Last active
January 22, 2022 22:47
-
-
Save dbeattie71/b0890b356e8d71aa1ce3ed42c7c44aa5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install boxstarter: | |
| # . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
| # | |
| # You might need to set: Set-ExecutionPolicy RemoteSigned | |
| # | |
| # Run this boxstarter by calling the following from an **elevated** command-prompt: | |
| # start http://boxstarter.org/package/nr/url?<URL-TO-RAW-GIST> | |
| # OR | |
| # Install-BoxstarterPackage -PackageName <URL-TO-RAW-GIST> -DisableReboots | |
| # OR | |
| # $cred=Get-Credential $env:computername\user | |
| # Install-BoxstarterPackage -PackageName .\boxstarter-2.ps1 -Credential $cred | |
| # | |
| # Learn more: http://boxstarter.org/Learn/WebLauncher | |
| # Boxstarter options | |
| $Boxstarter.RebootOk = $true # Allow reboots? | |
| $Boxstarter.NoPassword = $false # Is this a machine with no login password? | |
| $Boxstarter.AutoLogin = $true # Save my password securely and auto-login after a reboot | |
| # Basic setup (Boxstarter stuff) | |
| Update-ExecutionPolicy RemoteSigned | |
| Enable-MicrosoftUpdate | |
| # All of the configuration tasks that will be run. | |
| $Configuration = @' | |
| [ | |
| "DisableWiFiSense", | |
| "DisableWebSearch", | |
| "DisableAppSuggestions", | |
| "DisableBackgroundApps", | |
| "DisableLockScreenSpotlight", | |
| "DisableLocationTracking", | |
| "DisableMapUpdates", | |
| "DisableFeedback", | |
| "DisableAdvertisingID", | |
| "DisableCortana", | |
| "DisableErrorReporting", | |
| "DisableAutoLogger", | |
| "DisableDiagTrack", | |
| "DisableWAPPush", | |
| "DisableAdminShares", | |
| "DisableSMB1", | |
| "DisableNetDevicesAutoInst", | |
| "DisableCtrldFolderAccess", | |
| "DisableAutoplay", | |
| "DisableAutorun", | |
| "DisableSleepTimeout", | |
| "DisableUpdateRestart", | |
| "DisableSharedExperiences", | |
| "DisableRemoteAssistance", | |
| "DisableActionCenter", | |
| "HideNetworkFromLockScreen", | |
| "HideShutdownFromLockScreen", | |
| "DisableStickyKeys", | |
| "ShowTaskManagerDetails", | |
| "ShowFileOperationsDetails", | |
| "HideTaskbarSearchBox", | |
| "HideTaskbarTitles", | |
| "HideTaskbarPeopleIcon", | |
| "DockTaskbarBottom", | |
| "ShowTrayIcons", | |
| "ShowKnownExtensions", | |
| "ShowHiddenFiles", | |
| "HideSyncNotifications", | |
| "HideRecentShortcuts", | |
| "SetExplorerThisPC", | |
| "ShowThisPCOnDesktop", | |
| "Hide3DObjectsFromThisPC", | |
| "Hide3DObjectsFromExplorer", | |
| "SetControlPanelViewIcons", | |
| "SetVisualFXPerformance", | |
| "UninstallMsftBloat", | |
| "UninstallThirdPartyBloat", | |
| "DisableXboxFeatures", | |
| "DisableAdobeFlash", | |
| "AddPhotoViewerOpenWith", | |
| "DisableSearchAppInStore", | |
| "EnableUpdateScheduleRestart", | |
| "SetVisualFXAppearance", | |
| "HideTaskView", | |
| "ShowSmallTaskbarIcons", | |
| "SetPhotoViewerAssociation", | |
| "UnpinStartMenuTiles", | |
| "RemoveDefaultPrinters", | |
| "ShowUserFolderOnDesktop" | |
| ] | |
| '@ | |
| # PowerShell Modules to install | |
| $ModulesToBeInstalled = @( | |
| ) | |
| # Chocolatey packages to install | |
| $ChocoInstalls = @( | |
| '7zip', | |
| '7zip.commandline', | |
| 'adobereader', | |
| 'awscli', | |
| 'azure-cli', | |
| 'curl', | |
| 'choco install 1password', | |
| 'docker-compose', | |
| 'docker-desktop', | |
| 'fiddler', | |
| 'filezilla', | |
| 'git.install', | |
| 'git-credential-manager-for-windows', | |
| 'golang', | |
| 'GoogleChrome', | |
| 'googledrive', | |
| 'itunes', | |
| 'jdk8', | |
| 'jdk11', | |
| 'jre8', | |
| 'keypirinha', | |
| 'malwarebytes', | |
| 'nmap', | |
| 'notepadplusplus', | |
| 'notepad2', | |
| 'nuget.commandline', | |
| 'openssh' | |
| 'postman', | |
| 'procexp', | |
| 'putty.install', | |
| 'python', | |
| 'python3', | |
| 'ruby', | |
| 'slack', | |
| 'sql-server-management-studio', | |
| 'sysinternals', | |
| 'toolsroot', | |
| 'vlc', | |
| 'windirstat', | |
| 'winrar', | |
| 'winscp', | |
| 'wget', | |
| 'vscode' | |
| ) | |
| # Visual Studio Code extensions to install (both code-insiders and code if available) | |
| $VSCodeExtensions = @( | |
| ) | |
| # Releases based github packages to download and install. I include Keeweb and the Hack font I love so dearly | |
| $GithubReleasesPackages = @{ | |
| } | |
| # Use the $MyPowerShellProfile to create a new powershell profile if one doesn't already exist | |
| $CreatePowershellProfile = $TRUE | |
| $MyPowerShellProfile = @' | |
| ## Detect if we are running powershell without a console. | |
| $_ISCONSOLE = $TRUE | |
| try { | |
| [System.Console]::Clear() | |
| } | |
| catch { | |
| $_ISCONSOLE = $FALSE | |
| } | |
| # Everything in this block is only relevant in a console. This keeps nonconsole based powershell sessions clean. | |
| if ($_ISCONSOLE) { | |
| ## Check SHIFT state ASAP at startup so we can use that to control verbosity :) | |
| try { | |
| Add-Type -Assembly PresentationCore, WindowsBase | |
| if ([System.Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::LeftShift) -or [System.Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightShift)) { | |
| $VerbosePreference = "Continue" | |
| } | |
| } | |
| catch { | |
| # Maybe this is a non-windows host? | |
| } | |
| ## Set the profile directory variable for possible use later | |
| Set-Variable ProfileDir (Split-Path $MyInvocation.MyCommand.Path -Parent) -Scope Global -Option AllScope, Constant -ErrorAction SilentlyContinue | |
| # Start OhMyPsh only if we are in a console | |
| if ($Host.Name -eq 'ConsoleHost') { | |
| if (Get-Module OhMyPsh -ListAvailable) { | |
| Import-Module OhMyPsh | |
| } | |
| } | |
| } | |
| # Relax the code signing restriction so we can actually get work done | |
| Import-module Microsoft.PowerShell.Security | |
| Set-ExecutionPolicy RemoteSigned Process | |
| '@ | |
| function Read-Choice { | |
| Param( | |
| [Parameter(Position = 0)] | |
| [System.String]$Message, | |
| [Parameter(Position = 1)] | |
| [ValidateNotNullOrEmpty()] | |
| [System.String[]]$Choices = @('&Yes', '&No', 'Yes to &All', 'No &to All'), | |
| [Parameter(Position = 2)] | |
| [System.Int32]$DefaultChoice = 0, | |
| [Parameter(Position = 3)] | |
| [System.String]$Title = [string]::Empty | |
| ) | |
| [System.Management.Automation.Host.ChoiceDescription[]]$Poss = $Choices | ForEach-Object { | |
| New-Object System.Management.Automation.Host.ChoiceDescription "$($_)", "Sets $_ as an answer." | |
| } | |
| $Host.UI.PromptForChoice( $Title, $Message, $Poss, $DefaultChoice ) | |
| } | |
| Function Get-SpecialPaths { | |
| $SpecialFolders = @{ } | |
| $names = [Environment+SpecialFolder]::GetNames([Environment+SpecialFolder]) | |
| foreach ($name in $names) { | |
| $SpecialFolders[$name] = [Environment]::GetFolderPath($name) | |
| } | |
| $SpecialFolders | |
| } | |
| Function Get-EnvironmentVariableNames { | |
| param ( | |
| [string]$Scope | |
| ) | |
| ([Environment]::GetEnvironmentVariables($Scope).GetEnumerator()).Name | |
| } | |
| Function Get-EnvironmentVariable { | |
| param ( | |
| [string]$Name, | |
| [string]$Scope | |
| ) | |
| [Environment]::GetEnvironmentVariable($Name, $Scope) | |
| } | |
| Function Update-SessionEnvironment { | |
| <# | |
| Ripped directly from the chocolatey project, used here just for initial setup | |
| #> | |
| $refreshEnv = $false | |
| $invocation = $MyInvocation | |
| if ($invocation.InvocationName -eq 'refreshenv') { | |
| $refreshEnv = $true | |
| } | |
| if ($refreshEnv) { | |
| Write-Output "Refreshing environment variables from the registry for powershell.exe. Please wait..." | |
| } | |
| else { | |
| Write-Verbose "Refreshing environment variables from the registry." | |
| } | |
| $userName = $env:USERNAME | |
| $architecture = $env:PROCESSOR_ARCHITECTURE | |
| $psModulePath = $env:PSModulePath | |
| #ordering is important here, $user comes after so we can override $machine | |
| 'Process', 'Machine', 'User' | | |
| % { | |
| $scope = $_ | |
| Get-EnvironmentVariableNames -Scope $scope | | |
| % { | |
| Set-Item "Env:$($_)" -Value (Get-EnvironmentVariable -Scope $scope -Name $_) | |
| } | |
| } | |
| #Path gets special treatment b/c it munges the two together | |
| $paths = 'Machine', 'User' | | |
| % { | |
| (Get-EnvironmentVariable -Name 'PATH' -Scope $_) -split ';' | |
| } | | |
| Select -Unique | |
| $Env:PATH = $paths -join ';' | |
| # PSModulePath is almost always updated by process, so we want to preserve it. | |
| $env:PSModulePath = $psModulePath | |
| # reset user and architecture | |
| if ($userName) { $env:USERNAME = $userName; } | |
| if ($architecture) { $env:PROCESSOR_ARCHITECTURE = $architecture; } | |
| if ($refreshEnv) { | |
| Write-Output "Finished" | |
| } | |
| } | |
| Function Add-EnvPath { | |
| # Adds a path to the $ENV:Path list for a user or system if it does not already exist (in both the system and user Path variables) | |
| param ( | |
| [string]$Location, | |
| [string]$NewPath | |
| ) | |
| $AllPaths = $Env:Path -split ';' | |
| if ($AllPaths -notcontains $NewPath) { | |
| Write-Output "Adding Utilties bin directory path to the environmental path list: $UtilBinPath" | |
| $NewPaths = (@(([Environment]::GetEnvironmentVariables($Location).GetEnumerator() | Where { $_.Name -eq 'Path' }).Value -split ';') + $UtilBinPath | Select-Object -Unique) -join ';' | |
| [Environment]::SetEnvironmentVariable("PATH", $NewPaths, $Location) | |
| } | |
| } | |
| function Start-Proc { | |
| param([string]$Exe = $(Throw "An executable must be specified"), | |
| [string]$Arguments, | |
| [switch]$Hidden, | |
| [switch]$waitforexit) | |
| $startinfo = New-Object System.Diagnostics.ProcessStartInfo | |
| $startinfo.FileName = $Exe | |
| $startinfo.Arguments = $Arguments | |
| if ($Hidden) { | |
| $startinfo.WindowStyle = 'Hidden' | |
| $startinfo.CreateNoWindow = $True | |
| } | |
| $process = [System.Diagnostics.Process]::Start($startinfo) | |
| if ($waitforexit) { $process.WaitForExit() } | |
| } | |
| function Get-HashiCorpLatestVersion { | |
| <# | |
| function to find the most recent version in the json manifest | |
| Note: We ignore anything not in strict x.x.x version format (betas and such) | |
| #> | |
| param( | |
| $manifest, | |
| $software | |
| ) | |
| (($manifest.$software.versions | get-member -MemberType 'NoteProperty').Name | Where { $_ -match "^\d+\.\d+\.\d+$" } | ForEach-Object { [version]$_ } | Sort-Object -Descending | Select-Object -First 1).ToString() | |
| } | |
| function Get-AllHashiCorpPackageLatestVersion { | |
| <# | |
| .SYNOPSIS | |
| Retreives the most recent version of Hashicorp software packages from a json manifest | |
| .DESCRIPTION | |
| Retreives the most recent version of Hashicorp software packages from a json manifest | |
| .PARAMETER manifest | |
| JSON manifest data to search. | |
| .EXAMPLE | |
| Get-AllHashiCorpPackageLatestVersion | |
| .NOTES | |
| Author: Zachary Loeber | |
| #> | |
| param( | |
| $manifest | |
| ) | |
| $OutHash = @{ } | |
| $manifest | Get-Member -MemberType 'NoteProperty' | Foreach { | |
| $OutHash.($_.Name) = Get-HashiCorpLatestVersion $manifest $_.Name | |
| } | |
| $OutHash | |
| } | |
| function Get-ChocoPackages { | |
| if (get-command clist -ErrorAction:SilentlyContinue) { | |
| clist -lo -r -all | Foreach { | |
| $Name, $Version = $_ -split '\|' | |
| New-Object -TypeName psobject -Property @{ | |
| 'Name' = $Name | |
| 'Version' = $Version | |
| } | |
| } | |
| } | |
| } | |
| # Add a path for windows defender to bypass | |
| function Add-DefenderBypassPath { | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Mandatory = $true, ValueFromPipeline = $true)] | |
| [string[]]$Path | |
| ) | |
| begin { | |
| $Paths = @() | |
| } | |
| process { | |
| $Paths += $Path | |
| } | |
| end { | |
| $Paths | Foreach-Object { | |
| if (-not [string]::isnullorempty($_)) { | |
| Add-MpPreference -ExclusionPath $_ -Force | |
| } | |
| } | |
| } | |
| } | |
| # Disable Wi-Fi Sense | |
| Function DisableWiFiSense { | |
| Write-Host "Disabling Wi-Fi Sense..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name "AutoConnectAllowedOEM" -Type Dword -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name "WiFISenseAllowed" -Type Dword -Value 0 | |
| } | |
| # Disable Web Search in Start Menu | |
| Function DisableWebSearch { | |
| Write-Host "Disabling Bing Search in Start Menu..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "DisableWebSearch" -Type DWord -Value 1 | |
| } | |
| # Disable Application suggestions and automatic installation | |
| Function DisableAppSuggestions { | |
| Write-Host "Disabling Application suggestions..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "ContentDeliveryAllowed" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "OemPreInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEverEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SilentInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338389Enabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338388Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1 | |
| } | |
| # Disable Background application access - ie. if apps can download or update when they aren't used - Cortana is excluded as its inclusion breaks start menu search | |
| Function DisableBackgroundApps { | |
| Write-Host "Disabling Background application access..." | |
| Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*" | ForEach { | |
| Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1 | |
| Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1 | |
| } | |
| } | |
| # Disable Lock screen Spotlight - New backgrounds, tips, advertisements etc. | |
| Function DisableLockScreenSpotlight { | |
| Write-Host "Disabling Lock screen spotlight..." | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenOverlayEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -Type DWord -Value 0 | |
| } | |
| # Disable Location Tracking | |
| Function DisableLocationTracking { | |
| Write-Host "Disabling Location Tracking..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0 | |
| } | |
| # Disable automatic Maps updates | |
| Function DisableMapUpdates { | |
| Write-Host "Disabling automatic Maps updates..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\Maps" -Name "AutoUpdateEnabled" -Type DWord -Value 0 | |
| } | |
| # Disable Feedback | |
| Function DisableFeedback { | |
| Write-Host "Disabling Feedback..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0 | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null | |
| } | |
| # Disable Advertising ID | |
| Function DisableAdvertisingID { | |
| Write-Host "Disabling Advertising ID..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 0 | |
| } | |
| # Disable Cortana | |
| Function DisableCortana { | |
| Write-Host "Disabling Cortana..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0 | |
| } | |
| # Disable Error reporting | |
| Function DisableErrorReporting { | |
| Write-Host "Disabling Error reporting..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting" -Name "Disabled" -Type DWord -Value 1 | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Windows Error Reporting\QueueReporting" | Out-Null | |
| } | |
| # Remove AutoLogger file and restrict directory | |
| Function DisableAutoLogger { | |
| Write-Host "Removing AutoLogger file and restricting directory..." | |
| $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger" | |
| If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") { | |
| Remove-Item -Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl" | |
| } | |
| icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null | |
| } | |
| # Stop and disable Diagnostics Tracking Service | |
| Function DisableDiagTrack { | |
| Write-Host "Stopping and disabling Diagnostics Tracking Service..." | |
| Stop-Service "DiagTrack" -WarningAction SilentlyContinue | |
| Set-Service "DiagTrack" -StartupType Disabled | |
| } | |
| # Stop and disable WAP Push Service | |
| Function DisableWAPPush { | |
| Write-Host "Stopping and disabling WAP Push Service..." | |
| Stop-Service "dmwappushservice" -WarningAction SilentlyContinue | |
| Set-Service "dmwappushservice" -StartupType Disabled | |
| } | |
| ########## | |
| # Service Tweaks | |
| ########## | |
| # Disable implicit administrative shares | |
| Function DisableAdminShares { | |
| Write-Host "Disabling implicit administrative shares..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareWks" -Type DWord -Value 0 | |
| } | |
| # Disable obsolete SMB 1.0 protocol - Disabled by default since 1709 | |
| Function DisableSMB1 { | |
| Write-Host "Disabling SMB 1.0 protocol..." | |
| Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force | |
| } | |
| # Disable automatic installation of network devices | |
| Function DisableNetDevicesAutoInst { | |
| Write-Host "Disabling automatic installation of network devices..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private" -Name "AutoSetup" -Type DWord -Value 0 | |
| } | |
| # Enable Controlled Folder Access (Defender Exploit Guard feature) - Not applicable to Server | |
| Function EnableCtrldFolderAccess { | |
| Write-Host "Enabling Controlled Folder Access..." | |
| Set-MpPreference -EnableControlledFolderAccess Enabled | |
| } | |
| # Disable Controlled Folder Access (Defender Exploit Guard feature) - Not applicable to Server | |
| Function DisableCtrldFolderAccess { | |
| Write-Host "Disabling Controlled Folder Access..." | |
| Set-MpPreference -EnableControlledFolderAccess Disabled | |
| } | |
| # Disable Windows Update automatic restart | |
| Function DisableUpdateRestart { | |
| Write-Host "Disabling Windows Update automatic restart..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -Type DWord -Value 0 | |
| } | |
| Function EnableUpdateScheduleRestart { | |
| Write-Host "Change Windows Updates to 'Notify to schedule restart'" | |
| If (-not (Test-Path "HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings")) { | |
| New-Item -Path HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Name UxOption -Type DWord -Value 1 | |
| If (-not (Test-Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings")) { | |
| New-Item -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Name UxOption -Type DWord -Value 1 | |
| } | |
| # Disable Shared Experiences - Not applicable to Server | |
| Function DisableSharedExperiences { | |
| Write-Host "Disabling Shared Experiences..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" -Name "RomeSdkChannelUserAuthzPolicy" -Type DWord -Value 0 | |
| } | |
| # Disable Remote Assistance - Not applicable to Server (unless Remote Assistance is explicitly installed) | |
| Function DisableRemoteAssistance { | |
| Write-Host "Disabling Remote Assistance..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0 | |
| } | |
| # Enable Remote Desktop w/o Network Level Authentication | |
| Function EnableRemoteDesktop { | |
| Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 | |
| } | |
| # Disable Remote Desktop | |
| Function DisableRemoteDesktop { | |
| Write-Host "Disabling Remote Desktop..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 1 | |
| } | |
| # Disable Autoplay | |
| Function DisableAutoplay { | |
| Write-Host "Disabling Autoplay..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1 | |
| } | |
| # Disable Autorun for all drives | |
| Function DisableAutorun { | |
| Write-Host "Disabling Autorun for all drives..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255 | |
| } | |
| # Disable display and sleep mode timeouts | |
| Function DisableSleepTimeout { | |
| Write-Host "Disabling display and sleep mode timeouts..." | |
| powercfg /X monitor-timeout-ac 0 | |
| powercfg /X monitor-timeout-dc 0 | |
| powercfg /X standby-timeout-ac 0 | |
| powercfg /X standby-timeout-dc 0 | |
| } | |
| ########## | |
| # UI Tweaks | |
| ########## | |
| # Disable Action Center | |
| Function DisableActionCenter { | |
| Write-Host "Disabling Action Center..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0 | |
| } | |
| # Hide network options from Lock Screen | |
| Function HideNetworkFromLockScreen { | |
| Write-Host "Hiding network options from Lock Screen..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "DontDisplayNetworkSelectionUI" -Type DWord -Value 1 | |
| } | |
| # Hide shutdown options from Lock Screen | |
| Function HideShutdownFromLockScreen { | |
| Write-Host "Hiding shutdown options from Lock Screen..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ShutdownWithoutLogon" -Type DWord -Value 0 | |
| } | |
| # Disable Sticky keys prompt | |
| Function DisableStickyKeys { | |
| Write-Host "Disabling Sticky keys prompt..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506" | |
| } | |
| # Show Task Manager details | |
| Function ShowTaskManagerDetails { | |
| Write-Host "Showing task manager details..." | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Force | Out-Null | |
| } | |
| $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue | |
| If (!($preferences)) { | |
| $taskmgr = Start-Process -WindowStyle Hidden -FilePath taskmgr.exe -PassThru | |
| While (!($preferences)) { | |
| Start-Sleep -m 250 | |
| $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue | |
| } | |
| Stop-Process $taskmgr | |
| } | |
| $preferences.Preferences[28] = 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -Type Binary -Value $preferences.Preferences | |
| } | |
| # Show file operations details | |
| Function ShowFileOperationsDetails { | |
| Write-Host "Showing file operations details..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" -Name "EnthusiastMode" -Type DWord -Value 1 | |
| } | |
| # Hide Taskbar Search button / box | |
| Function HideTaskbarSearchBox { | |
| Write-Host "Hiding Taskbar Search box / button..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0 | |
| } | |
| # Hide Task View button | |
| Function HideTaskView { | |
| Write-Host "Hiding Task View button..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0 | |
| } | |
| # Show small icons in taskbar | |
| Function ShowSmallTaskbarIcons { | |
| Write-Host "Showing small icons in taskbar..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1 | |
| } | |
| # Hide titles in taskbar | |
| Function HideTaskbarTitles { | |
| Write-Host "Hiding titles in taskbar..." | |
| Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" -ErrorAction SilentlyContinue | |
| } | |
| # Hide Taskbar People icon | |
| Function HideTaskbarPeopleIcon { | |
| Write-Host "Hiding People icon..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0 | |
| } | |
| # Dock the taskbar to the bottom of the screen | |
| Function DockTaskBarBottom { | |
| Write-Output "Docking the taskbar to the bottom of the screen..." | |
| if (Test-Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2') { | |
| $CurrPath = 'StuckRects2' | |
| } | |
| elseif (Test-Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StuckRects3') { | |
| $CurrPath = 'StuckRects3' | |
| } | |
| else { | |
| Write-Warning 'Unable to set the taskbar setting' | |
| return | |
| } | |
| $BasePath = 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' | |
| $RegPath = Join-Path $BasePath $CurrPath | |
| try { | |
| $CurrSettings = (Get-ItemProperty $RegPath).Settings | |
| $CurrSettings[12] = 0 | |
| Set-ItemProperty -Path $BasePath -Name $CurrPath -Value $CurrSettings -Type Binary | |
| } | |
| catch { | |
| Write-Warning "Unable to pull the current registry settings!" | |
| } | |
| } | |
| # Show all tray icons | |
| Function ShowTrayIcons { | |
| Write-Host "Showing all tray icons..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0 | |
| } | |
| # Show known file extensions | |
| Function ShowKnownExtensions { | |
| Write-Host "Showing known file extensions..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0 | |
| } | |
| # Show hidden files | |
| Function ShowHiddenFiles { | |
| Write-Host "Showing hidden files..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1 | |
| } | |
| # Hide sync provider notifications | |
| Function HideSyncNotifications { | |
| Write-Host "Hiding sync provider notifications..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowSyncProviderNotifications" -Type DWord -Value 0 | |
| } | |
| # Hide recently and frequently used item shortcuts in Explorer | |
| Function HideRecentShortcuts { | |
| Write-Host "Hiding recent shortcuts..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowRecent" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowFrequent" -Type DWord -Value 0 | |
| } | |
| # Change default Explorer view to This PC | |
| Function SetExplorerThisPC { | |
| Write-Host "Changing default Explorer view to This PC..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1 | |
| } | |
| # Show This PC shortcut on desktop | |
| Function ShowThisPCOnDesktop { | |
| Write-Host "Showing This PC shortcut on desktop..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 | |
| } | |
| # Show User Folder shortcut on desktop | |
| Function ShowUserFolderOnDesktop { | |
| Write-Host "Showing User Folder shortcut on desktop..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" -Type DWord -Value 0 | |
| } | |
| # Hide 3D Objects icon from This PC - The icon remains in personal folders and open/save dialogs | |
| Function Hide3DObjectsFromThisPC { | |
| Write-Host "Hiding 3D Objects icon from This PC..." | |
| Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" -Recurse -ErrorAction SilentlyContinue | |
| } | |
| # Hide 3D Objects icon from Explorer namespace - Hides the icon also from personal folders and open/save dialogs | |
| Function Hide3DObjectsFromExplorer { | |
| Write-Host "Hiding 3D Objects icon from Explorer namespace..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Hide" | |
| If (!(Test-Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Hide" | |
| } | |
| # Set Control Panel view to icons (Classic) - Note: May trigger antimalware | |
| Function SetControlPanelViewIcons { | |
| Write-Host "Setting Control Panel view to icons..." | |
| Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "ForceClassicControlPanel" -Type DWord -Value 1 | |
| } | |
| # Adjusts visual effects for performance - Disables animations, transparency etc. but leaves font smoothing and miniatures enabled | |
| Function SetVisualFXPerformance { | |
| Write-Host "Adjusting visual effects for performance..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "DragFullWindows" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "MenuShowDelay" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "UserPreferencesMask" -Type Binary -Value ([byte[]](0x90, 0x12, 0x03, 0x80, 0x10, 0x00, 0x00, 0x00)) | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop\WindowMetrics" -Name "MinAnimate" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Keyboard" -Name "KeyboardDelay" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewAlphaSelect" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewShadow" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarAnimations" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" -Name "VisualFXSetting" -Type DWord -Value 3 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\DWM" -Name "EnableAeroPeek" -Type DWord -Value 0 | |
| } | |
| # Adjusts visual effects for appearance | |
| Function SetVisualFXAppearance { | |
| Write-Host "Adjusting visual effects for appearance..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "DragFullWindows" -Type String -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "MenuShowDelay" -Type String -Value 400 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "UserPreferencesMask" -Type Binary -Value ([byte[]](0x9E, 0x1E, 0x07, 0x80, 0x12, 0x00, 0x00, 0x00)) | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop\WindowMetrics" -Name "MinAnimate" -Type String -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Keyboard" -Name "KeyboardDelay" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewAlphaSelect" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewShadow" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarAnimations" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" -Name "VisualFXSetting" -Type DWord -Value 3 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\DWM" -Name "EnableAeroPeek" -Type DWord -Value 1 | |
| } | |
| ########## | |
| # Application Tweaks | |
| ########## | |
| # Uninstall default Microsoft applications | |
| Function UninstallMsftBloat { | |
| Write-Host "Uninstalling default Microsoft applications..." | |
| Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.People" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage | |
| Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftStickyNotes" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.OneConnect" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsFeedbackHub" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MinecraftUWP" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftPowerBIForWindows" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.NetworkSpeedTest" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MSPaint" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Microsoft3DViewer" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Print3D" | Remove-AppxPackage | |
| } | |
| # Uninstall default third party applications | |
| function UninstallThirdPartyBloat { | |
| Write-Host "Uninstalling default third party applications..." | |
| Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage | |
| Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage | |
| Get-AppxPackage "4DF9E0F8.Netflix" | Remove-AppxPackage | |
| Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage | |
| Get-AppxPackage "D52A8D61.FarmVille2CountryEscape" | Remove-AppxPackage | |
| Get-AppxPackage "GAMELOFTSA.Asphalt8Airborne" | Remove-AppxPackage | |
| Get-AppxPackage "flaregamesGmbH.RoyalRevolt2" | Remove-AppxPackage | |
| Get-AppxPackage "AdobeSystemsIncorporated.AdobePhotoshopExpress" | Remove-AppxPackage | |
| Get-AppxPackage "ActiproSoftwareLLC.562882FEEB491" | Remove-AppxPackage | |
| Get-AppxPackage "D5EA27B7.Duolingo-LearnLanguagesforFree" | Remove-AppxPackage | |
| Get-AppxPackage "Facebook.Facebook" | Remove-AppxPackage | |
| Get-AppxPackage "46928bounde.EclipseManager" | Remove-AppxPackage | |
| Get-AppxPackage "A278AB0D.MarchofEmpires" | Remove-AppxPackage | |
| Get-AppxPackage "KeeperSecurityInc.Keeper" | Remove-AppxPackage | |
| Get-AppxPackage "king.com.BubbleWitch3Saga" | Remove-AppxPackage | |
| Get-AppxPackage "89006A2E.AutodeskSketchBook" | Remove-AppxPackage | |
| Get-AppxPackage "CAF9E577.Plex" | Remove-AppxPackage | |
| Get-AppxPackage "A278AB0D.DisneyMagicKingdoms" | Remove-AppxPackage | |
| Get-AppxPackage "828B5831.HiddenCityMysteryofShadows" | Remove-AppxPackage | |
| Get-AppxPackage "WinZipComputing.WinZipUniversal" | Remove-AppxPackage | |
| Get-AppxPackage "SpotifyAB.SpotifyMusic" | Remove-AppxPackage | |
| Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage | |
| Get-AppxPackage "2414FC7A.Viber" | Remove-AppxPackage | |
| Get-AppxPackage "64885BlueEdge.OneCalendar" | Remove-AppxPackage | |
| Get-AppxPackage "41038Axilesoft.ACGMediaPlayer" | Remove-AppxPackage | |
| } | |
| # Disable Xbox features | |
| Function DisableXboxFeatures { | |
| Write-Host "Disabling Xbox features..." | |
| Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxIdentityProvider" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxSpeechToTextOverlay" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxGameOverlay" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Xbox.TCUI" | Remove-AppxPackage | |
| Set-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name "GameDVR_Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -Type DWord -Value 0 | |
| } | |
| # Disable built-in Adobe Flash in IE and Edge | |
| Function DisableAdobeFlash { | |
| Write-Host "Disabling built-in Adobe Flash in IE and Edge..." | |
| If (!(Test-Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons")) { | |
| New-Item -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Name "FlashPlayerEnabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Name "Flags" -Type DWord -Value 1 | |
| } | |
| # Install Hyper-V - Not applicable to Home | |
| Function InstallHyperV { | |
| Write-Host "Installing Hyper-V..." | |
| If ((Get-WmiObject -Class "Win32_OperatingSystem").Caption -like "*Server*") { | |
| Install-WindowsFeature -Name "Hyper-V" -IncludeManagementTools -WarningAction SilentlyContinue | Out-Null | |
| } | |
| Else { | |
| Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V-All" -NoRestart -WarningAction SilentlyContinue | Out-Null | |
| } | |
| } | |
| # Install Linux Subsystem - Applicable to 1607 or newer, not applicable to Server yet | |
| Function InstallLinuxSubsystem { | |
| Write-Host "Installing Linux Subsystem..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 1 | |
| Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null | |
| } | |
| # Set Photo Viewer association for bmp, gif, jpg, png and tif | |
| Function SetPhotoViewerAssociation { | |
| Write-Host "Setting Photo Viewer association for bmp, gif, jpg, png and tif..." | |
| If (!(Test-Path "HKCR:")) { | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null | |
| } | |
| ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) { | |
| New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null | |
| New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null | |
| Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043" | |
| Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | |
| } | |
| } | |
| # Add Photo Viewer to "Open with..." | |
| Function AddPhotoViewerOpenWith { | |
| Write-Host "Adding Photo Viewer to `"Open with...`"" | |
| If (!(Test-Path "HKCR:")) { | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null | |
| } | |
| New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null | |
| New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043" | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" | |
| } | |
| # Disable search for app in store for unknown extensions | |
| Function DisableSearchAppInStore { | |
| Write-Host "Disabling search for app in store for unknown extensions..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "NoUseStoreOpenWith" -Type DWord -Value 1 | |
| } | |
| ########## | |
| # Unpinning | |
| ########## | |
| # Unpin all Start Menu tiles - Not applicable to Server - Note: This function has no counterpart. You have to pin the tiles back manually. | |
| Function UnpinStartMenuTiles { | |
| Write-Host "Unpinning all Start Menu tiles..." | |
| Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount" -Include "*.group" -Recurse | ForEach-Object { | |
| $data = (Get-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data").Data -Join "," | |
| $data = $data.Substring(0, $data.IndexOf(",0,202,30") + 9) + ",0,202,80,0,0" | |
| Set-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data" -Type Binary -Value $data.Split(",") | |
| } | |
| } | |
| # Remove default printers | |
| Function RemoveDefaultPrinters { | |
| Remove-Printer -Name "Microsoft XPS Document Writer" -ErrorAction:SilentlyContinue | |
| Remove-Printer -Name "Microsoft Print to PDF" -ErrorAction:SilentlyContinue | |
| Remove-Printer -Name "Fax" -ErrorAction:SilentlyContinue | |
| } | |
| #---- TEMPORARY --- | |
| Disable-UAC | |
| #--- Set TimeZone --- | |
| Set-TimeZone -Id "Central Standard Time" -PassThru | |
| #--- Enable developer mode on the system --- | |
| Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\AppModelUnlock -Name AllowDevelopmentWithoutDevLicense -Value 1 | |
| #--- Hyper-v --- | |
| InstallHyperV | |
| #choco install Microsoft-Hyper-V-All -source WindowsFeatures -y | |
| #--- Docker --- | |
| Enable-WindowsOptionalFeature -Online -FeatureName containers -All | |
| RefreshEnv | |
| try { | |
| $tweaks = $Configuration | ConvertFrom-Json | |
| } | |
| catch { | |
| throw 'Unable to load configuration file!' | |
| } | |
| if ($tweaks.count -gt 0) { | |
| $RunTweaks = Read-Choice -Message "Continue with the execution of $($tweaks.count) system configuration tweaks?" -Choices @('&Yes', '&No') | |
| if ($RunTweaks -eq 0) { | |
| # Call the desired tweak functions | |
| $tweaks | ForEach-Object { | |
| Invoke-Expression $_ | |
| } | |
| } | |
| } | |
| # Need this to download via Invoke-WebRequest | |
| [net.servicepointmanager]::securityprotocol = [system.security.authentication.sslprotocols] "tls, tls11, tls12" | |
| # Trust the psgallery for installs | |
| Write-Host -ForegroundColor 'Yellow' 'Setting PSGallery as a trusted installation source...' | |
| Set-PSRepository -Name PSGallery -InstallationPolicy Trusted | |
| # Install/Update PowershellGet and PackageManager if needed | |
| try { | |
| Import-Module PowerShellGet | |
| } | |
| catch { | |
| throw 'Unable to load PowerShellGet!' | |
| } | |
| # Need to set Nuget as a provider before installing modules via PowerShellGet | |
| $null = Install-PackageProvider -Name NuGet -Force | |
| # # Store a few things for later use | |
| # $SpecialPaths = Get-SpecialPaths | |
| $packages = Get-Package | |
| if (@($packages | Where-Object { $_.Name -eq 'PackageManagement' }).Count -eq 0) { | |
| Write-Host -ForegroundColor cyan "PackageManager is installed but not being maintained via the PowerShell gallery (so it will never get updated). Forcing the install of this module through the gallery to rectify this now." | |
| Install-Module PackageManagement -Force | |
| Install-Module PowerShellGet -Force | |
| Write-Host -ForegroundColor:Red "PowerShellGet and PackageManagement have been installed from the gallery. You need to close and rerun this script for them to work properly!" | |
| Invoke-Reboot | |
| } | |
| else { | |
| $InstalledModules = (Get-InstalledModule).name | |
| $ModulesToBeInstalled = $ModulesToBeInstalled | Where-Object { $InstalledModules -notcontains $_ } | |
| if ($ModulesToBeInstalled.Count -gt 0) { | |
| Write-Host -ForegroundColor:cyan "Installing modules that are not already installed via powershellget. Modules to be installed = $($ModulesToBeInstalled.Count)" | |
| Install-Module -Name $ModulesToBeInstalled -AllowClobber -ErrorAction:SilentlyContinue | |
| } | |
| else { | |
| Write-Output "No modules were found that needed to be installed." | |
| } | |
| } | |
| <# | |
| Install any chocolatey packages we want setup now | |
| #> | |
| Write-Output "Installing software via chocolatey" | |
| # Don't try to download and install a package if it shows already installed | |
| $InstalledChocoPackages = (Get-ChocoPackages).Name | |
| $ChocoInstalls = $ChocoInstalls | Where { $InstalledChocoPackages -notcontains $_ } | |
| if ($ChocoInstalls.Count -gt 0) { | |
| # Install a ton of other crap I use or like, update $ChocoInsalls to suit your needs of course | |
| $ChocoInstalls | Foreach-Object { | |
| try { | |
| # cinst $_ | |
| # choco install -y $_ | |
| choco upgrade -y $_ | |
| # choco upgrade -y $_ --cacheLocation "$($env:userprofile)\AppData\Local\Temp\chocolatey" | |
| } | |
| catch { | |
| Write-Warning "Unable to install software package with Chocolatey: $($_)" | |
| } | |
| } | |
| } | |
| else { | |
| Write-Output 'There were no packages to install!' | |
| } | |
| # Visual Studio Code extension setup | |
| if ($null -ne (get-command 'code' -ErrorAction:SilentlyContinue)) { | |
| Write-Host "Installing $($VSCodeExtensions.count) extensions to VS Code" | |
| $VSCodeExtensions | ForEach-Object { | |
| code --install-extension $_ | |
| } | |
| } | |
| # Github releases based software. | |
| Foreach ($software in $GithubReleasesPackages.keys) { | |
| $releases = "https://api.github.com/repos/$software/releases" | |
| Write-Output "Determining latest release for repo $Software" | |
| $tag = (Invoke-WebRequest $releases -UseBasicParsing | ConvertFrom-Json)[0] | |
| $tag.assets | foreach { | |
| if ($_.name -like $GithubReleasesPackages[$software]) { | |
| if ( -not (Test-Path $_.name)) { | |
| try { | |
| Write-Output "Downloading $($_.name)..." | |
| Invoke-WebRequest $_.'browser_download_url' -OutFile $_.Name | |
| $FilesDownloaded += $_.Name | |
| } | |
| catch { } | |
| } | |
| else { | |
| Write-Warning "File is already downloaded, skipping: $($_.Name)" | |
| } | |
| } | |
| } | |
| } | |
| if ($CreatePowershellProfile -and (-not (Test-Path $PROFILE))) { | |
| Write-Output 'Creating user powershell profile...' | |
| $MyPowerShellProfile | Out-File -FilePath $PROFILE -Encoding:utf8 -Force | |
| } | |
| Install-WindowsUpdate -AcceptEula -GetUpdatesFromMS | |
| Enable-UAC | |
| if (Test-PendingReboot) { | |
| Invoke-Reboot | |
| } | |
| Write-Host -ForegroundColor:Green "Install and configuration complete!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install boxstarter: | |
| # . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
| # | |
| # You might need to set: Set-ExecutionPolicy RemoteSigned | |
| # | |
| # Run this boxstarter by calling the following from an **elevated** command-prompt: | |
| # start http://boxstarter.org/package/nr/url?<URL-TO-RAW-GIST> | |
| # OR | |
| # Install-BoxstarterPackage -PackageName <URL-TO-RAW-GIST> -DisableReboots | |
| # OR | |
| # $cred=Get-Credential $env:computername\user | |
| # Install-BoxstarterPackage -PackageName .\boxstarter-2.ps1 -Credential $cred | |
| # | |
| # Learn more: http://boxstarter.org/Learn/WebLauncher | |
| # Boxstarter options | |
| $Boxstarter.RebootOk = $true # Allow reboots? | |
| $Boxstarter.NoPassword = $false # Is this a machine with no login password? | |
| $Boxstarter.AutoLogin = $true # Save my password securely and auto-login after a reboot | |
| # Basic setup (Boxstarter stuff) | |
| Update-ExecutionPolicy RemoteSigned | |
| Enable-MicrosoftUpdate | |
| # All of the configuration tasks that will be run. | |
| $Configuration = @' | |
| [ | |
| "DisableWiFiSense", | |
| "DisableWebSearch", | |
| "DisableAppSuggestions", | |
| "DisableBackgroundApps", | |
| "DisableLockScreenSpotlight", | |
| "DisableLocationTracking", | |
| "DisableMapUpdates", | |
| "DisableFeedback", | |
| "DisableAdvertisingID", | |
| "DisableCortana", | |
| "DisableErrorReporting", | |
| "DisableAutoLogger", | |
| "DisableDiagTrack", | |
| "DisableWAPPush", | |
| "DisableAdminShares", | |
| "DisableSMB1", | |
| "DisableNetDevicesAutoInst", | |
| "DisableCtrldFolderAccess", | |
| "DisableAutoplay", | |
| "DisableAutorun", | |
| "DisableSleepTimeout", | |
| "DisableUpdateRestart", | |
| "DisableSharedExperiences", | |
| "DisableRemoteAssistance", | |
| "DisableActionCenter", | |
| "HideNetworkFromLockScreen", | |
| "HideShutdownFromLockScreen", | |
| "DisableStickyKeys", | |
| "ShowTaskManagerDetails", | |
| "ShowFileOperationsDetails", | |
| "HideTaskbarSearchBox", | |
| "HideTaskbarTitles", | |
| "HideTaskbarPeopleIcon", | |
| "DockTaskbarBottom", | |
| "ShowTrayIcons", | |
| "ShowKnownExtensions", | |
| "ShowHiddenFiles", | |
| "HideSyncNotifications", | |
| "HideRecentShortcuts", | |
| "SetExplorerThisPC", | |
| "ShowThisPCOnDesktop", | |
| "Hide3DObjectsFromThisPC", | |
| "Hide3DObjectsFromExplorer", | |
| "SetControlPanelViewIcons", | |
| "SetVisualFXPerformance", | |
| "UninstallMsftBloat", | |
| "UninstallThirdPartyBloat", | |
| "DisableAdobeFlash", | |
| "AddPhotoViewerOpenWith", | |
| "DisableSearchAppInStore", | |
| "EnableUpdateScheduleRestart", | |
| "SetVisualFXAppearance", | |
| "HideTaskView", | |
| "ShowSmallTaskbarIcons", | |
| "SetPhotoViewerAssociation", | |
| "UnpinStartMenuTiles", | |
| "RemoveDefaultPrinters", | |
| "ShowUserFolderOnDesktop" | |
| ] | |
| '@ | |
| # PowerShell Modules to install | |
| $ModulesToBeInstalled = @( | |
| ) | |
| # Chocolatey packages to install | |
| $ChocoInstalls = @( | |
| '7zip', | |
| '7zip.commandline', | |
| 'adobereader', | |
| 'curl', | |
| 'dashlane', | |
| 'dashlane-chrome', | |
| 'fiddler', | |
| 'filezilla', | |
| 'git.install', | |
| 'git-credential-manager-for-windows', | |
| 'golang', | |
| 'GoogleChrome', | |
| 'itunes', | |
| 'jre8', | |
| 'keypirinha', | |
| 'malwarebytes', | |
| 'notepadplusplus', | |
| 'notepad2', | |
| 'postman', | |
| 'procexp', | |
| 'python', | |
| 'python3', | |
| 'sysinternals', | |
| 'vlc', | |
| 'windirstat', | |
| 'winrar', | |
| 'wget', | |
| 'vscode' | |
| ) | |
| # Visual Studio Code extensions to install (both code-insiders and code if available) | |
| $VSCodeExtensions = @( | |
| 'ms-vscode.csharp', | |
| 'ms-vscode.PowerShell', | |
| 'ms-vscode-remote.remote-wsl', | |
| 'ms-vsonline.vsonline', | |
| 'ms-vscode.go' | |
| ) | |
| # Releases based github packages to download and install. I include Keeweb and the Hack font I love so dearly | |
| $GithubReleasesPackages = @{ | |
| 'limetree07/copy-unc-path' = "copy-unc-path-2.1.exe" | |
| } | |
| # Use the $MyPowerShellProfile to create a new powershell profile if one doesn't already exist | |
| $CreatePowershellProfile = $TRUE | |
| $MyPowerShellProfile = @' | |
| ## Detect if we are running powershell without a console. | |
| $_ISCONSOLE = $TRUE | |
| try { | |
| [System.Console]::Clear() | |
| } | |
| catch { | |
| $_ISCONSOLE = $FALSE | |
| } | |
| # Everything in this block is only relevant in a console. This keeps nonconsole based powershell sessions clean. | |
| if ($_ISCONSOLE) { | |
| ## Check SHIFT state ASAP at startup so we can use that to control verbosity :) | |
| try { | |
| Add-Type -Assembly PresentationCore, WindowsBase | |
| if ([System.Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::LeftShift) -or [System.Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightShift)) { | |
| $VerbosePreference = "Continue" | |
| } | |
| } | |
| catch { | |
| # Maybe this is a non-windows host? | |
| } | |
| ## Set the profile directory variable for possible use later | |
| Set-Variable ProfileDir (Split-Path $MyInvocation.MyCommand.Path -Parent) -Scope Global -Option AllScope, Constant -ErrorAction SilentlyContinue | |
| # Start OhMyPsh only if we are in a console | |
| if ($Host.Name -eq 'ConsoleHost') { | |
| if (Get-Module OhMyPsh -ListAvailable) { | |
| Import-Module OhMyPsh | |
| } | |
| } | |
| } | |
| # Relax the code signing restriction so we can actually get work done | |
| Import-module Microsoft.PowerShell.Security | |
| Set-ExecutionPolicy RemoteSigned Process | |
| '@ | |
| function Read-Choice { | |
| Param( | |
| [Parameter(Position = 0)] | |
| [System.String]$Message, | |
| [Parameter(Position = 1)] | |
| [ValidateNotNullOrEmpty()] | |
| [System.String[]]$Choices = @('&Yes', '&No', 'Yes to &All', 'No &to All'), | |
| [Parameter(Position = 2)] | |
| [System.Int32]$DefaultChoice = 0, | |
| [Parameter(Position = 3)] | |
| [System.String]$Title = [string]::Empty | |
| ) | |
| [System.Management.Automation.Host.ChoiceDescription[]]$Poss = $Choices | ForEach-Object { | |
| New-Object System.Management.Automation.Host.ChoiceDescription "$($_)", "Sets $_ as an answer." | |
| } | |
| $Host.UI.PromptForChoice( $Title, $Message, $Poss, $DefaultChoice ) | |
| } | |
| Function Get-SpecialPaths { | |
| $SpecialFolders = @{ } | |
| $names = [Environment+SpecialFolder]::GetNames([Environment+SpecialFolder]) | |
| foreach ($name in $names) { | |
| $SpecialFolders[$name] = [Environment]::GetFolderPath($name) | |
| } | |
| $SpecialFolders | |
| } | |
| Function Get-EnvironmentVariableNames { | |
| param ( | |
| [string]$Scope | |
| ) | |
| ([Environment]::GetEnvironmentVariables($Scope).GetEnumerator()).Name | |
| } | |
| Function Get-EnvironmentVariable { | |
| param ( | |
| [string]$Name, | |
| [string]$Scope | |
| ) | |
| [Environment]::GetEnvironmentVariable($Name, $Scope) | |
| } | |
| Function Update-SessionEnvironment { | |
| <# | |
| Ripped directly from the chocolatey project, used here just for initial setup | |
| #> | |
| $refreshEnv = $false | |
| $invocation = $MyInvocation | |
| if ($invocation.InvocationName -eq 'refreshenv') { | |
| $refreshEnv = $true | |
| } | |
| if ($refreshEnv) { | |
| Write-Output "Refreshing environment variables from the registry for powershell.exe. Please wait..." | |
| } | |
| else { | |
| Write-Verbose "Refreshing environment variables from the registry." | |
| } | |
| $userName = $env:USERNAME | |
| $architecture = $env:PROCESSOR_ARCHITECTURE | |
| $psModulePath = $env:PSModulePath | |
| #ordering is important here, $user comes after so we can override $machine | |
| 'Process', 'Machine', 'User' | | |
| % { | |
| $scope = $_ | |
| Get-EnvironmentVariableNames -Scope $scope | | |
| % { | |
| Set-Item "Env:$($_)" -Value (Get-EnvironmentVariable -Scope $scope -Name $_) | |
| } | |
| } | |
| #Path gets special treatment b/c it munges the two together | |
| $paths = 'Machine', 'User' | | |
| % { | |
| (Get-EnvironmentVariable -Name 'PATH' -Scope $_) -split ';' | |
| } | | |
| Select -Unique | |
| $Env:PATH = $paths -join ';' | |
| # PSModulePath is almost always updated by process, so we want to preserve it. | |
| $env:PSModulePath = $psModulePath | |
| # reset user and architecture | |
| if ($userName) { $env:USERNAME = $userName; } | |
| if ($architecture) { $env:PROCESSOR_ARCHITECTURE = $architecture; } | |
| if ($refreshEnv) { | |
| Write-Output "Finished" | |
| } | |
| } | |
| Function Add-EnvPath { | |
| # Adds a path to the $ENV:Path list for a user or system if it does not already exist (in both the system and user Path variables) | |
| param ( | |
| [string]$Location, | |
| [string]$NewPath | |
| ) | |
| $AllPaths = $Env:Path -split ';' | |
| if ($AllPaths -notcontains $NewPath) { | |
| Write-Output "Adding Utilties bin directory path to the environmental path list: $UtilBinPath" | |
| $NewPaths = (@(([Environment]::GetEnvironmentVariables($Location).GetEnumerator() | Where { $_.Name -eq 'Path' }).Value -split ';') + $UtilBinPath | Select-Object -Unique) -join ';' | |
| [Environment]::SetEnvironmentVariable("PATH", $NewPaths, $Location) | |
| } | |
| } | |
| function Start-Proc { | |
| param([string]$Exe = $(Throw "An executable must be specified"), | |
| [string]$Arguments, | |
| [switch]$Hidden, | |
| [switch]$waitforexit) | |
| $startinfo = New-Object System.Diagnostics.ProcessStartInfo | |
| $startinfo.FileName = $Exe | |
| $startinfo.Arguments = $Arguments | |
| if ($Hidden) { | |
| $startinfo.WindowStyle = 'Hidden' | |
| $startinfo.CreateNoWindow = $True | |
| } | |
| $process = [System.Diagnostics.Process]::Start($startinfo) | |
| if ($waitforexit) { $process.WaitForExit() } | |
| } | |
| function Get-HashiCorpLatestVersion { | |
| <# | |
| function to find the most recent version in the json manifest | |
| Note: We ignore anything not in strict x.x.x version format (betas and such) | |
| #> | |
| param( | |
| $manifest, | |
| $software | |
| ) | |
| (($manifest.$software.versions | get-member -MemberType 'NoteProperty').Name | Where { $_ -match "^\d+\.\d+\.\d+$" } | ForEach-Object { [version]$_ } | Sort-Object -Descending | Select-Object -First 1).ToString() | |
| } | |
| function Get-AllHashiCorpPackageLatestVersion { | |
| <# | |
| .SYNOPSIS | |
| Retreives the most recent version of Hashicorp software packages from a json manifest | |
| .DESCRIPTION | |
| Retreives the most recent version of Hashicorp software packages from a json manifest | |
| .PARAMETER manifest | |
| JSON manifest data to search. | |
| .EXAMPLE | |
| Get-AllHashiCorpPackageLatestVersion | |
| .NOTES | |
| Author: Zachary Loeber | |
| #> | |
| param( | |
| $manifest | |
| ) | |
| $OutHash = @{ } | |
| $manifest | Get-Member -MemberType 'NoteProperty' | Foreach { | |
| $OutHash.($_.Name) = Get-HashiCorpLatestVersion $manifest $_.Name | |
| } | |
| $OutHash | |
| } | |
| function Get-ChocoPackages { | |
| if (get-command clist -ErrorAction:SilentlyContinue) { | |
| clist -lo -r -all | Foreach { | |
| $Name, $Version = $_ -split '\|' | |
| New-Object -TypeName psobject -Property @{ | |
| 'Name' = $Name | |
| 'Version' = $Version | |
| } | |
| } | |
| } | |
| } | |
| # Add a path for windows defender to bypass | |
| function Add-DefenderBypassPath { | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Mandatory = $true, ValueFromPipeline = $true)] | |
| [string[]]$Path | |
| ) | |
| begin { | |
| $Paths = @() | |
| } | |
| process { | |
| $Paths += $Path | |
| } | |
| end { | |
| $Paths | Foreach-Object { | |
| if (-not [string]::isnullorempty($_)) { | |
| Add-MpPreference -ExclusionPath $_ -Force | |
| } | |
| } | |
| } | |
| } | |
| # Disable Wi-Fi Sense | |
| Function DisableWiFiSense { | |
| Write-Host "Disabling Wi-Fi Sense..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name "AutoConnectAllowedOEM" -Type Dword -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name "WiFISenseAllowed" -Type Dword -Value 0 | |
| } | |
| # Disable Web Search in Start Menu | |
| Function DisableWebSearch { | |
| Write-Host "Disabling Bing Search in Start Menu..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "DisableWebSearch" -Type DWord -Value 1 | |
| } | |
| # Disable Application suggestions and automatic installation | |
| Function DisableAppSuggestions { | |
| Write-Host "Disabling Application suggestions..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "ContentDeliveryAllowed" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "OemPreInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEverEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SilentInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338389Enabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338388Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1 | |
| } | |
| # Disable Background application access - ie. if apps can download or update when they aren't used - Cortana is excluded as its inclusion breaks start menu search | |
| Function DisableBackgroundApps { | |
| Write-Host "Disabling Background application access..." | |
| Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*" | ForEach { | |
| Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1 | |
| Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1 | |
| } | |
| } | |
| # Disable Lock screen Spotlight - New backgrounds, tips, advertisements etc. | |
| Function DisableLockScreenSpotlight { | |
| Write-Host "Disabling Lock screen spotlight..." | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenOverlayEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -Type DWord -Value 0 | |
| } | |
| # Disable Location Tracking | |
| Function DisableLocationTracking { | |
| Write-Host "Disabling Location Tracking..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0 | |
| } | |
| # Disable automatic Maps updates | |
| Function DisableMapUpdates { | |
| Write-Host "Disabling automatic Maps updates..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\Maps" -Name "AutoUpdateEnabled" -Type DWord -Value 0 | |
| } | |
| # Disable Feedback | |
| Function DisableFeedback { | |
| Write-Host "Disabling Feedback..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0 | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null | |
| } | |
| # Disable Advertising ID | |
| Function DisableAdvertisingID { | |
| Write-Host "Disabling Advertising ID..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 0 | |
| } | |
| # Disable Cortana | |
| Function DisableCortana { | |
| Write-Host "Disabling Cortana..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0 | |
| } | |
| # Disable Error reporting | |
| Function DisableErrorReporting { | |
| Write-Host "Disabling Error reporting..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting" -Name "Disabled" -Type DWord -Value 1 | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Windows Error Reporting\QueueReporting" | Out-Null | |
| } | |
| # Remove AutoLogger file and restrict directory | |
| Function DisableAutoLogger { | |
| Write-Host "Removing AutoLogger file and restricting directory..." | |
| $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger" | |
| If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") { | |
| Remove-Item -Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl" | |
| } | |
| icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null | |
| } | |
| # Stop and disable Diagnostics Tracking Service | |
| Function DisableDiagTrack { | |
| Write-Host "Stopping and disabling Diagnostics Tracking Service..." | |
| Stop-Service "DiagTrack" -WarningAction SilentlyContinue | |
| Set-Service "DiagTrack" -StartupType Disabled | |
| } | |
| # Stop and disable WAP Push Service | |
| Function DisableWAPPush { | |
| Write-Host "Stopping and disabling WAP Push Service..." | |
| Stop-Service "dmwappushservice" -WarningAction SilentlyContinue | |
| Set-Service "dmwappushservice" -StartupType Disabled | |
| } | |
| ########## | |
| # Service Tweaks | |
| ########## | |
| # Disable implicit administrative shares | |
| Function DisableAdminShares { | |
| Write-Host "Disabling implicit administrative shares..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareWks" -Type DWord -Value 0 | |
| } | |
| # Disable obsolete SMB 1.0 protocol - Disabled by default since 1709 | |
| Function DisableSMB1 { | |
| Write-Host "Disabling SMB 1.0 protocol..." | |
| Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force | |
| } | |
| # Disable automatic installation of network devices | |
| Function DisableNetDevicesAutoInst { | |
| Write-Host "Disabling automatic installation of network devices..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private" -Name "AutoSetup" -Type DWord -Value 0 | |
| } | |
| # Enable Controlled Folder Access (Defender Exploit Guard feature) - Not applicable to Server | |
| Function EnableCtrldFolderAccess { | |
| Write-Host "Enabling Controlled Folder Access..." | |
| Set-MpPreference -EnableControlledFolderAccess Enabled | |
| } | |
| # Disable Controlled Folder Access (Defender Exploit Guard feature) - Not applicable to Server | |
| Function DisableCtrldFolderAccess { | |
| Write-Host "Disabling Controlled Folder Access..." | |
| Set-MpPreference -EnableControlledFolderAccess Disabled | |
| } | |
| # Disable Windows Update automatic restart | |
| Function DisableUpdateRestart { | |
| Write-Host "Disabling Windows Update automatic restart..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -Type DWord -Value 0 | |
| } | |
| Function EnableUpdateScheduleRestart { | |
| Write-Host "Change Windows Updates to 'Notify to schedule restart'" | |
| If (-not (Test-Path "HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings")) { | |
| New-Item -Path HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Name UxOption -Type DWord -Value 1 | |
| If (-not (Test-Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings")) { | |
| New-Item -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Name UxOption -Type DWord -Value 1 | |
| } | |
| # Disable Shared Experiences - Not applicable to Server | |
| Function DisableSharedExperiences { | |
| Write-Host "Disabling Shared Experiences..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" -Name "RomeSdkChannelUserAuthzPolicy" -Type DWord -Value 0 | |
| } | |
| # Disable Remote Assistance - Not applicable to Server (unless Remote Assistance is explicitly installed) | |
| Function DisableRemoteAssistance { | |
| Write-Host "Disabling Remote Assistance..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0 | |
| } | |
| # Enable Remote Desktop w/o Network Level Authentication | |
| Function EnableRemoteDesktop { | |
| Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 | |
| } | |
| # Disable Remote Desktop | |
| Function DisableRemoteDesktop { | |
| Write-Host "Disabling Remote Desktop..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 1 | |
| } | |
| # Disable Autoplay | |
| Function DisableAutoplay { | |
| Write-Host "Disabling Autoplay..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1 | |
| } | |
| # Disable Autorun for all drives | |
| Function DisableAutorun { | |
| Write-Host "Disabling Autorun for all drives..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255 | |
| } | |
| # Disable display and sleep mode timeouts | |
| Function DisableSleepTimeout { | |
| Write-Host "Disabling display and sleep mode timeouts..." | |
| powercfg /X monitor-timeout-ac 0 | |
| powercfg /X monitor-timeout-dc 0 | |
| powercfg /X standby-timeout-ac 0 | |
| powercfg /X standby-timeout-dc 0 | |
| } | |
| ########## | |
| # UI Tweaks | |
| ########## | |
| # Disable Action Center | |
| Function DisableActionCenter { | |
| Write-Host "Disabling Action Center..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0 | |
| } | |
| # Hide network options from Lock Screen | |
| Function HideNetworkFromLockScreen { | |
| Write-Host "Hiding network options from Lock Screen..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "DontDisplayNetworkSelectionUI" -Type DWord -Value 1 | |
| } | |
| # Hide shutdown options from Lock Screen | |
| Function HideShutdownFromLockScreen { | |
| Write-Host "Hiding shutdown options from Lock Screen..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ShutdownWithoutLogon" -Type DWord -Value 0 | |
| } | |
| # Disable Sticky keys prompt | |
| Function DisableStickyKeys { | |
| Write-Host "Disabling Sticky keys prompt..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506" | |
| } | |
| # Show Task Manager details | |
| Function ShowTaskManagerDetails { | |
| Write-Host "Showing task manager details..." | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Force | Out-Null | |
| } | |
| $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue | |
| If (!($preferences)) { | |
| $taskmgr = Start-Process -WindowStyle Hidden -FilePath taskmgr.exe -PassThru | |
| While (!($preferences)) { | |
| Start-Sleep -m 250 | |
| $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue | |
| } | |
| Stop-Process $taskmgr | |
| } | |
| $preferences.Preferences[28] = 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -Type Binary -Value $preferences.Preferences | |
| } | |
| # Show file operations details | |
| Function ShowFileOperationsDetails { | |
| Write-Host "Showing file operations details..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" -Name "EnthusiastMode" -Type DWord -Value 1 | |
| } | |
| # Hide Taskbar Search button / box | |
| Function HideTaskbarSearchBox { | |
| Write-Host "Hiding Taskbar Search box / button..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0 | |
| } | |
| # Hide Task View button | |
| Function HideTaskView { | |
| Write-Host "Hiding Task View button..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0 | |
| } | |
| # Show small icons in taskbar | |
| Function ShowSmallTaskbarIcons { | |
| Write-Host "Showing small icons in taskbar..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1 | |
| } | |
| # Hide titles in taskbar | |
| Function HideTaskbarTitles { | |
| Write-Host "Hiding titles in taskbar..." | |
| Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" -ErrorAction SilentlyContinue | |
| } | |
| # Hide Taskbar People icon | |
| Function HideTaskbarPeopleIcon { | |
| Write-Host "Hiding People icon..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0 | |
| } | |
| # Dock the taskbar to the bottom of the screen | |
| Function DockTaskBarBottom { | |
| Write-Output "Docking the taskbar to the bottom of the screen..." | |
| if (Test-Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2') { | |
| $CurrPath = 'StuckRects2' | |
| } | |
| elseif (Test-Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StuckRects3') { | |
| $CurrPath = 'StuckRects3' | |
| } | |
| else { | |
| Write-Warning 'Unable to set the taskbar setting' | |
| return | |
| } | |
| $BasePath = 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' | |
| $RegPath = Join-Path $BasePath $CurrPath | |
| try { | |
| $CurrSettings = (Get-ItemProperty $RegPath).Settings | |
| $CurrSettings[12] = 0 | |
| Set-ItemProperty -Path $BasePath -Name $CurrPath -Value $CurrSettings -Type Binary | |
| } | |
| catch { | |
| Write-Warning "Unable to pull the current registry settings!" | |
| } | |
| } | |
| # Show all tray icons | |
| Function ShowTrayIcons { | |
| Write-Host "Showing all tray icons..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0 | |
| } | |
| # Show known file extensions | |
| Function ShowKnownExtensions { | |
| Write-Host "Showing known file extensions..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0 | |
| } | |
| # Show hidden files | |
| Function ShowHiddenFiles { | |
| Write-Host "Showing hidden files..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1 | |
| } | |
| # Hide sync provider notifications | |
| Function HideSyncNotifications { | |
| Write-Host "Hiding sync provider notifications..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowSyncProviderNotifications" -Type DWord -Value 0 | |
| } | |
| # Hide recently and frequently used item shortcuts in Explorer | |
| Function HideRecentShortcuts { | |
| Write-Host "Hiding recent shortcuts..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowRecent" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowFrequent" -Type DWord -Value 0 | |
| } | |
| # Change default Explorer view to This PC | |
| Function SetExplorerThisPC { | |
| Write-Host "Changing default Explorer view to This PC..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1 | |
| } | |
| # Show This PC shortcut on desktop | |
| Function ShowThisPCOnDesktop { | |
| Write-Host "Showing This PC shortcut on desktop..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 | |
| } | |
| # Show User Folder shortcut on desktop | |
| Function ShowUserFolderOnDesktop { | |
| Write-Host "Showing User Folder shortcut on desktop..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" -Type DWord -Value 0 | |
| } | |
| # Hide 3D Objects icon from This PC - The icon remains in personal folders and open/save dialogs | |
| Function Hide3DObjectsFromThisPC { | |
| Write-Host "Hiding 3D Objects icon from This PC..." | |
| Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" -Recurse -ErrorAction SilentlyContinue | |
| } | |
| # Hide 3D Objects icon from Explorer namespace - Hides the icon also from personal folders and open/save dialogs | |
| Function Hide3DObjectsFromExplorer { | |
| Write-Host "Hiding 3D Objects icon from Explorer namespace..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Hide" | |
| If (!(Test-Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Hide" | |
| } | |
| # Set Control Panel view to icons (Classic) - Note: May trigger antimalware | |
| Function SetControlPanelViewIcons { | |
| Write-Host "Setting Control Panel view to icons..." | |
| Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "ForceClassicControlPanel" -Type DWord -Value 1 | |
| } | |
| # Adjusts visual effects for performance - Disables animations, transparency etc. but leaves font smoothing and miniatures enabled | |
| Function SetVisualFXPerformance { | |
| Write-Host "Adjusting visual effects for performance..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "DragFullWindows" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "MenuShowDelay" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "UserPreferencesMask" -Type Binary -Value ([byte[]](0x90, 0x12, 0x03, 0x80, 0x10, 0x00, 0x00, 0x00)) | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop\WindowMetrics" -Name "MinAnimate" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Keyboard" -Name "KeyboardDelay" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewAlphaSelect" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewShadow" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarAnimations" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" -Name "VisualFXSetting" -Type DWord -Value 3 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\DWM" -Name "EnableAeroPeek" -Type DWord -Value 0 | |
| } | |
| # Adjusts visual effects for appearance | |
| Function SetVisualFXAppearance { | |
| Write-Host "Adjusting visual effects for appearance..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "DragFullWindows" -Type String -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "MenuShowDelay" -Type String -Value 400 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "UserPreferencesMask" -Type Binary -Value ([byte[]](0x9E, 0x1E, 0x07, 0x80, 0x12, 0x00, 0x00, 0x00)) | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop\WindowMetrics" -Name "MinAnimate" -Type String -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Keyboard" -Name "KeyboardDelay" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewAlphaSelect" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewShadow" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarAnimations" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" -Name "VisualFXSetting" -Type DWord -Value 3 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\DWM" -Name "EnableAeroPeek" -Type DWord -Value 1 | |
| } | |
| ########## | |
| # Application Tweaks | |
| ########## | |
| # Uninstall default Microsoft applications | |
| Function UninstallMsftBloat { | |
| Write-Host "Uninstalling default Microsoft applications..." | |
| Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.People" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage | |
| Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftStickyNotes" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.OneConnect" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsFeedbackHub" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MinecraftUWP" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftPowerBIForWindows" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.NetworkSpeedTest" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MSPaint" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Microsoft3DViewer" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Print3D" | Remove-AppxPackage | |
| } | |
| # Uninstall default third party applications | |
| function UninstallThirdPartyBloat { | |
| Write-Host "Uninstalling default third party applications..." | |
| Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage | |
| Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage | |
| Get-AppxPackage "4DF9E0F8.Netflix" | Remove-AppxPackage | |
| Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage | |
| Get-AppxPackage "D52A8D61.FarmVille2CountryEscape" | Remove-AppxPackage | |
| Get-AppxPackage "GAMELOFTSA.Asphalt8Airborne" | Remove-AppxPackage | |
| Get-AppxPackage "flaregamesGmbH.RoyalRevolt2" | Remove-AppxPackage | |
| Get-AppxPackage "AdobeSystemsIncorporated.AdobePhotoshopExpress" | Remove-AppxPackage | |
| Get-AppxPackage "ActiproSoftwareLLC.562882FEEB491" | Remove-AppxPackage | |
| Get-AppxPackage "D5EA27B7.Duolingo-LearnLanguagesforFree" | Remove-AppxPackage | |
| Get-AppxPackage "Facebook.Facebook" | Remove-AppxPackage | |
| Get-AppxPackage "46928bounde.EclipseManager" | Remove-AppxPackage | |
| Get-AppxPackage "A278AB0D.MarchofEmpires" | Remove-AppxPackage | |
| Get-AppxPackage "KeeperSecurityInc.Keeper" | Remove-AppxPackage | |
| Get-AppxPackage "king.com.BubbleWitch3Saga" | Remove-AppxPackage | |
| Get-AppxPackage "89006A2E.AutodeskSketchBook" | Remove-AppxPackage | |
| Get-AppxPackage "CAF9E577.Plex" | Remove-AppxPackage | |
| Get-AppxPackage "A278AB0D.DisneyMagicKingdoms" | Remove-AppxPackage | |
| Get-AppxPackage "828B5831.HiddenCityMysteryofShadows" | Remove-AppxPackage | |
| Get-AppxPackage "WinZipComputing.WinZipUniversal" | Remove-AppxPackage | |
| Get-AppxPackage "SpotifyAB.SpotifyMusic" | Remove-AppxPackage | |
| Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage | |
| Get-AppxPackage "2414FC7A.Viber" | Remove-AppxPackage | |
| Get-AppxPackage "64885BlueEdge.OneCalendar" | Remove-AppxPackage | |
| Get-AppxPackage "41038Axilesoft.ACGMediaPlayer" | Remove-AppxPackage | |
| } | |
| # Disable Xbox features | |
| Function DisableXboxFeatures { | |
| Write-Host "Disabling Xbox features..." | |
| Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxIdentityProvider" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxSpeechToTextOverlay" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxGameOverlay" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Xbox.TCUI" | Remove-AppxPackage | |
| Set-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name "GameDVR_Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -Type DWord -Value 0 | |
| } | |
| # Disable built-in Adobe Flash in IE and Edge | |
| Function DisableAdobeFlash { | |
| Write-Host "Disabling built-in Adobe Flash in IE and Edge..." | |
| If (!(Test-Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons")) { | |
| New-Item -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Name "FlashPlayerEnabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Name "Flags" -Type DWord -Value 1 | |
| } | |
| # Install Hyper-V - Not applicable to Home | |
| Function InstallHyperV { | |
| Write-Host "Installing Hyper-V..." | |
| If ((Get-WmiObject -Class "Win32_OperatingSystem").Caption -like "*Server*") { | |
| Install-WindowsFeature -Name "Hyper-V" -IncludeManagementTools -WarningAction SilentlyContinue | Out-Null | |
| } | |
| Else { | |
| Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V-All" -NoRestart -WarningAction SilentlyContinue | Out-Null | |
| } | |
| } | |
| # Install Linux Subsystem - Applicable to 1607 or newer, not applicable to Server yet | |
| Function InstallLinuxSubsystem { | |
| Write-Host "Installing Linux Subsystem..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 1 | |
| Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null | |
| } | |
| # Set Photo Viewer association for bmp, gif, jpg, png and tif | |
| Function SetPhotoViewerAssociation { | |
| Write-Host "Setting Photo Viewer association for bmp, gif, jpg, png and tif..." | |
| If (!(Test-Path "HKCR:")) { | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null | |
| } | |
| ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) { | |
| New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null | |
| New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null | |
| Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043" | |
| Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | |
| } | |
| } | |
| # Add Photo Viewer to "Open with..." | |
| Function AddPhotoViewerOpenWith { | |
| Write-Host "Adding Photo Viewer to `"Open with...`"" | |
| If (!(Test-Path "HKCR:")) { | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null | |
| } | |
| New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null | |
| New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043" | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" | |
| } | |
| # Disable search for app in store for unknown extensions | |
| Function DisableSearchAppInStore { | |
| Write-Host "Disabling search for app in store for unknown extensions..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "NoUseStoreOpenWith" -Type DWord -Value 1 | |
| } | |
| ########## | |
| # Unpinning | |
| ########## | |
| # Unpin all Start Menu tiles - Not applicable to Server - Note: This function has no counterpart. You have to pin the tiles back manually. | |
| Function UnpinStartMenuTiles { | |
| Write-Host "Unpinning all Start Menu tiles..." | |
| Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount" -Include "*.group" -Recurse | ForEach-Object { | |
| $data = (Get-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data").Data -Join "," | |
| $data = $data.Substring(0, $data.IndexOf(",0,202,30") + 9) + ",0,202,80,0,0" | |
| Set-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data" -Type Binary -Value $data.Split(",") | |
| } | |
| } | |
| # Remove default printers | |
| Function RemoveDefaultPrinters { | |
| Remove-Printer -Name "Microsoft XPS Document Writer" -ErrorAction:SilentlyContinue | |
| Remove-Printer -Name "Microsoft Print to PDF" -ErrorAction:SilentlyContinue | |
| Remove-Printer -Name "Fax" -ErrorAction:SilentlyContinue | |
| } | |
| #---- TEMPORARY --- | |
| Disable-UAC | |
| #--- Set TimeZone --- | |
| Set-TimeZone -Id "Central Standard Time" -PassThru | |
| #--- Enable developer mode on the system --- | |
| Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\AppModelUnlock -Name AllowDevelopmentWithoutDevLicense -Value 1 | |
| try { | |
| $tweaks = $Configuration | ConvertFrom-Json | |
| } | |
| catch { | |
| throw 'Unable to load configuration file!' | |
| } | |
| if ($tweaks.count -gt 0) { | |
| $RunTweaks = Read-Choice -Message "Continue with the execution of $($tweaks.count) system configuration tweaks?" -Choices @('&Yes', '&No') | |
| if ($RunTweaks -eq 0) { | |
| # Call the desired tweak functions | |
| $tweaks | ForEach-Object { | |
| Invoke-Expression $_ | |
| } | |
| } | |
| } | |
| # Need this to download via Invoke-WebRequest | |
| [net.servicepointmanager]::securityprotocol = [system.security.authentication.sslprotocols] "tls, tls11, tls12" | |
| <# | |
| Install any chocolatey packages we want setup now | |
| #> | |
| Write-Output "Installing software via chocolatey" | |
| # Don't try to download and install a package if it shows already installed | |
| $InstalledChocoPackages = (Get-ChocoPackages).Name | |
| $ChocoInstalls = $ChocoInstalls | Where { $InstalledChocoPackages -notcontains $_ } | |
| if ($ChocoInstalls.Count -gt 0) { | |
| # Install a ton of other crap I use or like, update $ChocoInsalls to suit your needs of course | |
| $ChocoInstalls | Foreach-Object { | |
| try { | |
| # cinst $_ | |
| # choco install -y $_ | |
| choco upgrade -y $_ | |
| # choco upgrade -y $_ --cacheLocation "$($env:userprofile)\AppData\Local\Temp\chocolatey" | |
| } | |
| catch { | |
| Write-Warning "Unable to install software package with Chocolatey: $($_)" | |
| } | |
| } | |
| } | |
| else { | |
| Write-Output 'There were no packages to install!' | |
| } | |
| if ($CreatePowershellProfile -and (-not (Test-Path $PROFILE))) { | |
| Write-Output 'Creating user powershell profile...' | |
| $MyPowerShellProfile | Out-File -FilePath $PROFILE -Encoding:utf8 -Force | |
| } | |
| Install-WindowsUpdate -AcceptEula -GetUpdatesFromMS | |
| Enable-UAC | |
| if (Test-PendingReboot) { | |
| Invoke-Reboot | |
| } | |
| Write-Host -ForegroundColor:Green "Install and configuration complete!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install boxstarter: | |
| # . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
| # | |
| # You might need to set: Set-ExecutionPolicy RemoteSigned | |
| # | |
| # Run this boxstarter by calling the following from an **elevated** command-prompt: | |
| # start http://boxstarter.org/package/nr/url?<URL-TO-RAW-GIST> | |
| # OR | |
| # Install-BoxstarterPackage -PackageName <URL-TO-RAW-GIST> -DisableReboots | |
| # OR | |
| # $cred=Get-Credential $env:computername\user | |
| # Install-BoxstarterPackage -PackageName .\boxstarter-2.ps1 -Credential $cred | |
| # | |
| # Learn more: http://boxstarter.org/Learn/WebLauncher | |
| # Boxstarter options | |
| $Boxstarter.RebootOk = $true # Allow reboots? | |
| $Boxstarter.NoPassword = $false # Is this a machine with no login password? | |
| $Boxstarter.AutoLogin = $true # Save my password securely and auto-login after a reboot | |
| # Basic setup (Boxstarter stuff) | |
| Update-ExecutionPolicy RemoteSigned | |
| Enable-MicrosoftUpdate | |
| # All of the configuration tasks that will be run. | |
| $Configuration = @' | |
| [ | |
| "DisableWiFiSense", | |
| "DisableWebSearch", | |
| "DisableAppSuggestions", | |
| "DisableLockScreenSpotlight", | |
| "DisableLocationTracking", | |
| "DisableMapUpdates", | |
| "DisableFeedback", | |
| "DisableAdvertisingID", | |
| "DisableCortana", | |
| "DisableErrorReporting", | |
| "DisableAutoLogger", | |
| "DisableDiagTrack", | |
| "DisableWAPPush", | |
| "DisableAdminShares", | |
| "DisableSMB1", | |
| "DisableNetDevicesAutoInst", | |
| "DisableCtrldFolderAccess", | |
| "DisableAutoplay", | |
| "DisableAutorun", | |
| "DisableSleepTimeout", | |
| "DisableUpdateRestart", | |
| "DisableSharedExperiences", | |
| "DisableRemoteAssistance", | |
| "DisableActionCenter", | |
| "HideNetworkFromLockScreen", | |
| "HideShutdownFromLockScreen", | |
| "DisableStickyKeys", | |
| "ShowTaskManagerDetails", | |
| "ShowFileOperationsDetails", | |
| "HideTaskbarSearchBox", | |
| "HideTaskbarTitles", | |
| "HideTaskbarPeopleIcon", | |
| "DockTaskbarBottom", | |
| "ShowTrayIcons", | |
| "ShowKnownExtensions", | |
| "ShowHiddenFiles", | |
| "HideSyncNotifications", | |
| "HideRecentShortcuts", | |
| "SetExplorerThisPC", | |
| "ShowThisPCOnDesktop", | |
| "Hide3DObjectsFromThisPC", | |
| "Hide3DObjectsFromExplorer", | |
| "SetControlPanelViewIcons", | |
| "SetVisualFXPerformance", | |
| "UninstallMsftBloat", | |
| "UninstallThirdPartyBloat", | |
| "DisableXboxFeatures", | |
| "DisableAdobeFlash", | |
| "AddPhotoViewerOpenWith", | |
| "DisableSearchAppInStore", | |
| "EnableUpdateScheduleRestart", | |
| "SetVisualFXAppearance", | |
| "HideTaskView", | |
| "ShowSmallTaskbarIcons", | |
| "SetPhotoViewerAssociation", | |
| "UnpinStartMenuTiles", | |
| "RemoveDefaultPrinters", | |
| "ShowUserFolderOnDesktop" | |
| ] | |
| '@ | |
| # PowerShell Modules to install | |
| $ModulesToBeInstalled = @( | |
| ) | |
| # Chocolatey packages to install | |
| $ChocoInstalls = @( | |
| '7zip', | |
| '7zip.commandline', | |
| 'adobereader', | |
| 'git.install', | |
| 'git-credential-manager-for-windows', | |
| 'GoogleChrome', | |
| 'notepadplusplus', | |
| 'notepad2', | |
| 'nuget.commandline', | |
| 'postman', | |
| 'windirstat', | |
| 'winrar', | |
| 'wget', | |
| '1password' | |
| ) | |
| # Visual Studio Code extensions to install (both code-insiders and code if available) | |
| $VSCodeExtensions = @( | |
| ) | |
| # Releases based github packages to download and install. I include Keeweb and the Hack font I love so dearly | |
| $GithubReleasesPackages = @{ | |
| } | |
| # Use the $MyPowerShellProfile to create a new powershell profile if one doesn't already exist | |
| $CreatePowershellProfile = $TRUE | |
| $MyPowerShellProfile = @' | |
| ## Detect if we are running powershell without a console. | |
| $_ISCONSOLE = $TRUE | |
| try { | |
| [System.Console]::Clear() | |
| } | |
| catch { | |
| $_ISCONSOLE = $FALSE | |
| } | |
| # Everything in this block is only relevant in a console. This keeps nonconsole based powershell sessions clean. | |
| if ($_ISCONSOLE) { | |
| ## Check SHIFT state ASAP at startup so we can use that to control verbosity :) | |
| try { | |
| Add-Type -Assembly PresentationCore, WindowsBase | |
| if ([System.Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::LeftShift) -or [System.Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightShift)) { | |
| $VerbosePreference = "Continue" | |
| } | |
| } | |
| catch { | |
| # Maybe this is a non-windows host? | |
| } | |
| ## Set the profile directory variable for possible use later | |
| Set-Variable ProfileDir (Split-Path $MyInvocation.MyCommand.Path -Parent) -Scope Global -Option AllScope, Constant -ErrorAction SilentlyContinue | |
| # Start OhMyPsh only if we are in a console | |
| if ($Host.Name -eq 'ConsoleHost') { | |
| if (Get-Module OhMyPsh -ListAvailable) { | |
| Import-Module OhMyPsh | |
| } | |
| } | |
| } | |
| # Relax the code signing restriction so we can actually get work done | |
| Import-module Microsoft.PowerShell.Security | |
| Set-ExecutionPolicy RemoteSigned Process | |
| '@ | |
| function Read-Choice { | |
| Param( | |
| [Parameter(Position = 0)] | |
| [System.String]$Message, | |
| [Parameter(Position = 1)] | |
| [ValidateNotNullOrEmpty()] | |
| [System.String[]]$Choices = @('&Yes', '&No', 'Yes to &All', 'No &to All'), | |
| [Parameter(Position = 2)] | |
| [System.Int32]$DefaultChoice = 0, | |
| [Parameter(Position = 3)] | |
| [System.String]$Title = [string]::Empty | |
| ) | |
| [System.Management.Automation.Host.ChoiceDescription[]]$Poss = $Choices | ForEach-Object { | |
| New-Object System.Management.Automation.Host.ChoiceDescription "$($_)", "Sets $_ as an answer." | |
| } | |
| $Host.UI.PromptForChoice( $Title, $Message, $Poss, $DefaultChoice ) | |
| } | |
| Function Get-SpecialPaths { | |
| $SpecialFolders = @{ } | |
| $names = [Environment+SpecialFolder]::GetNames([Environment+SpecialFolder]) | |
| foreach ($name in $names) { | |
| $SpecialFolders[$name] = [Environment]::GetFolderPath($name) | |
| } | |
| $SpecialFolders | |
| } | |
| Function Get-EnvironmentVariableNames { | |
| param ( | |
| [string]$Scope | |
| ) | |
| ([Environment]::GetEnvironmentVariables($Scope).GetEnumerator()).Name | |
| } | |
| Function Get-EnvironmentVariable { | |
| param ( | |
| [string]$Name, | |
| [string]$Scope | |
| ) | |
| [Environment]::GetEnvironmentVariable($Name, $Scope) | |
| } | |
| Function Update-SessionEnvironment { | |
| <# | |
| Ripped directly from the chocolatey project, used here just for initial setup | |
| #> | |
| $refreshEnv = $false | |
| $invocation = $MyInvocation | |
| if ($invocation.InvocationName -eq 'refreshenv') { | |
| $refreshEnv = $true | |
| } | |
| if ($refreshEnv) { | |
| Write-Output "Refreshing environment variables from the registry for powershell.exe. Please wait..." | |
| } | |
| else { | |
| Write-Verbose "Refreshing environment variables from the registry." | |
| } | |
| $userName = $env:USERNAME | |
| $architecture = $env:PROCESSOR_ARCHITECTURE | |
| $psModulePath = $env:PSModulePath | |
| #ordering is important here, $user comes after so we can override $machine | |
| 'Process', 'Machine', 'User' | | |
| % { | |
| $scope = $_ | |
| Get-EnvironmentVariableNames -Scope $scope | | |
| % { | |
| Set-Item "Env:$($_)" -Value (Get-EnvironmentVariable -Scope $scope -Name $_) | |
| } | |
| } | |
| #Path gets special treatment b/c it munges the two together | |
| $paths = 'Machine', 'User' | | |
| % { | |
| (Get-EnvironmentVariable -Name 'PATH' -Scope $_) -split ';' | |
| } | | |
| Select -Unique | |
| $Env:PATH = $paths -join ';' | |
| # PSModulePath is almost always updated by process, so we want to preserve it. | |
| $env:PSModulePath = $psModulePath | |
| # reset user and architecture | |
| if ($userName) { $env:USERNAME = $userName; } | |
| if ($architecture) { $env:PROCESSOR_ARCHITECTURE = $architecture; } | |
| if ($refreshEnv) { | |
| Write-Output "Finished" | |
| } | |
| } | |
| Function Add-EnvPath { | |
| # Adds a path to the $ENV:Path list for a user or system if it does not already exist (in both the system and user Path variables) | |
| param ( | |
| [string]$Location, | |
| [string]$NewPath | |
| ) | |
| $AllPaths = $Env:Path -split ';' | |
| if ($AllPaths -notcontains $NewPath) { | |
| Write-Output "Adding Utilties bin directory path to the environmental path list: $UtilBinPath" | |
| $NewPaths = (@(([Environment]::GetEnvironmentVariables($Location).GetEnumerator() | Where { $_.Name -eq 'Path' }).Value -split ';') + $UtilBinPath | Select-Object -Unique) -join ';' | |
| [Environment]::SetEnvironmentVariable("PATH", $NewPaths, $Location) | |
| } | |
| } | |
| function Start-Proc { | |
| param([string]$Exe = $(Throw "An executable must be specified"), | |
| [string]$Arguments, | |
| [switch]$Hidden, | |
| [switch]$waitforexit) | |
| $startinfo = New-Object System.Diagnostics.ProcessStartInfo | |
| $startinfo.FileName = $Exe | |
| $startinfo.Arguments = $Arguments | |
| if ($Hidden) { | |
| $startinfo.WindowStyle = 'Hidden' | |
| $startinfo.CreateNoWindow = $True | |
| } | |
| $process = [System.Diagnostics.Process]::Start($startinfo) | |
| if ($waitforexit) { $process.WaitForExit() } | |
| } | |
| function Get-HashiCorpLatestVersion { | |
| <# | |
| function to find the most recent version in the json manifest | |
| Note: We ignore anything not in strict x.x.x version format (betas and such) | |
| #> | |
| param( | |
| $manifest, | |
| $software | |
| ) | |
| (($manifest.$software.versions | get-member -MemberType 'NoteProperty').Name | Where { $_ -match "^\d+\.\d+\.\d+$" } | ForEach-Object { [version]$_ } | Sort-Object -Descending | Select-Object -First 1).ToString() | |
| } | |
| function Get-AllHashiCorpPackageLatestVersion { | |
| <# | |
| .SYNOPSIS | |
| Retreives the most recent version of Hashicorp software packages from a json manifest | |
| .DESCRIPTION | |
| Retreives the most recent version of Hashicorp software packages from a json manifest | |
| .PARAMETER manifest | |
| JSON manifest data to search. | |
| .EXAMPLE | |
| Get-AllHashiCorpPackageLatestVersion | |
| .NOTES | |
| Author: Zachary Loeber | |
| #> | |
| param( | |
| $manifest | |
| ) | |
| $OutHash = @{ } | |
| $manifest | Get-Member -MemberType 'NoteProperty' | Foreach { | |
| $OutHash.($_.Name) = Get-HashiCorpLatestVersion $manifest $_.Name | |
| } | |
| $OutHash | |
| } | |
| function Get-ChocoPackages { | |
| if (get-command clist -ErrorAction:SilentlyContinue) { | |
| clist -lo -r -all | Foreach { | |
| $Name, $Version = $_ -split '\|' | |
| New-Object -TypeName psobject -Property @{ | |
| 'Name' = $Name | |
| 'Version' = $Version | |
| } | |
| } | |
| } | |
| } | |
| # Add a path for windows defender to bypass | |
| function Add-DefenderBypassPath { | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Mandatory = $true, ValueFromPipeline = $true)] | |
| [string[]]$Path | |
| ) | |
| begin { | |
| $Paths = @() | |
| } | |
| process { | |
| $Paths += $Path | |
| } | |
| end { | |
| $Paths | Foreach-Object { | |
| if (-not [string]::isnullorempty($_)) { | |
| Add-MpPreference -ExclusionPath $_ -Force | |
| } | |
| } | |
| } | |
| } | |
| # Disable Wi-Fi Sense | |
| Function DisableWiFiSense { | |
| Write-Host "Disabling Wi-Fi Sense..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name "AutoConnectAllowedOEM" -Type Dword -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name "WiFISenseAllowed" -Type Dword -Value 0 | |
| } | |
| # Disable Web Search in Start Menu | |
| Function DisableWebSearch { | |
| Write-Host "Disabling Bing Search in Start Menu..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "DisableWebSearch" -Type DWord -Value 1 | |
| } | |
| # Disable Application suggestions and automatic installation | |
| Function DisableAppSuggestions { | |
| Write-Host "Disabling Application suggestions..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "ContentDeliveryAllowed" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "OemPreInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEverEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SilentInstalledAppsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338389Enabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338388Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1 | |
| } | |
| # Disable Background application access - ie. if apps can download or update when they aren't used - Cortana is excluded as its inclusion breaks start menu search | |
| Function DisableBackgroundApps { | |
| Write-Host "Disabling Background application access..." | |
| Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*" | ForEach { | |
| Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1 | |
| Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1 | |
| } | |
| } | |
| # Disable Lock screen Spotlight - New backgrounds, tips, advertisements etc. | |
| Function DisableLockScreenSpotlight { | |
| Write-Host "Disabling Lock screen spotlight..." | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenOverlayEnabled" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -Type DWord -Value 0 | |
| } | |
| # Disable Location Tracking | |
| Function DisableLocationTracking { | |
| Write-Host "Disabling Location Tracking..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0 | |
| } | |
| # Disable automatic Maps updates | |
| Function DisableMapUpdates { | |
| Write-Host "Disabling automatic Maps updates..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\Maps" -Name "AutoUpdateEnabled" -Type DWord -Value 0 | |
| } | |
| # Disable Feedback | |
| Function DisableFeedback { | |
| Write-Host "Disabling Feedback..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0 | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null | |
| } | |
| # Disable Advertising ID | |
| Function DisableAdvertisingID { | |
| Write-Host "Disabling Advertising ID..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 0 | |
| } | |
| # Disable Cortana | |
| Function DisableCortana { | |
| Write-Host "Disabling Cortana..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0 | |
| } | |
| # Disable Error reporting | |
| Function DisableErrorReporting { | |
| Write-Host "Disabling Error reporting..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting" -Name "Disabled" -Type DWord -Value 1 | |
| Disable-ScheduledTask -TaskName "Microsoft\Windows\Windows Error Reporting\QueueReporting" | Out-Null | |
| } | |
| # Remove AutoLogger file and restrict directory | |
| Function DisableAutoLogger { | |
| Write-Host "Removing AutoLogger file and restricting directory..." | |
| $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger" | |
| If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") { | |
| Remove-Item -Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl" | |
| } | |
| icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null | |
| } | |
| # Stop and disable Diagnostics Tracking Service | |
| Function DisableDiagTrack { | |
| Write-Host "Stopping and disabling Diagnostics Tracking Service..." | |
| Stop-Service "DiagTrack" -WarningAction SilentlyContinue | |
| Set-Service "DiagTrack" -StartupType Disabled | |
| } | |
| # Stop and disable WAP Push Service | |
| Function DisableWAPPush { | |
| Write-Host "Stopping and disabling WAP Push Service..." | |
| Stop-Service "dmwappushservice" -WarningAction SilentlyContinue | |
| Set-Service "dmwappushservice" -StartupType Disabled | |
| } | |
| ########## | |
| # Service Tweaks | |
| ########## | |
| # Disable implicit administrative shares | |
| Function DisableAdminShares { | |
| Write-Host "Disabling implicit administrative shares..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareWks" -Type DWord -Value 0 | |
| } | |
| # Disable obsolete SMB 1.0 protocol - Disabled by default since 1709 | |
| Function DisableSMB1 { | |
| Write-Host "Disabling SMB 1.0 protocol..." | |
| Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force | |
| } | |
| # Disable automatic installation of network devices | |
| Function DisableNetDevicesAutoInst { | |
| Write-Host "Disabling automatic installation of network devices..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private" -Name "AutoSetup" -Type DWord -Value 0 | |
| } | |
| # Enable Controlled Folder Access (Defender Exploit Guard feature) - Not applicable to Server | |
| Function EnableCtrldFolderAccess { | |
| Write-Host "Enabling Controlled Folder Access..." | |
| Set-MpPreference -EnableControlledFolderAccess Enabled | |
| } | |
| # Disable Controlled Folder Access (Defender Exploit Guard feature) - Not applicable to Server | |
| Function DisableCtrldFolderAccess { | |
| Write-Host "Disabling Controlled Folder Access..." | |
| Set-MpPreference -EnableControlledFolderAccess Disabled | |
| } | |
| # Disable Windows Update automatic restart | |
| Function DisableUpdateRestart { | |
| Write-Host "Disabling Windows Update automatic restart..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -Type DWord -Value 0 | |
| } | |
| Function EnableUpdateScheduleRestart { | |
| Write-Host "Change Windows Updates to 'Notify to schedule restart'" | |
| If (-not (Test-Path "HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings")) { | |
| New-Item -Path HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Name UxOption -Type DWord -Value 1 | |
| If (-not (Test-Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings")) { | |
| New-Item -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Name UxOption -Type DWord -Value 1 | |
| } | |
| # Disable Shared Experiences - Not applicable to Server | |
| Function DisableSharedExperiences { | |
| Write-Host "Disabling Shared Experiences..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" -Name "RomeSdkChannelUserAuthzPolicy" -Type DWord -Value 0 | |
| } | |
| # Disable Remote Assistance - Not applicable to Server (unless Remote Assistance is explicitly installed) | |
| Function DisableRemoteAssistance { | |
| Write-Host "Disabling Remote Assistance..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0 | |
| } | |
| # Enable Remote Desktop w/o Network Level Authentication | |
| Function EnableRemoteDesktop { | |
| Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 | |
| } | |
| # Disable Remote Desktop | |
| Function DisableRemoteDesktop { | |
| Write-Host "Disabling Remote Desktop..." | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 1 | |
| } | |
| # Disable Autoplay | |
| Function DisableAutoplay { | |
| Write-Host "Disabling Autoplay..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1 | |
| } | |
| # Disable Autorun for all drives | |
| Function DisableAutorun { | |
| Write-Host "Disabling Autorun for all drives..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255 | |
| } | |
| # Disable display and sleep mode timeouts | |
| Function DisableSleepTimeout { | |
| Write-Host "Disabling display and sleep mode timeouts..." | |
| powercfg /X monitor-timeout-ac 0 | |
| powercfg /X monitor-timeout-dc 0 | |
| powercfg /X standby-timeout-ac 0 | |
| powercfg /X standby-timeout-dc 0 | |
| } | |
| ########## | |
| # UI Tweaks | |
| ########## | |
| # Disable Action Center | |
| Function DisableActionCenter { | |
| Write-Host "Disabling Action Center..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0 | |
| } | |
| # Hide network options from Lock Screen | |
| Function HideNetworkFromLockScreen { | |
| Write-Host "Hiding network options from Lock Screen..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "DontDisplayNetworkSelectionUI" -Type DWord -Value 1 | |
| } | |
| # Hide shutdown options from Lock Screen | |
| Function HideShutdownFromLockScreen { | |
| Write-Host "Hiding shutdown options from Lock Screen..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ShutdownWithoutLogon" -Type DWord -Value 0 | |
| } | |
| # Disable Sticky keys prompt | |
| Function DisableStickyKeys { | |
| Write-Host "Disabling Sticky keys prompt..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506" | |
| } | |
| # Show Task Manager details | |
| Function ShowTaskManagerDetails { | |
| Write-Host "Showing task manager details..." | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Force | Out-Null | |
| } | |
| $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue | |
| If (!($preferences)) { | |
| $taskmgr = Start-Process -WindowStyle Hidden -FilePath taskmgr.exe -PassThru | |
| While (!($preferences)) { | |
| Start-Sleep -m 250 | |
| $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue | |
| } | |
| Stop-Process $taskmgr | |
| } | |
| $preferences.Preferences[28] = 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -Type Binary -Value $preferences.Preferences | |
| } | |
| # Show file operations details | |
| Function ShowFileOperationsDetails { | |
| Write-Host "Showing file operations details..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" -Name "EnthusiastMode" -Type DWord -Value 1 | |
| } | |
| # Hide Taskbar Search button / box | |
| Function HideTaskbarSearchBox { | |
| Write-Host "Hiding Taskbar Search box / button..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0 | |
| } | |
| # Hide Task View button | |
| Function HideTaskView { | |
| Write-Host "Hiding Task View button..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0 | |
| } | |
| # Show small icons in taskbar | |
| Function ShowSmallTaskbarIcons { | |
| Write-Host "Showing small icons in taskbar..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1 | |
| } | |
| # Hide titles in taskbar | |
| Function HideTaskbarTitles { | |
| Write-Host "Hiding titles in taskbar..." | |
| Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" -ErrorAction SilentlyContinue | |
| } | |
| # Hide Taskbar People icon | |
| Function HideTaskbarPeopleIcon { | |
| Write-Host "Hiding People icon..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0 | |
| } | |
| # Dock the taskbar to the bottom of the screen | |
| Function DockTaskBarBottom { | |
| Write-Output "Docking the taskbar to the bottom of the screen..." | |
| if (Test-Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2') { | |
| $CurrPath = 'StuckRects2' | |
| } | |
| elseif (Test-Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StuckRects3') { | |
| $CurrPath = 'StuckRects3' | |
| } | |
| else { | |
| Write-Warning 'Unable to set the taskbar setting' | |
| return | |
| } | |
| $BasePath = 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' | |
| $RegPath = Join-Path $BasePath $CurrPath | |
| try { | |
| $CurrSettings = (Get-ItemProperty $RegPath).Settings | |
| $CurrSettings[12] = 0 | |
| Set-ItemProperty -Path $BasePath -Name $CurrPath -Value $CurrSettings -Type Binary | |
| } | |
| catch { | |
| Write-Warning "Unable to pull the current registry settings!" | |
| } | |
| } | |
| # Show all tray icons | |
| Function ShowTrayIcons { | |
| Write-Host "Showing all tray icons..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0 | |
| } | |
| # Show known file extensions | |
| Function ShowKnownExtensions { | |
| Write-Host "Showing known file extensions..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0 | |
| } | |
| # Show hidden files | |
| Function ShowHiddenFiles { | |
| Write-Host "Showing hidden files..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1 | |
| } | |
| # Hide sync provider notifications | |
| Function HideSyncNotifications { | |
| Write-Host "Hiding sync provider notifications..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowSyncProviderNotifications" -Type DWord -Value 0 | |
| } | |
| # Hide recently and frequently used item shortcuts in Explorer | |
| Function HideRecentShortcuts { | |
| Write-Host "Hiding recent shortcuts..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowRecent" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "ShowFrequent" -Type DWord -Value 0 | |
| } | |
| # Change default Explorer view to This PC | |
| Function SetExplorerThisPC { | |
| Write-Host "Changing default Explorer view to This PC..." | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1 | |
| } | |
| # Show This PC shortcut on desktop | |
| Function ShowThisPCOnDesktop { | |
| Write-Host "Showing This PC shortcut on desktop..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 | |
| } | |
| # Show User Folder shortcut on desktop | |
| Function ShowUserFolderOnDesktop { | |
| Write-Host "Showing User Folder shortcut on desktop..." | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" -Type DWord -Value 0 | |
| } | |
| # Hide 3D Objects icon from This PC - The icon remains in personal folders and open/save dialogs | |
| Function Hide3DObjectsFromThisPC { | |
| Write-Host "Hiding 3D Objects icon from This PC..." | |
| Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" -Recurse -ErrorAction SilentlyContinue | |
| } | |
| # Hide 3D Objects icon from Explorer namespace - Hides the icon also from personal folders and open/save dialogs | |
| Function Hide3DObjectsFromExplorer { | |
| Write-Host "Hiding 3D Objects icon from Explorer namespace..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Hide" | |
| If (!(Test-Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Hide" | |
| } | |
| # Set Control Panel view to icons (Classic) - Note: May trigger antimalware | |
| Function SetControlPanelViewIcons { | |
| Write-Host "Setting Control Panel view to icons..." | |
| Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "ForceClassicControlPanel" -Type DWord -Value 1 | |
| } | |
| # Adjusts visual effects for performance - Disables animations, transparency etc. but leaves font smoothing and miniatures enabled | |
| Function SetVisualFXPerformance { | |
| Write-Host "Adjusting visual effects for performance..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "DragFullWindows" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "MenuShowDelay" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "UserPreferencesMask" -Type Binary -Value ([byte[]](0x90, 0x12, 0x03, 0x80, 0x10, 0x00, 0x00, 0x00)) | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop\WindowMetrics" -Name "MinAnimate" -Type String -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Keyboard" -Name "KeyboardDelay" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewAlphaSelect" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewShadow" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarAnimations" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" -Name "VisualFXSetting" -Type DWord -Value 3 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\DWM" -Name "EnableAeroPeek" -Type DWord -Value 0 | |
| } | |
| # Adjusts visual effects for appearance | |
| Function SetVisualFXAppearance { | |
| Write-Host "Adjusting visual effects for appearance..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "DragFullWindows" -Type String -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "MenuShowDelay" -Type String -Value 400 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "UserPreferencesMask" -Type Binary -Value ([byte[]](0x9E, 0x1E, 0x07, 0x80, 0x12, 0x00, 0x00, 0x00)) | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Desktop\WindowMetrics" -Name "MinAnimate" -Type String -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Keyboard" -Name "KeyboardDelay" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewAlphaSelect" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ListviewShadow" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarAnimations" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" -Name "VisualFXSetting" -Type DWord -Value 3 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\DWM" -Name "EnableAeroPeek" -Type DWord -Value 1 | |
| } | |
| ########## | |
| # Application Tweaks | |
| ########## | |
| # Uninstall default Microsoft applications | |
| Function UninstallMsftBloat { | |
| Write-Host "Uninstalling default Microsoft applications..." | |
| Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.People" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage | |
| Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftStickyNotes" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.OneConnect" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.WindowsFeedbackHub" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MinecraftUWP" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MicrosoftPowerBIForWindows" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.NetworkSpeedTest" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.MSPaint" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Microsoft3DViewer" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Print3D" | Remove-AppxPackage | |
| } | |
| # Uninstall default third party applications | |
| function UninstallThirdPartyBloat { | |
| Write-Host "Uninstalling default third party applications..." | |
| Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage | |
| Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage | |
| Get-AppxPackage "4DF9E0F8.Netflix" | Remove-AppxPackage | |
| Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage | |
| Get-AppxPackage "D52A8D61.FarmVille2CountryEscape" | Remove-AppxPackage | |
| Get-AppxPackage "GAMELOFTSA.Asphalt8Airborne" | Remove-AppxPackage | |
| Get-AppxPackage "flaregamesGmbH.RoyalRevolt2" | Remove-AppxPackage | |
| Get-AppxPackage "AdobeSystemsIncorporated.AdobePhotoshopExpress" | Remove-AppxPackage | |
| Get-AppxPackage "ActiproSoftwareLLC.562882FEEB491" | Remove-AppxPackage | |
| Get-AppxPackage "D5EA27B7.Duolingo-LearnLanguagesforFree" | Remove-AppxPackage | |
| Get-AppxPackage "Facebook.Facebook" | Remove-AppxPackage | |
| Get-AppxPackage "46928bounde.EclipseManager" | Remove-AppxPackage | |
| Get-AppxPackage "A278AB0D.MarchofEmpires" | Remove-AppxPackage | |
| Get-AppxPackage "KeeperSecurityInc.Keeper" | Remove-AppxPackage | |
| Get-AppxPackage "king.com.BubbleWitch3Saga" | Remove-AppxPackage | |
| Get-AppxPackage "89006A2E.AutodeskSketchBook" | Remove-AppxPackage | |
| Get-AppxPackage "CAF9E577.Plex" | Remove-AppxPackage | |
| Get-AppxPackage "A278AB0D.DisneyMagicKingdoms" | Remove-AppxPackage | |
| Get-AppxPackage "828B5831.HiddenCityMysteryofShadows" | Remove-AppxPackage | |
| Get-AppxPackage "WinZipComputing.WinZipUniversal" | Remove-AppxPackage | |
| Get-AppxPackage "SpotifyAB.SpotifyMusic" | Remove-AppxPackage | |
| Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage | |
| Get-AppxPackage "2414FC7A.Viber" | Remove-AppxPackage | |
| Get-AppxPackage "64885BlueEdge.OneCalendar" | Remove-AppxPackage | |
| Get-AppxPackage "41038Axilesoft.ACGMediaPlayer" | Remove-AppxPackage | |
| } | |
| # Disable Xbox features | |
| Function DisableXboxFeatures { | |
| Write-Host "Disabling Xbox features..." | |
| Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxIdentityProvider" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxSpeechToTextOverlay" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.XboxGameOverlay" | Remove-AppxPackage | |
| Get-AppxPackage "Microsoft.Xbox.TCUI" | Remove-AppxPackage | |
| Set-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name "GameDVR_Enabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -Type DWord -Value 0 | |
| } | |
| # Disable built-in Adobe Flash in IE and Edge | |
| Function DisableAdobeFlash { | |
| Write-Host "Disabling built-in Adobe Flash in IE and Edge..." | |
| If (!(Test-Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons")) { | |
| New-Item -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Name "FlashPlayerEnabled" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Name "Flags" -Type DWord -Value 1 | |
| } | |
| # Install Hyper-V - Not applicable to Home | |
| Function InstallHyperV { | |
| Write-Host "Installing Hyper-V..." | |
| If ((Get-WmiObject -Class "Win32_OperatingSystem").Caption -like "*Server*") { | |
| Install-WindowsFeature -Name "Hyper-V" -IncludeManagementTools -WarningAction SilentlyContinue | Out-Null | |
| } | |
| Else { | |
| Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V-All" -NoRestart -WarningAction SilentlyContinue | Out-Null | |
| } | |
| } | |
| # Install Linux Subsystem - Applicable to 1607 or newer, not applicable to Server yet | |
| Function InstallLinuxSubsystem { | |
| Write-Host "Installing Linux Subsystem..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 1 | |
| Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null | |
| } | |
| # Set Photo Viewer association for bmp, gif, jpg, png and tif | |
| Function SetPhotoViewerAssociation { | |
| Write-Host "Setting Photo Viewer association for bmp, gif, jpg, png and tif..." | |
| If (!(Test-Path "HKCR:")) { | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null | |
| } | |
| ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) { | |
| New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null | |
| New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null | |
| Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043" | |
| Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | |
| } | |
| } | |
| # Add Photo Viewer to "Open with..." | |
| Function AddPhotoViewerOpenWith { | |
| Write-Host "Adding Photo Viewer to `"Open with...`"" | |
| If (!(Test-Path "HKCR:")) { | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null | |
| } | |
| New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null | |
| New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043" | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" | |
| } | |
| # Disable search for app in store for unknown extensions | |
| Function DisableSearchAppInStore { | |
| Write-Host "Disabling search for app in store for unknown extensions..." | |
| If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "NoUseStoreOpenWith" -Type DWord -Value 1 | |
| } | |
| ########## | |
| # Unpinning | |
| ########## | |
| # Unpin all Start Menu tiles - Not applicable to Server - Note: This function has no counterpart. You have to pin the tiles back manually. | |
| Function UnpinStartMenuTiles { | |
| Write-Host "Unpinning all Start Menu tiles..." | |
| Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount" -Include "*.group" -Recurse | ForEach-Object { | |
| $data = (Get-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data").Data -Join "," | |
| $data = $data.Substring(0, $data.IndexOf(",0,202,30") + 9) + ",0,202,80,0,0" | |
| Set-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data" -Type Binary -Value $data.Split(",") | |
| } | |
| } | |
| # Remove default printers | |
| Function RemoveDefaultPrinters { | |
| Remove-Printer -Name "Microsoft XPS Document Writer" -ErrorAction:SilentlyContinue | |
| Remove-Printer -Name "Microsoft Print to PDF" -ErrorAction:SilentlyContinue | |
| Remove-Printer -Name "Fax" -ErrorAction:SilentlyContinue | |
| } | |
| #---- TEMPORARY --- | |
| Disable-UAC | |
| #--- Set TimeZone --- | |
| Set-TimeZone -Id "Central Standard Time" -PassThru | |
| #--- Enable developer mode on the system --- | |
| Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\AppModelUnlock -Name AllowDevelopmentWithoutDevLicense -Value 1 | |
| #--- Hyper-v --- | |
| #InstallHyperV | |
| #choco install Microsoft-Hyper-V-All -source WindowsFeatures -y | |
| #--- Docker --- | |
| #Enable-WindowsOptionalFeature -Online -FeatureName containers -All | |
| RefreshEnv | |
| try { | |
| $tweaks = $Configuration | ConvertFrom-Json | |
| } | |
| catch { | |
| throw 'Unable to load configuration file!' | |
| } | |
| if ($tweaks.count -gt 0) { | |
| $RunTweaks = Read-Choice -Message "Continue with the execution of $($tweaks.count) system configuration tweaks?" -Choices @('&Yes', '&No') | |
| if ($RunTweaks -eq 0) { | |
| # Call the desired tweak functions | |
| $tweaks | ForEach-Object { | |
| Invoke-Expression $_ | |
| } | |
| } | |
| } | |
| # Need this to download via Invoke-WebRequest | |
| [net.servicepointmanager]::securityprotocol = [system.security.authentication.sslprotocols] "tls, tls11, tls12" | |
| # Trust the psgallery for installs | |
| Write-Host -ForegroundColor 'Yellow' 'Setting PSGallery as a trusted installation source...' | |
| Set-PSRepository -Name PSGallery -InstallationPolicy Trusted | |
| # Need to set Nuget as a provider before installing modules via PowerShellGet | |
| $null = Install-PackageProvider -Name NuGet -Force | |
| # # Store a few things for later use | |
| # $SpecialPaths = Get-SpecialPaths | |
| $packages = Get-Package | |
| <# | |
| Install any chocolatey packages we want setup now | |
| #> | |
| Write-Output "Installing software via chocolatey" | |
| # Don't try to download and install a package if it shows already installed | |
| $InstalledChocoPackages = (Get-ChocoPackages).Name | |
| $ChocoInstalls = $ChocoInstalls | Where { $InstalledChocoPackages -notcontains $_ } | |
| if ($ChocoInstalls.Count -gt 0) { | |
| # Install a ton of other crap I use or like, update $ChocoInsalls to suit your needs of course | |
| $ChocoInstalls | Foreach-Object { | |
| try { | |
| # cinst $_ | |
| # choco install -y $_ | |
| choco upgrade -y $_ | |
| # choco upgrade -y $_ --cacheLocation "$($env:userprofile)\AppData\Local\Temp\chocolatey" | |
| } | |
| catch { | |
| Write-Warning "Unable to install software package with Chocolatey: $($_)" | |
| } | |
| } | |
| } | |
| else { | |
| Write-Output 'There were no packages to install!' | |
| } | |
| # Visual Studio Code extension setup | |
| if ($null -ne (get-command 'code' -ErrorAction:SilentlyContinue)) { | |
| Write-Host "Installing $($VSCodeExtensions.count) extensions to VS Code" | |
| $VSCodeExtensions | ForEach-Object { | |
| code --install-extension $_ | |
| } | |
| } | |
| # Github releases based software. | |
| Foreach ($software in $GithubReleasesPackages.keys) { | |
| $releases = "https://api.github.com/repos/$software/releases" | |
| Write-Output "Determining latest release for repo $Software" | |
| $tag = (Invoke-WebRequest $releases -UseBasicParsing | ConvertFrom-Json)[0] | |
| $tag.assets | foreach { | |
| if ($_.name -like $GithubReleasesPackages[$software]) { | |
| if ( -not (Test-Path $_.name)) { | |
| try { | |
| Write-Output "Downloading $($_.name)..." | |
| Invoke-WebRequest $_.'browser_download_url' -OutFile $_.Name | |
| $FilesDownloaded += $_.Name | |
| } | |
| catch { } | |
| } | |
| else { | |
| Write-Warning "File is already downloaded, skipping: $($_.Name)" | |
| } | |
| } | |
| } | |
| } | |
| if ($CreatePowershellProfile -and (-not (Test-Path $PROFILE))) { | |
| Write-Output 'Creating user powershell profile...' | |
| $MyPowerShellProfile | Out-File -FilePath $PROFILE -Encoding:utf8 -Force | |
| } | |
| Install-WindowsUpdate -AcceptEula -GetUpdatesFromMS | |
| Enable-UAC | |
| if (Test-PendingReboot) { | |
| Invoke-Reboot | |
| } | |
| Write-Host -ForegroundColor:Green "Install and configuration complete!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment