v2.9, 2017-10-22

- Added "DisableSharedExperiences" (thx @DaNy3LL)
- Added "Hide3DObjectsFromThisPC"
- Added "DisableAdobeFlash"
- Commented out "DisableSMB1" as 1709 (RS3) disables it implicitly

README.md

@@ -38,7 +38,7 @@ Command using the preset file above:
 **A:** Yes! In fact the script has been written to support exactly this as it's not uncommon that big Windows Updates reset some of the settings.
 
 **Q:** Can I run the script in multi-user environment?  
-**A:** Yes, to certain extent. Some tweaks (most notably UI tweaks) are set only for the user currently executing the script. As stated above, the script can be run repeatedly; therefore it's possible to run it multiple times, each time as different user. Due to the nature of authentication and privilege escalation mechanisms in Windows, the script can be successfully applied only for users belonging to *Administrators* group. Standard users will get an UAC prompt asking for admin credentials which then causes the tweaks to be applied to the given admin account instead of the original non-privileged one. To circumvent this, add the standard user to the *Administrators* group, run the script, and then remove the user from *Administrators* group again. There are a few ways how the same functionality can be achieved programmatically, but I'm not planning to include any of them as it would negatively impact code complexity and readability.
+**A:** Yes, to certain extent. Some tweaks (most notably UI tweaks) are set only for the user currently executing the script. As stated above, the script can be run repeatedly; therefore it's possible to run it multiple times, each time as different user. Due to the nature of authentication and privilege escalation mechanisms in Windows, the script can be successfully applied only for users belonging to *Administrators* group. Standard users will get an UAC prompt asking for admin credentials which then causes the tweaks to be applied to the given admin account instead of the original non-privileged one. To circumvent this, add the standard user to the *Administrators* group, run the script, and then remove the user from *Administrators* group again. There are a few ways how the same functionality can be achieved programmatically, but I'm not planning to include any of them as it would negatively impact code complexity and readability. If you still wish to try to use the script in multi-user environment, check [this answer in issue #29](https://github.com/Disassembler0/Win10-Initial-Setup-Script/issues/29#issuecomment-333040591) for some pointers.
 
 **Q:** Can I run the script on Windows Server 2016?  
 **A:** Yes. Starting from version 2.5, Windows Server 2016 is supported. There are even few tweaks specific to Server environment. Keep in mind though, that the script is still primarily designed for Windows 10, so you have to create your own preset for Windows Server 2016.

Win10.ps1

@@ -1,7 +1,7 @@
 ##########
 # Win10 / WinServer2016 Initial Setup Script
 # Author: Disassembler <disassembler@dasm.cz>
-# Version: v2.8, 2017-09-09
+# Version: v2.9, 2017-10-22
 # Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script
 ##########
 
@@ -31,7 +31,7 @@ $tweaks = @(
 	# "SetUACLow",                  # "SetUACHigh",
 	# "EnableSharingMappedDrives",  # "DisableSharingMappedDrives",
 	"DisableAdminShares",           # "EnableAdminShares",
-	"DisableSMB1",                  # "EnableSMB1",
+	# "DisableSMB1",                # "EnableSMB1",
 	"SetCurrentNetworkPrivate",     # "SetCurrentNetworkPublic",
 	# "SetUnknownNetworksPrivate",  # "SetUnknownNetworksPublic",
 	# "DisableFirewall",            # "EnableFirewall",
@@ -40,6 +40,7 @@ $tweaks = @(
 	# "DisableUpdateDriver",        # "EnableUpdateDriver",
 	"DisableUpdateRestart",         # "EnableUpdateRestart",
 	"DisableHomeGroups",            # "EnableHomeGroups",
+	"DisableSharedExperiences",     # "EnableSharedExperiences",
 	"DisableRemoteAssistance",      # "EnableRemoteAssistance",
 	"EnableRemoteDesktop",          # "DisableRemoteDesktop",
 	"DisableAutoplay",              # "EnableAutoplay",
@@ -79,6 +80,7 @@ $tweaks = @(
 	"HideMusicFromThisPC",          # "ShowMusicInThisPC",
 	"HidePicturesFromThisPC",       # "ShowPicturesInThisPC",
 	"HideVideosFromThisPC",         # "ShowVideosInThisPC",
+	"Hide3DObjectsFromThisPC",      # "Show3DObjectsInThisPC",
 	"SetVisualFXPerformance",       # "SetVisualFXAppearance",
 	# "DisableThumbnails",          # "EnableThumbnails",
 	"DisableThumbsDB",              # "EnableThumbsDB",
@@ -93,6 +95,7 @@ $tweaks = @(
 	# "UninstallWindowsStore",      # "InstallWindowsStore",
 	"DisableConsumerApps",          # "EnableConsumerApps",
 	"DisableXboxFeatures",          # "EnableXboxFeatures",
+	"DisableAdobeFlash",            # "EnableAdobeFlash",
 	# "UninstallMediaPlayer",       # "InstallMediaPlayer",
 	# "UninstallWorkFolders",       # "InstallWorkFolders",
 	# "InstallLinuxSubsystem",      # "UninstallLinuxSubsystem",
@@ -425,13 +428,13 @@ Function EnableAdminShares {
 	Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareWks" -ErrorAction SilentlyContinue
 }
 
-# Disable obsolete SMB 1.0 protocol
+# Disable obsolete SMB 1.0 protocol - Disabled by default since 1709
 Function DisableSMB1 {
 	Write-Host "Disabling SMB 1.0 protocol..."
 	Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
 }
 
-# Enable obsolete SMB 1.0 protocol
+# Enable obsolete SMB 1.0 protocol - Disabled by default since 1709
 Function EnableSMB1 {
 	Write-Host "Enabling SMB 1.0 protocol..."
 	Set-SmbServerConfiguration -EnableSMB1Protocol $true -Force
@@ -562,6 +565,18 @@ Function EnableHomeGroups {
 	Start-Service "HomeGroupProvider" -WarningAction SilentlyContinue
 }
 
+# Disable Shared Experiences - Not applicable to Server
+Function DisableSharedExperiences {
+	Write-Host "Disabling Shared Experiences..."
+	Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" -Name "RomeSdkChannelUserAuthzPolicy" -Type DWord -Value 0
+}
+
+# Enable Shared Experiences - Not applicable to Server
+Function EnableSharedExperiences {
+	Write-Host "Enabling Shared Experiences..."
+	Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" -Name "RomeSdkChannelUserAuthzPolicy" -Type DWord -Value 1
+}
+
 # Disable Remote Assistance - Not applicable to Server (unless Remote Assistance is explicitly installed)
 Function DisableRemoteAssistance {
 	Write-Host "Disabling Remote Assistance..."
@@ -738,7 +753,7 @@ Function EnableLockScreen {
 	Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" -ErrorAction SilentlyContinue
 }
 
-# Disable Lock screen (Anniversary Update workaround) - Applicable to RS1 or newer
+# Disable Lock screen (Anniversary Update workaround) - Applicable to 1607 or newer
 Function DisableLockScreenRS1 {
 	Write-Host "Disabling Lock screen using scheduler workaround..."
 	$service = New-Object -com Schedule.Service
@@ -754,7 +769,7 @@ Function DisableLockScreenRS1 {
 	$service.GetFolder("\").RegisterTaskDefinition("Disable LockScreen", $task, 6, "NT AUTHORITY\SYSTEM", $null, 4) | Out-Null
 }
 
-# Enable Lock screen (Anniversary Update workaround) - Applicable to RS1 or newer
+# Enable Lock screen (Anniversary Update workaround) - Applicable to 1607 or newer
 Function EnableLockScreenRS1 {
 	Write-Host "Enabling Lock screen (removing scheduler workaround)..."
 	Unregister-ScheduledTask -TaskName "Disable LockScreen" -Confirm:$false -ErrorAction SilentlyContinue
@@ -1096,6 +1111,26 @@ Function ShowVideosInThisPC {
 	Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Show"
 }
 
+# Hide 3D Objects icon from This PC
+Function Hide3DObjectsFromThisPC {
+	Write-Host "Hiding 3D Objects icon from This PC..."
+	If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag")) {
+		New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Force | Out-Null
+	}
+	Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Hide"
+	If (!(Test-Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag")) {
+		New-Item -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Force | Out-Null
+	}
+	Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -Type String -Value "Hide"
+}
+
+# Show 3D Objects icon in This PC
+Function Show3DObjectsInThisPC {
+	Write-Host "Showing 3D Objects icon in This PC..."
+	Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -ErrorAction SilentlyContinue
+	Remove-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" -Name "ThisPCPolicy" -ErrorAction SilentlyContinue
+}
+
 # Adjusts visual effects for performance - Disables animations, transparency etc. but leaves font smoothing and miniatures enabled
 Function SetVisualFXPerformance {
 	Write-Host "Adjusting visual effects for performance..."
@@ -1432,6 +1467,26 @@ Function EnableXboxFeatures {
 	Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -ErrorAction SilentlyContinue
 }
 
+# Disable built-in Adobe Flash in IE and Edge
+Function DisableAdobeFlash {
+	Write-Host "Disabling built-in Adobe Flash in IE and Edge..."
+	If (!(Test-Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons")) {
+		New-Item -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Force | Out-Null
+	}
+	Set-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Name "FlashPlayerEnabled" -Type DWord -Value 0
+	If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}")) {
+		New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Force | Out-Null
+	}
+	Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Name "Flags" -Type DWord -Value 1
+}
+
+# Enable built-in Adobe Flash in IE and Edge
+Function EnableAdobeFlash {
+	Write-Host "Enabling built-in Adobe Flash in IE and Edge..."
+	Remove-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons" -Name "FlashPlayerEnabled" -ErrorAction SilentlyContinue
+	Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}" -Name "Flags" -ErrorAction SilentlyContinue
+}
+
 # Uninstall Windows Media Player
 Function UninstallMediaPlayer {
 	Write-Host "Uninstalling Windows Media Player..."
@@ -1456,7 +1511,7 @@ Function InstallWorkFolders {
 	Enable-WindowsOptionalFeature -Online -FeatureName "WorkFolders-Client" -NoRestart -WarningAction SilentlyContinue | Out-Null
 }
 
-# Install Linux Subsystem - Applicable to RS1 or newer, not applicable to Server yet
+# Install Linux Subsystem - Applicable to 1607 or newer, not applicable to Server yet
 Function InstallLinuxSubsystem {
 	Write-Host "Installing Linux Subsystem..."
 	Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1
@@ -1464,7 +1519,7 @@ Function InstallLinuxSubsystem {
 	Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null
 }
 
-# Uninstall Linux Subsystem - Applicable to RS1 or newer, not applicable to Server yet
+# Uninstall Linux Subsystem - Applicable to 1607 or newer, not applicable to Server yet
 Function UninstallLinuxSubsystem {
 	Write-Host "Uninstalling Linux Subsystem..."
 	Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 0
@@ -1688,7 +1743,7 @@ Function EnableIEEnhancedSecurity {
 # Relaunch the script with administrator privileges
 Function RequireAdmin {
 	If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
-		Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $args" -WorkingDirectory $pwd -Verb RunAs
+		Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -WorkingDirectory $pwd -Verb RunAs
 		Exit
 	}
 }
@@ -1712,11 +1767,19 @@ Function Restart {
 # Parse parameters and apply tweaks
 ##########
 
+# Normalize path to preset file
+$preset = ""
+$PSCommandArgs = $args
+If ($args -And $args[0].ToLower() -eq "-preset") {
+	$preset = Resolve-Path $($args | Select-Object -Skip 1)
+	$PSCommandArgs = "-preset `"$preset`""
+}
+
 # Load function names from command line arguments or a preset file
 If ($args) {
 	$tweaks = $args
-	If ($args[0].ToLower() -eq "-preset") {
-		$tweaks = Get-Content "$($args | Select-Object -Skip 1)" -ErrorAction Stop | ForEach { $_.Trim() } | Where { $_ -ne "" -and $_[0] -ne "#" }
+	If ($preset) {
+		$tweaks = Get-Content $preset -ErrorAction Stop | ForEach { $_.Trim() } | Where { $_ -ne "" -and $_[0] -ne "#" }
 	}
 }
 

test/Win10-ApplyAll.bat

@@ -1,3 +1,3 @@
 @ECHO OFF
 
-powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0..\Win10.ps1" -preset "%~dp0Win10-ApplyAll.preset"
+powershell.exe -NoProfile -ExecutionPolicy Bypass -File "..\Win10.ps1" -preset "Win10-ApplyAll.preset"

test/Win10-ApplyAll.preset

@@ -21,7 +21,7 @@ DisableWAPPush
 SetUACLow
 EnableSharingMappedDrives
 DisableAdminShares
-DisableSMB1
+# DisableSMB1
 SetCurrentNetworkPrivate
 SetUnknownNetworksPrivate
 DisableFirewall
@@ -30,6 +30,7 @@ DisableUpdateMSRT
 DisableUpdateDriver
 DisableUpdateRestart
 DisableHomeGroups
+DisableSharedExperiences
 DisableRemoteAssistance
 EnableRemoteDesktop
 DisableAutoplay
@@ -68,6 +69,7 @@ HideDownloadsFromThisPC
 HideMusicFromThisPC
 HidePicturesFromThisPC
 HideVideosFromThisPC
+Hide3DObjectsFromThisPC
 SetVisualFXPerformance
 DisableThumbnails
 DisableThumbsDB
@@ -81,6 +83,7 @@ UninstallThirdPartyBloat
 UninstallWindowsStore
 DisableConsumerApps
 DisableXboxFeatures
+DisableAdobeFlash
 UninstallMediaPlayer
 UninstallWorkFolders
 InstallLinuxSubsystem

test/Win10-RestoreAll.bat

@@ -1,3 +1,3 @@
 @ECHO OFF
 
-powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0..\Win10.ps1" -preset "%~dp0Win10-RestoreAll.preset"
+powershell.exe -NoProfile -ExecutionPolicy Bypass -File "..\Win10.ps1" -preset "Win10-RestoreAll.preset"

test/Win10-RestoreAll.preset

@@ -21,7 +21,7 @@ EnableWAPPush
 SetUACHigh
 DisableSharingMappedDrives
 EnableAdminShares
-EnableSMB1
+# EnableSMB1
 SetCurrentNetworkPublic
 SetUnknownNetworksPublic
 EnableFirewall
@@ -30,6 +30,7 @@ EnableUpdateMSRT
 EnableUpdateDriver
 EnableUpdateRestart
 EnableHomeGroups
+EnableSharedExperiences
 EnableRemoteAssistance
 DisableRemoteDesktop
 EnableAutoplay
@@ -68,6 +69,7 @@ ShowDownloadsInThisPC
 ShowMusicInThisPC
 ShowPicturesInThisPC
 ShowVideosInThisPC
+Show3DObjectsInThisPC
 SetVisualFXAppearance
 EnableThumbnails
 EnableThumbsDB
@@ -81,6 +83,7 @@ InstallThirdPartyBloat
 InstallWindowsStore
 EnableConsumerApps
 EnableXboxFeatures
+EnableAdobeFlash
 InstallMediaPlayer
 InstallWorkFolders
 UninstallLinuxSubsystem

test/WinServer2016-ApplyAll.bat

@@ -1,3 +1,3 @@
 @ECHO OFF
 
-powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0..\Win10.ps1" -preset "%~dp0WinServer2016-ApplyAll.preset"
+powershell.exe -NoProfile -ExecutionPolicy Bypass -File "..\Win10.ps1" -preset "WinServer2016-ApplyAll.preset"

test/WinServer2016-ApplyAll.preset

@@ -18,7 +18,7 @@ DisableAutoLogger
 DisableDiagTrack
 DisableWAPPush
 
-SetUACHigh
+SetUACLow
 EnableSharingMappedDrives
 DisableAdminShares
 DisableSMB1
@@ -30,6 +30,7 @@ DisableUpdateMSRT
 DisableUpdateDriver
 DisableUpdateRestart
 # DisableHomeGroups
+# DisableSharedExperiences
 # DisableRemoteAssistance
 EnableRemoteDesktop
 DisableAutoplay
@@ -68,6 +69,7 @@ HideDownloadsFromThisPC
 HideMusicFromThisPC
 HidePicturesFromThisPC
 HideVideosFromThisPC
+Hide3DObjectsFromThisPC
 SetVisualFXPerformance
 DisableThumbnails
 DisableThumbsDB
@@ -81,6 +83,7 @@ UninstallThirdPartyBloat
 UninstallWindowsStore
 DisableConsumerApps
 DisableXboxFeatures
+DisableAdobeFlash
 UninstallMediaPlayer
 # UninstallWorkFolders
 # InstallLinuxSubsystem

test/WinServer2016-RestoreAll.bat

@@ -1,3 +1,3 @@
 @ECHO OFF
 
-powershell.exe -NoProfile -ExecutionPolicy Bypass -File "%~dp0..\Win10.ps1" -preset "%~dp0WinServer2016-RestoreAll.preset"
+powershell.exe -NoProfile -ExecutionPolicy Bypass -File "..\Win10.ps1" -preset "WinServer2016-RestoreAll.preset"

test/WinServer2016-RestoreAll.preset

@@ -30,6 +30,7 @@ EnableUpdateMSRT
 EnableUpdateDriver
 EnableUpdateRestart
 # EnableHomeGroups
+# EnableSharedExperiences
 # EnableRemoteAssistance
 DisableRemoteDesktop
 EnableAutoplay
@@ -68,6 +69,7 @@ ShowDownloadsInThisPC
 ShowMusicInThisPC
 ShowPicturesInThisPC
 ShowVideosInThisPC
+Show3DObjectsInThisPC
 SetVisualFXAppearance
 EnableThumbnails
 EnableThumbsDB
@@ -81,6 +83,7 @@ InstallThirdPartyBloat
 InstallWindowsStore
 EnableConsumerApps
 EnableXboxFeatures
+EnableAdobeFlash
 InstallMediaPlayer
 # InstallWorkFolders
 # UninstallLinuxSubsystem