Created
May 29, 2022 21:51
-
-
Save jmconway/ca09479a4a5b3961a71c979260cace9d to your computer and use it in GitHub Desktop.
PowerShell module/helper script with custom functions for imaging Windows 10 build 21H2 with MDT/WDS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For the purposes of this script, assume DWORD values | |
| function Set-RegistryItem { | |
| param ( | |
| [CmdletBinding()] | |
| [string]$Path | |
| ) | |
| param ( | |
| [CmdletBinding()] | |
| [string]$Name | |
| ) | |
| param ( | |
| [CmdletBinding()] | |
| [string]$Value | |
| ) | |
| if (!(Test-Path -Path $Path)) { | |
| New-Item -Path $Path | |
| Try { | |
| New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType DWORD | |
| } | |
| Catch [System.IO.IOException] { | |
| Write-Output "Registry Value already exists. Proceeding..." | |
| } | |
| Catch { | |
| Write-Output "An unknown error occured." | |
| } | |
| } | |
| } | |
| # Using the above function as a baseline, the following functions tweak the registry. | |
| ## Disable Consumer Experiences | |
| function Disable-ConsumerExperience { | |
| $regPath = "HKLM:\\SOFTWARE\Policies\Microsoft\Windows\CloudContent" | |
| $regName = "DisableWindowsConsumerFeatures" | |
| $regValue = "1" | |
| Set-RegistryItem -Path $regPath -Name $regName -Value $regValue | |
| } | |
| ## Disable Cortana | |
| function Disable-Cortana { | |
| $regPath = "HKLM:\\SOFTWARE\Policies\Microsoft\Windows\Windows Search" | |
| $regName = "AllowCortana" | |
| $regValue = "0" | |
| Set-RegistryItem -Path $regPath -Name $regName -Value $regValue | |
| } | |
| ## Disable FastBoot | |
| function Disable-FastBoot { | |
| $regPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\Session Manager\Power" | |
| $regName = "HiberbootEnabled" | |
| $regValue = "0" | |
| Set-RegistryItem -Path $regPath -Name $regName -Value $regValue | |
| } | |
| ## Disable-Hibernation | |
| function Disable-Hibernation { | |
| $regPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\Power" | |
| $regName = "HibernateEnabled" | |
| $regValue = "0" | |
| Set-RegistryItem -Path $regPath -Name $regName -Value $regValue | |
| } | |
| <# Disable SMBv3 Compression | |
| ## https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200005 | |
| ## May not be applicable to your environment | |
| #> | |
| function Disable-SMBv3Compression { | |
| $regPath = "HKLM:\\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" | |
| $regName = "DisableCompression" | |
| $regValue = "0" | |
| Set-RegistryItem -Path $regPath -Name $regName -Value $regValue | |
| } | |
| function Set-OptionalFeatures { | |
| # Features we want to disable by default | |
| $toDisable = @( | |
| "Internet-Explorer-Optional-amd64", | |
| "MicrosoftWindowsPowerShellV2", | |
| "MicrosoftWindowsPowerShellV2Root", | |
| "Printing-XPSServices-Features", | |
| "WCF-Services45", | |
| "WCF-TCP-PortSharing45", | |
| "WindowsMediaPlayer", | |
| "WorkFolders-Client" | |
| ) | |
| foreach ($feature in $toDisable) { | |
| Get-WindowsOptionalFeature -Online -FeatureName $feature | Disable-WindowsOptionalFeature -Online -NoRestart -Remove -Verbose | |
| } | |
| # Features we want to enable by default | |
| $toEnable = @( | |
| "Containers", | |
| "Containers-DisposableClientVM", | |
| "Windows-Defender-ApplicationGuard", | |
| "Microsoft-Windows-Subsystem-Linux" | |
| ) | |
| foreach ($feature in $toEnable) { | |
| Try { | |
| Get-WindowsOptionalFeature -Online -FeatureName $feature | Enable-WindowsOptionalFeature -Online -NoRestart -Verbose | |
| } | |
| Catch [Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand] { | |
| Write-Host "$feature could not be enabled and may need a parent feature as a prerequisite" | |
| } | |
| } | |
| } | |
| function Remove-AppxPackages { | |
| $appx = @( | |
| "Microsoft.BingWeather", | |
| "Microsoft.GetHelp", | |
| "Microsoft.Getstarted", | |
| "Microsoft.MicrosoftOfficeHub", | |
| "Microsoft.MicrosoftSolitaireCollection", | |
| "Microsoft.Office.OneNote", | |
| "Microsoft.People", | |
| "Microsoft.SkypeApp", | |
| "Microsoft.Wallet", | |
| "microsoft.windowscommunicationsapps", | |
| "Microsoft.WindowsFeedbackHub", | |
| "Microsoft.WindowsMaps", | |
| "Microsoft.YourPhone", | |
| "Microsoft.ZuneMusic", | |
| "Microsoft.ZuneVideo" | |
| ) | |
| foreach ($app in $appx) { | |
| # Found that running as built-in Administrator while in MDT deployment or manually running the script, some AppX Packages don't like the -AllUsers parameter on the Remove-AppxPackage cmdlet | |
| Try { | |
| Get-AppxPackage -AllUsers -Name $app | Remove-AppxPackage -AllUsers -Verbose | |
| } # These Packages will throw a COMException below, catch this error and run without the -AllUsers parameter | |
| Catch [System.Runtime.InteropServices.COMException] { | |
| Get-AppxPackage -AllUsers -Name $app | Remove-AppxPackage -Verbose | |
| } | |
| } | |
| $provisioned = @( | |
| "Microsoft.BingWeather", | |
| "Microsoft.GetHelp", | |
| "Microsoft.Getstarted", | |
| "Microsoft.MicrosoftOfficeHub", | |
| "Microsoft.MicrosoftSolitaireCollection", | |
| "Microsoft.Office.OneNote", | |
| "Microsoft.People", | |
| "Microsoft.SkypeApp", | |
| "Microsoft.Wallet", | |
| "microsoft.windowscommunicationsapps", | |
| "Microsoft.WindowsFeedbackHub", | |
| "Microsoft.WindowsMaps", | |
| "Microsoft.YourPhone", | |
| "Microsoft.ZuneMusic", | |
| "Microsoft.ZuneVideo" | |
| ) | |
| foreach ($app in $provisioned) { | |
| Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -like $app } | Remove-AppxProvisionedPackage -Online -Verbose | |
| } | |
| } | |
| function Invoke-WindowsActivation { | |
| param ( | |
| [CmdletBinding()] | |
| [string]$Key | |
| ) | |
| $MAK = Get-WmiObject -Query "Select * from SoftwareLicensingService" | |
| $MAK.InstallProductKey($Key) | |
| $MAK.RefreshLicenseStatus() | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment