Fix not run as Adm and add some other improvements

This commit is contained in:
Michael Reber 2022-07-24 17:03:19 +02:00
parent 0e74a6b2f1
commit 114a307d70
5 changed files with 59 additions and 69 deletions

View File

@ -1,25 +1,18 @@
# win11-initial-SetupScript # win11-initial-SetupScript
Reverts Windows 11 design flaws, debloats, disables telemetry and adds useful tweaks Minimum setup for Windows 11 - optimize design flaws, debloats system, disables telemetry and adds useful improvements.
## Usage ## Usage
### Quick-Run Script
Run from Windows Powershell (Administrator) with the following commands:
- <ins>Script Version:</ins>
```
iwr -useb https://setupWin11.ps1 | iex
```
### Download and Run Script ### Download and Run Script
You have to change Powershell Execution-Policy in order to run the script manually:<br>
- <ins>Script Version:</ins>
```
powershell -ExecutionPolicy Bypass -File setupWin11.ps1
```
To change it permanently use: `Set-ExecutionPolicy Unrestricted` Execute the following file with right-click as Administrator:
```
_start_hardening.cmd
```
## Disclaimer ## Disclaimer
Run this script at your own risk, it is highly experimental and untested. Always manually backup your data before doing so. You run this script at your own risk.
Before it makes it's changes it will create a system restore point, which you can go back every time.

View File

@ -1,54 +1,62 @@
$ErrorActionPreference = 'SilentlyContinue' $ErrorActionPreference = 'SilentlyContinue'
If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
#
Read-Host -Prompt "The script needs Administrator privileges! [ENTER to confirm.]"
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -Verb RunAs
Exit
}
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
# Data # Data
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
$Bloatware = @( $Bloatware = @(
"Microsoft.AppConnector", "SpotifyAB.SpotifyMusic", "Microsoft.XboxIdentityProvider", "*Spotify*", "*CandyCrush*", "*Facebook*", "*Twitter*", "*LinkedInforWindows*",
"Disney.*", "TobiiAB.TobiiEyeTrackingPortal", "microsoft.windowscommunicationsapps", "*Disney*", "*Netflix*", "*BubbleWitch*", "*Duolingo*", "*Minecraft*",
"Microsoft.XboxGameCallableUI ", "Microsoft.XboxSpeechToTextOverlay ", "Disney*",
"Microsoft.WindowsFeedbackHub", "Microsoft.XboxGamingOverlay", "Microsoft.XboxGameOverlay", "Microsoft.Xbox.TCUI",
"Microsoft.BingFinance", "Microsoft.BingNews", "Microsoft.BingSports", "Microsoft.WindowsFeedback*", "*Microsoft.Xbox*", "Microsoft.GamingApp*",
"Microsoft.BingTranslator", "Microsoft.BingWeather", "Microsoft.BingFoodAndDrink", "Microsoft.OneDrive*", "*MicrosoftTeams*", "Microsoft.WindowsMaps*",
"Microsoft.BingHealthAndFitness", "Microsoft.BingTravel", "Microsoft.GetHelp", "Microsoft.WindowsPhone*", "Microsoft.WindowsAlarms*", "Microsoft.YourPhone*",
"Microsoft.People*", "Microsoft.Wallet*", "Microsoft.GetHelp",
"Microsoft.People", "Microsoft.Wallet", "Microsoft.WindowsAlarms", "Microsoft.Zune*", "Microsoft.SkypeApp*", "*Microsoft.Messaging*",
"Microsoft.WindowsMaps", "Microsoft.WindowsPhone", "Microsoft.Advertising.Xaml*", "Microsoft.Bing*", "*windowscommunicationsapps*"
"Microsoft.ConnectivityStore", "Microsoft.CommsPhone", "Microsoft.ScreenSketch",
"Microsoft.ZuneMusic", "Microsoft.ZuneVideo", "Microsoft.YourPhone",
"*ActiproSoftwareLLC*", "*Duolingo-LearnLanguagesforFree*", "*PandoraMediaInc*", "*CandyCrush*",
"*BubbleWitch3Saga*", "*Wunderlist*", "*Flipboard*", "*Twitter*", "*Facebook*", "*Royal Revolt*", "*Speed Test*",
"*Viber*", "*ACGMediaPlayer*", "*Netflix*", "*OneCalendar*", "*LinkedInforWindows*", "*HiddenCityMysteryofShadows*", "*Hulu*",
"*HiddenCity*", "*HotspotShieldFreeVPN*", "*Microsoft.Advertising.Xaml*", "Microsoft.Todos", "Microsoft.549981C3F5F10_8wekyb3d8bbwe"
) )
$services = @( $services = @(
"diagnosticshub.standardcollector.service", "DiagTrack", "diagnosticshub.standardcollector.service", "DiagTrack",
"dmwappushsvc", "DPS", "MapsBroker", "NetTcpPortSharing", "dmwappushsvc", "DPS", "MapsBroker", "NetTcpPortSharing",
"RemoteRegistry", "Fax", "PhoneSvc", "RetailDemo", "edgeupdate", "RemoteRegistry", "Fax", "PhoneSvc", "RetailDemo", "edgeupdate",
"edgeupdatem" "edgeupdatem", "WalletService"
) )
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
# Restore Point # Restore Point
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
Enable-ComputerRestore -Drive "C:\" Enable-ComputerRestore -Drive "C:\"
Checkpoint-Computer -Description "Win11 Hardening Script" -RestorePointType "MODIFY_SETTINGS" Checkpoint-Computer -Description "Michu-IT | pre Win11 Hardening Script" -RestorePointType "MODIFY_SETTINGS"
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
# O&O Shutup Integration # O&O Shutup Integration
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
Start-BitsTransfer "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe" Start-BitsTransfer "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe"
#Start-BitsTransfer "https://code.michu-it.com/mrit_ooshutup.cfg" #Start-BitsTransfer "https://code.michu-it.com/michael/win11-initial-setup-script/raw/branch/master/mrit_ooshutup.cfg"
Start-Process -FilePath "./OOSU10.exe" -ArgumentList 'mrit_ooshutup.cfg /quiet' -Wait Start-Process -FilePath "./OOSU10.exe" -ArgumentList 'mrit_ooshutup.cfg' -Wait
Remove-Item -Path ".\OOSU10.exe" -Force Remove-Item -Path ".\OOSU10.exe" -Force
#Remove-Item -Path ".\mrit_ooshutup.cfg" -Force #Remove-Item -Path ".\mrit_ooshutup.cfg" -Force
# ---------------------------------------------------------------------
# Install Basic Tools with Ninite
# ---------------------------------------------------------------------
Start-Process -FilePath "./ninite.exe" -Wait
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
# Design # Design
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
@ -73,16 +81,10 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarDa" -type "Dword" -Value "0" Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarDa" -type "Dword" -Value "0"
# Remove Search from Taskbar # Remove Search from Taskbar
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -type "Dword" -Value "0" #Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -type "Dword" -Value "0"
# New Boot Animation
If (!(Test-Path "HKLM:\SYSTEM\ControlSet001\Control\BootControl")) {
New-Item -Path "HKLM:\SYSTEM\ControlSet001\Control" -Name "BootControl"
}
New-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Control\BootControl" -Name "BootProgressAnimation" -Value "1" -PropertyType "Dword"
# Enable Windows Explorer Compact View # Enable Windows Explorer Compact View
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -type "Dword" -Name "UseCompactMode" -Value "1" #Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -type "Dword" -Name "UseCompactMode" -Value "1"
# Enable Windows Dark Theme # Enable Windows Dark Theme
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "SystemUsesLightTheme" -Value "0" Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "SystemUsesLightTheme" -Value "0"
@ -90,6 +92,7 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\P
# Enable App Dark Theme # Enable App Dark Theme
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "AppsUseLightTheme" -Value "0" Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "AppsUseLightTheme" -Value "0"
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
# Debloat # Debloat
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
@ -97,25 +100,28 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\P
# Disk Cleanup # Disk Cleanup
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\*' | ForEach-Object { Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\*' | ForEach-Object {
New-ItemProperty -Path $_.PSPath -Name StateFlags0005 -Value 2 -PropertyType DWord -Force New-ItemProperty -Path $_.PSPath -Name StateFlags0005 -Value 2 -PropertyType DWord -Force
}; };
Start-Process -FilePath CleanMgr.exe -ArgumentList '/sagerun:5' -Wait Start-Process -FilePath CleanMgr.exe -ArgumentList '/sagerun:5' -Wait
# Remove Temp Files # Remove Temp Files
Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction SilentlyContinue Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction $ErrorActionPreference
Remove-Item $env:TEMP\* -Recurse -Force -ErrorAction SilentlyContinue Remove-Item $env:TEMP\* -Recurse -Force -ErrorAction $ErrorActionPreference
# Uninstall Bloatware-Apps # Uninstall Bloatware-Apps
foreach ($Bloat in $Bloatware) { foreach ($Bloat in $Bloatware) {
Get-AppxPackage -Name $Bloat| Remove-AppxPackage # Uninstall App on all Current User:
Get-AppxPackage -Name $Bloat -AllUsers | Remove-AppxPackage
# This will prevent these apps from being reinstalled on new user first logon:
Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $Bloat | Remove-AppxProvisionedPackage -Online Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $Bloat | Remove-AppxProvisionedPackage -Online
} }
# Disable Services # Disable Services
foreach ($service in $services) { foreach ($service in $services) {
Get-Service -Name $service -ErrorAction SilentlyContinue | Set-Service -StartupType Disabled -ErrorAction SilentlyContinue Get-Service -Name $service -ErrorAction $ErrorActionPreference | Set-Service -StartupType Disabled -ErrorAction $ErrorActionPreference
Write-Output Disabling $service... Write-Output Disabling $service...
} }
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
# Privacy # Privacy
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
@ -127,12 +133,15 @@ Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "MaxTelemetryAllowed" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "MaxTelemetryAllowed" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
# Disable Scheduled Tasks:
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater" Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater"
Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy" Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy"
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator"
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip"
Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableActivityFeed" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableActivityFeed" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "PublishUserActivities" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "PublishUserActivities" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "UploadUserActivities" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "UploadUserActivities" -Type DWord -Value 0
@ -207,6 +216,10 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
# Disable Thumbs.db File Creation on Network Shares # Disable Thumbs.db File Creation on Network Shares
reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v DisableThumbsDBOnNetworkFolders /d 0x1 /t REG_DWORD /f reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v DisableThumbsDBOnNetworkFolders /d 0x1 /t REG_DWORD /f
# Register GIT_SSH for Putty
setx GIT_SSH "C:\Program Files\PuTTY\plink.exe"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment" /v GIT_SSH /d "C:\Program Files\PuTTY\plink.exe" /t REG_SZ /f
# Install winget # Install winget
if (!(Test-Path $env:LOCALAPPDATA\Microsoft\WindowsApps\winget.exe)){ if (!(Test-Path $env:LOCALAPPDATA\Microsoft\WindowsApps\winget.exe)){
$latest = (Invoke-WebRequest -UseBasicParsing -URI "https://github.com/microsoft/winget-cli/releases/latest").Links.Href | Select-String ".msixbundle" $latest = (Invoke-WebRequest -UseBasicParsing -URI "https://github.com/microsoft/winget-cli/releases/latest").Links.Href | Select-String ".msixbundle"
@ -233,5 +246,5 @@ Remove-Item -Path ".\Microsoft.VCLibs*.appx" -Force
Remove-Item -Path ".\Microsoft.DesktopAppInstaller_*.msixbundle" -Force Remove-Item -Path ".\Microsoft.DesktopAppInstaller_*.msixbundle" -Force
# End of Script - Restart PC # End of Script - Restart PC
#Start-Sleep 5 Read-Host -Prompt "Success! Press any key to restart"
#Restart-Computer Restart-Computer

View File

@ -7,7 +7,7 @@
# #
# Alternativ können Sie die Datei auch über die Kommandozeile automatisch # Alternativ können Sie die Datei auch über die Kommandozeile automatisch
# importieren lassen. Nutzen Sie dazu folgende Parameter # importieren lassen. Nutzen Sie dazu folgende Parameter
# OOSU10 (1).exe <Pfad zur Datei> # OOSU10.exe <Pfad zur Datei>
# #
# Mit der Option /quiet wird die Anwendung nach dem Import sofort beendet # Mit der Option /quiet wird die Anwendung nach dem Import sofort beendet
# und der Nutzer erhält auch kein Feedback über den Import. # und der Nutzer erhält auch kein Feedback über den Import.
@ -136,22 +136,6 @@ E005 -
E013 - E013 -
E014 - E014 -
E006 - E006 -
F002 +
F014 +
F015 +
F016 +
F001 -
F003 +
F004 +
F005 +
F007 +
F008 +
F009 +
F006 -
F010 -
F011 -
F012 -
F013 -
Y001 + Y001 +
Y002 + Y002 +
Y003 + Y003 +

BIN
ninite.exe Normal file

Binary file not shown.