Move some things around for a new version

README.md

@@ -9,22 +9,16 @@ Code located in the `master` branch is under development (for now).
 
 - [Download [zip]](https://github.com/W4RH4WK/Debloat-Windows-10/archive/master.zip)
 
-## Description
+## Execution
 
-Windows 10 comes with a whole bunch features most (power-)user do not use /
+Enable execution of PowerShell scripts:
-want. Therefore the scripts provided should help getting rid of them easily.
-
-I try to keep sensible defaults for all scripts but you'll be better of editing
-them before execution to fit your personal needs. Don't forget to run them with
-administrative privileges and have Powershell execution policy set to
-`Unrestricted`.
 
     PS> Set-ExecutionPolicy Unrestricted
 
-Alternatively you can run the script as an argument to Powershell with
+Unblock PowerShell scripts and modules within this directory:
-execution policy set to bypass.
 
-    C:\> PowerShell.exe -ExecutionPolicy Bypass -File script-file.ps1
+    PS > ls -Recurse *.ps1 | Unblock-File
+    PS > ls -Recurse *.psm1 | Unblock-File
 
 I develop those scripts on a Windows 10 Professional 64-Bit virtual machine.
 Please let me know if you encounter any issues with other Windows 10 versions.
@@ -33,13 +27,8 @@ Please let me know if you encounter any issues with other Windows 10 versions.
 
 1. Install all available updates for your system.
 2. Edit the scripts to fit your need.
-3. Run the edited scripts (recommended order)
+3. Run the scripts 
-    1. `fix-privacy-settings.ps1`
+4. `PS > Restart-Computer`
-    2. `disable-scheduled-tasks.ps1`
-    3. `disable-windows-features.ps1`
-    4. `disable-services.ps1`
-    5. ...
-4. Reboot!
 
 ## Interactivity
 

scripts/block-telemetry.ps1

@@ -2,51 +2,108 @@
 # This script blocks telemetry related domains via the hosts file and related
 # IPs via Windows Firewall.
 
+echo "Disabling telemetry via Group Policies"
+mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
+sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0
+
 echo "Adding telemetry domains to hosts file"
 $hosts_file = "$env:systemroot\System32\drivers\etc\hosts"
 $domains = @(
     "a-0001.a-msedge.net"
+    "a-0002.a-msedge.net"
+    "a-0003.a-msedge.net"
+    "a-0004.a-msedge.net"
+    "a-0005.a-msedge.net"
+    "a-0006.a-msedge.net"
+    "a-0007.a-msedge.net"
+    "a-0008.a-msedge.net"
+    "a-0009.a-msedge.net"
     "a1621.g.akamai.net"
     "a1856.g2.akamai.net"
     "a1961.g.akamai.net"
     "a248.e.akamai.net"
     "a978.i6g1.akamai.net"
+    "a.ads1.msn.com"
+    "a.ads2.msads.net"
+    "a.ads2.msn.com"
+    "ac3.msn.com"
+    "ad.doubleclick.net"
+    "adnexus.net"
+    "adnxs.com"
+    "ads1.msads.net"
+    "ads1.msn.com"
+    "ads.msn.com"
+    "aidps.atdmt.com"
+    "aka-cdn-ns.adtech.de"
+    "a-msedge.net"
     "any.edge.bing.com"
+    "a.rad.msn.com"
+    "az361816.vo.msecnd.net"
+    "az512334.vo.msecnd.net"
+    "b.ads1.msn.com"
+    "b.ads2.msads.net"
     "bingads.microsoft.com"
+    "b.rad.msn.com"
+    "bs.serving-sys.com"
+    "c.atdmt.com"
+    "cdn.atdmt.com"
+    "cds26.ams9.msecn.net"
     "choice.microsoft.com"
     "choice.microsoft.com.nsatc.net"
+    "c.msn.com"
     "compatexchange.cloudapp.net"
-    "corp.sts.microsoft.com"
     "corpext.msitadfs.glbdns2.microsoft.com"
+    "corp.sts.microsoft.com"
     "cs1.wpc.v0cdn.net"
+    "db3aqu.atdmt.com"
     "df.telemetry.microsoft.com"
     "diagnostics.support.microsoft.com"
     "e2835.dspb.akamaiedge.net"
     "e7341.g.akamaiedge.net"
     "e7502.ce.akamaiedge.net"
     "e8218.ce.akamaiedge.net"
+    "ec.atdmt.com"
     "fe2.update.microsoft.com.akadns.net"
     "feedback.microsoft-hohm.com"
     "feedback.search.microsoft.com"
     "feedback.windows.com"
+    "flex.msn.com"
+    "g.msn.com"
+    "h1.msn.com"
     "h2.msn.com"
     "hostedocsp.globalsign.com"
     "i1.services.social.microsoft.com"
     "i1.services.social.microsoft.com.nsatc.net"
     "ipv6.msftncsi.com"
     "ipv6.msftncsi.com.edgesuite.net"
+    "lb1.www.ms.akadns.net"
+    "live.rads.msn.com"
+    "m.adnxs.com"
+    "msedge.net"
+    "msftncsi.com"
+    "msnbot-65-55-108-23.search.msn.com"
+    "msntest.serving-sys.com"
     "oca.telemetry.microsoft.com"
     "oca.telemetry.microsoft.com.nsatc.net"
     "onesettings-db5.metron.live.nsatc.net"
     "pre.footprintpredict.com"
+    "preview.msn.com"
+    "rad.live.com"
+    "rad.msn.com"
     "redir.metaservices.microsoft.com"
     "reports.wes.df.telemetry.microsoft.com"
+    "schemas.microsoft.akadns.net"
+    "secure.adnxs.com"
+    "secure.flashtalking.com"
     "services.wes.df.telemetry.microsoft.com"
     "settings-sandbox.data.microsoft.com"
+    "settings-win.data.microsoft.com"
     "sls.update.microsoft.com.akadns.net"
     "sqm.df.telemetry.microsoft.com"
     "sqm.telemetry.microsoft.com"
     "sqm.telemetry.microsoft.com.nsatc.net"
+    "ssw.live.com"
+    "static.2mdn.net"
     "statsfe1.ws.microsoft.com"
     "statsfe2.update.microsoft.com.akadns.net"
     "statsfe2.ws.microsoft.com"
@@ -57,9 +114,11 @@ $domains = @(
     "telemetry.appex.bing.net:443"
     "telemetry.microsoft.com"
     "telemetry.urs.microsoft.com"
+    "vortex-bn2.metron.live.com.nsatc.net"
+    "vortex-cy2.metron.live.com.nsatc.net"
+    "vortex.data.microsoft.com"
     "vortex-sandbox.data.microsoft.com"
     "vortex-win.data.microsoft.com"
-    "vortex.data.microsoft.com"
     "watson.live.com"
     "watson.microsoft.com"
     "watson.ppe.telemetry.microsoft.com"
@@ -69,6 +128,24 @@ $domains = @(
     "win10.ipv6.microsoft.com"
     "www.bingads.microsoft.com"
     "www.go.microsoft.akadns.net"
+    "www.msftncsi.com"
+
+    # extra
+    "fe2.update.microsoft.com.akadns.net"
+    "s0.2mdn.net"
+    "statsfe2.update.microsoft.com.akadns.net",
+    "survey.watson.microsoft.com"
+    "view.atdmt.com"
+    "watson.microsoft.com",
+    "watson.ppe.telemetry.microsoft.com"
+    "watson.telemetry.microsoft.com",
+    "watson.telemetry.microsoft.com.nsatc.net"
+    "wes.df.telemetry.microsoft.com"
+    "ui.skype.com",
+    "pricelist.skype.com"
+    "apps.skype.com"
+    "m.hotmail.com"
+    "s.gateway.messenger.live.com"
 )
 foreach ($domain in $domains) {
     if (-Not (Select-String -Path $hosts_file -Pattern $domain)) {
@@ -80,9 +157,13 @@ echo "Adding telemetry ips to firewall"
 $ips = @(
     "134.170.30.202"
     "137.116.81.24"
+    "157.56.106.189"
+    "2.22.61.43"
+    "2.22.61.66"
     "204.79.197.200"
     "23.218.212.69"
     "65.39.117.230"
+    "65.52.108.33"
     "65.55.108.23"
 )
 Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue

scripts/disable-windows-defender.ps1

@@ -0,0 +1,27 @@
+#   Description:
+# This script disables Windows Defender.
+
+$tasks = @(
+    "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"
+    "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup"
+    "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"
+    "\Microsoft\Windows\Windows Defender\Windows Defender Verification"
+)
+
+foreach ($task in $tasks) {
+    $parts = $task.split('\')
+    $name = $parts[-1]
+    $path = $parts[0..($parts.length-2)] -join '\'
+
+    Disable-ScheduledTask -TaskName "$name" -TaskPath "$path"
+}
+
+echo "Disabling Windows Defender via Group Policies"
+mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender"
+sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
+sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1
+mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection"
+sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1
+
+echo "Removing Windows Defender context menu item"
+si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" ""

scripts/disable-windows-features.ps1

@@ -1,42 +0,0 @@
-#   Description:
-# This script disables unwanted Windows features. If you do not want to
-# disable certain features comment out the corresponding lines below.
-
-echo "Disabling so-called Windows Features"
-$features = @(
-    "Internet-Explorer-Optional-amd64"
-    "MediaPlayback"
-    "WindowsMediaPlayer"
-    "WorkFolders-Client"
-)
-Disable-WindowsOptionalFeature -Online -NoRestart -FeatureName $features
-
-echo "Disabling Windows Defender via Group Policies"
-mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender"
-sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
-sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1
-mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection"
-sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1
-
-echo "Removing Windows Defender context menu item"
-si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" ""
-
-echo "Disable Notification Center"
-sp "HKLM:\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" UseActionCenterExperience 0
-
-echo "Disable startmenu search features"
-mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\Windows Search"
-sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowCortana 0
-sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" DisableWebSearch 1
-sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowSearchToUseLocation 0
-sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" ConnectedSearchUseWeb 0
-
-echo "Disabling telemetry via Group Policies"
-mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
-sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0
-
-#echo "Disable AutoRun"
-#mkdir -Force "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
-#sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" "NoDriveTypeAutoRun" 0xff
-#mkdir -Force "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
-#sp "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" "NoDriveTypeAutoRun" 0xff

scripts/optimize-input.ps1

@@ -1,22 +0,0 @@
-#   Description
-# This script will apply MarkC's mouse acceleration fix (for 100% DPI) and
-# disable some accessibility features regarding keyboard input.
-
-echo "Apply MarkC's mouse acceleration fix"
-sp "HKCU:\Control Panel\Mouse" "MouseSensitivity" "10"
-sp "HKCU:\Control Panel\Mouse" "MouseSpeed" "0"
-sp "HKCU:\Control Panel\Mouse" "MouseThreshold1" "0"
-sp "HKCU:\Control Panel\Mouse" "MouseThreshold2" "0"
-sp "HKCU:\Control Panel\Mouse" "SmoothMouseXCurve" ([byte[]](0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0xCC, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x80, 0x99, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x66, 0x26, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x33, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00))
-sp "HKCU:\Control Panel\Mouse" "SmoothMouseYCurve" ([byte[]](0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xA8, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00))
-
-echo "Disable easy access keyboard stuff"
-sp "HKCU:\Control Panel\Accessibility\StickyKeys" "Flags" "506"
-sp "HKCU:\Control Panel\Accessibility\Keyboard Response" "Flags" "122"
-sp "HKCU:\Control Panel\Accessibility\ToggleKeys" "Flags" "58"

scripts/optimize-user-interface.ps1

@@ -1,11 +1,36 @@
-#   Description:
+#   Description
-# This script will do optimizations on the Windows 10 user interface.
+# This script will apply MarkC's mouse acceleration fix (for 100% DPI) and
+# disable some accessibility features regarding keyboard input.  Additional
+# some UI elements will be changed.
 
 Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
 
 echo "Elevating priviledges for this process"
 do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
 
+echo "Apply MarkC's mouse acceleration fix"
+sp "HKCU:\Control Panel\Mouse" "MouseSensitivity" "10"
+sp "HKCU:\Control Panel\Mouse" "MouseSpeed" "0"
+sp "HKCU:\Control Panel\Mouse" "MouseThreshold1" "0"
+sp "HKCU:\Control Panel\Mouse" "MouseThreshold2" "0"
+sp "HKCU:\Control Panel\Mouse" "SmoothMouseXCurve" ([byte[]](0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0xCC, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x80, 0x99, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x66, 0x26, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x33, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00))
+sp "HKCU:\Control Panel\Mouse" "SmoothMouseYCurve" ([byte[]](0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xA8, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00))
+
+echo "Disable mouse pointer hiding"
+sp "HKCU:\Control Panel\Desktop" "UserPreferencesMask" ([byte[]](0x9e,
+0x1e, 0x06, 0x80, 0x12, 0x00, 0x00, 0x00))
+
+echo "Disable easy access keyboard stuff"
+sp "HKCU:\Control Panel\Accessibility\StickyKeys" "Flags" "506"
+sp "HKCU:\Control Panel\Accessibility\Keyboard Response" "Flags" "122"
+sp "HKCU:\Control Panel\Accessibility\ToggleKeys" "Flags" "58"
+
 echo "Restoring old volume slider"
 mkdir -Force "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\MTCUVC"
 sp "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\MTCUVC" "EnableMtcUvc" 0
@@ -64,12 +89,25 @@ echo "Disabling new lock screen"
 mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization"
 sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" "NoLockScreen" 1
 
-echo "Disabling tile push notification"
+echo "Disable startmenu search features"
-mkdir -Force "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications"
+mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\Windows Search"
-sp "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" "NoTileApplicationNotification" 1
+sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowCortana 0
+sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" DisableWebSearch 1
+sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowSearchToUseLocation 0
+sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" ConnectedSearchUseWeb 0
+
+echo "Disable AutoRun"
+mkdir -Force "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
+sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" "NoDriveTypeAutoRun" 0xff
+mkdir -Force "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
+sp "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" "NoDriveTypeAutoRun" 0xff
+
+#echo "Disabling tile push notification"
+#mkdir -Force "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications"
+#sp "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" "NoTileApplicationNotification" 1
 
 #echo "Disabling screen saver"
 #sp "HKCU:\Control Panel\Desktop\" "ScreenSaveActive" "0"
 
-echo "Use legacy advanced boot menu"
+#echo "Use legacy advanced boot menu"
-bcdedit.exe /set `{current`} bootmenupolicy Legacy
+#bcdedit.exe /set `{current`} bootmenupolicy Legacy

scripts/remove-default-apps.ps1

@@ -66,39 +66,3 @@ foreach ($app in $apps) {
         where DisplayName -EQ $app |
         Remove-AppxProvisionedPackage -Online
 }
-
-echo "Force removing system apps"
-$needles = @(
-    #"Anytime"
-    "BioEnrollment"
-    #"Browser"
-    "ContactSupport"
-    #"Cortana"       # This will disable startmenu search.
-    #"Defender"
-    "Feedback"
-    "Flash"
-    "Gaming"
-    #"InternetExplorer"
-    #"Maps"
-    "OneDrive"
-    #"Wallet"
-    #"Xbox"          # This will result in a bootloop since upgrade 1511
-)
-
-foreach ($needle in $needles) {
-    $pkgs = (ls "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" |
-        where Name -Like "*$needle*")
-
-    foreach ($pkg in $pkgs) {
-        $pkgname = $pkg.Name.split('\')[-1]
-
-        Takeown-Registry($pkg.Name)
-        Takeown-Registry($pkg.Name + "\Owners")
-
-        Set-ItemProperty -Path ("HKLM:" + $pkg.Name.Substring(18)) -Name Visibility -Value 1
-        New-ItemProperty -Path ("HKLM:" + $pkg.Name.Substring(18)) -Name DefVis -PropertyType DWord -Value 2
-        Remove-Item      -Path ("HKLM:" + $pkg.Name.Substring(18) + "\Owners")
-
-        dism.exe /Online /Remove-Package /PackageName:$pkgname /NoRestart
-    }
-}

utils/add-run-with-powershell-as-administrator.reg

@@ -1,4 +0,0 @@
-Windows Registry Editor Version 5.00
-
-[HKEY_CLASSES_ROOT\Microsoft.PowerShellScript.1\Shell\RunAs\Command]
-@="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" \"%1\""

utils/pre-post-export.bat

@@ -1,13 +0,0 @@
-@echo off
-
-echo "Start Exporting Pre State"
-regedit.exe /e "%USERPROFILE%\Desktop\pre_hklm.reg" "HKEY_LOCAL_MACHINE"
-regedit.exe /e "%USERPROFILE%\Desktop\pre_hkcu.reg" "HKEY_CURRENT_USER"
-echo "Done Exporting Pre State"
-
-pause
-
-echo "Start Exporting Post State"
-regedit.exe /e "%USERPROFILE%\Desktop\post_hklm.reg" "HKEY_LOCAL_MACHINE"
-regedit.exe /e "%USERPROFILE%\Desktop\post_hkcu.reg" "HKEY_CURRENT_USER"
-echo "Done Exporting Post State"

utils/remove-run-with-powershell-as-administrator.reg

@@ -1,3 +0,0 @@
-Windows Registry Editor Version 5.00
-
-[-HKEY_CLASSES_ROOT\Microsoft.PowerShellScript.1\Shell\RunAs]

utils/run-cleanup.bat

@@ -1,3 +0,0 @@
-@echo off
-
-cleanmgr /sageset:1 && cleanmgr /sagerun:1