Skip to content

Instantly share code, notes, and snippets.

@jessfraz
Last active July 7, 2024 22:46
Show Gist options
  • Save jessfraz/7c319b046daa101a4aaef937a20ff41f to your computer and use it in GitHub Desktop.
Save jessfraz/7c319b046daa101a4aaef937a20ff41f to your computer and use it in GitHub Desktop.
Boxstarter Commands for a new Windows box.
# Description: Boxstarter Script
# Author: Jess Frazelle <jess@linux.com>
# Last Updated: 2017-09-11
#
# Install boxstarter:
# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:
# start http://boxstarter.org/package/nr/url?<URL-TO-RAW-GIST>
# OR
# Install-BoxstarterPackage -PackageName <URL-TO-RAW-GIST> -DisableReboots
#
# Learn more: http://boxstarter.org/Learn/WebLauncher
#---- TEMPORARY ---
Disable-UAC
#--- Fonts ---
choco install inconsolata -y
#--- Windows Settings ---
Disable-BingSearch
Disable-GameBarTips
Set-WindowsExplorerOptions -EnableShowHiddenFilesFoldersDrives -EnableShowProtectedOSFiles -EnableShowFileExtensions
Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -Lock
Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -AlwaysShowIconsOn
#--- Windows Subsystems/Features ---
choco install Microsoft-Hyper-V-All -source windowsFeatures
choco install Microsoft-Windows-Subsystem-Linux -source windowsfeatures
#--- Tools ---
# choco install git -params '"/GitAndUnixToolsOnPath /WindowsTerminal"' -y
# choco install poshgit
choco install sysinternals -y
# choco install vim
#--- Apps ---
choco install googlechrome
choco install docker-for-windows
choco install sharex
# choco install microsoft-teams
# choco install vcxsrv
#--- Uninstall unecessary applications that come with Windows out of the box ---
# 3D Builder
Get-AppxPackage Microsoft.3DBuilder | Remove-AppxPackage
# Alarms
Get-AppxPackage Microsoft.WindowsAlarms | Remove-AppxPackage
# Autodesk
Get-AppxPackage *Autodesk* | Remove-AppxPackage
# Bing Weather, News, Sports, and Finance (Money):
Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage
Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage
Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage
Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage
# BubbleWitch
Get-AppxPackage *BubbleWitch* | Remove-AppxPackage
# Candy Crush
Get-AppxPackage king.com.CandyCrush* | Remove-AppxPackage
# Comms Phone
Get-AppxPackage Microsoft.CommsPhone | Remove-AppxPackage
# Dell
Get-AppxPackage *Dell* | Remove-AppxPackage
# Dropbox
Get-AppxPackage *Dropbox* | Remove-AppxPackage
# Facebook
Get-AppxPackage *Facebook* | Remove-AppxPackage
# Feedback Hub
Get-AppxPackage Microsoft.WindowsFeedbackHub | Remove-AppxPackage
# Get Started
Get-AppxPackage Microsoft.Getstarted | Remove-AppxPackage
# Keeper
Get-AppxPackage *Keeper* | Remove-AppxPackage
# Mail & Calendar
Get-AppxPackage microsoft.windowscommunicationsapps | Remove-AppxPackage
# Maps
Get-AppxPackage Microsoft.WindowsMaps | Remove-AppxPackage
# March of Empires
Get-AppxPackage *MarchofEmpires* | Remove-AppxPackage
# McAfee Security
Get-AppxPackage *McAfee* | Remove-AppxPackage
# Uninstall McAfee Security App
$mcafee = gci "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" | foreach { gp $_.PSPath } | ? { $_ -match "McAfee Security" } | select UninstallString
if ($mcafee) {
$mcafee = $mcafee.UninstallString -Replace "C:\Program Files\McAfee\MSC\mcuihost.exe",""
Write "Uninstalling McAfee..."
start-process "C:\Program Files\McAfee\MSC\mcuihost.exe" -arg "$mcafee" -Wait
}
# Messaging
Get-AppxPackage Microsoft.Messaging | Remove-AppxPackage
# Minecraft
Get-AppxPackage *Minecraft* | Remove-AppxPackage
# Netflix
Get-AppxPackage *Netflix* | Remove-AppxPackage
# Office Hub
Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage
# One Connect
Get-AppxPackage Microsoft.OneConnect | Remove-AppxPackage
# OneNote
Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage
# People
Get-AppxPackage Microsoft.People | Remove-AppxPackage
# Phone
Get-AppxPackage Microsoft.WindowsPhone | Remove-AppxPackage
# Photos
Get-AppxPackage Microsoft.Windows.Photos | Remove-AppxPackage
# Plex
Get-AppxPackage *Plex* | Remove-AppxPackage
# Skype (Metro version)
Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage
# Sound Recorder
Get-AppxPackage Microsoft.WindowsSoundRecorder | Remove-AppxPackage
# Solitaire
Get-AppxPackage *Solitaire* | Remove-AppxPackage
# Sticky Notes
Get-AppxPackage Microsoft.MicrosoftStickyNotes | Remove-AppxPackage
# Sway
Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage
# Twitter
Get-AppxPackage *Twitter* | Remove-AppxPackage
# Xbox
Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxIdentityProvider | Remove-AppxPackage
# Zune Music, Movies & TV
Get-AppxPackage Microsoft.ZuneMusic | Remove-AppxPackage
Get-AppxPackage Microsoft.ZuneVideo | Remove-AppxPackage
#--- Windows Settings ---
# Some from: @NickCraver's gist https://gist.github.com/NickCraver/7ebf9efbfd0c3eab72e9
# Privacy: Let apps use my advertising ID: Disable
If (-Not (Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) {
New-Item -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo | Out-Null
}
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo -Name Enabled -Type DWord -Value 0
# WiFi Sense: HotSpot Sharing: Disable
If (-Not (Test-Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) {
New-Item -Path HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting | Out-Null
}
Set-ItemProperty -Path HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting -Name value -Type DWord -Value 0
# WiFi Sense: Shared HotSpot Auto-Connect: Disable
Set-ItemProperty -Path HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots -Name value -Type DWord -Value 0
# Start Menu: Disable Bing Search Results
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search -Name BingSearchEnabled -Type DWord -Value 0
# To Restore (Enabled):
# Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search -Name BingSearchEnabled -Type DWord -Value 1
# Disable Telemetry (requires a reboot to take effect)
# Note this may break Insider builds for your organization
# Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection -Name AllowTelemetry -Type DWord -Value 0
# Get-Service DiagTrack,Dmwappushservice | Stop-Service | Set-Service -StartupType Disabled
# Change Explorer home screen back to "This PC"
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name LaunchTo -Type DWord -Value 1
# Change it back to "Quick Access" (Windows 10 default)
# Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name LaunchTo -Type DWord -Value 2
# Better File Explorer
Set-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name NavPaneExpandToCurrentFolder -Value 1
Set-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name NavPaneShowAllFolders -Value 1
Set-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name MMTaskbarMode -Value 2
# These make "Quick Access" behave much closer to the old "Favorites"
# Disable Quick Access: Recent Files
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name ShowRecent -Type DWord -Value 0
# Disable Quick Access: Frequent Folders
Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name ShowFrequent -Type DWord -Value 0
# To Restore:
# Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name ShowRecent -Type DWord -Value 1
# Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name ShowFrequent -Type DWord -Value 1
# Disable the Lock Screen (the one before password prompt - to prevent dropping the first character)
If (-Not (Test-Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization)) {
New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows -Name Personalization | Out-Null
}
Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization -Name NoLockScreen -Type DWord -Value 1
# To Restore:
# Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization -Name NoLockScreen -Type DWord -Value 1
# Lock screen (not sleep) on lid close
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power' -Name AwayModeEnabled -Type DWord -Value 1
# To Restore:
# Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power' -Name AwayModeEnabled -Type DWord -Value 0
# Use the Windows 7-8.1 Style Volume Mixer
If (-Not (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC")) {
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name MTCUVC | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC" -Name EnableMtcUvc -Type DWord -Value 0
# To Restore (Windows 10 Style Volume Control):
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC" -Name EnableMtcUvc -Type DWord -Value 1
# Disable Xbox Gamebar
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR" -Name AppCaptureEnabled -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name GameDVR_Enabled -Type DWord -Value 0
# Turn off People in Taskbar
If (-Not (Test-Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
New-Item -Path HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People | Out-Null
}
Set-ItemProperty -Path "HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name PeopleBand -Type DWord -Value 0
#--- Restore Temporary Settings ---
Enable-UAC
Enable-MicrosoftUpdate
Install-WindowsUpdate -acceptEula
#--- Rename the Computer ---
# Requires restart, or add the -Restart flag
$computername = "acidburn"
if ($env:computername -ne $computername) {
Rename-Computer -NewName $computername
}
@fuhoi
Copy link

fuhoi commented Sep 14, 2017

My 2 cents:
#--- List all installed programs --#
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall* | sort -property DisplayName | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |Format-Table -AutoSize

#--- List all store-installed programs --#
Get-AppxPackage | sort -property Name | Select-Object Name, PackageFullName, Version | Format-Table -AutoSize

@oferze
Copy link

oferze commented Sep 14, 2017

Nick Craver has a very nice setup script. Removes all tracking, data collection, Bing search results and lots of stupid unwanted defaults.

@minexew
Copy link

minexew commented Sep 14, 2017

To get to here, you still have to manually go through the Windows Setup, right?

@jessfraz
Copy link
Author

these are super awesome thanks!

@PatrickLang
Copy link

PatrickLang commented Sep 15, 2017

does choco install git -params '"/GitAndUnixToolsOnPath break WSL at all? Windows will use the first bash.exe found in $ENV:PATH and Git installs one at c:\program files\gin\bin\bash.exe

@PatrickLang
Copy link

PatrickLang commented Sep 15, 2017

@minexew it could be automated. You can use a RunOnce script from an unattend.xml file to launch this. That's also the place where you'd configure default users & passwords, etc. Most Packer scripts use this approach to get the machine up with a known user/pass like vagrant/vagrant, then run extra scripts with their shell postprocessor before packaging the box up.

I recommend looking at the files here if you're familiar with Packer. Stefan and I use these for automated VM setups but the unattend.xml and most of the same scripts would work off a floppy or USB key on a real machine too - https://github.com/StefanScherer/packer-windows

@jahands
Copy link

jahands commented Sep 18, 2017

I did a fresh Win10 install and ran this script. Here are some junk apps (AppX) still on it:

KeeperSecurityInc.Keeper
89006A2E.AutodeskSketchBook
CAF9E577.Plex
king.com.BubbleWitch3Saga

@skippednote
Copy link

If you don't mind asking, what laptop are using? Surface?

@jkodroff
Copy link

This looks great! I'm totally gonna cop a few lines from here for my own setup.

A few things you may find helpful:

  1. choco upgrade is idempotent, so I use it instead of choco install.
  2. ConEmu is basically iTerm2 for Windows, but you use Linux normally so I dunno what the analog is, but point being, tabbed terminals, start every PS session as Admin if you configure it as your default shell, nice copy/paste, etc. It's a must-have IMO: choco upgrade conemu

@devblackops
Copy link

Umm. choco upgrade is NOT idempotent. Without a --version=xxx option, Chocolatey will happily upgrade the app to the newer version if one is available because that is what you told it to do. choco install IS idempotent unless you specify the --version=xxx option.

@lucabelluccini
Copy link

chocolatey is not yet handling application configuration isn't it?

@jahands
Copy link

jahands commented Sep 20, 2017

There is a group policy to prevent automatic reboots for Windows Update while a user is logged in.
I found the key it changes using procmon and tested setting it in PS.

$auPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8FA01A01-4B9C-4A5F-9E4B-5242B1CA676A}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
New-Item $auPath -Force
Set-ItemProperty -Path $auPath -Name NoAutoRebootWithLoggedOnUsers -Type DWord -Value 1 -Force

@Comradin
Copy link

Promoted that gist of yours at my company
Thanks for sharing this !!

@nedpyle
Copy link

nedpyle commented Oct 3, 2017

Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

:)

@jkodroff
Copy link

@devblackops You're right - my bad.

@huzzeytech
Copy link

anyone have something they're working on for Server 2016?

@fredrikaverpil
Copy link

@jahands does your group policy regedit entry actually work to avoid reboots when logged in?
My Windows 10 machine keeps rebooting anyway. I'm on Windows 10 Pro 1709 (OS build 16299.309).

@xt0rted
Copy link

xt0rted commented May 29, 2018

I installed the April 2018 update a few days ago and there were 2 new games that needed to be added to the removal list.

# Disney Magic Kingdom
Get-AppxPackage *DisneyMagicKingdom* | Remove-AppxPackage

# Hidden City: Hidden Object Adventure
Get-AppxPackage *HiddenCityMysteryofShadows* | Remove-AppxPackage

I'm not sure if this was part of the install too, but it seemed useless and was added to my list as well.

# Dolby Access
Get-AppxPackage *DolbyAccess* | Remove-AppxPackage

@jawn
Copy link

jawn commented Jul 4, 2018

Once you have WSL installed, is there a way to let boxstarter/chocolatey install specific distributions from the Windows Store?
E.g. Ubuntu.

@xt0rted
Copy link

xt0rted commented Jul 6, 2018

@jawn you should be able to with

Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1604 -OutFile ~/Ubuntu.appx -UseBasicParsing
Add-AppxPackage -Path ~/Ubuntu.appx

@programmerextraordinaire

Excellent! Note that docker-for-windows (line 43) has been deprecated. The new package is

choco install docker-desktop

@neekdyako
Copy link

#DISABLE All BLOATWARE EXCEPT STORE
Get-AppxPackage -AllUsers | where-object {$_.name –notlike "*store*"} | Remove-AppxPackage

Use that command to completely remove all pre-installed windows bloatware apps except the store (so that you can still install apps that you might need). :)

@unphased
Copy link

unphased commented Dec 27, 2020

I've learned about Boxstarter today and was excited to try it out since I just installed a fresh Win10 install on build 2004 yesterday. I ran the @neekdyako oneliner in a boxstarter powershell environment and got a cascade of

Remove-AppxPackage : Deployment failed with HRESULT: 0x80073CFA, Removal failed. Please contact your software vendor. (Exception from HRESULT: 0x80073CFA)
error 0x80070032: AppX Deployment Remove operation on package Microsoft.Windows.ShellExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy from: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy failed.
This app is part of Windows and cannot be uninstalled on a per-user basis. An administrator can attempt to remove the app from the computer using Turn Windows Features on or off. However, it may not be possible to
uninstall the app.
NOTE: For additional information, look for [ActivityId] ee84034d-dbed-0000-46c2-84eeeddbd601 in the Event Log or use the command line Get-AppPackageLog -ActivityID ee84034d-dbed-0000-46c2-84eeeddbd601
At line:1 char:73
+ ... sers | where-object {$_.name –notlike "*store*"} | Remove-AppxPackage
+                                                        ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Microsoft.Windo...l_cw5n1h2txyewy:String) [Remove-AppxPackage], IOException
    + FullyQualifiedErrorId : DeploymentError,Microsoft.Windows.Appx.PackageManager.Commands.RemoveAppxPackageCommand

Remove-AppxPackage : Deployment failed with HRESULT: 0x80073CFA, Removal failed. Please contact your software vendor. (Exception from HRESULT: 0x80073CFA)
error 0x80070032: AppX Deployment Remove operation on package Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe from: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe failed. This app is part
of Windows and cannot be uninstalled on a per-user basis. An administrator can attempt to remove the app from the computer using Turn Windows Features on or off. However, it may not be possible to uninstall the app.
NOTE: For additional information, look for [ActivityId] ee84034d-dbed-0006-34cf-84eeeddbd601 in the Event Log or use the command line Get-AppPackageLog -ActivityID ee84034d-dbed-0006-34cf-84eeeddbd601
At line:1 char:73
+ ... sers | where-object {$_.name –notlike "*store*"} | Remove-AppxPackage
+                                                        ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Microsoft.Micro...__8wekyb3d8bbwe:String) [Remove-AppxPackage], IOException
    + FullyQualifiedErrorId : DeploymentError,Microsoft.Windows.Appx.PackageManager.Commands.RemoveAppxPackageCommand

Remove-AppxPackage : Deployment failed with HRESULT: 0x80073CFA, Removal failed. Please contact your software vendor. (Exception from HRESULT: 0x80073CFA)
error 0x80070032: AppX Deployment Remove operation on package Microsoft.Windows.ContentDeliveryManager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy from:
C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy failed. This app is part of Windows and cannot be uninstalled on a per-user basis. An administrator can attempt to remove the app from
the computer using Turn Windows Features on or off. However, it may not be possible to uninstall the app.
NOTE: For additional information, look for [ActivityId] ee84034d-dbed-0000-47c2-84eeeddbd601 in the Event Log or use the command line Get-AppPackageLog -ActivityID ee84034d-dbed-0000-47c2-84eeeddbd601
At line:1 char:73
+ ... sers | where-object {$_.name –notlike "*store*"} | Remove-AppxPackage
+                                                        ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Microsoft.Windo...l_cw5n1h2txyewy:String) [Remove-AppxPackage], IOException
    + FullyQualifiedErrorId : DeploymentError,Microsoft.Windows.Appx.PackageManager.Commands.RemoveAppxPackageCommand

errors. This may be owing to some recent changes in Windows 10, since 2004 is from 2020 and I see no discussion here in the past year. But regardless of that, trying to remove all of these appxpackages which are not the store seems heavy-handed especially if more and more core tools are going to become that type of package.

Another concern I have that I'm failing to get hits on google is how to get WSL2 installed via choco/boxstarter. That led me down a pretty productive rabbit hole, actually. this landscape is moving very quickly right about now. We had the AppGet/WinGet kerfuffle, and I guess everyone's just sorta waiting around to see if WinGet will come in and save the day?

Keivan was right though. Chocolatey is sort of doomed: https://medium.com/@keivan/why-chocolatey-is-broken-beyond-any-hope-d1a4e33b3d23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment