├── .github
    └── FUNDING.yml
├── README.md
├── autounattend.xml
├── tiny11Coremaker.ps1
└── tiny11maker.ps1


/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | github: [ntdevlabs] 
4 | patreon: [ntdev] 
5 | ko-fi: [ntdev]
6 | 
7 | # Add custom links to support your work
8 | custom: ['https://paypal.me/ntdev2']
9 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # tiny11builder
 2 | 
 3 | Scripts to build a trimmed-down Windows 11 image - now in **PowerShell**!
 4 | <br>
 5 | Tiny11 builder, now completely overhauled.
 6 | </br>
 7 | After more than a year (for which I am so sorry) of no updates, tiny11 builder is now a much more complete and flexible solution - one script fits all. Also, it is a steppingstone for an even more fleshed-out solution.
 8 | <br>
 9 | You can now use it on ANY Windows 11 release (not just a specific build), as well as ANY language or architecture.
10 | This is made possible thanks to the much-improved scripting capabilities of PowerShell, compared to the older Batch release.
11 | </br>
12 | Since it is written in PowerShell, you need to set the execution policy to  `Unrestricted`, so that you could run the script.
13 | If you haven't done this before, make sure to run `Set-ExecutionPolicy unrestricted` as administrator in PowerShell before running the script, otherwise it would just crash.
14 | 
15 | 
16 | This is a script created to automate the build of a streamlined Windows 11 image, similar to tiny11.
17 | My main goal is to use only Microsoft utilities like DISM, and no utilities from external sources. The only executable included is **oscdimg.exe**, which is provided in the Windows ADK and it is used to create bootable ISO images. 
18 | Also included is an unattended answer file, which is used to bypass the Microsoft Account on OOBE and to deploy the image with the `/compact` flag.
19 | It's open-source, **so feel free to add or remove anything you want!** Feedback is also much appreciated.
20 | 
21 | Also, for the very first time, **introducing tiny11 core builder**! A more powerful script, designed for a quick and dirty development testbed. Just the bare minimun, none of the fluff. 
22 | This script generates a significantly reduced Windows 11 image. However, it's not suitable for regular use due to its lack of serviceability - you can't add languages, updates, or features post-creation. tiny11 Core is not a full Windows 11 substitute but a rapid testing or development tool, potentially useful for VM environments.
23 | 
24 | Instructions:
25 | 
26 | 1. Download Windows 11 from the Microsoft website (<https://www.microsoft.com/software-download/windows11>)
27 | 2. Mount the downloaded ISO image using Windows Explorer.
28 | 3. Select the drive letter where the image is mounted (only the letter, no colon (:))
29 | 4. Select the SKU that you want the image to be based.
30 | 5. Sit back and relax :)
31 | 6. When the image is completed, you will see it in the folder where the script was extracted, with the name tiny11.iso
32 | 
33 | What is removed:
34 | 
35 | - Clipchamp
36 | - News
37 | - Weather
38 | - Xbox (although Xbox Identity provider is still here, so it should be possible to be reinstalled with no issues)
39 | - GetHelp
40 | - GetStarted
41 | - Office Hub
42 | - Solitaire
43 | - PeopleApp
44 | - PowerAutomate
45 | - ToDo
46 | - Alarms
47 | - Mail and Calendar
48 | - Feedback Hub
49 | - Maps
50 | - Sound Recorder
51 | - Your Phone
52 | - Media Player
53 | - QuickAssist
54 | - Internet Explorer
55 | - Tablet PC Math
56 | - Edge
57 | - OneDrive
58 | 
59 | For tiny11 core:
60 | - all of the above +
61 | - Windows Component Store (WinSxS)
62 | - Windows Defender (only disabled, can be enabled back if needed)
63 | - Windows Update (Windows Update wouldn't work anyway without WinSxS, so enabling it would only put the system in a state where it would try to update but fail spectacularily)
64 | - WinRE
65 | <br>
66 | Keep in mind that **you cannot add back features in tiny11 core**!
67 | </br>
68 | <br>
69 | You will be asked during image creation if you want to enable .net 3.5 support!
70 | </br>
71 | Known issues:
72 | 
73 | 1. Although Edge is removed, there are some remnants in the Settings. But the app in itself is deleted. You can install any browser using WinGet (after you update the app using Microsoft Store). If you want Edge, Copilot and Web Search back, simply install Edge using Winget: `winget install edge`.
74 | <br>
75 | Note: You might have to update Winget before being able to install any apps, using Microsoft Store.
76 | <br>
77 | </br>
78 | 2. Outlook and Dev Home might reappear after some time.
79 | <br>
80 | </br>
81 | 3. If you are using this script on arm64, you might see a glimpse of an error while running the script. This is caused by the fact that the arm64 image doesn't have OneDriveSetup.exe included in the System32 folder.
82 | 
83 | Features to be implemented:
84 | - ~~disabling telemetry~~ (Implemented in the 04-29-24 release!)
85 | - more ad suppression
86 | - improved language and arch detection
87 | - more flexibility in what to keep and what to delete
88 | - maybe a GUI???
89 | 
90 | And that's pretty much it for now!
91 | Thanks for trying it and let me know how you like it!
92 | 


--------------------------------------------------------------------------------
/autounattend.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <unattend xmlns="urn:schemas-microsoft-com:unattend">
 3 |     <settings pass="oobeSystem">
 4 |         <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
 5 |             <OOBE>
 6 |                 <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
 7 |             </OOBE>
 8 |         </component>
 9 |     </settings>
10 |     <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
11 |         <ConfigureChatAutoInstall>false</ConfigureChatAutoInstall>
12 |     </component>
13 |     <settings pass="windowsPE">
14 |         <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
15 |             <DynamicUpdate>
16 |                 <WillShowUI>OnError</WillShowUI>
17 |             </DynamicUpdate>
18 |             <ImageInstall>
19 |                 <OSImage>
20 |                     <Compact>true</Compact>
21 |                     <WillShowUI>OnError</WillShowUI>
22 |                     <InstallFrom>
23 |                         <MetaData wcm:action="add">
24 |                             <Key>/IMAGE/INDEX</Key>
25 |                             <Value>1</Value>
26 |                         </MetaData>
27 |                     </InstallFrom>
28 |                 </OSImage>
29 |             </ImageInstall>
30 |             <UserData>
31 |                 <ProductKey>
32 |                     <Key/>
33 |                 </ProductKey>
34 |             </UserData>
35 |         </component>
36 |     </settings>
37 | </unattend>
38 | 


--------------------------------------------------------------------------------
/tiny11Coremaker.ps1:
--------------------------------------------------------------------------------
  1 | # Enable debugging
  2 | Set-PSDebug -Trace 1
  3 | 
  4 | # Check if PowerShell execution is restricted
  5 | if ((Get-ExecutionPolicy) -eq 'Restricted') {
  6 |     Write-Host "Your current PowerShell Execution Policy is set to Restricted, which prevents scripts from running. Do you want to change it to RemoteSigned? (yes/no)"
  7 |     $response = Read-Host
  8 |     if ($response -eq 'yes') {
  9 |         Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Confirm:$false
 10 |     } else {
 11 |         Write-Host "The script cannot be run without changing the execution policy. Exiting..."
 12 |         exit
 13 |     }
 14 | }
 15 | 
 16 | # Check and run the script as admin if required
 17 | $adminSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
 18 | $adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount])
 19 | $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
 20 | $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
 21 | $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
 22 | if (! $myWindowsPrincipal.IsInRole($adminRole))
 23 | {
 24 |     Write-Host "Restarting Tiny11 image creator as admin in a new window, you can close this one."
 25 |     $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
 26 |     $newProcess.Arguments = $myInvocation.MyCommand.Definition;
 27 |     $newProcess.Verb = "runas";
 28 |     [System.Diagnostics.Process]::Start($newProcess);
 29 |     exit
 30 | }
 31 | Start-Transcript -Path "$PSScriptRoot\tiny11.log" 
 32 | # Ask the user for input
 33 | Write-Host "Welcome to tiny11 core builder! BETA 05-06-24"
 34 | Write-Host "This script generates a significantly reduced Windows 11 image. However, it's not suitable for regular use due to its lack of serviceability - you can't add languages, updates, or features post-creation. tiny11 Core is not a full Windows 11 substitute but a rapid testing or development tool, potentially useful for VM environments."
 35 | Write-Host "Do you want to continue? (y/n)"
 36 | $input = Read-Host
 37 | 
 38 | if ($input -eq 'y') {
 39 |     Write-Host "Off we go..."
 40 | Start-Sleep -Seconds 3
 41 | Clear-Host
 42 | 
 43 | $mainOSDrive = $env:SystemDrive
 44 | $hostArchitecture = $Env:PROCESSOR_ARCHITECTURE
 45 | New-Item -ItemType Directory -Force -Path "$mainOSDrive\tiny11\sources" >null
 46 | $DriveLetter = Read-Host "Please enter the drive letter for the Windows 11 image"
 47 | $DriveLetter = $DriveLetter + ":"
 48 | 
 49 | if ((Test-Path "$DriveLetter\sources\boot.wim") -eq $false -or (Test-Path "$DriveLetter\sources\install.wim") -eq $false) {
 50 |     if ((Test-Path "$DriveLetter\sources\install.esd") -eq $true) {
 51 |         Write-Host "Found install.esd, converting to install.wim..."
 52 |         &  'dism' '/English' "/Get-WimInfo" "/wimfile:$DriveLetter\sources\install.esd"
 53 |         $index = Read-Host "Please enter the image index"
 54 |         Write-Host ' '
 55 |         Write-Host 'Converting install.esd to install.wim. This may take a while...'
 56 |         & 'DISM' /Export-Image /SourceImageFile:"$DriveLetter\sources\install.esd" /SourceIndex:$index /DestinationImageFile:"$mainOSDrive\tiny11\sources\install.wim" /Compress:max /CheckIntegrity
 57 |     } else {
 58 |         Write-Host "Can't find Windows OS Installation files in the specified Drive Letter.."
 59 |         Write-Host "Please enter the correct DVD Drive Letter.."
 60 |         exit
 61 |     }
 62 | }
 63 | 
 64 | Write-Host "Copying Windows image..."
 65 | Copy-Item -Path "$DriveLetter\*" -Destination "$mainOSDrive\tiny11" -Recurse -Force > null
 66 | Set-ItemProperty -Path "$mainOSDrive\tiny11\sources\install.esd" -Name IsReadOnly -Value $false > $null 2>&1
 67 | Remove-Item "$mainOSDrive\tiny11\sources\install.esd" > $null 2>&1
 68 | Write-Host "Copy complete!"
 69 | Start-Sleep -Seconds 2
 70 | Clear-Host
 71 | Write-Host "Getting image information:"
 72 | &  'dism' '/English' "/Get-WimInfo" "/wimfile:$mainOSDrive\tiny11\sources\install.wim"
 73 | $index = Read-Host "Please enter the image index"
 74 | Write-Host "Mounting Windows image. This may take a while."
 75 | $wimFilePath = "$($env:SystemDrive)\tiny11\sources\install.wim" 
 76 | & takeown "/F" $wimFilePath 
 77 | & icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)"
 78 | try {
 79 |     Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false -ErrorAction Stop
 80 | } catch {
 81 |     # This block will catch the error and suppress it.
 82 | }
 83 | New-Item -ItemType Directory -Force -Path "$mainOSDrive\scratchdir" > $null
 84 | & dism /English "/mount-image" "/imagefile:$($env:SystemDrive)\tiny11\sources\install.wim" "/index:$index" "/mountdir:$($env:SystemDrive)\scratchdir"
 85 | 
 86 | $imageIntl = & dism /English /Get-Intl "/Image:$($env:SystemDrive)\scratchdir"
 87 | $languageLine = $imageIntl -split '\n' | Where-Object { $_ -match 'Default system UI language : ([a-zA-Z]{2}-[a-zA-Z]{2})' }
 88 | 
 89 | if ($languageLine) {
 90 |     $languageCode = $Matches[1]
 91 |     Write-Host "Default system UI language code: $languageCode"
 92 | } else {
 93 |     Write-Host "Default system UI language code not found."
 94 | }
 95 | 
 96 | $imageInfo = & 'dism' '/English' '/Get-WimInfo' "/wimFile:$($env:SystemDrive)\tiny11\sources\install.wim" "/index:$index"
 97 | $lines = $imageInfo -split '\r?\n'
 98 | 
 99 | foreach ($line in $lines) {
100 |     if ($line -like '*Architecture : *') {
101 |         $architecture = $line -replace 'Architecture : ',''
102 |         # If the architecture is x64, replace it with amd64
103 |         if ($architecture -eq 'x64') {
104 |             $architecture = 'amd64'
105 |         }
106 |         Write-Host "Architecture: $architecture"
107 |         break
108 |     }
109 | }
110 | 
111 | if (-not $architecture) {
112 |     Write-Host "Architecture information not found."
113 | }
114 | 
115 | Write-Host "Mounting complete! Performing removal of applications..."
116 | 
117 | $packages = & 'dism' '/English' "/image:$($env:SystemDrive)\scratchdir" '/Get-ProvisionedAppxPackages' |
118 |     ForEach-Object {
119 |         if ($_ -match 'PackageName : (.*)') {
120 |             $matches[1]
121 |         }
122 |     }
123 | $packagePrefixes = 'Clipchamp.Clipchamp_', 'Microsoft.SecHealthUI_', 'Microsoft.Windows.PeopleExperienceHost_', 'Microsoft.Windows.PinningConfirmationDialog_', 'Windows.CBSPreview_', 'Microsoft.BingNews_', 'Microsoft.BingWeather_', 'Microsoft.GamingApp_', 'Microsoft.GetHelp_', 'Microsoft.Getstarted_', 'Microsoft.MicrosoftOfficeHub_', 'Microsoft.MicrosoftSolitaireCollection_', 'Microsoft.People_', 'Microsoft.PowerAutomateDesktop_', 'Microsoft.Todos_', 'Microsoft.WindowsAlarms_', 'microsoft.windowscommunicationsapps_', 'Microsoft.WindowsFeedbackHub_', 'Microsoft.WindowsMaps_', 'Microsoft.WindowsSoundRecorder_', 'Microsoft.Xbox.TCUI_', 'Microsoft.XboxGamingOverlay_', 'Microsoft.XboxGameOverlay_', 'Microsoft.XboxSpeechToTextOverlay_', 'Microsoft.YourPhone_', 'Microsoft.ZuneMusic_', 'Microsoft.ZuneVideo_', 'MicrosoftCorporationII.MicrosoftFamily_', 'MicrosoftCorporationII.QuickAssist_', 'MicrosoftTeams_', 'Microsoft.549981C3F5F10_'
124 | 
125 | $packagesToRemove = $packages | Where-Object {
126 |     $packageName = $_
127 |     $packagePrefixes -contains ($packagePrefixes | Where-Object { $packageName -like "$_*" })
128 | }
129 | foreach ($package in $packagesToRemove) {
130 |     write-host "Removing $package :"
131 |     & 'dism' '/English' "/image:$($env:SystemDrive)\scratchdir" '/Remove-ProvisionedAppxPackage' "/PackageName:$package"
132 | }
133 | 
134 | Write-Host "Removing of system apps complete! Now proceeding to removal of system packages..."
135 | Start-Sleep -Seconds 1
136 | Clear-Host
137 | 
138 | $scratchDir = "$($env:SystemDrive)\scratchdir"
139 | $packagePatterns = @(
140 |     "Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35",
141 |     "Microsoft-Windows-Kernel-LA57-FoD-Package~31bf3856ad364e35~amd64",
142 |     "Microsoft-Windows-LanguageFeatures-Handwriting-$languageCode-Package~31bf3856ad364e35",
143 |     "Microsoft-Windows-LanguageFeatures-OCR-$languageCode-Package~31bf3856ad364e35",
144 |     "Microsoft-Windows-LanguageFeatures-Speech-$languageCode-Package~31bf3856ad364e35",
145 |     "Microsoft-Windows-LanguageFeatures-TextToSpeech-$languageCode-Package~31bf3856ad364e35",
146 |     "Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35",
147 |     "Microsoft-Windows-Wallpaper-Content-Extended-FoD-Package~31bf3856ad364e35",
148 |     "Windows-Defender-Client-Package~31bf3856ad364e35~",
149 |     "Microsoft-Windows-WordPad-FoD-Package~",
150 |     "Microsoft-Windows-TabletPCMath-Package~",
151 |     "Microsoft-Windows-StepsRecorder-Package~"
152 | 
153 | )
154 | 
155 | # Get all packages
156 | $allPackages = & dism /image:$scratchDir /Get-Packages /Format:Table
157 | $allPackages = $allPackages -split "`n" | Select-Object -Skip 1
158 | 
159 | foreach ($packagePattern in $packagePatterns) {
160 |     # Filter the packages to remove
161 |     $packagesToRemove = $allPackages | Where-Object { $_ -like "$packagePattern*" }
162 | 
163 |     foreach ($package in $packagesToRemove) {
164 |         # Extract the package identity
165 |         $packageIdentity = ($package -split "\s+")[0]
166 | 
167 |         Write-Host "Removing $packageIdentity..."
168 |         & dism /image:$scratchDir /Remove-Package /PackageName:$packageIdentity 
169 |     }
170 | }
171 | 
172 | Write-Host "Do you want to enable .NET 3.5? (y/n)"
173 | $input = Read-Host
174 | 
175 | # Check the user's input
176 | if ($input -eq 'y') {
177 |     # If the user entered 'y', enable .NET 3.5 using DISM
178 |     Write-Host "Enabling .NET 3.5..."
179 |     & 'dism'  "/image:$scratchDir" '/enable-feature' '/featurename:NetFX3' '/All' "/source:$($env:SystemDrive)\tiny11\sources\sxs" 
180 |     Write-Host ".NET 3.5 has been enabled."
181 | }
182 | elseif ($input -eq 'n') {
183 |     # If the user entered 'n', exit the script
184 |     Write-Host "You chose not to enable .NET 3.5. Continuing..."
185 | }
186 | else {
187 |     # If the user entered anything other than 'y' or 'n', ask for input again
188 |     Write-Host "Invalid input. Please enter 'y' to enable .NET 3.5 or 'n' to continue without installing .net 3.5."
189 | }
190 | Write-Host "Removing Edge:"
191 | Remove-Item -Path "$mainOSDrive\scratchdir\Program Files (x86)\Microsoft\Edge" -Recurse -Force >null
192 | Remove-Item -Path "$mainOSDrive\scratchdir\Program Files (x86)\Microsoft\EdgeUpdate" -Recurse -Force >null
193 | Remove-Item -Path "$mainOSDrive\scratchdir\Program Files (x86)\Microsoft\EdgeCore" -Recurse -Force >null
194 | if ($architecture -eq 'amd64') {
195 |     $folderPath = Get-ChildItem -Path "$mainOSDrive\scratchdir\Windows\WinSxS" -Filter "amd64_microsoft-edge-webview_31bf3856ad364e35*" -Directory | Select-Object -ExpandProperty FullName
196 | 
197 |     if ($folderPath) {
198 |         & 'takeown' '/f' $folderPath '/r' >null
199 |         & icacls $folderPath  "/grant" "$($adminGroup.Value):(F)" '/T' '/C' >null
200 |         Remove-Item -Path $folderPath -Recurse -Force >null
201 |     } else {
202 |         Write-Host "Folder not found."
203 |     }
204 | } elseif ($architecture -eq 'arm64') {
205 |     $folderPath = Get-ChildItem -Path "$mainOSDrive\scratchdir\Windows\WinSxS" -Filter "arm64_microsoft-edge-webview_31bf3856ad364e35*" -Directory | Select-Object -ExpandProperty FullName >null
206 | 
207 |     if ($folderPath) {
208 |         & 'takeown' '/f' $folderPath '/r'>null
209 |         & icacls $folderPath  "/grant" "$($adminGroup.Value):(F)" '/T' '/C' >null
210 |         Remove-Item -Path $folderPath -Recurse -Force >null
211 |     } else {
212 |         Write-Host "Folder not found."
213 |     }
214 | } else {
215 |     Write-Host "Unknown architecture: $architecture"
216 | }
217 | & 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/r'
218 | & 'icacls' "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/grant' "$($adminGroup.Value):(F)" '/T' '/C'
219 | Remove-Item -Path "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" -Recurse -Force
220 | Write-Host "Removing WinRE"
221 | & 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\System32\Recovery" '/r'
222 | & 'icacls' "$mainOSDrive\scratchdir\Windows\System32\Recovery" '/grant' 'Administrators:F' '/T' '/C'
223 | Remove-Item -Path "$mainOSDrive\scratchdir\Windows\System32\Recovery\winre.wim" -Recurse -Force
224 | New-Item -Path "$mainOSDrive\scratchdir\Windows\System32\Recovery\winre.wim" -ItemType File -Force
225 | Write-Host "Removing OneDrive:"
226 | & 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\System32\OneDriveSetup.exe" >null
227 | & 'icacls' "$mainOSDrive\scratchdir\Windows\System32\OneDriveSetup.exe" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' >null
228 | Remove-Item -Path "$mainOSDrive\scratchdir\Windows\System32\OneDriveSetup.exe" -Force >null
229 | Write-Host "Removal complete!"
230 | Start-Sleep -Seconds 2
231 | Clear-Host
232 | Write-Host "Taking ownership of the WinSxS folder. This might take a while..."
233 | & 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\WinSxS" '/r'
234 | & 'icacls' "$mainOSDrive\scratchdir\Windows\WinSxS" '/grant' "$($adminGroup.Value):(F)" '/T' '/C'
235 | Write-host "Complete!"
236 | Start-Sleep -Seconds 2
237 | Clear-Host
238 | Write-Host "Preparing..."
239 | $folderPath = Join-Path -Path $mainOSDrive -ChildPath "\scratchdir\Windows\WinSxS_edit"
240 | $sourceDirectory = "$mainOSDrive\scratchdir\Windows\WinSxS"
241 | $destinationDirectory = "$mainOSDrive\scratchdir\Windows\WinSxS_edit"
242 | New-Item -Path $folderPath -ItemType Directory
243 | if ($architecture -eq "amd64") {
244 |     # Specify the list of files to copy
245 |    $dirsToCopy = @(
246 |         "x86_microsoft.windows.common-controls_6595b64144ccf1df_*",
247 |         "x86_microsoft.windows.gdiplus_6595b64144ccf1df_*",    
248 |         "x86_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*",
249 |         "x86_microsoft.windows.isolationautomation_6595b64144ccf1df_*",
250 |         "x86_microsoft-windows-s..ngstack-onecorebase_31bf3856ad364e35_*",
251 |         "x86_microsoft-windows-s..stack-termsrv-extra_31bf3856ad364e35_*",
252 |         "x86_microsoft-windows-servicingstack_31bf3856ad364e35_*",
253 |         "x86_microsoft-windows-servicingstack-inetsrv_*",
254 |         "x86_microsoft-windows-servicingstack-onecore_*",
255 |         "amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_*",
256 |         "amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_*",
257 |         "amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*",
258 |         "amd64_microsoft.windows.common-controls_6595b64144ccf1df_*",
259 |         "amd64_microsoft.windows.gdiplus_6595b64144ccf1df_*",
260 |         "amd64_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*",
261 |         "amd64_microsoft.windows.isolationautomation_6595b64144ccf1df_*",
262 |         "amd64_microsoft-windows-s..stack-inetsrv-extra_31bf3856ad364e35_*",
263 |         "amd64_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_*",
264 |         "amd64_microsoft-windows-s..stack-termsrv-extra_31bf3856ad364e35_*",
265 |         "amd64_microsoft-windows-servicingstack_31bf3856ad364e35_*",
266 |         "amd64_microsoft-windows-servicingstack-inetsrv_31bf3856ad364e35_*",
267 |         "amd64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_*",
268 |         "amd64_microsoft-windows-servicingstack-onecore_31bf3856ad364e35_*",
269 |         "Catalogs",
270 |         "FileMaps",
271 |         "Fusion",
272 |         "InstallTemp",
273 |         "Manifests",
274 |         "x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_*",
275 |         "x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_*",
276 |         "x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*",
277 |         "x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*"
278 |     )
279 |  # Copy each directory
280 |    foreach ($dir in $dirsToCopy) {
281 |         $sourceDirs = Get-ChildItem -Path $sourceDirectory -Filter $dir -Directory
282 |         foreach ($sourceDir in $sourceDirs) {
283 |             $destDir = Join-Path -Path $destinationDirectory -ChildPath $sourceDir.Name
284 |             Write-Host "Copying $sourceDir.FullName to $destDir"
285 |             Copy-Item -Path $sourceDir.FullName -Destination $destDir -Recurse -Force
286 |         }
287 |     }
288 | }
289 |  elseif ($architecture -eq "arm64") {
290 |     # Specify the list of files to copy
291 |      $dirsToCopy = @(
292 |         "arm64_microsoft-windows-servicingstack-onecore_31bf3856ad364e35_*",
293 |         "Catalogs"
294 |         "FileMaps"
295 |         "Fusion"
296 |         "InstallTemp"
297 |         "Manifests"
298 |         "SettingsManifests"
299 |         "Temp"
300 |         "x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_*"
301 |         "x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_*"
302 |         "x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*"
303 |         "x86_microsoft.windows.common-controls_6595b64144ccf1df_*"
304 |         "x86_microsoft.windows.gdiplus_6595b64144ccf1df_*"
305 |         "x86_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*"
306 |         "x86_microsoft.windows.isolationautomation_6595b64144ccf1df_*"
307 |         "arm_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*"
308 |         "arm_microsoft.windows.common-controls_6595b64144ccf1df_*"
309 |         "arm_microsoft.windows.gdiplus_6595b64144ccf1df_*"
310 |         "arm_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*"
311 |         "arm_microsoft.windows.isolationautomation_6595b64144ccf1df_*"
312 |         "arm64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_*"
313 |         "arm64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_*"
314 |         "arm64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*"
315 |         "arm64_microsoft.windows.common-controls_6595b64144ccf1df_*"
316 |         "arm64_microsoft.windows.gdiplus_6595b64144ccf1df_*"
317 |         "arm64_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*"
318 |         "arm64_microsoft.windows.isolationautomation_6595b64144ccf1df_*"
319 |         "arm64_microsoft-windows-servicing-adm_31bf3856ad364e35_*"
320 |         "arm64_microsoft-windows-servicingcommon_31bf3856ad364e35_*"
321 |         "arm64_microsoft-windows-servicing-onecore-uapi_31bf3856ad364e35_*"
322 |         "arm64_microsoft-windows-servicingstack_31bf3856ad364e35_*"
323 |         "arm64_microsoft-windows-servicingstack-inetsrv_31bf3856ad364e35_*"
324 |         "arm64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_*"
325 |     )
326 | }
327 | foreach ($dir in $dirsToCopy) {
328 |         $sourceDirs = Get-ChildItem -Path $sourceDirectory -Filter $dir -Directory
329 |         foreach ($sourceDir in $sourceDirs) {
330 |             $destDir = Join-Path -Path $destinationDirectory -ChildPath $sourceDir.Name
331 |             Write-Host "Copying $sourceDir.FullName to $destDir"
332 |             Copy-Item -Path $sourceDir.FullName -Destination $destDir -Recurse -Force
333 |         }
334 |     }  
335 | 
336 | 
337 | Write-Host "Deleting WinSxS. This may take a while..."
338 |         Remove-Item -Path $mainOSDrive\scratchdir\Windows\WinSxS -Recurse -Force
339 | 
340 | Rename-Item -Path $mainOSDrive\scratchdir\Windows\WinSxS_edit -NewName $mainOSDrive\scratchdir\Windows\WinSxS
341 | Write-Host "Complete!"
342 | 
343 | Write-Host "Loading registry..."
344 | reg load HKLM\zCOMPONENTS $mainOSDrive\scratchdir\Windows\System32\config\COMPONENTS >null
345 | reg load HKLM\zDEFAULT $mainOSDrive\scratchdir\Windows\System32\config\default >null
346 | reg load HKLM\zNTUSER $mainOSDrive\scratchdir\Users\Default\ntuser.dat >null
347 | reg load HKLM\zSOFTWARE $mainOSDrive\scratchdir\Windows\System32\config\SOFTWARE >null
348 | reg load HKLM\zSYSTEM $mainOSDrive\scratchdir\Windows\System32\config\SYSTEM >null
349 | Write-Host "Bypassing system requirements(on the system image):"
350 | & 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' >null
351 | & 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' >null
352 | & 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' >null
353 | & 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' >null
354 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
355 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
356 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
357 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
358 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
359 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' >null
360 | Write-Host "Disabling Sponsored Apps:"
361 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
362 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
363 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
364 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableWindowsConsumerFeatures' '/t' 'REG_DWORD' '/d' '1' '/f' >null
365 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' >null
366 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\PolicyManager\current\device\Start' '/v' 'ConfigureStartPins' '/t' 'REG_SZ' '/d' '{"pinnedList": [{}]}' '/f' >null
367 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' >null
368 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' >null
369 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'FeatureManagementEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
370 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
371 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
372 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEverEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
373 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
374 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SoftLandingEnabled' '/t' 'REG_DWORD' '/d' '0' '/f'>null
375 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
376 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-310093Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
377 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338388Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
378 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338389Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
379 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338393Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
380 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353694Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
381 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353696Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
382 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
383 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SystemPaneSuggestionsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
384 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\PushToInstall' '/v' 'DisablePushToInstall' '/t' 'REG_DWORD' '/d' '1' '/f' >null
385 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\MRT' '/v' 'DontOfferThroughWUAU' '/t' 'REG_DWORD' '/d' '1' '/f' >null
386 | & 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions' '/f' >null
387 | & 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\SuggestedApps' '/f' >null
388 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableConsumerAccountStateContent' '/t' 'REG_DWORD' '/d' '1' '/f' >null
389 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableCloudOptimizedContent' '/t' 'REG_DWORD' '/d' '1' '/f' >null
390 | Write-Host "Enabling Local Accounts on OOBE:"
391 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' '/v' 'BypassNRO' '/t' 'REG_DWORD' '/d' '1' '/f' >null
392 | Write-Host "Disabling Reserved Storage:"
393 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' '/v' 'ShippedWithReserves' '/t' 'REG_DWORD' '/d' '0' '/f' >null
394 | Write-Host "Disabling BitLocker Device Encryption"
395 | & 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Control\BitLocker' '/v' 'PreventDeviceEncryption' '/t' 'REG_DWORD' '/d' '1' '/f' >null
396 | Write-Host "Disabling Chat icon:"
397 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\Windows Chat' '/v' 'ChatIcon' '/t' 'REG_DWORD' '/d' '3' '/f'
398 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' '/v' 'TaskbarMn' '/t' 'REG_DWORD' '/d' '0' '/f'
399 | Write-Host "Disabling Telemetry:"
400 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f'
401 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy' '/v' 'TailoredExperiencesWithDiagnosticDataEnabled' '/t' 'REG_DWORD' '/d' '0' '/f'
402 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy' '/v' 'HasAccepted' '/t' 'REG_DWORD' '/d' '0' '/f'
403 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Input\TIPC' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f'
404 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitInkCollection' '/t' 'REG_DWORD' '/d' '1' '/f'
405 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitTextCollection' '/t' 'REG_DWORD' '/d' '1' '/f'
406 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization\TrainedDataStore' '/v' 'HarvestContacts' '/t' 'REG_DWORD' '/d' '0' '/f'
407 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' '/v' 'AcceptedPrivacyPolicy' '/t' 'REG_DWORD' '/d' '0' '/f'
408 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' '/v' 'AllowTelemetry' '/t' 'REG_DWORD' '/d' '0' '/f'
409 | & 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f'
410 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\Windows Chat' '/v' 'ChatIcon' '/t' 'REG_DWORD' '/d' '3' '/f' 
411 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' '/v' 'TaskbarMn' '/t' 'REG_DWORD' '/d' '0' '/f' 
412 | Write-Host "Disabling OneDrive folder backup"
413 | & 'reg' 'add' "HKLM\zSOFTWARE\Policies\Microsoft\Windows\OneDrive" '/v' 'DisableFileSyncNGSC' '/t' 'REG_DWORD' '/d' '1' '/f'
414 | Write-Host "Removing Edge related registries"
415 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /f 
416 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update" /f 
417 | Write-Host "Disabling bing in Start Menu:"
418 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer'
419 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer' '/v' 'ShowRunAsDifferentUserInStart' '/t' 'REG_DWORD' '/d' '1' '/f'
420 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer' '/v' 'DisableSearchBoxSuggestions' '/t' 'REG_DWORD' '/d' '1' '/f'
421 | ## Prevents installation or DevHome and Outlook
422 | Write-Host "Prevents installation or DevHome and Outlook:"
423 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\OutlookUpdate' '/v' 'workCompleted' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
424 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\DevHomeUpdate' '/v' 'workCompleted' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
425 | & 'reg' 'delete' 'HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate' '/f' | Out-Null
426 | & 'reg' 'delete' 'HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate' '/f' | Out-Null
427 | ## this function allows PowerShell to take ownership of the Scheduled Tasks registry key from TrustedInstaller. Based on Jose Espitia's script.
428 | function Enable-Privilege {
429 |  param(
430 |   [ValidateSet(
431 |    "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
432 |    "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
433 |    "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
434 |    "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
435 |    "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
436 |    "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
437 |    "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
438 |    "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
439 |    "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
440 |    "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
441 |    "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
442 |   $Privilege,
443 |   ## The process on which to adjust the privilege. Defaults to the current process.
444 |   $ProcessId = $pid,
445 |   ## Switch to disable the privilege, rather than enable it.
446 |   [Switch] $Disable
447 |  )
448 |  $definition = @'
449 |  using System;
450 |  using System.Runtime.InteropServices;
451 |   
452 |  public class AdjPriv
453 |  {
454 |   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
455 |   internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
456 |    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
457 |   
458 |   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
459 |   internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
460 |   [DllImport("advapi32.dll", SetLastError = true)]
461 |   internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
462 |   [StructLayout(LayoutKind.Sequential, Pack = 1)]
463 |   internal struct TokPriv1Luid
464 |   {
465 |    public int Count;
466 |    public long Luid;
467 |    public int Attr;
468 |   }
469 |   
470 |   internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
471 |   internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
472 |   internal const int TOKEN_QUERY = 0x00000008;
473 |   internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
474 |   public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
475 |   {
476 |    bool retVal;
477 |    TokPriv1Luid tp;
478 |    IntPtr hproc = new IntPtr(processHandle);
479 |    IntPtr htok = IntPtr.Zero;
480 |    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
481 |    tp.Count = 1;
482 |    tp.Luid = 0;
483 |    if(disable)
484 |    {
485 |     tp.Attr = SE_PRIVILEGE_DISABLED;
486 |    }
487 |    else
488 |    {
489 |     tp.Attr = SE_PRIVILEGE_ENABLED;
490 |    }
491 |    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
492 |    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
493 |    return retVal;
494 |   }
495 |  }
496 | '@
497 | 
498 |  $processHandle = (Get-Process -id $ProcessId).Handle
499 |  $type = Add-Type $definition -PassThru
500 |  $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
501 | }
502 | 
503 | Enable-Privilege SeTakeOwnershipPrivilege
504 | 
505 | $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership)
506 | $regACL = $regKey.GetAccessControl()
507 | $regACL.SetOwner($adminGroup)
508 | $regKey.SetAccessControl($regACL)
509 | $regKey.Close()
510 | Write-Host "Owner changed to Administrators."
511 | $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
512 | $regACL = $regKey.GetAccessControl()
513 | $regRule = New-Object System.Security.AccessControl.RegistryAccessRule ($adminGroup,"FullControl","ContainerInherit","None","Allow")
514 | $regACL.SetAccessRule($regRule)
515 | $regKey.SetAccessControl($regACL)
516 | Write-Host "Permissions modified for Administrators group."
517 | Write-Host "Registry key permissions successfully updated."
518 | $regKey.Close()
519 | 
520 | Write-Host 'Deleting Application Compatibility Appraiser'
521 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0600DD45-FAF2-4131-A006-0B17509B9F78}" /f
522 | Write-Host 'Deleting Customer Experience Improvement Program'
523 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81}" /f
524 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FAC31FA-4A85-4E64-BFD5-2154FF4594B3}" /f
525 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC931F16-B50A-472E-B061-B6F79A71EF59}" /f
526 | Write-Host 'Deleting Program Data Updater'
527 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0671EB05-7D95-4153-A32B-1426B9FE61DB}" /f 
528 | Write-Host 'Deleting autochk proxy'
529 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87BF85F4-2CE1-4160-96EA-52F554AA28A2}" /f
530 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A9C643C-3D74-4099-B6BD-9C6D170898B1}" /f
531 | Write-Host 'Deleting QueueReporting'
532 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3176A65-4E44-4ED3-AA73-3283660ACB9C}" /f
533 | Write-Host "Disabling Windows Update..."
534 | & 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'StopWUPostOOBE1' '/t' 'REG_SZ' '/d' 'net stop wuauserv' '/f'
535 | & 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'StopWUPostOOBE2' '/t' 'REG_SZ' '/d' 'sc stop wuauserv' '/f'
536 | & 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'StopWUPostOOBE3' '/t' 'REG_SZ' '/d' 'sc config wuauserv start= disabled' '/f'
537 | & 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'DisbaleWUPostOOBE1' '/t' 'REG_SZ' '/d' 'reg add HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Start /t REG_DWORD /d 4 /f' '/f'
538 | & 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'DisbaleWUPostOOBE2' '/t' 'REG_SZ' '/d' 'reg add HKLM\SYSTEM\ControlSet001\Services\wuauserv /v Start /t REG_DWORD /d 4 /f' '/f'
539 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'DoNotConnectToWindowsUpdateInternetLocations' '/t' 'REG_DWORD' '/d' '1' '/f'
540 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'DisableWindowsUpdateAccess' '/t' 'REG_DWORD' '/d' '1' '/f' 
541 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'WUServer' '/t' 'REG_SZ' '/d' 'localhost' '/f' 
542 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'WUStatusServer' '/t' 'REG_SZ' '/d' 'localhost' '/f' 
543 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'UpdateServiceUrlAlternate' '/t' 'REG_SZ' '/d' 'localhost' '/f' 
544 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' '/v' 'UseWUServer' '/t' 'REG_DWORD' '/d' '1' '/f' 
545 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' '/v' 'DisableOnline' '/t' 'REG_DWORD' '/d' '1' '/f' 
546 | & 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\wuauserv' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f' 
547 | function Disable-Privilege {
548 |  param(
549 |   [ValidateSet(
550 |    "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
551 |    "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
552 |    "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
553 |    "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
554 |    "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
555 |    "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
556 |    "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
557 |    "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
558 |    "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
559 |    "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
560 |    "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
561 |   $Privilege,
562 |   ## The process on which to adjust the privilege. Defaults to the current process.
563 |   $ProcessId = $pid,
564 |   ## Switch to disable the privilege, rather than enable it.
565 |   [Switch] $Disable
566 |  )
567 |  $definition = @'
568 |  using System;
569 |  using System.Runtime.InteropServices;
570 |   
571 |  public class AdjPriv
572 |  {
573 |   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
574 |   internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
575 |    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
576 |   
577 |   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
578 |   internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
579 |   [DllImport("advapi32.dll", SetLastError = true)]
580 |   internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
581 |   [StructLayout(LayoutKind.Sequential, Pack = 1)]
582 |   internal struct TokPriv1Luid
583 |   {
584 |    public int Count;
585 |    public long Luid;
586 |    public int Attr;
587 |   }
588 |   
589 |   internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
590 |   internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
591 |   internal const int TOKEN_QUERY = 0x00000008;
592 |   internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
593 |   public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
594 |   {
595 |    bool retVal;
596 |    TokPriv1Luid tp;
597 |    IntPtr hproc = new IntPtr(processHandle);
598 |    IntPtr htok = IntPtr.Zero;
599 |    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
600 |    tp.Count = 1;
601 |    tp.Luid = 0;
602 |    if(disable)
603 |    {
604 |     tp.Attr = SE_PRIVILEGE_DISABLED;
605 |    }
606 |    else
607 |    {
608 |     tp.Attr = SE_PRIVILEGE_ENABLED;
609 |    }
610 |    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
611 |    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
612 |    return retVal;
613 |   }
614 |  }
615 | '@
616 | 
617 |  $processHandle = (Get-Process -id $ProcessId).Handle
618 |  $type = Add-Type $definition -PassThru
619 |  $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
620 | }
621 | 
622 | Disable-Privilege SeTakeOwnershipPrivilege
623 | $everyone = New-Object System.Security.Principal.NTAccount('Everyone')
624 | $accessRule = New-Object System.Security.AccessControl.RegistryAccessRule($everyone, 'ReadKey', 'Allow')
625 | $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSYSTEM\ControlSet001\Services\wuauserv",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership)
626 | $regACL = $regKey.GetAccessControl()
627 | $regACL.SetOwner($everyone)
628 | $regKey.Close()
629 | Write-Host "Owner changed to Everyone."
630 | $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSYSTEM\ControlSet001\Services\wuauserv",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
631 | $regACL = $regKey.GetAccessControl()
632 | $regRule = New-Object System.Security.AccessControl.RegistryAccessRule ($everyone, 'ReadKey', 'Allow')
633 | $regACL.SetAccessRule($regRule)
634 | $regKey.SetAccessControl($regACL)
635 | Write-Host "Permissions modified for Everyone group."
636 | Write-Host "Registry key permissions successfully updated."
637 | 
638 | 
639 | Write-Host "All users have been granted read-only access to the registry key."
640 | $regKey.Close()
641 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2540477E-E654-4302-AD44-383BBFFBFF16}" '/f'
642 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{341B2255-6A6B-442A-AF5A-C610B7DBE12D}" '/f'
643 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476E8CFA-78E2-4C51-854E-538F8643B4FD}" '/f'
644 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{764DDB74-CB08-4E0A-8580-B41F94F2C7BE}" '/f'
645 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{817CCFDD-4DD0-4102-AC6E-3F5D3B789FB8}" '/f'
646 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CEDA8C-A866-4787-BBD3-6F3C9F61DD5C}" '/f'
647 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B3CDCDA-4197-490B-AA5C-C9F5F42A9D88}" '/f'
648 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CBBFAAE-DB9F-48B4-BAC0-4CFF482A4E01}" '/f'
649 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A31197EC-EAEE-4837-8A9C-3A17D358B9EB}" '/f'
650 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4FBEFA9-6F7C-4C74-A891-3774B7BCD072}" '/f'
651 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B53BD60A-5823-411C-9C75-AA91DB3C35F8}" '/f'
652 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CECDC345-7460-4A15-9D8B-DAC3F9CC5368}" '/f'
653 | & 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" '/f'
654 | & 'reg' 'delete' 'HKLM\zSYSTEM\ControlSet001\Services\WaaSMedicSVC' '/f'
655 | & 'reg' 'delete' 'HKLM\zSYSTEM\ControlSet001\Services\UsoSvc' '/f'
656 | & 'reg' 'add' 'HKEY_LOCAL_MACHINE\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' '/v' 'NoAutoUpdate' '/t' 'REG_DWORD' '/d' '1' '/f'
657 | Write-Host "Disabling Windows Defender"
658 | # Set registry values for Windows Defender services
659 | $servicePaths = @(
660 |     "WinDefend",
661 |     "WdNisSvc",
662 |     "WdNisDrv",
663 |     "WdFilter",
664 |     "Sense"
665 | )
666 | 
667 | foreach ($path in $servicePaths) {
668 |     Set-ItemProperty -Path "HKLM:\zSYSTEM\ControlSet001\Services\$path" -Name "Start" -Value 4
669 | }
670 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' '/v' 'SettingsPageVisibility' '/t' 'REG_SZ' '/d' 'hide:virus;windowsupdate' '/f' 
671 | Write-Host "Tweaking complete!"
672 | Write-Host "Unmounting Registry..."
673 | $regKey.Close()
674 | reg unload HKLM\zCOMPONENTS >null
675 | reg unload HKLM\zDEFAULT >null
676 | reg unload HKLM\zNTUSER >null
677 | reg unload HKLM\zSOFTWARE
678 | reg unload HKLM\zSYSTEM >null
679 | Write-Host "Cleaning up image..."
680 | & 'dism' '/English' "/image:$mainOSDrive\scratchdir" '/Cleanup-Image' '/StartComponentCleanup' '/ResetBase' >null
681 | Write-Host "Cleanup complete."
682 | Write-Host ' '
683 | Write-Host "Unmounting image..."
684 | & 'dism' '/English' '/unmount-image' "/mountdir:$mainOSDrive\scratchdir" '/commit'
685 | Write-Host "Exporting image..."
686 | & 'dism' '/English' '/Export-Image' "/SourceImageFile:$mainOSDrive\tiny11\sources\install.wim" "/SourceIndex:$index" "/DestinationImageFile:$mainOSDrive\tiny11\sources\install2.wim" '/compress:max'
687 | Remove-Item -Path "$mainOSDrive\tiny11\sources\install.wim" -Force >null
688 | Rename-Item -Path "$mainOSDrive\tiny11\sources\install2.wim" -NewName "install.wim" >null
689 | Write-Host "Windows image completed. Continuing with boot.wim."
690 | Start-Sleep -Seconds 2
691 | Clear-Host
692 | Write-Host "Mounting boot image:"
693 | $wimFilePath = "$($env:SystemDrive)\tiny11\sources\boot.wim" 
694 | & takeown "/F" $wimFilePath >null
695 | & icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)"
696 | Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false
697 | & 'dism' '/English' '/mount-image' "/imagefile:$mainOSDrive\tiny11\sources\boot.wim" '/index:2' "/mountdir:$mainOSDrive\scratchdir"
698 | Write-Host "Loading registry..."
699 | reg load HKLM\zCOMPONENTS $mainOSDrive\scratchdir\Windows\System32\config\COMPONENTS
700 | reg load HKLM\zDEFAULT $mainOSDrive\scratchdir\Windows\System32\config\default
701 | reg load HKLM\zNTUSER $mainOSDrive\scratchdir\Users\Default\ntuser.dat
702 | reg load HKLM\zSOFTWARE $mainOSDrive\scratchdir\Windows\System32\config\SOFTWARE
703 | reg load HKLM\zSYSTEM $mainOSDrive\scratchdir\Windows\System32\config\SYSTEM
704 | Write-Host "Bypassing system requirements(on the setup image):"
705 | & 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' >null
706 | & 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' >null
707 | & 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' >null
708 | & 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' >null
709 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
710 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
711 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
712 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
713 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
714 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' >null
715 | & 'reg' 'add' 'HKEY_LOCAL_MACHINE\zSYSTEM\Setup' '/v' 'CmdLine' '/t' 'REG_SZ' '/d' 'X:\sources\setup.exe' '/f' >null
716 | Write-Host "Tweaking complete!"
717 | Write-Host "Unmounting Registry..."
718 | $regKey.Close()
719 | reg unload HKLM\zCOMPONENTS >null
720 | reg unload HKLM\zDEFAULT >null
721 | reg unload HKLM\zNTUSER >null
722 | $regKey.Close()
723 | reg unload HKLM\zSOFTWARE
724 | reg unload HKLM\zSYSTEM >null
725 | Write-Host "Unmounting image..."
726 | & 'dism' '/English' '/unmount-image' "/mountdir:$mainOSDrive\scratchdir" '/commit'
727 | Clear-Host
728 | Write-Host "Exporting ESD. This may take a while..."
729 | & dism /Export-Image /SourceImageFile:"$mainOSDrive\tiny11\sources\install.wim" /SourceIndex:1 /DestinationImageFile:"$mainOSDrive\tiny11\sources\install.esd" /Compress:recovery
730 | Remove-Item "$mainOSDrive\tiny11\sources\install.wim" > $null 2>&1
731 | Write-Host "The tiny11 image is now completed. Proceeding with the making of the ISO..."
732 | Write-Host "Creating ISO image..."
733 | $ADKDepTools = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\$hostarchitecture\Oscdimg"
734 | $localOSCDIMGPath = "$PSScriptRoot\oscdimg.exe"
735 | 
736 | if ([System.IO.Directory]::Exists($ADKDepTools)) {
737 |     Write-Host "Will be using oscdimg.exe from system ADK."
738 |     $OSCDIMG = "$ADKDepTools\oscdimg.exe"
739 | } else {
740 |     Write-Host "ADK folder not found. Will be using bundled oscdimg.exe."
741 |     
742 |     
743 |     $url = "https://msdl.microsoft.com/download/symbols/oscdimg.exe/3D44737265000/oscdimg.exe"
744 | 
745 |     if (-not (Test-Path -Path $localOSCDIMGPath)) {
746 |         Write-Host "Downloading oscdimg.exe..."
747 |         Invoke-WebRequest -Uri $url -OutFile $localOSCDIMGPath
748 | 
749 |         if (Test-Path $localOSCDIMGPath) {
750 |             Write-Host "oscdimg.exe downloaded successfully."
751 |         } else {
752 |             Write-Error "Failed to download oscdimg.exe."
753 |             exit 1
754 |         }
755 |     } else {
756 |         Write-Host "oscdimg.exe already exists locally."
757 |     }
758 | 
759 |     $OSCDIMG = $localOSCDIMGPath
760 | }
761 | 
762 | & "$OSCDIMG" '-m' '-o' '-u2' '-udfver102' "-bootdata:2#p0,e,b$ScratchDisk\tiny11\boot\etfsboot.com#pEF,e,b$ScratchDisk\tiny11\efi\microsoft\boot\efisys.bin" "$ScratchDisk\tiny11" "$PSScriptRoot\tiny11.iso"
763 | 
764 | # Finishing up
765 | Write-Host "Creation completed! Press any key to exit the script..."
766 | Read-Host "Press Enter to continue"
767 | Write-Host "Performing Cleanup..."
768 | Remove-Item -Path "$mainOSDrive\tiny11" -Recurse -Force >null
769 | Remove-Item -Path "$mainOSDrive\scratchdir" -Recurse -Force >null
770 | 
771 | # Stop the transcript
772 | Stop-Transcript
773 | 
774 | exit
775 | }
776 | elseif ($input -eq 'n') {
777 |     Write-Host "You chose not to continue. The script will now exit."
778 |     exit
779 | }
780 | else {
781 |     Write-Host "Invalid input. Please enter 'y' to continue or 'n' to exit."
782 | }
783 | 


--------------------------------------------------------------------------------
/tiny11maker.ps1:
--------------------------------------------------------------------------------
  1 | # Enable debugging
  2 | #Set-PSDebug -Trace 1
  3 | 
  4 | param (
  5 |     [ValidatePattern('^[c-zC-Z]$')]
  6 |     [string]$ScratchDisk
  7 | )
  8 | 
  9 | if (-not $ScratchDisk) {
 10 |     $ScratchDisk = $PSScriptRoot -replace '[\\]+$', ''
 11 | } else {
 12 |     $ScratchDisk = $ScratchDisk + ":"
 13 | }
 14 | 
 15 | Write-Output "Scratch disk set to $ScratchDisk"
 16 | 
 17 | # Check if PowerShell execution is restricted
 18 | if ((Get-ExecutionPolicy) -eq 'Restricted') {
 19 |     Write-Host "Your current PowerShell Execution Policy is set to Restricted, which prevents scripts from running. Do you want to change it to RemoteSigned? (yes/no)"
 20 |     $response = Read-Host
 21 |     if ($response -eq 'yes') {
 22 |         Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Confirm:$false
 23 |     } else {
 24 |         Write-Host "The script cannot be run without changing the execution policy. Exiting..."
 25 |         exit
 26 |     }
 27 | }
 28 | 
 29 | # Check and run the script as admin if required
 30 | $adminSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
 31 | $adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount])
 32 | $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
 33 | $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
 34 | $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
 35 | if (! $myWindowsPrincipal.IsInRole($adminRole))
 36 | {
 37 |     Write-Host "Restarting Tiny11 image creator as admin in a new window, you can close this one."
 38 |     $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
 39 |     $newProcess.Arguments = $myInvocation.MyCommand.Definition;
 40 |     $newProcess.Verb = "runas";
 41 |     [System.Diagnostics.Process]::Start($newProcess);
 42 |     exit
 43 | }
 44 | 
 45 | 
 46 | 
 47 | # Start the transcript and prepare the window
 48 | Start-Transcript -Path "$ScratchDisk\tiny11.log" 
 49 | 
 50 | $Host.UI.RawUI.WindowTitle = "Tiny11 image creator"
 51 | Clear-Host
 52 | Write-Host "Welcome to the tiny11 image creator! Release: 05-06-24"
 53 | 
 54 | $hostArchitecture = $Env:PROCESSOR_ARCHITECTURE
 55 | New-Item -ItemType Directory -Force -Path "$ScratchDisk\tiny11\sources" | Out-Null
 56 | do {
 57 |     $DriveLetter = Read-Host "Please enter the drive letter for the Windows 11 image"
 58 |     if ($DriveLetter -match '^[c-zC-Z]$') {
 59 |         $DriveLetter = $DriveLetter + ":"
 60 |         Write-Output "Drive letter set to $DriveLetter"
 61 |     } else {
 62 |         Write-Output "Invalid drive letter. Please enter a letter between C and Z."
 63 |     }
 64 | } while ($DriveLetter -notmatch '^[c-zC-Z]:$')
 65 | 
 66 | if ((Test-Path "$DriveLetter\sources\boot.wim") -eq $false -or (Test-Path "$DriveLetter\sources\install.wim") -eq $false) {
 67 |     if ((Test-Path "$DriveLetter\sources\install.esd") -eq $true) {
 68 |         Write-Host "Found install.esd, converting to install.wim..."
 69 |         Get-WindowsImage -ImagePath $DriveLetter\sources\install.esd
 70 |         $index = Read-Host "Please enter the image index"
 71 |         Write-Host ' '
 72 |         Write-Host 'Converting install.esd to install.wim. This may take a while...'
 73 |         Export-WindowsImage -SourceImagePath $DriveLetter\sources\install.esd -SourceIndex $index -DestinationImagePath $ScratchDisk\tiny11\sources\install.wim -Compressiontype Maximum -CheckIntegrity
 74 |     } else {
 75 |         Write-Host "Can't find Windows OS Installation files in the specified Drive Letter.."
 76 |         Write-Host "Please enter the correct DVD Drive Letter.."
 77 |         exit
 78 |     }
 79 | }
 80 | 
 81 | Write-Host "Copying Windows image..."
 82 | Copy-Item -Path "$DriveLetter\*" -Destination "$ScratchDisk\tiny11" -Recurse -Force | Out-Null
 83 | Set-ItemProperty -Path "$ScratchDisk\tiny11\sources\install.esd" -Name IsReadOnly -Value $false > $null 2>&1
 84 | Remove-Item "$ScratchDisk\tiny11\sources\install.esd" > $null 2>&1
 85 | Write-Host "Copy complete!"
 86 | Start-Sleep -Seconds 2
 87 | Clear-Host
 88 | Write-Host "Getting image information:"
 89 | Get-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\install.wim
 90 | $index = Read-Host "Please enter the image index"
 91 | Write-Host "Mounting Windows image. This may take a while."
 92 | $wimFilePath = "$ScratchDisk\tiny11\sources\install.wim"
 93 | & takeown "/F" $wimFilePath 
 94 | & icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)"
 95 | try {
 96 |     Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false -ErrorAction Stop
 97 | } catch {
 98 |     # This block will catch the error and suppress it.
 99 | }
100 | New-Item -ItemType Directory -Force -Path "$ScratchDisk\scratchdir" > $null
101 | Mount-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\install.wim -Index $index -Path $ScratchDisk\scratchdir
102 | 
103 | $imageIntl = & dism /English /Get-Intl "/Image:$($ScratchDisk)\scratchdir"
104 | $languageLine = $imageIntl -split '\n' | Where-Object { $_ -match 'Default system UI language : ([a-zA-Z]{2}-[a-zA-Z]{2})' }
105 | 
106 | if ($languageLine) {
107 |     $languageCode = $Matches[1]
108 |     Write-Host "Default system UI language code: $languageCode"
109 | } else {
110 |     Write-Host "Default system UI language code not found."
111 | }
112 | 
113 | $imageInfo = & 'dism' '/English' '/Get-WimInfo' "/wimFile:$($ScratchDisk)\tiny11\sources\install.wim" "/index:$index"
114 | $lines = $imageInfo -split '\r?\n'
115 | 
116 | foreach ($line in $lines) {
117 |     if ($line -like '*Architecture : *') {
118 |         $architecture = $line -replace 'Architecture : ',''
119 |         # If the architecture is x64, replace it with amd64
120 |         if ($architecture -eq 'x64') {
121 |             $architecture = 'amd64'
122 |         }
123 |         Write-Host "Architecture: $architecture"
124 |         break
125 |     }
126 | }
127 | 
128 | if (-not $architecture) {
129 |     Write-Host "Architecture information not found."
130 | }
131 | 
132 | Write-Host "Mounting complete! Performing removal of applications..."
133 | 
134 | $packages = & 'dism' '/English' "/image:$($ScratchDisk)\scratchdir" '/Get-ProvisionedAppxPackages' |
135 |     ForEach-Object {
136 |         if ($_ -match 'PackageName : (.*)') {
137 |             $matches[1]
138 |         }
139 |     }
140 | $packagePrefixes = 'Clipchamp.Clipchamp_', 'Microsoft.BingNews_', 'Microsoft.BingWeather_', 'Microsoft.GamingApp_', 'Microsoft.GetHelp_', 'Microsoft.Getstarted_', 'Microsoft.MicrosoftOfficeHub_', 'Microsoft.MicrosoftSolitaireCollection_', 'Microsoft.People_', 'Microsoft.PowerAutomateDesktop_', 'Microsoft.Todos_', 'Microsoft.WindowsAlarms_', 'microsoft.windowscommunicationsapps_', 'Microsoft.WindowsFeedbackHub_', 'Microsoft.WindowsMaps_', 'Microsoft.WindowsSoundRecorder_', 'Microsoft.Xbox.TCUI_', 'Microsoft.XboxGamingOverlay_', 'Microsoft.XboxGameOverlay_', 'Microsoft.XboxSpeechToTextOverlay_', 'Microsoft.YourPhone_', 'Microsoft.ZuneMusic_', 'Microsoft.ZuneVideo_', 'MicrosoftCorporationII.MicrosoftFamily_', 'MicrosoftCorporationII.QuickAssist_', 'MicrosoftTeams_', 'Microsoft.549981C3F5F10_'
141 | 
142 | $packagesToRemove = $packages | Where-Object {
143 |     $packageName = $_
144 |     $packagePrefixes -contains ($packagePrefixes | Where-Object { $packageName -like "$_*" })
145 | }
146 | foreach ($package in $packagesToRemove) {
147 |     & 'dism' '/English' "/image:$($ScratchDisk)\scratchdir" '/Remove-ProvisionedAppxPackage' "/PackageName:$package"
148 | }
149 | 
150 | 
151 | Write-Host "Removing Edge:"
152 | Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\Edge" -Recurse -Force | Out-Null
153 | Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\EdgeUpdate" -Recurse -Force | Out-Null
154 | Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\EdgeCore" -Recurse -Force | Out-Null
155 | if ($architecture -eq 'amd64') {
156 |     $folderPath = Get-ChildItem -Path "$ScratchDisk\scratchdir\Windows\WinSxS" -Filter "amd64_microsoft-edge-webview_31bf3856ad364e35*" -Directory | Select-Object -ExpandProperty FullName
157 | 
158 |     if ($folderPath) {
159 |         & 'takeown' '/f' $folderPath '/r' | Out-Null
160 |         & icacls $folderPath  "/grant" "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null
161 |         Remove-Item -Path $folderPath -Recurse -Force | Out-Null
162 |     } else {
163 |         Write-Host "Folder not found."
164 |     }
165 | } elseif ($architecture -eq 'arm64') {
166 |     $folderPath = Get-ChildItem -Path "$ScratchDisk\scratchdir\Windows\WinSxS" -Filter "arm64_microsoft-edge-webview_31bf3856ad364e35*" -Directory | Select-Object -ExpandProperty FullName | Out-Null
167 | 
168 |     if ($folderPath) {
169 |         & 'takeown' '/f' $folderPath '/r'| Out-Null
170 |         & icacls $folderPath  "/grant" "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null
171 |         Remove-Item -Path $folderPath -Recurse -Force | Out-Null
172 |     } else {
173 |         Write-Host "Folder not found."
174 |     }
175 | } else {
176 |     Write-Host "Unknown architecture: $architecture"
177 | }
178 | & 'takeown' '/f' "$ScratchDisk\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/r' | Out-Null
179 | & 'icacls' "$ScratchDisk\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null
180 | Remove-Item -Path "$ScratchDisk\scratchdir\Windows\System32\Microsoft-Edge-Webview" -Recurse -Force | Out-Null
181 | Write-Host "Removing OneDrive:"
182 | & 'takeown' '/f' "$ScratchDisk\scratchdir\Windows\System32\OneDriveSetup.exe" | Out-Null
183 | & 'icacls' "$ScratchDisk\scratchdir\Windows\System32\OneDriveSetup.exe" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null
184 | Remove-Item -Path "$ScratchDisk\scratchdir\Windows\System32\OneDriveSetup.exe" -Force | Out-Null
185 | Write-Host "Removal complete!"
186 | Start-Sleep -Seconds 2
187 | Clear-Host
188 | Write-Host "Loading registry..."
189 | reg load HKLM\zCOMPONENTS $ScratchDisk\scratchdir\Windows\System32\config\COMPONENTS | Out-Null
190 | reg load HKLM\zDEFAULT $ScratchDisk\scratchdir\Windows\System32\config\default | Out-Null
191 | reg load HKLM\zNTUSER $ScratchDisk\scratchdir\Users\Default\ntuser.dat | Out-Null
192 | reg load HKLM\zSOFTWARE $ScratchDisk\scratchdir\Windows\System32\config\SOFTWARE | Out-Null
193 | reg load HKLM\zSYSTEM $ScratchDisk\scratchdir\Windows\System32\config\SYSTEM | Out-Null
194 | Write-Host "Bypassing system requirements(on the system image):"
195 | & 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
196 | & 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
197 | & 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
198 | & 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
199 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
200 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
201 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
202 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
203 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
204 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
205 | Write-Host "Disabling Sponsored Apps:"
206 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
207 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
208 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
209 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableWindowsConsumerFeatures' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
210 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
211 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\PolicyManager\current\device\Start' '/v' 'ConfigureStartPins' '/t' 'REG_SZ' '/d' '{"pinnedList": [{}]}' '/f' | Out-Null
212 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
213 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
214 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'FeatureManagementEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
215 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
216 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
217 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEverEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
218 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
219 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SoftLandingEnabled' '/t' 'REG_DWORD' '/d' '0' '/f'| Out-Null
220 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
221 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-310093Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
222 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338388Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
223 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338389Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
224 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338393Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
225 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353694Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
226 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353696Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
227 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
228 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SystemPaneSuggestionsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
229 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\PushToInstall' '/v' 'DisablePushToInstall' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
230 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\MRT' '/v' 'DontOfferThroughWUAU' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
231 | & 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions' '/f' | Out-Null
232 | & 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\SuggestedApps' '/f' | Out-Null
233 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableConsumerAccountStateContent' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
234 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableCloudOptimizedContent' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
235 | Write-Host "Enabling Local Accounts on OOBE:"
236 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' '/v' 'BypassNRO' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
237 | Copy-Item -Path "$PSScriptRoot\autounattend.xml" -Destination "$ScratchDisk\scratchdir\Windows\System32\Sysprep\autounattend.xml" -Force | Out-Null
238 | Write-Host "Disabling Reserved Storage:"
239 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' '/v' 'ShippedWithReserves' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
240 | Write-Host "Disabling BitLocker Device Encryption"
241 | & 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Control\BitLocker' '/v' 'PreventDeviceEncryption' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
242 | Write-Host "Disabling Chat icon:"
243 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\Windows Chat' '/v' 'ChatIcon' '/t' 'REG_DWORD' '/d' '3' '/f' | Out-Null
244 | & 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' '/v' 'TaskbarMn' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
245 | Write-Host "Removing Edge related registries"
246 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /f | Out-Null
247 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update" /f | Out-Null
248 | Write-Host "Disabling OneDrive folder backup"
249 | & 'reg' 'add' "HKLM\zSOFTWARE\Policies\Microsoft\Windows\OneDrive" '/v' 'DisableFileSyncNGSC' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
250 | Write-Host "Disabling Telemetry:"
251 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
252 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy' '/v' 'TailoredExperiencesWithDiagnosticDataEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
253 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy' '/v' 'HasAccepted' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
254 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Input\TIPC' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
255 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitInkCollection' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
256 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitTextCollection' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
257 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization\TrainedDataStore' '/v' 'HarvestContacts' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
258 | & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' '/v' 'AcceptedPrivacyPolicy' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
259 | & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' '/v' 'AllowTelemetry' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
260 | & 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f' | Out-Null
261 | ## Prevents installation or DevHome and Outlook
262 | Write-Host "Prevents installation or DevHome and Outlook:"
263 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\OutlookUpdate' '/v' 'workCompleted' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
264 | & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\DevHomeUpdate' '/v' 'workCompleted' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
265 | & 'reg' 'delete' 'HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate' '/f' | Out-Null
266 | & 'reg' 'delete' 'HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate' '/f' | Out-Null
267 | 
268 | ## this function allows PowerShell to take ownership of the Scheduled Tasks registry key from TrustedInstaller. Based on Jose Espitia's script.
269 | function Enable-Privilege {
270 |  param(
271 |   [ValidateSet(
272 |    "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
273 |    "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
274 |    "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
275 |    "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
276 |    "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
277 |    "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
278 |    "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
279 |    "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
280 |    "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
281 |    "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
282 |    "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
283 |   $Privilege,
284 |   ## The process on which to adjust the privilege. Defaults to the current process.
285 |   $ProcessId = $pid,
286 |   ## Switch to disable the privilege, rather than enable it.
287 |   [Switch] $Disable
288 |  )
289 |  $definition = @'
290 |  using System;
291 |  using System.Runtime.InteropServices;
292 |   
293 |  public class AdjPriv
294 |  {
295 |   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
296 |   internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
297 |    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
298 |   
299 |   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
300 |   internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
301 |   [DllImport("advapi32.dll", SetLastError = true)]
302 |   internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
303 |   [StructLayout(LayoutKind.Sequential, Pack = 1)]
304 |   internal struct TokPriv1Luid
305 |   {
306 |    public int Count;
307 |    public long Luid;
308 |    public int Attr;
309 |   }
310 |   
311 |   internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
312 |   internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
313 |   internal const int TOKEN_QUERY = 0x00000008;
314 |   internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
315 |   public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
316 |   {
317 |    bool retVal;
318 |    TokPriv1Luid tp;
319 |    IntPtr hproc = new IntPtr(processHandle);
320 |    IntPtr htok = IntPtr.Zero;
321 |    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
322 |    tp.Count = 1;
323 |    tp.Luid = 0;
324 |    if(disable)
325 |    {
326 |     tp.Attr = SE_PRIVILEGE_DISABLED;
327 |    }
328 |    else
329 |    {
330 |     tp.Attr = SE_PRIVILEGE_ENABLED;
331 |    }
332 |    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
333 |    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
334 |    return retVal;
335 |   }
336 |  }
337 | '@
338 | 
339 |  $processHandle = (Get-Process -id $ProcessId).Handle
340 |  $type = Add-Type $definition -PassThru
341 |  $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
342 | }
343 | 
344 | Enable-Privilege SeTakeOwnershipPrivilege
345 | 
346 | $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership)
347 | $regACL = $regKey.GetAccessControl()
348 | $regACL.SetOwner($adminGroup)
349 | $regKey.SetAccessControl($regACL)
350 | $regKey.Close()
351 | Write-Host "Owner changed to Administrators."
352 | $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
353 | $regACL = $regKey.GetAccessControl()
354 | $regRule = New-Object System.Security.AccessControl.RegistryAccessRule ($adminGroup,"FullControl","ContainerInherit","None","Allow")
355 | $regACL.SetAccessRule($regRule)
356 | $regKey.SetAccessControl($regACL)
357 | Write-Host "Permissions modified for Administrators group."
358 | Write-Host "Registry key permissions successfully updated."
359 | $regKey.Close()
360 | 
361 | Write-Host 'Deleting Application Compatibility Appraiser'
362 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0600DD45-FAF2-4131-A006-0B17509B9F78}" /f | Out-Null
363 | Write-Host 'Deleting Customer Experience Improvement Program'
364 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81}" /f | Out-Null
365 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FAC31FA-4A85-4E64-BFD5-2154FF4594B3}" /f | Out-Null
366 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC931F16-B50A-472E-B061-B6F79A71EF59}" /f | Out-Null
367 | Write-Host 'Deleting Program Data Updater' 
368 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0671EB05-7D95-4153-A32B-1426B9FE61DB}" /f | Out-Null
369 | Write-Host 'Deleting autochk proxy'
370 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87BF85F4-2CE1-4160-96EA-52F554AA28A2}" /f | Out-Null
371 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A9C643C-3D74-4099-B6BD-9C6D170898B1}" /f | Out-Null
372 | Write-Host 'Deleting QueueReporting'
373 | reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3176A65-4E44-4ED3-AA73-3283660ACB9C}" /f | Out-Null
374 | Write-Host "Tweaking complete!"
375 | Write-Host "Unmounting Registry..."
376 | $regKey.Close()
377 | reg unload HKLM\zCOMPONENTS | Out-Null
378 | reg unload HKLM\zDRIVERS | Out-Null
379 | reg unload HKLM\zDEFAULT | Out-Null
380 | reg unload HKLM\zNTUSER | Out-Null
381 | reg unload HKLM\zSCHEMA | Out-Null
382 | reg unload HKLM\zSOFTWARE
383 | reg unload HKLM\zSYSTEM | Out-Null
384 | Write-Host "Cleaning up image..."
385 | Repair-WindowsImage -Path $ScratchDisk\scratchdir -StartComponentCleanup -ResetBase
386 | Write-Host "Cleanup complete."
387 | Write-Host ' '
388 | Write-Host "Unmounting image..."
389 | Dismount-WindowsImage -Path $ScratchDisk\scratchdir -Save
390 | Write-Host "Exporting image..."
391 | # Compressiontype Recovery is not supported with PShell https://learn.microsoft.com/en-us/powershell/module/dism/export-windowsimage?view=windowsserver2022-ps#-compressiontype
392 | Export-WindowsImage -SourceImagePath $ScratchDisk\tiny11\sources\install.wim -SourceIndex $index -DestinationImagePath $ScratchDisk\tiny11\sources\install2.wim -CompressionType Fast
393 | Remove-Item -Path "$ScratchDisk\tiny11\sources\install.wim" -Force | Out-Null
394 | Rename-Item -Path "$ScratchDisk\tiny11\sources\install2.wim" -NewName "install.wim" | Out-Null
395 | Write-Host "Windows image completed. Continuing with boot.wim."
396 | Start-Sleep -Seconds 2
397 | Clear-Host
398 | Write-Host "Mounting boot image:"
399 | $wimFilePath = "$ScratchDisk\tiny11\sources\boot.wim" 
400 | & takeown "/F" $wimFilePath | Out-Null
401 | & icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)"
402 | Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false
403 | Mount-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\boot.wim -Index 2 -Path $ScratchDisk\scratchdir
404 | Write-Host "Loading registry..."
405 | reg load HKLM\zCOMPONENTS $ScratchDisk\scratchdir\Windows\System32\config\COMPONENTS
406 | reg load HKLM\zDEFAULT $ScratchDisk\scratchdir\Windows\System32\config\default
407 | reg load HKLM\zNTUSER $ScratchDisk\scratchdir\Users\Default\ntuser.dat
408 | reg load HKLM\zSOFTWARE $ScratchDisk\scratchdir\Windows\System32\config\SOFTWARE
409 | reg load HKLM\zSYSTEM $ScratchDisk\scratchdir\Windows\System32\config\SYSTEM
410 | Write-Host "Bypassing system requirements(on the setup image):"
411 | & 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
412 | & 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
413 | & 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
414 | & 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
415 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
416 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
417 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
418 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
419 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
420 | & 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
421 | Write-Host "Tweaking complete!"
422 | Write-Host "Unmounting Registry..."
423 | $regKey.Close()
424 | reg unload HKLM\zCOMPONENTS | Out-Null
425 | reg unload HKLM\zDRIVERS | Out-Null
426 | reg unload HKLM\zDEFAULT | Out-Null
427 | reg unload HKLM\zNTUSER | Out-Null
428 | reg unload HKLM\zSCHEMA | Out-Null
429 | $regKey.Close()
430 | reg unload HKLM\zSOFTWARE
431 | reg unload HKLM\zSYSTEM | Out-Null
432 | Write-Host "Unmounting image..."
433 | Dismount-WindowsImage -Path $ScratchDisk\scratchdir -Save
434 | Clear-Host
435 | Write-Host "The tiny11 image is now completed. Proceeding with the making of the ISO..."
436 | Write-Host "Copying unattended file for bypassing MS account on OOBE..."
437 | Copy-Item -Path "$PSScriptRoot\autounattend.xml" -Destination "$ScratchDisk\tiny11\autounattend.xml" -Force | Out-Null
438 | Write-Host "Creating ISO image..."
439 | $ADKDepTools = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\$hostarchitecture\Oscdimg"
440 | $localOSCDIMGPath = "$PSScriptRoot\oscdimg.exe"
441 | 
442 | if ([System.IO.Directory]::Exists($ADKDepTools)) {
443 |     Write-Host "Will be using oscdimg.exe from system ADK."
444 |     $OSCDIMG = "$ADKDepTools\oscdimg.exe"
445 | } else {
446 |     Write-Host "ADK folder not found. Will be using bundled oscdimg.exe."
447 |     
448 |     $url = "https://msdl.microsoft.com/download/symbols/oscdimg.exe/3D44737265000/oscdimg.exe"
449 | 
450 |     if (-not (Test-Path -Path $localOSCDIMGPath)) {
451 |         Write-Host "Downloading oscdimg.exe..."
452 |         Invoke-WebRequest -Uri $url -OutFile $localOSCDIMGPath
453 | 
454 |         if (Test-Path $localOSCDIMGPath) {
455 |             Write-Host "oscdimg.exe downloaded successfully."
456 |         } else {
457 |             Write-Error "Failed to download oscdimg.exe."
458 |             exit 1
459 |         }
460 |     } else {
461 |         Write-Host "oscdimg.exe already exists locally."
462 |     }
463 | 
464 |     $OSCDIMG = $localOSCDIMGPath
465 | }
466 | 
467 | & "$OSCDIMG" '-m' '-o' '-u2' '-udfver102' "-bootdata:2#p0,e,b$ScratchDisk\tiny11\boot\etfsboot.com#pEF,e,b$ScratchDisk\tiny11\efi\microsoft\boot\efisys.bin" "$ScratchDisk\tiny11" "$PSScriptRoot\tiny11.iso"
468 | 
469 | # Finishing up
470 | Write-Host "Creation completed! Press any key to exit the script..."
471 | Read-Host "Press Enter to continue"
472 | Write-Host "Performing Cleanup..."
473 | Remove-Item -Path "$ScratchDisk\tiny11" -Recurse -Force | Out-Null
474 | Remove-Item -Path "$ScratchDisk\scratchdir" -Recurse -Force | Out-Null
475 | 
476 | # Stop the transcript
477 | Stop-Transcript
478 | 
479 | exit
480 | 


--------------------------------------------------------------------------------