Guest User

Windows 10 Hardening

a guest
Mar 18th, 2016
11,185
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##########
  2. # Win10 Initial Setup Script
  3. # Author: Disassembler <disassembler@dasm.cz>
  4. # Version: 1.4, 2016-01-16
  5. ##########
  6.  
  7. # Ask for elevated permissions if required
  8. If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
  9.     Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs
  10.     Exit
  11. }
  12.  
  13.  
  14.  
  15. ##########
  16. # Privacy Settings
  17. ##########
  18.  
  19. # Disable Telemetry
  20. Write-Host "Disabling Telemetry..."
  21. Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
  22.  
  23. # Enable Telemetry
  24. # Remove-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry"
  25.  
  26. # Disable Wi-Fi Sense
  27. Write-Host "Disabling Wi-Fi Sense..."
  28. If (!(Test-Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) {
  29.     New-Item -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null
  30. }
  31. Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0
  32. Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0
  33.  
  34. # Enable Wi-Fi Sense
  35. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 1
  36. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 1
  37.  
  38. # Disable SmartScreen Filter
  39. Write-Host "Disabling SmartScreen Filter..."
  40. Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "Off"
  41. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -Type DWord -Value 0
  42.  
  43. # Enable SmartScreen Filter
  44. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "RequireAdmin"
  45. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation"
  46.  
  47. # Disable Bing Search in Start Menu
  48. Write-Host "Disabling Bing Search in Start Menu..."
  49. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0
  50.  
  51. # Enable Bing Search in Start Menu
  52. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled"
  53.  
  54. # Disable Location Tracking
  55. Write-Host "Disabling Location Tracking..."
  56. Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0
  57. Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0
  58.  
  59. # Enable Location Tracking
  60. # Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 1
  61. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 1
  62.  
  63. # Disable Feedback
  64. Write-Host "Disabling Feedback..."
  65. If (!(Test-Path "HKCU:\Software\Microsoft\Siuf\Rules")) {
  66.     New-Item -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Force | Out-Null
  67. }
  68. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0
  69.  
  70. # Enable Feedback
  71. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod"
  72.  
  73. # Disable Advertising ID
  74. Write-Host "Disabling Advertising ID..."
  75. If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) {
  76.     New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null
  77. }
  78. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0
  79.  
  80. # Enable Advertising ID
  81. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled"
  82.  
  83. # Disable Cortana
  84. Write-Host "Disabling Cortana..."
  85. If (!(Test-Path "HKCU:\Software\Microsoft\Personalization\Settings")) {
  86.     New-Item -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Force | Out-Null
  87. }
  88. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0
  89. If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization")) {
  90.     New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization" -Force | Out-Null
  91. }
  92. Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1
  93. Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1
  94. If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) {
  95.     New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null
  96. }
  97. Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0
  98.  
  99. # Enable Cortana
  100. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy"
  101. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 0
  102. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 0
  103. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts"
  104.  
  105. # Restrict Windows Update P2P only to local network
  106. Write-Host "Restricting Windows Update P2P only to local network..."
  107. Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1
  108. If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) {
  109.     New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null
  110. }
  111. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3
  112.  
  113. # Unrestrict Windows Update P2P
  114. # Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode"
  115. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode"
  116.  
  117. # Remove AutoLogger file and restrict directory
  118. Write-Host "Removing AutoLogger file and restricting directory..."
  119. $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger"
  120. If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") {
  121.     Remove-Item "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl"
  122. }
  123. icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null
  124.  
  125. # Unrestrict AutoLogger directory
  126. # $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger"
  127. # icacls $autoLoggerDir /grant:r SYSTEM:`(OI`)`(CI`)F | Out-Null
  128.  
  129. # Stop and disable Diagnostics Tracking Service
  130. Write-Host "Stopping and disabling Diagnostics Tracking Service..."
  131. Stop-Service "DiagTrack"
  132. Set-Service "DiagTrack" -StartupType Disabled
  133.  
  134. # Enable and start Diagnostics Tracking Service
  135. # Set-Service "DiagTrack" -StartupType Automatic
  136. # Start-Service "DiagTrack"
  137.  
  138. # Stop and disable WAP Push Service
  139. Write-Host "Stopping and disabling WAP Push Service..."
  140. Stop-Service "dmwappushservice"
  141. Set-Service "dmwappushservice" -StartupType Disabled
  142.  
  143. # Enable and start WAP Push Service
  144. # Set-Service "dmwappushservice" -StartupType Automatic
  145. # Start-Service "dmwappushservice"
  146. # Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\dmwappushservice" -Name "DelayedAutoStart" -Type DWord -Value 1
  147.  
  148.  
  149.  
  150. ##########
  151. # Service Tweaks
  152. ##########
  153.  
  154. # Lower UAC level
  155. # Write-Host "Lowering UAC level..."
  156. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Type DWord -Value 0
  157. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Type DWord -Value 0
  158.  
  159. # Raise UAC level
  160. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Type DWord -Value 5
  161. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Type DWord -Value 1
  162.  
  163. # Enable sharing mapped drives between users
  164. # Write-Host "Enabling sharing mapped drives between users..."
  165. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLinkedConnections" -Type DWord -Value 1
  166.  
  167. # Disable sharing mapped drives between users
  168. # Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLinkedConnections"
  169.  
  170. # Disable Firewall
  171. # Write-Host "Disabling Firewall..."
  172. # Set-NetFirewallProfile -Profile * -Enabled False
  173.  
  174. # Enable Firewall
  175. # Set-NetFirewallProfile -Profile * -Enabled True
  176.  
  177. # Disable Windows Defender
  178. Write-Host "Disabling Windows Defender..."
  179. Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Type DWord -Value 1
  180.  
  181. # Enable Windows Defender
  182. # Remove-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware"
  183.  
  184. # Disable Windows Update automatic restart
  185. Write-Host "Disabling Windows Update automatic restart..."
  186. Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 1
  187.  
  188. # Enable Windows Update automatic restart
  189. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 0
  190.  
  191. # Stop and disable Home Groups services
  192. Write-Host "Stopping and disabling Home Groups services..."
  193. Stop-Service "HomeGroupListener"
  194. Set-Service "HomeGroupListener" -StartupType Disabled
  195. Stop-Service "HomeGroupProvider"
  196. Set-Service "HomeGroupProvider" -StartupType Disabled
  197.  
  198. # Enable and start Home Groups services
  199. # Set-Service "HomeGroupListener" -StartupType Manual
  200. # Set-Service "HomeGroupProvider" -StartupType Manual
  201. # Start-Service "HomeGroupProvider"
  202.  
  203. # Disable Remote Assistance
  204. # Write-Host "Disabling Remote Assistance..."
  205. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0
  206.  
  207. # Enable Remote Assistance
  208. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 1
  209.  
  210. # Enable Remote Desktop w/o Network Level Authentication
  211. # Write-Host "Enabling Remote Desktop w/o Network Level Authentication..."
  212. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
  213. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
  214.  
  215. # Disable Remote Desktop
  216. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 1
  217. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 1
  218.  
  219.  
  220.  
  221. ##########
  222. # UI Tweaks
  223. ##########
  224.  
  225. # Disable Action Center
  226. # Write-Host "Disabling Action Center..."
  227. # If (!(Test-Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer")) {
  228. #   New-Item -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" | Out-Null
  229. # }
  230. # Set-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1
  231. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0
  232.  
  233. # Enable Action Center
  234. # Remove-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter"
  235. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled"
  236.  
  237. # Disable Lock screen
  238. # Write-Host "Disabling Lock screen..."
  239. # If (!(Test-Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization")) {
  240. #   New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" | Out-Null
  241. # }
  242. # Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" -Type DWord -Value 1
  243.  
  244. # Enable Lock screen
  245. # Remove-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen"
  246.  
  247. # Disable Autoplay
  248. # Write-Host "Disabling Autoplay..."
  249. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1
  250.  
  251. # Enable Autoplay
  252. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 0
  253.  
  254. # Disable Autorun for all drives
  255. # Write-Host "Disabling Autorun for all drives..."
  256. # If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) {
  257. #   New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null
  258. #}
  259. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255
  260.  
  261. # Enable Autorun
  262. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun"
  263.  
  264. # Disable Sticky keys prompt
  265. # Write-Host "Disabling Sticky keys prompt..."
  266. # Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506"
  267.  
  268. # Enable Sticky keys prompt
  269. # Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "510"
  270.  
  271. # Hide Search button / box
  272. Write-Host "Hiding Search Box / Button..."
  273. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0
  274.  
  275. # Show Search button / box
  276. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode"
  277.  
  278. # Hide Task View button
  279. Write-Host "Hiding Task View button..."
  280. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0
  281.  
  282. # Show Task View button
  283. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton"
  284.  
  285. # Show small icons in taskbar
  286. # Write-Host "Showing small icons in taskbar..."
  287. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1
  288.  
  289. # Show large icons in taskbar
  290. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons"
  291.  
  292. # Show titles in taskbar
  293. # Write-Host "Showing titles in taskbar..."
  294. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" -Type DWord -Value 1
  295.  
  296. # Hide titles in taskbar
  297. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel"
  298.  
  299. # Show all tray icons
  300. # Write-Host "Showing all tray icons..."
  301. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0
  302.  
  303. # Hide tray icons as needed
  304. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray"
  305.  
  306. # Show known file extensions
  307. Write-Host "Showing known file extensions..."
  308. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0
  309.  
  310. # Hide known file extensions
  311. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 1
  312.  
  313. # Show hidden files
  314. # Write-Host "Showing hidden files..."
  315. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1
  316.  
  317. # Hide hidden files
  318. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 2
  319.  
  320. # Change default Explorer view to "Computer"
  321. Write-Host "Changing default Explorer view to `"Computer`"..."
  322. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1
  323.  
  324. # Change default Explorer view to "Quick Access"
  325. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo"
  326.  
  327. # Show Computer shortcut on desktop
  328. # Write-Host "Showing Computer shortcut on desktop..."
  329. # If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) {
  330. #   New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" | Out-Null
  331. # }
  332. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0
  333. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0
  334.  
  335. # Hide Computer shortcut from desktop
  336. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
  337. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
  338.  
  339. # Remove Desktop icon from computer namespace
  340. # Write-Host "Removing Desktop icon from computer namespace..."
  341. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" -Recurse -ErrorAction SilentlyContinue
  342.  
  343. # Add Desktop icon to computer namespace
  344. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
  345.  
  346. # Remove Documents icon from computer namespace
  347. # Write-Host "Removing Documents icon from computer namespace..."
  348. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" -Recurse -ErrorAction SilentlyContinue
  349. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" -Recurse -ErrorAction SilentlyContinue
  350.  
  351. # Add Documents icon to computer namespace
  352. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}"
  353. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
  354.  
  355. # Remove Downloads icon from computer namespace
  356. # Write-Host "Removing Downloads icon from computer namespace..."
  357. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" -Recurse -ErrorAction SilentlyContinue
  358. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" -Recurse -ErrorAction SilentlyContinue
  359.  
  360. # Add Downloads icon to computer namespace
  361. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}"
  362. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}"
  363.  
  364. # Remove Music icon from computer namespace
  365. Write-Host "Removing Music icon from computer namespace..."
  366. Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" -Recurse -ErrorAction SilentlyContinue
  367. Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" -Recurse -ErrorAction SilentlyContinue
  368.  
  369. # Add Music icon to computer namespace
  370. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
  371. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}"
  372.  
  373. # Remove Pictures icon from computer namespace
  374. #Write-Host "Removing Pictures icon from computer namespace..."
  375. #Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" -Recurse -ErrorAction SilentlyContinue
  376. #Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" -Recurse -ErrorAction SilentlyContinue
  377.  
  378. # Add Pictures icon to computer namespace
  379. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
  380. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}"
  381.  
  382. # Remove Videos icon from computer namespace
  383. Write-Host "Removing Videos icon from computer namespace..."
  384. Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" -Recurse -ErrorAction SilentlyContinue
  385. Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" -Recurse -ErrorAction SilentlyContinue
  386.  
  387. # Add Videos icon to computer namespace
  388. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
  389. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}"
  390.  
  391. ## Add secondary en-US keyboard
  392. #Write-Host "Adding secondary en-US keyboard..."
  393. #$langs = Get-WinUserLanguageList
  394. #$langs.Add("en-US")
  395. #Set-WinUserLanguageList $langs -Force
  396.  
  397. # Remove secondary en-US keyboard
  398. # $langs = Get-WinUserLanguageList
  399. # Set-WinUserLanguageList ($langs | ? {$_.LanguageTag -ne "en-US"}) -Force
  400.  
  401.  
  402.  
  403. ##########
  404. # Remove unwanted applications
  405. ##########
  406.  
  407. # Disable OneDrive
  408. Write-Host "Disabling OneDrive..."
  409. If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive")) {
  410.     New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" | Out-Null
  411. }
  412. Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC" -Type DWord -Value 1
  413.  
  414. # Enable OneDrive
  415. # Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC"
  416.  
  417. # Uninstall OneDrive
  418. Write-Host "Uninstalling OneDrive..."
  419. Stop-Process -Name OneDrive -ErrorAction SilentlyContinue
  420. Start-Sleep -s 3
  421. $onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe"
  422. If (!(Test-Path $onedrive)) {
  423.     $onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe"
  424. }
  425. Start-Process $onedrive "/uninstall" -NoNewWindow -Wait
  426. Start-Sleep -s 3
  427. Stop-Process -Name explorer -ErrorAction SilentlyContinue
  428. Start-Sleep -s 3
  429. Remove-Item "$env:USERPROFILE\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
  430. Remove-Item "$env:LOCALAPPDATA\Microsoft\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
  431. Remove-Item "$env:PROGRAMDATA\Microsoft OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
  432. If (Test-Path "$env:SYSTEMDRIVE\OneDriveTemp") {
  433.     Remove-Item "$env:SYSTEMDRIVE\OneDriveTemp" -Force -Recurse -ErrorAction SilentlyContinue
  434. }
  435. If (!(Test-Path "HKCR:")) {
  436.     New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  437. }
  438. Remove-Item -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue
  439. Remove-Item -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue
  440.  
  441. # Install OneDrive
  442. # $onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe"
  443. # If (!(Test-Path $onedrive)) {
  444. #   $onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe"
  445. # }
  446. # Start-Process $onedrive -NoNewWindow
  447.  
  448. # Uninstall default Microsoft applications
  449. Write-Host "Uninstalling default Microsoft applications..."
  450. Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage
  451. Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage
  452. Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage
  453. Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage
  454. Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage
  455. Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage
  456. Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage
  457. Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage
  458. Get-AppxPackage "Microsoft.Office.OneNote" | Remove-AppxPackage
  459. Get-AppxPackage "Microsoft.People" | Remove-AppxPackage
  460. Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage
  461. Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage
  462. Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage
  463. Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage
  464. Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage
  465. Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage
  466. Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage
  467. Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage
  468. Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage
  469. Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage
  470. Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage
  471. Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage
  472. Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage
  473. Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage
  474. Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage
  475. Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage
  476. Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage
  477. Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage
  478.  
  479. # Install default Microsoft applications
  480. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.3DBuilder").InstallLocation)\AppXManifest.xml"
  481. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingFinance").InstallLocation)\AppXManifest.xml"
  482. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingNews").InstallLocation)\AppXManifest.xml"
  483. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingSports").InstallLocation)\AppXManifest.xml"
  484. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingWeather").InstallLocation)\AppXManifest.xml"
  485. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Getstarted").InstallLocation)\AppXManifest.xml"
  486. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.MicrosoftOfficeHub").InstallLocation)\AppXManifest.xml"
  487. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.MicrosoftSolitaireCollection").InstallLocation)\AppXManifest.xml"
  488. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Office.OneNote").InstallLocation)\AppXManifest.xml"
  489. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.People").InstallLocation)\AppXManifest.xml"
  490. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.SkypeApp").InstallLocation)\AppXManifest.xml"
  491. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Windows.Photos").InstallLocation)\AppXManifest.xml"
  492. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsAlarms").InstallLocation)\AppXManifest.xml"
  493. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsCamera").InstallLocation)\AppXManifest.xml"
  494. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.windowscommunicationsapps").InstallLocation)\AppXManifest.xml"
  495. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsMaps").InstallLocation)\AppXManifest.xml"
  496. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsPhone").InstallLocation)\AppXManifest.xml"
  497. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsSoundRecorder").InstallLocation)\AppXManifest.xml"
  498. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.XboxApp").InstallLocation)\AppXManifest.xml"
  499. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ZuneMusic").InstallLocation)\AppXManifest.xml"
  500. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ZuneVideo").InstallLocation)\AppXManifest.xml"
  501. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.AppConnector").InstallLocation)\AppXManifest.xml"
  502. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ConnectivityStore").InstallLocation)\AppXManifest.xml"
  503. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Office.Sway").InstallLocation)\AppXManifest.xml"
  504. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Messaging").InstallLocation)\AppXManifest.xml"
  505. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.CommsPhone").InstallLocation)\AppXManifest.xml"
  506. # In case you have removed them for good, you can try to restore the files using installation medium as follows
  507. # New-Item C:\Mnt -Type Directory | Out-Null
  508. # dism /Mount-Image /ImageFile:D:\sources\install.wim /index:1 /ReadOnly /MountDir:C:\Mnt
  509. # robocopy /S /SEC /R:0 "C:\Mnt\Program Files\WindowsApps" "C:\Program Files\WindowsApps"
  510. # dism /Unmount-Image /Discard /MountDir:C:\Mnt
  511. # Remove-Item -Path C:\Mnt -Recurse
  512.  
  513. # Uninstall Windows Media Player
  514. Write-Host "Uninstalling Windows Media Player..."
  515. dism /online /Disable-Feature /FeatureName:MediaPlayback /Quiet /NoRestart
  516.  
  517. # Install Windows Media Player
  518. # dism /online /Enable-Feature /FeatureName:MediaPlayback /Quiet /NoRestart
  519.  
  520. # Uninstall Work Folders Client
  521. Write-Host "Uninstalling Work Folders Client..."
  522. dism /online /Disable-Feature /FeatureName:WorkFolders-Client /Quiet /NoRestart
  523.  
  524. # Install Work Folders Client
  525. # dism /online /Enable-Feature /FeatureName:WorkFolders-Client /Quiet /NoRestart
  526.  
  527. # Set Photo Viewer as default for bmp, gif, jpg and png
  528. Write-Host "Setting Photo Viewer as default for bmp, gif, jpg, png and tif..."
  529. If (!(Test-Path "HKCR:")) {
  530.     New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  531. }
  532. ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) {
  533.     New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null
  534.     New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null
  535.     Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043"
  536.     Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
  537. }
  538.  
  539. # Remove or reset default open action for bmp, gif, jpg and png
  540. # If (!(Test-Path "HKCR:")) {
  541. #   New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  542. # }
  543. # Remove-Item -Path "HKCR:\Paint.Picture\shell\open" -Recurse
  544. # Remove-ItemProperty -Path "HKCR:\giffile\shell\open" -Name "MuiVerb"
  545. # Set-ItemProperty -Path "HKCR:\giffile\shell\open" -Name "CommandId" -Type String -Value "IE.File"
  546. # Set-ItemProperty -Path "HKCR:\giffile\shell\open\command" -Name "(Default)" -Type String -Value "`"$env:SystemDrive\Program Files\Internet Explorer\iexplore.exe`" %1"
  547. # Set-ItemProperty -Path "HKCR:\giffile\shell\open\command" -Name "DelegateExecute" -Type String -Value "{17FE9752-0B5A-4665-84CD-569794602F5C}"
  548. # Remove-Item -Path "HKCR:\jpegfile\shell\open" -Recurse
  549. # Remove-Item -Path "HKCR:\pngfile\shell\open" -Recurse
  550.  
  551. # Show Photo Viewer in "Open with..."
  552. Write-Host "Showing Photo Viewer in `"Open with...`""
  553. If (!(Test-Path "HKCR:")) {
  554.     New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  555. }
  556. New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null
  557. New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null
  558. Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043"
  559. Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
  560. Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
  561.  
  562. # Remove Photo Viewer from "Open with..."
  563. # If (!(Test-Path "HKCR:")) {
  564. #   New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  565. # }
  566. # Remove-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Recurse
  567.  
  568.  
  569.  
  570. ##########
  571. # Restart
  572. ##########
  573. Write-Host
  574. Write-Host "Press any key to restart your system..." -ForegroundColor Black -BackgroundColor White
  575. $key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  576. Write-Host "Restarting..."
  577. Restart-Computer
RAW Paste Data