|
|
|
|
@@ -1,7 +1,7 @@
|
|
|
|
|
##########
|
|
|
|
|
# Win10 / WinServer2016 Initial Setup Script
|
|
|
|
|
# Author: Disassembler <disassembler@dasm.cz>
|
|
|
|
|
# Version: v2.11, 2017-12-27
|
|
|
|
|
# Version: v2.12, 2018-01-09
|
|
|
|
|
# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script
|
|
|
|
|
##########
|
|
|
|
|
|
|
|
|
|
@@ -37,7 +37,7 @@ $tweaks = @(
|
|
|
|
|
"SetCurrentNetworkPrivate", # "SetCurrentNetworkPublic",
|
|
|
|
|
# "SetUnknownNetworksPrivate", # "SetUnknownNetworksPublic",
|
|
|
|
|
# "DisableNetDevicesAutoInst", # "EnableNetDevicesAutoInst",
|
|
|
|
|
"EnableCtrldFolderAccess", # "DisableCtrldFolderAccess",
|
|
|
|
|
# "EnableCtrldFolderAccess", # "DisableCtrldFolderAccess",
|
|
|
|
|
# "DisableFirewall", # "EnableFirewall",
|
|
|
|
|
# "DisableDefender", # "EnableDefender",
|
|
|
|
|
# "DisableDefenderCloud", # "EnableDefenderCloud",
|
|
|
|
|
@@ -122,6 +122,7 @@ $tweaks = @(
|
|
|
|
|
"DisableNewAppPrompt", # "EnableNewAppPrompt",
|
|
|
|
|
"EnableF8BootMenu", # "DisableF8BootMenu",
|
|
|
|
|
"SetDEPOptOut", # "SetDEPOptIn",
|
|
|
|
|
# "EnableMeltdownCompatFlag" # "DisableMeltdownCompatFlag",
|
|
|
|
|
|
|
|
|
|
### Server Specific Tweaks ###
|
|
|
|
|
# "HideServerManagerOnLogin", # "ShowServerManagerOnLogin",
|
|
|
|
|
@@ -130,6 +131,10 @@ $tweaks = @(
|
|
|
|
|
# "DisableCtrlAltDelLogin", # "EnableCtrlAltDelLogin",
|
|
|
|
|
# "DisableIEEnhancedSecurity", # "EnableIEEnhancedSecurity",
|
|
|
|
|
|
|
|
|
|
### Unpinning ###
|
|
|
|
|
# "UnpinStartMenuTiles",
|
|
|
|
|
# "UnpinTaskbarIcons",
|
|
|
|
|
|
|
|
|
|
### Auxiliary Functions ###
|
|
|
|
|
"WaitForKey",
|
|
|
|
|
"Restart"
|
|
|
|
|
@@ -147,6 +152,12 @@ Function DisableTelemetry {
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" | Out-Null
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater" | Out-Null
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy" | Out-Null
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" | Out-Null
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" | Out-Null
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" | Out-Null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Enable Telemetry
|
|
|
|
|
@@ -155,6 +166,12 @@ Function EnableTelemetry {
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" | Out-Null
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater" | Out-Null
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy" | Out-Null
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" | Out-Null
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" | Out-Null
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" | Out-Null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Disable Wi-Fi Sense
|
|
|
|
|
@@ -258,7 +275,7 @@ Function EnableAppSuggestions {
|
|
|
|
|
# Disable Background application access - ie. if apps can download or update when they aren't used - Cortana is excluded as its inclusion breaks start menu search
|
|
|
|
|
Function DisableBackgroundApps {
|
|
|
|
|
Write-Host "Disabling Background application access..."
|
|
|
|
|
Get-ChildItem "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*" | ForEach-Object {
|
|
|
|
|
Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*" | ForEach {
|
|
|
|
|
Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1
|
|
|
|
|
Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1
|
|
|
|
|
}
|
|
|
|
|
@@ -267,13 +284,13 @@ Function DisableBackgroundApps {
|
|
|
|
|
# Enable Background application access
|
|
|
|
|
Function EnableBackgroundApps {
|
|
|
|
|
Write-Host "Enabling Background application access..."
|
|
|
|
|
Get-ChildItem "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" | ForEach-Object {
|
|
|
|
|
Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" | ForEach {
|
|
|
|
|
Remove-ItemProperty -Path $_.PsPath -Name "Disabled" -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -ErrorAction SilentlyContinue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Disable Lock screen Spotlight - New backgrounds, tips, adveradvertisements etc.
|
|
|
|
|
# Disable Lock screen Spotlight - New backgrounds, tips, advertisements etc.
|
|
|
|
|
Function DisableLockScreenSpotlight {
|
|
|
|
|
Write-Host "Disabling Lock screen spotlight..."
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenEnabled" -Type DWord -Value 0
|
|
|
|
|
@@ -322,12 +339,16 @@ Function DisableFeedback {
|
|
|
|
|
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null
|
|
|
|
|
}
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Enable Feedback
|
|
|
|
|
Function EnableFeedback {
|
|
|
|
|
Write-Host "Enabling Feedback..."
|
|
|
|
|
Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -ErrorAction SilentlyContinue
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Disable Advertising ID
|
|
|
|
|
@@ -392,12 +413,14 @@ Function EnableCortana {
|
|
|
|
|
Function DisableErrorReporting {
|
|
|
|
|
Write-Host "Disabling Error reporting..."
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting" -Name "Disabled" -Type DWord -Value 1
|
|
|
|
|
Disable-ScheduledTask -TaskName "Microsoft\Windows\Windows Error Reporting\QueueReporting" | Out-Null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Enable Error reporting
|
|
|
|
|
Function EnableErrorReporting {
|
|
|
|
|
Write-Host "Enabling Error reporting..."
|
|
|
|
|
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting" -Name "Disabled" -ErrorAction SilentlyContinue
|
|
|
|
|
Enable-ScheduledTask -TaskName "Microsoft\Windows\Windows Error Reporting\QueueReporting" | Out-Null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Restrict Windows Update P2P only to local network
|
|
|
|
|
@@ -425,7 +448,7 @@ Function DisableAutoLogger {
|
|
|
|
|
Write-Host "Removing AutoLogger file and restricting directory..."
|
|
|
|
|
$autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger"
|
|
|
|
|
If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") {
|
|
|
|
|
Remove-Item "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl"
|
|
|
|
|
Remove-Item -Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl"
|
|
|
|
|
}
|
|
|
|
|
icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null
|
|
|
|
|
}
|
|
|
|
|
@@ -610,19 +633,19 @@ Function EnableDefender {
|
|
|
|
|
|
|
|
|
|
# Disable Windows Defender Cloud
|
|
|
|
|
Function DisableDefenderCloud {
|
|
|
|
|
Write-Host "Disabling Windows Defender Cloud..."
|
|
|
|
|
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet")) {
|
|
|
|
|
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Force | Out-Null
|
|
|
|
|
}
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpynetReporting" -Type DWord -Value 0
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesConsent" -Type DWord -Value 2
|
|
|
|
|
Write-Host "Disabling Windows Defender Cloud..."
|
|
|
|
|
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet")) {
|
|
|
|
|
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Force | Out-Null
|
|
|
|
|
}
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpynetReporting" -Type DWord -Value 0
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesConsent" -Type DWord -Value 2
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Enable Windows Defender Cloud
|
|
|
|
|
Function EnableDefenderCloud {
|
|
|
|
|
Write-Host "Enabling Windows Defender Cloud..."
|
|
|
|
|
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpynetReporting" -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesConsent" -ErrorAction SilentlyContinue
|
|
|
|
|
Write-Host "Enabling Windows Defender Cloud..."
|
|
|
|
|
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpynetReporting" -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesConsent" -ErrorAction SilentlyContinue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Disable offering of Malicious Software Removal Tool through Windows Update
|
|
|
|
|
@@ -759,13 +782,20 @@ Function EnableAutorun {
|
|
|
|
|
# Enable Storage Sense - automatic disk cleanup - Not applicable to Server
|
|
|
|
|
Function EnableStorageSense {
|
|
|
|
|
Write-Host "Enabling Storage Sense..."
|
|
|
|
|
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy")) {
|
|
|
|
|
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Force | Out-Null
|
|
|
|
|
}
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "01" -Type DWord -Value 1
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "04" -Type DWord -Value 1
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "08" -Type DWord -Value 1
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "32" -Type DWord -Value 0
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "StoragePoliciesNotified" -Type DWord -Value 1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Disable Storage Sense - Not applicable to Server
|
|
|
|
|
Function DisableStorageSense {
|
|
|
|
|
Write-Host "Disabling Storage Sense..."
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "01" -Type DWord -Value 1
|
|
|
|
|
Remove-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Disable scheduled defragmentation task
|
|
|
|
|
@@ -1592,10 +1622,10 @@ Function UninstallOneDrive {
|
|
|
|
|
Start-Sleep -s 3
|
|
|
|
|
Stop-Process -Name explorer -ErrorAction SilentlyContinue
|
|
|
|
|
Start-Sleep -s 3
|
|
|
|
|
Remove-Item "$env:USERPROFILE\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-Item "$env:LOCALAPPDATA\Microsoft\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-Item "$env:PROGRAMDATA\Microsoft OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-Item "$env:SYSTEMDRIVE\OneDriveTemp" -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-Item -Path "$env:USERPROFILE\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-Item -Path "$env:PROGRAMDATA\Microsoft OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
Remove-Item -Path "$env:SYSTEMDRIVE\OneDriveTemp" -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
|
If (!(Test-Path "HKCR:")) {
|
|
|
|
|
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
|
|
|
|
|
}
|
|
|
|
|
@@ -1721,6 +1751,12 @@ function UninstallThirdPartyBloat {
|
|
|
|
|
Get-AppxPackage "CAF9E577.Plex" | Remove-AppxPackage
|
|
|
|
|
Get-AppxPackage "A278AB0D.DisneyMagicKingdoms" | Remove-AppxPackage
|
|
|
|
|
Get-AppxPackage "828B5831.HiddenCityMysteryofShadows" | Remove-AppxPackage
|
|
|
|
|
Get-AppxPackage "WinZipComputing.WinZipUniversal" | Remove-AppxPackage
|
|
|
|
|
Get-AppxPackage "SpotifyAB.SpotifyMusic" | Remove-AppxPackage
|
|
|
|
|
Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage
|
|
|
|
|
Get-AppxPackage "2414FC7A.Viber" | Remove-AppxPackage
|
|
|
|
|
Get-AppxPackage "64885BlueEdge.OneCalendar" | Remove-AppxPackage
|
|
|
|
|
Get-AppxPackage "41038Axilesoft.ACGMediaPlayer" | Remove-AppxPackage
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Install default third party applications
|
|
|
|
|
@@ -1745,6 +1781,12 @@ Function InstallThirdPartyBloat {
|
|
|
|
|
Get-AppxPackage -AllUsers "CAF9E577.Plex" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
Get-AppxPackage -AllUsers "A278AB0D.DisneyMagicKingdoms" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
Get-AppxPackage -AllUsers "828B5831.HiddenCityMysteryofShadows" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
Get-AppxPackage -AllUsers "WinZipComputing.WinZipUniversal" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
Get-AppxPackage -AllUsers "SpotifyAB.SpotifyMusic" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
Get-AppxPackage -AllUsers "PandoraMediaInc.29680B314EFC2" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
Get-AppxPackage -AllUsers "2414FC7A.Viber" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
Get-AppxPackage -AllUsers "64885BlueEdge.OneCalendar" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
Get-AppxPackage -AllUsers "41038Axilesoft.ACGMediaPlayer" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Uninstall Windows Store
|
|
|
|
|
@@ -1973,6 +2015,24 @@ Function SetDEPOptIn {
|
|
|
|
|
bcdedit /set `{current`} nx OptIn | Out-Null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Enable Meltdown (CVE-2017-5754) compatibility flag - Required for January 2018 and all subsequent Windows updates
|
|
|
|
|
# This flag is normally automatically enabled by compatible antivirus software (such as Windows Defender).
|
|
|
|
|
# Use the tweak only if you have confirmed that your AV is compatible but unable to set the flag automatically or if you don't use any AV at all.
|
|
|
|
|
# See https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software for details.
|
|
|
|
|
Function EnableMeltdownCompatFlag {
|
|
|
|
|
Write-Host "Enabling Meltdown (CVE-2017-5754) compatibility flag..."
|
|
|
|
|
If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat")) {
|
|
|
|
|
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" | Out-Null
|
|
|
|
|
}
|
|
|
|
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" -Name "cadca5fe-87d3-4b96-b7fb-a231484277cc" -Type DWord -Value 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Disable Meltdown (CVE-2017-5754) compatibility flag
|
|
|
|
|
Function DisableMeltdownCompatFlag {
|
|
|
|
|
Write-Host "Disabling Meltdown (CVE-2017-5754) compatibility flag..."
|
|
|
|
|
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" -Name "cadca5fe-87d3-4b96-b7fb-a231484277cc" -ErrorAction SilentlyContinue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##########
|
|
|
|
|
@@ -2057,6 +2117,29 @@ Function EnableIEEnhancedSecurity {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##########
|
|
|
|
|
# Unpinning
|
|
|
|
|
##########
|
|
|
|
|
|
|
|
|
|
# Unpin all Start Menu tiles - Not applicable to Server - Note: This function has no counterpart. You have to pin the tiles back manually.
|
|
|
|
|
Function UnpinStartMenuTiles {
|
|
|
|
|
Write-Host "Unpinning all Start Menu tiles"
|
|
|
|
|
Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount" -Include "*.group" -Recurse | ForEach-Object {
|
|
|
|
|
$data = (Get-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data").Data -Join ","
|
|
|
|
|
$data = $data.Substring(0, $data.IndexOf(",0,202,30") + 9) + ",0,202,80,0,0"
|
|
|
|
|
Set-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data" -Type Binary -Value $data.Split(",")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Unpin all Taskbar icons - Note: This function has no counterpart. You have to pin the icons back manually.
|
|
|
|
|
Function UnpinTaskbarIcons {
|
|
|
|
|
Write-Host "Unpinning all Taskbar icons"
|
|
|
|
|
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband" -Name "Favorites" -Type Binary -Value ([byte[]](0xFF))
|
|
|
|
|
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband" -Name "FavoritesResolve" -ErrorAction SilentlyContinue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##########
|
|
|
|
|
# Auxiliary Functions
|
|
|
|
|
##########
|
|
|
|
|
|
