hedlund/setup-win.ps1

## setup-win.ps1
#Requires -RunAsAdministrator

# Install by running:
#    iex (new-object net.webclient).downloadstring('https://gist.githubusercontent.com/hedlund/eb0460760d78faa95fd385bd31e47dd2/raw/2d5ecf501a62b60d023f7232f2731bdbdaacf5f1/setup-win.ps1')

###############################################################################
# Configuration

$TOOLS_DIR = "C:\tools"
$WEASEL_PAGEANT_VERSION = "1.1"


###############################################################################
# Make sure user is admin

$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$CurrentUserIsAdmin = $false
$CurrentUser.Groups | ForEach-Object { if($_.value -eq "S-1-5-32-544") { $CurrentUserIsAdmin = $true } }
if (!($CurrentUserIsAdmin)) {
    Write-Warning "You need to run this script as elevated administrator. Aborting!"
    Exit 102
}


###############################################################################
# Functions

Function Test-RegistryValue([String]$Path, [String]$Name) {

    if (Test-Path $Path) {
        $Key = Get-Item -LiteralPath $Path
        if ($Key.GetValue($Name, $null) -ne $null) {
            return $true
        }
    }
    return $false
}

Function Get-RegistryValue([String]$Path, [String]$Name) {

    if (Test-Path $Path) {
        $Key = Get-Item -LiteralPath $Path
        if ($Key.GetValue($Name, $null) -ne $null) {
            return $Key.GetValue($Name, $null)
        }
    }
    return $null
}

Function Add-RegistryKey([string]$Path) {

    if (!(Test-Path $Path)) {
        $parent = "$Path\.."

        $grandParent = "$parent\.."
        if (!(Test-Path $grandParent)) {
            New-Item -Path $grandParent | Out-Null
        }

        if (!(Test-Path $parent)) {
            New-Item -Path $parent | Out-Null
        }

        New-Item -Path $Path | Out-Null
    }
}

Function Set-RegistryDWord([String]$Path, [String]$Name, [int32]$Value) {

    $old = Get-RegistryValue -Path $Path -Name $Name
    if ($old -ne $null -and [int32]$old -eq $Value) {
        # Already the correct value...
        return
    }

    if (Test-RegistryValue $Path $Name) {
        Set-ItemProperty -Path $Path -Name $Name -Value $Value
    } else {
        Add-RegistryKey -Path $Path
        New-ItemProperty -Path $Path -Name $Name -PropertyType DWord -Value $Value | Out-Null
    }
}

Function Set-RegistryString([String]$Path, [String]$Name, [string]$Value){

    $old = Get-RegistryValue -Path $Path -Name $Name
    if ($old -ne $null -and [string]$old -eq $Value) {
        # Already the correct value...
        return
    }

    if (Test-RegistryValue $Path $Name) {
        Set-ItemProperty -Path $Path -Name $Name -Value $Value
    } else {
        Add-RegistryKey -Path $Path
        New-ItemProperty -Path $Path -Name $Name -PropertyType String -Value $Value | Out-Null
    }
}

Function Set-DeviceAccess([string]$Guid, [string]$Value){
    Set-RegistryString -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{$Guid}" -Name Value -Value $Value
}

###############################################################################
# Installation

# Set execution policy to be able to run sremote scripts
if ((Get-ExecutionPolicy) -eq "Restricted") {
    Set-ExecutionPolicy RemoteSigned -scope CurrentUser
}

# Install Scoop
if (!(Get-Command "scoop" -errorAction SilentlyContinue)) {
   Invoke-Expression (New-Object Net.WebClient).DownloadString('https://get.scoop.sh')
}

# Install Choco
if (!(Get-Command "choco" -errorAction SilentlyContinue)) {
   Invoke-Expression (New-Object Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')
}

# We need to install git before adding buckets to Scoop...
scoop install openssh git

# ...then add the buckets
scoop bucket add extras
scoop bucket add nerd-fonts

# Install most things using Scoop...
scoop install autohotkey
scoop install cmder
scoop install docker
scoop install firefox-developer
scoop install godot
scoop install gpg4win
scoop install hyper
scoop install mobaxterm
scoop install now-cli
scoop install postman
scoop install slack
scoop install sudo ln touch time
scoop install vscode
scoop install wox
scoop install zeal

# ...and the rest using Choco
choco install -y 1password
choco install -y boostnote
choco install -y caffeine
choco install -y dropbox
choco install -y googlechrome
choco install -y spotify

# Make sure we have a tools directory
New-Item -Force -ItemType directory -Path "$TOOLS_DIR"

# Check if we need to install weasel-pageant
if (![System.IO.File]::Exists("$TOOLS_DIR\weasel-pageant\weasel-pageant")) {

    # Download the release ZIP file...
    $weasel_file = "$TOOLS_DIR\weasel-pageant.zip"
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    (new-object net.webclient).DownloadFile("https://github.com/vuori/weasel-pageant/releases/download/v$WEASEL_PAGEANT_VERSION/weasel-pageant-$WEASEL_PAGEANT_VERSION.zip", $weasel_file)

    # ...and unzip it and move it into place
    $shell_app=new-object -com shell.application
    $shell_app.namespace($TOOLS_DIR).CopyHere($shell_app.namespace($weasel_file).items())
    Rename-Item -Path "$TOOLS_DIR\weasel-pageant-$WEASEL_PAGEANT_VERSION" -NewName "weasel-pageant" -ErrorAction Stop

    # Cleanup
    Remove-Item -Path "$weasel_file"
}


###############################################################################
# Privacy / General

# Disable Allow apps to use advertising ID to make ads more interesting to you...
Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name Enabled -Value 0

# Disable Allow websites to provide locally relevant content by accessing my language list
Set-RegistryDWord -Path "HKCU:\Control Panel\International\User Profile" -Name HttpAcceptLanguageOptOut -Value 1

# Disable Allow Windows to track app launches to improve Start and search results
Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_TrackProgs -Value 0

###############################################################################
# Privacy / Speech, inking & typing

# Turn off speech services and typing suggestions
Set-RegistryDWord -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name RestrictImplicitInkCollection -Value 1
Set-RegistryDWord -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name RestrictImplicitTextCollection -Value 1
Set-RegistryDWord -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name HarvestContacts -Value 0
Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name AcceptedPrivacyPolicy -Value 0

###############################################################################
# Privacy / Diagnostic & feedback

# Set Diagnostic data to Basic
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name AllowTelemetry -Value 1

# Disable Improve inking & typing recognition
Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name Enabled -Value 0

# Disable Tailored experiences
Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Privacy" -Name TailoredExperiencesWithDiagnosticDataEnabled -Value 0

# Disable Diagnostic data viewer
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventTranscriptKey" -Name EnableEventTranscript -Value 0

###############################################################################
# Edge

[string]$EdgeKey = "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge"

# Set dark theme
Set-RegistryDWord -Path "$EdgeKey\Main" -Name Theme -Value 1

# Send Do Not Track requests
Set-RegistryDWord -Path "$EdgeKey\Main" -Name DoNotTrack -Value 1

# Do not save passwords
Set-RegistryString -Path "$EdgeKey\Main" -Name "FormSuggest Passwords" -Value "no"

# Do not save cards
Set-RegistryString -Path "$EdgeKey\Main" -Name UsePaymentFormFill -Value "no"

# Do not bug me about default browser
Set-RegistryDWord -Path "$EdgeKey\Main" -Name DisallowDefaultBrowserPrompt -Value 1

# Disable search suggestions
Set-RegistryDWord -Path "$EdgeKey\User\Default\SearchScopes" -Name ShowSearchSuggestionsGlobal -Value 0

# Disable page prediction
Set-RegistryDWord -Path "$EdgeKey\FlipAhead" -Name FPEnabled -Value 0

# Enable phising filter
Set-RegistryDWord -Path "$EdgeKey\PhishingFilter" -Name EnabledV9 -Value 1

###############################################################################
# Misc privacy settings

# Disable Wifi Sense
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name AutoConnectAllowedOEM  -Value 0
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name WiFiSenseCredShared -Value 0
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name WiFiSenseOpen -Value 0

# Disable Share updates
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name DODownloadMode -Value 0

# Disable Telemetry service
Stop-Service -Name DiagTrack -Force
Set-Service -Name DiagTrack -StartupType Disabled
if ((Get-Service | Where-Object Name -eq dmwappushservice).count -eq 1) {
    Stop-Service -Name dmwappushservice -Force
    Set-Service -Name dmwappushservice -StartupType Disabled
}
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name AllowTelemetry -Value 0

###############################################################################
# Screen saver

# Set a 3 minute timeout and require password
Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaveActive" -Value 1
Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaverIsSecure" -Value 1
Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaveTimeOut" -Value 180
Set-RegistryString -Path "HKCU:\Control Panel\Desktop" -Name "SCRNSAVE.EXE" -Value "C:\Windows\system32\scrnsave.scr"

# Set a 5 second grace period
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "ScreenSaverGracePeriod" -Value 5


###############################################################################
# Uninstall some Windows Store crap

Get-AppxPackage A278AB0D.* | Remove-AppxPackage
Get-AppxPackage king.com.* | Remove-AppxPackage
Get-AppxPackage Microsoft.MicrosoftSolitaireCollection* | Remove-AppxPackage
Get-AppxPackage Microsoft.MicrosoftOfficeHub* | Remove-AppxPackage
Get-AppxPackage 828B5831.HiddenCity* | Remove-AppxPackage

# Prevent "Suggested Applications" from returning
Set-RegistryDWord -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" -Name "DisableWindowsConsumerFeatures" -Value 1


###############################################################################
# Remove OneDrive

# Kill the OneDrive and Explorer processes
taskkill.exe /F /IM "OneDrive.exe"
taskkill.exe /F /IM "explorer.exe"

# Run the OneDrive uninstall if it exists
if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") {
    & "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall
}

# Cleanup some remaining folders and files
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive"
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive"
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "C:\OneDriveTemp"
Remove-Item -Force -ErrorAction SilentlyContinue "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"

# Remove from Explorer sidebar
New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR"
Set-RegistryDWord -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Name "System.IsPinnedToNameSpaceTree" -Value 0
Set-RegistryDWord -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Name "System.IsPinnedToNameSpaceTree" -Value 0
Remove-PSDrive "HKCR"

# Restart Explorer and give it time to start
start "explorer.exe"
sleep 15


###############################################################################
# Enable LXSS - Requires restart!

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
	#Requires -RunAsAdministrator

	# Install by running:
	# iex (new-object net.webclient).downloadstring('https://gist.githubusercontent.com/hedlund/eb0460760d78faa95fd385bd31e47dd2/raw/2d5ecf501a62b60d023f7232f2731bdbdaacf5f1/setup-win.ps1')

	###############################################################################
	# Configuration

	$TOOLS_DIR = "C:\tools"
	$WEASEL_PAGEANT_VERSION = "1.1"


	###############################################################################
	# Make sure user is admin

	$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent()
	$CurrentUserIsAdmin = $false
	$CurrentUser.Groups \| ForEach-Object { if($_.value -eq "S-1-5-32-544") { $CurrentUserIsAdmin = $true } }
	if (!($CurrentUserIsAdmin)) {
	Write-Warning "You need to run this script as elevated administrator. Aborting!"
	Exit 102
	}


	###############################################################################
	# Functions

	Function Test-RegistryValue([String]$Path, [String]$Name) {

	if (Test-Path $Path) {
	$Key = Get-Item -LiteralPath $Path
	if ($Key.GetValue($Name, $null) -ne $null) {
	return $true
	}
	}
	return $false
	}

	Function Get-RegistryValue([String]$Path, [String]$Name) {

	if (Test-Path $Path) {
	$Key = Get-Item -LiteralPath $Path
	if ($Key.GetValue($Name, $null) -ne $null) {
	return $Key.GetValue($Name, $null)
	}
	}
	return $null
	}

	Function Add-RegistryKey([string]$Path) {

	if (!(Test-Path $Path)) {
	$parent = "$Path\.."

	$grandParent = "$parent\.."
	if (!(Test-Path $grandParent)) {
	New-Item -Path $grandParent \| Out-Null
	}

	if (!(Test-Path $parent)) {
	New-Item -Path $parent \| Out-Null
	}

	New-Item -Path $Path \| Out-Null
	}
	}

	Function Set-RegistryDWord([String]$Path, [String]$Name, [int32]$Value) {

	$old = Get-RegistryValue -Path $Path -Name $Name
	if ($old -ne $null -and [int32]$old -eq $Value) {
	# Already the correct value...
	return
	}

	if (Test-RegistryValue $Path $Name) {
	Set-ItemProperty -Path $Path -Name $Name -Value $Value
	} else {
	Add-RegistryKey -Path $Path
	New-ItemProperty -Path $Path -Name $Name -PropertyType DWord -Value $Value \| Out-Null
	}
	}

	Function Set-RegistryString([String]$Path, [String]$Name, [string]$Value){

	$old = Get-RegistryValue -Path $Path -Name $Name
	if ($old -ne $null -and [string]$old -eq $Value) {
	# Already the correct value...
	return
	}

	if (Test-RegistryValue $Path $Name) {
	Set-ItemProperty -Path $Path -Name $Name -Value $Value
	} else {
	Add-RegistryKey -Path $Path
	New-ItemProperty -Path $Path -Name $Name -PropertyType String -Value $Value \| Out-Null
	}
	}

	Function Set-DeviceAccess([string]$Guid, [string]$Value){
	Set-RegistryString -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{$Guid}" -Name Value -Value $Value
	}

	###############################################################################
	# Installation

	# Set execution policy to be able to run sremote scripts
	if ((Get-ExecutionPolicy) -eq "Restricted") {
	Set-ExecutionPolicy RemoteSigned -scope CurrentUser
	}

	# Install Scoop
	if (!(Get-Command "scoop" -errorAction SilentlyContinue)) {
	Invoke-Expression (New-Object Net.WebClient).DownloadString('https://get.scoop.sh')
	}

	# Install Choco
	if (!(Get-Command "choco" -errorAction SilentlyContinue)) {
	Invoke-Expression (New-Object Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')
	}

	# We need to install git before adding buckets to Scoop...
	scoop install openssh git

	# ...then add the buckets
	scoop bucket add extras
	scoop bucket add nerd-fonts

	# Install most things using Scoop...
	scoop install autohotkey
	scoop install cmder
	scoop install docker
	scoop install firefox-developer
	scoop install godot
	scoop install gpg4win
	scoop install hyper
	scoop install mobaxterm
	scoop install now-cli
	scoop install postman
	scoop install slack
	scoop install sudo ln touch time
	scoop install vscode
	scoop install wox
	scoop install zeal

	# ...and the rest using Choco
	choco install -y 1password
	choco install -y boostnote
	choco install -y caffeine
	choco install -y dropbox
	choco install -y googlechrome
	choco install -y spotify

	# Make sure we have a tools directory
	New-Item -Force -ItemType directory -Path "$TOOLS_DIR"

	# Check if we need to install weasel-pageant
	if (![System.IO.File]::Exists("$TOOLS_DIR\weasel-pageant\weasel-pageant")) {

	# Download the release ZIP file...
	$weasel_file = "$TOOLS_DIR\weasel-pageant.zip"
	[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
	(new-object net.webclient).DownloadFile("https://github.com/vuori/weasel-pageant/releases/download/v$WEASEL_PAGEANT_VERSION/weasel-pageant-$WEASEL_PAGEANT_VERSION.zip", $weasel_file)

	# ...and unzip it and move it into place
	$shell_app=new-object -com shell.application
	$shell_app.namespace($TOOLS_DIR).CopyHere($shell_app.namespace($weasel_file).items())
	Rename-Item -Path "$TOOLS_DIR\weasel-pageant-$WEASEL_PAGEANT_VERSION" -NewName "weasel-pageant" -ErrorAction Stop

	# Cleanup
	Remove-Item -Path "$weasel_file"
	}


	###############################################################################
	# Privacy / General

	# Disable Allow apps to use advertising ID to make ads more interesting to you...
	Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name Enabled -Value 0

	# Disable Allow websites to provide locally relevant content by accessing my language list
	Set-RegistryDWord -Path "HKCU:\Control Panel\International\User Profile" -Name HttpAcceptLanguageOptOut -Value 1

	# Disable Allow Windows to track app launches to improve Start and search results
	Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_TrackProgs -Value 0

	###############################################################################
	# Privacy / Speech, inking & typing

	# Turn off speech services and typing suggestions
	Set-RegistryDWord -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name RestrictImplicitInkCollection -Value 1
	Set-RegistryDWord -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name RestrictImplicitTextCollection -Value 1
	Set-RegistryDWord -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name HarvestContacts -Value 0
	Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name AcceptedPrivacyPolicy -Value 0

	###############################################################################
	# Privacy / Diagnostic & feedback

	# Set Diagnostic data to Basic
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name AllowTelemetry -Value 1

	# Disable Improve inking & typing recognition
	Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name Enabled -Value 0

	# Disable Tailored experiences
	Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Privacy" -Name TailoredExperiencesWithDiagnosticDataEnabled -Value 0

	# Disable Diagnostic data viewer
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventTranscriptKey" -Name EnableEventTranscript -Value 0

	###############################################################################
	# Edge

	[string]$EdgeKey = "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge"

	# Set dark theme
	Set-RegistryDWord -Path "$EdgeKey\Main" -Name Theme -Value 1

	# Send Do Not Track requests
	Set-RegistryDWord -Path "$EdgeKey\Main" -Name DoNotTrack -Value 1

	# Do not save passwords
	Set-RegistryString -Path "$EdgeKey\Main" -Name "FormSuggest Passwords" -Value "no"

	# Do not save cards
	Set-RegistryString -Path "$EdgeKey\Main" -Name UsePaymentFormFill -Value "no"

	# Do not bug me about default browser
	Set-RegistryDWord -Path "$EdgeKey\Main" -Name DisallowDefaultBrowserPrompt -Value 1

	# Disable search suggestions
	Set-RegistryDWord -Path "$EdgeKey\User\Default\SearchScopes" -Name ShowSearchSuggestionsGlobal -Value 0

	# Disable page prediction
	Set-RegistryDWord -Path "$EdgeKey\FlipAhead" -Name FPEnabled -Value 0

	# Enable phising filter
	Set-RegistryDWord -Path "$EdgeKey\PhishingFilter" -Name EnabledV9 -Value 1

	###############################################################################
	# Misc privacy settings

	# Disable Wifi Sense
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name AutoConnectAllowedOEM -Value 0
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name WiFiSenseCredShared -Value 0
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name WiFiSenseOpen -Value 0

	# Disable Share updates
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name DODownloadMode -Value 0

	# Disable Telemetry service
	Stop-Service -Name DiagTrack -Force
	Set-Service -Name DiagTrack -StartupType Disabled
	if ((Get-Service \| Where-Object Name -eq dmwappushservice).count -eq 1) {
	Stop-Service -Name dmwappushservice -Force
	Set-Service -Name dmwappushservice -StartupType Disabled
	}
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name AllowTelemetry -Value 0

	###############################################################################
	# Screen saver

	# Set a 3 minute timeout and require password
	Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaveActive" -Value 1
	Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaverIsSecure" -Value 1
	Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaveTimeOut" -Value 180
	Set-RegistryString -Path "HKCU:\Control Panel\Desktop" -Name "SCRNSAVE.EXE" -Value "C:\Windows\system32\scrnsave.scr"

	# Set a 5 second grace period
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "ScreenSaverGracePeriod" -Value 5


	###############################################################################
	# Uninstall some Windows Store crap

	Get-AppxPackage A278AB0D.* \| Remove-AppxPackage
	Get-AppxPackage king.com.* \| Remove-AppxPackage
	Get-AppxPackage Microsoft.MicrosoftSolitaireCollection* \| Remove-AppxPackage
	Get-AppxPackage Microsoft.MicrosoftOfficeHub* \| Remove-AppxPackage
	Get-AppxPackage 828B5831.HiddenCity* \| Remove-AppxPackage

	# Prevent "Suggested Applications" from returning
	Set-RegistryDWord -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" -Name "DisableWindowsConsumerFeatures" -Value 1


	###############################################################################
	# Remove OneDrive

	# Kill the OneDrive and Explorer processes
	taskkill.exe /F /IM "OneDrive.exe"
	taskkill.exe /F /IM "explorer.exe"

	# Run the OneDrive uninstall if it exists
	if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") {
	& "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall
	}

	# Cleanup some remaining folders and files
	Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive"
	Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive"
	Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "C:\OneDriveTemp"
	Remove-Item -Force -ErrorAction SilentlyContinue "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"

	# Remove from Explorer sidebar
	New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR"
	Set-RegistryDWord -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Name "System.IsPinnedToNameSpaceTree" -Value 0
	Set-RegistryDWord -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Name "System.IsPinnedToNameSpaceTree" -Value 0
	Remove-PSDrive "HKCR"

	# Restart Explorer and give it time to start
	start "explorer.exe"
	sleep 15


	###############################################################################
	# Enable LXSS - Requires restart!

	Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux