daily pastebin goal
47%
SHARE
TWEET

Windows 10 Hardening

a guest Mar 18th, 2016 8,728 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##########
  2. # Win10 Initial Setup Script
  3. # Author: Disassembler <disassembler@dasm.cz>
  4. # Version: 1.4, 2016-01-16
  5. ##########
  6.  
  7. # Ask for elevated permissions if required
  8. If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
  9.     Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs
  10.     Exit
  11. }
  12.  
  13.  
  14.  
  15. ##########
  16. # Privacy Settings
  17. ##########
  18.  
  19. # Disable Telemetry
  20. Write-Host "Disabling Telemetry..."
  21. Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
  22.  
  23. # Enable Telemetry
  24. # Remove-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry"
  25.  
  26. # Disable Wi-Fi Sense
  27. Write-Host "Disabling Wi-Fi Sense..."
  28. If (!(Test-Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) {
  29.     New-Item -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null
  30. }
  31. Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0
  32. Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0
  33.  
  34. # Enable Wi-Fi Sense
  35. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 1
  36. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 1
  37.  
  38. # Disable SmartScreen Filter
  39. Write-Host "Disabling SmartScreen Filter..."
  40. Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "Off"
  41. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -Type DWord -Value 0
  42.  
  43. # Enable SmartScreen Filter
  44. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "RequireAdmin"
  45. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation"
  46.  
  47. # Disable Bing Search in Start Menu
  48. Write-Host "Disabling Bing Search in Start Menu..."
  49. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0
  50.  
  51. # Enable Bing Search in Start Menu
  52. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled"
  53.  
  54. # Disable Location Tracking
  55. Write-Host "Disabling Location Tracking..."
  56. Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0
  57. Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0
  58.  
  59. # Enable Location Tracking
  60. # Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 1
  61. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 1
  62.  
  63. # Disable Feedback
  64. Write-Host "Disabling Feedback..."
  65. If (!(Test-Path "HKCU:\Software\Microsoft\Siuf\Rules")) {
  66.     New-Item -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Force | Out-Null
  67. }
  68. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0
  69.  
  70. # Enable Feedback
  71. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod"
  72.  
  73. # Disable Advertising ID
  74. Write-Host "Disabling Advertising ID..."
  75. If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) {
  76.     New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null
  77. }
  78. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0
  79.  
  80. # Enable Advertising ID
  81. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled"
  82.  
  83. # Disable Cortana
  84. Write-Host "Disabling Cortana..."
  85. If (!(Test-Path "HKCU:\Software\Microsoft\Personalization\Settings")) {
  86.     New-Item -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Force | Out-Null
  87. }
  88. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0
  89. If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization")) {
  90.     New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization" -Force | Out-Null
  91. }
  92. Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1
  93. Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1
  94. If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) {
  95.     New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null
  96. }
  97. Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0
  98.  
  99. # Enable Cortana
  100. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy"
  101. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 0
  102. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 0
  103. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts"
  104.  
  105. # Restrict Windows Update P2P only to local network
  106. Write-Host "Restricting Windows Update P2P only to local network..."
  107. Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1
  108. If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) {
  109.     New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null
  110. }
  111. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3
  112.  
  113. # Unrestrict Windows Update P2P
  114. # Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode"
  115. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode"
  116.  
  117. # Remove AutoLogger file and restrict directory
  118. Write-Host "Removing AutoLogger file and restricting directory..."
  119. $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger"
  120. If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") {
  121.     Remove-Item "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl"
  122. }
  123. icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null
  124.  
  125. # Unrestrict AutoLogger directory
  126. # $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger"
  127. # icacls $autoLoggerDir /grant:r SYSTEM:`(OI`)`(CI`)F | Out-Null
  128.  
  129. # Stop and disable Diagnostics Tracking Service
  130. Write-Host "Stopping and disabling Diagnostics Tracking Service..."
  131. Stop-Service "DiagTrack"
  132. Set-Service "DiagTrack" -StartupType Disabled
  133.  
  134. # Enable and start Diagnostics Tracking Service
  135. # Set-Service "DiagTrack" -StartupType Automatic
  136. # Start-Service "DiagTrack"
  137.  
  138. # Stop and disable WAP Push Service
  139. Write-Host "Stopping and disabling WAP Push Service..."
  140. Stop-Service "dmwappushservice"
  141. Set-Service "dmwappushservice" -StartupType Disabled
  142.  
  143. # Enable and start WAP Push Service
  144. # Set-Service "dmwappushservice" -StartupType Automatic
  145. # Start-Service "dmwappushservice"
  146. # Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\dmwappushservice" -Name "DelayedAutoStart" -Type DWord -Value 1
  147.  
  148.  
  149.  
  150. ##########
  151. # Service Tweaks
  152. ##########
  153.  
  154. # Lower UAC level
  155. # Write-Host "Lowering UAC level..."
  156. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Type DWord -Value 0
  157. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Type DWord -Value 0
  158.  
  159. # Raise UAC level
  160. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Type DWord -Value 5
  161. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Type DWord -Value 1
  162.  
  163. # Enable sharing mapped drives between users
  164. # Write-Host "Enabling sharing mapped drives between users..."
  165. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLinkedConnections" -Type DWord -Value 1
  166.  
  167. # Disable sharing mapped drives between users
  168. # Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLinkedConnections"
  169.  
  170. # Disable Firewall
  171. # Write-Host "Disabling Firewall..."
  172. # Set-NetFirewallProfile -Profile * -Enabled False
  173.  
  174. # Enable Firewall
  175. # Set-NetFirewallProfile -Profile * -Enabled True
  176.  
  177. # Disable Windows Defender
  178. Write-Host "Disabling Windows Defender..."
  179. Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Type DWord -Value 1
  180.  
  181. # Enable Windows Defender
  182. # Remove-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware"
  183.  
  184. # Disable Windows Update automatic restart
  185. Write-Host "Disabling Windows Update automatic restart..."
  186. Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 1
  187.  
  188. # Enable Windows Update automatic restart
  189. # Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 0
  190.  
  191. # Stop and disable Home Groups services
  192. Write-Host "Stopping and disabling Home Groups services..."
  193. Stop-Service "HomeGroupListener"
  194. Set-Service "HomeGroupListener" -StartupType Disabled
  195. Stop-Service "HomeGroupProvider"
  196. Set-Service "HomeGroupProvider" -StartupType Disabled
  197.  
  198. # Enable and start Home Groups services
  199. # Set-Service "HomeGroupListener" -StartupType Manual
  200. # Set-Service "HomeGroupProvider" -StartupType Manual
  201. # Start-Service "HomeGroupProvider"
  202.  
  203. # Disable Remote Assistance
  204. # Write-Host "Disabling Remote Assistance..."
  205. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0
  206.  
  207. # Enable Remote Assistance
  208. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 1
  209.  
  210. # Enable Remote Desktop w/o Network Level Authentication
  211. # Write-Host "Enabling Remote Desktop w/o Network Level Authentication..."
  212. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
  213. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
  214.  
  215. # Disable Remote Desktop
  216. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 1
  217. # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 1
  218.  
  219.  
  220.  
  221. ##########
  222. # UI Tweaks
  223. ##########
  224.  
  225. # Disable Action Center
  226. # Write-Host "Disabling Action Center..."
  227. # If (!(Test-Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer")) {
  228. #   New-Item -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" | Out-Null
  229. # }
  230. # Set-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1
  231. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0
  232.  
  233. # Enable Action Center
  234. # Remove-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter"
  235. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled"
  236.  
  237. # Disable Lock screen
  238. # Write-Host "Disabling Lock screen..."
  239. # If (!(Test-Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization")) {
  240. #   New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" | Out-Null
  241. # }
  242. # Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" -Type DWord -Value 1
  243.  
  244. # Enable Lock screen
  245. # Remove-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen"
  246.  
  247. # Disable Autoplay
  248. # Write-Host "Disabling Autoplay..."
  249. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1
  250.  
  251. # Enable Autoplay
  252. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 0
  253.  
  254. # Disable Autorun for all drives
  255. # Write-Host "Disabling Autorun for all drives..."
  256. # If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) {
  257. #   New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null
  258. #}
  259. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255
  260.  
  261. # Enable Autorun
  262. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun"
  263.  
  264. # Disable Sticky keys prompt
  265. # Write-Host "Disabling Sticky keys prompt..."
  266. # Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506"
  267.  
  268. # Enable Sticky keys prompt
  269. # Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "510"
  270.  
  271. # Hide Search button / box
  272. Write-Host "Hiding Search Box / Button..."
  273. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0
  274.  
  275. # Show Search button / box
  276. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode"
  277.  
  278. # Hide Task View button
  279. Write-Host "Hiding Task View button..."
  280. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0
  281.  
  282. # Show Task View button
  283. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton"
  284.  
  285. # Show small icons in taskbar
  286. # Write-Host "Showing small icons in taskbar..."
  287. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1
  288.  
  289. # Show large icons in taskbar
  290. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons"
  291.  
  292. # Show titles in taskbar
  293. # Write-Host "Showing titles in taskbar..."
  294. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" -Type DWord -Value 1
  295.  
  296. # Hide titles in taskbar
  297. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel"
  298.  
  299. # Show all tray icons
  300. # Write-Host "Showing all tray icons..."
  301. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0
  302.  
  303. # Hide tray icons as needed
  304. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray"
  305.  
  306. # Show known file extensions
  307. Write-Host "Showing known file extensions..."
  308. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0
  309.  
  310. # Hide known file extensions
  311. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 1
  312.  
  313. # Show hidden files
  314. # Write-Host "Showing hidden files..."
  315. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1
  316.  
  317. # Hide hidden files
  318. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 2
  319.  
  320. # Change default Explorer view to "Computer"
  321. Write-Host "Changing default Explorer view to `"Computer`"..."
  322. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1
  323.  
  324. # Change default Explorer view to "Quick Access"
  325. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo"
  326.  
  327. # Show Computer shortcut on desktop
  328. # Write-Host "Showing Computer shortcut on desktop..."
  329. # If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) {
  330. #   New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" | Out-Null
  331. # }
  332. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0
  333. # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0
  334.  
  335. # Hide Computer shortcut from desktop
  336. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
  337. # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
  338.  
  339. # Remove Desktop icon from computer namespace
  340. # Write-Host "Removing Desktop icon from computer namespace..."
  341. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" -Recurse -ErrorAction SilentlyContinue
  342.  
  343. # Add Desktop icon to computer namespace
  344. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
  345.  
  346. # Remove Documents icon from computer namespace
  347. # Write-Host "Removing Documents icon from computer namespace..."
  348. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" -Recurse -ErrorAction SilentlyContinue
  349. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" -Recurse -ErrorAction SilentlyContinue
  350.  
  351. # Add Documents icon to computer namespace
  352. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}"
  353. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
  354.  
  355. # Remove Downloads icon from computer namespace
  356. # Write-Host "Removing Downloads icon from computer namespace..."
  357. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" -Recurse -ErrorAction SilentlyContinue
  358. # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" -Recurse -ErrorAction SilentlyContinue
  359.  
  360. # Add Downloads icon to computer namespace
  361. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}"
  362. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}"
  363.  
  364. # Remove Music icon from computer namespace
  365. Write-Host "Removing Music icon from computer namespace..."
  366. Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" -Recurse -ErrorAction SilentlyContinue
  367. Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" -Recurse -ErrorAction SilentlyContinue
  368.  
  369. # Add Music icon to computer namespace
  370. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
  371. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}"
  372.  
  373. # Remove Pictures icon from computer namespace
  374. #Write-Host "Removing Pictures icon from computer namespace..."
  375. #Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" -Recurse -ErrorAction SilentlyContinue
  376. #Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" -Recurse -ErrorAction SilentlyContinue
  377.  
  378. # Add Pictures icon to computer namespace
  379. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
  380. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}"
  381.  
  382. # Remove Videos icon from computer namespace
  383. Write-Host "Removing Videos icon from computer namespace..."
  384. Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" -Recurse -ErrorAction SilentlyContinue
  385. Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" -Recurse -ErrorAction SilentlyContinue
  386.  
  387. # Add Videos icon to computer namespace
  388. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
  389. # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}"
  390.  
  391. ## Add secondary en-US keyboard
  392. #Write-Host "Adding secondary en-US keyboard..."
  393. #$langs = Get-WinUserLanguageList
  394. #$langs.Add("en-US")
  395. #Set-WinUserLanguageList $langs -Force
  396.  
  397. # Remove secondary en-US keyboard
  398. # $langs = Get-WinUserLanguageList
  399. # Set-WinUserLanguageList ($langs | ? {$_.LanguageTag -ne "en-US"}) -Force
  400.  
  401.  
  402.  
  403. ##########
  404. # Remove unwanted applications
  405. ##########
  406.  
  407. # Disable OneDrive
  408. Write-Host "Disabling OneDrive..."
  409. If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive")) {
  410.     New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" | Out-Null
  411. }
  412. Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC" -Type DWord -Value 1
  413.  
  414. # Enable OneDrive
  415. # Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC"
  416.  
  417. # Uninstall OneDrive
  418. Write-Host "Uninstalling OneDrive..."
  419. Stop-Process -Name OneDrive -ErrorAction SilentlyContinue
  420. Start-Sleep -s 3
  421. $onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe"
  422. If (!(Test-Path $onedrive)) {
  423.     $onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe"
  424. }
  425. Start-Process $onedrive "/uninstall" -NoNewWindow -Wait
  426. Start-Sleep -s 3
  427. Stop-Process -Name explorer -ErrorAction SilentlyContinue
  428. Start-Sleep -s 3
  429. Remove-Item "$env:USERPROFILE\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
  430. Remove-Item "$env:LOCALAPPDATA\Microsoft\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
  431. Remove-Item "$env:PROGRAMDATA\Microsoft OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
  432. If (Test-Path "$env:SYSTEMDRIVE\OneDriveTemp") {
  433.     Remove-Item "$env:SYSTEMDRIVE\OneDriveTemp" -Force -Recurse -ErrorAction SilentlyContinue
  434. }
  435. If (!(Test-Path "HKCR:")) {
  436.     New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  437. }
  438. Remove-Item -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue
  439. Remove-Item -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue
  440.  
  441. # Install OneDrive
  442. # $onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe"
  443. # If (!(Test-Path $onedrive)) {
  444. #   $onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe"
  445. # }
  446. # Start-Process $onedrive -NoNewWindow
  447.  
  448. # Uninstall default Microsoft applications
  449. Write-Host "Uninstalling default Microsoft applications..."
  450. Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage
  451. Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage
  452. Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage
  453. Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage
  454. Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage
  455. Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage
  456. Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage
  457. Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage
  458. Get-AppxPackage "Microsoft.Office.OneNote" | Remove-AppxPackage
  459. Get-AppxPackage "Microsoft.People" | Remove-AppxPackage
  460. Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage
  461. Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage
  462. Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage
  463. Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage
  464. Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage
  465. Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage
  466. Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage
  467. Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage
  468. Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage
  469. Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage
  470. Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage
  471. Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage
  472. Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage
  473. Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage
  474. Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage
  475. Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage
  476. Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage
  477. Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage
  478.  
  479. # Install default Microsoft applications
  480. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.3DBuilder").InstallLocation)\AppXManifest.xml"
  481. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingFinance").InstallLocation)\AppXManifest.xml"
  482. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingNews").InstallLocation)\AppXManifest.xml"
  483. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingSports").InstallLocation)\AppXManifest.xml"
  484. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingWeather").InstallLocation)\AppXManifest.xml"
  485. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Getstarted").InstallLocation)\AppXManifest.xml"
  486. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.MicrosoftOfficeHub").InstallLocation)\AppXManifest.xml"
  487. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.MicrosoftSolitaireCollection").InstallLocation)\AppXManifest.xml"
  488. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Office.OneNote").InstallLocation)\AppXManifest.xml"
  489. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.People").InstallLocation)\AppXManifest.xml"
  490. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.SkypeApp").InstallLocation)\AppXManifest.xml"
  491. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Windows.Photos").InstallLocation)\AppXManifest.xml"
  492. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsAlarms").InstallLocation)\AppXManifest.xml"
  493. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsCamera").InstallLocation)\AppXManifest.xml"
  494. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.windowscommunicationsapps").InstallLocation)\AppXManifest.xml"
  495. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsMaps").InstallLocation)\AppXManifest.xml"
  496. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsPhone").InstallLocation)\AppXManifest.xml"
  497. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsSoundRecorder").InstallLocation)\AppXManifest.xml"
  498. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.XboxApp").InstallLocation)\AppXManifest.xml"
  499. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ZuneMusic").InstallLocation)\AppXManifest.xml"
  500. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ZuneVideo").InstallLocation)\AppXManifest.xml"
  501. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.AppConnector").InstallLocation)\AppXManifest.xml"
  502. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ConnectivityStore").InstallLocation)\AppXManifest.xml"
  503. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Office.Sway").InstallLocation)\AppXManifest.xml"
  504. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Messaging").InstallLocation)\AppXManifest.xml"
  505. # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.CommsPhone").InstallLocation)\AppXManifest.xml"
  506. # In case you have removed them for good, you can try to restore the files using installation medium as follows
  507. # New-Item C:\Mnt -Type Directory | Out-Null
  508. # dism /Mount-Image /ImageFile:D:\sources\install.wim /index:1 /ReadOnly /MountDir:C:\Mnt
  509. # robocopy /S /SEC /R:0 "C:\Mnt\Program Files\WindowsApps" "C:\Program Files\WindowsApps"
  510. # dism /Unmount-Image /Discard /MountDir:C:\Mnt
  511. # Remove-Item -Path C:\Mnt -Recurse
  512.  
  513. # Uninstall Windows Media Player
  514. Write-Host "Uninstalling Windows Media Player..."
  515. dism /online /Disable-Feature /FeatureName:MediaPlayback /Quiet /NoRestart
  516.  
  517. # Install Windows Media Player
  518. # dism /online /Enable-Feature /FeatureName:MediaPlayback /Quiet /NoRestart
  519.  
  520. # Uninstall Work Folders Client
  521. Write-Host "Uninstalling Work Folders Client..."
  522. dism /online /Disable-Feature /FeatureName:WorkFolders-Client /Quiet /NoRestart
  523.  
  524. # Install Work Folders Client
  525. # dism /online /Enable-Feature /FeatureName:WorkFolders-Client /Quiet /NoRestart
  526.  
  527. # Set Photo Viewer as default for bmp, gif, jpg and png
  528. Write-Host "Setting Photo Viewer as default for bmp, gif, jpg, png and tif..."
  529. If (!(Test-Path "HKCR:")) {
  530.     New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  531. }
  532. ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) {
  533.     New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null
  534.     New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null
  535.     Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043"
  536.     Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
  537. }
  538.  
  539. # Remove or reset default open action for bmp, gif, jpg and png
  540. # If (!(Test-Path "HKCR:")) {
  541. #   New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  542. # }
  543. # Remove-Item -Path "HKCR:\Paint.Picture\shell\open" -Recurse
  544. # Remove-ItemProperty -Path "HKCR:\giffile\shell\open" -Name "MuiVerb"
  545. # Set-ItemProperty -Path "HKCR:\giffile\shell\open" -Name "CommandId" -Type String -Value "IE.File"
  546. # Set-ItemProperty -Path "HKCR:\giffile\shell\open\command" -Name "(Default)" -Type String -Value "`"$env:SystemDrive\Program Files\Internet Explorer\iexplore.exe`" %1"
  547. # Set-ItemProperty -Path "HKCR:\giffile\shell\open\command" -Name "DelegateExecute" -Type String -Value "{17FE9752-0B5A-4665-84CD-569794602F5C}"
  548. # Remove-Item -Path "HKCR:\jpegfile\shell\open" -Recurse
  549. # Remove-Item -Path "HKCR:\pngfile\shell\open" -Recurse
  550.  
  551. # Show Photo Viewer in "Open with..."
  552. Write-Host "Showing Photo Viewer in `"Open with...`""
  553. If (!(Test-Path "HKCR:")) {
  554.     New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  555. }
  556. New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null
  557. New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null
  558. Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043"
  559. Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
  560. Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
  561.  
  562. # Remove Photo Viewer from "Open with..."
  563. # If (!(Test-Path "HKCR:")) {
  564. #   New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  565. # }
  566. # Remove-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Recurse
  567.  
  568.  
  569.  
  570. ##########
  571. # Restart
  572. ##########
  573. Write-Host
  574. Write-Host "Press any key to restart your system..." -ForegroundColor Black -BackgroundColor White
  575. $key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  576. Write-Host "Restarting..."
  577. Restart-Computer
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top