Skip to content

Instantly share code, notes, and snippets.

@LudovicOmarini

LudovicOmarini/Fresh-Install-Of-Windows10.ps1

Last active March 23, 2024 04:36
Show Gist options
  • Save LudovicOmarini/dd45e9c5b751fad55feafda1cec8415a to your computer and use it in GitHub Desktop.
Save LudovicOmarini/dd45e9c5b751fad55feafda1cec8415a to your computer and use it in GitHub Desktop.
Download ZIP
Delete all built-in apps on Windows10 for all current and future users except some apps, Disabling Telemetry, Removing Tiles, etc.
Raw
Fresh-Install-Of-Windows10.ps1
<#
.SYNOPSIS
Delete all built-in apps on Windows10 for all currant and future users except some apps, Disabling Telemetry, Removing Tiles, etc.
.DESCRIPTION
This script delete all built-in apps on Windows10 for all currant and future users except Windows Store, Calculator, Photos, Ubuntu and Linux
Disabling Telemetry, Removing Tiles, etc.
.EXAMPLE
.\Fresh-Install-Of-Windows10.ps1
#>
#---------------------------------------------------------------------#
function New-FolderForced {
[CmdletBinding(SupportsShouldProcess = $true)]
param (
[Parameter(Position = 0, Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
[string]
$Path
)
process {
if (-not (Test-Path $Path)) {
Write-Verbose "-- Creating full path to: $Path"
New-Item -Path $Path -ItemType Directory -Force
}
}
}
function Takeown-Registry($key) {
# TODO does not work for all root keys yet
switch ($key.split('\')[0]) {
"HKEY_CLASSES_ROOT" {
$reg = [Microsoft.Win32.Registry]::ClassesRoot
$key = $key.substring(18)
}
"HKEY_CURRENT_USER" {
$reg = [Microsoft.Win32.Registry]::CurrentUser
$key = $key.substring(18)
}
"HKEY_LOCAL_MACHINE" {
$reg = [Microsoft.Win32.Registry]::LocalMachine
$key = $key.substring(19)
}
}
# get administraor group
$admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
$admins = $admins.Translate([System.Security.Principal.NTAccount])
# set owner
$key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
$acl = $key.GetAccessControl()
$acl.SetOwner($admins)
$key.SetAccessControl($acl)
# set FullControl
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($admins, "FullControl", "Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
}
function Takeown-File($path) {
takeown.exe /A /F $path
$acl = Get-Acl $path
# get administraor group
$admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
$admins = $admins.Translate([System.Security.Principal.NTAccount])
# add NT Authority\SYSTEM
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", "None", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl -Path $path -AclObject $acl
}
function Takeown-Folder($path) {
Takeown-File $path
foreach ($item in Get-ChildItem $path) {
if (Test-Path $item -PathType Container) {
Takeown-Folder $item.FullName
} else {
Takeown-File $item.FullName
}
}
}
function Elevate-Privileges {
param($Privilege)
$Definition = @"
using System;
using System.Runtime.InteropServices;
public class AdjPriv {
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
internal struct TokPriv1Luid {
public int Count;
public long Luid;
public int Attr;
}
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public static bool EnablePrivilege(long processHandle, string privilege) {
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = new IntPtr(processHandle);
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_ENABLED;
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
return retVal;
}
}
"@
$ProcessHandle = (Get-Process -id $pid).Handle
$type = Add-Type $definition -PassThru
$type[0]::EnablePrivilege($processHandle, $Privilege)
}
#---------------------------------------------------------------------#
### This script will clean Windows 10s start menu from all the default pinned apps (live tiles) that you are using. ###
### It will remove all titles for the current logged user, plus it will optionally do the same for all new users accounts created on the computer.
$START_MENU_LAYOUT = @"
<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6" />
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
"@
$layoutFile="C:\Windows\StartMenuLayout.xml"
#Delete layout file if it already exists
If(Test-Path $layoutFile)
{
Remove-Item $layoutFile
}
#Creates the blank layout file
$START_MENU_LAYOUT | Out-File $layoutFile -Encoding ASCII
$regAliases = @("HKLM", "HKCU")
#Assign the start layout and force it to apply with "LockedStartLayout" at both the machine and user level
foreach ($regAlias in $regAliases){
$basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows"
$keyPath = $basePath + "\Explorer"
IF(!(Test-Path -Path $keyPath)) {
New-Item -Path $basePath -Name "Explorer"
}
Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 1
Set-ItemProperty -Path $keyPath -Name "StartLayoutFile" -Value $layoutFile
}
#Restart Explorer, open the start menu (necessary to load the new layout), and give it a few seconds to process
Stop-Process -name explorer
Start-Sleep -s 5
$wshell = New-Object -ComObject wscript.shell; $wshell.SendKeys('^{ESCAPE}')
Start-Sleep -s 5
#Enable the ability to pin items again by disabling "LockedStartLayout"
foreach ($regAlias in $regAliases){
$basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows"
$keyPath = $basePath + "\Explorer"
Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 0
}
#Restart Explorer and delete the layout file
Stop-Process -name explorer
# Uncomment the next line to make clean start menu default for all new users
#Import-StartLayout -LayoutPath $layoutFile -MountPath $env:SystemDrive\
Remove-Item $layoutFile
#---------------------------------------------------------------------#
### This script removes unwanted Apps that come with Windows. ###
### If you do not want to remove certain Apps comment out the corresponding lines in the PowerShell script.###
### Author of this script: https://github.com/W4RH4WK/Debloat-Windows-10
Write-Output "Elevating privileges for this process"
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
Write-Output "Uninstalling default apps"
$apps = @(
# default Windows 10 apps
"Microsoft.3DBuilder"
"Microsoft.Appconnector"
"Microsoft.BingFinance"
"Microsoft.BingNews"
"Microsoft.BingSports"
"Microsoft.BingTranslator"
"Microsoft.BingWeather"
#"Microsoft.FreshPaint"
"Microsoft.GamingServices"
"Microsoft.Microsoft3DViewer"
"Microsoft.MicrosoftOfficeHub"
"Microsoft.MicrosoftPowerBIForWindows"
"Microsoft.MicrosoftSolitaireCollection"
#"Microsoft.MicrosoftStickyNotes"
"Microsoft.MinecraftUWP"
"Microsoft.NetworkSpeedTest"
"Microsoft.Office.OneNote"
#"Microsoft.OneConnect"
"Microsoft.People"
"Microsoft.Print3D"
"Microsoft.SkypeApp"
"Microsoft.Wallet"
#"Microsoft.Windows.Photos"
"Microsoft.WindowsAlarms"
#"Microsoft.WindowsCalculator"
#"Microsoft.WindowsCamera"
"microsoft.windowscommunicationsapps"
#"Microsoft.WindowsMaps"
#"Microsoft.WindowsPhone"
#"Microsoft.WindowsSoundRecorder"
#"Microsoft.WindowsStore" # can't be re-installed
"Microsoft.Xbox.TCUI"
"Microsoft.XboxApp"
"Microsoft.XboxGameOverlay"
"Microsoft.XboxGamingOverlay"
"Microsoft.XboxSpeechToTextOverlay"
#"Microsoft.YourPhone"
"Microsoft.ZuneMusic"
"Microsoft.ZuneVideo"
# Threshold 2 apps
"Microsoft.CommsPhone"
"Microsoft.ConnectivityStore"
"Microsoft.GetHelp"
"Microsoft.Getstarted"
"Microsoft.Messaging"
"Microsoft.Office.Sway"
"Microsoft.OneConnect"
"Microsoft.WindowsFeedbackHub"
# Creators Update apps
"Microsoft.Microsoft3DViewer"
#"Microsoft.MSPaint"
#Redstone apps
"Microsoft.BingFoodAndDrink"
"Microsoft.BingHealthAndFitness"
"Microsoft.BingTravel"
"Microsoft.WindowsReadingList"
# Redstone 5 apps
"Microsoft.MixedReality.Portal"
#"Microsoft.ScreenSketch"
"Microsoft.XboxGamingOverlay"
#"Microsoft.YourPhone"
# non-Microsoft
"2FE3CB00.PicsArt-PhotoStudio"
"46928bounde.EclipseManager"
"4DF9E0F8.Netflix"
"613EBCEA.PolarrPhotoEditorAcademicEdition"
"6Wunderkinder.Wunderlist"
"7EE7776C.LinkedInforWindows"
"89006A2E.AutodeskSketchBook"
"9E2F88E3.Twitter"
"A278AB0D.DisneyMagicKingdoms"
"A278AB0D.MarchofEmpires"
"ActiproSoftwareLLC.562882FEEB491" # next one is for the Code Writer from Actipro Software LLC
"CAF9E577.Plex"
"ClearChannelRadioDigital.iHeartRadio"
"D52A8D61.FarmVille2CountryEscape"
"D5EA27B7.Duolingo-LearnLanguagesforFree"
"DB6EA5DB.CyberLinkMediaSuiteEssentials"
"DolbyLaboratories.DolbyAccess"
"DolbyLaboratories.DolbyAccess"
"Drawboard.DrawboardPDF"
"Facebook.Facebook"
"Fitbit.FitbitCoach"
"Flipboard.Flipboard"
"GAMELOFTSA.Asphalt8Airborne"
"KeeperSecurityInc.Keeper"
"Microsoft.BingNews"
"NORDCURRENT.COOKINGFEVER"
"PandoraMediaInc.29680B314EFC2"
"Playtika.CaesarsSlotsFreeCasino"
"ShazamEntertainmentLtd.Shazam"
"SlingTVLLC.SlingTV"
"SpotifyAB.SpotifyMusic"
#"TheNewYorkTimes.NYTCrossword"
"ThumbmunkeysLtd.PhototasticCollage"
"TuneIn.TuneInRadio"
"WinZipComputing.WinZipUniversal"
"XINGAG.XING"
"flaregamesGmbH.RoyalRevolt2"
"king.com.*"
"king.com.BubbleWitch3Saga"
"king.com.CandyCrushSaga"
"king.com.CandyCrushSodaSaga"
# apps which cannot be removed using Remove-AppxPackage
#"Microsoft.BioEnrollment"
#"Microsoft.MicrosoftEdge"
#"Microsoft.Windows.Cortana"
#"Microsoft.WindowsFeedback"
#"Microsoft.XboxGameCallableUI"
#"Microsoft.XboxIdentityProvider"
#"Windows.ContactSupport"
# apps which other apps depend on
"Microsoft.Advertising.Xaml"
)
foreach ($app in $apps) {
Write-Output "Trying to remove $app"
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers
Get-AppXProvisionedPackage -Online |
Where-Object DisplayName -EQ $app |
Remove-AppxProvisionedPackage -Online
}
# Prevents Apps from re-installing
$cdm = @(
"ContentDeliveryAllowed"
"FeatureManagementEnabled"
"OemPreInstalledAppsEnabled"
"PreInstalledAppsEnabled"
"PreInstalledAppsEverEnabled"
"SilentInstalledAppsEnabled"
"SubscribedContent-314559Enabled"
"SubscribedContent-338387Enabled"
"SubscribedContent-338388Enabled"
"SubscribedContent-338389Enabled"
"SubscribedContent-338393Enabled"
"SubscribedContentEnabled"
"SystemPaneSuggestionsEnabled"
)
New-FolderForced "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
foreach ($key in $cdm) {
Set-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" $key 0
}
New-FolderForced "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" "AutoDownload" 2
# Prevents "Suggested Applications" returning
New-FolderForced "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" "DisableWindowsConsumerFeatures" 1
#---------------------------------------------------------------------#
### This script disables unwanted Windows services. ###
### If you do not want to disable certain services comment out the corresponding lines in the PowerShell script. ###
### Author of this script: https://github.com/W4RH4WK/Debloat-Windows-10
$services = @(
"diagnosticshub.standardcollector.service" # Microsoft (R) Diagnostics Hub Standard Collector Service
"DiagTrack" # Diagnostics Tracking Service
"dmwappushservice" # WAP Push Message Routing Service (see known issues)
"lfsvc" # Geolocation Service
"MapsBroker" # Downloaded Maps Manager
"NetTcpPortSharing" # Net.Tcp Port Sharing Service
#"RemoteAccess" # Routing and Remote Access
#"RemoteRegistry" # Remote Registry
"SharedAccess" # Internet Connection Sharing (ICS)
"TrkWks" # Distributed Link Tracking Client
"WbioSrvc" # Windows Biometric Service (required for Fingerprint reader / facial detection)
#"WlanSvc" # WLAN AutoConfig
"WMPNetworkSvc" # Windows Media Player Network Sharing Service
#"wscsvc" # Windows Security Center Service
#"WSearch" # Windows Search
"XblAuthManager" # Xbox Live Auth Manager
"XblGameSave" # Xbox Live Game Save Service
"XboxNetApiSvc" # Xbox Live Networking Service
"ndu" # Windows Network Data Usage Monitor
# Services which cannot be disabled
#"WdNisSvc"
)
foreach ($service in $services) {
Write-Output "Trying to disable $service"
Get-Service -Name $service | Set-Service -StartupType Disabled
}
#---------------------------------------------------------------------#
### This script blocks telemetry related domains via the hosts file and related IPs via Windows Firewall. ###
###- Please note that adding these domains may break certain software like iTunes or Skype. As this issue is location dependent for some domains, they are not commented by default. ###
### The domains known to cause issues marked accordingly.
### Please see the related issue: https://github.com/W4RH4WK/Debloat-Windows-10/issues/79 ###
### Author of this script: https://github.com/W4RH4WK/Debloat-Windows-10
Write-Output "Disabling telemetry via Group Policies"
New-FolderForced "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0
# Entries related to Akamai have been reported to cause issues with Widevine
# DRM.
Write-Output "Adding telemetry domains to hosts file"
$hosts_file = "$env:systemroot\System32\drivers\etc\hosts"
$domains = @(
"184-86-53-99.deploy.static.akamaitechnologies.com"
"a-0001.a-msedge.net"
"a-0002.a-msedge.net"
"a-0003.a-msedge.net"
"a-0004.a-msedge.net"
"a-0005.a-msedge.net"
"a-0006.a-msedge.net"
"a-0007.a-msedge.net"
"a-0008.a-msedge.net"
"a-0009.a-msedge.net"
"a1621.g.akamai.net"
"a1856.g2.akamai.net"
"a1961.g.akamai.net"
#"a248.e.akamai.net" # makes iTunes download button disappear (#43)
"a978.i6g1.akamai.net"
"a.ads1.msn.com"
"a.ads2.msads.net"
"a.ads2.msn.com"
"ac3.msn.com"
"ad.doubleclick.net"
"adnexus.net"
"adnxs.com"
"ads1.msads.net"
"ads1.msn.com"
"ads.msn.com"
"aidps.atdmt.com"
"aka-cdn-ns.adtech.de"
"a-msedge.net"
"any.edge.bing.com"
"a.rad.msn.com"
"az361816.vo.msecnd.net"
"az512334.vo.msecnd.net"
"b.ads1.msn.com"
"b.ads2.msads.net"
"bingads.microsoft.com"
"b.rad.msn.com"
"bs.serving-sys.com"
"c.atdmt.com"
"cdn.atdmt.com"
"cds26.ams9.msecn.net"
"choice.microsoft.com"
"choice.microsoft.com.nsatc.net"
"compatexchange.cloudapp.net"
"corpext.msitadfs.glbdns2.microsoft.com"
"corp.sts.microsoft.com"
"cs1.wpc.v0cdn.net"
"db3aqu.atdmt.com"
"df.telemetry.microsoft.com"
"diagnostics.support.microsoft.com"
"e2835.dspb.akamaiedge.net"
"e7341.g.akamaiedge.net"
"e7502.ce.akamaiedge.net"
"e8218.ce.akamaiedge.net"
"ec.atdmt.com"
"fe2.update.microsoft.com.akadns.net"
"feedback.microsoft-hohm.com"
"feedback.search.microsoft.com"
"feedback.windows.com"
"flex.msn.com"
"g.msn.com"
"h1.msn.com"
"h2.msn.com"
"hostedocsp.globalsign.com"
"i1.services.social.microsoft.com"
"i1.services.social.microsoft.com.nsatc.net"
"ipv6.msftncsi.com"
"ipv6.msftncsi.com.edgesuite.net"
"lb1.www.ms.akadns.net"
"live.rads.msn.com"
"m.adnxs.com"
"msedge.net"
"msftncsi.com"
"msnbot-65-55-108-23.search.msn.com"
"msntest.serving-sys.com"
"oca.telemetry.microsoft.com"
"oca.telemetry.microsoft.com.nsatc.net"
"onesettings-db5.metron.live.nsatc.net"
"pre.footprintpredict.com"
"preview.msn.com"
"rad.live.com"
"rad.msn.com"
"redir.metaservices.microsoft.com"
"reports.wes.df.telemetry.microsoft.com"
"schemas.microsoft.akadns.net"
"secure.adnxs.com"
"secure.flashtalking.com"
"services.wes.df.telemetry.microsoft.com"
"settings-sandbox.data.microsoft.com"
#"settings-win.data.microsoft.com" # may cause issues with Windows Updates
"sls.update.microsoft.com.akadns.net"
#"sls.update.microsoft.com.nsatc.net" # may cause issues with Windows Updates
"sqm.df.telemetry.microsoft.com"
"sqm.telemetry.microsoft.com"
"sqm.telemetry.microsoft.com.nsatc.net"
"ssw.live.com"
"static.2mdn.net"
"statsfe1.ws.microsoft.com"
"statsfe2.update.microsoft.com.akadns.net"
"statsfe2.ws.microsoft.com"
"survey.watson.microsoft.com"
"telecommand.telemetry.microsoft.com"
"telecommand.telemetry.microsoft.com.nsatc.net"
"telemetry.appex.bing.net"
"telemetry.microsoft.com"
"telemetry.urs.microsoft.com"
"vortex-bn2.metron.live.com.nsatc.net"
"vortex-cy2.metron.live.com.nsatc.net"
"vortex.data.microsoft.com"
"vortex-sandbox.data.microsoft.com"
"vortex-win.data.microsoft.com"
"cy2.vortex.data.microsoft.com.akadns.net"
"watson.live.com"
"watson.microsoft.com"
"watson.ppe.telemetry.microsoft.com"
"watson.telemetry.microsoft.com"
"watson.telemetry.microsoft.com.nsatc.net"
"wes.df.telemetry.microsoft.com"
"win10.ipv6.microsoft.com"
"www.bingads.microsoft.com"
"www.go.microsoft.akadns.net"
"www.msftncsi.com"
"client.wns.windows.com"
#"wdcp.microsoft.com" # may cause issues with Windows Defender Cloud-based protection
#"dns.msftncsi.com" # This causes Windows to think it doesn't have internet
#"storeedgefd.dsx.mp.microsoft.com" # breaks Windows Store
"wdcpalt.microsoft.com"
"settings-ssl.xboxlive.com"
"settings-ssl.xboxlive.com-c.edgekey.net"
"settings-ssl.xboxlive.com-c.edgekey.net.globalredir.akadns.net"
"e87.dspb.akamaidege.net"
"insiderservice.microsoft.com"
"insiderservice.trafficmanager.net"
"e3843.g.akamaiedge.net"
"flightingserviceweurope.cloudapp.net"
#"sls.update.microsoft.com" # may cause issues with Windows Updates
#"static.ads-twitter.com" # may cause issues with Twitter login
"www-google-analytics.l.google.com"
#"p.static.ads-twitter.com" # may cause issues with Twitter login
"hubspot.net.edge.net"
"e9483.a.akamaiedge.net"
#"www.google-analytics.com"
#"padgead2.googlesyndication.com"
#"mirror1.malwaredomains.com"
#"mirror.cedia.org.ec"
"stats.g.doubleclick.net"
"stats.l.doubleclick.net"
"adservice.google.de"
"adservice.google.com"
"googleads.g.doubleclick.net"
"pagead46.l.doubleclick.net"
"hubspot.net.edgekey.net"
"insiderppe.cloudapp.net" # Feedback-Hub
"livetileedge.dsx.mp.microsoft.com"
# extra
"fe2.update.microsoft.com.akadns.net"
"s0.2mdn.net"
"statsfe2.update.microsoft.com.akadns.net"
"survey.watson.microsoft.com"
"view.atdmt.com"
"watson.microsoft.com"
"watson.ppe.telemetry.microsoft.com"
"watson.telemetry.microsoft.com"
"watson.telemetry.microsoft.com.nsatc.net"
"wes.df.telemetry.microsoft.com"
"m.hotmail.com"
)
Write-Output "" | Out-File -Encoding ASCII -Append $hosts_file
foreach ($domain in $domains) {
if (-Not (Select-String -Path $hosts_file -Pattern $domain)) {
Write-Output "0.0.0.0 $domain" | Out-File -Encoding ASCII -Append $hosts_file
}
}
Write-Output "Adding telemetry ips to firewall"
$ips = @(
"134.170.30.202"
"137.116.81.24"
"157.56.106.189"
"184.86.53.99"
"2.22.61.43"
"2.22.61.66"
"204.79.197.200"
"23.218.212.69"
"65.39.117.230"
"65.55.108.23"
"64.4.54.254"
)
Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound `
-Action Block -RemoteAddress ([string[]]$ips)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment