github/Win10-Initial-Setup-Script
1
1
Fork 0
mirror of https://github.com/Disassembler0/Win10-Initial-Setup-Script.git synced 2026-01-11 23:18:19 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:2.14
Branches Tags
github:master github:version4
github:3.10 github:3.9 github:3.8 github:3.7 github:3.6 github:3.5 github:3.4 github:3.3 github:3.2 github:3.1 github:3.0 github:2.21 github:2.20 github:2.14 github:2.13 github:2.12 github:2.11 github:2.10 github:2.9 github:2.8 github:2.7 github:2.6 github:2.5 github:2.4 github:2.3 github:2.2 github:2.1 github:2.0 github:1.7 github:1.6 github:1.5 github:1.4 github:1.3 github:1.2 github:1.1 github:1.0
..
compare: github:2.13
Branches Tags
github:master github:version4
github:3.10 github:3.9 github:3.8 github:3.7 github:3.6 github:3.5 github:3.4 github:3.3 github:3.2 github:3.1 github:3.0 github:2.21 github:2.20 github:2.14 github:2.13 github:2.12 github:2.11 github:2.10 github:2.9 github:2.8 github:2.7 github:2.6 github:2.5 github:2.4 github:2.3 github:2.2 github:2.1 github:2.0 github:1.7 github:1.6 github:1.5 github:1.4 github:1.3 github:1.2 github:1.1 github:1.0

1 Commits
2.14 ... 2.13

Author SHA1 Message Date
Disassembler
2ad2fe65d9 v2.13, 2018-03-18 
- Add "Disable Windows Script Host"
 - Add "Uninstall Microsoft Print to PDF"
 - Add "Uninstall Microsoft XPS Document Writer"
 - Add "Remove Default Fax Printer" (thx @MisterDuval)
 - Add more 3rd party bloatware for removal (thx @iamteerawut)
 - Add more Microsoft bloatware for removal
 - Replace Write-Host cmdlet with Write-Output
 2018-03-18 20:20:56 +01:00
7 changed files with 11 additions and 206 deletions
Expand all files Collapse all files

68
Win10.ps1
View File

@@ -1,7 +1,7 @@
##########
# Win10 / WinServer2016 Initial Setup Script
# Author: Disassembler <disassembler@dasm.cz>
# Version: v2.14, 2018-04-06
# Version: v2.13, 2018-03-18
# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script
##########
@@ -44,7 +44,6 @@ $tweaks = @(
"EnableF8BootMenu", # "DisableF8BootMenu",
"SetDEPOptOut", # "SetDEPOptIn",
"DisableScriptHost", # "EnableScriptHost",
"EnableDotNetStrongCrypto", # "DisableDotNetStrongCrypto",
# "EnableMeltdownCompatFlag" # "DisableMeltdownCompatFlag",
### Service Tweaks ###
@@ -124,7 +123,6 @@ $tweaks = @(
"DisableXboxFeatures", # "EnableXboxFeatures",
"DisableAdobeFlash", # "EnableAdobeFlash",
# "UninstallMediaPlayer", # "InstallMediaPlayer",
# "UninstallInternetExplorer", # "InstallInternetExplorer",
# "UninstallWorkFolders", # "InstallWorkFolders",
# "InstallLinuxSubsystem", # "UninstallLinuxSubsystem",
# "InstallHyperV", # "UninstallHyperV",
@@ -140,7 +138,6 @@ $tweaks = @(
# "DisablePasswordPolicy", # "EnablePasswordPolicy",
# "DisableCtrlAltDelLogin", # "EnableCtrlAltDelLogin",
# "DisableIEEnhancedSecurity", # "EnableIEEnhancedSecurity",
# "EnableAudio", # "DisableAudio",
### Unpinning ###
# "UnpinStartMenuTiles",
@@ -164,12 +161,8 @@ $tweaks = @(
Function DisableTelemetry {
Write-Output "Disabling Telemetry..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" | Out-Null
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater" | Out-Null
Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy" | Out-Null
@@ -182,12 +175,8 @@ Function DisableTelemetry {
Function EnableTelemetry {
Write-Output "Enabling Telemetry..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -ErrorAction SilentlyContinue
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 2
Enable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" | Out-Null
Enable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater" | Out-Null
Enable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy" | Out-Null
@@ -380,12 +369,20 @@ Function DisableAdvertisingID {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 0
}
# Enable Advertising ID
Function EnableAdvertisingID {
Write-Output "Enabling Advertising ID..."
Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -ErrorAction SilentlyContinue
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 2
}
# Disable Cortana
@@ -698,21 +695,6 @@ Function EnableScriptHost {
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings" -Name "Enabled" -ErrorAction SilentlyContinue
}
# Enable strong cryptography for .NET Framework (version 4 and above)
# https://stackoverflow.com/questions/36265534/invoke-webrequest-ssl-fails
Function EnableDotNetStrongCrypto {
Write-output "Enabling .NET strong cryptography..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Type DWord -Value 1
}
# Disable strong cryptography for .NET Framework (version 4 and above)
Function DisableDotNetStrongCrypto {
Write-output "Disabling .NET strong cryptography..."
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -ErrorAction SilentlyContinue
}
# Enable Meltdown (CVE-2017-5754) compatibility flag - Required for January 2018 and all subsequent Windows updates
# This flag is normally automatically enabled by compatible antivirus software (such as Windows Defender).
# Use the tweak only if you have confirmed that your AV is compatible but unable to set the flag automatically or if you don't use any AV at all.
@@ -832,7 +814,6 @@ Function EnableRemoteDesktop {
Write-Output "Enabling Remote Desktop w/o Network Level Authentication..."
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
Enable-NetFirewallRule -Name "RemoteDesktop*"
}
# Disable Remote Desktop
@@ -840,7 +821,6 @@ Function DisableRemoteDesktop {
Write-Output "Disabling Remote Desktop..."
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 1
Disable-NetFirewallRule -Name "RemoteDesktop*"
}
# Disable Autoplay
@@ -1995,18 +1975,6 @@ Function InstallMediaPlayer {
Enable-WindowsOptionalFeature -Online -FeatureName "WindowsMediaPlayer" -NoRestart -WarningAction SilentlyContinue | Out-Null
}
# Uninstall Internet Explorer
Function UninstallInternetExplorer {
Write-Output "Uninstalling Internet Explorer..."
Disable-WindowsOptionalFeature -Online -FeatureName "Internet-Explorer-Optional-amd64" -NoRestart -WarningAction SilentlyContinue | Out-Null
}
# Install Internet Explorer
Function InstallInternetExplorer {
Write-Output "Installing Internet Explorer..."
Enable-WindowsOptionalFeature -Online -FeatureName "Internet-Explorer-Optional-amd64" -NoRestart -WarningAction SilentlyContinue | Out-Null
}
# Uninstall Work Folders Client - Not applicable to Server
Function UninstallWorkFolders {
Write-Output "Uninstalling Work Folders Client..."
@@ -2224,20 +2192,6 @@ Function EnableIEEnhancedSecurity {
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Type DWord -Value 1
}
# Enable Audio
Function EnableAudio {
Write-Output "Enabling Audio..."
Set-Service "Audiosrv" -StartupType Automatic
Start-Service "Audiosrv" -WarningAction SilentlyContinue
}
# Disable Audio
Function DisableAudio {
Write-Output "Disabling Audio..."
Stop-Service "Audiosrv" -WarningAction SilentlyContinue
Set-Service "Audiosrv" -StartupType Manual
}
##########

3
test/Default.bat
View File

@@ -1,3 +0,0 @@
@ECHO OFF
powershell.exe -NoProfile -ExecutionPolicy Bypass -File "..\Win10.ps1" -preset "Default.preset"

134
test/Default.preset
View File

@@ -1,134 +0,0 @@
# Default preset
RequireAdmin
DisableTelemetry
DisableWiFiSense
# DisableSmartScreen
DisableWebSearch
DisableAppSuggestions
DisableBackgroundApps
DisableLockScreenSpotlight
DisableLocationTracking
DisableMapUpdates
DisableFeedback
DisableAdvertisingID
DisableCortana
DisableErrorReporting
SetP2PUpdateLocal
DisableAutoLogger
DisableDiagTrack
DisableWAPPush
# SetUACLow
# EnableSharingMappedDrives
DisableAdminShares
# DisableSMB1
SetCurrentNetworkPrivate
# SetUnknownNetworksPrivate
# DisableNetDevicesAutoInst
# EnableCtrldFolderAccess
# DisableFirewall
# DisableDefender
# DisableDefenderCloud
EnableF8BootMenu
SetDEPOptOut
DisableScriptHost
EnableDotNetStrongCrypto
# EnableMeltdownCompatFlag
# DisableUpdateMSRT
# DisableUpdateDriver
DisableUpdateRestart
DisableHomeGroups
DisableSharedExperiences
DisableRemoteAssistance
EnableRemoteDesktop
DisableAutoplay
DisableAutorun
# EnableStorageSense
# DisableDefragmentation
# DisableSuperfetch
# DisableIndexing
# SetBIOSTimeUTC
# EnableHibernation
# DisableSleepButton
# DisableSleepTimeout
# DisableFastStartup
DisableActionCenter
DisableLockScreen
# DisableLockScreenRS1
HideNetworkFromLockScreen
HideShutdownFromLockScreen
DisableStickyKeys
ShowTaskManagerDetails"
ShowFileOperationsDetails
# EnableFileDeleteConfirm
HideTaskbarSearchBox
HideTaskView
ShowSmallTaskbarIcons
ShowTaskbarTitles
HideTaskbarPeopleIcon
ShowTrayIcons
DisableSearchAppInStore
DisableNewAppPrompt
# SetControlPanelViewIcons
SetVisualFXPerformance
# AddENKeyboard
# EnableNumlock
ShowKnownExtensions
ShowHiddenFiles
HideSyncNotifications
HideRecentShortcuts
SetExplorerThisPC
ShowThisPCOnDesktop
# ShowUserFolderOnDesktop
HideDesktopFromThisPC
# HideDesktopFromExplorer
HideDocumentsFromThisPC
# HideDocumentsFromExplorer
HideDownloadsFromThisPC
# HideDownloadsFromExplorer
HideMusicFromThisPC
# HideMusicFromExplorer
HidePicturesFromThisPC
# HidePicturesFromExplorer
HideVideosFromThisPC
# HideVideosFromExplorer
Hide3DObjectsFromThisPC
# Hide3DObjectsFromExplorer
# DisableThumbnails
DisableThumbsDB
DisableOneDrive
UninstallOneDrive
UninstallMsftBloat
UninstallThirdPartyBloat
# UninstallWindowsStore
DisableXboxFeatures
DisableAdobeFlash
# UninstallMediaPlayer
# UninstallInternetExplorer
# UninstallWorkFolders
# InstallLinuxSubsystem
# InstallHyperV
SetPhotoViewerAssociation
AddPhotoViewerOpenWith
# UninstallPDFPrinter
UninstallXPSPrinter
RemoveFaxPrinter
# HideServerManagerOnLogin
# DisableShutdownTracker
# DisablePasswordPolicy
# DisableCtrlAltDelLogin
# DisableIEEnhancedSecurity
# EnableAudio
# UnpinStartMenuTiles
# UnpinTaskbarIcons
WaitForKey
Restart

3
test/Win10-ApplyAll.preset
View File

@@ -34,7 +34,6 @@ DisableDefenderCloud
EnableF8BootMenu
SetDEPOptOut
DisableScriptHost
EnableDotNetStrongCrypto
EnableMeltdownCompatFlag
DisableUpdateMSRT
@@ -110,7 +109,6 @@ UninstallWindowsStore
DisableXboxFeatures
DisableAdobeFlash
UninstallMediaPlayer
UninstallInternetExplorer
UninstallWorkFolders
InstallLinuxSubsystem
InstallHyperV
@@ -125,7 +123,6 @@ RemoveFaxPrinter
# DisablePasswordPolicy
# DisableCtrlAltDelLogin
# DisableIEEnhancedSecurity
# EnableAudio
UnpinStartMenuTiles
UnpinTaskbarIcons

3
test/Win10-RestoreAll.preset
View File

@@ -34,7 +34,6 @@ EnableDefenderCloud
DisableF8BootMenu
SetDEPOptIn
EnableScriptHost
DisableDotNetStrongCrypto
DisableMeltdownCompatFlag
EnableUpdateMSRT
@@ -110,7 +109,6 @@ InstallWindowsStore
EnableXboxFeatures
EnableAdobeFlash
InstallMediaPlayer
InstallInternetExplorer
InstallWorkFolders
UninstallLinuxSubsystem
UninstallHyperV
@@ -125,7 +123,6 @@ AddFaxPrinter
# EnablePasswordPolicy
# EnableCtrlAltDelLogin
# EnableIEEnhancedSecurity
# DisableAudio
WaitForKey
Restart

3
test/WinServer2016-ApplyAll.preset
View File

@@ -34,7 +34,6 @@ DisableDefenderCloud
EnableF8BootMenu
SetDEPOptOut
DisableScriptHost
EnableDotNetStrongCrypto
EnableMeltdownCompatFlag
DisableUpdateMSRT
@@ -110,7 +109,6 @@ UninstallWindowsStore
DisableXboxFeatures
DisableAdobeFlash
UninstallMediaPlayer
UninstallInternetExplorer
# UninstallWorkFolders
# InstallLinuxSubsystem
InstallHyperV
@@ -125,7 +123,6 @@ DisableShutdownTracker
DisablePasswordPolicy
DisableCtrlAltDelLogin
DisableIEEnhancedSecurity
EnableAudio
# UnpinStartMenuTiles
UnpinTaskbarIcons

3
test/WinServer2016-RestoreAll.preset
View File

@@ -34,7 +34,6 @@ EnableDefenderCloud
DisableF8BootMenu
SetDEPOptIn
EnableScriptHost
DisableDotNetStrongCrypto
DisableMeltdownCompatFlag
EnableUpdateMSRT
@@ -110,7 +109,6 @@ InstallWindowsStore
EnableXboxFeatures
EnableAdobeFlash
InstallMediaPlayer
InstallInternetExplorer
# InstallWorkFolders
# UninstallLinuxSubsystem
UninstallHyperV
@@ -125,7 +123,6 @@ EnableShutdownTracker
EnablePasswordPolicy
EnableCtrlAltDelLogin
EnableIEEnhancedSecurity
DisableAudio
WaitForKey
Restart