├── README.md ├── windows10-basic-miningrig.ps1 ├── parrot.sh ├── LICENSE ├── ubuntu.sh ├── windows10-basic.ps1 ├── macos.sh ├── windows10-miningrig.ps1 ├── windows10.ps1 └── windows11.ps1 /README.md: -------------------------------------------------------------------------------- 1 | # setup-scripts 2 | 3 | [![Sponsor](https://img.shields.io/badge/Sponsor-Click%20Here-ff69b4)](https://github.com/sponsors/simeononsecurity) 4 | 5 | Set up scripts for various OS'es. 6 | 7 | ## Notes: 8 | - These are public so that you may learn from them to further automate your deployments. 9 | - **DO NOT** run these commands or scripts directly without knowledge of what these scripts do. 10 | 11 | ## Direct Install Scripts: 12 | ### Windows 11 - Install and Configure: 13 | ```powershell 14 | iwr -useb "https://raw.githubusercontent.com/simeononsecurity/setup-scripts/main/windows11.ps1" | iex 15 | ``` 16 | 17 | ### Windows 10 - Install and Configure: 18 | ```powershell 19 | iwr -useb "https://raw.githubusercontent.com/simeononsecurity/setup-scripts/main/windows10.ps1" | iex 20 | ``` 21 | 22 | ### Windows 10 - Basic Install and Configure: 23 | ```powershell 24 | iwr -useb "https://raw.githubusercontent.com/simeononsecurity/setup-scripts/main/windows10-basic.ps1" | iex 25 | ``` 26 | 27 | ### Windows 10 - Mining Rig: 28 | ```powershell 29 | iwr -useb "https://raw.githubusercontent.com/simeononsecurity/setup-scripts/main/windows10-miningrig.ps1" | iex 30 | ``` 31 | 32 | ### Ubuntu - Install and Configure: 33 | ```bash 34 | sudo su -c "bash <(wget -qO- https://raw.githubusercontent.com/simeononsecurity/setup-scripts/main/ubuntu.sh)" root 35 | ``` 36 | 37 | ### ParrotOS - Install and Configure: 38 | ```bash 39 | sudo su -c "bash <(wget -qO- https://raw.githubusercontent.com/simeononsecurity/setup-scripts/main/parrot.sh)" root 40 | ``` 41 | 42 | ### MacOS - Install and Configure: 43 | ```bash 44 | sh -c "$(curl -sL https://raw.githubusercontent.com/simeononsecurity/setup-scripts/main/macos.sh)" 45 | ``` 46 | -------------------------------------------------------------------------------- /windows10-basic-miningrig.ps1: -------------------------------------------------------------------------------- 1 | powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61 2 | powercfg /setactive e9a42b02-d5df-448d-aa00-03f14749eb61 3 | powercfg -h off 4 | powercfg -change -monitor-timeout-ac 15 5 | 6 | bcdedit /set x2apicpolicy Enable 7 | bcdedit /set configaccesspolicy Default 8 | bcdedit /set MSI Default 9 | bcdedit /set usephysicaldestination No 10 | bcdedit /set usefirmwarepcisettings No 11 | bcdedit /deletevalue useplatformclock 12 | bcdedit /set useplatformclock false 13 | bcdedit /set useplatformtick yes 14 | bcdedit /set disabledynamictick yes 15 | bcdedit /set tscsyncpolicy Enhanced 16 | 17 | Disable-MMAgent -MemoryCompression 18 | 19 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Class\{ 4d36e968-e325-11ce-bfc1-08002be10318 }\0000" -Name "PreferSystemMemoryContiguous" -Type "DWORD" -Value "1" -Force 20 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "DisablePagingExecutive" -Type "DWORD" -Value "1" -Force 21 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "LargeSystemCache" -Type "DWORD" -Value "1" -Force 22 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "DpiMapIommuContiguous" -Type "DWORD" -Value "1" -Force 23 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework" -Name "OnlyUseLatestCLR" -PropertyType "DWORD" -Value "1" -Force 24 | New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework" -Name "OnlyUseLatestCLR" -PropertyType "DWORD" -Value "1" -Force 25 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "HwSchMode" -Value 2 -Force 26 | New-Item -Path "HKLM:\SOFTWARE\Microsoft\Avalon.Graphics\" -Name "DisableHWAcceleration" -Force 27 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Avalon.Graphics\" -Name "DisableHWAcceleration" -Type "DWORD" -Value 1 -Force 28 | New-Item -Path "HKCU:\SOFTWARE\Microsoft\Avalon.Graphics\" -Name "DisableHWAcceleration" -Force 29 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Avalon.Graphics\" -Name "DisableHWAcceleration" -Type "DWORD" -Value 1 -Force 30 | 31 | Start-Job -Name "Install and Configure Chocolatey" -ScriptBlock { 32 | Write-Host "Installing Chocolatey" 33 | # Setting up directories for values 34 | Set-ExecutionPolicy Bypass -Scope Process -Force 35 | [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 36 | Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) 37 | choco feature enable -n=allowGlobalConfirmation 38 | choco feature enable -n=useFipsCompliantChecksums 39 | choco feature enable -n=useEnhancedExitCodes 40 | choco feature disable -n=checksumFiles #Fipsmode implementation is currently broken for some packages 41 | choco config set commandExecutionTimeoutSeconds 14400 42 | choco config set --name="'cacheLocation'" --value="'C:\temp\chococache'" 43 | choco config set --name="'proxyBypassOnLocal'" --value="'true'" 44 | choco upgrade all --ignore-checksums 45 | refreshenv 46 | Start-Job -Name "Installing Windows Updates" -ScriptBlock { 47 | Write-Host "Install Latest Windows Updates" 48 | choco install pswindowsupdate 49 | Set-Executionpolicy -ExecutionPolicy RemoteSigned -Force 50 | Import-Module PSWindowsUpdate -Force 51 | Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d -Confirm:$false 52 | Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -Install 53 | Get-WuInstall -AcceptAll -IgnoreReboot -IgnoreUserInput -nottitle 'preview' 54 | Get-WindowsUpdate –Install 55 | } 56 | Start-Job -Name "Installing Graphics Drivers" -ScriptBlock { 57 | choco install nvidia-display-driver cuda 58 | } 59 | Start-Job -Name "Install Software" -ScriptBlock { 60 | Write-Host "Installing Software" 61 | choco install evga-precision-x1 msiafterburner gpu-z hwinfo 62 | choco upgrade evga-precision-x1 msiafterburner gpu-z hwinfo 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /parrot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Define colors... 4 | RED=`tput bold && tput setaf 1` 5 | GREEN=`tput bold && tput setaf 2` 6 | YELLOW=`tput bold && tput setaf 3` 7 | BLUE=`tput bold && tput setaf 4` 8 | NC=`tput sgr0` 9 | 10 | function RED(){ 11 | echo -e "\n${RED}${1}${NC}" 12 | } 13 | function GREEN(){ 14 | echo -e "\n${GREEN}${1}${NC}" 15 | } 16 | function YELLOW(){ 17 | echo -e "\n${YELLOW}${1}${NC}" 18 | } 19 | function BLUE(){ 20 | echo -e "\n${BLUE}${1}${NC}" 21 | } 22 | 23 | # Testing if root... 24 | if [ $UID -ne 0 ] 25 | then 26 | RED "You must run this script as root!" && echo 27 | exit 28 | fi 29 | 30 | 31 | #BLUE "Fix missing public key bug" 32 | #apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B56FFA946EB1660A 33 | 34 | #BLUE "Switch to LTS-SECURITY repo" 35 | #rm /etc/apt/sources.list.d/parrot.list 36 | #echo "deb https://deb.parrot.sh/parrot/ lts-security main contrib non-free" > /etc/apt/sources.list.d/parrot.list 37 | 38 | BLUE "Update, Upgrade, then Install Tools I Like" 39 | apt update 40 | apt install -y full-upgrade 41 | 42 | BLUE "Installing vmtools..." 43 | apt install -y open-vm-tools 44 | 45 | BLUE "Installing xrdp..." 46 | apt install -y install xrdp 47 | 48 | BLUE "Installing wine..." 49 | apt install -y net-tools wine 50 | 51 | BLUE "Installing openssh-server..." 52 | apt install -y openssh-server 53 | 54 | BLUE "Installing vscodium..." 55 | apt install -y vscodium 56 | 57 | BLUE "Installing anonsurf..." 58 | apt install -y anonsurf 59 | 60 | BLUE "Installing tor..." 61 | apt install -y tor 62 | 63 | BLUE "Installing git..." 64 | sudo apt install -y git 65 | 66 | BLUE "Installing terminator..." 67 | sudo apt install -y terminator 68 | 69 | BLUE "Setting terminator as the default terminal emulator..." 70 | sed -i s/Exec=gnome-terminal/Exec=terminator/g /usr/share/applications/gnome-terminal.desktop 71 | 72 | BLUE "Enable Anonsurf at boot" 73 | ananon enable-boot 74 | 75 | BLUE "Installing openvpn..." 76 | sudo apt install -y openvpn 77 | 78 | BLUE "Installing nmap..." 79 | sudo apt-get install -y nmap 80 | 81 | BLUE "Installing RustScan..." 82 | wget "https://github.com/RustScan/RustScan/releases/download/2.0.1/rustscan_2.0.1_amd64.deb" -O rustscan_2.0.1_amd64.deb 83 | sudo dpkg -i ./rustscan_2.0.1_amd64.deb 84 | 85 | BLUE "Installing docker..." 86 | sudo apt-get install -y docker.io 87 | sudo groupadd docker 88 | sudo usermod -aG docker `logname` 89 | 90 | BLUE "Installing curl..." 91 | sudo apt-get install -y curl 92 | 93 | BLUE "Installing pinta..." 94 | sudo apt-get install -y pinta 95 | 96 | BLUE "Installing exiftool..." 97 | sudo apt-get install -y exiftool 98 | 99 | BLUE "Installing Python PIL..." 100 | sudo apt-get install -y python-pil 101 | 102 | BLUE "Installing sqlitebrowser..." 103 | sudo apt-get install -y sqlitebrowser 104 | 105 | BLUE "Installing Wireshark..." 106 | sudo apt-get install -y wireshark 107 | 108 | BLUE "Installing python-requests..." 109 | pip install requests 110 | 111 | BLUE "Installing Python flask..." 112 | sudo pip install flask 113 | 114 | BLUE "Installing Python flask-login..." 115 | sudo pip install flask-login 116 | 117 | BLUE "Installing Python colorama..." 118 | sudo pip install colorama 119 | 120 | BLUE "Installing Python passlib..." 121 | sudo pip install passlib 122 | 123 | BLUE "Installing Binwalk..." 124 | sudo apt install -y binwalk 125 | 126 | BLUE "Installing foremost..." 127 | sudo apt install -y foremost 128 | 129 | BLUE "Installing rot13..." 130 | sudo apt install -y bsdgames 131 | 132 | BLUE "Installing Python pwntools..." 133 | sudo pip install pwntools 134 | 135 | BLUE "Installing sqlite..." 136 | sudo apt install -y sqlite 137 | 138 | BLUE "Installing zbarimg..." 139 | sudo apt install -y zbar-tools 140 | 141 | BLUE "Installing qrencode..." 142 | sudo apt install -y qrencode 143 | 144 | BLUE "Installing pdfcrack..." 145 | sudo apt install -y pdfcrack 146 | 147 | BLUE "Downloading stegsolve.jar..." 148 | wget "http://www.caesum.com/handbook/Stegsolve.jar" -O "stegsolve.jar" 149 | chmod +x "stegsolve.jar" 150 | 151 | BLUE "Installing fcrackzip..." 152 | sudo apt install -y fcrackzip 153 | 154 | BLUE "Installing unrar..." 155 | sudo apt install -y unrar 156 | 157 | BLUE "Installing steghide..." 158 | sudo apt install -y steghide 159 | 160 | BLUE "Installing ffmpeg..." 161 | sudo apt install -y ffmpeg 162 | 163 | BLUE "Installing Python library netifaces..." 164 | sudo pip install netifaces 165 | 166 | BLUE "Installing Python library iptools..." 167 | sudo pip install iptools 168 | 169 | BLUE "Installing Python library OpenSSL..." 170 | sudo pip install pyopenssl 171 | 172 | BLUE "Installing Python library pydispatch..." 173 | sudo pip install pydispatch 174 | 175 | BLUE "Installing GIMP..." 176 | sudo apt install -y gimp 177 | 178 | BLUE "Installing cmake..." 179 | sudo apt install -y cmake 180 | 181 | BLUE "Installing sshpass..." 182 | sudo apt install -y sshpass 183 | 184 | BLUE "Installing tcpflow..." 185 | sudo apt install -y tcpflow 186 | 187 | BLUE "Installing Python scapy..." 188 | sudo pip install scapy 189 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Creative Commons Legal Code 2 | 3 | CC0 1.0 Universal 4 | 5 | CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE 6 | LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN 7 | ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS 8 | INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES 9 | REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS 10 | PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM 11 | THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED 12 | HEREUNDER. 13 | 14 | Statement of Purpose 15 | 16 | The laws of most jurisdictions throughout the world automatically confer 17 | exclusive Copyright and Related Rights (defined below) upon the creator 18 | and subsequent owner(s) (each and all, an "owner") of an original work of 19 | authorship and/or a database (each, a "Work"). 20 | 21 | Certain owners wish to permanently relinquish those rights to a Work for 22 | the purpose of contributing to a commons of creative, cultural and 23 | scientific works ("Commons") that the public can reliably and without fear 24 | of later claims of infringement build upon, modify, incorporate in other 25 | works, reuse and redistribute as freely as possible in any form whatsoever 26 | and for any purposes, including without limitation commercial purposes. 27 | These owners may contribute to the Commons to promote the ideal of a free 28 | culture and the further production of creative, cultural and scientific 29 | works, or to gain reputation or greater distribution for their Work in 30 | part through the use and efforts of others. 31 | 32 | For these and/or other purposes and motivations, and without any 33 | expectation of additional consideration or compensation, the person 34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she 35 | is an owner of Copyright and Related Rights in the Work, voluntarily 36 | elects to apply CC0 to the Work and publicly distribute the Work under its 37 | terms, with knowledge of his or her Copyright and Related Rights in the 38 | Work and the meaning and intended legal effect of CC0 on those rights. 39 | 40 | 1. Copyright and Related Rights. A Work made available under CC0 may be 41 | protected by copyright and related or neighboring rights ("Copyright and 42 | Related Rights"). Copyright and Related Rights include, but are not 43 | limited to, the following: 44 | 45 | i. the right to reproduce, adapt, distribute, perform, display, 46 | communicate, and translate a Work; 47 | ii. moral rights retained by the original author(s) and/or performer(s); 48 | iii. publicity and privacy rights pertaining to a person's image or 49 | likeness depicted in a Work; 50 | iv. rights protecting against unfair competition in regards to a Work, 51 | subject to the limitations in paragraph 4(a), below; 52 | v. rights protecting the extraction, dissemination, use and reuse of data 53 | in a Work; 54 | vi. database rights (such as those arising under Directive 96/9/EC of the 55 | European Parliament and of the Council of 11 March 1996 on the legal 56 | protection of databases, and under any national implementation 57 | thereof, including any amended or successor version of such 58 | directive); and 59 | vii. other similar, equivalent or corresponding rights throughout the 60 | world based on applicable law or treaty, and any national 61 | implementations thereof. 62 | 63 | 2. Waiver. To the greatest extent permitted by, but not in contravention 64 | of, applicable law, Affirmer hereby overtly, fully, permanently, 65 | irrevocably and unconditionally waives, abandons, and surrenders all of 66 | Affirmer's Copyright and Related Rights and associated claims and causes 67 | of action, whether now known or unknown (including existing as well as 68 | future claims and causes of action), in the Work (i) in all territories 69 | worldwide, (ii) for the maximum duration provided by applicable law or 70 | treaty (including future time extensions), (iii) in any current or future 71 | medium and for any number of copies, and (iv) for any purpose whatsoever, 72 | including without limitation commercial, advertising or promotional 73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each 74 | member of the public at large and to the detriment of Affirmer's heirs and 75 | successors, fully intending that such Waiver shall not be subject to 76 | revocation, rescission, cancellation, termination, or any other legal or 77 | equitable action to disrupt the quiet enjoyment of the Work by the public 78 | as contemplated by Affirmer's express Statement of Purpose. 79 | 80 | 3. Public License Fallback. Should any part of the Waiver for any reason 81 | be judged legally invalid or ineffective under applicable law, then the 82 | Waiver shall be preserved to the maximum extent permitted taking into 83 | account Affirmer's express Statement of Purpose. In addition, to the 84 | extent the Waiver is so judged Affirmer hereby grants to each affected 85 | person a royalty-free, non transferable, non sublicensable, non exclusive, 86 | irrevocable and unconditional license to exercise Affirmer's Copyright and 87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the 88 | maximum duration provided by applicable law or treaty (including future 89 | time extensions), (iii) in any current or future medium and for any number 90 | of copies, and (iv) for any purpose whatsoever, including without 91 | limitation commercial, advertising or promotional purposes (the 92 | "License"). The License shall be deemed effective as of the date CC0 was 93 | applied by Affirmer to the Work. Should any part of the License for any 94 | reason be judged legally invalid or ineffective under applicable law, such 95 | partial invalidity or ineffectiveness shall not invalidate the remainder 96 | of the License, and in such case Affirmer hereby affirms that he or she 97 | will not (i) exercise any of his or her remaining Copyright and Related 98 | Rights in the Work or (ii) assert any associated claims and causes of 99 | action with respect to the Work, in either case contrary to Affirmer's 100 | express Statement of Purpose. 101 | 102 | 4. Limitations and Disclaimers. 103 | 104 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 105 | surrendered, licensed or otherwise affected by this document. 106 | b. Affirmer offers the Work as-is and makes no representations or 107 | warranties of any kind concerning the Work, express, implied, 108 | statutory or otherwise, including without limitation warranties of 109 | title, merchantability, fitness for a particular purpose, non 110 | infringement, or the absence of latent or other defects, accuracy, or 111 | the present or absence of errors, whether or not discoverable, all to 112 | the greatest extent permissible under applicable law. 113 | c. Affirmer disclaims responsibility for clearing rights of other persons 114 | that may apply to the Work or any use thereof, including without 115 | limitation any person's Copyright and Related Rights in the Work. 116 | Further, Affirmer disclaims responsibility for obtaining any necessary 117 | consents, permissions or other rights required for any use of the 118 | Work. 119 | d. Affirmer understands and acknowledges that Creative Commons is not a 120 | party to this document and has no duty or obligation with respect to 121 | this CC0 or use of the Work. 122 | -------------------------------------------------------------------------------- /ubuntu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Define colors... 4 | RED=`tput bold && tput setaf 1` 5 | GREEN=`tput bold && tput setaf 2` 6 | YELLOW=`tput bold && tput setaf 3` 7 | BLUE=`tput bold && tput setaf 4` 8 | NC=`tput sgr0` 9 | 10 | function RED(){ 11 | echo -e "\n${RED}${1}${NC}" 12 | } 13 | function GREEN(){ 14 | echo -e "\n${GREEN}${1}${NC}" 15 | } 16 | function YELLOW(){ 17 | echo -e "\n${YELLOW}${1}${NC}" 18 | } 19 | function BLUE(){ 20 | echo -e "\n${BLUE}${1}${NC}" 21 | } 22 | 23 | # Testing if root... 24 | if [ $UID -ne 0 ] 25 | then 26 | RED "You must run this script as root!" && echo 27 | exit 28 | fi 29 | 30 | BLUE "Implementing DotFiles..." 31 | cd; curl -#L https://github.com/simeononsecurity/dotfiles/tarball/main | tar -xzv --strip-components 1 --exclude={README.md,bootstrap.sh,.osx,LICENSE-MIT.txt} 32 | 33 | BLUE "Adding REPOS..." 34 | #Install pre-requisite packages. 35 | sudo apt-get install -y wget apt-transport-https software-properties-common 36 | #AnyDesk Repos 37 | wget -qO - https://keys.anydesk.com/repos/DEB-GPG-KEY | apt-key add - 38 | echo "deb http://deb.anydesk.com/ all main" > /etc/apt/sources.list.d/anydesk-stable.list 39 | #TeamViewer Repos 40 | #https://vitux.com/how-to-install-teamviewer-on-ubuntu/ 41 | wget https://download.teamviewer.com/download/linux/signature/TeamViewer2017.asc 42 | sudo apt-key add TeamViewer2017.asc 43 | sudo rm /etc/apt/sources.list.d/teamviewer.list 44 | sudo sh -c 'echo "deb http://linux.teamviewer.com/deb stable main" >> /etc/apt/sources.list.d/teamviewer.list' 45 | #Wine Repos 46 | sudo apt-add-repository 'deb https://dl.winehq.org/wine-builds/ubuntu/ bionic main' 47 | sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F987672F 48 | # Enable Ubuntu Repos 49 | sudo add-apt-repository universe 50 | sudo add-apt-repository multiverse 51 | sudo add-apt-repository restricted 52 | 53 | BLUE "Update and Upgrade" 54 | sudo apt-get update 55 | sudo apt-get full-upgrade -y 56 | 57 | BLUE "Configure Firewall" 58 | #https://github.com/ChrisTitusTech/firewallsetup 59 | sudo apt-get install -y ufw gufw iptables-persistent 60 | # Drop ICMP echo-request messages sent to broadcast or multicast addresses 61 | echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts 62 | # Drop source routed packets 63 | echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route 64 | # Enable TCP SYN cookie protection from SYN floods 65 | echo 1 > /proc/sys/net/ipv4/tcp_syncookies 66 | # Don't accept ICMP redirect messages 67 | echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects 68 | # Don't send ICMP redirect messages 69 | echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects 70 | # Enable source address spoofing protection 71 | echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter 72 | # Log packets with impossible source addresses 73 | echo 1 > /proc/sys/net/ipv4/conf/all/log_martians 74 | # Flush all chains 75 | /sbin/iptables --flush 76 | # Allow unlimited traffic on the loopback interface 77 | /sbin/iptables -A INPUT -i lo -j ACCEPT 78 | /sbin/iptables -A OUTPUT -o lo -j ACCEPT 79 | # Set default policies 80 | /sbin/iptables --policy INPUT DROP 81 | /sbin/iptables --policy OUTPUT DROP 82 | /sbin/iptables --policy FORWARD DROP 83 | # Previously initiated and accepted exchanges bypass rule checking 84 | # Allow unlimited outbound traffic 85 | /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 86 | /sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 87 | #Ratelimit SSH for attack protection 88 | /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP 89 | /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set 90 | /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT 91 | # Other rules for future use if needed. Uncomment to activate 92 | # /sbin/iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT # http 93 | # /sbin/iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT # https 94 | # UDP packet rule. This is just a random udp packet rule as an example only 95 | # /sbin/iptables -A INPUT -p udp --dport 5021 -m state --state NEW -j ACCEPT 96 | # Allow pinging of your server 97 | /sbin/iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 98 | # Drop all other traffic 99 | /sbin/iptables -A INPUT -j DROP 100 | # print the activated rules to the console when script is completed 101 | /sbin/iptables -nL 102 | sudo /etc/init.d/netfilter-persistent save 103 | sudo ufw allow 22 104 | sudo ufw allow 3389 105 | sudo ufw enable 106 | 107 | BLUE "Installing Packages" 108 | sudo apt-get install -y open-vm-tools curl ubuntu-restricted-extras libdvd-pkg ubuntu-restricted-addons gnome-tweak-tool synaptic net-tools docker.io flatpak gnome-software-plugin-flatpak vlc anydesk teamviewer xrdp wine openssh-server tor git terminator openvpn nmap john hashcat hydra gtk2.0 hydra-gtk ophcrack libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird-dev pinta exiftool python-pil sqlitebrowser wireshark python3-pip binwalk foremost bsdgames sqlite zbar-tools qrencode pdfcrack fcrackzip unrar steghide ffmpeg exiftool unzip zip foremost p7zip-full gimp cmake sshpass tcpflow obs-studio 109 | 110 | BLUE "Clone konstruktoid/hardening ..." 111 | BLUE "Must modify ubuntu.cfg in ./hardening ..." 112 | git clone https://github.com/konstruktoid/hardening.git 113 | 114 | BLUE "Removing Apport and Web Launchers..." 115 | sudo apt remove -y apport apport-gtk ubuntu-web-launchers 116 | 117 | BLUE "Installing VMWare Workstation" 118 | #https://gist.github.com/111A5AB1/6a6eed3ca3a87eea59bca90be2f8807b 119 | # Download and install VMware Workstation Pro for Linux 120 | set -e 121 | export PATH='/usr/bin' 122 | readonly VMWARE_WKSTN_SERIAL='' 123 | readonly DOWNLOAD_URL='https://www.vmware.com/go/getWorkstation-linux' 124 | # Download the latest version of VMware Workstation Pro for Linux if required. 125 | if [ ! -f vmware.bin ]; then 126 | curl --progress-bar \ 127 | --proto -all,https \ 128 | --location \ 129 | --proto-redir -all,https \ 130 | --max-redirs 1 \ 131 | --output vmware.bin \ 132 | --url "${DOWNLOAD_URL}" 133 | fi 134 | # libncursew5 is required for console installation. Install the package if not 135 | # already present on the system. 136 | if ! dpkg-query -W -f='${Status}' libncurses5-dev | grep "ok installed"; then sudo apt install libncurses5-dev libncursesw5-dev --quiet --yes --no-install-recommends 137 | fi 138 | # Install VMware Workstation Pro 139 | sudo sh ./vmware.bin \ 140 | --console \ 141 | --eulas-agreed \ 142 | --set-setting vmware-workstation serialNumber "${VMWARE_WKSTN_SERIAL}" \ 143 | --required 144 | # Disable CEIP 145 | sudo sed -i 's/dataCollectionEnabled = "yes"/dataCollectionEnabled = "no"/' /etc/vmware/config 146 | # Disable automatic software updates 147 | sudo sed -i 's/autoSoftwareUpdateEnabled = "yes"/autoSoftwareUpdateEnabled = "no"/' /etc/vmware/config 148 | 149 | BLUE "Installing RustScan..." 150 | wget "https://github.com/RustScan/RustScan/releases/download/2.0.1/rustscan_2.0.1_amd64.deb" -O rustscan_2.0.1_amd64.deb 151 | sudo dpkg -i ./rustscan_2.0.1_amd64.deb 152 | 153 | BLUE "Installing SecLists..." 154 | wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \ 155 | && unzip SecList.zip \ 156 | && rm -f SecList.zip 157 | 158 | BLUE "Installing python libraries" 159 | sudo python3 -m pip install requests flask flask-login flask-login colorama passlib pwntools netifaces iptools pyopenssl pydispatch stegoveritas scapy 160 | 161 | BLUE "Installing PowerShell..." 162 | #https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7.1 163 | # Download the Microsoft repository GPG keys 164 | wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb 165 | # Register the Microsoft repository GPG keys 166 | sudo dpkg -i packages-microsoft-prod.deb 167 | # Update the list of products 168 | sudo apt-get update 169 | # Install PowerShell 170 | sudo apt-get install -y powershell 171 | 172 | BLUE "Installing Maltego" 173 | wget "https://maltego-downloads.s3.us-east-2.amazonaws.com/linux/Maltego.v4.2.15.13632.deb" -O Maltego.v4.2.15.13632.deb 174 | sudo dpkg -i Maltego.v4.2.15.13632.deb 175 | 176 | BLUE "Downloading stegsolve.jar..." 177 | wget "http://www.caesum.com/handbook/Stegsolve.jar" -O "stegsolve.jar" 178 | chmod +x "stegsolve.jar" 179 | 180 | BLUE "Cleaning Up..." 181 | sudo apt-get autoclean -y 182 | sudo apt-get autoremove -y 183 | sudo apt-get clean -y 184 | -------------------------------------------------------------------------------- /windows10-basic.ps1: -------------------------------------------------------------------------------- 1 | Start-Job -Name "Install and Configure Chocolatey" -ScriptBlock { 2 | Write-Host "Installing Chocolatey" 3 | # Setting up directories for values 4 | Set-ExecutionPolicy Bypass -Scope Process -Force 5 | [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 6 | Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) 7 | choco feature enable -n=allowGlobalConfirmation 8 | choco feature enable -n=useFipsCompliantChecksums 9 | choco feature enable -n=useEnhancedExitCodes 10 | choco config set commandExecutionTimeoutSeconds 14400 11 | choco config set --name="'cacheLocation'" --value="'C:\temp\chococache'" 12 | choco config set --name="'proxyBypassOnLocal'" --value="'true'" 13 | choco upgrade all 14 | refreshenv 15 | Start-Job -Name "Installing Windows Updates" -ScriptBlock { 16 | Write-Host "Install Latest Windows Updates" 17 | choco install pswindowsupdate 18 | Set-Executionpolicy -ExecutionPolicy RemoteSigned -Force 19 | Import-Module PSWindowsUpdate -Force 20 | Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d -Confirm:$false 21 | Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -Install 22 | Get-WuInstall -AcceptAll -IgnoreReboot -IgnoreUserInput -nottitle 'preview' 23 | Get-WindowsUpdate –Install 24 | } 25 | } 26 | 27 | Start-Job -Name "Installing Browsers" -Scriptblock { 28 | Write-Host "Installing Browsers" 29 | choco install googlechrome firefox microsoft-edge 30 | } 31 | 32 | Start-Job -Name "Installing Administrative, Networking, and Security Tools " -Scriptblock { 33 | Write-Host "Installing Administration Tools" 34 | choco install driverbooster 35 | 36 | Write-Host "Installing Logging Tools" 37 | choco install sysmon 38 | 39 | Write-Host "Installing Terminals" 40 | choco install powershell4 powershell powershellhere-elevated powershell.portable microsoft-windows-terminal 41 | } 42 | 43 | Start-Job -Name "Installing Dev Tools" -Scriptblock { 44 | Write-Host "Installing Java" 45 | choco install jre8 openjdk openjdk.portable 46 | } 47 | 48 | Start-Job -Name "Installing Other Tools and Software" -Scriptblock { 49 | Write-host "Installing PatchMyPCHome" 50 | choco install patch-my-pc --ignore-checksum 51 | 52 | Write-host "Installing Media Software" 53 | choco install vlc 54 | 55 | Write-Host "Installing Document Readers and Editors" 56 | choco install adobereader onlyoffice joplin 57 | 58 | Write-Host "Installing Misc." 59 | choco install 7zip.install 60 | } 61 | 62 | Start-Job -Name "Customizations" -ScriptBlock { 63 | 64 | Write-Host "Configuring Windows - Optimizations, Debloating," 65 | New-Item "C:\" -Name "temp" -ItemType "directory" -Force 66 | iwr -useb 'https://simeononsecurity.ch/scripts/windowsoptimizeandharden.ps1' | iex 67 | Start-Job -Name "System Wide Ad and Tracker Blocking" -ScriptBlock { 68 | iwr -useb 'https://simeononsecurity.ch/scripts/soswindowsadblocker.ps1' | iex 69 | } 70 | #Start-Job -Name "SoS Branding" -ScriptBlock { 71 | # iwr -useb 'https://simeononsecurity.ch/scripts/sosbranding.ps1' | iex 72 | #} 73 | Start-Job -Name "SoS Sysmon" -ScriptBlock { 74 | iwr -useb 'https://simeononsecurity.ch/scripts/sosautomatesysmon.ps1'|iex 75 | } 76 | 77 | 78 | #Set Screen Timeout to 15 Minutes 79 | powercfg -change -monitor-timeout-ac 15 80 | 81 | Write-Host "Enable Darkmode" 82 | New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Force | Out-Null 83 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name AppsUseLightTheme -Type "DWORD" -Value "00000000" -Force | Out-Null 84 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name SystemUsesLightTheme -Type "DWORD" -Value "00000000" -Force | Out-Null 85 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name ColorPrevalence -Type "DWORD" -Value "00000000" -Force | Out-Null 86 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name EnableTransparency -Type "DWORD" -Value "00000001" -Force | Out-Null 87 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name AppsUseLightTheme -Type "DWORD" -Value "00000000" -Force | Out-Null 88 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name SystemUsesLightTheme -Type "DWORD" -Value "00000000" -Force | Out-Null 89 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name ColorPrevalence -Type "DWORD" -Value "00000000" -Force | Out-Null 90 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name EnableTransparency -Type "DWORD" -Value "00000001" -Force | Out-Null 91 | 92 | Write-Host "Setting OEM Information" 93 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name Manufacturer -Type String -Value "SimeonOnSecurity" -Force 94 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name Model -Type String -Value "Super Secure Super Optimized PC" -Force 95 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name SupportHours -Type String -Value "0800-1800 Central" -Force 96 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name SupportPhone -Type String -Value "1-800-555-1234" -Force 97 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name SupportURL -Type String -Value "https://simeononsecurity.ch" -Force 98 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name HelpCustomized -Type DWORD -Value "0" -Force 99 | 100 | Write-Host "Setting Registered Information" 101 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name RegisteredOwner -Type String -Value "SimeonOnSecurity" -Force 102 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name RegisteredOrganization -Type String -Value "SimeonOnSecurity" -Force 103 | 104 | #Clear Start Menu 105 | #https://github.com/builtbybel/privatezilla/blob/master/scripts/Unpin%20Startmenu%20Tiles.ps1 106 | $START_MENU_LAYOUT = @" 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | "@ 116 | $layoutFile = "C:\Windows\StartMenuLayout.xml" 117 | 118 | #Delete layout file if it already exists 119 | If (Test-Path $layoutFile) { 120 | Remove-Item $layoutFile 121 | } 122 | #Creates the blank layout file 123 | $START_MENU_LAYOUT | Out-File $layoutFile -Encoding ASCII 124 | $regAliases = @("HKLM", "HKCU") 125 | #Assign the start layout and force it to apply with "LockedStartLayout" at both the machine and user level 126 | foreach ($regAlias in $regAliases) { 127 | $basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows" 128 | $keyPath = $basePath + "\Explorer" 129 | IF (!(Test-Path -Path $keyPath)) { 130 | New-Item -Path $basePath -Name "Explorer" 131 | } 132 | Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 1 133 | Set-ItemProperty -Path $keyPath -Name "StartLayoutFile" -Value $layoutFile 134 | } 135 | #Restart Explorer, open the start menu (necessary to load the new layout), and give it a few seconds to process 136 | Stop-Process -Force -name explorer 137 | Start-Sleep -s 5 138 | $wshell = New-Object -ComObject wscript.shell; $wshell.SendKeys('^{ESCAPE}') 139 | Start-Sleep -s 5 140 | #Enable the ability to pin items again by disabling "LockedStartLayout" 141 | foreach ($regAlias in $regAliases) { 142 | $basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows" 143 | $keyPath = $basePath + "\Explorer" 144 | Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 0 145 | } 146 | #Restart Explorer and delete the layout file 147 | Stop-Process -Force -name explorer 148 | #Uncomment the next line to make clean start menu default for all new users 149 | Import-StartLayout -LayoutPath $layoutFile -MountPath $env:SystemDrive\ 150 | Remove-Item $layoutFile 151 | 152 | Write-Host "Disabling Action Center..." 153 | If (!(Test-Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { 154 | New-Item -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null 155 | } 156 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1 157 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0 158 | 159 | #Auto Update Choco Packages 160 | $Sta = New-ScheduledTaskAction -Execute "powershell -Command 'choco upgrade all'" 161 | $Stset = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -RunOnlyIfIdle -IdleDuration 00:02:00 -IdleWaitTimeout 02:30:00 -ExecutionTimeLimit (New-TimeSpan -Hours 1) -DontStopOnIdleEnd -WakeToRun 162 | Register-ScheduledTask Task02 -Action $Sta -Settings $Stset 163 | } 164 | -------------------------------------------------------------------------------- /macos.sh: -------------------------------------------------------------------------------- 1 | # Enforce system hibernation and evict FileVault keys from memory instead of traditional sleep to memory: 2 | sudo pmset -a destroyfvkeyonstandby 1 3 | sudo pmset -a hibernatemode 25 4 | sudo pmset -a powernap 0 5 | sudo pmset -a standby 0 6 | sudo pmset -a standbydelay 0 7 | sudo pmset -a autopoweroff 0 8 | 9 | # Setting a firmware password prevents a Mac from starting up from any device other than the startup disk. It may also be set to be required on each boot. 10 | sudo firmwarepasswd -setpasswd -setmode command 11 | 12 | # https://github.com/drduh/macOS-Security-and-Privacy-Guide#application-layer-firewall 13 | # Built-in, basic firewall which blocks incoming connections only. This firewall does not have the ability to monitor, nor block outgoing connections. 14 | sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on 15 | sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on 16 | sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on 17 | 18 | # Prevent built-in software as well as code-signed, downloaded software from being whitelisted automatically 19 | sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setallowsigned off 20 | sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setallowsignedapp off 21 | 22 | # socketfilterfw, restart the process by sending a line hangup signal: 23 | sudo pkill -HUP socketfilterfw 24 | 25 | echo 'wifi = "en0" 26 | ether = "en7" 27 | set block-policy drop 28 | set fingerprints "/etc/pf.os" 29 | set ruleset-optimization basic 30 | set skip on lo0 31 | scrub in all no-df 32 | table persist 33 | block in log 34 | block in log quick from no-route to any 35 | block log on $wifi from { } to any 36 | block log on $wifi from any to { } 37 | antispoof quick for { $wifi $ether } 38 | pass out proto tcp from { $wifi $ether } to any keep state 39 | pass out proto udp from { $wifi $ether } to any keep state 40 | pass out proto icmp from $wifi to any keep state' > pf.rules 41 | 42 | # enable the firewall and load the configuration 43 | sudo pfctl -e -f pf.rules 44 | # disable the firewall 45 | # sudo pfctl -d 46 | # add an IP address to the blocklist 47 | # sudo pfctl -t blocklist -T add 1.2.3.4 48 | # view the blocklist 49 | # sudo pfctl -t blocklist -T show 50 | # create an interface for logging 51 | # sudo ifconfig pflog0 create 52 | # view filtered packets 53 | # sudo tcpdump -ni pflog0 54 | 55 | #Install homebrew 56 | sudo mkdir homebrew && curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C homebrew 57 | echo 'PATH=$PATH:~/homebrew/sbin:~/homebrew/bin:/opt/local/bin' >> .zshrc 58 | chsh -s /bin/zsh 59 | brew update 60 | export HOMEBREW_NO_ANALYTICS=1 61 | brew analytics off 62 | sudo chown -R $(whoami) /usr/local/lib/pkgconfig 63 | 64 | #sudo curl https://github.com/macports/macports-base/releases/download/v2.7.1/MacPorts-2.7.1-12-Monterey.pkg -o MacPorts-2.7.1-12-Monterey.pkg 65 | #sudo installer -pkg MacPorts-2.7.1-12-Monterey.pkg -target / 66 | sudo curl https://github.com/macports/macports-base/releases/download/v2.7.1/MacPorts-2.7.1.tar.gz -o MacPorts-2.7.1.tar.gz 67 | tar -xzvf MacPorts-2.7.1.tar.gz 68 | cd MacPorts-2.7.1 69 | ./configure && make && sudo make install 70 | cd ../ 71 | rm -rf MacPorts-2.7.1* 72 | 73 | export PATH=/opt/local/bin:/opt/local/sbin:$PATH 74 | export MANPATH=/opt/local/share/man:$MANPATH 75 | export DISPLAY=:0.0 76 | sudo port install opendoas 77 | 78 | curl https://raw.githubusercontent.com/drduh/config/master/scripts/pf-blocklist.sh -o "pf-blocklist.sh" 79 | sudo chmod +x ./pf-blocklist.sh 80 | sudo bash ./pf-blocklist.sh 81 | 82 | #Manage Hosts File 83 | sudo curl https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | sudo tee -a /etc/hosts 84 | sudo curl https://raw.githubusercontent.com/l1k/osxparanoia/master/hosts | sudo tee -a /etc/hosts 85 | sudo curl https://someonewhocares.org/hosts/zero/hosts | sudo tee -a /etc/hosts 86 | wc -l /etc/hosts 87 | egrep -ve "^#|^255.255.255.255|^127.|^0.|^::1|^ff..::|^fe80::" /etc/hosts | sort | uniq | egrep -e "[1,2]|::" 88 | 89 | #Disable Captive Portal Detection 90 | sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control.plist Active -bool false 91 | 92 | #Install / Update Curl 93 | brew install curl 94 | 95 | #gnupg 96 | brew install gnupg 97 | sudo curl -o ~/.gnupg/gpg.conf https://raw.githubusercontent.com/drduh/config/master/gpg.conf 98 | 99 | #Gatekeeper and XProtect 100 | :>~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 101 | sudo chflags schg ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 102 | sudo spctl --master-disable 103 | 104 | #Clear some metadata 105 | #clear bluetooth metadata 106 | sudo defaults delete /Library/Preferences/com.apple.Bluetooth.plist DeviceCache 107 | sudo defaults delete /Library/Preferences/com.apple.Bluetooth.plist IDSPairedDevices 108 | sudo defaults delete /Library/Preferences/com.apple.Bluetooth.plist PANDevices 109 | sudo defaults delete /Library/Preferences/com.apple.Bluetooth.plist PANInterfaces 110 | sudo defaults delete /Library/Preferences/com.apple.Bluetooth.plist SCOAudioDevices 111 | #clear print spool 112 | sudo rm -rfv /var/spool/cups/c0* 113 | sudo rm -rfv /var/spool/cups/tmp/* 114 | sudo rm -rfv /var/spool/cups/cache/job.cache* 115 | # clear connected ios devices 116 | sudo defaults delete /Users/$USER/Library/Preferences/com.apple.iPod.plist "conn:128:Last Connect" 117 | sudo defaults delete /Users/$USER/Library/Preferences/com.apple.iPod.plist Devices 118 | sudo defaults delete /Library/Preferences/com.apple.iPod.plist "conn:128:Last Connect" 119 | sudo defaults delete /Library/Preferences/com.apple.iPod.plist Devices 120 | sudo rm -rfv /var/db/lockdown/* 121 | # clear thumbnail data 122 | sudo rm -rfv $(getconf DARWIN_USER_CACHE_DIR)/com.apple.QuickLook.thumbnailcache/thumbnails.fraghandler 123 | sudo rm -rfv $(getconf DARWIN_USER_CACHE_DIR)/com.apple.QuickLook.thumbnailcache/exclusive 124 | sudo rm -rfv $(getconf DARWIN_USER_CACHE_DIR)/com.apple.QuickLook.thumbnailcache/index.sqlite 125 | sudo rm -rfv $(getconf DARWIN_USER_CACHE_DIR)/com.apple.QuickLook.thumbnailcache/index.sqlite-shm 126 | sudo rm -rfv $(getconf DARWIN_USER_CACHE_DIR)/com.apple.QuickLook.thumbnailcache/index.sqlite-wal 127 | sudo rm -rfv $(getconf DARWIN_USER_CACHE_DIR)/com.apple.QuickLook.thumbnailcache/resetreason 128 | sudo rm -rfv $(getconf DARWIN_USER_CACHE_DIR)/com.apple.QuickLook.thumbnailcache/thumbnails.data 129 | sudo rm -rfv $(getconf DARWIN_USER_CACHE_DIR)/com.apple.QuickLook.thumbnailcache/thumbnails.fraghandler 130 | # clear finder preferences 131 | sudo defaults delete ~/Library/Preferences/com.apple.finder.plist FXDesktopVolumePositions 132 | sudo defaults delete ~/Library/Preferences/com.apple.finder.plist FXRecentFolders 133 | sudo defaults delete ~/Library/Preferences/com.apple.finder.plist RecentMoveAndCopyDestinations 134 | sudo defaults delete ~/Library/Preferences/com.apple.finder.plist RecentSearches 135 | sudo defaults delete ~/Library/Preferences/com.apple.finder.plist SGTRecentFileSearches 136 | # clear wifi data 137 | sudo nvram -d 36C28AB5-6566-4C50-9EBD-CBB920F83843:current-network 138 | sudo nvram -d 36C28AB5-6566-4C50-9EBD-CBB920F83843:preferred-networks 139 | sudo nvram -d 36C28AB5-6566-4C50-9EBD-CBB920F83843:preferred-count 140 | # clear and disable typing suggestions 141 | sudo rm -rfv "~/Library/LanguageModeling/*" "~/Library/Spelling/*" "~/Library/Suggestions/*" 142 | sudo chmod -R 000 ~/Library/LanguageModeling ~/Library/Spelling ~/Library/Suggestions 143 | sudo chflags -R uchg ~/Library/LanguageModeling ~/Library/Spelling ~/Library/Suggestions 144 | # Clear quicklook metadata 145 | sudo rm -rfv "~/Library/Application Support/Quick Look/*" 146 | sudo chmod -R 000 "~/Library/Application Support/Quick Look" 147 | sudo chflags -R uchg "~/Library/Application Support/Quick Look" 148 | # clear document revision metadata 149 | sudo rm -rfv /.DocumentRevisions-V100/* 150 | sudo chmod -R 000 /.DocumentRevisions-V100 151 | sudo chflags -R uchg /.DocumentRevisions-V100 152 | # clear application saved state metadata 153 | sudo rm -rfv "~/Library/Saved Application State/*" 154 | sudo rm -rfv "~/Library/Containers//Saved Application State" 155 | sudo chmod -R 000 "~/Library/Saved Application State/" 156 | sudo chmod -R 000 "~/Library/Containers//Saved Application State" 157 | sudo chflags -R uchg "~/Library/Saved Application State/" 158 | sudo chflags -R uchg "~/Library/Containers//Saved Application State" 159 | sudo rm -rfv "~/Library/Containers//Data/Library/Autosave Information" 160 | sudo rm -rfv "~/Library/Autosave Information" 161 | sudo chmod -R 000 "~/Library/Containers//Data/Library/Autosave Information" 162 | sudo chmod -R 000 "~/Library/Autosave Information" 163 | sudo chflags -R uchg "~/Library/Containers//Data/Library/Autosave Information" 164 | sudo chflags -R uchg "~/Library/Autosave Information" 165 | # clear siri metadata 166 | sudo rm -rfv ~/Library/Assistant/SiriAnalytics.db 167 | sudo chmod -R 000 ~/Library/Assistant/SiriAnalytics.db 168 | sudo chflags -R uchg ~/Library/Assistant/SiriAnalytics.db 169 | # clear itunes metadata 170 | sudo defaults delete ~/Library/Preferences/com.apple.iTunes.plist recentSearches 171 | # clear apple linked 172 | sudo defaults delete ~/Library/Preferences/com.apple.iTunes.plist StoreUserInfo 173 | sudo defaults delete ~/Library/Preferences/com.apple.iTunes.plist WirelessBuddyID 174 | 175 | #duti 176 | brew install duti 177 | sudo duti -s com.apple.Safari afp 178 | sudo duti -s com.apple.Safari ftp 179 | sudo duti -s com.apple.Safari nfs 180 | sudo duti -s com.apple.Safari smb 181 | sudo duti -s com.apple.TextEdit public.unix-executable 182 | 183 | #screenlock 184 | sudo defaults write com.apple.screensaver askForPassword -int 1 185 | sudo defaults write com.apple.screensaver askForPasswordDelay -int 0 186 | 187 | #expose hidden files 188 | sudo defaults write com.apple.finder AppleShowAllFiles -bool true 189 | sudo chflags nohidden ~/Library 190 | 191 | #filename extentions 192 | sudo defaults write NSGlobalDomain AppleShowAllExtensions -bool true 193 | 194 | #disable autosave to icloud 195 | sudo defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false 196 | 197 | #disable crash reporter 198 | sudo defaults write com.apple.CrashReporter DialogType none 199 | 200 | #disable bonjour 201 | sudo defaults write /Library/Preferences/com.apple.mDNSResponder.plist NoMulticastAdvertisements -bool YES 202 | 203 | # Privoxy 204 | brew install privoxy 205 | brew services start privoxy 206 | sudo mkdir homebrew/etc/privoxy/ 207 | sudo curl -o homebrew/etc/privoxy/config https://raw.githubusercontent.com/drduh/config/master/privoxy/config 208 | sudo curl -o homebrew/etc/privoxy/user.action https://raw.githubusercontent.com/drduh/config/master/privoxy/user.action 209 | brew services restart privoxy 210 | sudo networksetup -setwebproxy "Wi-Fi" 127.0.0.1 8118 211 | sudo networksetup -setsecurewebproxy "Wi-Fi" 127.0.0.1 8118 212 | #sudo networksetup -setsecurewebproxystate Wi-Fi off 213 | #sudo networksetup -setwebproxystate Wi-Fi off 214 | 215 | #Install Dns Crypt 216 | #brew install dnsmasq 217 | #sudo mkdir homebrew/etc 218 | #sudo curl -o homebrew/etc/dnsmasq.conf https://raw.githubusercontent.com/drduh/config/master/dnsmasq.conf 219 | #brew services start dnsmasq 220 | #sudo networksetup -setdnsservers "Wi-Fi" 127.0.0.1 221 | #sudo networksetup -setdnsservers "Wi-Fi" 1.1.1.1 222 | 223 | # https://github.com/tiiiecherle/osx_install_config 224 | sh -c "$(curl -fsSL https://raw.githubusercontent.com/tiiiecherle/osx_install_config/master/_config_file/install_config_file.sh)" 225 | sh -c "$(curl -sL https://raw.githubusercontent.com/tiiiecherle/osx_install_config/master/14_samba/14a_samba.sh)" 226 | sh -c "$(curl -sL https://raw.githubusercontent.com/tiiiecherle/osx_install_config/master/01_recovery_settings_and_nvram/1b_nvram.sh)" 227 | sh -c "$(curl -sL https://github.com/tiiiecherle/osx_install_config/raw/master/03_homebrew_casks_and_mas/3f_homebrew_ssh1.sh)" 228 | 229 | # Auditing Fixes 230 | sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist 231 | sudo /usr/bin/sed -i.bak '/^policy/ s/$/,ahlt/' /etc/security/audit_control; sudo /usr/sbin/audit -s 232 | -------------------------------------------------------------------------------- /windows10-miningrig.ps1: -------------------------------------------------------------------------------- 1 | Start-Job -Name "Install and Configure Chocolatey" -ScriptBlock { 2 | Write-Host "Installing Chocolatey" 3 | # Setting up directories for values 4 | Set-ExecutionPolicy Bypass -Scope Process -Force 5 | [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 6 | Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) 7 | choco feature enable -n=allowGlobalConfirmation 8 | choco feature enable -n=useFipsCompliantChecksums 9 | choco feature enable -n=useEnhancedExitCodes 10 | choco feature disable -n=checksumFiles #Fipsmode implementation is currently broken for some packages 11 | choco config set commandExecutionTimeoutSeconds 14400 12 | choco config set --name="'cacheLocation'" --value="'C:\temp\chococache'" 13 | choco config set --name="'proxyBypassOnLocal'" --value="'true'" 14 | choco upgrade all --ignore-checksums 15 | refreshenv 16 | Start-Job -Name "Installing Windows Updates" -ScriptBlock { 17 | Write-Host "Install Latest Windows Updates" 18 | choco install pswindowsupdate 19 | Set-Executionpolicy -ExecutionPolicy RemoteSigned -Force 20 | Import-Module PSWindowsUpdate -Force 21 | Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d -Confirm:$false 22 | Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -Install 23 | Get-WuInstall -AcceptAll -IgnoreReboot -IgnoreUserInput -nottitle 'preview' 24 | Get-WindowsUpdate –Install 25 | } 26 | Start-Job -Name "Installing Graphics Drivers" -ScriptBlock { 27 | choco install nvidia-display-driver cuda 28 | } 29 | Start-Job -Name "Install Software" -ScriptBlock { 30 | Write-Host "Installing Software" 31 | choco install evga-precision-x1 msiafterburner gpu-z hwinfo ddu driverbooster disable-nvidia-telemetry teamviewer 32 | choco upgrade all 33 | } 34 | } 35 | 36 | Start-Job -Name "Mining Specific Configurations and Optimizations" -ScriptBlock { 37 | Write-Host "Mining Specific Configurations and Optimizations" 38 | #Force contiguous memory allocation in the NVIDIA driver 39 | #https://sites.google.com/view/melodystweaks/basictweaks#h.rfiwlr7de6uh 40 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Class\{ 4d36e968-e325-11ce-bfc1-08002be10318 }\0000" -Name "PreferSystemMemoryContiguous" -Type "DWORD" -Value "1" -Force 41 | 42 | #Enable Ultimate Performance 43 | powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61 44 | powercfg /setactive e9a42b02-d5df-448d-aa00-03f14749eb61 45 | 46 | #Set Screen Timeout to 15 Minutes 47 | powercfg -change -monitor-timeout-ac 15 48 | 49 | #Disable Hibernate 50 | powercfg -h off 51 | 52 | #Windows Defender Exclusions 53 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\Temp\NVIDIA Corporation\NV_Cache" 54 | Add-MpPreference -ExclusionPath $env:PROGRAMDATA"\NVIDIA Corporation\NV_Cache" 55 | Add-MpPreference -ExclusionPath $env:USERPROFILE"\Desktop" 56 | Add-MpPreference -ExclusionPath $env:USERPROFILE"\Downloads" 57 | 58 | #Awesome Miner Windows Defender Exclusions 59 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\AwesomeMiner" 60 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\AwesomeMinerService" 61 | Add-MpPreference -ExclusionPath $env:APPDATA"\AwesomeMiner" 62 | Add-MpPreference -ExclusionPath $env:APPDATA"\AwesomeMinerService" 63 | Add-MpPreference -ExclusionPath $env:PROGRAMDATA"\AwesomeMinerService" 64 | 65 | #NiceHash Miner Windows Defender Exclusions 66 | Add-MpPreference -ExclusionPath "C:\NiceHash\" 67 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\Programs\NiceHashMiner" 68 | 69 | #Disable Windows Updates 70 | #https://blogs.technet.microsoft.com/jamesone/2009/01/27/managing-windows-update-with-powershell/ 71 | #https://msdn.microsoft.com/en-us/library/windows/desktop/aa385806(v=vs.85).aspx 72 | $AUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings 73 | $AUSettings.NotificationLevel = 1 74 | $AUSettings.Save 75 | New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\" -Name "AU" -Force 76 | Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name NoAutoUpdate -Type "DWORD" -Value 0 -Force 77 | Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name AUOptions -Type "DWORD" -Value 2 -Force 78 | Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name ScheduledInstallDay -Type "DWORD" -Value 0 -Force 79 | Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name ScheduledInstallTime -Type "DWORD" -Value 3 -Force 80 | New-Item -Path "HKLM:\Software\Microsoft\PolicyManager\current\device\" -Name "Update" -Force 81 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\current\device\Update" -Name ExcludeWUDriversInQualityUpdate -Type "DWORD" -Value 1 -Force 82 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\Update" -Name ExcludeWUDriversInQualityUpdate -Type "DWORD" -Value 1 -Force 83 | New-Item -Path "HKLM:\Software\Microsoft\PolicyManager\default\Update\" -Name "ExcludeWUDriversInQualityUpdates" -Force 84 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdates" -Name Value -Type "DWORD" -Value 1 -Force 85 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name ExcludeWUDriversInQualityUpdate -Type "DWORD" -Value 1 -Force 86 | Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" -Name ExcludeWUDriversInQualityUpdate -Type "DWORD" -Value 1 -Force 87 | 88 | #Increase Windows PageFile 89 | <# 90 | $DriveLetters = (Get-WmiObject -Class Win32_Volume).DriveLetter 91 | ForEach ($Drive in $DriveLetters) { 92 | If (-not ([string]::IsNullOrEmpty($Drive))) { 93 | Set-WmiInstance -Class Win32_PageFileSetting -Arguments @{name="$Drive:\pagefile.sys"; InitialSize = 0; MaximumSize = 0} 94 | } 95 | } 96 | #> 97 | $pagefile = Get-WmiObject Win32_ComputerSystem -EnableAllPrivileges 98 | $pagefile.AutomaticManagedPagefile = $false 99 | $pagefile.put() | Out-Null 100 | $pagefileset = Get-WmiObject Win32_pagefilesetting 101 | $pagefileset.InitialSize = 32768 102 | $pagefileset.MaximumSize = 65535 103 | $pagefileset.Put() | Out-Null 104 | 105 | #TDR Timeout Fix 106 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "TdrDelay" -Type "DWORD" -Value "20" -Force 107 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "TdrDdiDelay" -Type "DWORD" -Value "10" -Force 108 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "TdrDelay" -Type "DWORD" -Value "20" -Force 109 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "TdrDdiDelay" -Type "DWORD" -Value "10" -Force 110 | 111 | } 112 | Start-Job -Name "Windows Optimizations" -ScriptBlock { 113 | Write-Host "Windows Optimizations" 114 | #Fix high performance timers to get better performance from Windows 10. 115 | bcdedit /deletevalue useplatformclock 116 | bcdedit /set useplatformclock false 117 | bcdedit /set useplatformtick yes 118 | bcdedit /set disabledynamictick yes 119 | bcdedit /set tscsyncpolicy Enhanced 120 | 121 | #Avoid the use of uncontiguous portions of low-memory from the OS. Boosts memory performance and improves microstuttering at least 80% of the cases. Also fixes the command buffer stutter after disabling 5-level paging on 10th gen Intel. Causes system freeze on unstable memory sticks. 122 | #https://sites.google.com/view/melodystweaks/basictweaks#h.buwzs4hstahz 123 | bcdedit /set firstmegabytepolicy UseAll 124 | bcdedit /set avoidlowmemory 0x8000000 125 | bcdedit /set nolowmem Yes 126 | 127 | #Disable RAM compression. 128 | #https://sites.google.com/view/melodystweaks/basictweaks#h.kb5elprlojt0 129 | Disable-MMAgent -MemoryCompression 130 | 131 | #Use realtime priority for csrss.exe 132 | #https://sites.google.com/view/melodystweaks/basictweaks#h.ar95updq6a7j 133 | New-Item -Force "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" 134 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" -Name "CpuPriorityClass" -Type "DWORD" -Value "4" -Force 135 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" -Name "IoPriority" -Type "DWORD" -Value "1" -Force 136 | 137 | #Disallow drivers to get paged into virtual memory. 138 | #https://sites.google.com/view/melodystweaks/basictweaks#h.kvyfncl7jils 139 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "DisablePagingExecutive" -Type "DWORD" -Value "1" -Force 140 | 141 | #Use big system memory caching to improve microstuttering.. 142 | #https://sites.google.com/view/melodystweaks/basictweaks#h.luvkznpp3use 143 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "LargeSystemCache" -Type "DWORD" -Value "1" -Force 144 | 145 | #Enable X2Apic and enable Memory Mapping for PCI-E devices. 146 | #https://sites.google.com/view/melodystweaks/basictweaks#h.xm0jq1fzo2c3 147 | bcdedit /set x2apicpolicy Enable 148 | bcdedit /set configaccesspolicy Default 149 | bcdedit /set MSI Default 150 | bcdedit /set usephysicaldestination No 151 | bcdedit /set usefirmwarepcisettings No 152 | 153 | #Force contiguous memory allocation in the DirectX Graphics Kernel. 154 | #https://sites.google.com/view/melodystweaks/basictweaks#h.90c0dugs7bj 155 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "DpiMapIommuContiguous" -Type "DWORD" -Value "1" -Force 156 | 157 | #Verbose BSoD 158 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" -Name "DisplayParameters" -PropertyType "DWORD" -Value "1" -Force 159 | 160 | #Use only latest .Net 161 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework" -Name "OnlyUseLatestCLR" -PropertyType "DWORD" -Value "1" -Force 162 | New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework" -Name "OnlyUseLatestCLR" -PropertyType "DWORD" -Value "1" -Force 163 | 164 | #Disable Unrequired Services 165 | Set-Service AppVClient -StartupType Disabled 166 | Set-Service CscService -StartupType Disabled 167 | Set-Service DiagTrack -StartupType Disabled 168 | Set-Service DoSvc -StartupType Disabled 169 | Set-Service FrameServer -StartupType Disabled 170 | Set-Service MapsBroker -StartupType Disabled 171 | Set-Service MessagingService -StartupType Disabled 172 | Set-Service NetTcpPortSharing -StartupType Disabled 173 | Set-Service OneSyncSvc -StartupType Disabled 174 | Set-Service PhoneSvc -StartupType Disabled 175 | Set-Service PimIndexMaintenanceSvc -StartupType Disabled 176 | Set-Service QWAVE -StartupType Disabled 177 | Set-Service RemoteAccess -StartupType Disabled 178 | Set-Service RetailDemo -StartupType Disabled 179 | Set-Service SEMgrSvc -StartupType Disabled 180 | Set-Service SSDPSRV -StartupType Disabled 181 | Set-Service SensorDataService -StartupType Disabled 182 | Set-Service SensorService -StartupType Disabled 183 | Set-Service SensrSvc -StartupType Disabled 184 | Set-Service SharedAccess -StartupType Disabled 185 | Set-Service ShellHWDetection -StartupType Disabled 186 | Set-Service UevAgentService -StartupType Disabled 187 | Set-Service UnistoreSvc -StartupType Disabled 188 | Set-Service UserDataSvc -StartupType Disabled 189 | Set-Service WalletService -StartupType Disabled 190 | Set-Service dmwappushservice -StartupType Disabled 191 | Set-Service icssvc -StartupType Disabled 192 | Set-Service lfsvc -StartupType Disabled 193 | Set-Service lltdsvc -StartupType Disabled 194 | Set-Service upnphost -StartupType Disabled 195 | Set-Service wisvc -StartupType Disabled 196 | 197 | #Remove Appx Packages (duplicate, but can't be too sure) 198 | Get-AppxPackage *print3d* | Remove-AppxPackage 199 | Get-AppxPackage *3dviewer* | Remove-AppxPackage 200 | Get-AppxPackage *zune* | Remove-AppxPackage 201 | Get-AppxPackage *minecraft* | Remove-AppxPackage 202 | Get-AppxPackage *bing* | Remove-AppxPackage 203 | Get-AppxPackage *skype* | Remove-AppxPackage 204 | Get-AppxPackage *solitaire* | Remove-AppxPackage 205 | Get-AppxPackage *candycrush* | Remove-AppxPackage 206 | Get-AppxPackage *netflix* | Remove-AppxPackage 207 | Get-AppxPackage *onenote* | Remove-AppxPackage 208 | Get-AppxPackage *dolby* | Remove-AppxPackage 209 | Get-AppxPackage *fitbit* | Remove-AppxPackage 210 | Get-AppxPackage *feedback* | Remove-AppxPackage 211 | Get-AppxPackage *yourphone* | Remove-AppxPackage 212 | 213 | #Stops Cortana from being used as part of your Windows Search Function 214 | Write-Output "Stopping Cortana from being used as part of your Windows Search Function" 215 | $Search = 'HKLM:\Software\Policies\Microsoft\Windows\Windows Search' 216 | If (Test-Path $Search) { 217 | Set-ItemProperty $Search -Name AllowCortana -Value 0 -Verbose 218 | } 219 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name BingSearchEnabled -Type "DWORD" -Value 0 -Force 220 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name CortanaConsent -Type "DWORD" -Value 0 -Force 221 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Search" -Name BingSearchEnabled -Type "DWORD" -Value 0 -Force 222 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Search" -Name CortanaConsent -Type "DWORD" -Value 0 -Force 223 | Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Windows Search" -Name AllowCortana -Type "DWORD" -Value 0 -Force 224 | New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\" -Name "Search" -Force 225 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Search" -Name BingSearchEnabled -Type "DWORD" -Value 0 -Force 226 | 227 | #Adjust windows visual effects for best performance 228 | $path = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects' 229 | try { 230 | $s = (Get-ItemProperty -ErrorAction stop -Name visualfxsetting -Path $path).visualfxsetting 231 | if ($s -ne 2) { 232 | Set-ItemProperty -Path $path -Name 'VisualFXSetting' -Value 2 233 | } 234 | } 235 | catch { 236 | New-ItemProperty -Path $path -Name 'VisualFXSetting' -Value 2 -PropertyType 'DWORD' 237 | } 238 | 239 | #Harden IPv6 240 | #https://ernw.de/download/ERNW_Guide_to_Configure_Securely_Windows_Servers_For_IPv6_v1_0.pdf 241 | netsh interface ipv6 set global mldlevel=none 242 | netsh interface ipv6 set global icmpredirects=disabled 243 | netsh interface ipv6 set global defaultcurhoplimit=64 244 | netsh interface ipv6 isatap set state disabled 245 | #netsh interface ipv6 set teredo type=disabled 246 | #netsh interface ipv6 6to4 set state disabled 247 | 248 | #Hardware accelerated scheduling 249 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "HwSchMode" -Value 2 -Force 250 | } 251 | -------------------------------------------------------------------------------- /windows10.ps1: -------------------------------------------------------------------------------- 1 | Start-Job -Name "Install and Configure Chocolatey" -ScriptBlock { 2 | Write-Host "Installing Chocolatey" 3 | # Setting up directories for values 4 | Set-ExecutionPolicy Bypass -Scope Process -Force 5 | [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 6 | Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) 7 | choco feature enable -n=allowGlobalConfirmation 8 | choco feature enable -n=useFipsCompliantChecksums 9 | choco feature enable -n=useEnhancedExitCodes 10 | choco feature disable -n=checksumFiles #Fipsmode implementation is currently broken for some packages 11 | choco config set commandExecutionTimeoutSeconds 14400 12 | choco config set --name="'cacheLocation'" --value="'C:\temp\chococache'" 13 | choco config set --name="'proxyBypassOnLocal'" --value="'true'" 14 | choco upgrade all --ignore-checksums 15 | refreshenv 16 | Start-Job -Name "Installing Windows Updates" -ScriptBlock { 17 | Write-Host "Install Latest Windows Updates" 18 | choco install pswindowsupdate 19 | Set-Executionpolicy -ExecutionPolicy RemoteSigned -Force 20 | Import-Module PSWindowsUpdate -Force 21 | Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d -Confirm:$false 22 | Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -Install 23 | Get-WuInstall -AcceptAll -IgnoreReboot -IgnoreUserInput -nottitle 'preview' 24 | Get-WindowsUpdate –Install 25 | } 26 | } 27 | 28 | Start-Job -Name "Installing Optional Windows Features" -ScriptBlock { 29 | #https://www.ghacks.net/2017/07/14/use-windows-powershell-to-install-optional-features/ 30 | #Enable-WindowsOptionalFeature -Online -FeatureName "" -All 31 | ForEach ($OptionalFeature in ("Client-ProjFS", "ClientForNFS-Infrastructure", "DataCenterBridging", "DirectoryServices-ADAM-Client", "NFS-Administration", "ServicesForNFS-ClientOnly", "SimpleTCP", "WindowsMediaPlayer")) { 32 | Enable-WindowsOptionalFeature -Online -FeatureName "$OptionalFeature" -All -NoRestart -WarningAction SilentlyContinue | Out-Null 33 | } 34 | 35 | #https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget?view=powershell-7.1 36 | Install-PackageProvider -Name "NuGet" -Force 37 | 38 | #https://github.com/PowerShell/PowerShellGetv2/issues/303 39 | Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted 40 | Install-PackageProvider -Name "PowerShellGet" -Force -Scope CurrentUser 41 | 42 | #https://github.com/PowerShell/PowerShellGetv2/issues/295 43 | Invoke-WebRequest -Uri https://aka.ms/psget-nugetexe -OutFile "$env:ProgramData\Microsoft\Windows\PowerShell\PowerShellGet\NuGet.exe" 44 | 45 | #https://www.powershellgallery.com/packages/AnonUpload/1.2 46 | #https://www.powershellgallery.com/packages/Carbon/2.9.4 47 | #https://www.powershellgallery.com/packages/PoshInternals/1.0.34 48 | #https://www.powershellgallery.com/packages/powershellprotools/5.7.2 49 | #https://www.powershellgallery.com/packages/PSWindowsUpdate/2.2.0.2 50 | #https://www.powershellgallery.com/packages/SpeculationControl/1.0.14 51 | #https://www.powershellgallery.com/packages/xCertificate/3.2.0.0 52 | ForEach ($module in ("AnonUpload", "Carbon", "PoshInternals", "PowerShellGet", "PowerShellProTools", "PSWindowsUpdate", "ReportHTML", "xCertificate")) { 53 | Update-Module -Name "$module" -Force 54 | Install-Module -Name "$module" -Force 55 | Import-Module -Name "$module" -Force 56 | } 57 | } 58 | refreshenv 59 | 60 | Start-Job -Name "Installing Software" -Scriptblock { 61 | $chocopackages = @("googlechrome", "firefox", "ungoogled-chromium", "brave", "librewolf", "microsoft-edge", "tor-Browser", "putty", "winscp.install", "teamviewer", "anydesk.install", "rustdesk.install", "sysinternals", "driverbooster", "sdio", "etcher", "rufus.install", "veracrypt", "windirstat", "mysql.workbench", "rsat", "sql-server-management-studio", "laps", "wumt", "openvpn", "wireguard", "wireshark", "nmap", "winbox", "tor", "cheatengine", "sleuthkit", "hxd", "ida-free", "ghidra", "ossec-client", "burp-suite-free-edition", "zap", "openstego", "accessenum", "accesschk", "sysmon", "powershell4", "powershell", "powershellhere-elevated", "powershell.portable", "microsoft-windows-terminal", "carbon", "jre8", "openjdk", "openjdk.portable", "hugo", "hugo-extended", "nodejs", "vscode", "vscodium", "vscode-ansible", "vscode-python", "chocolatey-vscode", "vscode-prettier", "vscode-java", "vscode-yaml", "vscode-haskell", "vscode-mongo", "vscode-beautify", "vscode-intellicode", "vscode-pull-request-github", "vscode-kubernetes-tools", "vscode-autofilename", "vscode-codespellchecker", "vscode-icons", "vscode-csharp", "dsc.powershellcommunity", "notepadplusplus.install", "python", "pip", "github-desktop", "gh", "git.install", "git-lfx", "gnupg", "gpg4win", "openssh", "wsl", "wsl2", "adb", "universal-adb-drivers", "windows-adk-all", "dotnetfx", "vcredist-all", "microsoft-visual-cpp-build-tools", "patch-my-pc", "rocketchat", "discord", "pidgin", "signal", "steam", "obs-studio", "obs-ndi", "vlc", "gimp", "k-litecodecpackfull", "audacity", "audacity-lame", "screentogif", "adobereader", "installroot", "7zip.install", "curl", "autohotkey", "teracopy", "cpu-z.install", "eraser", "openstego", "vagrant", "vagrant-manager", "vagrant-vmware-utility", "virtualbox", "tabby", "nethor", "packer", "packer-windows-plugins", "windows-adk-oscdimg") 62 | choco install $chocopackages 63 | <# $PSversion = $PSVersionTable.PSVersion.Major 64 | If ($PSversion -ge "7") { 65 | Write-Output $chocopackages | ForEach-Object -Parallel { 66 | Write-Host "Installing $_" -ForegroundColor White -BackgroundColor Black 67 | Try { 68 | Choco install $_ --ignore-checksums | Out-Null 69 | } 70 | Catch { 71 | Write-Host "Failed to install $_" -ForegroundColor Red -BackgroundColor Black 72 | } 73 | } 74 | } 75 | Else { 76 | Write-Output $chocopackages | ForEach-Object { 77 | Write-Host "Installing $_" -ForegroundColor White -BackgroundColor Black 78 | Try { 79 | Choco install $_ --ignore-checksums | Out-Null 80 | } 81 | Catch { 82 | Write-Host "Failed to install $_" -ForegroundColor Red -BackgroundColor Black 83 | } 84 | } 85 | } #> 86 | 87 | #Packages that down't work while installing others 88 | Choco install vmwareworkstation vmware-horizon-client vmware-powercli-psmodule vmrc --ignore-checksums --force | Out-Null 89 | 90 | 91 | <# Optional Packages 92 | Write-Host "Installing Logging Tools" 93 | #choco install splunk-universalforwarder winlogbeat 94 | 95 | Write-Host "Installing Terminals" 96 | #choco install docker-desktop docker-compose docker-cli azure-cli awstools.powershell awscli kubernetes-cli 97 | 98 | Write-Host "Installing Java" 99 | #choco install jdk11 javaruntime 100 | 101 | Write-Host "Installing IDE and Dev Tools" 102 | #choco install visualstudio2019enterprise visualstudio2017-powershelltools arduino vscode-arduino vscode-puppet vscode-ruby 103 | 104 | Write-Host "Installing GIT Tools" 105 | #choco install postman markdownmonster 106 | 107 | Write-Host "Installing Windows Subsystem for Linux" 108 | #choco install wsl-ubuntu-2004 wsl-debiangnulinux wsl-kalilinux 109 | 110 | Write-Host "Installing Chat Clients" 111 | #choco install microsoft-teams.install 112 | 113 | Write-Host "Installing Document Readers" 114 | #choco install officeproplus2013 115 | 116 | Write-Host "Installing Misc." 117 | #choco install greenshot 118 | 119 | #Write-Host "Installing Baseline Tools" 120 | #choco install winsecuritybaseline mbsa 121 | 122 | #Write-Host "Installing AntiVirus" 123 | #choco install immunet clamav 124 | 125 | #Write-Host "Installing Smart Card Tools" 126 | #choco install opensc 127 | 128 | #Write-Host "Installing YubiKey Tools" 129 | #choco install yubikey-personalization-tool yubikey-manager yubikey-piv-manager 130 | #> 131 | } 132 | 133 | Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening" -ScriptBlock { 134 | Start-Sleep 120 135 | Write-Host "Configuring Windows - Optimizations, Debloating, and Hardening" 136 | New-Item "C:\" -Name "temp" -ItemType "directory" -Force 137 | Invoke-WebRequest -useb 'https://simeononsecurity.ch/scripts/windowsoptimizeandharden.ps1' | Invoke-Expression 138 | #Start-Job -Name "System Wide Ad and Tracker Blocking" -ScriptBlock { 139 | # iwr -useb 'https://simeononsecurity.ch/scripts/soswindowsadblocker.ps1' | iex 140 | #} 141 | #Start-Job -Name "SoS Branding" -ScriptBlock { 142 | # iwr -useb 'https://simeononsecurity.ch/scripts/sosbranding.ps1' | iex 143 | #} 144 | #Start-Job -Name "SoS Sysmon" -ScriptBlock { 145 | # iwr -useb 'https://simeononsecurity.ch/scripts/sosautomatesysmon.ps1'|iex 146 | #} 147 | 148 | #Allow Windows behinc a WSUS Server to auto repair itself 149 | #Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS) 150 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing" -Name "RepairContentServerSource" -Type "DWORD" -Value "2" -Force 151 | 152 | #Fix high performance timers to get better performance from Windows 10. 153 | bcdedit /deletevalue useplatformclock 154 | bcdedit /set useplatformclock false 155 | bcdedit /set useplatformtick yes 156 | bcdedit /set disabledynamictick yes 157 | bcdedit /set tscsyncpolicy Enhanced 158 | 159 | #Enable UDP offloading. 160 | #https://sites.google.com/view/melodystweaks/basictweaks#h.u4nrzzr3bd2q 161 | netsh int udp set global uro=enabled 162 | 163 | #Enable WH send and WH receive. 164 | #https://sites.google.com/view/melodystweaks/basictweaks#h.zb7ur84z9fzw 165 | #Get-NetAdapter -IncludeHidden | Set-NetIPInterface -WeakHostSend Enabled -WeakHostReceive Enabled -ErrorAction SilentlyContinue 166 | 167 | #Enable Winsock Send Autotuning (dynamic send-buffer) 168 | #https://sites.google.com/view/melodystweaks/basictweaks#h.wky682g85fbo 169 | netsh winsock set autotuning on 170 | 171 | #Disable 57-bits 5-level paging, also known as "Linear Address 57". Only 100% effective on 10th gen Intel. 256 TB of virtual memory per-disk is way much more than enough anyway. 172 | #https://sites.google.com/view/melodystweaks/basictweaks#h.j5c33bevlruo 173 | bcdedit /set linearaddress57 OptOut 174 | bcdedit /set increaseuserva 268435328 175 | 176 | #Avoid the use of uncontiguous portions of low-memory from the OS. Boosts memory performance and improves microstuttering at least 80% of the cases. Also fixes the command buffer stutter after disabling 5-level paging on 10th gen Intel. Causes system freeze on unstable memory sticks. 177 | #https://sites.google.com/view/melodystweaks/basictweaks#h.buwzs4hstahz 178 | bcdedit /set firstmegabytepolicy UseAll 179 | bcdedit /set avoidlowmemory 0x8000000 180 | bcdedit /set nolowmem Yes 181 | 182 | #Disable RAM compression. 183 | #https://sites.google.com/view/melodystweaks/basictweaks#h.kb5elprlojt0 184 | Disable-MMAgent -MemoryCompression 185 | 186 | #Use realtime priority for csrss.exe 187 | #https://sites.google.com/view/melodystweaks/basictweaks#h.ar95updq6a7j 188 | New-Item -Force "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" 189 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" -Name "CpuPriorityClass" -Type "DWORD" -Value "4" -Force 190 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" -Name "IoPriority" -Type "DWORD" -Value "1" -Force 191 | 192 | #Disallow drivers to get paged into virtual memory. 193 | #https://sites.google.com/view/melodystweaks/basictweaks#h.kvyfncl7jils 194 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "DisablePagingExecutive" -Type "DWORD" -Value "1" -Force 195 | 196 | #Use big system memory caching to improve microstuttering.. 197 | #https://sites.google.com/view/melodystweaks/basictweaks#h.luvkznpp3use 198 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "LargeSystemCache" -Type "DWORD" -Value "1" -Force 199 | 200 | #Enable X2Apic and enable Memory Mapping for PCI-E devices. 201 | #https://sites.google.com/view/melodystweaks/basictweaks#h.xm0jq1fzo2c3 202 | bcdedit /set x2apicpolicy Enable 203 | bcdedit /set configaccesspolicy Default 204 | bcdedit /set MSI Default 205 | bcdedit /set usephysicaldestination No 206 | bcdedit /set usefirmwarepcisettings No 207 | 208 | #Force contiguous memory allocation in the DirectX Graphics Kernel. 209 | #https://sites.google.com/view/melodystweaks/basictweaks#h.90c0dugs7bj 210 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "DpiMapIommuContiguous" -Type "DWORD" -Value "1" -Force 211 | 212 | #Force contiguous memory allocation in the NVIDIA driver 213 | #https://sites.google.com/view/melodystweaks/basictweaks#h.rfiwlr7de6uh 214 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Class\{ 4d36e968-e325-11ce-bfc1-08002be10318 }\0000" -Name "PreferSystemMemoryContiguous" -Type "DWORD" -Value "1" -Force 215 | 216 | #Enable Experimental Autotuning and NEWRENO congestion provider. 217 | #https://sites.google.com/view/melodystweaks/basictweaks#h.cflus4jbi8z9 218 | netsh int tcp set global autotuning=experimental 219 | netsh int tcp set supp internet congestionprovider=newreno 220 | New-Item -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\QoS" 221 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\QoS" -Name "Tcp Autotuning Level" -Type "STRING" -Value "Experimental" -Force 222 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\QoS" -Name "Application DSCP Marking Request" -Type "STRING" -Value "Allowed" -Force 223 | 224 | #Enable Teredo and 6to4 (Xbox LIVE fix) 225 | #https://sites.google.com/view/melodystweaks/basictweaks#h.94e648gkuiej 226 | netsh int teredo set state natawareclient 227 | netsh int 6to4 set state state=enabled 228 | 229 | #Enable detailed startup/shutdown messages. 230 | #https://sites.google.com/view/melodystweaks/basictweaks#h.tr2jz1iwx8e9 231 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "VerboseStatus" -Type "DWORD" -Value "1" -Force 232 | 233 | #Set Screen Timeout to 15 Minutes 234 | powercfg -change -monitor-timeout-ac 15 235 | 236 | #Enable Ultimate Performance 237 | powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61 238 | powercfg /setactive e9a42b02-d5df-448d-aa00-03f14749eb61 239 | 240 | #Process Idle Tasks 241 | Rundll32.exe advapi32.dll, ProcessIdleTasks 242 | 243 | #Enable Num Lock on logon and lock screen 244 | Set-ItemProperty "HKU:\.DEFAULT\Control Panel\Keyboard" "InitialKeyboardIndicators" 2 245 | 246 | #Enable Darkmode 247 | New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Force | Out-Null 248 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Type "DWORD" -Value "00000000" -Force 249 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Type "DWORD" -Value "00000000" -Force 250 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "ColorPrevalence" -Type "DWORD" -Value "00000000" -Force 251 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "EnableTransparency" -Type "DWORD" -Value "00000001" -Force 252 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Type "DWORD" -Value "00000000" -Force 253 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Type "DWORD" -Value "00000000" -Force 254 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "ColorPrevalence" -Type "DWORD" -Value "00000000" -Force 255 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "EnableTransparency" -Type "DWORD" -Value "00000001" -Force 256 | 257 | #https://notes.ponderworthy.com/fsutil-tweaks-for-ntfs-performance-and-reliability 258 | fsutil behavior set memoryusage 2 259 | #fsutil behavior set disablelastaccess 1 260 | fsutil behavior set mftzone 2 261 | #https://github.com/djdallmann/GamingPCSetup/blob/master/CONTENT/DOCS/POSTINSTALL/README.md 262 | fsutil behavior query Disabledeletenotify 263 | fsutil behavior set DisableDeleteNotify 0 264 | #Optimize NTFS file system parameters to reduce updates to some of the metadata that is tracked. 265 | fsutil behavior set disableLastAccess 1 266 | fsutil behavior set disable8dot3 1 267 | $DriveLetters = (Get-WmiObject -Class Win32_Volume).DriveLetter 268 | ForEach ($Drive in $DriveLetters) { 269 | If (-not ([string]::IsNullOrEmpty($Drive))) { 270 | Write-Host Optimizing "$Drive" Drive 271 | fsutil resource setavailable "$Drive" 272 | fsutil resource setlog shrink 10 "$Drive" 273 | fsutil repair set "$Drive" 0x01 274 | fsutil resource setautoreset true "$Drive" 275 | fsutil resource setconsistent "$Drive" 276 | } 277 | } 278 | 279 | #Windows Defender Exclusions 280 | Add-MpPreference -ExclusionPath ${env:ProgramFiles(x86)}"\Steam\" 281 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\Temp\NVIDIA Corporation\NV_Cache" 282 | Add-MpPreference -ExclusionPath $env:PROGRAMDATA"\NVIDIA Corporation\NV_Cache" 283 | Add-MpPreference -ExclusionProcess ${env:ProgramFiles(x86)}"\Common Files\Steam\SteamService.exe" 284 | 285 | #Awesome Miner Windows Defender Exclusions 286 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\AwesomeMiner" 287 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\AwesomeMinerService" 288 | Add-MpPreference -ExclusionPath $env:APPDATA"\AwesomeMiner" 289 | Add-MpPreference -ExclusionPath $env:APPDATA"\AwesomeMinerService" 290 | Add-MpPreference -ExclusionPath $env:PROGRAMDATA"\AwesomeMinerService" 291 | 292 | #Disable Unrequired Services 293 | #https://github.com/djdallmann/GamingPCSetup/tree/master/CONTENT/DOCS/SERVICES 294 | #ActiveX Controlls and Policy Enforcement via GPU - Uncomment if not used 295 | #Set-Service AxInstSV -StartupType Disabled 296 | #Time Zone Automatic Update - Uncomment if not used 297 | #Set-Service tzautoupdate -StartupType Disabled 298 | #Uncomment if you don't use or plan to use Bluetooth devices 299 | #Set-Service bthserv -StartupType Disabled 300 | Set-Service dmwappushservice -StartupType Disabled 301 | Set-Service MapsBroker -StartupType Disabled 302 | Set-Service lfsvc -StartupType Disabled 303 | Set-Service SharedAccess -StartupType Disabled 304 | Set-Service lltdsvc -StartupType Disabled 305 | Set-Service AppVClient -StartupType Disabled 306 | Set-Service NetTcpPortSharing -StartupType Disabled 307 | Set-Service CscService -StartupType Disabled 308 | Set-Service PhoneSvc -StartupType Disabled 309 | #Disable unless you use printers or scanners 310 | #Set-Service Spooler -StartupType Disabled 311 | #Disable unless you use printers or scanners 312 | #Set-Service PrintNotify -StartupType Disabled 313 | Set-Service QWAVE -StartupType Disabled 314 | #Disable if you don't use or plan to use wifi etc 315 | #Set-Service RmSvc -StartupType Disabled 316 | Set-Service RemoteAccess -StartupType Disabled 317 | Set-Service SensorDataService -StartupType Disabled 318 | Set-Service SensrSvc -StartupType Disabled 319 | Set-Service SensorService -StartupType Disabled 320 | Set-Service ShellHWDetection -StartupType Disabled 321 | #Disable if you don't use smart cards 322 | #Set-Service SCardSvr -StartupType Disabled 323 | ##Disable if you don't use smart cards 324 | #Set-Service ScDeviceEnum -StartupType Disabled 325 | Set-Service SSDPSRV -StartupType Disabled 326 | #Disable if you don't use a scanner. 327 | #Set-Service WiaRpc -StartupType Disabled 328 | #Disable if you don't use these features. 329 | #Set-Service TabletInputService -StartupType Disabled 330 | Set-Service upnphost -StartupType Disabled 331 | Set-Service UserDataSvc -StartupType Disabled 332 | Set-Service UevAgentService -StartupType Disabled 333 | Set-Service WalletService -StartupType Disabled 334 | Set-Service FrameServer -StartupType Disabled 335 | #Disable if you don't use image scanners 336 | #Set-Service stisvc -StartupType Disabled 337 | Set-Service wisvc -StartupType Disabled 338 | Set-Service icssvc -StartupType Disabled 339 | #Breaks Xbox Live Features - Uncomment if not used 340 | #Set-Service XblAuthManager -StartupType Disabled 341 | #Set-Service XblGameSave -StartupType Disabled 342 | Set-Service SEMgrSvc -StartupType Disabled 343 | Set-Service DiagTrack -StartupType Disabled 344 | 345 | #Remove Appx Packages (duplicate, but can't be too sure) 346 | Get-AppxPackage *print3d* | Remove-AppxPackage 347 | Get-AppxPackage *3dviewer* | Remove-AppxPackage 348 | Get-AppxPackage *zune* | Remove-AppxPackage 349 | Get-AppxPackage *minecraft* | Remove-AppxPackage 350 | Get-AppxPackage *bing* | Remove-AppxPackage 351 | Get-AppxPackage *skype* | Remove-AppxPackage 352 | Get-AppxPackage *solitaire* | Remove-AppxPackage 353 | Get-AppxPackage *candycrush* | Remove-AppxPackage 354 | Get-AppxPackage *netflix* | Remove-AppxPackage 355 | Get-AppxPackage *onenote* | Remove-AppxPackage 356 | Get-AppxPackage *dolby* | Remove-AppxPackage 357 | Get-AppxPackage *fitbit* | Remove-AppxPackage 358 | Get-AppxPackage *feedback* | Remove-AppxPackage 359 | Get-AppxPackage *yourphone* | Remove-AppxPackage 360 | 361 | #https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration 362 | New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name "DefaultShell" -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType "String" -Force 363 | 364 | Write-Host "Hiding Taskbar Search icon / box..." 365 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type "DWORD" -Value 0 366 | 367 | #Removes Paint3D stuff from context menu 368 | $Paint3Dstuff = @( 369 | "HKCR:\SystemFileAssociations\.3mf\Shell\3D Edit" 370 | "HKCR:\SystemFileAssociations\.bmp\Shell\3D Edit" 371 | "HKCR:\SystemFileAssociations\.fbx\Shell\3D Edit" 372 | "HKCR:\SystemFileAssociations\.gif\Shell\3D Edit" 373 | "HKCR:\SystemFileAssociations\.jfif\Shell\3D Edit" 374 | "HKCR:\SystemFileAssociations\.jpe\Shell\3D Edit" 375 | "HKCR:\SystemFileAssociations\.jpeg\Shell\3D Edit" 376 | "HKCR:\SystemFileAssociations\.jpg\Shell\3D Edit" 377 | "HKCR:\SystemFileAssociations\.png\Shell\3D Edit" 378 | "HKCR:\SystemFileAssociations\.tif\Shell\3D Edit" 379 | "HKCR:\SystemFileAssociations\.tiff\Shell\3D Edit" 380 | ) 381 | #Rename reg key to remove it, so it's revertible 382 | foreach ($Paint3D in $Paint3Dstuff) { 383 | If (Test-Path $Paint3D) { 384 | $rmPaint3D = $Paint3D + "_" 385 | Set-Item $Paint3D $rmPaint3D 386 | } 387 | } 388 | 389 | Write-Host "Disabling Action Center..." 390 | If (!(Test-Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { 391 | New-Item -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null 392 | } 393 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type "DWORD" -Value 1 394 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type "DWORD" -Value 0 395 | 396 | #Do not suggest ways I can finish setting up my device to get the most out of Windows 397 | if (-not (Test-Path -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement")) { 398 | New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Force 399 | } 400 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Name "ScoobeSystemSettingEnabled" -PropertyType "DWORD" -Value "0" -Force 401 | 402 | #Do not offer tailored experiences based on the diagnostic data setting 403 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -PropertyType "DWORD" -Value "0" -Force 404 | 405 | #Show hidden items in explorer 406 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -PropertyType "DWORD" -Value "1" -Force 407 | 408 | #Show file extentions in explorer 409 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -PropertyType "DWORD" -Value "0" -Force 410 | 411 | #Open to "this pc" in explorer 412 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -PropertyType "DWORD" -Value "1" -Force 413 | 414 | #Hide cortana taskbar button 415 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowCortanaButton" -PropertyType "DWORD" -Value "0" -Force 416 | 417 | #Hide task view button in explorer 418 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -PropertyType "DWORD" -Value "0" -Force 419 | 420 | #Hide people button in taskbar 421 | if (-not (Test-Path -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) { 422 | New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Force 423 | } 424 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -PropertyType "DWORD" -Value "0" -Force 425 | 426 | #Hide "3D Objects" in explorer 427 | if (-not (Test-Path -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ 31C0DD25-9439-4F12-BF41-7FF4EDA38722 }\PropertyBag")) { 428 | New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ 31C0DD25-9439-4F12-BF41-7FF4EDA38722 }\PropertyBag" -Force 429 | } 430 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ 31C0DD25-9439-4F12-BF41-7FF4EDA38722 }\PropertyBag" -Name "ThisPCPolicy" -PropertyType "String" -Value "Hide" -Force 431 | 432 | #Disable First Logon Animation 433 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableFirstLogonAnimation" -PropertyType "DWord" -Value "0" -Force 434 | 435 | #Remove Path Limit 436 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" -Name "LongPathsEnabled" -PropertyType "DWORD" -Value "1" -Force 437 | 438 | #Verbose BSoD 439 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" -Name "DisplayParameters" -PropertyType "DWORD" -Value "1" -Force 440 | 441 | #Use only latest .Net 442 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework" -Name "OnlyUseLatestCLR" -PropertyType "DWORD" -Value "1" -Force 443 | New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework" -Name "OnlyUseLatestCLR" -PropertyType "DWORD" -Value "1" -Force 444 | 445 | #Enable Windows Reserved Storage 446 | Set-WindowsReservedStorageState -State Enabled 447 | 448 | #Enable Restartable Apps 449 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "RestartApps" -Value "1" -Force 450 | 451 | #Enable Sandboxing for Windows Defender 452 | setx /M MP_FORCE_USE_SANDBOX 1 453 | 454 | #Harden IPv6 455 | #https://ernw.de/download/ERNW_Guide_to_Configure_Securely_Windows_Servers_For_IPv6_v1_0.pdf 456 | netsh interface ipv6 set global mldlevel=none 457 | netsh interface ipv6 set global icmpredirects=disabled 458 | netsh interface ipv6 set global defaultcurhoplimit=64 459 | netsh interface ipv6 isatap set state disabled 460 | #netsh interface ipv6 set teredo type=disabled 461 | #netsh interface ipv6 6to4 set state disabled 462 | 463 | #Hardware accelerated scheduling 464 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "HwSchMode" -Value 2 -Force 465 | 466 | #Get Insider Updates without joining the Insider Program and without having Telemetry enabled 467 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "BranchReadinessLevel" -Value 2 -Force 468 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ManagePreviewBuilds" -Value 1 -Force 469 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ManagePreviewBuildsPolicyValue" -Value 2 -Force 470 | 471 | 472 | #Auto Update Choco Packages 473 | $Sta = New-ScheduledTaskAction -Execute "powershell -Command 'choco upgrade all'" 474 | $Stset = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -RunOnlyIfIdle -IdleDuration 00:02:00 -IdleWaitTimeout 02:30:00 -ExecutionTimeLimit (New-TimeSpan -Hours 1) -DontStopOnIdleEnd -WakeToRun 475 | Register-ScheduledTask Task02 -Action $Sta -Settings $Stset 476 | } 477 | -------------------------------------------------------------------------------- /windows11.ps1: -------------------------------------------------------------------------------- 1 | function Optimize-PowershellAssemblies { 2 | # NGEN powershell assembly, improves startup time of powershell by 10x 3 | $old_path = $env:path 4 | try { 5 | $env:path = [Runtime.InteropServices.RuntimeEnvironment]::GetRuntimeDirectory() 6 | [AppDomain]::CurrentDomain.GetAssemblies() | % { 7 | if (! $_.location) {continue} 8 | $Name = Split-Path $_.location -leaf 9 | if ($Name.startswith("Microsoft.PowerShell.")) { 10 | Write-Progress -Activity "Native Image Installation" -Status "$name" 11 | ngen install $_.location | % {"`t$_"} 12 | } 13 | } 14 | } finally { 15 | $env:path = $old_path 16 | } 17 | } 18 | Optimize-PowershellAssemblies 19 | 20 | Start-Job -Name "Install and Configure Chocolatey" -ScriptBlock { 21 | Write-Host "Installing Chocolatey" 22 | # Setting up directories for values 23 | Set-ExecutionPolicy Bypass -Scope Process -Force 24 | [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 25 | Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) 26 | choco feature enable -n=allowGlobalConfirmation 27 | choco feature enable -n=useFipsCompliantChecksums 28 | choco feature enable -n=useEnhancedExitCodes 29 | choco feature disable -n=checksumFiles #Fipsmode implementation is currently broken for some packages 30 | choco config set commandExecutionTimeoutSeconds 14400 31 | choco config set --name="'cacheLocation'" --value="'C:\temp\chococache'" 32 | choco config set --name="'proxyBypassOnLocal'" --value="'true'" 33 | choco upgrade all --ignore-checksums 34 | refreshenv 35 | Start-Job -Name "Installing Windows Updates" -ScriptBlock { 36 | Write-Host "Install Latest Windows Updates" 37 | choco install pswindowsupdate 38 | Set-Executionpolicy -ExecutionPolicy RemoteSigned -Force 39 | Import-Module PSWindowsUpdate -Force 40 | Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d -Confirm:$false 41 | Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -Install 42 | Get-WuInstall -AcceptAll -IgnoreReboot -IgnoreUserInput -nottitle 'preview' 43 | Get-WindowsUpdate –Install 44 | } 45 | } 46 | 47 | Start-Job -Name "Installing Optional Windows Features" -ScriptBlock { 48 | #https://www.ghacks.net/2017/07/14/use-windows-powershell-to-install-optional-features/ 49 | #Enable-WindowsOptionalFeature -Online -FeatureName "" -All 50 | ForEach ($OptionalFeature in ("Client-ProjFS", "ClientForNFS-Infrastructure", "DataCenterBridging", "DirectoryServices-ADAM-Client", "NFS-Administration", "ServicesForNFS-ClientOnly", "SimpleTCP", "WindowsMediaPlayer")) { 51 | Enable-WindowsOptionalFeature -Online -FeatureName "$OptionalFeature" -All -NoRestart -WarningAction SilentlyContinue | Out-Null 52 | } 53 | 54 | #https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget?view=powershell-7.1 55 | Install-PackageProvider -Name "NuGet" -Force 56 | 57 | #https://github.com/PowerShell/PowerShellGetv2/issues/303 58 | Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted 59 | Install-PackageProvider -Name "PowerShellGet" -Force -Scope CurrentUser 60 | 61 | #https://github.com/PowerShell/PowerShellGetv2/issues/295 62 | Invoke-WebRequest -Uri https://aka.ms/psget-nugetexe -OutFile "$env:ProgramData\Microsoft\Windows\PowerShell\PowerShellGet\NuGet.exe" 63 | 64 | #https://www.powershellgallery.com/packages/AnonUpload/1.2 65 | #https://www.powershellgallery.com/packages/Carbon/2.9.4 66 | #https://www.powershellgallery.com/packages/PoshInternals/1.0.34 67 | #https://www.powershellgallery.com/packages/powershellprotools/5.7.2 68 | #https://www.powershellgallery.com/packages/PSWindowsUpdate/2.2.0.2 69 | #https://www.powershellgallery.com/packages/SpeculationControl/1.0.14 70 | #https://www.powershellgallery.com/packages/xCertificate/3.2.0.0 71 | ForEach ($module in ("AnonUpload", "Carbon", "PoshInternals", "PowerShellGet", "PowerShellProTools", "PSWindowsUpdate", "ReportHTML", "xCertificate")) { 72 | Update-Module -Name "$module" -Force 73 | Install-Module -Name "$module" -Force 74 | Import-Module -Name "$module" -Force 75 | } 76 | } 77 | refreshenv 78 | 79 | Start-Job -Name "Windows 11 Specific Changes" -ScriptBlock { 80 | #Small Taskbar Icons 81 | New-Item -Force "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\TaskbarSi" 82 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\" -Name "TaskbarSi" -Type "DWORD" -Value "0" -Force 83 | #Old Context Menu 84 | New-Item -Force "HKCU:\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}" 85 | New-Item -Force "HKCU:\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" 86 | Set-ItemProperty -Path "HKCU:\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}" -Name "InprocServer32" -Type "String" -Value "" -Force 87 | 88 | } 89 | 90 | Start-Job -Name "Installing Software" -Scriptblock { 91 | $chocopackages = @("googlechrome", "firefox", "ungoogled-chromium", "brave", "librewolf", "microsoft-edge", "tor-Browser", "putty", "winscp.install", "teamviewer", "anydesk.install", "rustdesk.install", "sysinternals", "driverbooster", "sdio", "etcher", "rufus.install", "veracrypt", "windirstat", "mysql.workbench", "rsat", "sql-server-management-studio", "laps", "wumt", "openvpn", "wireguard", "wireshark", "nmap", "winbox", "tor", "cheatengine", "sleuthkit", "hxd", "ida-free", "ghidra", "ossec-client", "burp-suite-free-edition", "zap", "openstego", "accessenum", "accesschk", "sysmon", "powershell4", "powershell", "powershellhere-elevated", "powershell.portable", "microsoft-windows-terminal", "carbon", "jre8", "openjdk", "openjdk.portable", "hugo", "hugo-extended", "nodejs", "vscode", "vscodium", "vscode-ansible", "vscode-python", "chocolatey-vscode", "vscode-prettier", "vscode-java", "vscode-yaml", "vscode-haskell", "vscode-mongo", "vscode-beautify", "vscode-intellicode", "vscode-pull-request-github", "vscode-kubernetes-tools", "vscode-autofilename", "vscode-codespellchecker", "vscode-icons", "vscode-csharp", "dsc.powershellcommunity", "notepadplusplus.install", "python", "pip", "github-desktop", "gh", "git.install", "git-lfx", "gnupg", "gpg4win", "openssh", "wsl", "wsl2", "adb", "universal-adb-drivers", "windows-adk-all", "dotnetfx", "vcredist-all", "microsoft-visual-cpp-build-tools", "patch-my-pc", "rocketchat", "discord", "pidgin", "signal", "steam", "obs-studio", "obs-ndi", "vlc", "gimp", "k-litecodecpackfull", "audacity", "audacity-lame", "screentogif", "adobereader", "installroot", "7zip.install", "curl", "autohotkey", "teracopy", "cpu-z.install", "eraser", "openstego", "vagrant", "vagrant-manager", "vagrant-vmware-utility", "virtualbox", "tabby", "nethor", "packer", "packer-windows-plugins", "windows-adk-oscdimg") 92 | choco install $chocopackages 93 | <# $PSversion = $PSVersionTable.PSVersion.Major 94 | If ($PSversion -ge "7") { 95 | Write-Output $chocopackages | ForEach-Object -Parallel { 96 | Write-Host "Installing $_" -ForegroundColor White -BackgroundColor Black 97 | Try { 98 | Choco install $_ --ignore-checksums | Out-Null 99 | } 100 | Catch { 101 | Write-Host "Failed to install $_" -ForegroundColor Red -BackgroundColor Black 102 | } 103 | } 104 | } 105 | Else { 106 | Write-Output $chocopackages | ForEach-Object { 107 | Write-Host "Installing $_" -ForegroundColor White -BackgroundColor Black 108 | Try { 109 | Choco install $_ --ignore-checksums | Out-Null 110 | } 111 | Catch { 112 | Write-Host "Failed to install $_" -ForegroundColor Red -BackgroundColor Black 113 | } 114 | } 115 | } #> 116 | 117 | #Packages that down't work while installing others 118 | Choco install vmwareworkstation vmware-horizon-client vmware-powercli-psmodule vmrc --ignore-checksums --force | Out-Null 119 | 120 | 121 | <# Optional Packages 122 | Write-Host "Installing Logging Tools" 123 | #choco install splunk-universalforwarder winlogbeat 124 | 125 | Write-Host "Installing Terminals" 126 | #choco install docker-desktop docker-compose docker-cli azure-cli awstools.powershell awscli kubernetes-cli 127 | 128 | Write-Host "Installing Java" 129 | #choco install jdk11 javaruntime 130 | 131 | Write-Host "Installing IDE and Dev Tools" 132 | #choco install visualstudio2019enterprise visualstudio2017-powershelltools arduino vscode-arduino vscode-puppet vscode-ruby 133 | 134 | Write-Host "Installing GIT Tools" 135 | #choco install postman markdownmonster 136 | 137 | Write-Host "Installing Windows Subsystem for Linux" 138 | #choco install wsl-ubuntu-2004 wsl-debiangnulinux wsl-kalilinux 139 | 140 | Write-Host "Installing Chat Clients" 141 | #choco install microsoft-teams.install 142 | 143 | Write-Host "Installing Document Readers" 144 | #choco install officeproplus2013 145 | 146 | Write-Host "Installing Misc." 147 | #choco install greenshot 148 | 149 | #Write-Host "Installing Baseline Tools" 150 | #choco install winsecuritybaseline mbsa 151 | 152 | #Write-Host "Installing AntiVirus" 153 | #choco install immunet clamav 154 | 155 | #Write-Host "Installing Smart Card Tools" 156 | #choco install opensc 157 | 158 | #Write-Host "Installing YubiKey Tools" 159 | #choco install yubikey-personalization-tool yubikey-manager yubikey-piv-manager 160 | #> 161 | } 162 | 163 | Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening" -ScriptBlock { 164 | Start-Sleep 120 165 | Write-Host "Configuring Windows - Optimizations, Debloating, and Hardening" 166 | New-Item "C:\" -Name "temp" -ItemType "directory" -Force 167 | Invoke-WebRequest -useb 'https://simeononsecurity.ch/scripts/windowsoptimizeandharden.ps1' | Invoke-Expression 168 | #Start-Job -Name "System Wide Ad and Tracker Blocking" -ScriptBlock { 169 | # iwr -useb 'https://simeononsecurity.ch/scripts/soswindowsadblocker.ps1' | iex 170 | #} 171 | #Start-Job -Name "SoS Branding" -ScriptBlock { 172 | # iwr -useb 'https://simeononsecurity.ch/scripts/sosbranding.ps1' | iex 173 | #} 174 | #Start-Job -Name "SoS Sysmon" -ScriptBlock { 175 | # iwr -useb 'https://simeononsecurity.ch/scripts/sosautomatesysmon.ps1'|iex 176 | #} 177 | 178 | #Allow Windows behinc a WSUS Server to auto repair itself 179 | #Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS) 180 | Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing" -Name "RepairContentServerSource" -Type "DWORD" -Value "2" -Force 181 | 182 | #Fix high performance timers to get better performance from Windows 10. 183 | bcdedit /deletevalue useplatformclock 184 | bcdedit /set useplatformclock false 185 | bcdedit /set useplatformtick yes 186 | bcdedit /set disabledynamictick yes 187 | bcdedit /set tscsyncpolicy Enhanced 188 | 189 | #Enable UDP offloading. 190 | #https://sites.google.com/view/melodystweaks/basictweaks#h.u4nrzzr3bd2q 191 | netsh int udp set global uro=enabled 192 | 193 | #Enable WH send and WH receive. 194 | #https://sites.google.com/view/melodystweaks/basictweaks#h.zb7ur84z9fzw 195 | #Get-NetAdapter -IncludeHidden | Set-NetIPInterface -WeakHostSend Enabled -WeakHostReceive Enabled -ErrorAction SilentlyContinue 196 | 197 | #Enable Winsock Send Autotuning (dynamic send-buffer) 198 | #https://sites.google.com/view/melodystweaks/basictweaks#h.wky682g85fbo 199 | netsh winsock set autotuning on 200 | 201 | #Disable 57-bits 5-level paging, also known as "Linear Address 57". Only 100% effective on 10th gen Intel. 256 TB of virtual memory per-disk is way much more than enough anyway. 202 | #https://sites.google.com/view/melodystweaks/basictweaks#h.j5c33bevlruo 203 | bcdedit /set linearaddress57 OptOut 204 | bcdedit /set increaseuserva 268435328 205 | 206 | #Avoid the use of uncontiguous portions of low-memory from the OS. Boosts memory performance and improves microstuttering at least 80% of the cases. Also fixes the command buffer stutter after disabling 5-level paging on 10th gen Intel. Causes system freeze on unstable memory sticks. 207 | #https://sites.google.com/view/melodystweaks/basictweaks#h.buwzs4hstahz 208 | bcdedit /set firstmegabytepolicy UseAll 209 | bcdedit /set avoidlowmemory 0x8000000 210 | bcdedit /set nolowmem Yes 211 | 212 | #Disable RAM compression. 213 | #https://sites.google.com/view/melodystweaks/basictweaks#h.kb5elprlojt0 214 | Disable-MMAgent -MemoryCompression 215 | 216 | #Use realtime priority for csrss.exe 217 | #https://sites.google.com/view/melodystweaks/basictweaks#h.ar95updq6a7j 218 | New-Item -Force "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" 219 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" -Name "CpuPriorityClass" -Type "DWORD" -Value "4" -Force 220 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" -Name "IoPriority" -Type "DWORD" -Value "1" -Force 221 | 222 | #Disallow drivers to get paged into virtual memory. 223 | #https://sites.google.com/view/melodystweaks/basictweaks#h.kvyfncl7jils 224 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "DisablePagingExecutive" -Type "DWORD" -Value "1" -Force 225 | 226 | #Use big system memory caching to improve microstuttering.. 227 | #https://sites.google.com/view/melodystweaks/basictweaks#h.luvkznpp3use 228 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "LargeSystemCache" -Type "DWORD" -Value "1" -Force 229 | 230 | #Enable X2Apic and enable Memory Mapping for PCI-E devices. 231 | #https://sites.google.com/view/melodystweaks/basictweaks#h.xm0jq1fzo2c3 232 | bcdedit /set x2apicpolicy Enable 233 | bcdedit /set configaccesspolicy Default 234 | bcdedit /set MSI Default 235 | bcdedit /set usephysicaldestination No 236 | bcdedit /set usefirmwarepcisettings No 237 | 238 | #Force contiguous memory allocation in the DirectX Graphics Kernel. 239 | #https://sites.google.com/view/melodystweaks/basictweaks#h.90c0dugs7bj 240 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "DpiMapIommuContiguous" -Type "DWORD" -Value "1" -Force 241 | 242 | #Force contiguous memory allocation in the NVIDIA driver 243 | #https://sites.google.com/view/melodystweaks/basictweaks#h.rfiwlr7de6uh 244 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Class\{ 4d36e968-e325-11ce-bfc1-08002be10318 }\0000" -Name "PreferSystemMemoryContiguous" -Type "DWORD" -Value "1" -Force 245 | 246 | #Enable Experimental Autotuning and NEWRENO congestion provider. 247 | #https://sites.google.com/view/melodystweaks/basictweaks#h.cflus4jbi8z9 248 | netsh int tcp set global autotuning=experimental 249 | netsh int tcp set supp internet congestionprovider=newreno 250 | New-Item -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\QoS" 251 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\QoS" -Name "Tcp Autotuning Level" -Type "STRING" -Value "Experimental" -Force 252 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\QoS" -Name "Application DSCP Marking Request" -Type "STRING" -Value "Allowed" -Force 253 | 254 | #Enable Teredo and 6to4 (Xbox LIVE fix) 255 | #https://sites.google.com/view/melodystweaks/basictweaks#h.94e648gkuiej 256 | netsh int teredo set state natawareclient 257 | netsh int 6to4 set state state=enabled 258 | 259 | #Enable detailed startup/shutdown messages. 260 | #https://sites.google.com/view/melodystweaks/basictweaks#h.tr2jz1iwx8e9 261 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "VerboseStatus" -Type "DWORD" -Value "1" -Force 262 | 263 | #Set Screen Timeout to 15 Minutes 264 | powercfg -change -monitor-timeout-ac 15 265 | 266 | #Enable Ultimate Performance 267 | powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61 268 | powercfg /setactive e9a42b02-d5df-448d-aa00-03f14749eb61 269 | 270 | #Process Idle Tasks 271 | Rundll32.exe advapi32.dll,ProcessIdleTasks 272 | 273 | #Enable Num Lock on logon and lock screen 274 | Set-ItemProperty "HKU:\.DEFAULT\Control Panel\Keyboard" "InitialKeyboardIndicators" 2 275 | 276 | #Enable Darkmode 277 | New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Force | Out-Null 278 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Type "DWORD" -Value "00000000" -Force 279 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Type "DWORD" -Value "00000000" -Force 280 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "ColorPrevalence" -Type "DWORD" -Value "00000000" -Force 281 | New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "EnableTransparency" -Type "DWORD" -Value "00000001" -Force 282 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Type "DWORD" -Value "00000000" -Force 283 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Type "DWORD" -Value "00000000" -Force 284 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "ColorPrevalence" -Type "DWORD" -Value "00000000" -Force 285 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "EnableTransparency" -Type "DWORD" -Value "00000001" -Force 286 | 287 | #https://notes.ponderworthy.com/fsutil-tweaks-for-ntfs-performance-and-reliability 288 | fsutil behavior set memoryusage 2 289 | #fsutil behavior set disablelastaccess 1 290 | fsutil behavior set mftzone 2 291 | #https://github.com/djdallmann/GamingPCSetup/blob/master/CONTENT/DOCS/POSTINSTALL/README.md 292 | fsutil behavior query Disabledeletenotify 293 | fsutil behavior set DisableDeleteNotify 0 294 | #Optimize NTFS file system parameters to reduce updates to some of the metadata that is tracked. 295 | fsutil behavior set disableLastAccess 1 296 | fsutil behavior set disable8dot3 1 297 | $DriveLetters = (Get-WmiObject -Class Win32_Volume).DriveLetter 298 | ForEach ($Drive in $DriveLetters) { 299 | If (-not ([string]::IsNullOrEmpty($Drive))) { 300 | Write-Host Optimizing "$Drive" Drive 301 | fsutil resource setavailable "$Drive" 302 | fsutil resource setlog shrink 10 "$Drive" 303 | fsutil repair set "$Drive" 0x01 304 | fsutil resource setautoreset true "$Drive" 305 | fsutil resource setconsistent "$Drive" 306 | } 307 | } 308 | 309 | #Windows Defender Exclusions 310 | Add-MpPreference -ExclusionPath ${env:ProgramFiles(x86)}"\Steam\" 311 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\Temp\NVIDIA Corporation\NV_Cache" 312 | Add-MpPreference -ExclusionPath $env:PROGRAMDATA"\NVIDIA Corporation\NV_Cache" 313 | Add-MpPreference -ExclusionProcess ${env:ProgramFiles(x86)}"\Common Files\Steam\SteamService.exe" 314 | 315 | #Awesome Miner Windows Defender Exclusions 316 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\AwesomeMiner" 317 | Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\AwesomeMinerService" 318 | Add-MpPreference -ExclusionPath $env:APPDATA"\AwesomeMiner" 319 | Add-MpPreference -ExclusionPath $env:APPDATA"\AwesomeMinerService" 320 | Add-MpPreference -ExclusionPath $env:PROGRAMDATA"\AwesomeMinerService" 321 | 322 | #Disable Unrequired Services 323 | #https://github.com/djdallmann/GamingPCSetup/tree/master/CONTENT/DOCS/SERVICES 324 | #ActiveX Controlls and Policy Enforcement via GPU - Uncomment if not used 325 | #Set-Service AxInstSV -StartupType Disabled 326 | #Time Zone Automatic Update - Uncomment if not used 327 | #Set-Service tzautoupdate -StartupType Disabled 328 | #Uncomment if you don't use or plan to use Bluetooth devices 329 | #Set-Service bthserv -StartupType Disabled 330 | Set-Service dmwappushservice -StartupType Disabled 331 | Set-Service MapsBroker -StartupType Disabled 332 | Set-Service lfsvc -StartupType Disabled 333 | Set-Service SharedAccess -StartupType Disabled 334 | Set-Service lltdsvc -StartupType Disabled 335 | Set-Service AppVClient -StartupType Disabled 336 | Set-Service NetTcpPortSharing -StartupType Disabled 337 | Set-Service CscService -StartupType Disabled 338 | Set-Service PhoneSvc -StartupType Disabled 339 | #Disable unless you use printers or scanners 340 | #Set-Service Spooler -StartupType Disabled 341 | #Disable unless you use printers or scanners 342 | #Set-Service PrintNotify -StartupType Disabled 343 | Set-Service QWAVE -StartupType Disabled 344 | #Disable if you don't use or plan to use wifi etc 345 | #Set-Service RmSvc -StartupType Disabled 346 | Set-Service RemoteAccess -StartupType Disabled 347 | Set-Service SensorDataService -StartupType Disabled 348 | Set-Service SensrSvc -StartupType Disabled 349 | Set-Service SensorService -StartupType Disabled 350 | Set-Service ShellHWDetection -StartupType Disabled 351 | #Disable if you don't use smart cards 352 | #Set-Service SCardSvr -StartupType Disabled 353 | ##Disable if you don't use smart cards 354 | #Set-Service ScDeviceEnum -StartupType Disabled 355 | Set-Service SSDPSRV -StartupType Disabled 356 | #Disable if you don't use a scanner. 357 | #Set-Service WiaRpc -StartupType Disabled 358 | #Disable if you don't use these features. 359 | #Set-Service TabletInputService -StartupType Disabled 360 | Set-Service upnphost -StartupType Disabled 361 | Set-Service UserDataSvc -StartupType Disabled 362 | Set-Service UevAgentService -StartupType Disabled 363 | Set-Service WalletService -StartupType Disabled 364 | Set-Service FrameServer -StartupType Disabled 365 | #Disable if you don't use image scanners 366 | #Set-Service stisvc -StartupType Disabled 367 | Set-Service wisvc -StartupType Disabled 368 | Set-Service icssvc -StartupType Disabled 369 | #Breaks Xbox Live Features - Uncomment if not used 370 | #Set-Service XblAuthManager -StartupType Disabled 371 | #Set-Service XblGameSave -StartupType Disabled 372 | Set-Service SEMgrSvc -StartupType Disabled 373 | Set-Service DiagTrack -StartupType Disabled 374 | 375 | #Remove Appx Packages (duplicate, but can't be too sure) 376 | Get-AppxPackage *print3d* | Remove-AppxPackage 377 | Get-AppxPackage *3dviewer* | Remove-AppxPackage 378 | Get-AppxPackage *zune* | Remove-AppxPackage 379 | Get-AppxPackage *minecraft* | Remove-AppxPackage 380 | Get-AppxPackage *bing* | Remove-AppxPackage 381 | Get-AppxPackage *skype* | Remove-AppxPackage 382 | Get-AppxPackage *solitaire* | Remove-AppxPackage 383 | Get-AppxPackage *candycrush* | Remove-AppxPackage 384 | Get-AppxPackage *netflix* | Remove-AppxPackage 385 | Get-AppxPackage *onenote* | Remove-AppxPackage 386 | Get-AppxPackage *dolby* | Remove-AppxPackage 387 | Get-AppxPackage *fitbit* | Remove-AppxPackage 388 | Get-AppxPackage *feedback* | Remove-AppxPackage 389 | Get-AppxPackage *yourphone* | Remove-AppxPackage 390 | 391 | #https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration 392 | New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name "DefaultShell" -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType "String" -Force 393 | 394 | Write-Host "Hiding Taskbar Search icon / box..." 395 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type "DWORD" -Value 0 396 | 397 | #Removes Paint3D stuff from context menu 398 | $Paint3Dstuff = @( 399 | "HKCR:\SystemFileAssociations\.3mf\Shell\3D Edit" 400 | "HKCR:\SystemFileAssociations\.bmp\Shell\3D Edit" 401 | "HKCR:\SystemFileAssociations\.fbx\Shell\3D Edit" 402 | "HKCR:\SystemFileAssociations\.gif\Shell\3D Edit" 403 | "HKCR:\SystemFileAssociations\.jfif\Shell\3D Edit" 404 | "HKCR:\SystemFileAssociations\.jpe\Shell\3D Edit" 405 | "HKCR:\SystemFileAssociations\.jpeg\Shell\3D Edit" 406 | "HKCR:\SystemFileAssociations\.jpg\Shell\3D Edit" 407 | "HKCR:\SystemFileAssociations\.png\Shell\3D Edit" 408 | "HKCR:\SystemFileAssociations\.tif\Shell\3D Edit" 409 | "HKCR:\SystemFileAssociations\.tiff\Shell\3D Edit" 410 | ) 411 | #Rename reg key to remove it, so it's revertible 412 | foreach ($Paint3D in $Paint3Dstuff) { 413 | If (Test-Path $Paint3D) { 414 | $rmPaint3D = $Paint3D + "_" 415 | Set-Item $Paint3D $rmPaint3D 416 | } 417 | } 418 | 419 | Write-Host "Disabling Action Center..." 420 | If (!(Test-Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) { 421 | New-Item -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null 422 | } 423 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type "DWORD" -Value 1 424 | Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type "DWORD" -Value 0 425 | 426 | #Do not suggest ways I can finish setting up my device to get the most out of Windows 427 | if (-not (Test-Path -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement")) { 428 | New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Force 429 | } 430 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement" -Name "ScoobeSystemSettingEnabled" -PropertyType "DWORD" -Value "0" -Force 431 | 432 | #Do not offer tailored experiences based on the diagnostic data setting 433 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -PropertyType "DWORD" -Value "0" -Force 434 | 435 | #Show hidden items in explorer 436 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -PropertyType "DWORD" -Value "1" -Force 437 | 438 | #Show file extentions in explorer 439 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -PropertyType "DWORD" -Value "0" -Force 440 | 441 | #Open to "this pc" in explorer 442 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -PropertyType "DWORD" -Value "1" -Force 443 | 444 | #Hide cortana taskbar button 445 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowCortanaButton" -PropertyType "DWORD" -Value "0" -Force 446 | 447 | #Hide task view button in explorer 448 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -PropertyType "DWORD" -Value "0" -Force 449 | 450 | #Hide people button in taskbar 451 | if (-not (Test-Path -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) { 452 | New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Force 453 | } 454 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -PropertyType "DWORD" -Value "0" -Force 455 | 456 | #Hide "3D Objects" in explorer 457 | if (-not (Test-Path -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ 31C0DD25-9439-4F12-BF41-7FF4EDA38722 }\PropertyBag")) { 458 | New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ 31C0DD25-9439-4F12-BF41-7FF4EDA38722 }\PropertyBag" -Force 459 | } 460 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ 31C0DD25-9439-4F12-BF41-7FF4EDA38722 }\PropertyBag" -Name "ThisPCPolicy" -PropertyType "String" -Value "Hide" -Force 461 | 462 | #Disable First Logon Animation 463 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableFirstLogonAnimation" -PropertyType "DWord" -Value "0" -Force 464 | 465 | #Remove Path Limit 466 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" -Name "LongPathsEnabled" -PropertyType "DWORD" -Value "1" -Force 467 | 468 | #Verbose BSoD 469 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" -Name "DisplayParameters" -PropertyType "DWORD" -Value "1" -Force 470 | 471 | #Use only latest .Net 472 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework" -Name "OnlyUseLatestCLR" -PropertyType "DWORD" -Value "1" -Force 473 | New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework" -Name "OnlyUseLatestCLR" -PropertyType "DWORD" -Value "1" -Force 474 | 475 | #Enable Windows Reserved Storage 476 | Set-WindowsReservedStorageState -State Enabled 477 | 478 | #Enable Restartable Apps 479 | New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "RestartApps" -Value "1" -Force 480 | 481 | #Enable Sandboxing for Windows Defender 482 | setx /M MP_FORCE_USE_SANDBOX 1 483 | 484 | #Harden IPv6 485 | #https://ernw.de/download/ERNW_Guide_to_Configure_Securely_Windows_Servers_For_IPv6_v1_0.pdf 486 | netsh interface ipv6 set global mldlevel=none 487 | netsh interface ipv6 set global icmpredirects=disabled 488 | netsh interface ipv6 set global defaultcurhoplimit=64 489 | netsh interface ipv6 isatap set state disabled 490 | #netsh interface ipv6 set teredo type=disabled 491 | #netsh interface ipv6 6to4 set state disabled 492 | 493 | #Hardware accelerated scheduling 494 | New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" -Name "HwSchMode" -Value 2 -Force 495 | 496 | #Get Insider Updates without joining the Insider Program and without having Telemetry enabled 497 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "BranchReadinessLevel" -Value 2 -Force 498 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ManagePreviewBuilds" -Value 1 -Force 499 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ManagePreviewBuildsPolicyValue" -Value 2 -Force 500 | 501 | 502 | #Auto Update Choco Packages 503 | $Sta = New-ScheduledTaskAction -Execute "powershell -Command 'choco upgrade all'" 504 | $Stset = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -RunOnlyIfIdle -IdleDuration 00:02:00 -IdleWaitTimeout 02:30:00 -ExecutionTimeLimit (New-TimeSpan -Hours 1) -DontStopOnIdleEnd -WakeToRun 505 | Register-ScheduledTask Task02 -Action $Sta -Settings $Stset 506 | } 507 | --------------------------------------------------------------------------------