├── README.md └── Windows10-Initial-Hardening.ps1 /README.md: -------------------------------------------------------------------------------- 1 | # Windows10-Cleanup 2 | This is a script to harden Windows 10 after initial installation and remove many of the default apps. 3 | 4 | This was modified from a script by Disassembler that I found here: http://pastebin.com/gQxCUkLP 5 | 6 | I also incorporated some of the techniques and info found here: https://github.com/W4RH4WK/Debloat-Windows-10 7 | -------------------------------------------------------------------------------- /Windows10-Initial-Hardening.ps1: -------------------------------------------------------------------------------- 1 | ########## 2 | # Win10 Initial Setup Script 3 | # Author: Disassembler 4 | # Version: 1.4, 2016-01-16 5 | # http://pastebin.com/gQxCUkLP 6 | # Modified: Casey Gray, 2016-04-27 7 | ########## 8 | 9 | # Removing OneDrive 10 | # https://techjourney.net/disable-or-uninstall-onedrive-completely-in-windows-10/ 11 | # https://superuser.com/questions/1201530/windows10-how-do-i-uninstall-onedrive-app-via-powershell/1201549#1201549 12 | 13 | # Script Execution must be enabled 14 | If ($(Get-ExecutionPolicy) -like 'Restricted') { 15 | Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force 16 | } 17 | 18 | # Ask for elevated permissions if required 19 | If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { 20 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs 21 | Exit 22 | } 23 | 24 | ########## 25 | # Privacy Settings 26 | ########## 27 | 28 | # https://docs.microsoft.com/en-us/windows/configuration/ 29 | 30 | # Disable Telemetry 31 | Write-Host "Disabling Telemetry..." 32 | Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Value 0 33 | 34 | # Disable Wi-Fi Sense 35 | Write-Host "Disabling Wi-Fi Sense..." 36 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Value 0 37 | If (!(Test-Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) { 38 | New-Item -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null 39 | New-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -PropertyType DWord -Value 0 40 | } 41 | else { 42 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Value 0 43 | } 44 | 45 | # Disable Wi-Fi network sharing (just to be safer) 46 | Write-Host "Disabling Wi-Fi network sharing..." 47 | $user = New-Object System.Security.Principal.NTAccount($env:UserName) 48 | $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]).value 49 | New-Item -Path ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) -Force | Out-Null 50 | New-ItemProperty -Path ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) -Name "FeatureStates" -PropertyType DWord -Value 0x33c 51 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name "WiFiSenseCredShared" -Value 0 52 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name "WiFiSenseOpen" -Value 0 53 | 54 | # Disable Bing Search in Start Menu 55 | Write-Host "Disabling Bing Search in Start Menu..." 56 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Value 0 57 | 58 | # Disable Location Tracking 59 | Write-Host "Disabling Location Tracking..." 60 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Value 0 61 | Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Value 0 62 | 63 | # Disable Feedback 64 | Write-Host "Disabling Feedback..." 65 | If (!(Test-Path "HKCU:\Software\Microsoft\Siuf\Rules")) { 66 | New-Item -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Force | Out-Null 67 | New-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -PropertyType DWord -Value 0 68 | } 69 | else { 70 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Value 0 71 | } 72 | 73 | # Disable Advertising ID 74 | Write-Host "Disabling Advertising ID..." 75 | If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { 76 | New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Force | Out-Null 77 | New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -PropertyType DWord -Value 0 78 | } 79 | else { 80 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Value 0 81 | } 82 | 83 | # Disable Send Microsoft info about how ... 84 | If (!(Test-Path "HKCU:\Software\Microsoft\Input\TIPC")) { 85 | New-Item -Path "HKCU:\Software\Microsoft\Input\TIPC" -Force | Out-Null 86 | New-ItemProperty -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null 87 | } 88 | else { 89 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name "Enabled" -Value 0 90 | } 91 | 92 | # Disable Let website provide 93 | If (!(Test-Path "HKCU:\Control Panel\International\User Profile")) { 94 | New-Item -Path "HKCU:\Control Panel\International\User Profile" -Force | Out-Null 95 | New-ItemProperty -Path "HKCU:\Control Panel\International\User Profile" -Name "HttpAcceptLanguageOptOut" -PropertyType DWord -Value 0 -Force | Out-Null 96 | } 97 | else { 98 | Set-ItemProperty -Path "HKCU:\Control Panel\International\User Profile" -Name "HttpAcceptLanguageOptOut" -Value 0 99 | } 100 | 101 | # Disable settings sync 102 | Write-Host "Disabling synchronisation of settings" 103 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "BackupPolicy" -Value 0x3c 104 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "DeviceMetadataUploaded" -Value 0 105 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "PriorLogons" -Value 1 106 | $groups = @( 107 | "Accessibility" 108 | "AppSync" 109 | "BrowserSettings" 110 | "Credentials" 111 | "DesktopTheme" 112 | "Language" 113 | "PackageState" 114 | "Personalization" 115 | "StartLayout" 116 | "Windows" 117 | ) 118 | foreach ($group in $groups) { 119 | If (!(Test-Path -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group")) { 120 | New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" -Force | Out-Null 121 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" -Name "Enabled" -PropertyType DWord -Value 0 -Force | Out-Null 122 | } 123 | else { 124 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" -Name "Enabled" -Value 0 125 | } 126 | } 127 | 128 | # Disable Cortana 129 | Write-Host "Disabling Cortana..." 130 | If (!(Test-Path "HKCU:\Software\Microsoft\Personalization\Settings")) { 131 | New-Item -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Force | Out-Null 132 | New-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -PropertyType DWord -Value 0 -Force | Out-Null 133 | } 134 | else { 135 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Value 0 136 | } 137 | If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization")) { 138 | New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization" -Force | Out-Null 139 | New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -PropertyType DWord -Value 1 | Out-Null 140 | New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -PropertyType DWord -Value 1 | Out-Null 141 | } 142 | else { 143 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Value 1 144 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Value 1 145 | } 146 | If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) { 147 | New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null 148 | New-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -PropertyType DWord -Value 0 -Force | Out-Null 149 | } 150 | else { 151 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Value 0 152 | } 153 | 154 | # Disable Windows Search features 155 | Write-Host "Disabling Start Menu search features" 156 | if (!(Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\Windows Search")) { 157 | New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null 158 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "AllowCortana" -PropertyType DWord -Value 0 | Out-Null 159 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "DisableWebSearch" -PropertyType DWord -Value 1 | Out-Null 160 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "AllowSearchToUseLocation" -PropertyType DWord -Value 0 | Out-Null 161 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "ConnectedSearchUseWeb" -PropertyType DWord -Value 0 | Out-Null 162 | } 163 | else { 164 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "AllowCortana" -Value 0 165 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "DisableWebSearch" -Value 1 166 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "AllowSearchToUseLocation" -Value 0 167 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "ConnectedSearchUseWeb" -Value 0 168 | } 169 | 170 | # Restrict Windows Update P2P only to local network 171 | Write-Host "Restricting Windows Update P2P only to local network..." 172 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Value 1 173 | If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) { 174 | New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null 175 | New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -PropertyType DWord -Value 3 | Out-Null 176 | } 177 | else { 178 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Value 3 179 | } 180 | 181 | # Remove AutoLogger file and restrict directory 182 | Write-Host "Removing AutoLogger file and restricting directory..." 183 | $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger" 184 | If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") { 185 | Remove-Item "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl" 186 | } 187 | icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null 188 | 189 | # Stop and disable Diagnostics Tracking Service 190 | Write-Host "Stopping and disabling Diagnostics Tracking Service..." 191 | Stop-Service "DiagTrack" 192 | Set-Service "DiagTrack" -StartupType Disabled 193 | 194 | # Stop and disable WAP Push Service 195 | Write-Host "Stopping and disabling WAP Push Service..." 196 | Stop-Service "dmwappushservice" 197 | Set-Service "dmwappushservice" -StartupType Disabled 198 | 199 | # Disable device access 200 | Write-Host "Disableing device access..." 201 | foreach ($key in (Get-ChildItem -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\")) { 202 | Set-ItemProperty -Path ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) -Name "Value" -Value "Deny" 203 | } 204 | 205 | ########## 206 | # Service Tweaks 207 | ########## 208 | 209 | # Disable Windows Update automatic restart 210 | Write-Host "Disabling Windows Update automatic restart..." 211 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Value 1 212 | 213 | # Stop and disable Home Groups services 214 | Write-Host "Stopping and disabling Home Groups services..." 215 | Stop-Service "HomeGroupListener" 216 | Set-Service "HomeGroupListener" -StartupType Disabled 217 | Stop-Service "HomeGroupProvider" 218 | Set-Service "HomeGroupProvider" -StartupType Disabled 219 | 220 | # Enable Remote Assistance 221 | # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 1 222 | 223 | # Enable Remote Desktop w/o Network Level Authentication 224 | # Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." 225 | # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 226 | # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 227 | 228 | ########## 229 | # UI Tweaks 230 | ########## 231 | 232 | # Disable Sticky keys prompt 233 | Write-Host "Disabling Sticky keys prompt..." 234 | Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Value "506" 235 | 236 | # Change default Explorer view to "Computer" 237 | Write-Host "Changing default Explorer view to `"Computer`"..." 238 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Value 1 239 | 240 | # Disable Autoplay 241 | Write-Host "Disabling Autoplay..." 242 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Value 1 243 | 244 | # Disable Autorun for all drives 245 | Write-Host "Disabling Autorun for all drives..." 246 | If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { 247 | New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null 248 | New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -PropertyType DWord -Value 255 | Out-Null 249 | } 250 | else { 251 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Value 255 252 | } 253 | 254 | # Show known file extensions 255 | Write-Host "Showing known file extensions..." 256 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Value 0 257 | 258 | # Show hidden files 259 | Write-Host "Showing hidden files..." 260 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Value 1 261 | 262 | # Show hidden files 263 | Write-Host "Disabling sync provider notifications..." 264 | Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowSyncProviderNotifications" -Value 0 265 | 266 | # Set Photo Viewer as default for bmp, gif, jpg and png 267 | Write-Host "Setting Photo Viewer as default for bmp, gif, jpg, png and tif..." 268 | If (!(Test-Path "HKCR:")) { 269 | New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null 270 | } 271 | ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) { 272 | New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null 273 | New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null 274 | New-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -PropertyType ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043" | Out-Null 275 | New-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -PropertyType ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | Out-Null 276 | } 277 | 278 | # Show Photo Viewer in "Open with..." 279 | Write-Host "Showing Photo Viewer in `"Open with...`"" 280 | If (!(Test-Path "HKCR:")) { 281 | New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null 282 | } 283 | New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null 284 | New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null 285 | New-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -PropertyType String -Value "@photoviewer.dll,-3043" | Out-Null 286 | New-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -PropertyType ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" | Out-Null 287 | New-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -PropertyType String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" | Out-Null 288 | 289 | # Fix the Mouse Acceleration curve 290 | # http://donewmouseaccel.blogspot.co.uk/2010/03/markc-windows-7-mouse-acceleration-fix.html 291 | Write-Output "Apply MarkC's mouse acceleration fix..." 292 | Set-ItemProperty -Path "HKCU:\Control Panel\Mouse" -Name "MouseSensitivity" -Value "10" 293 | Set-ItemProperty -Path "HKCU:\Control Panel\Mouse" -Name "MouseSpeed" -Value "0" 294 | Set-ItemProperty -Path "HKCU:\Control Panel\Mouse" -Name "MouseThreshold1" -Value "0" 295 | Set-ItemProperty -Path "HKCU:\Control Panel\Mouse" -Name "MouseThreshold2" -Value "0" 296 | Set-ItemProperty -Path "HKCU:\Control Panel\Mouse" -Name "SmoothMouseXCurve" -Value ([byte[]](0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0xCC, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,0x80, 0x99, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x66, 0x26, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x33, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00)) 297 | Set-ItemProperty -Path "HKCU:\Control Panel\Mouse" -Name "SmoothMouseYCurve" -Value ([byte[]](0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xA8, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00)) 298 | 299 | ########## 300 | # Turn off Sleep Timeout 301 | ########## 302 | 303 | Start-Process powercfg.exe -ArgumentList "/change standby-timeout-ac 0" -NoNewWindow -Wait 304 | 305 | ########## 306 | # Remove unwanted applications 307 | ########## 308 | 309 | # Disable the Cloud Content Consumer Features - Prevents "Suggested Applications" 310 | # https://blogs.technet.microsoft.com/mniehaus/2015/11/23/seeing-extra-apps-turn-them-off/ 311 | # Computer Configuration –> Administrative Templates –> Windows Components –> Cloud Content -> “Turn off Microsoft consumer experiences” 312 | Write-Host "Disabling Windows Consumer Features..." 313 | If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) { 314 | New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null 315 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -PropertyType DWORD -Value 1 316 | } 317 | else { 318 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Value 1 319 | } 320 | 321 | Write-Host "Uninstalling default apps" 322 | $apps = @( 323 | # default Windows 10 apps 324 | "Microsoft.3DBuilder" 325 | "Microsoft.Appconnector" 326 | "Microsoft.BingFinance" 327 | "Microsoft.BingNews" 328 | "Microsoft.BingSports" 329 | "Microsoft.BingWeather" 330 | "Microsoft.Getstarted" 331 | "Microsoft.MicrosoftOfficeHub" 332 | "Microsoft.MicrosoftSolitaireCollection" 333 | "Microsoft.Office.OneNote" 334 | "Microsoft.People" 335 | "Microsoft.SkypeApp" 336 | #"Microsoft.Windows.Photos" 337 | "Microsoft.WindowsAlarms" 338 | #"Microsoft.WindowsCalculator" 339 | "Microsoft.WindowsCamera" 340 | "Microsoft.WindowsMaps" 341 | "Microsoft.WindowsPhone" 342 | "Microsoft.WindowsSoundRecorder" 343 | #"Microsoft.WindowsStore" 344 | "Microsoft.XboxApp" 345 | "Microsoft.ZuneMusic" 346 | "Microsoft.ZuneVideo" 347 | "microsoft.windowscommunicationsapps" 348 | "Microsoft.MinecraftUWP" 349 | # Threshold 2 apps 350 | "Microsoft.CommsPhone" 351 | "Microsoft.ConnectivityStore" 352 | "Microsoft.Messaging" 353 | "Microsoft.Office.Sway" 354 | "Microsoft.OneConnect" 355 | "Microsoft.WindowsFeedbackHub" 356 | # non-Microsoft 357 | "9E2F88E3.Twitter" 358 | "Flipboard.Flipboard" 359 | "ShazamEntertainmentLtd.Shazam" 360 | "king.com.CandyCrushSodaSaga" 361 | "ClearChannelRadioDigital.iHeartRadio" 362 | ) 363 | 364 | foreach ($app in $apps) { 365 | $package = Get-AppxPackage -Name $app -AllUsers -ErrorAction SilentlyContinue 366 | if ($package) { 367 | Remove-AppxPackage -Package $package.PackageFullName 368 | Get-AppXProvisionedPackage -Online | where DisplayName -EQ $app |` 369 | Remove-AppxProvisionedPackage -Online 370 | } 371 | } 372 | 373 | # Set a sane default for Start Menu and Taskbar 374 | # NOTE: this will only affect new user profiles i.e. it will not update the start layout of the user that runs it 375 | Copy-Item -Path "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" -Destination "$env:ALLUSERSPROFILE\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk" 376 | [xml]$StartLayout = @' 377 | 382 | 383 | 384 | 385 | 386 | 387 | 388 | 389 | 390 | 391 | 392 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | 400 | 401 | 402 | 403 | 404 | 405 | 406 | 407 | 408 | 409 | 410 | '@ 411 | 412 | $StartLayout.Save("$($env:LOCALAPPDATA)\COS_StartMenu.xml") 413 | Import-StartLayout -LayoutPath "$env:LOCALAPPDATA\COS_StartMenu.xml" -MountPath "$env:SystemDrive\" 414 | 415 | ########## 416 | # Restart 417 | ########## 418 | 419 | Write-Host 420 | Write-Host "Press any key to restart your system..." -ForegroundColor Black -BackgroundColor White 421 | $key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") 422 | Write-Host "Restarting..." 423 | Restart-Computer 424 | --------------------------------------------------------------------------------