Fix not run as Adm and add some other improvements
This commit is contained in:
parent
0e74a6b2f1
commit
114a307d70
21
README.md
21
README.md
@ -1,25 +1,18 @@
|
||||
# win11-initial-SetupScript
|
||||
|
||||
Reverts Windows 11 design flaws, debloats, disables telemetry and adds useful tweaks
|
||||
Minimum setup for Windows 11 - optimize design flaws, debloats system, disables telemetry and adds useful improvements.
|
||||
|
||||
## Usage
|
||||
|
||||
### Quick-Run Script
|
||||
Run from Windows Powershell (Administrator) with the following commands:
|
||||
- <ins>Script Version:</ins>
|
||||
```
|
||||
iwr -useb https://setupWin11.ps1 | iex
|
||||
```
|
||||
|
||||
### Download and Run Script
|
||||
You have to change Powershell Execution-Policy in order to run the script manually:<br>
|
||||
- <ins>Script Version:</ins>
|
||||
```
|
||||
powershell -ExecutionPolicy Bypass -File setupWin11.ps1
|
||||
```
|
||||
|
||||
To change it permanently use: `Set-ExecutionPolicy Unrestricted`
|
||||
Execute the following file with right-click as Administrator:
|
||||
```
|
||||
_start_hardening.cmd
|
||||
```
|
||||
|
||||
|
||||
## Disclaimer
|
||||
Run this script at your own risk, it is highly experimental and untested. Always manually backup your data before doing so.
|
||||
You run this script at your own risk.
|
||||
Before it makes it's changes it will create a system restore point, which you can go back every time.
|
||||
87
Win11.ps1
87
Win11.ps1
@ -1,54 +1,62 @@
|
||||
$ErrorActionPreference = 'SilentlyContinue'
|
||||
If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
|
||||
#
|
||||
Read-Host -Prompt "The script needs Administrator privileges! [ENTER to confirm.]"
|
||||
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -Verb RunAs
|
||||
Exit
|
||||
}
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Data
|
||||
# ---------------------------------------------------------------------
|
||||
|
||||
|
||||
$Bloatware = @(
|
||||
"Microsoft.AppConnector", "SpotifyAB.SpotifyMusic", "Microsoft.XboxIdentityProvider",
|
||||
"Disney.*", "TobiiAB.TobiiEyeTrackingPortal", "microsoft.windowscommunicationsapps",
|
||||
"Microsoft.XboxGameCallableUI ", "Microsoft.XboxSpeechToTextOverlay ", "Disney*",
|
||||
"Microsoft.WindowsFeedbackHub", "Microsoft.XboxGamingOverlay", "Microsoft.XboxGameOverlay", "Microsoft.Xbox.TCUI",
|
||||
"*Spotify*", "*CandyCrush*", "*Facebook*", "*Twitter*", "*LinkedInforWindows*",
|
||||
"*Disney*", "*Netflix*", "*BubbleWitch*", "*Duolingo*", "*Minecraft*",
|
||||
|
||||
"Microsoft.BingFinance", "Microsoft.BingNews", "Microsoft.BingSports",
|
||||
"Microsoft.BingTranslator", "Microsoft.BingWeather", "Microsoft.BingFoodAndDrink",
|
||||
"Microsoft.BingHealthAndFitness", "Microsoft.BingTravel", "Microsoft.GetHelp",
|
||||
|
||||
"Microsoft.People", "Microsoft.Wallet", "Microsoft.WindowsAlarms",
|
||||
"Microsoft.WindowsMaps", "Microsoft.WindowsPhone",
|
||||
"Microsoft.ConnectivityStore", "Microsoft.CommsPhone", "Microsoft.ScreenSketch",
|
||||
"Microsoft.ZuneMusic", "Microsoft.ZuneVideo", "Microsoft.YourPhone",
|
||||
|
||||
"*ActiproSoftwareLLC*", "*Duolingo-LearnLanguagesforFree*", "*PandoraMediaInc*", "*CandyCrush*",
|
||||
"*BubbleWitch3Saga*", "*Wunderlist*", "*Flipboard*", "*Twitter*", "*Facebook*", "*Royal Revolt*", "*Speed Test*",
|
||||
"*Viber*", "*ACGMediaPlayer*", "*Netflix*", "*OneCalendar*", "*LinkedInforWindows*", "*HiddenCityMysteryofShadows*", "*Hulu*",
|
||||
"*HiddenCity*", "*HotspotShieldFreeVPN*", "*Microsoft.Advertising.Xaml*", "Microsoft.Todos", "Microsoft.549981C3F5F10_8wekyb3d8bbwe"
|
||||
"Microsoft.WindowsFeedback*", "*Microsoft.Xbox*", "Microsoft.GamingApp*",
|
||||
"Microsoft.OneDrive*", "*MicrosoftTeams*", "Microsoft.WindowsMaps*",
|
||||
"Microsoft.WindowsPhone*", "Microsoft.WindowsAlarms*", "Microsoft.YourPhone*",
|
||||
"Microsoft.People*", "Microsoft.Wallet*", "Microsoft.GetHelp",
|
||||
"Microsoft.Zune*", "Microsoft.SkypeApp*", "*Microsoft.Messaging*",
|
||||
"Microsoft.Advertising.Xaml*", "Microsoft.Bing*", "*windowscommunicationsapps*"
|
||||
)
|
||||
|
||||
$services = @(
|
||||
"diagnosticshub.standardcollector.service", "DiagTrack",
|
||||
"dmwappushsvc", "DPS", "MapsBroker", "NetTcpPortSharing",
|
||||
"RemoteRegistry", "Fax", "PhoneSvc", "RetailDemo", "edgeupdate",
|
||||
"edgeupdatem"
|
||||
"edgeupdatem", "WalletService"
|
||||
)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Restore Point
|
||||
# ---------------------------------------------------------------------
|
||||
|
||||
Enable-ComputerRestore -Drive "C:\"
|
||||
Checkpoint-Computer -Description "Win11 Hardening Script" -RestorePointType "MODIFY_SETTINGS"
|
||||
Checkpoint-Computer -Description "Michu-IT | pre Win11 Hardening Script" -RestorePointType "MODIFY_SETTINGS"
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# O&O Shutup Integration
|
||||
# ---------------------------------------------------------------------
|
||||
|
||||
Start-BitsTransfer "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe"
|
||||
#Start-BitsTransfer "https://code.michu-it.com/mrit_ooshutup.cfg"
|
||||
Start-Process -FilePath "./OOSU10.exe" -ArgumentList 'mrit_ooshutup.cfg /quiet' -Wait
|
||||
#Start-BitsTransfer "https://code.michu-it.com/michael/win11-initial-setup-script/raw/branch/master/mrit_ooshutup.cfg"
|
||||
Start-Process -FilePath "./OOSU10.exe" -ArgumentList 'mrit_ooshutup.cfg' -Wait
|
||||
Remove-Item -Path ".\OOSU10.exe" -Force
|
||||
#Remove-Item -Path ".\mrit_ooshutup.cfg" -Force
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Install Basic Tools with Ninite
|
||||
# ---------------------------------------------------------------------
|
||||
|
||||
Start-Process -FilePath "./ninite.exe" -Wait
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Design
|
||||
# ---------------------------------------------------------------------
|
||||
@ -73,16 +81,10 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarDa" -type "Dword" -Value "0"
|
||||
|
||||
# Remove Search from Taskbar
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -type "Dword" -Value "0"
|
||||
|
||||
# New Boot Animation
|
||||
If (!(Test-Path "HKLM:\SYSTEM\ControlSet001\Control\BootControl")) {
|
||||
New-Item -Path "HKLM:\SYSTEM\ControlSet001\Control" -Name "BootControl"
|
||||
}
|
||||
New-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Control\BootControl" -Name "BootProgressAnimation" -Value "1" -PropertyType "Dword"
|
||||
#Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -type "Dword" -Value "0"
|
||||
|
||||
# Enable Windows Explorer Compact View
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -type "Dword" -Name "UseCompactMode" -Value "1"
|
||||
#Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -type "Dword" -Name "UseCompactMode" -Value "1"
|
||||
|
||||
# Enable Windows Dark Theme
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "SystemUsesLightTheme" -Value "0"
|
||||
@ -90,6 +92,7 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\P
|
||||
# Enable App Dark Theme
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -type "Dword" -Name "AppsUseLightTheme" -Value "0"
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Debloat
|
||||
# ---------------------------------------------------------------------
|
||||
@ -97,25 +100,28 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\P
|
||||
# Disk Cleanup
|
||||
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\*' | ForEach-Object {
|
||||
New-ItemProperty -Path $_.PSPath -Name StateFlags0005 -Value 2 -PropertyType DWord -Force
|
||||
};
|
||||
};
|
||||
Start-Process -FilePath CleanMgr.exe -ArgumentList '/sagerun:5' -Wait
|
||||
|
||||
# Remove Temp Files
|
||||
Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction SilentlyContinue
|
||||
Remove-Item $env:TEMP\* -Recurse -Force -ErrorAction SilentlyContinue
|
||||
Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction $ErrorActionPreference
|
||||
Remove-Item $env:TEMP\* -Recurse -Force -ErrorAction $ErrorActionPreference
|
||||
|
||||
# Uninstall Bloatware-Apps
|
||||
foreach ($Bloat in $Bloatware) {
|
||||
Get-AppxPackage -Name $Bloat| Remove-AppxPackage
|
||||
Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $Bloat | Remove-AppxProvisionedPackage -Online
|
||||
# Uninstall App on all Current User:
|
||||
Get-AppxPackage -Name $Bloat -AllUsers | Remove-AppxPackage
|
||||
# This will prevent these apps from being reinstalled on new user first logon:
|
||||
Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $Bloat | Remove-AppxProvisionedPackage -Online
|
||||
}
|
||||
|
||||
# Disable Services
|
||||
foreach ($service in $services) {
|
||||
Get-Service -Name $service -ErrorAction SilentlyContinue | Set-Service -StartupType Disabled -ErrorAction SilentlyContinue
|
||||
Get-Service -Name $service -ErrorAction $ErrorActionPreference | Set-Service -StartupType Disabled -ErrorAction $ErrorActionPreference
|
||||
Write-Output Disabling $service...
|
||||
}
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Privacy
|
||||
# ---------------------------------------------------------------------
|
||||
@ -127,12 +133,15 @@ Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy"
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "MaxTelemetryAllowed" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
|
||||
|
||||
# Disable Scheduled Tasks:
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater"
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy"
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator"
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip"
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector"
|
||||
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableActivityFeed" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "PublishUserActivities" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "UploadUserActivities" -Type DWord -Value 0
|
||||
@ -207,6 +216,10 @@ Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
|
||||
# Disable Thumbs.db File Creation on Network Shares
|
||||
reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v DisableThumbsDBOnNetworkFolders /d 0x1 /t REG_DWORD /f
|
||||
|
||||
# Register GIT_SSH for Putty
|
||||
setx GIT_SSH "C:\Program Files\PuTTY\plink.exe"
|
||||
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment" /v GIT_SSH /d "C:\Program Files\PuTTY\plink.exe" /t REG_SZ /f
|
||||
|
||||
# Install winget
|
||||
if (!(Test-Path $env:LOCALAPPDATA\Microsoft\WindowsApps\winget.exe)){
|
||||
$latest = (Invoke-WebRequest -UseBasicParsing -URI "https://github.com/microsoft/winget-cli/releases/latest").Links.Href | Select-String ".msixbundle"
|
||||
@ -233,5 +246,5 @@ Remove-Item -Path ".\Microsoft.VCLibs*.appx" -Force
|
||||
Remove-Item -Path ".\Microsoft.DesktopAppInstaller_*.msixbundle" -Force
|
||||
|
||||
# End of Script - Restart PC
|
||||
#Start-Sleep 5
|
||||
#Restart-Computer
|
||||
Read-Host -Prompt "Success! Press any key to restart"
|
||||
Restart-Computer
|
||||
@ -7,7 +7,7 @@
|
||||
#
|
||||
# Alternativ können Sie die Datei auch über die Kommandozeile automatisch
|
||||
# importieren lassen. Nutzen Sie dazu folgende Parameter
|
||||
# OOSU10 (1).exe <Pfad zur Datei>
|
||||
# OOSU10.exe <Pfad zur Datei>
|
||||
#
|
||||
# Mit der Option /quiet wird die Anwendung nach dem Import sofort beendet
|
||||
# und der Nutzer erhält auch kein Feedback über den Import.
|
||||
@ -136,22 +136,6 @@ E005 -
|
||||
E013 -
|
||||
E014 -
|
||||
E006 -
|
||||
F002 +
|
||||
F014 +
|
||||
F015 +
|
||||
F016 +
|
||||
F001 -
|
||||
F003 +
|
||||
F004 +
|
||||
F005 +
|
||||
F007 +
|
||||
F008 +
|
||||
F009 +
|
||||
F006 -
|
||||
F010 -
|
||||
F011 -
|
||||
F012 -
|
||||
F013 -
|
||||
Y001 +
|
||||
Y002 +
|
||||
Y003 +
|
||||
|
||||
BIN
ninite.exe
Normal file
BIN
ninite.exe
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user