####################################################################################################################### # # Win10 Initial Setup Script # Author: Disassembler # Version: 1.4.1, 2018-02-15 # http://pastebin.com/gQxCUkLP # Modified: Casey Gray, 2016-04-27 # Modified: SecureInfo.eu, 2018-02-15 # ## # Script Execution must be enabled # Ask for elevated permissions if required If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs Exit } ####################################################################################################################### # # Privacy Settings # ## # # Disable Telemetry # Write-Host "Disabling Telemetry..." Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 # # Disable Wi-Fi Sense # Write-Host "Disabling Wi-Fi Sense..." If (!(Test-Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) { New-Item -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null } Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0 # # Disable Wi-Fi network sharing (just to be safer) # Write-Host "Disabling Wi-Fi network sharing..." $user = New-Object System.Security.Principal.NTAccount($env:UserName) $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]).value New-Item -Path ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) -Force | Out-Null Set-ItemProperty -Path ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) -Name "FeatureStates" -Type DWord -Value 0x33c Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name "WiFiSenseCredShared" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name "WiFiSenseOpen" -Type DWord -Value 0 # # Disable Bing Search in Start Menu # Write-Host "Disabling Bing Search in Start Menu..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0 # # Disable Location Tracking # Write-Host "Disabling Location Tracking..." Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0 # # Disable Feedback # Write-Host "Disabling Feedback..." If (!(Test-Path "HKCU:\Software\Microsoft\Siuf\Rules")) { New-Item -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0 # # Disable Advertising ID # Write-Host "Disabling Advertising ID..." If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0 # # Disable Send Microsoft info about how ... # If (!(Test-Path "HKCU:\Software\Microsoft\Input\TIPC")) { New-Item -Path "HKCU:\Software\Microsoft\Input\TIPC" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name "Enabled" -Type DWord -Value 0 # # Disable Let website provide # If (!(Test-Path "HKCU:\Control Panel\International\User Profile")) { New-Item -Path "HKCU:\Control Panel\International\User Profile" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Control Panel\International\User Profile" -Name "HttpAcceptLanguageOptOut" -Type DWord -Value 0 # # Disable settings sync # Write-Host "Disabling synchronisation of settings" Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "BackupPolicy" -Type DWord -Value 0x3c Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "DeviceMetadataUploaded" -Type DWord -Value 0 Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" -Name "PriorLogons" -Type DWord -Value 1 $groups = @( "Accessibility" "AppSync" "BrowserSettings" "Credentials" "DesktopTheme" "Language" "PackageState" "Personalization" "StartLayout" "Windows" ) foreach ($group in $groups) { If (!(Test-Path -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group")) { New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" -Name "Enabled" -Type DWord -Value 0 } # # Disable Cortana # Write-Host "Disabling Cortana..." If (!(Test-Path "HKCU:\Software\Microsoft\Personalization\Settings")) { New-Item -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization")) { New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) { New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 # # Disable Windows Search features # Write-Host "Disabling Start Menu search features" if (!(Test-Path -Path "HKLM:\Software\Policies\Microsoft\Windows\Windows Search")) { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null } Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "AllowCortana" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "DisableWebSearch" -Type DWord -Value 1 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "AllowSearchToUseLocation" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" -Name "ConnectedSearchUseWeb" -Type DWord -Value 0 # # Restrict Windows Update P2P only to local network # Write-Host "Restricting Windows Update P2P only to local network..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1 If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3 # # Remove AutoLogger file and restrict directory # Write-Host "Removing AutoLogger file and restricting directory..." $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger" If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") { Remove-Item "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl" } icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null # # Stop and disable Diagnostics Tracking Service # Write-Host "Stopping and disabling Diagnostics Tracking Service..." Stop-Service "DiagTrack" Set-Service "DiagTrack" -StartupType Disabled # # Stop and disable WAP Push Service # Write-Host "Stopping and disabling WAP Push Service..." Stop-Service "dmwappushservice" Set-Service "dmwappushservice" -StartupType Disabled # # Disable device access # Write-Host "Disabling device access..." foreach ($key in (Get-ChildItem -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\")) { Set-ItemProperty -Path ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) -Name "Value" -Type String -Value "Deny" } # # Disable content delivery manager # http://winaero.com/blog/stop-windows-10-anniversary-update-from-installing-candy-crush-and-other-unwanted-apps/ # Write-Host "Disabling Content Delivery Manager" If ((Test-Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager")) { Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SilentInstalledAppsEnabled" -Type DWord -Value 0 } ########## # Service Tweaks ########## # # Disable Windows Update automatic restart # Write-Host "Disabling Windows Update automatic restart..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 1 # # Stop and disable Home Groups services # Write-Host "Stopping and disabling Home Groups services..." Stop-Service "HomeGroupListener" Set-Service "HomeGroupListener" -StartupType Disabled Stop-Service "HomeGroupProvider" Set-Service "HomeGroupProvider" -StartupType Disabled # Enable Remote Assistance # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 1 # Enable Remote Desktop w/o Network Level Authentication # Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 ####################################################################################################################### # # UI Tweaks # ## # # Disable Sticky keys prompt # Write-Host "Disabling Sticky keys prompt..." Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506" # # Change default Explorer view to "Computer" # Write-Host "Changing default Explorer view to `"Computer`"..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1 # # Disable Autoplay # Write-Host "Disabling Autoplay..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1 # # Disable Autorun for all drives # Write-Host "Disabling Autorun for all drives..." If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255 # # Show known file extensions # Write-Host "Showing known file extensions..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0 # # Show hidden files # Write-Host "Showing hidden files..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1 # # Set Photo Viewer as default for bmp, gif, jpg and png # Write-Host "Setting Photo Viewer as default for bmp, gif, jpg, png and tif..." If (!(Test-Path "HKCR:")) { New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null } ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) { New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043" Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" } # # Show Photo Viewer in "Open with..." # Write-Host "Showing Photo Viewer in `"Open with...`"" If (!(Test-Path "HKCR:")) { New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null } New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043" Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" ####################################################################################################################### # # Remove unwanted applications # ## Write-Host "Uninstalling default apps" $apps = @( # default Windows 10 apps "Microsoft.3DBuilder" "Microsoft.Appconnector" "Microsoft.BingFinance" "Microsoft.BingNews" "Microsoft.BingSports" "Microsoft.BingWeather" "Microsoft.Getstarted" "Microsoft.MicrosoftOfficeHub" "Microsoft.MicrosoftSolitaireCollection" "Microsoft.Office.OneNote" "Microsoft.People" "Microsoft.SkypeApp" #"Microsoft.Windows.Photos" "Microsoft.WindowsAlarms" #"Microsoft.WindowsCalculator" "Microsoft.WindowsCamera" "Microsoft.WindowsMaps" "Microsoft.WindowsPhone" "Microsoft.WindowsSoundRecorder" #"Microsoft.WindowsStore" "Microsoft.XboxApp" "Microsoft.ZuneMusic" "Microsoft.ZuneVideo" "microsoft.windowscommunicationsapps" "Microsoft.MinecraftUWP" # Threshold 2 apps "Microsoft.CommsPhone" "Microsoft.ConnectivityStore" "Microsoft.Messaging" "Microsoft.Office.Sway" # non-Microsoft "9E2F88E3.Twitter" "Flipboard.Flipboard" "ShazamEntertainmentLtd.Shazam" "king.com.CandyCrushSodaSaga" "ClearChannelRadioDigital.iHeartRadio" ) foreach ($app in $apps) { $package = Get-AppxPackage -Name $app -AllUsers -ErrorAction SilentlyContinue if ($package) { Remove-AppxPackage -Package $package.PackageFullName Get-AppXProvisionedPackage -Online | where DisplayName -EQ $app |` Remove-AppxProvisionedPackage -Online } } ####################################################################################################################### # # Reboot # ## Write-Host Write-Host "Press any key to restart your system..." -ForegroundColor Black -BackgroundColor White $key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") Write-Host "Restarting..." Restart-Computer