Created
July 6, 2017 18:55
-
-
Save mortenya/527d8cba012ae26679d4b66698102011 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########## | |
| # Win10 Initial Setup Script | |
| # Author: Disassembler <disassembler@dasm.cz> | |
| # Version: 1.4, 2016-01-16 | |
| # http://pastebin.com/gQxCUkLP | |
| # Modified: Casey Gray, 2016-04-27 | |
| ########## | |
| # Script Execution must be enabled | |
| # Ask for elevated permissions if required | |
| If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { | |
| Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs | |
| Exit | |
| } | |
| ########## | |
| # Privacy Settings | |
| ########## | |
| # Disable Telemetry | |
| Write-Host "Disabling Telemetry..." | |
| Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 | |
| # Disable Wi-Fi Sense | |
| Write-Host "Disabling Wi-Fi Sense..." | |
| If (!(Test-Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) { | |
| New-Item -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0 | |
| # Disable Wi-Fi network sharing (just to be safer) | |
| Write-Host "Disabling Wi-Fi network sharing..." | |
| $user = New-Object System.Security.Principal.NTAccount($env:UserName) | |
| $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]).value | |
| New-Item -Path ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) -Force | Out-Null | |
| Set-ItemProperty -Path ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) -Name "FeatureStates" -Type DWord -Value 0x33c | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name "WiFiSenseCredShared" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name "WiFiSenseOpen" -Type DWord -Value 0 | |
| # Disable Bing Search in Start Menu | |
| Write-Host "Disabling Bing Search in Start Menu..." | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0 | |
| # Disable Location Tracking | |
| Write-Host "Disabling Location Tracking..." | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0 | |
| # Disable Feedback | |
| Write-Host "Disabling Feedback..." | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Siuf\Rules")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0 | |
| # Disable Advertising ID | |
| Write-Host "Disabling Advertising ID..." | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0 | |
| # Disable Send Microsoft info about how ... | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Input\TIPC")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Input\TIPC" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name "Enabled" -Type DWord -Value 0 | |
| # Disable Let website provide | |
| If (!(Test-Path "HKCU:\Control Panel\International\User Profile")) { | |
| New-Item -Path "HKCU:\Control Panel\International\User Profile" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Control Panel\International\User Profile" -Name "HttpAcceptLanguageOptOut" -Type DWord -Value 0 | |
| # Disable settings sync | |
| Write-Host "Disabling synchronisation of settings" | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "BackupPolicy" -Type DWord -Value 0x3c | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "DeviceMetadataUploaded" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "PriorLogons" -Type DWord -Value 1 | |
| $groups = @( | |
| "Accessibility" | |
| "AppSync" | |
| "BrowserSettings" | |
| "Credentials" | |
| "DesktopTheme" | |
| "Language" | |
| "PackageState" | |
| "Personalization" | |
| "StartLayout" | |
| "Windows" | |
| ) | |
| foreach ($group in $groups) { | |
| If (!(Test-Path -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group")) { | |
| New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" -Name "Enabled" -Type DWord -Value 0 | |
| } | |
| # Disable Cortana | |
| Write-Host "Disabling Cortana..." | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Personalization\Settings")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 | |
| If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 | |
| If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 | |
| # Disable Windows Search features | |
| Write-Host "Disabling Start Menu search features" | |
| if (!(Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\Windows Search")) { | |
| New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "AllowCortana" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "DisableWebSearch" -Type DWord -Value 1 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "AllowSearchToUseLocation" -Type DWord -Value 0 | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "ConnectedSearchUseWeb" -Type DWord -Value 0 | |
| # Restrict Windows Update P2P only to local network | |
| Write-Host "Restricting Windows Update P2P only to local network..." | |
| Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1 | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3 | |
| # Remove AutoLogger file and restrict directory | |
| Write-Host "Removing AutoLogger file and restricting directory..." | |
| $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger" | |
| If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") { | |
| Remove-Item "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl" | |
| } | |
| icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null | |
| # Stop and disable Diagnostics Tracking Service | |
| Write-Host "Stopping and disabling Diagnostics Tracking Service..." | |
| Stop-Service "DiagTrack" | |
| Set-Service "DiagTrack" -StartupType Disabled | |
| # Stop and disable WAP Push Service | |
| Write-Host "Stopping and disabling WAP Push Service..." | |
| Stop-Service "dmwappushservice" | |
| Set-Service "dmwappushservice" -StartupType Disabled | |
| # Disable device access | |
| Write-Host "Disableing device access..." | |
| foreach ($key in (Get-ChildItem -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\")) { | |
| Set-ItemProperty -Path ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) -Name "Value" -Type String -Value "Deny" | |
| } | |
| ########## | |
| # Service Tweaks | |
| ########## | |
| # Disable Windows Update automatic restart | |
| Write-Host "Disabling Windows Update automatic restart..." | |
| Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 1 | |
| # Stop and disable Home Groups services | |
| Write-Host "Stopping and disabling Home Groups services..." | |
| Stop-Service "HomeGroupListener" | |
| Set-Service "HomeGroupListener" -StartupType Disabled | |
| Stop-Service "HomeGroupProvider" | |
| Set-Service "HomeGroupProvider" -StartupType Disabled | |
| # Enable Remote Assistance | |
| # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 1 | |
| # Enable Remote Desktop w/o Network Level Authentication | |
| # Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." | |
| # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 | |
| # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 | |
| ########## | |
| # UI Tweaks | |
| ########## | |
| # Disable Sticky keys prompt | |
| Write-Host "Disabling Sticky keys prompt..." | |
| Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506" | |
| # Change default Explorer view to "Computer" | |
| Write-Host "Changing default Explorer view to `"Computer`"..." | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1 | |
| # Disable Autoplay | |
| Write-Host "Disabling Autoplay..." | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1 | |
| # Disable Autorun for all drives | |
| Write-Host "Disabling Autorun for all drives..." | |
| If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { | |
| New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null | |
| } | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255 | |
| # Show known file extensions | |
| Write-Host "Showing known file extensions..." | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0 | |
| # Show hidden files | |
| Write-Host "Showing hidden files..." | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1 | |
| # Set Photo Viewer as default for bmp, gif, jpg and png | |
| Write-Host "Setting Photo Viewer as default for bmp, gif, jpg, png and tif..." | |
| If (!(Test-Path "HKCR:")) { | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null | |
| } | |
| ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) { | |
| New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null | |
| New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null | |
| Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043" | |
| Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | |
| } | |
| # Show Photo Viewer in "Open with..." | |
| Write-Host "Showing Photo Viewer in `"Open with...`"" | |
| If (!(Test-Path "HKCR:")) { | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null | |
| } | |
| New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null | |
| New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043" | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | |
| Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" | |
| ########## | |
| # Remove unwanted applications | |
| ########## | |
| Write-Host "Uninstalling default apps" | |
| $apps = @( | |
| # default Windows 10 apps | |
| "Microsoft.3DBuilder" | |
| "Microsoft.Appconnector" | |
| "Microsoft.BingFinance" | |
| "Microsoft.BingNews" | |
| "Microsoft.BingSports" | |
| "Microsoft.BingWeather" | |
| "Microsoft.Getstarted" | |
| "Microsoft.MicrosoftOfficeHub" | |
| "Microsoft.MicrosoftSolitaireCollection" | |
| "Microsoft.Office.OneNote" | |
| "Microsoft.People" | |
| "Microsoft.SkypeApp" | |
| #"Microsoft.Windows.Photos" | |
| "Microsoft.WindowsAlarms" | |
| #"Microsoft.WindowsCalculator" | |
| "Microsoft.WindowsCamera" | |
| "Microsoft.WindowsMaps" | |
| "Microsoft.WindowsPhone" | |
| "Microsoft.WindowsSoundRecorder" | |
| #"Microsoft.WindowsStore" | |
| "Microsoft.XboxApp" | |
| "Microsoft.ZuneMusic" | |
| "Microsoft.ZuneVideo" | |
| "microsoft.windowscommunicationsapps" | |
| "Microsoft.MinecraftUWP" | |
| # Threshold 2 apps | |
| "Microsoft.CommsPhone" | |
| "Microsoft.ConnectivityStore" | |
| "Microsoft.Messaging" | |
| "Microsoft.Office.Sway" | |
| # non-Microsoft | |
| "9E2F88E3.Twitter" | |
| "Flipboard.Flipboard" | |
| "ShazamEntertainmentLtd.Shazam" | |
| "king.com.CandyCrushSodaSaga" | |
| "ClearChannelRadioDigital.iHeartRadio" | |
| ) | |
| foreach ($app in $apps) { | |
| $package = Get-AppxPackage -Name $app -AllUsers -ErrorAction SilentlyContinue | |
| if ($package) { | |
| Remove-AppxPackage -Package $package.PackageFullName | |
| Get-AppXProvisionedPackage -Online | where DisplayName -EQ $app |` | |
| Remove-AppxProvisionedPackage -Online | |
| } | |
| } | |
| ########## | |
| # Restart | |
| ########## | |
| Write-Host | |
| Write-Host "Press any key to restart your system..." -ForegroundColor Black -BackgroundColor White | |
| $key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | |
| Write-Host "Restarting..." | |
| Restart-Computer | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment