Fix not run as Adm and add some other improvements

This commit is contained in:
Michael Reber 2022-07-24 17:03:19 +02:00
parent 0e74a6b2f1
commit 114a307d70
5 changed files with 59 additions and 69 deletions

View File

@ -1,25 +1,18 @@
# win11-initial-SetupScript
Reverts Windows 11 design flaws, debloats, disables telemetry and adds useful tweaks
Minimum setup for Windows 11 - optimize design flaws, debloats system, disables telemetry and adds useful improvements.
## Usage
### Quick-Run Script
Run from Windows Powershell (Administrator) with the following commands:
- <ins>Script Version:</ins>
```
iwr -useb https://setupWin11.ps1 | iex
```
### Download and Run Script
You have to change Powershell Execution-Policy in order to run the script manually:<br>
- <ins>Script Version:</ins>
```
powershell -ExecutionPolicy Bypass -File setupWin11.ps1
```
To change it permanently use: `Set-ExecutionPolicy Unrestricted`
Execute the following file with right-click as Administrator:
```
_start_hardening.cmd
```
## Disclaimer
Run this script at your own risk, it is highly experimental and untested. Always manually backup your data before doing so.
You run this script at your own risk.
Before it makes it's changes it will create a system restore point, which you can go back every time.

View File

@ -1,54 +1,62 @@
$ErrorActionPreference = 'SilentlyContinue'
If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
#
Read-Host -Prompt "The script needs Administrator privileges! [ENTER to confirm.]"
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -Verb RunAs
Exit
}
# ---------------------------------------------------------------------
# Data
# ---------------------------------------------------------------------
$Bloatware = @(
"Microsoft.AppConnector", "SpotifyAB.SpotifyMusic", "Microsoft.XboxIdentityProvider",
"Disney.*", "TobiiAB.TobiiEyeTrackingPortal", "microsoft.windowscommunicationsapps",
"Microsoft.XboxGameCallableUI ", "Microsoft.XboxSpeechToTextOverlay ", "Disney*",
"Microsoft.WindowsFeedbackHub", "Microsoft.XboxGamingOverlay", "Microsoft.XboxGameOverlay", "Microsoft.Xbox.TCUI",
"*Spotify*", "*CandyCrush*", "*Facebook*", "*Twitter*", "*LinkedInforWindows*",
"*Disney*", "*Netflix*", "*BubbleWitch*", "*Duolingo*", "*Minecraft*",
"Microsoft.BingFinance", "Microsoft.BingNews", "Microsoft.BingSports",
"Microsoft.BingTranslator", "Microsoft.BingWeather", "Microsoft.BingFoodAndDrink",
"Microsoft.BingHealthAndFitness", "Microsoft.BingTravel", "Microsoft.GetHelp",
"Microsoft.People", "Microsoft.Wallet", "Microsoft.WindowsAlarms",
"Microsoft.WindowsMaps", "Microsoft.WindowsPhone",
"Microsoft.ConnectivityStore", "Microsoft.CommsPhone", "Microsoft.ScreenSketch",
"Microsoft.ZuneMusic", "Microsoft.ZuneVideo", "Microsoft.YourPhone",
"*ActiproSoftwareLLC*", "*Duolingo-LearnLanguagesforFree*", "*PandoraMediaInc*", "*CandyCrush*",
"*BubbleWitch3Saga*", "*Wunderlist*", "*Flipboard*", "*Twitter*", "*Facebook*", "*Royal Revolt*", "*Speed Test*",
"*Viber*", "*ACGMediaPlayer*", "*Netflix*", "*OneCalendar*", "*LinkedInforWindows*", "*HiddenCityMysteryofShadows*", "*Hulu*",
"*HiddenCity*", "*HotspotShieldFreeVPN*", "*Microsoft.Advertising.Xaml*", "Microsoft.Todos", "Microsoft.549981C3F5F10_8wekyb3d8bbwe"
"Microsoft.WindowsFeedback*", "*Microsoft.Xbox*", "Microsoft.GamingApp*",
"Microsoft.OneDrive*", "*MicrosoftTeams*", "Microsoft.WindowsMaps*",
"Microsoft.WindowsPhone*", "Microsoft.WindowsAlarms*", "Microsoft.YourPhone*",
"Microsoft.People*", "Microsoft.Wallet*", "Microsoft.GetHelp",
"Microsoft.Zune*", "Microsoft.SkypeApp*", "*Microsoft.Messaging*",
"Microsoft.Advertising.Xaml*", "Microsoft.Bing*", "*windowscommunicationsapps*"
)
$services = @(
"diagnosticshub.standardcollector.service", "DiagTrack",
"dmwappushsvc", "DPS", "MapsBroker", "NetTcpPortSharing",
"RemoteRegistry", "Fax", "PhoneSvc", "RetailDemo", "edgeupdate",
"edgeupdatem"
"edgeupdatem", "WalletService"
)
# ---------------------------------------------------------------------
# Restore Point
# ---------------------------------------------------------------------
Enable-ComputerRestore -Drive "C:\"
Checkpoint-Computer -Description "Win11 Hardening Script" -RestorePointType "MODIFY_SETTINGS"
Checkpoint-Computer -Description "Michu-IT | pre Win11 Hardening Script" -RestorePointType "MODIFY_SETTINGS"
# ---------------------------------------------------------------------
# O&O Shutup Integration
# ---------------------------------------------------------------------
Start-BitsTransfer "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe"
#Start-BitsTransfer "https://code.michu-it.com/mrit_ooshutup.cfg"
Start-Process -FilePath "./OOSU10.exe" -ArgumentList 'mrit_ooshutup.cfg /quiet' -Wait
#Start-BitsTransfer "https://code.michu-it.com/michael/win11-initial-setup-script/raw/branch/master/mrit_ooshutup.cfg"
Start-Process -FilePath "./OOSU10.exe" -ArgumentList 'mrit_ooshutup.cfg' -Wait
Remove-Item -Path ".\OOSU10.exe" -Force
#Remove-Item -Path ".\mrit_ooshutup.cfg" -Force
# ---------------------------------------------------------------------
# Install Basic Tools with Ninite
# ---------------------------------------------------------------------
Start-Process -FilePath "./ninite.exe" -Wait
# ---------------------------------------------------------------------
# Design
# ---------------------------------------------------------------------
@ -73,16 +81,10 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarDa" -type "Dword" -Value "0"
# Remove Search from Taskbar
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -type "Dword" -Value "0"
# New Boot Animation
If (!(Test-Path "HKLM:\SYSTEM\ControlSet001\Control\BootControl")) {
New-Item -Path "HKLM:\SYSTEM\ControlSet001\Control" -Name "BootControl"
}
New-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Control\BootControl" -Name "BootProgressAnimation" -Value "1" -PropertyType "Dword"
#Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -type "Dword" -Value "0"
# Enable Windows Explorer Compact View
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -type "Dword" -Name "UseCompactMode" -Value "1"
#Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -type "Dword" -Name "UseCompactMode" -Value "1"
# Enable Windows Dark Theme
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "SystemUsesLightTheme" -Value "0"
@ -90,6 +92,7 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\P
# Enable App Dark Theme
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "AppsUseLightTheme" -Value "0"
# ---------------------------------------------------------------------
# Debloat
# ---------------------------------------------------------------------
@ -101,21 +104,24 @@ Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Start-Process -FilePath CleanMgr.exe -ArgumentList '/sagerun:5' -Wait
# Remove Temp Files
Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item $env:TEMP\* -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction $ErrorActionPreference
Remove-Item $env:TEMP\* -Recurse -Force -ErrorAction $ErrorActionPreference
# Uninstall Bloatware-Apps
foreach ($Bloat in $Bloatware) {
Get-AppxPackage -Name $Bloat| Remove-AppxPackage
# Uninstall App on all Current User:
Get-AppxPackage -Name $Bloat -AllUsers | Remove-AppxPackage
# This will prevent these apps from being reinstalled on new user first logon:
Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $Bloat | Remove-AppxProvisionedPackage -Online
}
# Disable Services
foreach ($service in $services) {
Get-Service -Name $service -ErrorAction SilentlyContinue | Set-Service -StartupType Disabled -ErrorAction SilentlyContinue
Get-Service -Name $service -ErrorAction $ErrorActionPreference | Set-Service -StartupType Disabled -ErrorAction $ErrorActionPreference
Write-Output Disabling $service...
}
# ---------------------------------------------------------------------
# Privacy
# ---------------------------------------------------------------------
@ -127,12 +133,15 @@ Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "MaxTelemetryAllowed" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
# Disable Scheduled Tasks:
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater"
Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy"
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator"
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip"
Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableActivityFeed" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "PublishUserActivities" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "UploadUserActivities" -Type DWord -Value 0
@ -207,6 +216,10 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
# Disable Thumbs.db File Creation on Network Shares
reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v DisableThumbsDBOnNetworkFolders /d 0x1 /t REG_DWORD /f
# Register GIT_SSH for Putty
setx GIT_SSH "C:\Program Files\PuTTY\plink.exe"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment" /v GIT_SSH /d "C:\Program Files\PuTTY\plink.exe" /t REG_SZ /f
# Install winget
if (!(Test-Path $env:LOCALAPPDATA\Microsoft\WindowsApps\winget.exe)){
$latest = (Invoke-WebRequest -UseBasicParsing -URI "https://github.com/microsoft/winget-cli/releases/latest").Links.Href | Select-String ".msixbundle"
@ -233,5 +246,5 @@ Remove-Item -Path ".\Microsoft.VCLibs*.appx" -Force
Remove-Item -Path ".\Microsoft.DesktopAppInstaller_*.msixbundle" -Force
# End of Script - Restart PC
#Start-Sleep 5
#Restart-Computer
Read-Host -Prompt "Success! Press any key to restart"
Restart-Computer

View File

@ -7,7 +7,7 @@
#
# Alternativ können Sie die Datei auch über die Kommandozeile automatisch
# importieren lassen. Nutzen Sie dazu folgende Parameter
# OOSU10 (1).exe <Pfad zur Datei>
# OOSU10.exe <Pfad zur Datei>
#
# Mit der Option /quiet wird die Anwendung nach dem Import sofort beendet
# und der Nutzer erhält auch kein Feedback über den Import.
@ -136,22 +136,6 @@ E005 -
E013 -
E014 -
E006 -
F002 +
F014 +
F015 +
F016 +
F001 -
F003 +
F004 +
F005 +
F007 +
F008 +
F009 +
F006 -
F010 -
F011 -
F012 -
F013 -
Y001 +
Y002 +
Y003 +

BIN
ninite.exe Normal file

Binary file not shown.