diff --git a/Default.cmd b/Default.cmd deleted file mode 100644 index 6f5200e..0000000 --- a/Default.cmd +++ /dev/null @@ -1 +0,0 @@ -@powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0Win10.ps1" -include "%~dp0Win10.psm1" -preset "%~dpn0.preset" diff --git a/README.md b/README.md index 7c0201c..186b285 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ PowerShell hardening and setup script for initial configuration of Windows 10 / Server 2016 or Server 2019 ## Usage -If you just want to run the script with the default preset, download and unpack the master-branch and simply double-click on the *Default.cmd* file and confirm *User Account Control* prompt. Make sure your account is a member of *Administrators* group as the script attempts to run with elevated privileges. +If you just want to run the script with the default preset, download and unpack the master-branch and simply double-click either on the *start_client_hardening.cmd* file (Best for desktop and notekooks) or *start_server_hardening.cmd* file (Intended for servers) and confirm *User Account Control* prompt. Make sure your account is a member of *Administrators* group as the script attempts to run with elevated privileges. The script supports command line options and parameters which can help you customize the tweak selection or even add your own custom tweaks, however these features require some basic knowledge of command line usage and PowerShell scripting. Refer to [Advanced usage](#advanced-usage) section for more details. diff --git a/Win10.ps1 b/Win10.ps1 index a0f6ad4..c8f1dbb 100644 --- a/Win10.ps1 +++ b/Win10.ps1 @@ -1,9 +1,9 @@ ########## -# Win 10 /Server 2016 / Server 2019 Initial Setup Script - Main execution loop +# Win 10 / Server 2016 / Server 2019 Initial Setup Script - Main execution loop # Author: Disassembler # Version: v3.8, 2019-09-11 # Modded by: Michael Reber -# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script +# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script ########## # Relaunch the script with administrator privileges diff --git a/config/Client.config b/config/Client.config new file mode 100644 index 0000000..cf52d48 --- /dev/null +++ b/config/Client.config @@ -0,0 +1,231 @@ +########## +# Win 10 / Server 2016 / Server 2019 Initial Setup Script - Default preset +# Author: Disassembler +# Version: v3.8, 2019-09-11 +# Modded by: Michael Reber +# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script +########## + +### Require administrator privileges ### +RequireAdmin + +### Privacy Tweaks ### +DisableTelemetry # EnableTelemetry +DisableWiFiSense # EnableWiFiSense +# DisableSmartScreen # EnableSmartScreen +# DisableWebSearch # EnableWebSearch +DisableAppSuggestions # EnableAppSuggestions +DisableActivityHistory # EnableActivityHistory +DisableBackgroundApps # EnableBackgroundApps +# DisableSensors # EnableSensors +DisableLocation # EnableLocation +DisableMapUpdates # EnableMapUpdates +DisableFeedback # EnableFeedback +DisableTailoredExperiences # EnableTailoredExperiences +DisableAdvertisingID # EnableAdvertisingID +DisableWebLangList # EnableWebLangList +DisableCortana # EnableCortana +# DisableBiometrics # EnableBiometrics +# DisableCamera # EnableCamera +# DisableMicrophone # EnableMicrophone +DisableErrorReporting # EnableErrorReporting +# SetP2PUpdateLocal # SetP2PUpdateInternet # SetP2PUpdateDisable +DisableDiagTrack # EnableDiagTrack +DisableWAPPush # EnableWAPPush +# EnableClearRecentFiles # DisableClearRecentFiles +# DisableRecentFiles # EnableRecentFiles + +### Security Tweaks ### +# SetUACLow # SetUACHigh +# EnableSharingMappedDrives # DisableSharingMappedDrives +DisableAdminShares # EnableAdminShares +# DisableFirewall # EnableFirewall +# HideDefenderTrayIcon # ShowDefenderTrayIcon +# DisableDefender # EnableDefender +# DisableDefenderCloud # EnableDefenderCloud +# EnableCtrldFolderAccess # DisableCtrldFolderAccess +# EnableCIMemoryIntegrity # DisableCIMemoryIntegrity +# EnableDefenderAppGuard # DisableDefenderAppGuard +HideAccountProtectionWarn # ShowAccountProtectionWarn +# DisableDownloadBlocking # EnableDownloadBlocking +# DisableScriptHost # EnableScriptHost +EnableDotNetStrongCrypto # DisableDotNetStrongCrypto +# EnableMeltdownCompatFlag # DisableMeltdownCompatFlag +EnableF8BootMenu # DisableF8BootMenu +# DisableBootRecovery # EnableBootRecovery +# DisableRecoveryAndReset # EnableRecoveryAndReset +SetDEPOptOut # SetDEPOptIn + +### Network Tweaks ### +SetCurrentNetworkPrivate # SetCurrentNetworkPublic +# SetUnknownNetworksPrivate # SetUnknownNetworksPublic +# DisableNetDevicesAutoInst # EnableNetDevicesAutoInst +# DisableHomeGroups # EnableHomeGroups +# DisableSMB1 # EnableSMB1 +# DisableSMBServer # EnableSMBServer +# DisableNetBIOS # EnableNetBIOS +# DisableLLMNR # EnableLLMNR +# DisableLLDP # EnableLLDP +# DisableLLTD # EnableLLTD +# DisableMSNetClient # EnableMSNetClient +# DisableQoS # EnableQoS +# DisableIPv4 # EnableIPv4 +# DisableIPv6 # EnableIPv6 +# DisableNCSIProbe # EnableNCSIProbe +# DisableConnectionSharing # EnableConnectionSharing +DisableRemoteAssistance # EnableRemoteAssistance +# EnableRemoteDesktop # DisableRemoteDesktop + +### Service Tweaks ### +# DisableUpdateMSRT # EnableUpdateMSRT +# DisableUpdateDriver # EnableUpdateDriver +EnableUpdateMSProducts # DisableUpdateMSProducts +# DisableUpdateAutoDownload # EnableUpdateAutoDownload +DisableUpdateRestart # EnableUpdateRestart +DisableMaintenanceWakeUp # EnableMaintenanceWakeUp +DisableSharedExperiences # EnableSharedExperiences +# EnableClipboardHistory # DisableClipboardHistory +DisableAutoplay # EnableAutoplay +DisableAutorun # EnableAutorun +# DisableRestorePoints # EnableRestorePoints +# EnableStorageSense # DisableStorageSense +# DisableDefragmentation # EnableDefragmentation +# DisableSuperfetch # EnableSuperfetch +# DisableIndexing # EnableIndexing +# DisableSwapFile # EnableSwapFile +# DisableRecycleBin # EnableRecycleBin +EnableNTFSLongPaths # DisableNTFSLongPaths +# DisableNTFSLastAccess # EnableNTFSLastAccess +# SetBIOSTimeUTC # SetBIOSTimeLocal +# EnableHibernation # DisableHibernation +# DisableSleepButton # EnableSleepButton +# DisableSleepTimeout # EnableSleepTimeout +# DisableFastStartup # EnableFastStartup +# DisableAutoRebootOnCrash # EnableAutoRebootOnCrash + +### UI Tweaks ### +DisableActionCenter # EnableActionCenter +DisableLockScreen # EnableLockScreen +# DisableLockScreenRS1 # EnableLockScreenRS1 +HideNetworkFromLockScreen # ShowNetworkOnLockScreen +HideShutdownFromLockScreen # ShowShutdownOnLockScreen +DisableLockScreenBlur # EnableLockScreenBlur +# DisableAeroShake # EnableAeroShake +DisableAccessibilityKeys # EnableAccessibilityKeys +ShowTaskManagerDetails # HideTaskManagerDetails +ShowFileOperationsDetails # HideFileOperationsDetails +# EnableFileDeleteConfirm # DisableFileDeleteConfirm +HideTaskbarSearch # ShowTaskbarSearchIcon # ShowTaskbarSearchBox +HideTaskView # ShowTaskView +ShowSmallTaskbarIcons # ShowLargeTaskbarIcons +# SetTaskbarCombineWhenFull # SetTaskbarCombineNever # SetTaskbarCombineAlways +HideTaskbarPeopleIcon # ShowTaskbarPeopleIcon +ShowTrayIcons # HideTrayIcons +# ShowSecondsInTaskbar # HideSecondsFromTaskbar +DisableSearchAppInStore # EnableSearchAppInStore +DisableNewAppPrompt # EnableNewAppPrompt +# HideRecentlyAddedApps # ShowRecentlyAddedApps +# HideMostUsedApps # ShowMostUsedApps +SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories +DisableShortcutInName # EnableShortcutInName +# HideShortcutArrow # ShowShortcutArrow +#SetVisualFXPerformance # SetVisualFXAppearance +# EnableTitleBarColor # DisableTitleBarColor +# EnableDarkTheme # DisableDarkTheme +# AddENKeyboard # RemoveENKeyboard +# EnableNumlock # DisableNumlock +# DisableEnhPointerPrecision # EnableEnhPointerPrecision +# SetSoundSchemeNone # SetSoundSchemeDefault +# DisableStartupSound # EnableStartupSound +# DisableChangingSoundScheme # EnableChangingSoundScheme +# EnableVerboseStatus # DisableVerboseStatus +DisableF1HelpKey # EnableF1HelpKey + +### Explorer UI Tweaks ### +# ShowExplorerTitleFullPath # HideExplorerTitleFullPath +ShowKnownExtensions # HideKnownExtensions +ShowHiddenFiles # HideHiddenFiles +# ShowSuperHiddenFiles # HideSuperHiddenFiles +# ShowEmptyDrives # HideEmptyDrives +# ShowFolderMergeConflicts # HideFolderMergeConflicts +# EnableNavPaneExpand # DisableNavPaneExpand +# ShowNavPaneAllFolders # HideNavPaneAllFolders +# EnableFldrSeparateProcess # DisableFldrSeparateProcess +# EnableRestoreFldrWindows # DisableRestoreFldrWindows +# ShowEncCompFilesColor # HideEncCompFilesColor +# DisableSharingWizard # EnableSharingWizard +# HideSelectCheckboxes # ShowSelectCheckboxes +HideSyncNotifications # ShowSyncNotifications +HideRecentShortcuts # ShowRecentShortcuts +SetExplorerThisPC # SetExplorerQuickAccess +# HideQuickAccess # ShowQuickAccess +# HideRecycleBinFromDesktop # ShowRecycleBinOnDesktop +ShowThisPCOnDesktop # HideThisPCFromDesktop +# ShowUserFolderOnDesktop # HideUserFolderFromDesktop +# ShowControlPanelOnDesktop # HideControlPanelFromDesktop +# ShowNetworkOnDesktop # HideNetworkFromDesktop +# ShowBuildNumberOnDesktop # HideBuildNumberFromDesktop +HideDesktopFromThisPC # ShowDesktopInThisPC +# HideDesktopFromExplorer # ShowDesktopInExplorer +HideDocumentsFromThisPC # ShowDocumentsInThisPC +# HideDocumentsFromExplorer # ShowDocumentsInExplorer +HideDownloadsFromThisPC # ShowDownloadsInThisPC +# HideDownloadsFromExplorer # ShowDownloadsInExplorer +HideMusicFromThisPC # ShowMusicInThisPC +# HideMusicFromExplorer # ShowMusicInExplorer +HidePicturesFromThisPC # ShowPicturesInThisPC +# HidePicturesFromExplorer # ShowPicturesInExplorer +HideVideosFromThisPC # ShowVideosInThisPC +# HideVideosFromExplorer # ShowVideosInExplorer +Hide3DObjectsFromThisPC # Show3DObjectsInThisPC +# Hide3DObjectsFromExplorer # Show3DObjectsInExplorer +# HideIncludeInLibraryMenu # ShowIncludeInLibraryMenu +# HideGiveAccessToMenu # ShowGiveAccessToMenu +# HideShareMenu # ShowShareMenu +# DisableThumbnails # EnableThumbnails +DisableThumbnailCache # EnableThumbnailCache +DisableThumbsDBOnNetwork # EnableThumbsDBOnNetwork + +### Application Tweaks ### +DisableOneDrive # EnableOneDrive +UninstallOneDrive # InstallOneDrive +UninstallMsftBloat # InstallMsftBloat +UninstallThirdPartyBloat # InstallThirdPartyBloat +# UninstallWindowsStore # InstallWindowsStore +DisableXboxFeatures # EnableXboxFeatures +# DisableFullscreenOptims # EnableFullscreenOptims +DisableAdobeFlash # EnableAdobeFlash +DisableEdgePreload # EnableEdgePreload +DisableEdgeShortcutCreation # EnableEdgeShortcutCreation +DisableIEFirstRun # EnableIEFirstRun +DisableFirstLogonAnimation # EnableFirstLogonAnimation +DisableMediaSharing # EnableMediaSharing +# UninstallMediaPlayer # InstallMediaPlayer +# UninstallInternetExplorer # InstallInternetExplorer +# UninstallWorkFolders # InstallWorkFolders +# UninstallPowerShellV2 # InstallPowerShellV2 +# InstallLinuxSubsystem # UninstallLinuxSubsystem +# InstallHyperV # UninstallHyperV +# InstallNET23 # UninstallNET23 +SetPhotoViewerAssociation # UnsetPhotoViewerAssociation +AddPhotoViewerOpenWith # RemovePhotoViewerOpenWith +# UninstallPDFPrinter # InstallPDFPrinter +UninstallXPSPrinter # InstallXPSPrinter +RemoveFaxPrinter # AddFaxPrinter +# UninstallFaxAndScan # InstallFaxAndScan + +### Server Specific Tweaks ### +# HideServerManagerOnLogin # ShowServerManagerOnLogin +# DisableShutdownTracker # EnableShutdownTracker +# DisablePasswordPolicy # EnablePasswordPolicy +# DisableCtrlAltDelLogin # EnableCtrlAltDelLogin +# DisableIEEnhancedSecurity # EnableIEEnhancedSecurity +# EnableAudio # DisableAudio + +### Unpinning ### +# UnpinStartMenuTiles +# UnpinTaskbarIcons + +### Auxiliary Functions ### +WaitForKey +Restart diff --git a/config/Server.config b/config/Server.config new file mode 100644 index 0000000..631aea2 --- /dev/null +++ b/config/Server.config @@ -0,0 +1,231 @@ +########## +# Win 10 / Server 2016 / Server 2019 Initial Setup Script - Default preset +# Author: Disassembler +# Version: v3.8, 2019-09-11 +# Modded by: Michael Reber +# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script +########## + +### Require administrator privileges ### +RequireAdmin + +### Privacy Tweaks ### +DisableTelemetry # EnableTelemetry +DisableWiFiSense # EnableWiFiSense +# DisableSmartScreen # EnableSmartScreen +# DisableWebSearch # EnableWebSearch +DisableAppSuggestions # EnableAppSuggestions +DisableActivityHistory # EnableActivityHistory +DisableBackgroundApps # EnableBackgroundApps +# DisableSensors # EnableSensors +DisableLocation # EnableLocation +DisableMapUpdates # EnableMapUpdates +DisableFeedback # EnableFeedback +DisableTailoredExperiences # EnableTailoredExperiences +DisableAdvertisingID # EnableAdvertisingID +DisableWebLangList # EnableWebLangList +DisableCortana # EnableCortana +# DisableBiometrics # EnableBiometrics +# DisableCamera # EnableCamera +# DisableMicrophone # EnableMicrophone +DisableErrorReporting # EnableErrorReporting +# SetP2PUpdateLocal # SetP2PUpdateInternet # SetP2PUpdateDisable +DisableDiagTrack # EnableDiagTrack +DisableWAPPush # EnableWAPPush +# EnableClearRecentFiles # DisableClearRecentFiles +# DisableRecentFiles # EnableRecentFiles + +### Security Tweaks ### +# SetUACLow # SetUACHigh +# EnableSharingMappedDrives # DisableSharingMappedDrives +DisableAdminShares # EnableAdminShares +# DisableFirewall # EnableFirewall +# HideDefenderTrayIcon # ShowDefenderTrayIcon +# DisableDefender # EnableDefender +# DisableDefenderCloud # EnableDefenderCloud +# EnableCtrldFolderAccess # DisableCtrldFolderAccess +# EnableCIMemoryIntegrity # DisableCIMemoryIntegrity +# EnableDefenderAppGuard # DisableDefenderAppGuard +HideAccountProtectionWarn # ShowAccountProtectionWarn +# DisableDownloadBlocking # EnableDownloadBlocking +# DisableScriptHost # EnableScriptHost +EnableDotNetStrongCrypto # DisableDotNetStrongCrypto +# EnableMeltdownCompatFlag # DisableMeltdownCompatFlag +EnableF8BootMenu # DisableF8BootMenu +# DisableBootRecovery # EnableBootRecovery +# DisableRecoveryAndReset # EnableRecoveryAndReset +SetDEPOptOut # SetDEPOptIn + +### Network Tweaks ### +SetCurrentNetworkPrivate # SetCurrentNetworkPublic +# SetUnknownNetworksPrivate # SetUnknownNetworksPublic +# DisableNetDevicesAutoInst # EnableNetDevicesAutoInst +# DisableHomeGroups # EnableHomeGroups +# DisableSMB1 # EnableSMB1 +# DisableSMBServer # EnableSMBServer +# DisableNetBIOS # EnableNetBIOS +# DisableLLMNR # EnableLLMNR +# DisableLLDP # EnableLLDP +# DisableLLTD # EnableLLTD +# DisableMSNetClient # EnableMSNetClient +# DisableQoS # EnableQoS +# DisableIPv4 # EnableIPv4 +# DisableIPv6 # EnableIPv6 +# DisableNCSIProbe # EnableNCSIProbe +# DisableConnectionSharing # EnableConnectionSharing +DisableRemoteAssistance # EnableRemoteAssistance +# EnableRemoteDesktop # DisableRemoteDesktop + +### Service Tweaks ### +# DisableUpdateMSRT # EnableUpdateMSRT +# DisableUpdateDriver # EnableUpdateDriver +EnableUpdateMSProducts # DisableUpdateMSProducts +# DisableUpdateAutoDownload # EnableUpdateAutoDownload +DisableUpdateRestart # EnableUpdateRestart +DisableMaintenanceWakeUp # EnableMaintenanceWakeUp +DisableSharedExperiences # EnableSharedExperiences +# EnableClipboardHistory # DisableClipboardHistory +DisableAutoplay # EnableAutoplay +DisableAutorun # EnableAutorun +# DisableRestorePoints # EnableRestorePoints +# EnableStorageSense # DisableStorageSense +# DisableDefragmentation # EnableDefragmentation +# DisableSuperfetch # EnableSuperfetch +# DisableIndexing # EnableIndexing +# DisableSwapFile # EnableSwapFile +# DisableRecycleBin # EnableRecycleBin +EnableNTFSLongPaths # DisableNTFSLongPaths +# DisableNTFSLastAccess # EnableNTFSLastAccess +# SetBIOSTimeUTC # SetBIOSTimeLocal +# EnableHibernation # DisableHibernation +# DisableSleepButton # EnableSleepButton +# DisableSleepTimeout # EnableSleepTimeout +# DisableFastStartup # EnableFastStartup +# DisableAutoRebootOnCrash # EnableAutoRebootOnCrash + +### UI Tweaks ### +DisableActionCenter # EnableActionCenter +DisableLockScreen # EnableLockScreen +# DisableLockScreenRS1 # EnableLockScreenRS1 +HideNetworkFromLockScreen # ShowNetworkOnLockScreen +HideShutdownFromLockScreen # ShowShutdownOnLockScreen +DisableLockScreenBlur # EnableLockScreenBlur +# DisableAeroShake # EnableAeroShake +DisableAccessibilityKeys # EnableAccessibilityKeys +ShowTaskManagerDetails # HideTaskManagerDetails +ShowFileOperationsDetails # HideFileOperationsDetails +# EnableFileDeleteConfirm # DisableFileDeleteConfirm +HideTaskbarSearch # ShowTaskbarSearchIcon # ShowTaskbarSearchBox +HideTaskView # ShowTaskView +ShowSmallTaskbarIcons # ShowLargeTaskbarIcons +# SetTaskbarCombineWhenFull # SetTaskbarCombineNever # SetTaskbarCombineAlways +HideTaskbarPeopleIcon # ShowTaskbarPeopleIcon +ShowTrayIcons # HideTrayIcons +# ShowSecondsInTaskbar # HideSecondsFromTaskbar +DisableSearchAppInStore # EnableSearchAppInStore +DisableNewAppPrompt # EnableNewAppPrompt +# HideRecentlyAddedApps # ShowRecentlyAddedApps +# HideMostUsedApps # ShowMostUsedApps +SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories +DisableShortcutInName # EnableShortcutInName +# HideShortcutArrow # ShowShortcutArrow +SetVisualFXPerformance # SetVisualFXAppearance +# EnableTitleBarColor # DisableTitleBarColor +# EnableDarkTheme # DisableDarkTheme +# AddENKeyboard # RemoveENKeyboard +# EnableNumlock # DisableNumlock +# DisableEnhPointerPrecision # EnableEnhPointerPrecision +# SetSoundSchemeNone # SetSoundSchemeDefault +# DisableStartupSound # EnableStartupSound +# DisableChangingSoundScheme # EnableChangingSoundScheme +# EnableVerboseStatus # DisableVerboseStatus +DisableF1HelpKey # EnableF1HelpKey + +### Explorer UI Tweaks ### +# ShowExplorerTitleFullPath # HideExplorerTitleFullPath +ShowKnownExtensions # HideKnownExtensions +ShowHiddenFiles # HideHiddenFiles +# ShowSuperHiddenFiles # HideSuperHiddenFiles +# ShowEmptyDrives # HideEmptyDrives +# ShowFolderMergeConflicts # HideFolderMergeConflicts +# EnableNavPaneExpand # DisableNavPaneExpand +# ShowNavPaneAllFolders # HideNavPaneAllFolders +# EnableFldrSeparateProcess # DisableFldrSeparateProcess +# EnableRestoreFldrWindows # DisableRestoreFldrWindows +# ShowEncCompFilesColor # HideEncCompFilesColor +# DisableSharingWizard # EnableSharingWizard +# HideSelectCheckboxes # ShowSelectCheckboxes +HideSyncNotifications # ShowSyncNotifications +HideRecentShortcuts # ShowRecentShortcuts +SetExplorerThisPC # SetExplorerQuickAccess +# HideQuickAccess # ShowQuickAccess +# HideRecycleBinFromDesktop # ShowRecycleBinOnDesktop +ShowThisPCOnDesktop # HideThisPCFromDesktop +# ShowUserFolderOnDesktop # HideUserFolderFromDesktop +# ShowControlPanelOnDesktop # HideControlPanelFromDesktop +# ShowNetworkOnDesktop # HideNetworkFromDesktop +# ShowBuildNumberOnDesktop # HideBuildNumberFromDesktop +HideDesktopFromThisPC # ShowDesktopInThisPC +# HideDesktopFromExplorer # ShowDesktopInExplorer +HideDocumentsFromThisPC # ShowDocumentsInThisPC +# HideDocumentsFromExplorer # ShowDocumentsInExplorer +HideDownloadsFromThisPC # ShowDownloadsInThisPC +# HideDownloadsFromExplorer # ShowDownloadsInExplorer +HideMusicFromThisPC # ShowMusicInThisPC +# HideMusicFromExplorer # ShowMusicInExplorer +HidePicturesFromThisPC # ShowPicturesInThisPC +# HidePicturesFromExplorer # ShowPicturesInExplorer +HideVideosFromThisPC # ShowVideosInThisPC +# HideVideosFromExplorer # ShowVideosInExplorer +Hide3DObjectsFromThisPC # Show3DObjectsInThisPC +# Hide3DObjectsFromExplorer # Show3DObjectsInExplorer +# HideIncludeInLibraryMenu # ShowIncludeInLibraryMenu +# HideGiveAccessToMenu # ShowGiveAccessToMenu +# HideShareMenu # ShowShareMenu +# DisableThumbnails # EnableThumbnails +DisableThumbnailCache # EnableThumbnailCache +DisableThumbsDBOnNetwork # EnableThumbsDBOnNetwork + +### Application Tweaks ### +DisableOneDrive # EnableOneDrive +UninstallOneDrive # InstallOneDrive +UninstallMsftBloat # InstallMsftBloat +UninstallThirdPartyBloat # InstallThirdPartyBloat +# UninstallWindowsStore # InstallWindowsStore +DisableXboxFeatures # EnableXboxFeatures +# DisableFullscreenOptims # EnableFullscreenOptims +DisableAdobeFlash # EnableAdobeFlash +DisableEdgePreload # EnableEdgePreload +DisableEdgeShortcutCreation # EnableEdgeShortcutCreation +DisableIEFirstRun # EnableIEFirstRun +DisableFirstLogonAnimation # EnableFirstLogonAnimation +DisableMediaSharing # EnableMediaSharing +# UninstallMediaPlayer # InstallMediaPlayer +# UninstallInternetExplorer # InstallInternetExplorer +# UninstallWorkFolders # InstallWorkFolders +# UninstallPowerShellV2 # InstallPowerShellV2 +# InstallLinuxSubsystem # UninstallLinuxSubsystem +# InstallHyperV # UninstallHyperV +# InstallNET23 # UninstallNET23 +SetPhotoViewerAssociation # UnsetPhotoViewerAssociation +AddPhotoViewerOpenWith # RemovePhotoViewerOpenWith +# UninstallPDFPrinter # InstallPDFPrinter +UninstallXPSPrinter # InstallXPSPrinter +RemoveFaxPrinter # AddFaxPrinter +# UninstallFaxAndScan # InstallFaxAndScan + +### Server Specific Tweaks ### +HideServerManagerOnLogin # ShowServerManagerOnLogin +# DisableShutdownTracker # EnableShutdownTracker +# DisablePasswordPolicy # EnablePasswordPolicy +# DisableCtrlAltDelLogin # EnableCtrlAltDelLogin +DisableIEEnhancedSecurity # EnableIEEnhancedSecurity +# EnableAudio # DisableAudio + +### Unpinning ### +# UnpinStartMenuTiles +# UnpinTaskbarIcons + +### Auxiliary Functions ### +WaitForKey +Restart diff --git a/start_client_hardening.cmd b/start_client_hardening.cmd new file mode 100644 index 0000000..c9ae6da --- /dev/null +++ b/start_client_hardening.cmd @@ -0,0 +1 @@ +@powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0Win10.ps1" -include "%~dp0Win10.psm1" -preset "%~dp0config\Client.config" diff --git a/start_server_hardening.cmd b/start_server_hardening.cmd new file mode 100644 index 0000000..a196b2a --- /dev/null +++ b/start_server_hardening.cmd @@ -0,0 +1 @@ +@powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0Win10.ps1" -include "%~dp0Win10.psm1" -preset "%~dp0config\Server.config"