Windows Server 2022 Post Install

1. #
2. # Disable IE ESC
3. #
4.  
5. function Disable-InternetExplorerESC {
6.     $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
7.     $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
8.     Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 -Force
9.     Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 -Force
10.     Stop-Process -Name Explorer -Force
11.     Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
12. }
13. function Enable-InternetExplorerESC {
14.     $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
15.     $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
16.     Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1 -Force
17.     Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1 -Force
18.     Stop-Process -Name Explorer
19.     Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
20. }
21. function Disable-UserAccessControl {
22.     Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000 -Force
23.     Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green    
24. }
25. Disable-UserAccessControl
26. Disable-InternetExplorerESC
27.  
28. #
29. # Set Time Zone
30. #
31.  
32. Set-WinHomeLocation -GeoId 0xc
33. Set-WinSystemLocale -SystemLocale en-au
34. Set-Culture en-au
35. Set-TimeZone -Id 'AUS Eastern Standard Time'
36.  
37. #
38. # Hide Taskbar Search
39. #
40.  
41. Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search -Name SearchBoxTaskbarMode -Value 0 -Type DWord -Force
42.  
43. #
44. # Unpin Edge and MS Store
45. #
46.  
47. function Unpin-App([string]$appname) {
48.     ((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() |
49.         ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt()}
50. }
51.  
52. Unpin-App("Microsoft Edge")
53. Unpin-App("Microsoft Store")
54.  
55. #
56. # Disable Shutdown Reason Prompt
57. #
58.  
59. reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutDownReasonOn /t REG_DWORD /d 0 /f
60.  
61. #
62. # Explorer Settings
63. #
64.  
65. # Show File Extensions
66. function ShowFileExtensions()
67. {
68.     Push-Location
69.     Set-Location HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
70.     Set-ItemProperty . HideFileExt "0"
71.     Pop-Location
72.     Stop-Process -processName: Explorer -force # This will restart the Explorer service to make this work.
73. }
74. ShowFileExtensions
75.  
76. # Launch Explorer to This PC
77. $sipParams = @{
78.   Path  = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'
79.   Name  = 'LaunchTo'
80.   Value = 1 # Set the LaunchTo value for "This PC"
81. }
82. Set-ItemProperty @sipParams
83.  
84. # Disable Sharing Wizard
85. reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V "SharingWizardOn" /D 0 /F
86.  
87. #
88. # Disable Screen Timeout & Standby
89. #
90.  
91. powercfg -change -monitor-timeout-ac 0
92. powercfg -Change -standby-timeout-ac 0
93. powercfg -Change -standby-timeout-dc 0
94.  
95. #
96. # Disable Server Manager on Startup
97. #
98.  
99. Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask -Verbose
100.  
101. #
102. # Enable Remote Desktop
103. #
104.  
105. Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
106. Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
107.  
108. Add-LocalGroupMember -Group "Remote Desktop Users" -Member $env:UserName
109.  
110. #
111. # Disable Multitasking Preferences
112. #
113.  
114. # Disable "When I resize a snapped window, simultaneously resize any adjacent snapped window"
115. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /V "JointResize" /T REG_DWORD /D "0" /F
116.  
117. # Disable "When I snap a window, show what I can snap next to it":
118. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /V "SnapAssist" /T REG_DWORD /D "0" /F
119.  
120. # Disable "When I snap a window, automatically size it to fit available space":
121. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /V "SnapFill" /T REG_DWORD /D "0" /F
122.  
123. # Disable "Snap windows" toggle button:
124. #reg add "HKCU\Control Panel\Desktop" /V "WindowArrangementActive" /D "0" /F
125.  
126. # Alt +Tab not include edge
127. reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /f /v "MultiTaskingAltTabFilter" /t REG_DWORD /d 4
128.  
129. #
130. # Enable Ping
131. #
132.  
133. netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol="icmpv4:8,any" dir=in action=allow
134.  
135. #
136. # Disable Activity History
137. #
138.  
139. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /V "EnableActivityFeed" /T REG_DWORD /D "0" /F
140. reg add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System" /V "EnableActivityFeed" /T REG_DWORD /D "0" /F
141. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /V "PublishUserActivities" /T REG_DWORD /D "0" /F
142. reg add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System" /V "PublishUserActivities" /T REG_DWORD /D "0" /F
143. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /f /v "BingSearchEnabled" /t REG_DWORD /d 0
144. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /f /v "AllowSearchToUseLocation" /t REG_DWORD /d 0
145. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /f /v "CortanaConsent" /t REG_DWORD /d 0
146. reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /f /v "DisableSearchBoxSuggestions" /t REG_DWORD /d 0
147. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /f /v "Start_TrackDocs" /t REG_DWORD /d 0
148. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /f /v "NoRecentDocsHistory" /t REG_DWORD /d 1
149. reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /f /v "NoRecentDocsHistory" /t REG_DWORD /d 1
150. reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer" /f /v "HideRecentlyAddedApps" /t REG_DWORD /d 1
151. reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /f /v "HideRecentlyAddedApps" /t REG_DWORD /d 1
152. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Personalization\Settings" /f /v "AcceptedPrivacyPolicy" /t REG_DWORD /d 0
153. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\InputPersonalization" /f /v "RestrictImplicitTextCollection" /t REG_DWORD /d 1
154. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\InputPersonalization" /f /v "RestrictImplicitInkCollection" /t REG_DWORD /d 1
155. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /f /v "HarvestContacts" /t REG_DWORD /d 0
156. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /f /v "Enabled" /t REG_DWORD /d 0
157. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" /f /v "WiFiSenseCredShared" /t REG_DWORD /d 0
158. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" /f /v "WiFiSenseOpen" /t REG_DWORD /d 0
159. reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" /f /v "SafeSearchMode" /t REG_DWORD /d 0
160. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows" /f /v "AllowCloudSearch" /t REG_DWORD /d 0
161. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /f /v "IsMSACloudSearchEnabled" /t REG_DWORD /d 0
162. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /f /v "IsAADCloudSearchEnabled" /t REG_DWORD /d 0
163. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /f /v "IsDeviceSearchHistoryEnabled" /t REG_DWORD /d 0
164. reg add "HKEY_CURRENT_USER\Control Panel\International\User Profile" /f /v "HttpAcceptLanguageOptOut" /t REG_DWORD /d 1
165. reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI" /f /v "DisableMFUTracking" /t REG_DWORD /d 1
166. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EdgeUI" /f /v "DisableMFUTracking" /t REG_DWORD /d 1
167.  
168. #
169. # Disable UAC Prompts
170. #
171.  
172. Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0
173.  
174. # TODO
175.  
176. #
177. # W11/S2022 App Uninstall
178. #
179.  
180. #winget uninstall "Cortana"
181. #winget uninstall "Get Help"
182. #winget uninstall "OneDrive"
183. #winget uninstall "Microsoft People"
184. #winget uninstall "Xbox Game Bar Plugin"
185. #winget uninstall "Xbox Game Bar"
186. #winget uninstall "Xbox Identity Provider"
187. #winget uninstall "Xbox Game Speech Window"
188. #winget uninstall "Phone Link"
189.