Fix not run as Adm and add some other improvements

README.md

@@ -1,25 +1,18 @@
 # win11-initial-SetupScript
 
-Reverts Windows 11 design flaws, debloats, disables telemetry and adds useful tweaks
+Minimum setup for Windows 11 - optimize design flaws, debloats system, disables telemetry and adds useful improvements.
 
 ## Usage
 
-### Quick-Run Script
-Run from Windows Powershell (Administrator) with the following commands:
-- <ins>Script Version:</ins>
-```
-iwr -useb https://setupWin11.ps1 | iex
-```
 
 ### Download and Run Script
-You have to change Powershell Execution-Policy in order to run the script manually:<br>
+
-- <ins>Script Version:</ins>
+Execute the following file with right-click as Administrator:
 ```
-powershell -ExecutionPolicy Bypass -File setupWin11.ps1
+_start_hardening.cmd
 ```
 
-To change it permanently use: `Set-ExecutionPolicy Unrestricted`
-
 
 ## Disclaimer
-Run this script at your own risk, it is highly experimental and untested. Always manually backup your data before doing so.
+You run this script at your own risk. 
+Before it makes it's changes it will create a system restore point, which you can go back every time.

Win11.ps1

@@ -1,54 +1,62 @@
 $ErrorActionPreference = 'SilentlyContinue'
+If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
+	#
+	Read-Host -Prompt "The script needs Administrator privileges! [ENTER to confirm.]"
+	Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -Verb RunAs
+	Exit
+}
 
 # ---------------------------------------------------------------------
 # Data
 # ---------------------------------------------------------------------
 
+
 $Bloatware = @(
-    "Microsoft.AppConnector", "SpotifyAB.SpotifyMusic", "Microsoft.XboxIdentityProvider",
+    "*Spotify*", "*CandyCrush*", "*Facebook*", "*Twitter*", "*LinkedInforWindows*",
-    "Disney.*", "TobiiAB.TobiiEyeTrackingPortal", "microsoft.windowscommunicationsapps",
+    "*Disney*", "*Netflix*", "*BubbleWitch*", "*Duolingo*", "*Minecraft*",
-    "Microsoft.XboxGameCallableUI ", "Microsoft.XboxSpeechToTextOverlay ", "Disney*",
+	
-    "Microsoft.WindowsFeedbackHub", "Microsoft.XboxGamingOverlay", "Microsoft.XboxGameOverlay", "Microsoft.Xbox.TCUI",
+    "Microsoft.WindowsFeedback*", "*Microsoft.Xbox*", "Microsoft.GamingApp*",
-    
+	"Microsoft.OneDrive*", "*MicrosoftTeams*", "Microsoft.WindowsMaps*",
-    "Microsoft.BingFinance", "Microsoft.BingNews", "Microsoft.BingSports",
+	"Microsoft.WindowsPhone*", "Microsoft.WindowsAlarms*", "Microsoft.YourPhone*",
-    "Microsoft.BingTranslator", "Microsoft.BingWeather", "Microsoft.BingFoodAndDrink",
+	"Microsoft.People*", "Microsoft.Wallet*", "Microsoft.GetHelp",
-    "Microsoft.BingHealthAndFitness", "Microsoft.BingTravel", "Microsoft.GetHelp",
+	"Microsoft.Zune*", "Microsoft.SkypeApp*", "*Microsoft.Messaging*",
-
+	"Microsoft.Advertising.Xaml*", "Microsoft.Bing*", "*windowscommunicationsapps*"
-    "Microsoft.People", "Microsoft.Wallet", "Microsoft.WindowsAlarms",
-    "Microsoft.WindowsMaps", "Microsoft.WindowsPhone",
-    "Microsoft.ConnectivityStore", "Microsoft.CommsPhone", "Microsoft.ScreenSketch",
-    "Microsoft.ZuneMusic", "Microsoft.ZuneVideo", "Microsoft.YourPhone",
-
-    "*ActiproSoftwareLLC*", "*Duolingo-LearnLanguagesforFree*", "*PandoraMediaInc*", "*CandyCrush*",
-    "*BubbleWitch3Saga*", "*Wunderlist*", "*Flipboard*", "*Twitter*", "*Facebook*", "*Royal Revolt*", "*Speed Test*",
-    "*Viber*", "*ACGMediaPlayer*", "*Netflix*", "*OneCalendar*", "*LinkedInforWindows*", "*HiddenCityMysteryofShadows*", "*Hulu*",
-    "*HiddenCity*", "*HotspotShieldFreeVPN*", "*Microsoft.Advertising.Xaml*", "Microsoft.Todos", "Microsoft.549981C3F5F10_8wekyb3d8bbwe"
 )
 
 $services = @(
     "diagnosticshub.standardcollector.service", "DiagTrack",
     "dmwappushsvc", "DPS", "MapsBroker", "NetTcpPortSharing",
     "RemoteRegistry", "Fax", "PhoneSvc", "RetailDemo", "edgeupdate",
-    "edgeupdatem"
+    "edgeupdatem", "WalletService"
 )
 
+
 # ---------------------------------------------------------------------
 # Restore Point
 # ---------------------------------------------------------------------
 
 Enable-ComputerRestore -Drive "C:\"
-Checkpoint-Computer -Description "Win11 Hardening Script" -RestorePointType "MODIFY_SETTINGS"
+Checkpoint-Computer -Description "Michu-IT | pre Win11 Hardening Script" -RestorePointType "MODIFY_SETTINGS"
+
 
 # ---------------------------------------------------------------------
 # O&O Shutup Integration
 # ---------------------------------------------------------------------
 
 Start-BitsTransfer "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe"
-#Start-BitsTransfer "https://code.michu-it.com/mrit_ooshutup.cfg"
+#Start-BitsTransfer "https://code.michu-it.com/michael/win11-initial-setup-script/raw/branch/master/mrit_ooshutup.cfg"
-Start-Process -FilePath "./OOSU10.exe" -ArgumentList 'mrit_ooshutup.cfg /quiet' -Wait
+Start-Process -FilePath "./OOSU10.exe" -ArgumentList 'mrit_ooshutup.cfg' -Wait
 Remove-Item -Path ".\OOSU10.exe" -Force
 #Remove-Item -Path ".\mrit_ooshutup.cfg" -Force
 
+
+# ---------------------------------------------------------------------
+# Install Basic Tools with Ninite
+# ---------------------------------------------------------------------
+
+Start-Process -FilePath "./ninite.exe" -Wait
+
+
 # ---------------------------------------------------------------------
 # Design
 # ---------------------------------------------------------------------
@@ -73,16 +81,10 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
 Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarDa" -type "Dword" -Value "0"
 
 # Remove Search from Taskbar
-Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -type "Dword" -Value "0"
+#Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -type "Dword" -Value "0"
-
-# New Boot Animation
-If (!(Test-Path "HKLM:\SYSTEM\ControlSet001\Control\BootControl")) {
-    New-Item -Path "HKLM:\SYSTEM\ControlSet001\Control" -Name "BootControl"
-}
-New-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Control\BootControl" -Name "BootProgressAnimation" -Value "1" -PropertyType "Dword"
 
 # Enable Windows Explorer Compact View
-Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -type "Dword" -Name "UseCompactMode" -Value "1"
+#Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -type "Dword" -Name "UseCompactMode" -Value "1"
 
 # Enable Windows Dark Theme
 Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "SystemUsesLightTheme" -Value "0"
@@ -90,6 +92,7 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\P
 # Enable App Dark Theme
 Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "AppsUseLightTheme" -Value "0"
 
+
 # ---------------------------------------------------------------------
 # Debloat
 # ---------------------------------------------------------------------
@@ -97,25 +100,28 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\P
 # Disk Cleanup
 Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\*' | ForEach-Object {
     New-ItemProperty -Path $_.PSPath -Name StateFlags0005 -Value 2 -PropertyType DWord -Force
-   };
+};
 Start-Process -FilePath CleanMgr.exe -ArgumentList '/sagerun:5' -Wait
 
 # Remove Temp Files
-Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction SilentlyContinue
+Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction $ErrorActionPreference
-Remove-Item $env:TEMP\* -Recurse -Force -ErrorAction SilentlyContinue
+Remove-Item $env:TEMP\* -Recurse -Force -ErrorAction $ErrorActionPreference
 
 # Uninstall Bloatware-Apps
 foreach ($Bloat in $Bloatware) {
-    Get-AppxPackage -Name $Bloat| Remove-AppxPackage
+	# Uninstall App on all Current User:
-    Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $Bloat | Remove-AppxProvisionedPackage -Online
+    Get-AppxPackage -Name $Bloat -AllUsers | Remove-AppxPackage
+    # This will prevent these apps from being reinstalled on new user first logon:
+	Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $Bloat | Remove-AppxProvisionedPackage -Online
 }
 
 # Disable Services
 foreach ($service in $services) {
-    Get-Service -Name $service -ErrorAction SilentlyContinue | Set-Service -StartupType Disabled -ErrorAction SilentlyContinue
+    Get-Service -Name $service -ErrorAction $ErrorActionPreference | Set-Service -StartupType Disabled -ErrorAction $ErrorActionPreference
     Write-Output Disabling $service...
 }
 
+
 # ---------------------------------------------------------------------
 # Privacy
 # ---------------------------------------------------------------------
@@ -127,12 +133,15 @@ Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy"
 Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
 Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "MaxTelemetryAllowed" -Type DWord -Value 0
 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
+
+# Disable Scheduled Tasks:
 Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
 Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater"
 Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy"
 Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator"
 Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip"
 Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector"
+
 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableActivityFeed" -Type DWord -Value 0
 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "PublishUserActivities" -Type DWord -Value 0
 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "UploadUserActivities" -Type DWord -Value 0
@@ -207,6 +216,10 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
 # Disable Thumbs.db File Creation on Network Shares
 reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v DisableThumbsDBOnNetworkFolders /d 0x1 /t REG_DWORD /f
 
+# Register GIT_SSH for Putty
+setx GIT_SSH "C:\Program Files\PuTTY\plink.exe"
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment" /v GIT_SSH /d "C:\Program Files\PuTTY\plink.exe" /t REG_SZ /f
+
 # Install winget
 if (!(Test-Path $env:LOCALAPPDATA\Microsoft\WindowsApps\winget.exe)){
     $latest = (Invoke-WebRequest -UseBasicParsing -URI "https://github.com/microsoft/winget-cli/releases/latest").Links.Href | Select-String ".msixbundle"
@@ -233,5 +246,5 @@ Remove-Item -Path ".\Microsoft.VCLibs*.appx" -Force
 Remove-Item -Path ".\Microsoft.DesktopAppInstaller_*.msixbundle" -Force
 
 # End of Script - Restart PC
-#Start-Sleep 5
+Read-Host -Prompt "Success! Press any key to restart"
-#Restart-Computer
+Restart-Computer

mrit_ooshutup.cfg

@@ -7,7 +7,7 @@
 #
 # Alternativ können Sie die Datei auch über die Kommandozeile automatisch
 # importieren lassen. Nutzen Sie dazu folgende Parameter
-# OOSU10 (1).exe <Pfad zur Datei>
+# OOSU10.exe <Pfad zur Datei>
 # 
 # Mit der Option /quiet wird die Anwendung nach dem Import sofort beendet
 # und der Nutzer erhält auch kein Feedback über den Import.
@@ -136,22 +136,6 @@ E005	-
 E013	-
 E014	-
 E006	-
-F002	+
-F014	+
-F015	+
-F016	+
-F001	-
-F003	+
-F004	+
-F005	+
-F007	+
-F008	+
-F009	+
-F006	-
-F010	-
-F011	-
-F012	-
-F013	-
 Y001	+
 Y002	+
 Y003	+