diff --git a/Win10.ps1 b/Win10.ps1 index c8f1dbb..6ec2fd1 100644 --- a/Win10.ps1 +++ b/Win10.ps1 @@ -1,7 +1,7 @@ ########## # Win 10 / Server 2016 / Server 2019 Initial Setup Script - Main execution loop # Author: Disassembler -# Version: v3.8, 2019-09-11 +# Version: v3.10, 2020-07-15 # Modded by: Michael Reber # Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script ########## diff --git a/Win10.psm1 b/Win10.psm1 index fe77703..0899abb 100644 --- a/Win10.psm1 +++ b/Win10.psm1 @@ -1,7 +1,7 @@ ########## # Win 10 / Server 2016 / Server 2019 Initial Setup Script - Tweak library # Author: Disassembler -# Version: v3.8, 2019-09-11 +# Version: v3.10, 2020-07-15 # Modded by: Michael Reber # Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script ########## @@ -11,7 +11,7 @@ ########## # Disable Telemetry -# Note: This tweak also disables the possibility to join Windows Insider Program, as it requires Telemetry data. +# Note: This tweak also disables the possibility to join Windows Insider Program and breaks Microsoft Intune enrollment/deployment, as these feaures require Telemetry data. # Windows Update control panel may show message "Your device is at risk because it's out of date and missing important security and quality updates. Let's get you back on track so Windows can run more securely. Select this button to get going". # In such case, enable telemetry, run Windows update and then disable telemetry again. # See also https://github.com/Disassembler0/Win10-Initial-Setup-Script/issues/57 and https://github.com/Disassembler0/Win10-Initial-Setup-Script/issues/92 @@ -55,6 +55,10 @@ Function DisableTelemetry { Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" | Out-Null Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" | Out-Null Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" | Out-Null + # Office 2016 / 2019 + Disable-ScheduledTask -TaskName "Microsoft\Office\Office ClickToRun Service Monitor" -ErrorAction SilentlyContinue | Out-Null + Disable-ScheduledTask -TaskName "Microsoft\Office\OfficeTelemetryAgentFallBack2016" -ErrorAction SilentlyContinue | Out-Null + Disable-ScheduledTask -TaskName "Microsoft\Office\OfficeTelemetryAgentLogOn2016" -ErrorAction SilentlyContinue | Out-Null } # Enable Telemetry @@ -77,6 +81,50 @@ Function EnableTelemetry { Enable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" | Out-Null Enable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" | Out-Null Enable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" | Out-Null + # Office 2016 / 2019 + Enable-ScheduledTask -TaskName "Microsoft\Office\Office ClickToRun Service Monitor" -ErrorAction SilentlyContinue | Out-Null + Enable-ScheduledTask -TaskName "Microsoft\Office\OfficeTelemetryAgentFallBack2016" -ErrorAction SilentlyContinue | Out-Null + Enable-ScheduledTask -TaskName "Microsoft\Office\OfficeTelemetryAgentLogOn2016" -ErrorAction SilentlyContinue | Out-Null +} + +# Disable Cortana +Function DisableCortana { + Write-Output "Disabling Cortana..." + If (!(Test-Path "HKCU:\Software\Microsoft\Personalization\Settings")) { + New-Item -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Force | Out-Null + } + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 + If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) { + New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null + } + Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 + Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 + Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 + Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowCortanaButton" -Type DWord -Value 0 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana" -Name "Value" -Type DWord -Value 0 + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0 + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization" -Name "AllowInputPersonalization" -Type DWord -Value 0 + Get-AppxPackage "Microsoft.549981C3F5F10" | Remove-AppxPackage +} + +# Enable Cortana +Function EnableCortana { + Write-Output "Enabling Cortana..." + Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -ErrorAction SilentlyContinue + Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 0 + Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 0 + Remove-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -ErrorAction SilentlyContinue + Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowCortanaButton" -Type DWord -Value 1 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana" -Name "Value" -Type DWord -Value 1 + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization" -Name "AllowInputPersonalization" -ErrorAction SilentlyContinue + Get-AppxPackage -AllUsers "Microsoft.549981C3F5F10" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} } # Disable Wi-Fi Sense @@ -166,10 +214,10 @@ Function DisableAppSuggestions { Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353696Enabled" -Type DWord -Value 0 Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353698Enabled" -Type DWord -Value 0 Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 0 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null + If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement")) { + New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Force | Out-Null } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1 + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Name "ScoobeSystemSettingEnabled" -Type DWord -Value 0 If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace")) { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace" -Force | Out-Null } @@ -200,11 +248,12 @@ Function EnableAppSuggestions { Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -ErrorAction SilentlyContinue Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338393Enabled" -ErrorAction SilentlyContinue Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-353698Enabled" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Name "ScoobeSystemSettingEnabled" -ErrorAction SilentlyContinue Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace" -Name "AllowSuggestedAppsInWindowsInkWorkspace" -ErrorAction SilentlyContinue } -# Disable Activity History feed in Task View - Note: The checkbox "Let Windows collect my activities from this PC" remains checked even when the function is disabled +# Disable Activity History feed in Task View +# Note: The checkbox "Let Windows collect my activities from this PC" remains checked even when the function is disabled Function DisableActivityHistory { Write-Output "Disabling Activity History..." Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableActivityFeed" -Type DWord -Value 0 @@ -220,25 +269,6 @@ Function EnableActivityHistory { Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "UploadUserActivities" -ErrorAction SilentlyContinue } -# Disable Background application access - ie. if apps can download or update when they aren't used -# Cortana is excluded as its inclusion breaks start menu search, ShellExperience host breaks toasts and notifications -Function DisableBackgroundApps { - Write-Output "Disabling Background application access..." - Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*","Microsoft.Windows.ShellExperienceHost*" | ForEach-Object { - Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1 - Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1 - } -} - -# Enable Background application access -Function EnableBackgroundApps { - Write-Output "Enabling Background application access..." - Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" | ForEach-Object { - Remove-ItemProperty -Path $_.PsPath -Name "Disabled" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -ErrorAction SilentlyContinue - } -} - # Disable sensor features, such as screen auto rotation Function DisableSensors { Write-Output "Disabling sensors..." @@ -346,43 +376,8 @@ Function EnableWebLangList { Remove-ItemProperty -Path "HKCU:\Control Panel\International\User Profile" -Name "HttpAcceptLanguageOptOut" -ErrorAction SilentlyContinue } -# Disable Cortana -Function DisableCortana { - Write-Output "Disabling Cortana..." - If (!(Test-Path "HKCU:\Software\Microsoft\Personalization\Settings")) { - New-Item -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Force | Out-Null - } - Set-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 - If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) { - New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null - } - Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 - Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 - Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana" -Name "Value" -Type DWord -Value 0 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization" -Name "AllowInputPersonalization" -Type DWord -Value 0 -} - -# Enable Cortana -Function EnableCortana { - Write-Output "Enabling Cortana..." - Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -ErrorAction SilentlyContinue - Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 0 - Remove-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -ErrorAction SilentlyContinue - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana" -Name "Value" -Type DWord -Value 1 - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization" -Name "AllowInputPersonalization" -ErrorAction SilentlyContinue -} - -# Disable biometric features in Windows. Note - it's recommended to create a password recovery disk, if you log on using biometrics. +# Disable biometric features +# Note: If you log on using biometrics (fingerprint, Windows Hello etc.) it's recommended to create a password recovery disk before applying this tweak. Function DisableBiometrics { Write-Output "Disabling biometric services..." If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Biometrics")) { @@ -397,33 +392,35 @@ Function EnableBiometrics { Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Biometrics" -Name "Enabled" -ErrorAction SilentlyContinue } -# Disable access to camera from ModernUI applications +# Disable access to camera +# Note: This disables access using standard Windows API. Direct access to device will still be allowed. Function DisableCamera { - Write-Output "Disabling access to camera from ModernUI applications..." - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Camera")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Camera" -Force | Out-Null + Write-Output "Disabling access to camera..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Camera" -Name "AllowCamera" -Type DWord -Value 0 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessCamera" -Type DWord -Value 2 } -# Enable access to camera in ModernUI applications +# Enable access to camera Function EnableCamera { - Write-Output "Enabling access to camera from ModernUI applications..." - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Camera" -Name "AllowCamera" -ErrorAction SilentlyContinue + Write-Output "Enabling access to camera..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessCamera" -ErrorAction SilentlyContinue } -# Disable access to microphone in ModernUI applications +# Disable access to microphone +# Note: This disables access using standard Windows API. Direct access to device will still be allowed. Function DisableMicrophone { - Write-Output "Disabling access to microphone in ModernUI applications..." + Write-Output "Disabling access to microphone..." If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null } Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessMicrophone" -Type DWord -Value 2 } -# Enable access to microphone in ModernUI applications +# Enable access to microphone Function EnableMicrophone { - Write-Output "Enabling access to microphone from ModernUI applications..." + Write-Output "Enabling access to microphone..." Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessMicrophone" -ErrorAction SilentlyContinue } @@ -471,7 +468,7 @@ Function SetP2PUpdateInternet { New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" | Out-Null } Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 3 - } ElseIf ([System.Environment]::OSVersion.Version.Build -eq 14393) { + } ElseIf ([System.Environment]::OSVersion.Version.Build -le 14393) { # Method used in 1511 and 1607 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" -Name "DODownloadMode" -ErrorAction SilentlyContinue } Else { @@ -484,6 +481,7 @@ Function SetP2PUpdateInternet { } # Disable Windows Update P2P delivery optimization completely +# Warning: Completely disabling delivery optimization can break Windows Store downloads - see https://github.com/Disassembler0/Win10-Initial-Setup-Script/issues/281 Function SetP2PUpdateDisable { Write-Output "Disabling Windows Update P2P optimization..." If ([System.Environment]::OSVersion.Version.Build -eq 10240) { @@ -516,6 +514,7 @@ Function EnableDiagTrack { } # Stop and disable Device Management Wireless Application Protocol (WAP) Push Service +# Note: This service is needed for Microsoft Intune interoperability Function DisableWAPPush { Write-Output "Stopping and disabling Device Management WAP Push Service..." Stop-Service "dmwappushservice" -WarningAction SilentlyContinue @@ -568,6 +567,273 @@ Function EnableRecentFiles { +########## +#region UWP Privacy Tweaks +########## +# Universal Windows Platform (UWP) is an API for common application and device controls unified for all devices capable of running Windows 10. +# UWP applications are running sandboxed and the user can control devices and capabilities available to them. + +# Disable UWP apps background access - ie. if UWP apps can download data or update themselves when they aren't used +# Until 1809, Cortana and ShellExperienceHost need to be explicitly excluded as their inclusion breaks start menu search and toast notifications respectively. +Function DisableUWPBackgroundApps { + Write-Output "Disabling UWP apps background access..." + If ([System.Environment]::OSVersion.Version.Build -ge 17763) { + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsRunInBackground" -Type DWord -Value 2 + } Else { + Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*", "Microsoft.Windows.ShellExperienceHost*" | ForEach-Object { + Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1 + Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1 + } + } +} + +# Enable UWP apps background access +Function EnableUWPBackgroundApps { + Write-Output "Enabling UWP apps background access..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsRunInBackground" -ErrorAction SilentlyContinue + Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" | ForEach-Object { + Remove-ItemProperty -Path $_.PsPath -Name "Disabled" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -ErrorAction SilentlyContinue + } +} + +# Disable access to voice activation from UWP apps +Function DisableUWPVoiceActivation { + Write-Output "Disabling access to voice activation from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsActivateWithVoice" -Type DWord -Value 2 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsActivateWithVoiceAboveLock" -Type DWord -Value 2 +} + +# Enable access to voice activation from UWP apps +Function EnableUWPVoiceActivation { + Write-Output "Enabling access to voice activation from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsActivateWithVoice" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsActivateWithVoiceAboveLock" -ErrorAction SilentlyContinue +} + +# Disable access to notifications from UWP apps +Function DisableUWPNotifications { + Write-Output "Disabling access to notifications from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessNotifications" -Type DWord -Value 2 +} + +# Enable access to notifications from UWP apps +Function EnableUWPNotifications { + Write-Output "Enabling access to notifications from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessNotifications" -ErrorAction SilentlyContinue +} + +# Disable access to account info from UWP apps +Function DisableUWPAccountInfo { + Write-Output "Disabling access to account info from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessAccountInfo" -Type DWord -Value 2 +} + +# Enable access to account info from UWP apps +Function EnableUWPAccountInfo { + Write-Output "Enabling access to account info from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessAccountInfo" -ErrorAction SilentlyContinue +} + +# Disable access to contacts from UWP apps +Function DisableUWPContacts { + Write-Output "Disabling access to contacts from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessContacts" -Type DWord -Value 2 +} + +# Enable access to contacts from UWP apps +Function EnableUWPContacts { + Write-Output "Enabling access to contacts from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessContacts" -ErrorAction SilentlyContinue +} + +# Disable access to calendar from UWP apps +Function DisableUWPCalendar { + Write-Output "Disabling access to calendar from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessCalendar" -Type DWord -Value 2 +} + +# Enable access to calendar from UWP apps +Function EnableUWPCalendar { + Write-Output "Enabling access to calendar from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessCalendar" -ErrorAction SilentlyContinue +} + +# Disable access to phone calls from UWP apps +Function DisableUWPPhoneCalls { + Write-Output "Disabling access to phone calls from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessPhone" -Type DWord -Value 2 +} + +# Enable access to phone calls from UWP apps +Function EnableUWPPhoneCalls { + Write-Output "Enabling access to phone calls from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessPhone" -ErrorAction SilentlyContinue +} + +# Disable access to call history from UWP apps +Function DisableUWPCallHistory { + Write-Output "Disabling access to call history from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessCallHistory" -Type DWord -Value 2 +} + +# Enable access to call history from UWP apps +Function EnableUWPCallHistory { + Write-Output "Enabling access to call history from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessCallHistory" -ErrorAction SilentlyContinue +} + +# Disable access to email from UWP apps +Function DisableUWPEmail { + Write-Output "Disabling access to email from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessEmail" -Type DWord -Value 2 +} + +# Enable access to email from UWP apps +Function EnableUWPEmail { + Write-Output "Enabling access to email from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessEmail" -ErrorAction SilentlyContinue +} + +# Disable access to tasks from UWP apps +Function DisableUWPTasks { + Write-Output "Disabling access to tasks from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessTasks" -Type DWord -Value 2 +} + +# Enable access to tasks from UWP apps +Function EnableUWPTasks { + Write-Output "Enabling access to tasks from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessTasks" -ErrorAction SilentlyContinue +} + +# Disable access to messaging (SMS, MMS) from UWP apps +Function DisableUWPMessaging { + Write-Output "Disabling access to messaging from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessMessaging" -Type DWord -Value 2 +} + +# Enable access to messaging from UWP apps +Function EnableUWPMessaging { + Write-Output "Enabling access to messaging from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessMessaging" -ErrorAction SilentlyContinue +} + +# Disable access to radios (e.g. Bluetooth) from UWP apps +Function DisableUWPRadios { + Write-Output "Disabling access to radios from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessRadios" -Type DWord -Value 2 +} + +# Enable access to radios from UWP apps +Function EnableUWPRadios { + Write-Output "Enabling access to radios from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessRadios" -ErrorAction SilentlyContinue +} + +# Disable access to other devices (unpaired, beacons, TVs etc.) from UWP apps +Function DisableUWPOtherDevices { + Write-Output "Disabling access to other devices from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsSyncWithDevices" -Type DWord -Value 2 +} + +# Enable access to other devices from UWP apps +Function EnableUWPOtherDevices { + Write-Output "Enabling access to other devices from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsSyncWithDevices" -ErrorAction SilentlyContinue +} + +# Disable access to diagnostic information from UWP apps +Function DisableUWPDiagInfo { + Write-Output "Disabling access to diagnostic information from UWP apps..." + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsGetDiagnosticInfo" -Type DWord -Value 2 +} + +# Enable access to diagnostic information from UWP apps +Function EnableUWPDiagInfo { + Write-Output "Enabling access to diagnostic information from UWP apps..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsGetDiagnosticInfo" -ErrorAction SilentlyContinue +} + +# Disable access to libraries and file system from UWP apps +Function DisableUWPFileSystem { + Write-Output "Disabling access to libraries and file system from UWP apps..." + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" -Name "Value" -Type String -Value "Deny" + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" -Name "Value" -Type String -Value "Deny" + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" -Name "Value" -Type String -Value "Deny" + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" -Name "Value" -Type String -Value "Deny" +} + +# Enable access to libraries and file system from UWP apps +Function EnableUWPFileSystem { + Write-Output "Enabling access to libraries and file system from UWP apps..." + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" -Name "Value" -Type String -Value "Allow" + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" -Name "Value" -Type String -Value "Allow" + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" -Name "Value" -Type String -Value "Allow" + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" -Name "Value" -Type String -Value "Allow" +} + +# Disable UWP apps swap file +# This disables creation and use of swapfile.sys and frees 256 MB of disk space. Swapfile.sys is used only by UWP apps. The tweak has no effect on the real swap in pagefile.sys. +Function DisableUWPSwapFile { + Write-Output "Disabling UWP apps swap file..." + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "SwapfileControl" -Type Dword -Value 0 +} + +# Enable UWP apps swap file +Function EnableUWPSwapFile { + Write-Output "Enabling UWP apps swap file..." + Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "SwapfileControl" -ErrorAction SilentlyContinue +} + +########## +#endregion UWP Privacy Tweaks +########## + + + ########## #region Security Tweaks ########## @@ -601,12 +867,14 @@ Function DisableSharingMappedDrives { # Disable implicit administrative shares Function DisableAdminShares { Write-Output "Disabling implicit administrative shares..." + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareServer" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareWks" -Type DWord -Value 0 } # Enable implicit administrative shares Function EnableAdminShares { Write-Output "Enabling implicit administrative shares..." + Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareServer" -ErrorAction SilentlyContinue Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareWks" -ErrorAction SilentlyContinue } @@ -709,6 +977,8 @@ Function DisableCtrldFolderAccess { } # Enable Core Isolation Memory Integrity - Part of Windows Defender System Guard virtualization-based security - Applicable since 1803 +# Warning: This may cause old applications and drivers to crash or even cause BSOD +# Problems were confirmed with old video drivers (Intel HD Graphics for 2nd gen., Radeon HD 6850), and old antivirus software (Kaspersky Endpoint Security 10.2, 11.2) Function EnableCIMemoryIntegrity { Write-Output "Enabling Core Isolation Memory Integrity..." If (!(Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity")) { @@ -778,15 +1048,15 @@ Function EnableScriptHost { Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings" -Name "Enabled" -ErrorAction SilentlyContinue } -# Enable strong cryptography for .NET Framework (version 4 and above) -# https://stackoverflow.com/questions/36265534/invoke-webrequest-ssl-fails +# Enable strong cryptography for old versions of .NET Framework (4.6 and newer have strong crypto enabled by default) +# https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#schusestrongcrypto Function EnableDotNetStrongCrypto { Write-output "Enabling .NET strong cryptography..." Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Type DWord -Value 1 Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Type DWord -Value 1 } -# Disable strong cryptography for .NET Framework (version 4 and above) +# Disable strong cryptography for old versions of .NET Framework Function DisableDotNetStrongCrypto { Write-output "Disabling .NET strong cryptography..." Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -ErrorAction SilentlyContinue @@ -852,13 +1122,13 @@ Function EnableRecoveryAndReset { reagentc /enable 2>&1 | Out-Null } -# Set Data Execution Prevention (DEP) policy to OptOut (Turn on DEP for all programs and services except selected) +# Set Data Execution Prevention (DEP) policy to OptOut - Turn on DEP for all 32-bit applications except manually excluded. 64-bit applications have DEP always on. Function SetDEPOptOut { Write-Output "Setting Data Execution Prevention (DEP) policy to OptOut..." bcdedit /set `{current`} nx OptOut | Out-Null } -# Set Data Execution Prevention (DEP) policy to OptIn (Turn on DEP for essential Windows programs and services only) +# Set Data Execution Prevention (DEP) policy to OptIn - Turn on DEP only for essential 32-bit Windows executables and manually included applications. 64-bit applications have DEP always on. Function SetDEPOptIn { Write-Output "Setting Data Execution Prevention (DEP) policy to OptIn..." bcdedit /set `{current`} nx OptIn | Out-Null @@ -1096,12 +1366,14 @@ Function EnableConnectionSharing { Function DisableRemoteAssistance { Write-Output "Disabling Remote Assistance..." Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0 + Get-WindowsCapability -Online | Where-Object { $_.Name -like "App.Support.QuickAssist*" } | Remove-WindowsCapability -Online | Out-Null } # Enable Remote Assistance - Not applicable to Server (unless Remote Assistance is explicitly installed) Function EnableRemoteAssistance { Write-Output "Enabling Remote Assistance..." Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 1 + Get-WindowsCapability -Online | Where-Object { $_.Name -like "App.Support.QuickAssist*" } | Add-WindowsCapability -Online | Out-Null } # Enable Remote Desktop @@ -1155,9 +1427,7 @@ Function DisableUpdateDriver { If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching")) { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Force | Out-Null } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -Type DWord -Value 1 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -Type DWord -Value 1 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -Type DWord -Value 0 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "SearchOrderConfig" -Type DWord -Value 0 If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate")) { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" | Out-Null } @@ -1168,9 +1438,7 @@ Function DisableUpdateDriver { Function EnableUpdateDriver { Write-Output "Enabling driver offering through Windows Update..." Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "SearchOrderConfig" -ErrorAction SilentlyContinue Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -ErrorAction SilentlyContinue } @@ -1237,6 +1505,19 @@ Function EnableMaintenanceWakeUp { Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" -Name "WakeUp" -ErrorAction SilentlyContinue } +# Disable Automatic Restart Sign-on - Applicable since 1903 +# See https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso- +Function DisableAutoRestartSignOn { + Write-Output "Disabling Automatic Restart Sign-on..." + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "DisableAutomaticRestartSignOn" -Type DWord -Value 1 +} + +# Enable Automatic Restart Sign-on - Applicable since 1903 +Function EnableAutoRestartSignOn { + Write-Output "Enabling Automatic Restart Sign-on..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "DisableAutomaticRestartSignOn" -ErrorAction SilentlyContinue +} + # Disable Shared Experiences - Applicable since 1703. Not applicable to Server # This setting can be set also via GPO, however doing so causes reset of Start Menu cache. See https://github.com/Disassembler0/Win10-Initial-Setup-Script/issues/145 for details Function DisableSharedExperiences { @@ -1365,19 +1646,6 @@ Function EnableIndexing { Start-Service "WSearch" -WarningAction SilentlyContinue } -# Disable Modern UI swap file -# This disables creation and use of swapfile.sys and frees 256 MB of disk space. Swapfile.sys is used only by Modern UI apps. The tweak has no effect on the real swap in pagefile.sys. -Function DisableSwapFile { - Write-Output "Disabling Modern UI swap file..." - Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "SwapfileControl" -Type Dword -Value 0 -} - -# Enable Modern UI swap file -Function EnableSwapFile { - Write-Output "Enabling Modern UI swap file..." - Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "SwapfileControl" -ErrorAction SilentlyContinue -} - # Disable Recycle Bin - Files will be permanently deleted without placing into Recycle Bin Function DisableRecycleBin { Write-Output "Disabling Recycle Bin..." @@ -1877,6 +2145,26 @@ Function ShowMostUsedApps { Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoStartMenuMFUprogramsList" -ErrorAction SilentlyContinue } +# Set PowerShell instead of Command prompt in Start Button context menu (Win+X) - Default since 1703 +Function SetWinXMenuPowerShell { + Write-Output "Setting PowerShell instead of Command prompt in WinX menu..." + If ([System.Environment]::OSVersion.Version.Build -le 14393) { + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "DontUsePowerShellOnWinX" -Type DWord -Value 0 + } Else { + Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "DontUsePowerShellOnWinX" -ErrorAction SilentlyContinue + } +} + +# Set Command prompt instead of PowerShell in Start Button context menu (Win+X) - Default in 1507 - 1607 +Function SetWinXMenuCmd { + Write-Output "Setting Command prompt instead of PowerShell in WinX menu..." + If ([System.Environment]::OSVersion.Version.Build -le 14393) { + Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "DontUsePowerShellOnWinX" -ErrorAction SilentlyContinue + } Else { + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "DontUsePowerShellOnWinX" -Type DWord -Value 1 + } +} + # Set Control Panel view to Small icons (Classic) Function SetControlPanelSmallIcons { Write-Output "Setting Control Panel view to small icons..." @@ -1973,16 +2261,28 @@ Function DisableTitleBarColor { Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\DWM" -Name "ColorPrevalence" -Type DWord -Value 0 } -# Enable Dark Theme -Function EnableDarkTheme { - Write-Output "Enabling Dark Theme..." +# Set Dark Mode for Applications +Function SetAppsDarkMode { + Write-Output "Setting Dark Mode for Applications..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Type DWord -Value 0 } -# Disable Dark Theme -Function DisableDarkTheme { - Write-Output "Disabling Dark Theme..." - Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -ErrorAction SilentlyContinue +# Set Light Mode for Applications +Function SetAppsLightMode { + Write-Output "Setting Light Mode for Applications..." + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Type DWord -Value 1 +} + +# Set Light Mode for System - Applicable since 1903 +Function SetSystemLightMode { + Write-Output "Setting Light Mode for System..." + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Type DWord -Value 1 +} + +# Set Dark Mode for System - Applicable since 1903 +Function SetSystemDarkMode { + Write-Output "Setting Dark Mode for System..." + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Type DWord -Value 0 } # Add secondary en-US keyboard @@ -2257,12 +2557,27 @@ Function ShowNavPaneAllFolders { Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "NavPaneShowAllFolders" -Type DWord -Value 1 } -# Hide all folders in Explorer navigation pane except the basic ones (Quick access, OneDrive, This PC, Network), some of which can be disabled using other tweaks +# Hide all folders from Explorer navigation pane except the basic ones (Quick access, OneDrive, This PC, Network), some of which can be disabled using other tweaks Function HideNavPaneAllFolders { Write-Output "Hiding all folders in Explorer navigation pane (except the basic ones)..." Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "NavPaneShowAllFolders" -ErrorAction SilentlyContinue } +# Show Libraries in Explorer navigation pane +Function ShowNavPaneLibraries { + Write-Output "Showing Libraries icon in Explorer namespace..." + If (!(Test-Path "HKCU:\Software\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}")) { + New-Item -Path "HKCU:\Software\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}" -Force | Out-Null + } + Set-ItemProperty -Path "HKCU:\Software\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}" -Name "System.IsPinnedToNameSpaceTree" -Type DWord -Value 1 +} + +# Hide Libraries from Explorer navigation pane +Function HideNavPaneLibraries { + Write-Output "Hiding Libraries icon from Explorer namespace..." + Remove-ItemProperty -Path "HKCU:\Software\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}" -Name "System.IsPinnedToNameSpaceTree" -ErrorAction SilentlyContinue +} + # Enable launching folder windows in a separate process Function EnableFldrSeparateProcess { Write-Output "Enabling launching folder windows in a separate process..." @@ -2474,6 +2789,18 @@ Function HideNetworkFromDesktop { Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" -ErrorAction SilentlyContinue } +# Hide all icons from desktop +Function HideDesktopIcons { + Write-Output "Hiding all icons from desktop..." + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideIcons" -Value 1 +} + +# Show all icons on desktop +Function ShowDesktopIcons { + Write-Output "Showing all icons on desktop..." + Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideIcons" -Value 0 +} + # Show Windows build number and Windows edition (Home/Pro/Enterprise) from bottom right of desktop Function ShowBuildNumberOnDesktop { Write-Output "Showing Windows build number on desktop..." @@ -2708,6 +3035,18 @@ Function Show3DObjectsInExplorer { Remove-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -ErrorAction SilentlyContinue } +# Hide Network icon from Explorer namespace - Hides the icon also from personal folders and open/save dialogs +Function HideNetworkFromExplorer { + Write-Output "Hiding Network icon from Explorer namespace..." + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum" -Name "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" -Type DWord -Value 1 +} + +# Show Network icon in Explorer namespace +Function ShowNetworkInExplorer { + Write-Output "Showing Network icon in Explorer namespace..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum" -Name "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" -ErrorAction SilentlyContinue +} + # Hide 'Include in library' context menu item Function HideIncludeInLibraryMenu { Write-Output "Hiding 'Include in library' context menu item..." @@ -3033,7 +3372,6 @@ function UninstallThirdPartyBloat { Get-AppxPackage "DB6EA5DB.CyberLinkMediaSuiteEssentials" | Remove-AppxPackage Get-AppxPackage "DolbyLaboratories.DolbyAccess" | Remove-AppxPackage Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage - Get-AppxPackage "E046963F.LenovoCompanion" | Remove-AppxPackage Get-AppxPackage "Facebook.Facebook" | Remove-AppxPackage Get-AppxPackage "Fitbit.FitbitCoach" | Remove-AppxPackage Get-AppxPackage "flaregamesGmbH.RoyalRevolt2" | Remove-AppxPackage @@ -3043,8 +3381,7 @@ function UninstallThirdPartyBloat { Get-AppxPackage "king.com.CandyCrushFriends" | Remove-AppxPackage Get-AppxPackage "king.com.CandyCrushSaga" | Remove-AppxPackage Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage - Get-AppxPackage "LenovoCorporation.LenovoID" | Remove-AppxPackage - Get-AppxPackage "LenovoCorporation.LenovoSettings" | Remove-AppxPackage + Get-AppxPackage "king.com.FarmHeroesSaga" | Remove-AppxPackage Get-AppxPackage "Nordcurrent.CookingFever" | Remove-AppxPackage Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage Get-AppxPackage "PricelinePartnerNetwork.Booking.comBigsavingsonhot" | Remove-AppxPackage @@ -3083,7 +3420,6 @@ Function InstallThirdPartyBloat { Get-AppxPackage -AllUsers "DB6EA5DB.CyberLinkMediaSuiteEssentials" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "DolbyLaboratories.DolbyAccess" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "Drawboard.DrawboardPDF" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} - Get-AppxPackage -AllUsers "E046963F.LenovoCompanion" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "Facebook.Facebook" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "Fitbit.FitbitCoach" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "flaregamesGmbH.RoyalRevolt2" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} @@ -3093,8 +3429,7 @@ Function InstallThirdPartyBloat { Get-AppxPackage -AllUsers "king.com.CandyCrushFriends" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "king.com.CandyCrushSaga" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "king.com.CandyCrushSodaSaga" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} - Get-AppxPackage -AllUsers "LenovoCorporation.LenovoID" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} - Get-AppxPackage -AllUsers "LenovoCorporation.LenovoSettings" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} + Get-AppxPackage -AllUsers "king.com.FarmHeroesSaga" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "Nordcurrent.CookingFever" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "PandoraMediaInc.29680B314EFC2" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Get-AppxPackage -AllUsers "PricelinePartnerNetwork.Booking.comBigsavingsonhot" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} @@ -3252,7 +3587,7 @@ Function EnableFirstLogonAnimation { # Disable Windows Media Player's media sharing feature Function DisableMediaSharing { - Write-Output "Disabling media sharing..." + Write-Output "Disabling Windows Media Player media sharing..." If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer")) { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Force | Out-Null } @@ -3261,53 +3596,119 @@ Function DisableMediaSharing { # Enable Windows Media Player's media sharing feature Function EnableMediaSharing { - Write-Output "Enabling media sharing..." + Write-Output "Enabling Windows Media Player media sharing..." Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Name "PreventLibrarySharing" -ErrorAction SilentlyContinue } +# Disable Windows Media Player online access - audio file metadata download, radio presets, DRM. +Function DisableMediaOnlineAccess { + Write-Output "Disabling Windows Media Player online access..." + If (!(Test-Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer")) { + New-Item -Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Force | Out-Null + } + Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Name "PreventCDDVDMetadataRetrieval" -Type DWord -Value 1 + Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Name "PreventMusicFileMetadataRetrieval" -Type DWord -Value 1 + Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Name "PreventRadioPresetsRetrieval" -Type DWord -Value 1 + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\WMDRM")) { + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\WMDRM" -Force | Out-Null + } + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WMDRM" -Name "DisableOnline" -Type DWord -Value 1 +} + +# Enable Windows Media Player online access +Function EnableMediaOnlineAccess { + Write-Output "Enabling Windows Media Player online access..." + Remove-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Name "PreventCDDVDMetadataRetrieval" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Name "PreventMusicFileMetadataRetrieval" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer" -Name "PreventRadioPresetsRetrieval" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WMDRM" -Name "DisableOnline" -ErrorAction SilentlyContinue +} + +# Enable Developer Mode +Function EnableDeveloperMode { + Write-Output "Enabling Developer Mode..." + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 1 +} + +# Disable Developer Mode +Function DisableDeveloperMode { + Write-Output "Disabling Developer Mode..." + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -ErrorAction SilentlyContinue +} + # Uninstall Windows Media Player Function UninstallMediaPlayer { Write-Output "Uninstalling Windows Media Player..." - Disable-WindowsOptionalFeature -Online -FeatureName "WindowsMediaPlayer" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "WindowsMediaPlayer" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Media.WindowsMediaPlayer*" } | Remove-WindowsCapability -Online | Out-Null } # Install Windows Media Player Function InstallMediaPlayer { Write-Output "Installing Windows Media Player..." - Enable-WindowsOptionalFeature -Online -FeatureName "WindowsMediaPlayer" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "WindowsMediaPlayer" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Media.WindowsMediaPlayer*" } | Add-WindowsCapability -Online | Out-Null } # Uninstall Internet Explorer Function UninstallInternetExplorer { Write-Output "Uninstalling Internet Explorer..." - Disable-WindowsOptionalFeature -Online -FeatureName "Internet-Explorer-Optional-$env:PROCESSOR_ARCHITECTURE" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -like "Internet-Explorer-Optional*" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Browser.InternetExplorer*" } | Remove-WindowsCapability -Online | Out-Null } # Install Internet Explorer Function InstallInternetExplorer { Write-Output "Installing Internet Explorer..." - Enable-WindowsOptionalFeature -Online -FeatureName "Internet-Explorer-Optional-$env:PROCESSOR_ARCHITECTURE" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -like "Internet-Explorer-Optional*" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Browser.InternetExplorer*" } | Add-WindowsCapability -Online | Out-Null } # Uninstall Work Folders Client - Not applicable to Server Function UninstallWorkFolders { Write-Output "Uninstalling Work Folders Client..." - Disable-WindowsOptionalFeature -Online -FeatureName "WorkFolders-Client" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "WorkFolders-Client" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } # Install Work Folders Client - Not applicable to Server Function InstallWorkFolders { Write-Output "Installing Work Folders Client..." - Enable-WindowsOptionalFeature -Online -FeatureName "WorkFolders-Client" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "WorkFolders-Client" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null +} + +# Uninstall Windows Hello Face - Not applicable to Server +Function UninstallHelloFace { + Write-Output "Uninstalling Windows Hello Face..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Hello.Face*" } | Remove-WindowsCapability -Online | Out-Null +} + +# Install Windows Hello Face - Not applicable to Server +Function InstallHelloFace { + Write-Output "Installing Windows Hello Face..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Hello.Face*" } | Add-WindowsCapability -Online | Out-Null +} + +# Uninstall Math Recognizer - Not applicable to Server +Function UninstallMathRecognizer { + Write-Output "Uninstalling Math Recognizer..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "MathRecognizer*" } | Remove-WindowsCapability -Online | Out-Null +} + +# Install Math Recognizer - Not applicable to Server +Function InstallMathRecognizer { + Write-Output "Installing Math Recognizer..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "MathRecognizer*" } | Add-WindowsCapability -Online | Out-Null } -# Uninstall PowerShell 2.0 Environment. +# Uninstall PowerShell 2.0 Environment # PowerShell 2.0 is deprecated since September 2018. This doesn't affect PowerShell 5 or newer which is the default PowerShell environment. # May affect Microsoft Diagnostic Tool and possibly other scripts. See https://blogs.msdn.microsoft.com/powershell/2017/08/24/windows-powershell-2-0-deprecation/ Function UninstallPowerShellV2 { Write-Output "Uninstalling PowerShell 2.0 Environment..." If ((Get-CimInstance -Class "Win32_OperatingSystem").ProductType -eq 1) { - Disable-WindowsOptionalFeature -Online -FeatureName "MicrosoftWindowsPowerShellV2Root" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "MicrosoftWindowsPowerShellV2Root" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } Else { Uninstall-WindowsFeature -Name "PowerShell-V2" -WarningAction SilentlyContinue | Out-Null } @@ -3317,39 +3718,44 @@ Function UninstallPowerShellV2 { Function InstallPowerShellV2 { Write-Output "Installing PowerShell 2.0 Environment..." If ((Get-CimInstance -Class "Win32_OperatingSystem").ProductType -eq 1) { - Enable-WindowsOptionalFeature -Online -FeatureName "MicrosoftWindowsPowerShellV2Root" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "MicrosoftWindowsPowerShellV2Root" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } Else { Install-WindowsFeature -Name "PowerShell-V2" -WarningAction SilentlyContinue | Out-Null } } +# Uninstall PowerShell Integrated Scripting Environment - Applicable since 2004 +# Note: Also removes built-in graphical methods like Out-GridView +Function UninstallPowerShellISE { + Write-Output "Uninstalling PowerShell Integrated Scripting Environment..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Microsoft.Windows.PowerShell.ISE*" } | Remove-WindowsCapability -Online | Out-Null +} + +# Install PowerShell Integrated Scripting Environment - Applicable since 2004 +Function InstallPowerShellISE { + Write-Output "Installing PowerShell Integrated Scripting Environment..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Microsoft.Windows.PowerShell.ISE*" } | Add-WindowsCapability -Online | Out-Null +} + # Install Linux Subsystem - Applicable since Win10 1607 and Server 1709 +# Note: 1607 requires also EnableDevelopmentMode for WSL to work # For automated Linux distribution installation, see https://docs.microsoft.com/en-us/windows/wsl/install-on-server Function InstallLinuxSubsystem { Write-Output "Installing Linux Subsystem..." - If ([System.Environment]::OSVersion.Version.Build -eq 14393) { - # 1607 needs developer mode to be enabled - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 1 - } - Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "Microsoft-Windows-Subsystem-Linux" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } # Uninstall Linux Subsystem - Applicable since Win10 1607 and Server 1709 Function UninstallLinuxSubsystem { Write-Output "Uninstalling Linux Subsystem..." - If ([System.Environment]::OSVersion.Version.Build -eq 14393) { - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 0 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 0 - } - Disable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "Microsoft-Windows-Subsystem-Linux" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } # Install Hyper-V - Not applicable to Home Function InstallHyperV { Write-Output "Installing Hyper-V..." If ((Get-CimInstance -Class "Win32_OperatingSystem").ProductType -eq 1) { - Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V-All" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "Microsoft-Hyper-V-All" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } Else { Install-WindowsFeature -Name "Hyper-V" -IncludeManagementTools -WarningAction SilentlyContinue | Out-Null } @@ -3359,17 +3765,61 @@ Function InstallHyperV { Function UninstallHyperV { Write-Output "Uninstalling Hyper-V..." If ((Get-CimInstance -Class "Win32_OperatingSystem").ProductType -eq 1) { - Disable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V-All" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "Microsoft-Hyper-V-All" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } Else { Uninstall-WindowsFeature -Name "Hyper-V" -IncludeManagementTools -WarningAction SilentlyContinue | Out-Null } } +# Uninstall OpenSSH Client - Applicable since 1803 +Function UninstallSSHClient { + Write-Output "Uninstalling OpenSSH Client..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" } | Remove-WindowsCapability -Online | Out-Null +} + +# Install OpenSSH Client - Applicable since 1803 +Function InstallSSHClient { + Write-Output "Installing OpenSSH Client..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" } | Add-WindowsCapability -Online | Out-Null +} + +# Install OpenSSH Server - Applicable since 1809 +Function InstallSSHServer { + Write-Output "Installing OpenSSH Server..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Server*" } | Add-WindowsCapability -Online | Out-Null +} + +# Uninstall OpenSSH Server - Applicable since 1809 +Function UninstallSSHServer { + Write-Output "Uninstalling OpenSSH Server..." + Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Server*" } | Remove-WindowsCapability -Online | Out-Null +} + +# Install Telnet Client +Function InstallTelnetClient { + Write-Output "Installing Telnet Client..." + If ((Get-CimInstance -Class "Win32_OperatingSystem").ProductType -eq 1) { + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "TelnetClient" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null + } Else { + Install-WindowsFeature -Name "Telnet-Client" -WarningAction SilentlyContinue | Out-Null + } +} + +# Uninstall Telnet Client +Function UninstallTelnetClient { + Write-Output "Uninstalling Telnet Client..." + If ((Get-CimInstance -Class "Win32_OperatingSystem").ProductType -eq 1) { + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "TelnetClient" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null + } Else { + Uninstall-WindowsFeature -Name "Telnet-Client" -WarningAction SilentlyContinue | Out-Null + } +} + # Install .NET Framework 2.0, 3.0 and 3.5 runtimes - Requires internet connection Function InstallNET23 { Write-Output "Installing .NET Framework 2.0, 3.0 and 3.5 runtimes..." If ((Get-CimInstance -Class "Win32_OperatingSystem").ProductType -eq 1) { - Enable-WindowsOptionalFeature -Online -FeatureName "NetFx3" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "NetFx3" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } Else { Install-WindowsFeature -Name "NET-Framework-Core" -WarningAction SilentlyContinue | Out-Null } @@ -3379,7 +3829,7 @@ Function InstallNET23 { Function UninstallNET23 { Write-Output "Uninstalling .NET Framework 2.0, 3.0 and 3.5 runtimes..." If ((Get-CimInstance -Class "Win32_OperatingSystem").ProductType -eq 1) { - Disable-WindowsOptionalFeature -Online -FeatureName "NetFx3" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "NetFx3" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } Else { Uninstall-WindowsFeature -Name "NET-Framework-Core" -WarningAction SilentlyContinue | Out-Null } @@ -3439,25 +3889,25 @@ Function RemovePhotoViewerOpenWith { # Uninstall Microsoft Print to PDF Function UninstallPDFPrinter { Write-Output "Uninstalling Microsoft Print to PDF..." - Disable-WindowsOptionalFeature -Online -FeatureName "Printing-PrintToPDFServices-Features" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "Printing-PrintToPDFServices-Features" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } # Install Microsoft Print to PDF Function InstallPDFPrinter { Write-Output "Installing Microsoft Print to PDF..." - Enable-WindowsOptionalFeature -Online -FeatureName "Printing-PrintToPDFServices-Features" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "Printing-PrintToPDFServices-Features" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } # Uninstall Microsoft XPS Document Writer Function UninstallXPSPrinter { Write-Output "Uninstalling Microsoft XPS Document Writer..." - Disable-WindowsOptionalFeature -Online -FeatureName "Printing-XPSServices-Features" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "Printing-XPSServices-Features" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } # Install Microsoft XPS Document Writer Function InstallXPSPrinter { Write-Output "Installing Microsoft XPS Document Writer..." - Enable-WindowsOptionalFeature -Online -FeatureName "Printing-XPSServices-Features" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "Printing-XPSServices-Features" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null } # Remove Default Fax Printer @@ -3475,13 +3925,15 @@ Function AddFaxPrinter { # Uninstall Windows Fax and Scan Services - Not applicable to Server Function UninstallFaxAndScan { Write-Output "Uninstalling Windows Fax and Scan Services..." - Disable-WindowsOptionalFeature -Online -FeatureName "FaxServicesClientPackage" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "FaxServicesClientPackage" } | Disable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Print.Fax.Scan*" } | Remove-WindowsCapability -Online | Out-Null } # Install Windows Fax and Scan Services - Not applicable to Server Function InstallFaxAndScan { Write-Output "Installing Windows Fax and Scan Services..." - Enable-WindowsOptionalFeature -Online -FeatureName "FaxServicesClientPackage" -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -eq "FaxServicesClientPackage" } | Enable-WindowsOptionalFeature -Online -NoRestart -WarningAction SilentlyContinue | Out-Null + Get-WindowsCapability -Online | Where-Object { $_.Name -like "Print.Fax.Scan*" } | Add-WindowsCapability -Online | Out-Null } ########## @@ -3594,7 +4046,8 @@ Function DisableAudio { #region Unpinning ########## -# Unpin all Start Menu tiles - Note: This function has no counterpart. You have to pin the tiles back manually. +# Unpin all Start Menu tiles +# Note: This function has no counterpart. You have to pin the tiles back manually. Function UnpinStartMenuTiles { Write-Output "Unpinning all Start Menu tiles..." If ([System.Environment]::OSVersion.Version.Build -ge 15063 -And [System.Environment]::OSVersion.Version.Build -le 16299) { @@ -3611,7 +4064,8 @@ Function UnpinStartMenuTiles { } } -# Unpin all Taskbar icons - Note: This function has no counterpart. You have to pin the icons back manually. +# Unpin all Taskbar icons +# Note: This function has no counterpart. You have to pin the icons back manually. Function UnpinTaskbarIcons { Write-Output "Unpinning all Taskbar icons..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband" -Name "Favorites" -Type Binary -Value ([byte[]](255)) diff --git a/config/Client.config b/config/Client.config index cf52d48..cd18787 100644 --- a/config/Client.config +++ b/config/Client.config @@ -1,7 +1,7 @@ ########## # Win 10 / Server 2016 / Server 2019 Initial Setup Script - Default preset # Author: Disassembler -# Version: v3.8, 2019-09-11 +# Version: v3.10, 2020-07-15 # Modded by: Michael Reber # Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script ########## @@ -11,12 +11,12 @@ RequireAdmin ### Privacy Tweaks ### DisableTelemetry # EnableTelemetry +DisableCortana # EnableCortana DisableWiFiSense # EnableWiFiSense # DisableSmartScreen # EnableSmartScreen # DisableWebSearch # EnableWebSearch DisableAppSuggestions # EnableAppSuggestions DisableActivityHistory # EnableActivityHistory -DisableBackgroundApps # EnableBackgroundApps # DisableSensors # EnableSensors DisableLocation # EnableLocation DisableMapUpdates # EnableMapUpdates @@ -24,7 +24,6 @@ DisableFeedback # EnableFeedback DisableTailoredExperiences # EnableTailoredExperiences DisableAdvertisingID # EnableAdvertisingID DisableWebLangList # EnableWebLangList -DisableCortana # EnableCortana # DisableBiometrics # EnableBiometrics # DisableCamera # EnableCamera # DisableMicrophone # EnableMicrophone @@ -35,6 +34,24 @@ DisableWAPPush # EnableWAPPush # EnableClearRecentFiles # DisableClearRecentFiles # DisableRecentFiles # EnableRecentFiles +### UWP Privacy Tweaks ### +DisableUWPBackgroundApps # EnableUWPBackgroundApps +# DisableUWPVoiceActivation # EnableUWPVoiceActivation +# DisableUWPNotifications # EnableUWPNotifications +# DisableUWPAccountInfo # EnableUWPAccountInfo +# DisableUWPContacts # EnableUWPContacts +# DisableUWPCalendar # EnableUWPCalendar +# DisableUWPPhoneCalls # EnableUWPPhoneCalls +# DisableUWPCallHistory # EnableUWPCallHistory +# DisableUWPEmail # EnableUWPEmail +# DisableUWPTasks # EnableUWPTasks +# DisableUWPMessaging # EnableUWPMessaging +# DisableUWPRadios # EnableUWPRadios +# DisableUWPOtherDevices # EnableUWPOtherDevices +# DisableUWPDiagInfo # EnableUWPDiagInfo +# DisableUWPFileSystem # EnableUWPFileSystem +# DisableUWPSwapFile # EnableUWPSwapFile + ### Security Tweaks ### # SetUACLow # SetUACHigh # EnableSharingMappedDrives # DisableSharingMappedDrives @@ -83,6 +100,7 @@ EnableUpdateMSProducts # DisableUpdateMSProducts # DisableUpdateAutoDownload # EnableUpdateAutoDownload DisableUpdateRestart # EnableUpdateRestart DisableMaintenanceWakeUp # EnableMaintenanceWakeUp +# DisableAutoRestartSignOn # EnableAutoRestartSignOn DisableSharedExperiences # EnableSharedExperiences # EnableClipboardHistory # DisableClipboardHistory DisableAutoplay # EnableAutoplay @@ -92,7 +110,6 @@ DisableAutorun # EnableAutorun # DisableDefragmentation # EnableDefragmentation # DisableSuperfetch # EnableSuperfetch # DisableIndexing # EnableIndexing -# DisableSwapFile # EnableSwapFile # DisableRecycleBin # EnableRecycleBin EnableNTFSLongPaths # DisableNTFSLongPaths # DisableNTFSLastAccess # EnableNTFSLastAccess @@ -126,12 +143,14 @@ DisableSearchAppInStore # EnableSearchAppInStore DisableNewAppPrompt # EnableNewAppPrompt # HideRecentlyAddedApps # ShowRecentlyAddedApps # HideMostUsedApps # ShowMostUsedApps -SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories +# SetWinXMenuPowerShell # SetWinXMenuCmd +# SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories DisableShortcutInName # EnableShortcutInName # HideShortcutArrow # ShowShortcutArrow -#SetVisualFXPerformance # SetVisualFXAppearance +# SetVisualFXPerformance # SetVisualFXAppearance # EnableTitleBarColor # DisableTitleBarColor -# EnableDarkTheme # DisableDarkTheme +# SetAppsDarkMode # SetAppsLightMode +# SetSystemLightMode # SetSystemDarkMode # AddENKeyboard # RemoveENKeyboard # EnableNumlock # DisableNumlock # DisableEnhPointerPrecision # EnableEnhPointerPrecision @@ -150,6 +169,7 @@ ShowHiddenFiles # HideHiddenFiles # ShowFolderMergeConflicts # HideFolderMergeConflicts # EnableNavPaneExpand # DisableNavPaneExpand # ShowNavPaneAllFolders # HideNavPaneAllFolders +# ShowNavPaneLibraries # HideNavPaneLibraries # EnableFldrSeparateProcess # DisableFldrSeparateProcess # EnableRestoreFldrWindows # DisableRestoreFldrWindows # ShowEncCompFilesColor # HideEncCompFilesColor @@ -164,6 +184,7 @@ ShowThisPCOnDesktop # HideThisPCFromDesktop # ShowUserFolderOnDesktop # HideUserFolderFromDesktop # ShowControlPanelOnDesktop # HideControlPanelFromDesktop # ShowNetworkOnDesktop # HideNetworkFromDesktop +# HideDesktopIcons # ShowDesktopIcons # ShowBuildNumberOnDesktop # HideBuildNumberFromDesktop HideDesktopFromThisPC # ShowDesktopInThisPC # HideDesktopFromExplorer # ShowDesktopInExplorer @@ -179,6 +200,7 @@ HideVideosFromThisPC # ShowVideosInThisPC # HideVideosFromExplorer # ShowVideosInExplorer Hide3DObjectsFromThisPC # Show3DObjectsInThisPC # Hide3DObjectsFromExplorer # Show3DObjectsInExplorer +# HideNetworkFromExplorer # ShowNetworkInExplorer # HideIncludeInLibraryMenu # ShowIncludeInLibraryMenu # HideGiveAccessToMenu # ShowGiveAccessToMenu # HideShareMenu # ShowShareMenu @@ -200,12 +222,20 @@ DisableEdgeShortcutCreation # EnableEdgeShortcutCreation DisableIEFirstRun # EnableIEFirstRun DisableFirstLogonAnimation # EnableFirstLogonAnimation DisableMediaSharing # EnableMediaSharing +# DisableMediaOnlineAccess # EnableMediaOnlineAccess +# EnableDeveloperMode # DisableDeveloperMode # UninstallMediaPlayer # InstallMediaPlayer # UninstallInternetExplorer # InstallInternetExplorer # UninstallWorkFolders # InstallWorkFolders +# UninstallHelloFace # InstallHelloFace +# UninstallMathRecognizer # InstallMathRecognizer # UninstallPowerShellV2 # InstallPowerShellV2 +# UninstallPowerShellISE # InstallPowerShellISE # InstallLinuxSubsystem # UninstallLinuxSubsystem # InstallHyperV # UninstallHyperV +# UninstallSSHClient # InstallSSHClient +# InstallSSHServer # UninstallSSHServer +# InstallTelnetClient # UninstallTelnetClient # InstallNET23 # UninstallNET23 SetPhotoViewerAssociation # UnsetPhotoViewerAssociation AddPhotoViewerOpenWith # RemovePhotoViewerOpenWith diff --git a/config/Server.config b/config/Server.config index 631aea2..206fc32 100644 --- a/config/Server.config +++ b/config/Server.config @@ -1,7 +1,7 @@ ########## # Win 10 / Server 2016 / Server 2019 Initial Setup Script - Default preset # Author: Disassembler -# Version: v3.8, 2019-09-11 +# Version: v3.10, 2020-07-15 # Modded by: Michael Reber # Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script ########## @@ -11,12 +11,12 @@ RequireAdmin ### Privacy Tweaks ### DisableTelemetry # EnableTelemetry +DisableCortana # EnableCortana DisableWiFiSense # EnableWiFiSense # DisableSmartScreen # EnableSmartScreen # DisableWebSearch # EnableWebSearch DisableAppSuggestions # EnableAppSuggestions DisableActivityHistory # EnableActivityHistory -DisableBackgroundApps # EnableBackgroundApps # DisableSensors # EnableSensors DisableLocation # EnableLocation DisableMapUpdates # EnableMapUpdates @@ -24,7 +24,6 @@ DisableFeedback # EnableFeedback DisableTailoredExperiences # EnableTailoredExperiences DisableAdvertisingID # EnableAdvertisingID DisableWebLangList # EnableWebLangList -DisableCortana # EnableCortana # DisableBiometrics # EnableBiometrics # DisableCamera # EnableCamera # DisableMicrophone # EnableMicrophone @@ -35,6 +34,24 @@ DisableWAPPush # EnableWAPPush # EnableClearRecentFiles # DisableClearRecentFiles # DisableRecentFiles # EnableRecentFiles +### UWP Privacy Tweaks ### +DisableUWPBackgroundApps # EnableUWPBackgroundApps +# DisableUWPVoiceActivation # EnableUWPVoiceActivation +# DisableUWPNotifications # EnableUWPNotifications +# DisableUWPAccountInfo # EnableUWPAccountInfo +# DisableUWPContacts # EnableUWPContacts +# DisableUWPCalendar # EnableUWPCalendar +# DisableUWPPhoneCalls # EnableUWPPhoneCalls +# DisableUWPCallHistory # EnableUWPCallHistory +# DisableUWPEmail # EnableUWPEmail +# DisableUWPTasks # EnableUWPTasks +# DisableUWPMessaging # EnableUWPMessaging +# DisableUWPRadios # EnableUWPRadios +# DisableUWPOtherDevices # EnableUWPOtherDevices +# DisableUWPDiagInfo # EnableUWPDiagInfo +# DisableUWPFileSystem # EnableUWPFileSystem +# DisableUWPSwapFile # EnableUWPSwapFile + ### Security Tweaks ### # SetUACLow # SetUACHigh # EnableSharingMappedDrives # DisableSharingMappedDrives @@ -83,6 +100,7 @@ EnableUpdateMSProducts # DisableUpdateMSProducts # DisableUpdateAutoDownload # EnableUpdateAutoDownload DisableUpdateRestart # EnableUpdateRestart DisableMaintenanceWakeUp # EnableMaintenanceWakeUp +# DisableAutoRestartSignOn # EnableAutoRestartSignOn DisableSharedExperiences # EnableSharedExperiences # EnableClipboardHistory # DisableClipboardHistory DisableAutoplay # EnableAutoplay @@ -92,7 +110,6 @@ DisableAutorun # EnableAutorun # DisableDefragmentation # EnableDefragmentation # DisableSuperfetch # EnableSuperfetch # DisableIndexing # EnableIndexing -# DisableSwapFile # EnableSwapFile # DisableRecycleBin # EnableRecycleBin EnableNTFSLongPaths # DisableNTFSLongPaths # DisableNTFSLastAccess # EnableNTFSLastAccess @@ -126,12 +143,14 @@ DisableSearchAppInStore # EnableSearchAppInStore DisableNewAppPrompt # EnableNewAppPrompt # HideRecentlyAddedApps # ShowRecentlyAddedApps # HideMostUsedApps # ShowMostUsedApps -SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories +# SetWinXMenuPowerShell # SetWinXMenuCmd +# SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories DisableShortcutInName # EnableShortcutInName # HideShortcutArrow # ShowShortcutArrow SetVisualFXPerformance # SetVisualFXAppearance # EnableTitleBarColor # DisableTitleBarColor -# EnableDarkTheme # DisableDarkTheme +# SetAppsDarkMode # SetAppsLightMode +# SetSystemLightMode # SetSystemDarkMode # AddENKeyboard # RemoveENKeyboard # EnableNumlock # DisableNumlock # DisableEnhPointerPrecision # EnableEnhPointerPrecision @@ -150,6 +169,7 @@ ShowHiddenFiles # HideHiddenFiles # ShowFolderMergeConflicts # HideFolderMergeConflicts # EnableNavPaneExpand # DisableNavPaneExpand # ShowNavPaneAllFolders # HideNavPaneAllFolders +# ShowNavPaneLibraries # HideNavPaneLibraries # EnableFldrSeparateProcess # DisableFldrSeparateProcess # EnableRestoreFldrWindows # DisableRestoreFldrWindows # ShowEncCompFilesColor # HideEncCompFilesColor @@ -164,6 +184,7 @@ ShowThisPCOnDesktop # HideThisPCFromDesktop # ShowUserFolderOnDesktop # HideUserFolderFromDesktop # ShowControlPanelOnDesktop # HideControlPanelFromDesktop # ShowNetworkOnDesktop # HideNetworkFromDesktop +# HideDesktopIcons # ShowDesktopIcons # ShowBuildNumberOnDesktop # HideBuildNumberFromDesktop HideDesktopFromThisPC # ShowDesktopInThisPC # HideDesktopFromExplorer # ShowDesktopInExplorer @@ -179,6 +200,7 @@ HideVideosFromThisPC # ShowVideosInThisPC # HideVideosFromExplorer # ShowVideosInExplorer Hide3DObjectsFromThisPC # Show3DObjectsInThisPC # Hide3DObjectsFromExplorer # Show3DObjectsInExplorer +# HideNetworkFromExplorer # ShowNetworkInExplorer # HideIncludeInLibraryMenu # ShowIncludeInLibraryMenu # HideGiveAccessToMenu # ShowGiveAccessToMenu # HideShareMenu # ShowShareMenu @@ -200,12 +222,20 @@ DisableEdgeShortcutCreation # EnableEdgeShortcutCreation DisableIEFirstRun # EnableIEFirstRun DisableFirstLogonAnimation # EnableFirstLogonAnimation DisableMediaSharing # EnableMediaSharing +# DisableMediaOnlineAccess # EnableMediaOnlineAccess +# EnableDeveloperMode # DisableDeveloperMode # UninstallMediaPlayer # InstallMediaPlayer # UninstallInternetExplorer # InstallInternetExplorer # UninstallWorkFolders # InstallWorkFolders +# UninstallHelloFace # InstallHelloFace +# UninstallMathRecognizer # InstallMathRecognizer # UninstallPowerShellV2 # InstallPowerShellV2 +# UninstallPowerShellISE # InstallPowerShellISE # InstallLinuxSubsystem # UninstallLinuxSubsystem # InstallHyperV # UninstallHyperV +# UninstallSSHClient # InstallSSHClient +# InstallSSHServer # UninstallSSHServer +# InstallTelnetClient # UninstallTelnetClient # InstallNET23 # UninstallNET23 SetPhotoViewerAssociation # UnsetPhotoViewerAssociation AddPhotoViewerOpenWith # RemovePhotoViewerOpenWith