From 4e67f7c1612937f2884fc0f2e471f07b8d6a64ab Mon Sep 17 00:00:00 2001 From: Michael Reber Date: Tue, 14 Jan 2020 21:41:45 +0100 Subject: [PATCH] Update script with two default presets --- Default.cmd | 1 - README.md | 2 +- Win10.ps1 | 4 +- config/Client.config | 231 +++++++++++++++++++++++++++++++++++++ config/Server.config | 231 +++++++++++++++++++++++++++++++++++++ start_client_hardening.cmd | 1 + start_server_hardening.cmd | 1 + 7 files changed, 467 insertions(+), 4 deletions(-) delete mode 100644 Default.cmd create mode 100644 config/Client.config create mode 100644 config/Server.config create mode 100644 start_client_hardening.cmd create mode 100644 start_server_hardening.cmd diff --git a/Default.cmd b/Default.cmd deleted file mode 100644 index 6f5200e..0000000 --- a/Default.cmd +++ /dev/null @@ -1 +0,0 @@ -@powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0Win10.ps1" -include "%~dp0Win10.psm1" -preset "%~dpn0.preset" diff --git a/README.md b/README.md index 7c0201c..186b285 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ PowerShell hardening and setup script for initial configuration of Windows 10 / Server 2016 or Server 2019 ## Usage -If you just want to run the script with the default preset, download and unpack the master-branch and simply double-click on the *Default.cmd* file and confirm *User Account Control* prompt. Make sure your account is a member of *Administrators* group as the script attempts to run with elevated privileges. +If you just want to run the script with the default preset, download and unpack the master-branch and simply double-click either on the *start_client_hardening.cmd* file (Best for desktop and notekooks) or *start_server_hardening.cmd* file (Intended for servers) and confirm *User Account Control* prompt. Make sure your account is a member of *Administrators* group as the script attempts to run with elevated privileges. The script supports command line options and parameters which can help you customize the tweak selection or even add your own custom tweaks, however these features require some basic knowledge of command line usage and PowerShell scripting. Refer to [Advanced usage](#advanced-usage) section for more details. diff --git a/Win10.ps1 b/Win10.ps1 index a0f6ad4..c8f1dbb 100644 --- a/Win10.ps1 +++ b/Win10.ps1 @@ -1,9 +1,9 @@ ########## -# Win 10 /Server 2016 / Server 2019 Initial Setup Script - Main execution loop +# Win 10 / Server 2016 / Server 2019 Initial Setup Script - Main execution loop # Author: Disassembler # Version: v3.8, 2019-09-11 # Modded by: Michael Reber -# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script +# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script ########## # Relaunch the script with administrator privileges diff --git a/config/Client.config b/config/Client.config new file mode 100644 index 0000000..cf52d48 --- /dev/null +++ b/config/Client.config @@ -0,0 +1,231 @@ +########## +# Win 10 / Server 2016 / Server 2019 Initial Setup Script - Default preset +# Author: Disassembler +# Version: v3.8, 2019-09-11 +# Modded by: Michael Reber +# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script +########## + +### Require administrator privileges ### +RequireAdmin + +### Privacy Tweaks ### +DisableTelemetry # EnableTelemetry +DisableWiFiSense # EnableWiFiSense +# DisableSmartScreen # EnableSmartScreen +# DisableWebSearch # EnableWebSearch +DisableAppSuggestions # EnableAppSuggestions +DisableActivityHistory # EnableActivityHistory +DisableBackgroundApps # EnableBackgroundApps +# DisableSensors # EnableSensors +DisableLocation # EnableLocation +DisableMapUpdates # EnableMapUpdates +DisableFeedback # EnableFeedback +DisableTailoredExperiences # EnableTailoredExperiences +DisableAdvertisingID # EnableAdvertisingID +DisableWebLangList # EnableWebLangList +DisableCortana # EnableCortana +# DisableBiometrics # EnableBiometrics +# DisableCamera # EnableCamera +# DisableMicrophone # EnableMicrophone +DisableErrorReporting # EnableErrorReporting +# SetP2PUpdateLocal # SetP2PUpdateInternet # SetP2PUpdateDisable +DisableDiagTrack # EnableDiagTrack +DisableWAPPush # EnableWAPPush +# EnableClearRecentFiles # DisableClearRecentFiles +# DisableRecentFiles # EnableRecentFiles + +### Security Tweaks ### +# SetUACLow # SetUACHigh +# EnableSharingMappedDrives # DisableSharingMappedDrives +DisableAdminShares # EnableAdminShares +# DisableFirewall # EnableFirewall +# HideDefenderTrayIcon # ShowDefenderTrayIcon +# DisableDefender # EnableDefender +# DisableDefenderCloud # EnableDefenderCloud +# EnableCtrldFolderAccess # DisableCtrldFolderAccess +# EnableCIMemoryIntegrity # DisableCIMemoryIntegrity +# EnableDefenderAppGuard # DisableDefenderAppGuard +HideAccountProtectionWarn # ShowAccountProtectionWarn +# DisableDownloadBlocking # EnableDownloadBlocking +# DisableScriptHost # EnableScriptHost +EnableDotNetStrongCrypto # DisableDotNetStrongCrypto +# EnableMeltdownCompatFlag # DisableMeltdownCompatFlag +EnableF8BootMenu # DisableF8BootMenu +# DisableBootRecovery # EnableBootRecovery +# DisableRecoveryAndReset # EnableRecoveryAndReset +SetDEPOptOut # SetDEPOptIn + +### Network Tweaks ### +SetCurrentNetworkPrivate # SetCurrentNetworkPublic +# SetUnknownNetworksPrivate # SetUnknownNetworksPublic +# DisableNetDevicesAutoInst # EnableNetDevicesAutoInst +# DisableHomeGroups # EnableHomeGroups +# DisableSMB1 # EnableSMB1 +# DisableSMBServer # EnableSMBServer +# DisableNetBIOS # EnableNetBIOS +# DisableLLMNR # EnableLLMNR +# DisableLLDP # EnableLLDP +# DisableLLTD # EnableLLTD +# DisableMSNetClient # EnableMSNetClient +# DisableQoS # EnableQoS +# DisableIPv4 # EnableIPv4 +# DisableIPv6 # EnableIPv6 +# DisableNCSIProbe # EnableNCSIProbe +# DisableConnectionSharing # EnableConnectionSharing +DisableRemoteAssistance # EnableRemoteAssistance +# EnableRemoteDesktop # DisableRemoteDesktop + +### Service Tweaks ### +# DisableUpdateMSRT # EnableUpdateMSRT +# DisableUpdateDriver # EnableUpdateDriver +EnableUpdateMSProducts # DisableUpdateMSProducts +# DisableUpdateAutoDownload # EnableUpdateAutoDownload +DisableUpdateRestart # EnableUpdateRestart +DisableMaintenanceWakeUp # EnableMaintenanceWakeUp +DisableSharedExperiences # EnableSharedExperiences +# EnableClipboardHistory # DisableClipboardHistory +DisableAutoplay # EnableAutoplay +DisableAutorun # EnableAutorun +# DisableRestorePoints # EnableRestorePoints +# EnableStorageSense # DisableStorageSense +# DisableDefragmentation # EnableDefragmentation +# DisableSuperfetch # EnableSuperfetch +# DisableIndexing # EnableIndexing +# DisableSwapFile # EnableSwapFile +# DisableRecycleBin # EnableRecycleBin +EnableNTFSLongPaths # DisableNTFSLongPaths +# DisableNTFSLastAccess # EnableNTFSLastAccess +# SetBIOSTimeUTC # SetBIOSTimeLocal +# EnableHibernation # DisableHibernation +# DisableSleepButton # EnableSleepButton +# DisableSleepTimeout # EnableSleepTimeout +# DisableFastStartup # EnableFastStartup +# DisableAutoRebootOnCrash # EnableAutoRebootOnCrash + +### UI Tweaks ### +DisableActionCenter # EnableActionCenter +DisableLockScreen # EnableLockScreen +# DisableLockScreenRS1 # EnableLockScreenRS1 +HideNetworkFromLockScreen # ShowNetworkOnLockScreen +HideShutdownFromLockScreen # ShowShutdownOnLockScreen +DisableLockScreenBlur # EnableLockScreenBlur +# DisableAeroShake # EnableAeroShake +DisableAccessibilityKeys # EnableAccessibilityKeys +ShowTaskManagerDetails # HideTaskManagerDetails +ShowFileOperationsDetails # HideFileOperationsDetails +# EnableFileDeleteConfirm # DisableFileDeleteConfirm +HideTaskbarSearch # ShowTaskbarSearchIcon # ShowTaskbarSearchBox +HideTaskView # ShowTaskView +ShowSmallTaskbarIcons # ShowLargeTaskbarIcons +# SetTaskbarCombineWhenFull # SetTaskbarCombineNever # SetTaskbarCombineAlways +HideTaskbarPeopleIcon # ShowTaskbarPeopleIcon +ShowTrayIcons # HideTrayIcons +# ShowSecondsInTaskbar # HideSecondsFromTaskbar +DisableSearchAppInStore # EnableSearchAppInStore +DisableNewAppPrompt # EnableNewAppPrompt +# HideRecentlyAddedApps # ShowRecentlyAddedApps +# HideMostUsedApps # ShowMostUsedApps +SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories +DisableShortcutInName # EnableShortcutInName +# HideShortcutArrow # ShowShortcutArrow +#SetVisualFXPerformance # SetVisualFXAppearance +# EnableTitleBarColor # DisableTitleBarColor +# EnableDarkTheme # DisableDarkTheme +# AddENKeyboard # RemoveENKeyboard +# EnableNumlock # DisableNumlock +# DisableEnhPointerPrecision # EnableEnhPointerPrecision +# SetSoundSchemeNone # SetSoundSchemeDefault +# DisableStartupSound # EnableStartupSound +# DisableChangingSoundScheme # EnableChangingSoundScheme +# EnableVerboseStatus # DisableVerboseStatus +DisableF1HelpKey # EnableF1HelpKey + +### Explorer UI Tweaks ### +# ShowExplorerTitleFullPath # HideExplorerTitleFullPath +ShowKnownExtensions # HideKnownExtensions +ShowHiddenFiles # HideHiddenFiles +# ShowSuperHiddenFiles # HideSuperHiddenFiles +# ShowEmptyDrives # HideEmptyDrives +# ShowFolderMergeConflicts # HideFolderMergeConflicts +# EnableNavPaneExpand # DisableNavPaneExpand +# ShowNavPaneAllFolders # HideNavPaneAllFolders +# EnableFldrSeparateProcess # DisableFldrSeparateProcess +# EnableRestoreFldrWindows # DisableRestoreFldrWindows +# ShowEncCompFilesColor # HideEncCompFilesColor +# DisableSharingWizard # EnableSharingWizard +# HideSelectCheckboxes # ShowSelectCheckboxes +HideSyncNotifications # ShowSyncNotifications +HideRecentShortcuts # ShowRecentShortcuts +SetExplorerThisPC # SetExplorerQuickAccess +# HideQuickAccess # ShowQuickAccess +# HideRecycleBinFromDesktop # ShowRecycleBinOnDesktop +ShowThisPCOnDesktop # HideThisPCFromDesktop +# ShowUserFolderOnDesktop # HideUserFolderFromDesktop +# ShowControlPanelOnDesktop # HideControlPanelFromDesktop +# ShowNetworkOnDesktop # HideNetworkFromDesktop +# ShowBuildNumberOnDesktop # HideBuildNumberFromDesktop +HideDesktopFromThisPC # ShowDesktopInThisPC +# HideDesktopFromExplorer # ShowDesktopInExplorer +HideDocumentsFromThisPC # ShowDocumentsInThisPC +# HideDocumentsFromExplorer # ShowDocumentsInExplorer +HideDownloadsFromThisPC # ShowDownloadsInThisPC +# HideDownloadsFromExplorer # ShowDownloadsInExplorer +HideMusicFromThisPC # ShowMusicInThisPC +# HideMusicFromExplorer # ShowMusicInExplorer +HidePicturesFromThisPC # ShowPicturesInThisPC +# HidePicturesFromExplorer # ShowPicturesInExplorer +HideVideosFromThisPC # ShowVideosInThisPC +# HideVideosFromExplorer # ShowVideosInExplorer +Hide3DObjectsFromThisPC # Show3DObjectsInThisPC +# Hide3DObjectsFromExplorer # Show3DObjectsInExplorer +# HideIncludeInLibraryMenu # ShowIncludeInLibraryMenu +# HideGiveAccessToMenu # ShowGiveAccessToMenu +# HideShareMenu # ShowShareMenu +# DisableThumbnails # EnableThumbnails +DisableThumbnailCache # EnableThumbnailCache +DisableThumbsDBOnNetwork # EnableThumbsDBOnNetwork + +### Application Tweaks ### +DisableOneDrive # EnableOneDrive +UninstallOneDrive # InstallOneDrive +UninstallMsftBloat # InstallMsftBloat +UninstallThirdPartyBloat # InstallThirdPartyBloat +# UninstallWindowsStore # InstallWindowsStore +DisableXboxFeatures # EnableXboxFeatures +# DisableFullscreenOptims # EnableFullscreenOptims +DisableAdobeFlash # EnableAdobeFlash +DisableEdgePreload # EnableEdgePreload +DisableEdgeShortcutCreation # EnableEdgeShortcutCreation +DisableIEFirstRun # EnableIEFirstRun +DisableFirstLogonAnimation # EnableFirstLogonAnimation +DisableMediaSharing # EnableMediaSharing +# UninstallMediaPlayer # InstallMediaPlayer +# UninstallInternetExplorer # InstallInternetExplorer +# UninstallWorkFolders # InstallWorkFolders +# UninstallPowerShellV2 # InstallPowerShellV2 +# InstallLinuxSubsystem # UninstallLinuxSubsystem +# InstallHyperV # UninstallHyperV +# InstallNET23 # UninstallNET23 +SetPhotoViewerAssociation # UnsetPhotoViewerAssociation +AddPhotoViewerOpenWith # RemovePhotoViewerOpenWith +# UninstallPDFPrinter # InstallPDFPrinter +UninstallXPSPrinter # InstallXPSPrinter +RemoveFaxPrinter # AddFaxPrinter +# UninstallFaxAndScan # InstallFaxAndScan + +### Server Specific Tweaks ### +# HideServerManagerOnLogin # ShowServerManagerOnLogin +# DisableShutdownTracker # EnableShutdownTracker +# DisablePasswordPolicy # EnablePasswordPolicy +# DisableCtrlAltDelLogin # EnableCtrlAltDelLogin +# DisableIEEnhancedSecurity # EnableIEEnhancedSecurity +# EnableAudio # DisableAudio + +### Unpinning ### +# UnpinStartMenuTiles +# UnpinTaskbarIcons + +### Auxiliary Functions ### +WaitForKey +Restart diff --git a/config/Server.config b/config/Server.config new file mode 100644 index 0000000..631aea2 --- /dev/null +++ b/config/Server.config @@ -0,0 +1,231 @@ +########## +# Win 10 / Server 2016 / Server 2019 Initial Setup Script - Default preset +# Author: Disassembler +# Version: v3.8, 2019-09-11 +# Modded by: Michael Reber +# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script +########## + +### Require administrator privileges ### +RequireAdmin + +### Privacy Tweaks ### +DisableTelemetry # EnableTelemetry +DisableWiFiSense # EnableWiFiSense +# DisableSmartScreen # EnableSmartScreen +# DisableWebSearch # EnableWebSearch +DisableAppSuggestions # EnableAppSuggestions +DisableActivityHistory # EnableActivityHistory +DisableBackgroundApps # EnableBackgroundApps +# DisableSensors # EnableSensors +DisableLocation # EnableLocation +DisableMapUpdates # EnableMapUpdates +DisableFeedback # EnableFeedback +DisableTailoredExperiences # EnableTailoredExperiences +DisableAdvertisingID # EnableAdvertisingID +DisableWebLangList # EnableWebLangList +DisableCortana # EnableCortana +# DisableBiometrics # EnableBiometrics +# DisableCamera # EnableCamera +# DisableMicrophone # EnableMicrophone +DisableErrorReporting # EnableErrorReporting +# SetP2PUpdateLocal # SetP2PUpdateInternet # SetP2PUpdateDisable +DisableDiagTrack # EnableDiagTrack +DisableWAPPush # EnableWAPPush +# EnableClearRecentFiles # DisableClearRecentFiles +# DisableRecentFiles # EnableRecentFiles + +### Security Tweaks ### +# SetUACLow # SetUACHigh +# EnableSharingMappedDrives # DisableSharingMappedDrives +DisableAdminShares # EnableAdminShares +# DisableFirewall # EnableFirewall +# HideDefenderTrayIcon # ShowDefenderTrayIcon +# DisableDefender # EnableDefender +# DisableDefenderCloud # EnableDefenderCloud +# EnableCtrldFolderAccess # DisableCtrldFolderAccess +# EnableCIMemoryIntegrity # DisableCIMemoryIntegrity +# EnableDefenderAppGuard # DisableDefenderAppGuard +HideAccountProtectionWarn # ShowAccountProtectionWarn +# DisableDownloadBlocking # EnableDownloadBlocking +# DisableScriptHost # EnableScriptHost +EnableDotNetStrongCrypto # DisableDotNetStrongCrypto +# EnableMeltdownCompatFlag # DisableMeltdownCompatFlag +EnableF8BootMenu # DisableF8BootMenu +# DisableBootRecovery # EnableBootRecovery +# DisableRecoveryAndReset # EnableRecoveryAndReset +SetDEPOptOut # SetDEPOptIn + +### Network Tweaks ### +SetCurrentNetworkPrivate # SetCurrentNetworkPublic +# SetUnknownNetworksPrivate # SetUnknownNetworksPublic +# DisableNetDevicesAutoInst # EnableNetDevicesAutoInst +# DisableHomeGroups # EnableHomeGroups +# DisableSMB1 # EnableSMB1 +# DisableSMBServer # EnableSMBServer +# DisableNetBIOS # EnableNetBIOS +# DisableLLMNR # EnableLLMNR +# DisableLLDP # EnableLLDP +# DisableLLTD # EnableLLTD +# DisableMSNetClient # EnableMSNetClient +# DisableQoS # EnableQoS +# DisableIPv4 # EnableIPv4 +# DisableIPv6 # EnableIPv6 +# DisableNCSIProbe # EnableNCSIProbe +# DisableConnectionSharing # EnableConnectionSharing +DisableRemoteAssistance # EnableRemoteAssistance +# EnableRemoteDesktop # DisableRemoteDesktop + +### Service Tweaks ### +# DisableUpdateMSRT # EnableUpdateMSRT +# DisableUpdateDriver # EnableUpdateDriver +EnableUpdateMSProducts # DisableUpdateMSProducts +# DisableUpdateAutoDownload # EnableUpdateAutoDownload +DisableUpdateRestart # EnableUpdateRestart +DisableMaintenanceWakeUp # EnableMaintenanceWakeUp +DisableSharedExperiences # EnableSharedExperiences +# EnableClipboardHistory # DisableClipboardHistory +DisableAutoplay # EnableAutoplay +DisableAutorun # EnableAutorun +# DisableRestorePoints # EnableRestorePoints +# EnableStorageSense # DisableStorageSense +# DisableDefragmentation # EnableDefragmentation +# DisableSuperfetch # EnableSuperfetch +# DisableIndexing # EnableIndexing +# DisableSwapFile # EnableSwapFile +# DisableRecycleBin # EnableRecycleBin +EnableNTFSLongPaths # DisableNTFSLongPaths +# DisableNTFSLastAccess # EnableNTFSLastAccess +# SetBIOSTimeUTC # SetBIOSTimeLocal +# EnableHibernation # DisableHibernation +# DisableSleepButton # EnableSleepButton +# DisableSleepTimeout # EnableSleepTimeout +# DisableFastStartup # EnableFastStartup +# DisableAutoRebootOnCrash # EnableAutoRebootOnCrash + +### UI Tweaks ### +DisableActionCenter # EnableActionCenter +DisableLockScreen # EnableLockScreen +# DisableLockScreenRS1 # EnableLockScreenRS1 +HideNetworkFromLockScreen # ShowNetworkOnLockScreen +HideShutdownFromLockScreen # ShowShutdownOnLockScreen +DisableLockScreenBlur # EnableLockScreenBlur +# DisableAeroShake # EnableAeroShake +DisableAccessibilityKeys # EnableAccessibilityKeys +ShowTaskManagerDetails # HideTaskManagerDetails +ShowFileOperationsDetails # HideFileOperationsDetails +# EnableFileDeleteConfirm # DisableFileDeleteConfirm +HideTaskbarSearch # ShowTaskbarSearchIcon # ShowTaskbarSearchBox +HideTaskView # ShowTaskView +ShowSmallTaskbarIcons # ShowLargeTaskbarIcons +# SetTaskbarCombineWhenFull # SetTaskbarCombineNever # SetTaskbarCombineAlways +HideTaskbarPeopleIcon # ShowTaskbarPeopleIcon +ShowTrayIcons # HideTrayIcons +# ShowSecondsInTaskbar # HideSecondsFromTaskbar +DisableSearchAppInStore # EnableSearchAppInStore +DisableNewAppPrompt # EnableNewAppPrompt +# HideRecentlyAddedApps # ShowRecentlyAddedApps +# HideMostUsedApps # ShowMostUsedApps +SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories +DisableShortcutInName # EnableShortcutInName +# HideShortcutArrow # ShowShortcutArrow +SetVisualFXPerformance # SetVisualFXAppearance +# EnableTitleBarColor # DisableTitleBarColor +# EnableDarkTheme # DisableDarkTheme +# AddENKeyboard # RemoveENKeyboard +# EnableNumlock # DisableNumlock +# DisableEnhPointerPrecision # EnableEnhPointerPrecision +# SetSoundSchemeNone # SetSoundSchemeDefault +# DisableStartupSound # EnableStartupSound +# DisableChangingSoundScheme # EnableChangingSoundScheme +# EnableVerboseStatus # DisableVerboseStatus +DisableF1HelpKey # EnableF1HelpKey + +### Explorer UI Tweaks ### +# ShowExplorerTitleFullPath # HideExplorerTitleFullPath +ShowKnownExtensions # HideKnownExtensions +ShowHiddenFiles # HideHiddenFiles +# ShowSuperHiddenFiles # HideSuperHiddenFiles +# ShowEmptyDrives # HideEmptyDrives +# ShowFolderMergeConflicts # HideFolderMergeConflicts +# EnableNavPaneExpand # DisableNavPaneExpand +# ShowNavPaneAllFolders # HideNavPaneAllFolders +# EnableFldrSeparateProcess # DisableFldrSeparateProcess +# EnableRestoreFldrWindows # DisableRestoreFldrWindows +# ShowEncCompFilesColor # HideEncCompFilesColor +# DisableSharingWizard # EnableSharingWizard +# HideSelectCheckboxes # ShowSelectCheckboxes +HideSyncNotifications # ShowSyncNotifications +HideRecentShortcuts # ShowRecentShortcuts +SetExplorerThisPC # SetExplorerQuickAccess +# HideQuickAccess # ShowQuickAccess +# HideRecycleBinFromDesktop # ShowRecycleBinOnDesktop +ShowThisPCOnDesktop # HideThisPCFromDesktop +# ShowUserFolderOnDesktop # HideUserFolderFromDesktop +# ShowControlPanelOnDesktop # HideControlPanelFromDesktop +# ShowNetworkOnDesktop # HideNetworkFromDesktop +# ShowBuildNumberOnDesktop # HideBuildNumberFromDesktop +HideDesktopFromThisPC # ShowDesktopInThisPC +# HideDesktopFromExplorer # ShowDesktopInExplorer +HideDocumentsFromThisPC # ShowDocumentsInThisPC +# HideDocumentsFromExplorer # ShowDocumentsInExplorer +HideDownloadsFromThisPC # ShowDownloadsInThisPC +# HideDownloadsFromExplorer # ShowDownloadsInExplorer +HideMusicFromThisPC # ShowMusicInThisPC +# HideMusicFromExplorer # ShowMusicInExplorer +HidePicturesFromThisPC # ShowPicturesInThisPC +# HidePicturesFromExplorer # ShowPicturesInExplorer +HideVideosFromThisPC # ShowVideosInThisPC +# HideVideosFromExplorer # ShowVideosInExplorer +Hide3DObjectsFromThisPC # Show3DObjectsInThisPC +# Hide3DObjectsFromExplorer # Show3DObjectsInExplorer +# HideIncludeInLibraryMenu # ShowIncludeInLibraryMenu +# HideGiveAccessToMenu # ShowGiveAccessToMenu +# HideShareMenu # ShowShareMenu +# DisableThumbnails # EnableThumbnails +DisableThumbnailCache # EnableThumbnailCache +DisableThumbsDBOnNetwork # EnableThumbsDBOnNetwork + +### Application Tweaks ### +DisableOneDrive # EnableOneDrive +UninstallOneDrive # InstallOneDrive +UninstallMsftBloat # InstallMsftBloat +UninstallThirdPartyBloat # InstallThirdPartyBloat +# UninstallWindowsStore # InstallWindowsStore +DisableXboxFeatures # EnableXboxFeatures +# DisableFullscreenOptims # EnableFullscreenOptims +DisableAdobeFlash # EnableAdobeFlash +DisableEdgePreload # EnableEdgePreload +DisableEdgeShortcutCreation # EnableEdgeShortcutCreation +DisableIEFirstRun # EnableIEFirstRun +DisableFirstLogonAnimation # EnableFirstLogonAnimation +DisableMediaSharing # EnableMediaSharing +# UninstallMediaPlayer # InstallMediaPlayer +# UninstallInternetExplorer # InstallInternetExplorer +# UninstallWorkFolders # InstallWorkFolders +# UninstallPowerShellV2 # InstallPowerShellV2 +# InstallLinuxSubsystem # UninstallLinuxSubsystem +# InstallHyperV # UninstallHyperV +# InstallNET23 # UninstallNET23 +SetPhotoViewerAssociation # UnsetPhotoViewerAssociation +AddPhotoViewerOpenWith # RemovePhotoViewerOpenWith +# UninstallPDFPrinter # InstallPDFPrinter +UninstallXPSPrinter # InstallXPSPrinter +RemoveFaxPrinter # AddFaxPrinter +# UninstallFaxAndScan # InstallFaxAndScan + +### Server Specific Tweaks ### +HideServerManagerOnLogin # ShowServerManagerOnLogin +# DisableShutdownTracker # EnableShutdownTracker +# DisablePasswordPolicy # EnablePasswordPolicy +# DisableCtrlAltDelLogin # EnableCtrlAltDelLogin +DisableIEEnhancedSecurity # EnableIEEnhancedSecurity +# EnableAudio # DisableAudio + +### Unpinning ### +# UnpinStartMenuTiles +# UnpinTaskbarIcons + +### Auxiliary Functions ### +WaitForKey +Restart diff --git a/start_client_hardening.cmd b/start_client_hardening.cmd new file mode 100644 index 0000000..c9ae6da --- /dev/null +++ b/start_client_hardening.cmd @@ -0,0 +1 @@ +@powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0Win10.ps1" -include "%~dp0Win10.psm1" -preset "%~dp0config\Client.config" diff --git a/start_server_hardening.cmd b/start_server_hardening.cmd new file mode 100644 index 0000000..a196b2a --- /dev/null +++ b/start_server_hardening.cmd @@ -0,0 +1 @@ +@powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0Win10.ps1" -include "%~dp0Win10.psm1" -preset "%~dp0config\Server.config"