Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @echo off
- :: https://privacy.sexy — v0.9.1 — Fri, 05 Feb 2021 21:05:49 GMT
- :: Ensure admin privileges
- fltmc >nul 2>&1 || (
- echo Administrator privileges are required.
- PowerShell Start -Verb RunAs '%0' 2> nul || (
- echo Right-click on the script and select "Run as administrator".
- pause & exit 1
- )
- exit 0
- )
- :: ----------------------------------------------------------
- :: ------------Delete controversial default0 user------------
- :: ----------------------------------------------------------
- echo --- Delete controversial default0 user
- net user defaultuser0 /delete 2>nul
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Enable Reset Base in Dism Component Store---------
- :: ----------------------------------------------------------
- echo --- Enable Reset Base in Dism Component Store
- reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration" /v "DisableResetbase" /t "REG_DWORD" /d "0" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable cloud speech recognition-------------
- :: ----------------------------------------------------------
- echo --- Disable cloud speech recognition
- reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t "REG_DWORD" /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------Opt out from Windows privacy consent-----------
- :: ----------------------------------------------------------
- echo --- Opt out from Windows privacy consent
- reg add "HKCU\SOFTWARE\Microsoft\Personalization\Settings" /v "AcceptedPrivacyPolicy" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------Disable Windows feedback-----------------
- :: ----------------------------------------------------------
- echo --- Disable Windows feedback
- reg add "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f
- reg delete "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /f
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "DoNotShowFeedbackNotifications" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------Disable text and handwriting collection----------
- :: ----------------------------------------------------------
- echo --- Disable text and handwriting collection
- reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d 1 /f
- reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d 1 /f
- reg add "HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t REG_DWORD /d 1 /f
- reg add "HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t REG_DWORD /d 1 /f
- reg add "HKCU\Software\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /v "HarvestContacts" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------------Disable Wi-Fi sense--------------------
- :: ----------------------------------------------------------
- echo --- Disable Wi-Fi sense
- reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" /v "value" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" /v "value" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" /v "AutoConnectAllowedOEM" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------Disable Inventory Collector----------------
- :: ----------------------------------------------------------
- echo --- Disable Inventory Collector
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableInventory" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------Disable Website Access of Language List----------
- :: ----------------------------------------------------------
- echo --- Disable Website Access of Language List
- reg add "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Disable Auto Downloading Maps---------------
- :: ----------------------------------------------------------
- echo --- Disable Auto Downloading Maps
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps" /v "AllowUntriggeredNetworkTrafficOnSettingsPage" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps" /v "AutoDownloadAndUpdateMapData" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------------Disable steps recorder------------------
- :: ----------------------------------------------------------
- echo --- Disable steps recorder
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableUAR" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Disable feedback on write (sending typing info)------
- :: ----------------------------------------------------------
- echo --- Disable feedback on write (sending typing info)
- reg add "HKLM\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------------Disable Activity Feed-------------------
- :: ----------------------------------------------------------
- echo --- Disable Activity Feed
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableActivityFeed" /d "0" /t REG_DWORD /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----Disable Customer Experience Improvement (CEIP/SQM)----
- :: ----------------------------------------------------------
- echo --- Disable Customer Experience Improvement (CEIP/SQM)
- reg add "HKLM\Software\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "0" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Disable Application Impact Telemetry (AIT)--------
- :: ----------------------------------------------------------
- echo --- Disable Application Impact Telemetry (AIT)
- reg add "HKLM\Software\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d "0" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Disable diagnostics telemetry---------------
- :: ----------------------------------------------------------
- echo --- Disable diagnostics telemetry
- reg add "HKLM\SYSTEM\ControlSet001\Services\DiagTrack" /v "Start" /t REG_DWORD /d 4 /f
- reg add "HKLM\SYSTEM\ControlSet001\Services\dmwappushsvc" /v "Start" /t REG_DWORD /d 4 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice" /v "Start" /t REG_DWORD /d 4 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.service" /v "Start" /t REG_DWORD /d 4 /f
- sc stop "DiagTrack" & sc config "DiagTrack" start=disabled
- sc stop "dmwappushservice" & sc config "dmwappushservice" start=disabled
- sc stop "diagnosticshub.standardcollector.service" & sc config "diagnosticshub.standardcollector.service" start=disabled
- sc stop "diagsvc" & sc config "diagsvc" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Disable Customer Experience Improvement Program------
- :: ----------------------------------------------------------
- echo --- Disable Customer Experience Improvement Program
- schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /DISABLE
- schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /DISABLE
- schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /DISABLE
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Disable Webcam Telemetry (devicecensus.exe)--------
- :: ----------------------------------------------------------
- echo --- Disable Webcam Telemetry (devicecensus.exe)
- schtasks /change /TN "Microsoft\Windows\Device Information\Device" /DISABLE
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -Disable Application Experience (Compatibility Telemetry)-
- :: ----------------------------------------------------------
- echo --- Disable Application Experience (Compatibility Telemetry)
- schtasks /change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /DISABLE
- schtasks /change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /DISABLE
- schtasks /change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /DISABLE
- schtasks /change /TN "Microsoft\Windows\Application Experience\AitAgent" /DISABLE
- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe" /v "Debugger" /t REG_SZ /d "%windir%\System32\taskkill.exe" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Disable telemetry in data collection policy--------
- :: ----------------------------------------------------------
- echo --- Disable telemetry in data collection policy
- reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /d 0 /t REG_DWORD /f
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "LimitEnhancedDiagnosticDataWindowsAnalytics" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Disable license telemetry-----------------
- :: ----------------------------------------------------------
- echo --- Disable license telemetry
- reg add "HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "NoGenTicket" /t "REG_DWORD" /d "1" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------Disable error reporting------------------
- :: ----------------------------------------------------------
- echo --- Disable error reporting
- :: Disable Windows Error Reporting (WER)
- reg add "HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f
- reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t "REG_DWORD" /d "1" /f
- :: DefaultConsent / 1 - Always ask (default) / 2 - Parameters only / 3 - Parameters and safe data / 4 - All data
- reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultConsent" /t REG_DWORD /d "0" /f
- reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultOverrideBehavior" /t REG_DWORD /d "1" /f
- :: Disable WER sending second-level data
- reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t REG_DWORD /d "1" /f
- :: Disable WER crash dialogs, popups
- reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t REG_DWORD /d "1" /f
- schtasks /Change /TN "Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" /Disable
- schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable
- :: Disable Windows Error Reporting Service
- sc stop "WerSvc" & sc config "WerSvc" start=disabled
- sc stop "wercplsupport" & sc config "wercplsupport" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Disable ad customization with Advertising ID-------
- :: ----------------------------------------------------------
- echo --- Disable ad customization with Advertising ID
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------------Disable targeted tips-------------------
- :: ----------------------------------------------------------
- echo --- Disable targeted tips
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableSoftLanding" /t REG_DWORD /d 1 /f
- reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightFeatures" /t "REG_DWORD" /d "1" /f
- reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t "REG_DWORD" /d "1" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Turn Off Suggested Content in Settings app--------
- :: ----------------------------------------------------------
- echo --- Turn Off Suggested Content in Settings app
- reg add HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v "SubscribedContent-338393Enabled" /d "0" /t REG_DWORD /f
- reg add HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v "SubscribedContent-353694Enabled" /d "0" /t REG_DWORD /f
- reg add HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v "SubscribedContent-353696Enabled" /d "0" /t REG_DWORD /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable Windows Insider Service--------------
- :: ----------------------------------------------------------
- echo --- Disable Windows Insider Service
- sc stop "wisvc" & sc config "wisvc" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Do not let Microsoft try features on this build------
- :: ----------------------------------------------------------
- echo --- Do not let Microsoft try features on this build
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableExperimentation" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableConfigFlighting" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation" /v "value" /t "REG_DWORD" /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Disable getting preview builds of Windows---------
- :: ----------------------------------------------------------
- echo --- Disable getting preview builds of Windows
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "AllowBuildPreview" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Disable NET Core CLI telemetry--------------
- :: ----------------------------------------------------------
- echo --- Disable NET Core CLI telemetry
- setx DOTNET_CLI_TELEMETRY_OPTOUT 1
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable PowerShell 7+ telemetry--------------
- :: ----------------------------------------------------------
- echo --- Disable PowerShell 7+ telemetry
- setx POWERSHELL_TELEMETRY_OPTOUT 1
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable visual studio telemetry--------------
- :: ----------------------------------------------------------
- echo --- Disable visual studio telemetry
- reg add "HKCU\Software\Microsoft\VisualStudio\Telemetry" /v "TurnOffSwitch" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Disable Visual Studio feedback--------------
- :: ----------------------------------------------------------
- echo --- Disable Visual Studio feedback
- reg add "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v "DisableFeedbackDialog" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v "DisableEmailInput" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v "DisableScreenshotCapture" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: Stop and disable Visual Studio Standard Collector Service-
- :: ----------------------------------------------------------
- echo --- Stop and disable Visual Studio Standard Collector Service
- sc stop "VSStandardCollectorService150" & sc config "VSStandardCollectorService150" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------------Disable SQM OS key--------------------
- :: ----------------------------------------------------------
- echo --- Disable SQM OS key
- if %PROCESSOR_ARCHITECTURE%==x86 ( REM is 32 bit?
- reg add "HKLM\SOFTWARE\Microsoft\VSCommon\14.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Microsoft\VSCommon\15.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Microsoft\VSCommon\16.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f
- ) else (
- reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\14.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\16.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f
- )
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------Disable SQM group policy-----------------
- :: ----------------------------------------------------------
- echo --- Disable SQM group policy
- reg add "HKLM\Software\Policies\Microsoft\VisualStudio\SQM" /v "OptIn" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Do not send Watson events-----------------
- :: ----------------------------------------------------------
- echo --- Do not send Watson events
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericReports" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: Disable Malicious Software Reporting tool diagnostic data-
- :: ----------------------------------------------------------
- echo --- Disable Malicious Software Reporting tool diagnostic data
- reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: Disable local setting override for reporting to Microsoft MAPS
- echo --- Disable local setting override for reporting to Microsoft MAPS
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Turn off Windows Defender SpyNet reporting--------
- :: ----------------------------------------------------------
- echo --- Turn off Windows Defender SpyNet reporting
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------Do not send file samples for further analysis-------
- :: ----------------------------------------------------------
- echo --- Do not send file samples for further analysis
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d 2 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Uninstall NVIDIA telemetry tasks-------------
- :: ----------------------------------------------------------
- echo --- Uninstall NVIDIA telemetry tasks
- if exist "%ProgramFiles%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL" (
- rundll32 "%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage NvTelemetryContainer
- rundll32 "%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage NvTelemetry
- )
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------Delete NVIDIA residual telemetry files----------
- :: ----------------------------------------------------------
- echo --- Delete NVIDIA residual telemetry files
- del /s %SystemRoot%\System32\DriverStore\FileRepository\NvTelemetry*.dll
- rmdir /s /q "%ProgramFiles(x86)%\NVIDIA Corporation\NvTelemetry" 2>nul
- rmdir /s /q "%ProgramFiles%\NVIDIA Corporation\NvTelemetry" 2>nul
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Opt out from NVIDIA telemetry---------------
- :: ----------------------------------------------------------
- echo --- Opt out from NVIDIA telemetry
- reg add "HKLM\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client" /v "OptInOrOutPreference" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS" /v "EnableRID44231" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS" /v "EnableRID64640" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS" /v "EnableRID66610" /t REG_DWORD /d 0 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\Startup" /v "SendTelemetryData" /t REG_DWORD /d 0 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\services\NvTelemetryContainer" /v "Start" /t REG_DWORD /d 4 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Disable NVIDIA telemetry services-------------
- :: ----------------------------------------------------------
- echo --- Disable NVIDIA telemetry services
- schtasks /change /TN NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /DISABLE
- schtasks /change /TN NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /DISABLE
- schtasks /change /TN NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /DISABLE
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------Disable Visual Studio Code telemetry-----------
- :: ----------------------------------------------------------
- echo --- Disable Visual Studio Code telemetry
- Powershell -Command "$jsonfile = \"$env:APPDATA\Code\User\settings.json\"; $json = Get-Content $jsonfile | Out-String | ConvertFrom-Json; $json | Add-Member -Type NoteProperty -Name 'telemetry.enableTelemetry' -Value $false -Force; $json | ConvertTo-Json | Set-Content $jsonfile;"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Disable Visual Studio Code crash reporting--------
- :: ----------------------------------------------------------
- echo --- Disable Visual Studio Code crash reporting
- Powershell -Command "$jsonfile = \"$env:APPDATA\Code\User\settings.json\"; $json = Get-Content $jsonfile | Out-String | ConvertFrom-Json; $json | Add-Member -Type NoteProperty -Name 'telemetry.enableCrashReporter' -Value $false -Force; $json | ConvertTo-Json | Set-Content $jsonfile;"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------Do not run Microsoft online experiments----------
- :: ----------------------------------------------------------
- echo --- Do not run Microsoft online experiments
- Powershell -Command "$jsonfile = \"$env:APPDATA\Code\User\settings.json\"; $json = Get-Content $jsonfile | Out-String | ConvertFrom-Json; $json | Add-Member -Type NoteProperty -Name 'workbench.enableExperiments' -Value $false -Force; $json | ConvertTo-Json | Set-Content $jsonfile;"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable Microsoft Office logging-------------
- :: ----------------------------------------------------------
- echo --- Disable Microsoft Office logging
- reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableUpload" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableUpload" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------Disable client telemetry-----------------
- :: ----------------------------------------------------------
- echo --- Disable client telemetry
- reg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 1 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 1 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------Customer Experience Improvement Program----------
- :: ----------------------------------------------------------
- echo --- Customer Experience Improvement Program
- reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common" /v "QMEnable" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common" /v "QMEnable" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------------Disable feedback---------------------
- :: ----------------------------------------------------------
- echo --- Disable feedback
- reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------Disable telemetry agent------------------
- :: ----------------------------------------------------------
- echo --- Disable telemetry agent
- schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack" /DISABLE
- schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /DISABLE
- schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn" /DISABLE
- schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /DISABLE
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Disable live tile data collection-------------
- :: ----------------------------------------------------------
- echo --- Disable live tile data collection
- reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main" /v "PreventLiveTileDataCollection" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------------Disable MFU tracking-------------------
- :: ----------------------------------------------------------
- echo --- Disable MFU tracking
- reg add "HKCU\Software\Policies\Microsoft\Windows\EdgeUI" /v "DisableMFUTracking" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------------Disable recent apps--------------------
- :: ----------------------------------------------------------
- echo --- Disable recent apps
- reg add "HKCU\Software\Policies\Microsoft\Windows\EdgeUI" /v "DisableRecentApps" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------------Turn off backtracking-------------------
- :: ----------------------------------------------------------
- echo --- Turn off backtracking
- reg add "HKCU\Software\Policies\Microsoft\Windows\EdgeUI" /v "TurnOffBackstack" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Disable Search Suggestions in Edge------------
- :: ----------------------------------------------------------
- echo --- Disable Search Suggestions in Edge
- reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes" /v "ShowSearchSuggestionsGlobal" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---Disable Edge usage and crash-related data reporting----
- :: ----------------------------------------------------------
- echo --- Disable Edge usage and crash-related data reporting
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "MetricsReportingEnabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable sending site information-------------
- :: ----------------------------------------------------------
- echo --- Disable sending site information
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "SendSiteInfoToImproveServices" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------Disable Geolocation in Internet Explorer---------
- :: ----------------------------------------------------------
- echo --- Disable Geolocation in Internet Explorer
- reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation" /v "PolicyDisableGeolocation" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Disable Internet Explorer InPrivate logging--------
- :: ----------------------------------------------------------
- echo --- Disable Internet Explorer InPrivate logging
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" /v "DisableLogging" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Disable Internet Explorer CEIP--------------
- :: ----------------------------------------------------------
- echo --- Disable Internet Explorer CEIP
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\SQM" /v "DisableCustomerImprovementProgram" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------Disable calling legacy WCM policies------------
- :: ----------------------------------------------------------
- echo --- Disable calling legacy WCM policies
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "CallLegacyWCMPolicies" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------------Disable SSLv3 fallback------------------
- :: ----------------------------------------------------------
- echo --- Disable SSLv3 fallback
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "EnableSSL3Fallback" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------Disable ignoring cert errors---------------
- :: ----------------------------------------------------------
- echo --- Disable ignoring cert errors
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "PreventIgnoreCertErrors" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------Disable Chrome Software Reporter Tool-----------
- :: ----------------------------------------------------------
- echo --- Disable Chrome Software Reporter Tool
- icacls "%localappdata%\Google\Chrome\User Data\SwReporter" /inheritance:r /deny "*S-1-1-0:(OI)(CI)(F)" "*S-1-5-7:(OI)(CI)(F)"
- cacls "%localappdata%\Google\Chrome\User Data\SwReporter" /e /c /d %username%
- reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d 1 /f
- reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "software_reporter_tool.exe" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable Chrome metrics reporting-------------
- :: ----------------------------------------------------------
- echo --- Disable Chrome metrics reporting
- reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "MetricsReportingEnabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Do not share scanned software data to Google-------
- :: ----------------------------------------------------------
- echo --- Do not share scanned software data to Google
- reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ChromeCleanupReportingEnabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---Prevent Chrome from scanning the system for cleanup----
- :: ----------------------------------------------------------
- echo --- Prevent Chrome from scanning the system for cleanup
- reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ChromeCleanupEnabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Disable Firefox metrics reporting-------------
- :: ----------------------------------------------------------
- echo --- Disable Firefox metrics reporting
- reg add HKLM\SOFTWARE\Policies\Mozilla\Firefox /v DisableTelemetry /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------Disable default browser agent reporting policy------
- :: ----------------------------------------------------------
- echo --- Disable default browser agent reporting policy
- reg add HKLM\SOFTWARE\Policies\Mozilla\Firefox /v DisableDefaultBrowserAgent /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Disable default browser agent reporting services-----
- :: ----------------------------------------------------------
- echo --- Disable default browser agent reporting services
- schtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB"
- schtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent D2CEEC440E2074BD"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Do not send Windows Media Player statistics--------
- :: ----------------------------------------------------------
- echo --- Do not send Windows Media Player statistics
- reg add "HKCU\SOFTWARE\Microsoft\MediaPlayer\Preferences" /v "UsageTracking" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Disable metadata retrieval----------------
- :: ----------------------------------------------------------
- echo --- Disable metadata retrieval
- reg add "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer" /v "PreventCDDVDMetadataRetrieval" /t REG_DWORD /d 1 /f
- reg add "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer" /v "PreventMusicFileMetadataRetrieval" /t REG_DWORD /d 1 /f
- reg add "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer" /v "PreventRadioPresetsRetrieval" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\WMDRM" /v "DisableOnline" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----Disable dows Media Player Network Sharing Service-----
- :: ----------------------------------------------------------
- echo --- Disable dows Media Player Network Sharing Service
- sc stop "WMPNetworkSvc" & sc config "WMPNetworkSvc" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Disable administrative shares---------------
- :: ----------------------------------------------------------
- echo --- Disable administrative shares
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "AutoShareWks" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------Disable AutoPlay and AutoRun---------------
- :: ----------------------------------------------------------
- echo --- Disable AutoPlay and AutoRun
- :: 255 (0xff) means all drives
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d 255 /f
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAutorun" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "NoAutoplayfornonVolume" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -Prevent the storage of the LAN Manager hash of passwords-
- :: ----------------------------------------------------------
- echo --- Prevent the storage of the LAN Manager hash of passwords
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "NoLMHash" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: Disable Windows Installer Always install with elevated privileges
- echo --- Disable Windows Installer Always install with elevated privileges
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer" /v "AlwaysInstallElevated" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------Prevent WinRM from using Basic Authentication-------
- :: ----------------------------------------------------------
- echo --- Prevent WinRM from using Basic Authentication
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client" /v "AllowBasic" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------Restrict anonymous enumeration of shares---------
- :: ----------------------------------------------------------
- echo --- Restrict anonymous enumeration of shares
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\LSA" /v "RestrictAnonymous" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Refuse less secure authentication-------------
- :: ----------------------------------------------------------
- echo --- Refuse less secure authentication
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LmCompatibilityLevel" /t REG_DWORD /d 5 /f
- :: ----------------------------------------------------------
- :: Enable Structured Exception Handling Overwrite Protection (SEHOP)
- echo --- Enable Structured Exception Handling Overwrite Protection (SEHOP)
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Block Anonymous enumeration of SAM accounts--------
- :: ----------------------------------------------------------
- echo --- Block Anonymous enumeration of SAM accounts
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "RestrictAnonymousSAM" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---Restrict anonymous access to Named Pipes and Shares----
- :: ----------------------------------------------------------
- echo --- Restrict anonymous access to Named Pipes and Shares
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters" /v "RestrictNullSessAccess" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------Disable the Windows Connect Now wizard----------
- :: ----------------------------------------------------------
- echo --- Disable the Windows Connect Now wizard
- reg add "HKLM\Software\Policies\Microsoft\Windows\WCN\UI" /v "DisableWcnUi" /t REG_DWORD /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableFlashConfigRegistrar" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableInBand802DOT11Registrar" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableUPnPRegistrar" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableWPDRegistrar" /t REG_DWORD /d 0 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "EnableRegistrars" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Disable unsafe SMBv1 protocol---------------
- :: ----------------------------------------------------------
- echo --- Disable unsafe SMBv1 protocol
- dism /online /Disable-Feature /FeatureName:"SMB1Protocol" /NoRestart
- dism /Online /Disable-Feature /FeatureName:"SMB1Protocol-Client" /NoRestart
- dism /Online /Disable-Feature /FeatureName:"SMB1Protocol-Server" /NoRestart
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Disable PowerShell 2.0 against downgrade attacks-----
- :: ----------------------------------------------------------
- echo --- Disable PowerShell 2.0 against downgrade attacks
- dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2Root" /NoRestart
- dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2" /NoRestart
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------Disable Live Tiles push notifications-----------
- :: ----------------------------------------------------------
- echo --- Disable Live Tiles push notifications
- reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoTileApplicationNotification" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------------Disable online tips--------------------
- :: ----------------------------------------------------------
- echo --- Disable online tips
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "AllowOnlineTips" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Turn off Internet File Association service--------
- :: ----------------------------------------------------------
- echo --- Turn off Internet File Association service
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInternetOpenWith" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------Turn off the "Order Prints" picture task---------
- :: ----------------------------------------------------------
- echo --- Turn off the "Order Prints" picture task
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoOnlinePrintsWizard" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----Disable the file and folder Publish to Web option-----
- :: ----------------------------------------------------------
- echo --- Disable the file and folder Publish to Web option
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoPublishingWizard" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---Prevent downloading a list of providers for wizards----
- :: ----------------------------------------------------------
- echo --- Prevent downloading a list of providers for wizards
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoWebServices" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Delivery Optimization (P2P Windows Updates)--------
- :: ----------------------------------------------------------
- echo --- Delivery Optimization (P2P Windows Updates)
- sc stop "DoSvc" & sc config "DoSvc" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------Program Compatibility Assistant Service----------
- :: ----------------------------------------------------------
- echo --- Program Compatibility Assistant Service
- sc stop "PcaSvc" & sc config "PcaSvc" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------Downloaded Maps Manager------------------
- :: ----------------------------------------------------------
- echo --- Downloaded Maps Manager
- sc stop "MapsBroker" & sc config "MapsBroker" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Microsoft Retail Demo experience-------------
- :: ----------------------------------------------------------
- echo --- Microsoft Retail Demo experience
- sc stop "RetailDemo" & sc config "RetailDemo" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Windows Push Notification Service-------------
- :: ----------------------------------------------------------
- echo --- Windows Push Notification Service
- sc stop "WpnService" & sc config "WpnService" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Volume Shadow Copy Service----------------
- :: ----------------------------------------------------------
- echo --- Volume Shadow Copy Service
- sc stop "VSS" & sc config "VSS" start=disabled
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------------Uninstall Cortana app-------------------
- :: ----------------------------------------------------------
- echo --- Uninstall Cortana app
- PowerShell -Command "Get-AppxPackage 'Microsoft.549981C3F5F10' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------------Feedback Hub app---------------------
- :: ----------------------------------------------------------
- echo --- Feedback Hub app
- PowerShell -Command "Get-AppxPackage 'Microsoft.WindowsFeedbackHub' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------------Windows Maps app---------------------
- :: ----------------------------------------------------------
- echo --- Windows Maps app
- PowerShell -Command "Get-AppxPackage 'Microsoft.WindowsMaps' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------------MSN Weather app----------------------
- :: ----------------------------------------------------------
- echo --- MSN Weather app
- PowerShell -Command "Get-AppxPackage 'Microsoft.BingWeather' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------------MSN Sports app----------------------
- :: ----------------------------------------------------------
- echo --- MSN Sports app
- PowerShell -Command "Get-AppxPackage 'Microsoft.BingSports' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------------MSN News app-----------------------
- :: ----------------------------------------------------------
- echo --- MSN News app
- PowerShell -Command "Get-AppxPackage 'Microsoft.BingNews' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------------MSN Money app-----------------------
- :: ----------------------------------------------------------
- echo --- MSN Money app
- PowerShell -Command "Get-AppxPackage 'Microsoft.BingFinance' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------------My Office app-----------------------
- :: ----------------------------------------------------------
- echo --- My Office app
- PowerShell -Command "Get-AppxPackage 'Microsoft.MicrosoftOfficeHub' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Microsoft Advertising app-----------------
- :: ----------------------------------------------------------
- echo --- Microsoft Advertising app
- PowerShell -Command "Get-AppxPackage 'Microsoft.Advertising.Xaml' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------------Network Speed Test app------------------
- :: ----------------------------------------------------------
- echo --- Network Speed Test app
- PowerShell -Command "Get-AppxPackage 'Microsoft.NetworkSpeedTest' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Holographic First Run app-----------------
- :: ----------------------------------------------------------
- echo --- Holographic First Run app
- PowerShell -Command " $package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.Holographic.FirstRun'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } };"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Windows 10 Family Safety / Parental Controls app-----
- :: ----------------------------------------------------------
- echo --- Windows 10 Family Safety / Parental Controls app
- PowerShell -Command " $package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.ParentalControls'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } };"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------------Windows Feedback app-------------------
- :: ----------------------------------------------------------
- echo --- Windows Feedback app
- PowerShell -Command " $package = (Get-AppxPackage -AllUsers 'Microsoft.WindowsFeedback'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } };"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------------CBS Preview app----------------------
- :: ----------------------------------------------------------
- echo --- CBS Preview app
- PowerShell -Command " $package = (Get-AppxPackage -AllUsers 'Windows.CBSPreview'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } };"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------Clear previous Windows installations-----------
- :: ----------------------------------------------------------
- echo --- Clear previous Windows installations
- if exist "%SystemDrive%\Windows.old" (
- takeown /f "%SystemDrive%\Windows.old" /a /r /d y
- icacls "%SystemDrive%\Windows.old" /grant administrators:F /t
- rd /s /q "%SystemDrive%\Windows.old"
- echo Deleted previous installation from "%SystemDrive%\Windows.old\"
- ) else (
- echo No previous Windows installation has been found
- )
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------------Do not allow Cortana-------------------
- :: ----------------------------------------------------------
- echo --- Do not allow Cortana
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Do not allow Cortana experience--------------
- :: ----------------------------------------------------------
- echo --- Do not allow Cortana experience
- reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana" /v "value" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: Do not allow search and Cortana to search cloud sources like OneDrive and SharePoint
- echo --- Do not allow search and Cortana to search cloud sources like OneDrive and SharePoint
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCloudSearch" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: Disable Cortana speech interaction while the system is locked
- echo --- Disable Cortana speech interaction while the system is locked
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortanaAboveLock" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------Opt out from Cortana consent---------------
- :: ----------------------------------------------------------
- echo --- Opt out from Cortana consent
- reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "CortanaConsent" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Do not allow Cortana to be enabled------------
- :: ----------------------------------------------------------
- echo --- Do not allow Cortana to be enabled
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CanCortanaBeEnabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -Disable Cortana (Internet search results in start menu)--
- :: ----------------------------------------------------------
- echo --- Disable Cortana (Internet search results in start menu)
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaEnabled" /t REG_DWORD /d 0 /f
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaEnabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Remove the Cortana taskbar icon--------------
- :: ----------------------------------------------------------
- echo --- Remove the Cortana taskbar icon
- reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "ShowCortanaButton" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Disable search indexing encrypted items / stores-----
- :: ----------------------------------------------------------
- echo --- Disable search indexing encrypted items / stores
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowIndexingEncryptedStoresOrItems" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------Do not allow search to use location------------
- :: ----------------------------------------------------------
- echo --- Do not allow search to use location
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable web search in search bar-------------
- :: ----------------------------------------------------------
- echo --- Disable web search in search bar
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------------Disable Bing search--------------------
- :: ----------------------------------------------------------
- echo --- Disable Bing search
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d 0 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------Disable behavior monitoring----------------
- :: ----------------------------------------------------------
- echo --- Disable behavior monitoring
- reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: Disable scanning for all downloaded files and attachments-
- :: ----------------------------------------------------------
- echo --- Disable scanning for all downloaded files and attachments
- reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Disable monitoring file and program activity-------
- :: ----------------------------------------------------------
- echo --- Disable monitoring file and program activity
- reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: Disable automatically taking action on all detected tasks-
- :: ----------------------------------------------------------
- echo --- Disable automatically taking action on all detected tasks
- reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Disable process scanning on real-time protection-----
- :: ----------------------------------------------------------
- echo --- Disable process scanning on real-time protection
- reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Disable Windows Defender ExploitGuard task--------
- :: ----------------------------------------------------------
- echo --- Disable Windows Defender ExploitGuard task
- schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Disable Windows Defender Cache Maintenance task------
- :: ----------------------------------------------------------
- echo --- Disable Windows Defender Cache Maintenance task
- schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------Disable Windows Defender Cleanup task-----------
- :: ----------------------------------------------------------
- echo --- Disable Windows Defender Cleanup task
- schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------Disable Windows Defender Scheduled Scan task-------
- :: ----------------------------------------------------------
- echo --- Disable Windows Defender Scheduled Scan task
- schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Disable Windows Defender Verification task--------
- :: ----------------------------------------------------------
- echo --- Disable Windows Defender Verification task
- schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Disable Windows Defender Firewall service---------
- :: ----------------------------------------------------------
- echo --- Disable Windows Defender Firewall service
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d "4" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------Disable Windows Defender Antivirus service--------
- :: ----------------------------------------------------------
- echo --- Disable Windows Defender Antivirus service
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -Disable Microsoft Defender Antivirus Boot Driver service-
- :: ----------------------------------------------------------
- echo --- Disable Microsoft Defender Antivirus Boot Driver service
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
- :: ----------------------------------------------------------
- :: Disable Microsoft Defender Antivirus Mini-Filter Driver service
- echo --- Disable Microsoft Defender Antivirus Mini-Filter Driver service
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
- :: ----------------------------------------------------------
- :: Disable Microsoft Defender Antivirus Network Inspection System Driver service
- echo --- Disable Microsoft Defender Antivirus Network Inspection System Driver service
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
- :: ----------------------------------------------------------
- :: Disable Microsoft Defender Antivirus Network Inspection service
- echo --- Disable Microsoft Defender Antivirus Network Inspection service
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable Windows Security service-------------
- :: ----------------------------------------------------------
- echo --- Disable Windows Security service
- reg add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------Disable Microsoft Defender Antivirus-----------
- :: ----------------------------------------------------------
- echo --- Disable Microsoft Defender Antivirus
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------Disable Windows Defender logging-------------
- :: ----------------------------------------------------------
- echo --- Disable Windows Defender logging
- reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
- reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------Turn off block at first sight---------------
- :: ----------------------------------------------------------
- echo --- Turn off block at first sight
- reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --Disable scheduled On Demand anti malware scanner (MRT)--
- :: ----------------------------------------------------------
- echo --- Disable scheduled On Demand anti malware scanner (MRT)
- reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------------Kill OneDrive process-------------------
- :: ----------------------------------------------------------
- echo --- Kill OneDrive process
- taskkill /f /im OneDrive.exe
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------------Uninstall OneDrive--------------------
- :: ----------------------------------------------------------
- echo --- Uninstall OneDrive
- if %PROCESSOR_ARCHITECTURE%==x86 (
- %SystemRoot%\System32\OneDriveSetup.exe /uninstall 2>nul
- ) else (
- %SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall 2>nul
- )
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Remove OneDrive leftovers-----------------
- :: ----------------------------------------------------------
- echo --- Remove OneDrive leftovers
- rd "%UserProfile%\OneDrive" /q /s
- rd "%LocalAppData%\Microsoft\OneDrive" /q /s
- rd "%ProgramData%\Microsoft OneDrive" /q /s
- rd "%SystemDrive%\OneDriveTemp" /q /s
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Delete OneDrive shortcuts-----------------
- :: ----------------------------------------------------------
- echo --- Delete OneDrive shortcuts
- del "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk" /s /f /q
- del "%APPDATA%\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk" /s /f /q
- del "%USERPROFILE%\Links\OneDrive.lnk" /s /f /q
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ----------------Disable usage of OneDrive-----------------
- :: ----------------------------------------------------------
- echo --- Disable usage of OneDrive
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /t REG_DWORD /v "DisableFileSyncNGSC" /d 1 /f
- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /t REG_DWORD /v "DisableFileSync" /d 1 /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---Prevent automatic OneDrive install for current user----
- :: ----------------------------------------------------------
- echo --- Prevent automatic OneDrive install for current user
- reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----Prevent automatic OneDrive install for new users-----
- :: ----------------------------------------------------------
- echo --- Prevent automatic OneDrive install for new users
- reg load "HKU\Default" "%SystemDrive%\Users\Default\NTUSER.DAT"
- reg delete "HKU\Default\software\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f
- reg unload "HKU\Default"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Remove OneDrive from explorer menu------------
- :: ----------------------------------------------------------
- echo --- Remove OneDrive from explorer menu
- reg delete "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
- reg delete "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
- reg add "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v System.IsPinnedToNameSpaceTree /d "0" /t REG_DWORD /f
- reg add "HKCR\Wow6432Node\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v System.IsPinnedToNameSpaceTree /d "0" /t REG_DWORD /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------Delete all OneDrive related Services-----------
- :: ----------------------------------------------------------
- echo --- Delete all OneDrive related Services
- for /f "tokens=1 delims=," %%x in ('schtasks /query /fo csv ^| find "OneDrive"') do schtasks /Delete /TN %%x /F
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ------------Delete OneDrive path from registry------------
- :: ----------------------------------------------------------
- echo --- Delete OneDrive path from registry
- reg delete "HKCU\Environment" /v "OneDrive" /f
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---Bio enrollment app (breaks biometric authentication)---
- :: ----------------------------------------------------------
- echo --- Bio enrollment app (breaks biometric authentication)
- PowerShell -Command " $package = (Get-AppxPackage -AllUsers 'Microsoft.BioEnrollment'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } };"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -------------------Cred Dialog Host app-------------------
- :: ----------------------------------------------------------
- echo --- Cred Dialog Host app
- PowerShell -Command " $package = (Get-AppxPackage -AllUsers 'Microsoft.CredDialogHost'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } };"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------------------EC app--------------------------
- :: ----------------------------------------------------------
- echo --- EC app
- PowerShell -Command " $package = (Get-AppxPackage -AllUsers 'Microsoft.ECApp'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } };"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: ---------------Lock app (shows lock screen)---------------
- :: ----------------------------------------------------------
- echo --- Lock app (shows lock screen)
- PowerShell -Command " $package = (Get-AppxPackage -AllUsers 'Microsoft.LockApp'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } };"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------------Get Help app-----------------------
- :: ----------------------------------------------------------
- echo --- Get Help app
- PowerShell -Command "Get-AppxPackage 'Microsoft.GetHelp' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------------App Installer app---------------------
- :: ----------------------------------------------------------
- echo --- App Installer app
- PowerShell -Command "Get-AppxPackage 'Microsoft.DesktopAppInstaller' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: --------------------Microsoft Tips app--------------------
- :: ----------------------------------------------------------
- echo --- Microsoft Tips app
- PowerShell -Command "Get-AppxPackage 'Microsoft.Getstarted' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- :: ----------------------------------------------------------
- :: -----------------Microsoft Messaging app------------------
- :: ----------------------------------------------------------
- echo --- Microsoft Messaging app
- PowerShell -Command "Get-AppxPackage 'Microsoft.Messaging' | Remove-AppxPackage"
- :: ----------------------------------------------------------
- pause
- exit /b 0
Add Comment
Please, Sign In to add comment