Skip to content

Instantly share code, notes, and snippets.

@angstyloop

angstyloop/gp-configure-privacy-settings.ps1

Last active December 2, 2023 05:07
Show Gist options
  • Save angstyloop/8e9a6a69b995ccaaa70490dfced8e5d5 to your computer and use it in GitHub Desktop.
Save angstyloop/8e9a6a69b995ccaaa70490dfced8e5d5 to your computer and use it in GitHub Desktop.
Download ZIP
This PowerShell script creates a GPO that configures Privacy Settings Registry values.
Raw
gp-configure-privacy-settings.ps1
#!/bin/usr/pwsh
# Prefixes for registry key paths.
$currentVersion = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion'
$consentStore = "${currentVersion}\CapabilityAccessManager\ConsentStore"
$deviceAccess = "${currentVersion}\DeviceAccess"
# A list of Objects like.
# { Description: String, RegistryKey: String, Value: Int }
$registryKeys = @(
@{
Description = 'Location'
RegistryKey = "${consentStore}\location"
Value = 0
},
@{
Description = 'Webcam'
RegistryKey = "${consentStore}\webcam"
Value = 0
},
@{
Description = 'Microphone'
RegistryKey = "${consentStore}\microphone"
Value = 0
},
@{
Description = 'Notifications'
RegistryKey = "${consentStore}\userNotificationListener"
Value = 0
},
@{
Description = 'Motion'
RegistryKey = "${consentStore}\activity"
Value = 0
},
@{
Description = 'AccountInfo'
RegistryKey = "${consentStore}\userAccountInformation"
Value = 0
},
@{
Description = 'Contacts'
RegistryKey = "${consentStore}\contacts"
Value = 0
},
@{
Description = 'Appointments'
RegistryKey = "${consentStore}\appointments"
Value = 0
},
@{
Description = 'PhoneCallHistory'
RegistryKey = "${consentStore}\phoneCallHistory"
Value = 0
},
@{
Description = 'Email'
RegistryKey = "${consentStore}\email"
Value = 0
},
@{
Description = 'Tasks'
RegistryKey = "${consentStore}\userDataTasks"
Value = 0
},
@{
Description = 'Messaging'
RegistryKey = "${consentStore}\chat"
Value = 0
},
@{
Description = 'Radios'
RegistryKey = "${consentStore}\radios"
Value = 0
},
@{
Description = 'OtherDevices'
RegistryKey = "${consentStore}\bluetoothSync"
Value = 0
},
@{
Description = 'BackgroundApps'
RegistryKey = "${currentVersion}\Search"
Value = 0
},
@{
Description = 'AppDiagnostics'
RegistryKey = "${consentStore}\appDiagnostics"
Value = 0
},
@{
Description = 'Documents'
RegistryKey = "${consentStore}\documentsLibrary"
Value = 0
},
@{
Description = 'Pictures'
RegistryKey = "${consentStore}\picturesLibrary"
Value = 0
},
@{
Description = 'Videos'
RegistryKey = "${consentStore}\videosLibrary"
Value = 0
},
@{
Description = 'FileSystems'
RegistryKey = "${consentStore}\broadFileSystemAccess"
Value = 0
},
@{
Description = 'SyncInfoWithWirelessDevices'
RegistryKey = "${deviceAccess}\Global\LooselyCoupled"
Value = 0
},
@{
Description = 'ImprovedTyping'
RegistryKey = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Input\TIPC"
Value = 0
}
)
# Create a new GPO.
Write-Host "New-GPO -Name 'gpo-privacy-settings' | New-GPLink -Target 'DC=forest,DC=local'`n"
New-GPO -Name 'gpo-privacy-settings' | New-GPLink -Target 'DC=forest,DC=local'
# Add registry settings to the GPO.
$registryKeys | foreach {
Write-Host $_.Description
Write-Host "Set-GPRegistryValue -Name 'gpo-privacy-settings' -Key $($_.RegistryKey) -ValueName Enabled -Type DWord -Value $($_.Value)`n"
Set-GPRegistryValue `
-Name 'gpo-privacy-settings' `
-Key $_.RegistryKey `
-ValueName Enabled `
-Type DWord `
-Value $_.Value
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment