|
@ -11,302 +11,88 @@ echo "Defuse Windows search settings" |
|
|
Set-WindowsSearchSetting -EnableWebResultsSetting $false |
|
|
Set-WindowsSearchSetting -EnableWebResultsSetting $false |
|
|
|
|
|
|
|
|
echo "Set general privacy options" |
|
|
echo "Set general privacy options" |
|
|
Import-Registry(@" |
|
|
sp "HKCU:\Control Panel\International\User Profile" "HttpAcceptLanguageOptOut" 1 |
|
|
[HKEY_CURRENT_USER\Control Panel\International\User Profile] |
|
|
sp "HKCU:\Printers\Defaults" "NetID" "{00000000-0000-0000-0000-000000000000}" |
|
|
"HttpAcceptLanguageOptOut"=dword:00000001 |
|
|
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Input\TIPC" |
|
|
|
|
|
sp "HKCU:\SOFTWARE\Microsoft\Input\TIPC" "Enabled" 0 |
|
|
[HKEY_CURRENT_USER\Printers\Defaults] |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" "Enabled" 0 |
|
|
"NetID"="{00000000-0000-0000-0000-000000000000}" |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" "EnableWebContentEvaluation" 0 |
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Input] |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Input\TIPC] |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo] |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost] |
|
|
|
|
|
"EnableWebContentEvaluation"=dword:00000000 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Disable synchronisation of settings" |
|
|
echo "Disable synchronisation of settings" |
|
|
Import-Registry(@" |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "BackupPolicy" 0x3c |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync] |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "DeviceMetadataUploaded" 0 |
|
|
"BackupPolicy"=dword:0000003c |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" "PriorLogons" 1 |
|
|
"DeviceMetadataUploaded"=dword:00000000 |
|
|
$groups = @( |
|
|
"SettingsVersion"=dword:00000001 |
|
|
"Accessibility" |
|
|
"PriorLogons"=dword:00000001 |
|
|
"AppSync" |
|
|
|
|
|
"BrowserSettings" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups] |
|
|
"Credentials" |
|
|
|
|
|
"DesktopTheme" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Accessibility] |
|
|
"Language" |
|
|
"SettingsVersion"=dword:00000003 |
|
|
"PackageState" |
|
|
"Enabled"=dword:00000000 |
|
|
"Personalization" |
|
|
|
|
|
"StartLayout" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\AppSync] |
|
|
"Windows" |
|
|
"Enabled"=dword:00000000 |
|
|
) |
|
|
"SettingsVersion"=dword:00000003 |
|
|
foreach ($group in $groups) { |
|
|
|
|
|
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\BrowserSettings] |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\$group" "Enabled" 0 |
|
|
"SettingsVersion"=dword:00000003 |
|
|
} |
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials] |
|
|
|
|
|
"SettingsVersion"=dword:00000003 |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\DesktopTheme] |
|
|
|
|
|
"SettingsVersion"=dword:00000003 |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language] |
|
|
|
|
|
"SettingsVersion"=dword:00000003 |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\PackageState] |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
"SettingsVersion"=dword:00000003 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Personalization] |
|
|
|
|
|
"SettingsVersion"=dword:00000003 |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\StartLayout] |
|
|
|
|
|
"SettingsVersion"=dword:00000003 |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Windows] |
|
|
|
|
|
"SettingsVersion"=dword:00000003 |
|
|
|
|
|
"Enabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData] |
|
|
|
|
|
"LastBackgroundUpload"=hex:aa,4f,9c,80,e0,cd,d0,01 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Set privacy policy accepted state to 0" |
|
|
echo "Set privacy policy accepted state to 0" |
|
|
Import-Registry(@" |
|
|
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Personalization] |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" "AcceptedPrivacyPolicy" 0 |
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Personalization\Settings] |
|
|
|
|
|
"AcceptedPrivacyPolicy"=dword:00000000 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Do not scan contact informations" |
|
|
echo "Do not scan contact informations" |
|
|
Import-Registry(@" |
|
|
mkdir -Force "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore] |
|
|
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" "HarvestContacts" 0 |
|
|
"HarvestContacts"=dword:00000000 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Inking and typing settings" |
|
|
echo "Inking and typing settings" |
|
|
Import-Registry(@" |
|
|
mkdir -Force "HKCU:\SOFTWARE\Microsoft\InputPersonalization" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\InputPersonalization] |
|
|
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization" "RestrictImplicitInkCollection" 1 |
|
|
"RestrictImplicitInkCollection"=dword:00000001 |
|
|
sp "HKCU:\SOFTWARE\Microsoft\InputPersonalization" "RestrictImplicitTextCollection" 1 |
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\InputPersonalization] |
|
|
|
|
|
"RestrictImplicitTextCollection"=dword:00000001 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Microsoft Edge settings" |
|
|
echo "Microsoft Edge settings" |
|
|
Import-Registry(@" |
|
|
mkdir -Force "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main] |
|
|
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" "DoNotTrack" 1 |
|
|
"DoNotTrack"=dword:00000001 |
|
|
mkdir -Force "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes" |
|
|
|
|
|
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes" "ShowSearchSuggestionsGlobal" 0 |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes] |
|
|
mkdir -Force "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead" |
|
|
"ShowSearchSuggestionsGlobal"=dword:00000000 |
|
|
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead" "FPEnabled" 0 |
|
|
|
|
|
mkdir -Force "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead] |
|
|
sp "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" "EnabledV9" 0 |
|
|
"FPEnabled"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter] |
|
|
|
|
|
"EnabledV9"=dword:00000000 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Disable background access of default apps" |
|
|
echo "Disable background access of default apps" |
|
|
Import-Registry(@" |
|
|
foreach ($key in (ls "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications")) { |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Office.OneNote_17.4229.10061.0_x64__8wekyb3d8bbwe] |
|
|
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\" + $key.PSChildName) "Disabled" 1 |
|
|
"Disabled"=dword:00000001 |
|
|
} |
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.People_1.10241.0.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy\Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.Photos_15.721.12350.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.Photos_15.803.16240.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\microsoft.windowscommunicationsapps_17.6020.42011.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.WindowsMaps_4.1506.50715.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.WindowsPhone_10.1507.17010.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.WindowsStore_2015.8.3.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.WindowsStore_2015.8.3.0_x64__8wekyb3d8bbwe\Microsoft.WindowsStore_8wekyb3d8bbwe!App] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.XboxApp_7.7.29027.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.ZuneMusic_3.6.12101.0_x64__8wekyb3d8bbwe] |
|
|
|
|
|
"Disabled"=dword:00000001 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Denying device access" |
|
|
echo "Denying device access" |
|
|
Import-Registry(@" |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "Type" "LooselyCoupled" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess] |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "Value" "Deny" |
|
|
|
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" "InitialAppValue" "Unspecified" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global] |
|
|
foreach ($key in (ls "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global")) { |
|
|
|
|
|
if ($key.PSChildName -EQ "LooselyCoupled") { |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled] |
|
|
continue |
|
|
"Type"="LooselyCoupled" |
|
|
} |
|
|
"Value"="Deny" |
|
|
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "Type" "InterfaceClass" |
|
|
"InitialAppValue"="Unspecified" |
|
|
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "Value" "Deny" |
|
|
|
|
|
sp ("HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\" + $key.PSChildName) "InitialAppValue" "Unspecified" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{021fd406-b019-4de8-887d-2f202792af23}] |
|
|
} |
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{0B9F1048-B94B-DC9A-4ED7-FE4FED3A0DEB}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{21157C1F-2651-4CC1-90CA-1F28B02263F6}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{6ac27878-a6fa-4155-ba85-f98f491d4f33}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{7D7E8402-7C54-4821-A34E-AEEFD62DED93}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{9D9E0118-1807-4F2E-96E4-2CE57142E196}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{B19F89AF-E3EB-444B-8DEA-202575A71599}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E83AF229-8640-4D18-A213-E22675EBB2C3}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{F9020CFE-86CE-4D92-9D32-22E537847CF9}] |
|
|
|
|
|
"Type"="InterfaceClass" |
|
|
|
|
|
"Value"="Deny" |
|
|
|
|
|
"InitialAppValue"="Unspecified" |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Disable location sensor" |
|
|
echo "Disable location sensor" |
|
|
Import-Registry(@" |
|
|
mkdir -Force "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" |
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor] |
|
|
sp "HKCU:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" "SensorPermissionState" 0 |
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions] |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}] |
|
|
|
|
|
"SensorPermissionState"=dword:00000000 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Disable submission of Windows Defender findings (w/ elevated privileges)" |
|
|
echo "Disable submission of Windows Defender findings (w/ elevated privileges)" |
|
|
Takeown-Registry("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet") |
|
|
Takeown-Registry("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet") |
|
|
Import-Registry(@" |
|
|
sp "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SpyNetReporting" 0 |
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet] |
|
|
sp "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SubmitSamplesConsent" 0 |
|
|
"SpyNetReporting"=dword:00000000 |
|
|
|
|
|
"SubmitSamplesConsent"=dword:00000000 |
|
|
|
|
|
"@) |
|
|
|
|
|
|
|
|
|
|
|
echo "Do not share wifi networks" |
|
|
echo "Do not share wifi networks" |
|
|
$user = New-Object System.Security.Principal.NTAccount($env:UserName) |
|
|
$user = New-Object System.Security.Principal.NTAccount($env:UserName) |
|
|
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier]).value |
|
|
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier]).value |
|
|
Import-Registry(@" |
|
|
mkdir -Force ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) |
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\$sid] |
|
|
sp ("HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\" + $sid) "FeatureStates" 0x33c |
|
|
"FeatureStates"=dword:0000033c |
|
|
sp "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseCredShared" 0 |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseOpen" 0 |
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features] |
|
|
|
|
|
"WiFiSenseCredShared"=dword:00000000 |
|
|
|
|
|
|
|
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features] |
|
|
|
|
|
"WiFiSenseOpen"=dword:00000000 |
|
|
|
|
|
"@) |
|
|
|
|
|