Boxstarter Commands for a new Windows box.

boxstarter.ps1

# Description: Boxstarter Script
# Author: Jess Frazelle <jess@linux.com>
# Last Updated: 2017-09-11
#
# Install boxstarter:
# 	. { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:
# 	start http://boxstarter.org/package/nr/url?<URL-TO-RAW-GIST>
# OR
# 	Install-BoxstarterPackage -PackageName <URL-TO-RAW-GIST> -DisableReboots
#
# Learn more: http://boxstarter.org/Learn/WebLauncher

#---- TEMPORARY ---
Disable-UAC

#--- Fonts ---
choco install inconsolata -y
  
#--- Windows Settings ---
Disable-BingSearch
Disable-GameBarTips

Set-WindowsExplorerOptions -EnableShowHiddenFilesFoldersDrives -EnableShowProtectedOSFiles -EnableShowFileExtensions
Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -Lock
Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -AlwaysShowIconsOn

#--- Windows Subsystems/Features ---
choco install Microsoft-Hyper-V-All -source windowsFeatures
choco install Microsoft-Windows-Subsystem-Linux -source windowsfeatures

#--- Tools ---
# choco install git -params '"/GitAndUnixToolsOnPath /WindowsTerminal"' -y
# choco install poshgit
choco install sysinternals -y
# choco install vim

#--- Apps ---
choco install googlechrome
choco install docker-for-windows
choco install sharex
# choco install microsoft-teams
# choco install vcxsrv

#--- Uninstall unecessary applications that come with Windows out of the box ---

# 3D Builder
Get-AppxPackage Microsoft.3DBuilder | Remove-AppxPackage

# Alarms
Get-AppxPackage Microsoft.WindowsAlarms | Remove-AppxPackage

# Autodesk
Get-AppxPackage *Autodesk* | Remove-AppxPackage

# Bing Weather, News, Sports, and Finance (Money):
Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage
Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage
Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage
Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage

# BubbleWitch
Get-AppxPackage *BubbleWitch* | Remove-AppxPackage

# Candy Crush
Get-AppxPackage king.com.CandyCrush* | Remove-AppxPackage

# Comms Phone
Get-AppxPackage Microsoft.CommsPhone | Remove-AppxPackage

# Dell
Get-AppxPackage *Dell* | Remove-AppxPackage

# Dropbox
Get-AppxPackage *Dropbox* | Remove-AppxPackage

# Facebook
Get-AppxPackage *Facebook* | Remove-AppxPackage

# Feedback Hub
Get-AppxPackage Microsoft.WindowsFeedbackHub | Remove-AppxPackage

# Get Started
Get-AppxPackage Microsoft.Getstarted | Remove-AppxPackage

# Keeper
Get-AppxPackage *Keeper* | Remove-AppxPackage

# Mail & Calendar
Get-AppxPackage microsoft.windowscommunicationsapps | Remove-AppxPackage

# Maps
Get-AppxPackage Microsoft.WindowsMaps | Remove-AppxPackage

# March of Empires
Get-AppxPackage *MarchofEmpires* | Remove-AppxPackage

# McAfee Security
Get-AppxPackage *McAfee* | Remove-AppxPackage

# Uninstall McAfee Security App
$mcafee = gci "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" | foreach { gp $_.PSPath } | ? { $_ -match "McAfee Security" } | select UninstallString
if ($mcafee) {
	$mcafee = $mcafee.UninstallString -Replace "C:\Program Files\McAfee\MSC\mcuihost.exe",""
	Write "Uninstalling McAfee..."
	start-process "C:\Program Files\McAfee\MSC\mcuihost.exe" -arg "$mcafee" -Wait
}

# Messaging
Get-AppxPackage Microsoft.Messaging | Remove-AppxPackage

# Minecraft
Get-AppxPackage *Minecraft* | Remove-AppxPackage

# Netflix
Get-AppxPackage *Netflix* | Remove-AppxPackage

# Office Hub
Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage

# One Connect
Get-AppxPackage Microsoft.OneConnect | Remove-AppxPackage

# OneNote
Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage

# People
Get-AppxPackage Microsoft.People | Remove-AppxPackage

# Phone
Get-AppxPackage Microsoft.WindowsPhone | Remove-AppxPackage

# Photos
Get-AppxPackage Microsoft.Windows.Photos | Remove-AppxPackage

# Plex
Get-AppxPackage *Plex* | Remove-AppxPackage

# Skype (Metro version)
Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage

# Sound Recorder
Get-AppxPackage Microsoft.WindowsSoundRecorder | Remove-AppxPackage

# Solitaire
Get-AppxPackage *Solitaire* | Remove-AppxPackage

# Sticky Notes
Get-AppxPackage Microsoft.MicrosoftStickyNotes | Remove-AppxPackage

# Sway
Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage

# Twitter
Get-AppxPackage *Twitter* | Remove-AppxPackage

# Xbox
Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxIdentityProvider | Remove-AppxPackage

# Zune Music, Movies & TV
Get-AppxPackage Microsoft.ZuneMusic | Remove-AppxPackage
Get-AppxPackage Microsoft.ZuneVideo | Remove-AppxPackage

#--- Windows Settings ---
# Some from: @NickCraver's gist https://gist.github.com/NickCraver/7ebf9efbfd0c3eab72e9

# Privacy: Let apps use my advertising ID: Disable
If (-Not (Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) {
    New-Item -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo | Out-Null
}
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo -Name Enabled -Type DWord -Value 0

# WiFi Sense: HotSpot Sharing: Disable
If (-Not (Test-Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) {
    New-Item -Path HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting | Out-Null
}
Set-ItemProperty -Path HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting -Name value -Type DWord -Value 0

# WiFi Sense: Shared HotSpot Auto-Connect: Disable
Set-ItemProperty -Path HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots -Name value -Type DWord -Value 0

# Start Menu: Disable Bing Search Results
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search -Name BingSearchEnabled -Type DWord -Value 0
# To Restore (Enabled):
# Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search -Name BingSearchEnabled -Type DWord -Value 1

# Disable Telemetry (requires a reboot to take effect)
# Note this may break Insider builds for your organization
# Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection -Name AllowTelemetry -Type DWord -Value 0
# Get-Service DiagTrack,Dmwappushservice | Stop-Service | Set-Service -StartupType Disabled

# Change Explorer home screen back to "This PC"
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name LaunchTo -Type DWord -Value 1
# Change it back to "Quick Access" (Windows 10 default)
# Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name LaunchTo -Type DWord -Value 2

# Better File Explorer
Set-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name NavPaneExpandToCurrentFolder -Value 1		
Set-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name NavPaneShowAllFolders -Value 1		
Set-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name MMTaskbarMode -Value 2

# These make "Quick Access" behave much closer to the old "Favorites"
# Disable Quick Access: Recent Files
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name ShowRecent -Type DWord -Value 0
# Disable Quick Access: Frequent Folders
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name ShowFrequent -Type DWord -Value 0
# To Restore:
# Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name ShowRecent -Type DWord -Value 1
# Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name ShowFrequent -Type DWord -Value 1

# Disable the Lock Screen (the one before password prompt - to prevent dropping the first character)
If (-Not (Test-Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization)) {
	New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows -Name Personalization | Out-Null
}
Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization -Name NoLockScreen -Type DWord -Value 1
# To Restore:
# Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization -Name NoLockScreen -Type DWord -Value 1

# Lock screen (not sleep) on lid close
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power' -Name AwayModeEnabled -Type DWord -Value 1
# To Restore:
# Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power' -Name AwayModeEnabled -Type DWord -Value 0

# Use the Windows 7-8.1 Style Volume Mixer
If (-Not (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC")) {
	New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name MTCUVC | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC" -Name EnableMtcUvc -Type DWord -Value 0
# To Restore (Windows 10 Style Volume Control):
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC" -Name EnableMtcUvc -Type DWord -Value 1

# Disable Xbox Gamebar
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR" -Name AppCaptureEnabled -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name GameDVR_Enabled -Type DWord -Value 0

# Turn off People in Taskbar
If (-Not (Test-Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
    New-Item -Path HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People | Out-Null
}
Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name PeopleBand -Type DWord -Value 0

#--- Restore Temporary Settings ---
Enable-UAC
Enable-MicrosoftUpdate
Install-WindowsUpdate -acceptEula

#--- Rename the Computer ---
# Requires restart, or add the -Restart flag
$computername = "acidburn"
if ($env:computername -ne $computername) {
	Rename-Computer -NewName $computername
}

Missing cmder (and a happy wsl terminal :p %windir%\system32\bash.exe ~ -c zsh -cur_console:p)

Missing cmder (and a happy wsl terminal :p %windir%\system32\bash.exe ~ -c zsh -cur_console:p)

I guess depending on your edition of windows installed (im running Pro), Get-AppxPackage Soda | Remove-AppxPackage will remove the Candy Crush Soda package that comes installed.

I guess depending on your edition of windows installed (im running Pro), Get-AppxPackage Soda | Remove-AppxPackage will remove the Candy Crush Soda package that comes installed.

My 2 cents:
#--- List all installed programs --#
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall* | sort -property DisplayName | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |Format-Table -AutoSize

#--- List all store-installed programs --#
Get-AppxPackage | sort -property Name | Select-Object Name, PackageFullName, Version | Format-Table -AutoSize

My 2 cents:
#--- List all installed programs --#
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall* | sort -property DisplayName | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |Format-Table -AutoSize

#--- List all store-installed programs --#
Get-AppxPackage | sort -property Name | Select-Object Name, PackageFullName, Version | Format-Table -AutoSize

Nick Craver has a very nice setup script. Removes all tracking, data collection, Bing search results and lots of stupid unwanted defaults.

Nick Craver has a very nice setup script. Removes all tracking, data collection, Bing search results and lots of stupid unwanted defaults.

To get to here, you still have to manually go through the Windows Setup, right?

To get to here, you still have to manually go through the Windows Setup, right?

these are super awesome thanks!

these are super awesome thanks!

does choco install git -params '"/GitAndUnixToolsOnPath break WSL at all? Windows will use the first bash.exe found in $ENV:PATH and Git installs one at c:\program files\gin\bin\bash.exe

does choco install git -params '"/GitAndUnixToolsOnPath break WSL at all? Windows will use the first bash.exe found in $ENV:PATH and Git installs one at c:\program files\gin\bin\bash.exe

@minexew it could be automated. You can use a RunOnce script from an unattend.xml file to launch this. That's also the place where you'd configure default users & passwords, etc. Most Packer scripts use this approach to get the machine up with a known user/pass like vagrant/vagrant, then run extra scripts with their shell postprocessor before packaging the box up.

I recommend looking at the files here if you're familiar with Packer. Stefan and I use these for automated VM setups but the unattend.xml and most of the same scripts would work off a floppy or USB key on a real machine too - https://github.com/StefanScherer/packer-windows

@minexew it could be automated. You can use a RunOnce script from an unattend.xml file to launch this. That's also the place where you'd configure default users & passwords, etc. Most Packer scripts use this approach to get the machine up with a known user/pass like vagrant/vagrant, then run extra scripts with their shell postprocessor before packaging the box up.

I recommend looking at the files here if you're familiar with Packer. Stefan and I use these for automated VM setups but the unattend.xml and most of the same scripts would work off a floppy or USB key on a real machine too - https://github.com/StefanScherer/packer-windows

I did a fresh Win10 install and ran this script. Here are some junk apps (AppX) still on it:

KeeperSecurityInc.Keeper
89006A2E.AutodeskSketchBook
CAF9E577.Plex
king.com.BubbleWitch3Saga

I did a fresh Win10 install and ran this script. Here are some junk apps (AppX) still on it:

KeeperSecurityInc.Keeper
89006A2E.AutodeskSketchBook
CAF9E577.Plex
king.com.BubbleWitch3Saga

If you don't mind asking, what laptop are using? Surface?

If you don't mind asking, what laptop are using? Surface?

This looks great! I'm totally gonna cop a few lines from here for my own setup.

A few things you may find helpful:

1. choco upgrade is idempotent, so I use it instead of choco install.
2. ConEmu is basically iTerm2 for Windows, but you use Linux normally so I dunno what the analog is, but point being, tabbed terminals, start every PS session as Admin if you configure it as your default shell, nice copy/paste, etc. It's a must-have IMO: choco upgrade conemu

This looks great! I'm totally gonna cop a few lines from here for my own setup.

A few things you may find helpful:

1. choco upgrade is idempotent, so I use it instead of choco install.
2. ConEmu is basically iTerm2 for Windows, but you use Linux normally so I dunno what the analog is, but point being, tabbed terminals, start every PS session as Admin if you configure it as your default shell, nice copy/paste, etc. It's a must-have IMO: choco upgrade conemu

Umm. choco upgrade is NOT idempotent. Without a --version=xxx option, Chocolatey will happily upgrade the app to the newer version if one is available because that is what you told it to do. choco install IS idempotent unless you specify the --version=xxx option.

Umm. choco upgrade is NOT idempotent. Without a --version=xxx option, Chocolatey will happily upgrade the app to the newer version if one is available because that is what you told it to do. choco install IS idempotent unless you specify the --version=xxx option.

chocolatey is not yet handling application configuration isn't it?

chocolatey is not yet handling application configuration isn't it?

There is a group policy to prevent automatic reboots for Windows Update while a user is logged in.
I found the key it changes using procmon and tested setting it in PS.

$auPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8FA01A01-4B9C-4A5F-9E4B-5242B1CA676A}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
New-Item $auPath -Force
Set-ItemProperty -Path $auPath -Name NoAutoRebootWithLoggedOnUsers -Type DWord -Value 1 -Force

There is a group policy to prevent automatic reboots for Windows Update while a user is logged in.
I found the key it changes using procmon and tested setting it in PS.

$auPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8FA01A01-4B9C-4A5F-9E4B-5242B1CA676A}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
New-Item $auPath -Force
Set-ItemProperty -Path $auPath -Name NoAutoRebootWithLoggedOnUsers -Type DWord -Value 1 -Force

Promoted that gist of yours at my company
Thanks for sharing this !!

Promoted that gist of yours at my company
Thanks for sharing this !!

Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

:)

Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

:)

@devblackops You're right - my bad.

@devblackops You're right - my bad.

anyone have something they're working on for Server 2016?

anyone have something they're working on for Server 2016?

@jahands does your group policy regedit entry actually work to avoid reboots when logged in?
My Windows 10 machine keeps rebooting anyway. I'm on Windows 10 Pro 1709 (OS build 16299.309).

@jahands does your group policy regedit entry actually work to avoid reboots when logged in?
My Windows 10 machine keeps rebooting anyway. I'm on Windows 10 Pro 1709 (OS build 16299.309).