########## # Win10 Initial Setup Script # Author: Disassembler # Version: 1.0, 2015-08-09 ########## If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { Write-Host "Please run the script as administrator." Exit } ########## # Privacy Settings ########## # Disable Telemetry Write-Host "Disabling Telemetry..." Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 # Disable Wi-Fi Sense Write-Host "Disabling Wi-Fi Sense..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0 # Disable SmartScreen Filter Write-Host "Disabling SmartScreen Filter..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "Off" Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -Type DWord -Value 0 # Disable Bing Search in Start Menu Write-Host "Disabling Bing Search in Start Menu..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0 # Disable Location Tracking Write-Host "Disabling Location Tracking..." Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "Value" -Type String -Value "Deny" If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}")) { New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0 # Disable Feedback Write-Host "Disabling Feedback..." If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules")) { New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0 # Disable Advertising ID Write-Host "Disabling Advertising ID..." If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0 # Disable Cortana Write-Host "Disabling Cortana..." If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings")) { New-Item -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "TrainedDataStore\HarvestContacts" -Type DWord -Value 0 # Restrict Windows Update P2P only to local network Write-Host "Restricting Windows Update P2P only to local network..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1 If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3 # Purge and restrict AutoLogger file Write-Host "Purging and restricting AutoLogger file..." $autoLoggerFile = [System.Environment]::ExpandEnvironmentVariables("%SYSTEMDRIVE%\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl") Out-File $autoLoggerFile icacls $autoLoggerFile /inheritance:r /deny SYSTEM:F | Out-Null # Stop and disable Diagnostics Tracking Service Write-Host "Stopping and disabling Diagnostics Tracking Service..." Stop-Service "DiagTrack" Set-Service "DiagTrack" -StartupType Disabled # Stop and disable WAP Push Service Write-Host "Stopping and disabling WAP Push Service..." Stop-Service "dmwappushservice" Set-Service "dmwappushservice" -StartupType Disabled ########## # Service Tweaks ########## # Lower UAC level Write-Host "Lowering UAC level..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Type DWord -Value 1 Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Type DWord -Value 0 # Enable sharing mapped drives between users Write-Host "Enabling sharing mapped drives between users..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLinkedConnections" -Type DWord -Value 1 # Disable Firewall Write-Host "Disabling Firewall..." Set-NetFirewallProfile -Profile * -Enabled False # Disable Windows Defender Write-Host "Disabling Windows Defender..." Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Type DWord -Value 1 # Disable Windows Update automatic restart Write-Host "Disabling Windows Update automatic restart..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 1 # Stop and disable Home Groups services Write-Host "Stopping and disabling Home Groups services..." Stop-Service "HomeGroupListener" Set-Service "HomeGroupListener" -StartupType Disabled Stop-Service "HomeGroupProvider" Set-Service "HomeGroupProvider" -StartupType Disabled # Disable Remote Assistance Write-Host "Disabling Remote Assistance..." Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0 # Enable Remote Desktop w/o Network Level Authentication Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 ########## # UI Tweaks ########## # Disable Action Center Write-Host "Disabling Action Center..." If (!(Test-Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer")) { New-Item -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1 Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0 # Disable Lock screen Write-Host "Disabling Lock screen..." If (!(Test-Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization")) { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" | Out-Null } Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" -Type DWord -Value 1 # Hide Search Box Write-Host "Hiding Search Box..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0 # Hide Task View button Write-Host "Hiding Task View button..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0 # Show all tray icons Write-Host "Showing all tray icons..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0 # Show known file extensions Write-Host "Showing known file extensions..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0 # Show hidden files Write-Host "Showing hidden files..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1 # Change default Explorer view to "Computer" Write-Host "Changing default Explorer view to `"Computer`"..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1 # Show Computer shortcut on desktop Write-Host "Showing Computer shortcut on desktop..." If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) { New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" | Out-Null } Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 # Remove Desktop icon from computer namespace Write-Host "Removing Desktop icon from computer namespace..." Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" -Recurse # Remove Documents icon from computer namespace Write-Host "Removing Documents icon from computer namespace..." Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" -Recurse Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" -Recurse # Remove Downloads icon from computer namespace Write-Host "Removing Downloads icon from computer namespace..." Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" -Recurse Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" -Recurse # Remove Music icon from computer namespace Write-Host "Removing Music icon from computer namespace..." Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" -Recurse Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" -Recurse # Remove Pictures icon from computer namespace Write-Host "Removing Pictures icon from computer namespace..." Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" -Recurse Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" -Recurse # Remove Videos icon from computer namespace Write-Host "Removing Videos icon from computer namespace..." Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" -Recurse Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" -Recurse # Add secondary en-US keyboard Write-Host "Adding secondary en-US keyboard..." $langs = Get-WinUserLanguageList $langs.Add("en-US") Set-WinUserLanguageList $langs -Force ########## # Remove unwanted applications ########## # Uninstall OneDrive Write-Host "Uninstalling OneDrive..." Stop-Process -Name OneDrive Start-Sleep -s 3 $onedrive = [System.Environment]::ExpandEnvironmentVariables("%SYSTEMROOT%\SysWOW64\OneDriveSetup.exe") If (!(Test-Path $onedrive)) { $onedrive = [System.Environment]::ExpandEnvironmentVariables("%SYSTEMROOT%\System32\OneDriveSetup.exe") } Start-Process $onedrive "/uninstall" -NoNewWindow -Wait Start-Sleep -s 3 Stop-Process -Name explorer Start-Sleep -s 3 Remove-Item ([System.Environment]::ExpandEnvironmentVariables("%USERPROFILE%\OneDrive")) -Force -Recurse | Out-Null Remove-Item ([System.Environment]::ExpandEnvironmentVariables("%LOCALAPPDATA%\Microsoft\OneDrive")) -Force -Recurse | Out-Null Remove-Item ([System.Environment]::ExpandEnvironmentVariables("%PROGRAMDATA%\Microsoft OneDrive")) -Force -Recurse | Out-Null If (Test-Path ([System.Environment]::ExpandEnvironmentVariables("%SYSTEMDRIVE%\OneDriveTemp"))) { Remove-Item ([System.Environment]::ExpandEnvironmentVariables("%SYSTEMDRIVE%\OneDriveTemp")) -Force -Recurse | Out-Null } New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null Remove-Item -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse Remove-Item -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse # Uninstall default Microsoft applications Write-Host "Uninstalling default Microsoft applications..." Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage Get-AppxPackage "Microsoft.Office.OneNote" | Remove-AppxPackage Get-AppxPackage "Microsoft.People" | Remove-AppxPackage Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage # Uninstall Windows Media Player Write-Host "Uninstalling Windows Media Player..." dism /online /Disable-Feature /FeatureName:MediaPlayback /Quiet /NoRestart # Uninstall Work Folders Client Write-Host "Uninstalling Work Folders Client..." dism /online /Disable-Feature /FeatureName:WorkFolders-Client /Quiet /NoRestart ########## # Restart ########## Write-Host "Restarting..." Restart-Computer