #
  29. #Common questions/issues:
  30. #https://community.spiceworks.com/topic/2149611-common-questions-and-problems?page=1#entry-7850320
  31. #
  32. #
  33. #OFFICIAL DOWNLOAD:
  34. #https://community.spiceworks.com/scripts/show/4378-windows-10-decrapifier-1803
  35. #This is the only place I post any updates to this script.
  36. #
  37. #Changelog:
  38. #https://community.spiceworks.com/topic/2162951-changelog
  39. #
  40. #Previous versions:
  41. #https://community.spiceworks.com/scripts/show/3977-windows-10-decrapifier-1709
  42. #https://community.spiceworks.com/scripts/show/3298-windows-10-decrapifier-version-1
  43. #
  44. #
  45. #
  46. #***Switches***
  47. #
  48. #Switch Function
  49. #---------------------------
  50. #No switches Disables unnecessary services and scheduled tasks. Removes all UWP apps except for some useful ones. Disables Cortana, OneDrive, restricts default privacy settings and cleans up the default start menu.
  51. #-AllApps Removes ALL apps including the store. Make sure this is what you want before you do it. It can be tough to get the store back. Seriously, don't do this unless you are 100% certain.
  52. #-LeaveTasks Leaves scheduled tasks alone.
  53. #-LeaveServices Leaves services alone.
  54. #-AppAccess By default this script will restrict almost all the permissions in Settings -> Privacy. This will prevent that from happening.
  55. #-ClearStart Empties the start menu completely leaving you with just the apps list.
  56. #-OneDrive Leaves OneDrive and Onedrive for Business fully functional.
  57. #-Tablet Use this for tablets or 2-in-1s to leave location and sensors enabled.
  58. #-Cortana Leave Cortana and web enabled search intact... if that's what you really want.
  59. #-Xbox Leave xBox apps and related items.
  60. #-NoLog Don't copy transcript to systemdrive\WindowsDCtranscript.txt.
  61. #-AppsOnly Only removes apps, doesn't touch privacy settings, services, and scheduled tasks. Cannot be used with -SettingsOnly switch. Can be used with all the others.
  62. #-SettingsOnly Only adjusts privacy settings, services, and scheduled tasks. Leaves apps. Cannot be used with -AppsOnly switch. Can be used with all others (-AllApps won't do anything in that case, obviously).
  63.  
  64. [cmdletbinding(DefaultParameterSetName="Decrapifier")]
  65. param (
  66. [switch]$AllApps,
  67. [switch]$LeaveTasks,
  68. [switch]$LeaveServices,
  69. [switch]$AppAccess,
  70. [switch]$OneDrive,
  71. [switch]$Xbox,
  72. [switch]$Tablet,
  73. [switch]$Cortana,
  74. [switch]$ClearStart,
  75. [switch]$NoLog,
  76. [Parameter(ParameterSetName="AppsOnly")]
  77. [switch]$AppsOnly,
  78. [Parameter(ParameterSetName="SettingsOnly")]
  79. [switch]$SettingsOnly
  80. )
  81.  
  82. #------USER EDITABLE VARIABLES - change these to your tastes!------
  83.  
  84. #Apps to keep. Wildcard is implied so try to be specific enough to not overlap with apps you do want removed.
  85. #Make sure not begin or end with a "|". ex: "app|app2" - good. "|app|app2|" - bad.
  86.  
  87. $GoodApps = "calculator|sticky|store|windows.photos|soundrecorder|mspaint|screensketch"
  88.  
  89. #Start Menu XML. If you run the script without -ClearStart, the XML below will be used for a custom start layout. By default it just leaves File Explorer, classic Control Panel, and Snipping Tool tiles.
  90. #Place your XML like so:
  91. # $StartLayourStr = @"
  92. # <**YOUR START LAYOUT XML**>
  93. # "@
  94.  
  95. $StartLayoutStr = @"
  96. <LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
  97. <LayoutOptions StartTileGroupCellWidth="6" />
  98. <DefaultLayoutOverride>
  99. <StartLayoutCollection>
  100. <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
  101. <start:Group Name="" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
  102. <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
  103. <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk" />
  104. <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk" />
  105. </start:Group>
  106. </defaultlayout:StartLayout>
  107. </StartLayoutCollection>
  108. </DefaultLayoutOverride>
  109. </LayoutModificationTemplate>
  110. "@
  111.  
  112. #------End editable variables------
  113.  
  114.  
  115. #---Functions---
  116.  
  117. #Appx removal
  118. #Removes all apps or some apps depending on switches used.
  119.  
  120. Function RemoveApps {
  121. #SafeApps contains apps that shouldn't be removed, or just can't and cause errors
  122. $SafeApps = "AAD.brokerplugin|accountscontrol|apprep.chxapp|assignedaccess|asynctext|bioenrollment|capturepicker|cloudexperience|contentdelivery|desktopappinstaller|ecapp|getstarted|immersivecontrolpanel|lockapp|net.native|oobenet|parentalcontrols|PPIProjection|sechealth|secureas|shellexperience|startmenuexperience|vclibs|xaml|XGpuEject"
  123. If ($Xbox) {
  124. $SafeApps = "$SafeApps|Xbox"
  125. }
  126.  
  127. If ($Allapps) {
  128. $RemoveApps = Get-AppxPackage -allusers | where-object {$_.name -notmatch $SafeApps}
  129. $RemovePrApps = Get-AppxProvisionedPackage -online | where-object {$_.displayname -notmatch $SafeApps}
  130. ForEach ($RemovedApp in $RemoveApps) {
  131. Write-Host Removing app package: $RemovedApp.name
  132. Remove-AppxPackage -package $RemovedApp -erroraction silentlycontinue
  133.  
  134. } ForEach ($RemovedPrApp in $RemovePrApps) {
  135. Write-Host Removing provisioned app $RemovedPrApp.displayname
  136. Remove-AppxProvisionedPackage -online -packagename $RemovedPrApp.packagename -erroraction silentlycontinue
  137.  
  138. }
  139. } Else {
  140. $SafeApps = "$SafeApps|$GoodApps"
  141. $RemoveApps = Get-AppxPackage -allusers | where-object {$_.name -notmatch $SafeApps}
  142. $RemovePrApps = Get-AppxProvisionedPackage -online | where-object {$_.displayname -notmatch $SafeApps}
  143. ForEach ($RemovedApp in $RemoveApps) {
  144. Write-Host Removing app package: $RemovedApp.name
  145. Remove-AppxPackage -package $RemovedApp -erroraction silentlycontinue
  146.  
  147. } ForEach ($RemovedPrApp in $RemovePrApps) {
  148. Write-Host Removing provisioned app $RemovedPrApp.displayname
  149. Remove-AppxProvisionedPackage -online -packagename $RemovedPrApp.packagename -erroraction silentlycontinue
  150.  
  151. }
  152. }
  153. }
  154. #End Function RemoveApps
  155.  
  156.  
  157.  
  158. #If ($AllApps) {
  159. # Write-Host "***Removing all apps and provisioned appx packages for this machine...***"
  160. #2 passes intentional.
  161. #Get-AppxPackage -allusers | where-object {$_.name -notmatch $SafeApps} | Remove-AppxPackage -erroraction silentlycontinue
  162. # Get-AppxPackage -allusers | where-object {$_.name -notmatch $SafeApps} | Remove-AppxPackage -erroraction silentlycontinue
  163. # Get-AppxProvisionedPackage -online | where-object {$_.displayname -notmatch $SafeApps} | Remove-AppxProvisionedPackage -online -erroraction silentlycontinue
  164.  
  165. #} Else {
  166. #$SafeApps = "$SafeApps|$GoodApps"
  167. #Write-Host "***Removing many apps and provisioned appx packages for this machine...***"
  168. #2 passes intentional.
  169. #Get-AppxPackage -allusers | where-object {$_.name -notmatch $SafeApps} | Remove-AppxPackage -erroraction silentlycontinue
  170. #Get-AppxPackage -allusers | where-object {$_.name -notmatch $SafeApps} | Remove-AppxPackage -erroraction silentlycontinue
  171. #Get-AppxProvisionedPackage -online | where-object {$_.displayname -notmatch $SafeApps} | Remove-AppxProvisionedPackage -online -erroraction silentlycontinue
  172. #}
  173.  
  174.  
  175. #Disable scheduled tasks
  176. #Tasks: Various CEIP and information gathering/sending tasks.
  177. Function DisableTasks {
  178. If ($LeaveTasks) {
  179. Write-Host "***Leavetasks switch set - leaving scheduled tasks alone...***"
  180. } Else {
  181. Write-Host "***Disabling some unecessary scheduled tasks...***"
  182. Get-Scheduledtask "Microsoft Compatibility Appraiser","ProgramDataUpdater","Consolidator","KernelCeipTask","UsbCeip","Microsoft-Windows-DiskDiagnosticDataCollector","GatherNetworkInfo","QueueReporting" -erroraction silentlycontinue | Disable-scheduledtask
  183. }
  184. }
  185.  
  186.  
  187. #Disable services
  188. Function DisableServices {
  189. If ($LeaveServices) {
  190. Write-Host "***Leaveservices switch set - leaving services alone...***"
  191. } Else {
  192. Write-Host "***Stopping and disabling some services...***"
  193. #Diagnostics tracking WMP Network Sharing
  194. Get-Service Diagtrack,WMPNetworkSvc -erroraction silentlycontinue | stop-service -passthru | set-service -startuptype disabled
  195. #WAP Push Message Routing NOTE Sysprep w/ Generalize WILL FAIL if you disable the DmwApPushService. Commented out by default.
  196. #Get-Service DmwApPushService -erroraction silentlycontinue | stop-service -passthru | set-service -startuptype disabled
  197. #Disable OneSync service - Used to sync various apps and settings if you enable that (contacts, etc). Commented out by default to not break functionality.
  198. #Get-Service OneSyncSvc | stop-service -passthru | set-service -startuptype disabled
  199.  
  200. #xBox services
  201. If ($Xbox){
  202. } Else {
  203. #Disable xBox services - "xBox Game Monitoring Service" - XBGM - Can't be disabled (access denied)
  204. Get-Service XblAuthManager,XblGameSave,XboxNetApiSvc -erroraction silentlycontinue | stop-service -passthru | set-service -startuptype disabled
  205. }
  206. }
  207. }
  208.  
  209.  
  210. #Registry change functions
  211. #Load default user hive
  212. Function loaddefaulthive {
  213. $matjazp72 = (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' Default).Default
  214. reg load "$reglocation" $matjazp72\ntuser.dat
  215. }
  216.  
  217.  
  218. #Unload default user hive
  219. Function unloaddefaulthive {
  220. [gc]::collect()
  221. reg unload "$reglocation"
  222. }
  223.  
  224.  
  225. #Cycle registry locations - 1st pass HKCU, 2nd pass default NTUSER.dat
  226. Function RegChange {
  227. Write-Host "***Applying registry items to HKCU...***"
  228. $reglocation = "HKCU"
  229. regsetuser
  230. $reglocation = "HKLM\AllProfile"
  231. Write-Host "***Applying registry items to default NTUSER.DAT...***"
  232. loaddefaulthive; regsetuser; unloaddefaulthive
  233. $reglocation = $null
  234. Write-Host "***Applying registry items to HKLM...***"
  235. regsetmachine
  236. Write-Host "***Registry set current user and default user, and policies set for local machine!***"
  237. }
  238.  
  239.  
  240. #Set current and default user registry settings
  241. Function RegSetUser {
  242. #Start menu suggestions
  243. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SystemPaneSuggestionsEnabled" /D 0 /F
  244. #Show suggested content in settings
  245. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-338393Enabled" /D 0 /F
  246. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-353694Enabled" /D 0 /F
  247. #Show suggestions occasionally
  248. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-338388Enabled" /D 0 /F
  249. #Multitasking - Show suggestions in timeline
  250. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-353698Enabled" /D 0 /F
  251. #Lockscreen suggestions, rotating pictures
  252. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SoftLandingEnabled" /D 0 /F
  253. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "RotatingLockScreenEnabled" /D 0 /F
  254. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "RotatingLockScreenOverlayEnabled" /D 0 /F
  255. #Preinstalled apps, Minecraft Twitter etc all that - still need a clean default start menu to fully eliminate
  256. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "PreInstalledAppsEnabled" /D 0 /F
  257. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "PreInstalledAppsEverEnabled" /D 0 /F
  258. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "OEMPreInstalledAppsEnabled" /D 0 /F
  259. #MS shoehorning apps quietly into your profile
  260. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SilentInstalledAppsEnabled" /D 0 /F
  261. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "ContentDeliveryAllowed" /D 0 /F
  262. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContentEnabled" /D 0 /F
  263. #Ads in File Explorer
  264. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V "ShowSyncProviderNotifications" /D 0 /F
  265. #Show me the Windows welcome experience after updates and occasionally
  266. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-310093Enabled" /D 0 /F
  267. #Get tips, tricks, suggestions as you use Windows
  268. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-338389Enabled" /D 0 /F
  269.  
  270. #Privacy Settings
  271. #Let websites provide local content by accessing language list - appears to reset during OOBE.
  272. #Reg Add "$reglocation\Control Panel\International\User Profile" /T REG_DWORD /V "HttpAcceptLanguageOptOut" /D 1 /F
  273. #Ask for feedback
  274. Reg Add "$reglocation\SOFTWARE\Microsoft\Siuf\Rules" /T REG_DWORD /V "NumberOfSIUFInPeriod" /D 0 /F
  275. Reg Add "$reglocation\SOFTWARE\Microsoft\Siuf\Rules" /T REG_DWORD /V "PeriodInNanoSeconds" /D 0 /F
  276. #Let apps use advertising ID
  277. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /T REG_DWORD /V "Enabled" /D 0 /F
  278. #Let Windows track app launches to improve start and search results - includes run history
  279. #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V "Start_TrackProgs" /D 0 /F
  280. #Tailored experiences - Diagnostics & Feedback settings
  281. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" /T REG_DWORD /V "TailoredExperiencesWithDiagnosticDataEnabled" /D 0 /F
  282. #Let apps on other devices open messages and apps on this device - Shared Experiences settings
  283. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" /T REG_DWORD /V "RomeSdkChannelUserAuthzPolicy" /D 0 /F
  284. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" /T REG_DWORD /V "CdpSessionUserAuthzPolicy" /D 0 /F
  285.  
  286. #Speech Inking & Typing - comment out if you use the pen\stylus a lot
  287. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /T REG_DWORD /V "Enabled" /D 0 /F
  288. Reg Add "$reglocation\SOFTWARE\Microsoft\InputPersonalization" /T REG_DWORD /V "RestrictImplicitTextCollection" /D 1 /F
  289. Reg Add "$reglocation\SOFTWARE\Microsoft\InputPersonalization" /T REG_DWORD /V "RestrictImplicitInkCollection" /D 1 /F
  290. Reg Add "$reglocation\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /T REG_DWORD /V "HarvestContacts" /D 0 /F
  291. Reg Add "$reglocation\SOFTWARE\Microsoft\Personalization\Settings" /T REG_DWORD /V "AcceptedPrivacyPolicy" /D 0 /F
  292. #Improve inking & typing recognition
  293. Reg Add "$reglocation\SOFTWARE\Microsoft\Input\TIPC" /T REG_DWORD /V "Enabled" /D 0 /F
  294. #Pen & Windows Ink - Show recommended app suggestions
  295. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\PenWorkspace" /T REG_DWORD /V "PenWorkspaceAppSuggestionsEnabled" /D 0 /F
  296.  
  297. #People
  298. #Show My People notifications
  299. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People\ShoulderTap" /T REG_DWORD /V "ShoulderTap" /D 0 /F
  300. #Show My People app suggestions
  301. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-314563Enabled" /D 0 /F
  302. #People on Taskbar
  303. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" /T REG_DWORD /V "PeopleBand" /D 0 /F
  304.  
  305. #Other Settings
  306. #Use Autoplay for all media and devices
  307. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" /T REG_DWORD /V "DisableAutoplay" /D 1 /F
  308. #Taskbar search, personal preference. 0 = no search, 1 = search icon, 2 = search bar
  309. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "SearchboxTaskbarMode" /D 0 /F
  310. #Allow search to use location if it's enabled
  311. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "AllowSearchToUseLocation" /D 0 /F
  312. #Do not track - Edge
  313. Reg Add "$reglocation\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" /T REG_DWORD /V "DoNotTrack" /D 1 /F
  314. #Do not track - IE
  315. Reg Add "$reglocation\SOFTWARE\Microsoft\Internet Explorer\Main" /T REG_DWORD /V "DoNotTrack" /D 1 /F
  316.  
  317. #--Optional User Settings--
  318.  
  319. #App permissions user settings, these are all available from the settings menu
  320. If ($AppAccess) {
  321. } Else{
  322. #App permissions
  323. #Location - see tablet settings
  324. #Camera
  325. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam" /T REG_SZ /V "Value" /D Deny /F
  326. #Microphone
  327. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone" /T REG_SZ /V "Value" /D Deny /F
  328. #Notifications - doesn't appear to work in 1803, setting hasn't been moved as of 1803 like most of the others
  329. #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{52079E78-A92B-413F-B213-E8FE35712E72}" /T REG_SZ /V "Value" /D Deny /F
  330. #Account Info
  331. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" /T REG_SZ /V "Value" /D Deny /F
  332. #Contacts
  333. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts" /T REG_SZ /V "Value" /D Deny /F
  334. #Calendar
  335. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments" /T REG_SZ /V "Value" /D Deny /F
  336. #Call history
  337. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory" /T REG_SZ /V "Value" /D Deny /F
  338. #Email
  339. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email" /T REG_SZ /V "Value" /D Deny /F
  340. #Tasks
  341. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks" /T REG_SZ /V "Value" /D Deny /F
  342. #TXT/MMS
  343. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat" /T REG_SZ /V "Value" /D Deny /F
  344. #Radios - doesn't appear to work in 1803, setting hasn't been moved as of 1803 like most of the others
  345. #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /T REG_SZ /V "Value" /D Deny /F
  346. #Other Devices - reset during OOBE
  347. #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" /T REG_SZ /V "Value" /D Deny /F
  348. #Cellular Data
  349. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\cellularData" /T REG_SZ /V "Value" /D Deny /F
  350. #Allow apps to run in background global setting - seems to reset during OOBE
  351. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /T REG_DWORD /V "GlobalUserDisabled" /D 1 /F
  352. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "BackgroundAppGlobalToggle" /D 0 /F
  353. #App Diagnostics - doesn't appear to work in 1803, setting hasn't been moved as of 1803 like most of the others
  354. #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2297E4E2-5DBE-466D-A12B-0F8286F0D9CA}" /T REG_SZ /V "Value" /D Deny /F
  355. #My Documents
  356. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" /T REG_SZ /V "Value" /D Deny /F
  357. #My Pictures
  358. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" /T REG_SZ /V "Value" /D Deny /F
  359. #My Videos
  360. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" /T REG_SZ /V "Value" /D Deny /F
  361. #File System
  362. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" /T REG_SZ /V "Value" /D Deny /F
  363.  
  364. #Tablet Settings - use -Tablet switch to leave these on
  365. If ($Tablet) {
  366. }
  367. Else {
  368. #Deny access to location and sensors
  369. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /T REG_DWORD /V "SensorPermissionState" /D 0 /F
  370. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /T REG_SZ /V "Value" /D Deny /F
  371. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}" /T REG_SZ /V "Value" /D Deny /F
  372. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /T REG_SZ /V "Value" /D Deny /F
  373. }
  374.  
  375. }
  376.  
  377. #Disable Cortana - use -Cortana to leave it on
  378. If ($Cortana){
  379. } Else{
  380. #Disable Cortana and Bing search user settings
  381. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "CortanaEnabled" /D 0 /F
  382. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "CanCortanaBeEnabled" /D 0 /F
  383. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "DeviceHistoryEnabled" /D 0 /F
  384. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "CortanaConsent" /D 0 /F
  385. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "CortanaInAmbientMode" /D 0 /F
  386. #Disable Bing search from start menu/search bar
  387. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "BingSearchEnabled" /D 0 /F
  388. #Disable Cortana on lock screen
  389. Reg Add "$reglocation\SOFTWARE\Microsoft\Speech_OneCore\Preferences" /T REG_DWORD /V "VoiceActivationEnableAboveLockscreen" /D 0 /F
  390. #Disable Cortana search history
  391. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "HistoryViewEnabled" /D 0 /F
  392. }
  393.  
  394. #Game settings - use -Xbox to leave these on
  395. If ($Xbox) {
  396. } Else {
  397. #Disable Game DVR
  398. Reg Add "$reglocation\System\GameConfigStore" /T REG_DWORD /V "GameDVR_Enabled" /D 0 /F
  399. }
  400.  
  401. #OneDrive settings - use -OneDrive switch to leave these on
  402. If ($OneDrive) {
  403. } Else {
  404. #Disable OneDrive startup run user settings
  405. Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /T REG_BINARY /V "OneDrive" /D 0300000021B9DEB396D7D001 /F
  406. #Disable automatic OneDrive desktop setup for new accounts
  407. If ($reglocation -ne "HKCU") {
  408. Reg Delete "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "OneDriveSetup" /F
  409. }
  410. }
  411.  
  412. #End user registry settings
  413. }
  414.  
  415.  
  416. #Set local machine settings and local group policies
  417. Function RegSetMachine {
  418. #--Local GP settings-- CONVERT THESE TO HKCU / DEFAULT / HKLM WHERE POSSIBLE
  419. #Can be adjusted in GPedit.msc in Pro+ editions.
  420. #Local Policy\Computer Config\Admin Templates\Windows Components
  421. #/Application Compatibility
  422. #Turn off Application Telemetry
  423. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /T REG_DWORD /V "AITEnable" /D 0 /F
  424. #Turn off inventory collector
  425. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /T REG_DWORD /V "DisableInventory" /D 1 /F
  426.  
  427. #/Cloud Content
  428. #Turn off Consumer Experiences - Enterprise only (for Pro, HKCU settings and start menu cleanup achieve same result)
  429. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /T REG_DWORD /V "DisableWindowsConsumerFeatures" /D 1 /F
  430. #Turn off all spotlight features
  431. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /T REG_DWORD /V "DisableWindowsSpotlightFeatures" /D 1 /F
  432.  
  433. #/Data Collection and Preview Builds
  434. #Set Telemetry to off (switches to 1:basic for W10Pro and lower)
  435. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /T REG_DWORD /V "AllowTelemetry" /D 0 /F
  436. #Disable pre-release features and settings
  437. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /T REG_DWORD /V "EnableConfigFlighting" /D 0 /F
  438. #Do not show feedback notifications
  439. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /T REG_DWORD /V "DoNotShowFeedbackNotifications" /D 1 /F
  440.  
  441. #/Store
  442. #Disable all apps from store, commented out by default as it will break the store
  443. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\WindowsStore" /T REG_DWORD /V "DisableStoreApps" /D 1 /F
  444. #Turn off Store, left disabled by default
  445. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\WindowsStore" /T REG_DWORD /V "RemoveWindowsStore" /D 1 /F
  446.  
  447. #/Sync your settings - commented out by default to keep functionality of sync service
  448. #Do not sync (anything)
  449. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /T REG_DWORD /V "DisableSettingSync" /D 2 /F
  450. #Disallow users to override this
  451. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /T REG_DWORD /V "DisableSettingSyncUserOverride" /D 1 /F
  452.  
  453. #Add "Run as different user" to context menu
  454. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /T REG_DWORD /V "ShowRunasDifferentuserinStart" /D 1 /F
  455.  
  456. #!!!None of these effective anymore in 1803!!! Now handled by HKCU settings
  457. #Disallow web search from desktop search
  458. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "DisableWebSearch" /D 1 /F
  459. #Don't search the web or display web results in search
  460. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "ConnectedSearchUseWeb" /D 0 /F
  461. #Don't allow search to use location
  462. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "AllowSearchToUseLocation" /D 0 /F
  463.  
  464. #/Windows Update
  465. #Turn off featured SOFTWARE notifications through Windows Update
  466. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /T REG_DWORD /V "EnableFeaturedSoftware" /D 0 /F
  467.  
  468. #--Non Local GP Settings--
  469. #Delivery Optimization settings - sets to 1 for LAN only, change to 0 for off
  470. Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /T REG_DWORD /V "DownloadMode" /D 1 /F
  471. Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /T REG_DWORD /V "DODownloadMode" /D 1 /F
  472. Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /T REG_DWORD /V "DownloadMode" /D 1 /F
  473.  
  474. #Disabling advertising info and device metadata collection for this machine
  475. Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /T REG_DWORD /V "Enabled" /D 0 /F
  476. Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /V "PreventDeviceMetadataFromNetwork" /T REG_DWORD /D 1 /F
  477.  
  478. #Disable CEIP. GP setting at: Computer Config\Admin Templates\System\Internet Communication Managemen\Internet Communication settings
  479. Reg Add "HKLM\SOFTWARE\Microsoft\SQMClient\Windows" /T REG_DWORD /V "CEIPEnable" /D 0 /F
  480.  
  481. #Turn off automatic download/install of store app updates
  482. #Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" /T REG_DWORD /V "AutoDownload" /D 2 /F
  483.  
  484. #Prevent using sign-in info to automatically finish setting up after an update
  485. Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /T REG_DWORD /V "ARSOUserConsent" /D 2 /F
  486.  
  487. #Prevent apps on other devices from opening apps on this one - disables phone pairing
  488. #Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SmartGlass" /T REG_DWORD /V "UserAuthPolicy" /D 0 /F
  489.  
  490. #Enable diagnostic data viewer
  491. Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventTranscriptKey" /T REG_DWORD /V "EnableEventTranscript" /D 1 /F
  492.  
  493. #Disable Edge desktop shortcut
  494. Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /T REG_DWORD /V "DisableEdgeDesktopShortcutCreation" /D 1 /F
  495.  
  496. #Filter web content through smartscreen. Left enabled by default.
  497. #Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /T REG_DWORD /V "EnableWebContentEvaluation" /D 0 /F
  498.  
  499. #--Optional Machine Settings--
  500.  
  501. #Disable Cortana - use -Cortana to leave it on
  502. If ($Cortana){
  503. } Else{
  504. #Cortana local GP - Computer Config\Admin Templates\Windows Components\Search
  505. #Disallow Cortana
  506. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "AllowCortana" /D 0 /F
  507. #Disallow Cortana on lock screen - seems pointless with above setting, may be deprecated, covered by HKCU anyways
  508. #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "AllowCortanaAboveLock" /D 0 /F
  509. }
  510.  
  511. #Tablet Settings - use -Tablet switch to leave these on
  512. If ($Tablet) {
  513. } Else {
  514. #Turn off location - global
  515. Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /T REG_SZ /V "Value" /D Deny /F
  516. }
  517.  
  518. #Game settings - use -Xbox to leave these on
  519. If ($Xbox) {
  520. } Else {
  521. #Disable Game Monitoring Service
  522. Reg Add "HKLM\SYSTEM\CurrentControlSet\Services\xbgm" /T REG_DWORD /V "Start" /D 4 /F
  523. #GameDVR local GP - Computer Config\Admin Templates\Windows Components\Windows Game Recording and Broadcasting
  524. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /T REG_DWORD /V "AllowGameDVR" /D 0 /F
  525. }
  526.  
  527. #OneDrive settings - use -OneDrive switch to leave these on
  528. If ($OneDrive) {
  529. } Else {
  530. #Prevent usage of OneDrive local GP - Computer Config\Admin Templates\Windows Components\OneDrive
  531. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /T REG_DWORD /V "DisableFileSyncNGSC" /D 1 /F
  532. Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /T REG_DWORD /V "DisableFileSync" /D 1 /F
  533. #Remove OneDrive from File Explorer
  534. Reg Add "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /T REG_DWORD /V "System.IsPinnedToNameSpaceTree" /D 0 /F
  535. Reg Add "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /T REG_DWORD /V "System.IsPinnedToNameSpaceTree" /D 0 /F
  536. }
  537.  
  538. #End machine registry settings
  539. }
  540.  
  541.  
  542. #Clean up the default start menu
  543. Function ClearStartMenu {
  544. If ($ClearStart) {
  545. Write-Host "***Setting empty start menu for new profiles...***"
  546. #Don't edit this. Creates empty start menu if -ClearStart is used.
  547. $StartLayoutStr = @"
  548. <LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout">
  549. <LayoutOptions StartTileGroupCellWidth="6" />
  550. <DefaultLayoutOverride>
  551. <StartLayoutCollection>
  552. <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
  553. </defaultlayout:StartLayout>
  554. </StartLayoutCollection>
  555. </DefaultLayoutOverride>
  556. </LayoutModificationTemplate>
  557. "@
  558. add-content $Env:TEMP\startlayout.xml $StartLayoutStr
  559. import-startlayout -layoutpath $Env:TEMP\startlayout.xml -mountpath $Env:SYSTEMDRIVE\
  560. remove-item $Env:TEMP\startlayout.xml
  561. } Else {
  562. Write-Host "***Setting clean start menu for new profiles...***"
  563. #Custom start layout XML near the top of the script.
  564.  
  565. add-content $Env:TEMP\startlayout.xml $StartLayoutStr
  566. import-startlayout -layoutpath $Env:TEMP\startlayout.xml -mountpath $Env:SYSTEMDRIVE\
  567. remove-item $Env:TEMP\startlayout.xml
  568. }
  569. }
  570.  
  571.  
  572. #Goodbye Message Function
  573. Function Goodbye {
  574. Write-Host "*******Decrapification complete.*******"
  575. Write-Host "*******Remember to set your execution policy back! Set-Executionpolicy restricted is the Windows 10 default.*******"
  576. Write-Host "*******Reboot your computer now!*******"
  577. }
  578.  
  579. #---End of functions---
  580.  
  581.  
  582. #Decrapify
  583. If ($NoLog) {
  584. }Else {
  585. Start-Transcript $ENV:SYSTEMDRIVE\WindowsDCtranscript.txt
  586. }
  587. Write-Host "******Decrapifying Windows 10...******"
  588. If ($AppsOnly) {
  589. RemoveApps
  590. ClearStartMenu
  591. Goodbye
  592. }Elseif ($SettingsOnly) {
  593. DisableTasks
  594. DisableServices
  595. RegChange
  596. ClearStartMenu
  597. Goodbye
  598. }Else {
  599. RemoveApps
  600. DisableTasks
  601. DisableServices
  602. RegChange
  603. ClearStartMenu
  604. Goodbye
  605. }
  606.  
  607. If ($NoLog) {
  608. }Else {
  609. Stop-Transcript
  610. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!