Scripts with settings and chocolatey packages for fresh windows installation

wis

# Install boxstarter:
# 	. { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:
# 	start http://boxstarter.org/package/nr/url?<URL-TO-RAW-GIST>
# OR
# 	Install-BoxstarterPackage -PackageName <URL-TO-RAW-GIST> -DisableReboots

#---- TEMPORARY ---
Disable-UAC

#---- PERMANENT ---
Set-WindowsExplorerOptions -EnableShowHiddenFilesFoldersDrives -EnableShowProtectedOSFiles -EnableShowFileExtensions -EnableShowFullPathInTitleBar -EnableOpenFileExplorerToQuickAccess -DisableShowRecentFilesInQuickAccess -DisableShowFrequentFoldersInQuickAccess -EnableExpandToOpenFolder -EnableShowRibbon

Set-StartScreenOptions -EnableBootToDesktop -EnableDesktopBackgroundOnStart -EnableShowStartOnActiveScreen -EnableShowAppsViewOnStartScreen -EnableSearchEverywhereInAppsView -EnableListDesktopAppsFirst

Set-TaskbarOptions -Size Small -Lock -Dock Bottom -Combine Never
# Set-TaskbarOptions -Size Large -UnLock -Dock Bottom -Combine Never

Set-TaskbarOptions -AlwaysShowIconsOn
# Set-TaskbarOptions -AlwaysShowIconsOff

Disable-ComputerRestore "C:\"
Disable-GameBarTips 

# ElJEfe: for Ned Pyle, because, I blame him. 
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart

#ElJefe: Removing a bunch of other unnecessary stuff.Because they are not needed on a work box. 
# don't need work folders if u got OneDrive for Business. 
Disable-WindowsOptionalFeature -Online -FeatureName WorkFolders-Client -NoRestart
# don't need remote differential compression if you never intend to pull from network shares...
Disable-WindowsOptionalFeature -Online -FeatureName MSRDC-Infrastructure -NoRestart

# you don't need Fax & Scan, XPS formats, XPS printing services, or printing to http printers. 
Disable-WindowsOptionalFeature -Online -FeatureName FaxServicesClientPackage -NoRestart
Disable-WindowsOptionalFeature -Online -FeatureName Printing-XPSServices-Features -NoRestart
Disable-WindowsOptionalFeature -Online -FeatureName Printing-Foundation-InternetPrinting-Client -NoRestart

# you don't need media playback.
#Disable-WindowsOptionalFeature -Online -FeatureName WindowsMediaPlayer -NoRestart
#Disable-WindowsOptionalFeature -Online -FeatureName MediaPlayback -NoRestart

#eljefe: There are some services that you simply do not need if you want to lay low. go spelunking in the Services.msc to see why. 
# you are not pulling from shares, you should not expose shares...die LAN Man! with my last breath I will curse thee
Set-service -Name LanmanServer -StartupType Disabled
#print spooler: Dead
Set-service -Name Spooler -StartupType Disabled
# Tablet input: pssh nobody use tablet input. its silly.just write right in onenote
Set-service -Name TabletInputService -StartupType Disabled
# Telephony API is tell-a-phony
Set-service -Name TapiSrv -StartupType Disabled
#geolocation service : u can't find me.
Set-service -Name lfsvc -StartupType Disabled

# ain't no homegroup here.
# u do not want ur smartcard cert to propagate to the local cache, do you?
Set-service -Name CertPropsvc -StartupType Disabled
# who needs branchcache?
Set-service -Name PeerDistSvc -StartupType Disabled
# i don't need to keep links from NTFS file shares across the network - i haz office.
Set-service -Name TrkWks -StartupType Disabled
# i don't use iscsi
Set-service -Name MSISCSI -StartupType Disabled
# why is SNMPTRAP still on windows 10? i mean, really, who uses SNMP? is it even a real protocol anymore?
Set-service -Name SNMPTRAP -StartupType Disabled

# Peer to Peer discovery svcs...Begone!
Set-service -Name PNRPAutoReg -StartupType Disabled
Set-service -Name p2pimsvc -StartupType Disabled
Set-service -Name p2psvc -StartupType Disabled
Set-service -Name PNRPsvc -StartupType Disabled
# no netbios over tcp/ip. unnecessary. 
Set-service -Name lmhosts -StartupType Disabled

# this is like plug & play only for network devices. no thx. k bye.
Set-service -Name SSDPSRV -StartupType Disabled
# YOU DO NOT NEED TO PUBLISH FROM THIS DEVICE. Discovery Resource Publication service:
Set-service -Name FDResPub -StartupType Disabled
#"Function Discovery host provides a uniform programmatic interface for enumerating system resources" - NO THX. 
Set-service -Name fdPHost -StartupType Disabled

#intel Proset wireless registry thing. curse thee:
# Set-service -Name RegSrvc -StartupType Disabled

#optimize the startup cache...i think. on SSD i don't think it really matters.
set-service SysMain -StartupType Automatic


#---LIBRARIES---
#come one, you know you like em, you use em all the time. might as well make sure they come back each and every time, right?
# this assumes you set up onedrive. 
# Move-LibraryDirectory -libraryName "Personal" -newPath $ENV:OneDrive\Documents
# Move-LibraryDirectory -libraryName "My Pictures" -newPath $ENV:OneDrive\Pictures
# Move-LibraryDirectory -libraryName "My Video" -newPath $ENV:OneDrive\Videos
# Move-LibraryDirectory -libraryName "My Music" -newPath $ENV:OneDrive\Music

#--- Windows Subsystems/Features ---

# these are also available for scripting directly on windows and installing natively via Enable-WindowsOptionalFeature.
# if you wanna know what's available, try this:
# Get-WindowsOptionalFeature  -Online | sort @{Expression = "State"; Descending = $True}, @{Expression = "FeatureName"; Descending = $False}| Format-Table -GroupBy State

choco install Microsoft-Windows-Subsystem-Linux -source windowsfeatures
# choco install Microsoft-Hyper-V-All -source windowsFeatures

#---- Apps ----
Write-BoxstarterMessage "***Installing Apps***"

Install-BoxstarterPackage -PackageName https://gist.githubusercontent.com/szaiser/eb815d3bbcc112730361b6272f21061f/raw/chocolatey_packages

#--- Uninstall unecessary applications that come with Windows out of the box ---
Write-BoxstarterMessage "*** Store Apps Cleanup ***"

$apps = @(
    # default Windows 10 apps
    "Microsoft.3DBuilder"
    "Microsoft.Appconnector"
    "Microsoft.BingFinance"
    "Microsoft.BingNews"
    "Microsoft.BingSports"
    "Microsoft.BingWeather"
    #"Microsoft.FreshPaint"
    "Microsoft.Getstarted"
    "Microsoft.MicrosoftOfficeHub"
    "Microsoft.MicrosoftSolitaireCollection"
    "Microsoft.MicrosoftStickyNotes"
    "Microsoft.Office.OneNote"
    "Microsoft.OneConnect"
    "Microsoft.People"
    "Microsoft.SkypeApp"
    "Microsoft.Windows.Photos"
    "Microsoft.WindowsAlarms"
    #"Microsoft.WindowsCalculator"
    "Microsoft.WindowsCamera"
    "Microsoft.WindowsMaps"
    "Microsoft.WindowsPhone"
    "Microsoft.WindowsSoundRecorder"
    #"Microsoft.WindowsStore"
    "Microsoft.XboxApp"
    "Microsoft.ZuneMusic"
    "Microsoft.ZuneVideo"
    "microsoft.windowscommunicationsapps"
    "Microsoft.MinecraftUWP"
    "Microsoft.MicrosoftPowerBIForWindows"
    "Microsoft.NetworkSpeedTest"
    
    # Threshold 2 apps
    "Microsoft.CommsPhone"
    "Microsoft.ConnectivityStore"
    "Microsoft.Messaging"
    "Microsoft.Office.Sway"
    "Microsoft.OneConnect"
    "Microsoft.WindowsFeedbackHub"


    #Redstone apps
    "Microsoft.BingFoodAndDrink"
    "Microsoft.BingTravel"
    "Microsoft.BingHealthAndFitness"
    "Microsoft.WindowsReadingList"

    # non-Microsoft
    "9E2F88E3.Twitter"
    "PandoraMediaInc.29680B314EFC2"
    "Flipboard.Flipboard"
    "ShazamEntertainmentLtd.Shazam"
    "king.com.CandyCrushSaga"
    "king.com.CandyCrushSodaSaga"
    "king.com.*"
    "ClearChannelRadioDigital.iHeartRadio"
    "4DF9E0F8.Netflix"
    "6Wunderkinder.Wunderlist"
    "Drawboard.DrawboardPDF"
    "2FE3CB00.PicsArt-PhotoStudio"
    "D52A8D61.FarmVille2CountryEscape"
    "TuneIn.TuneInRadio"
    "GAMELOFTSA.Asphalt8Airborne"
    #"TheNewYorkTimes.NYTCrossword"
    "DB6EA5DB.CyberLinkMediaSuiteEssentials"
    "Facebook.Facebook"
    "flaregamesGmbH.RoyalRevolt2"
    "Playtika.CaesarsSlotsFreeCasino"
    "A278AB0D.MarchofEmpires"
    "KeeperSecurityInc.Keeper"
    "ThumbmunkeysLtd.PhototasticCollage"
    "XINGAG.XING"
    "89006A2E.AutodeskSketchBook"
    "D5EA27B7.Duolingo-LearnLanguagesforFree"
    "46928bounde.EclipseManager"
    "ActiproSoftwareLLC.562882FEEB491" # next one is for the Code Writer from Actipro Software LLC
    "CAF9E577.Plex"
    "*Dropbox*"
	
    # apps which cannot be removed using Remove-AppxPackage
    #"Microsoft.BioEnrollment"
    #"Microsoft.MicrosoftEdge"
    #"Microsoft.Windows.Cortana"
    #"Microsoft.WindowsFeedback"
    #"Microsoft.XboxGameCallableUI"
     #"Microsoft.XboxIdentityProvider"
    #"Windows.ContactSupport"
)

foreach ($app in $apps) {
    Write-Output "Trying to remove $app"

    Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage

    Get-AppXProvisionedPackage -Online |
        Where-Object DisplayName -EQ $app |
        Remove-AppxProvisionedPackage -Online -AllUsers
}


#---- Windows Settings ----
# Some from: @NickCraver's gist https://gist.github.com/NickCraver/7ebf9efbfd0c3eab72e9

# Privacy: Let apps use my advertising ID: Disable
If (-Not (Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) {
    New-Item -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo | Out-Null
}
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo -Name Enabled -Type DWord -Value 0

#--- Restore Temporary Settings ---
Write-BoxstarterMessage "re-Enable UAC"
Enable-UAC

#Write-BoxstarterMessage " Enabling Windows Update"
Enable-MicrosoftUpdate
Install-WindowsUpdate -acceptEula

#--- Rename the Computer ---
# Requires restart, or add the -Restart flag
#eljefe I have a strange sence of humor...
#
# $computername = "DIZZY"
#
# if ($env:computername -ne $computername) {
#	Write-BoxstarterMessage "Renaming Computer to:  $computername "
#	Rename-Computer -NewName $computername
#}