Public-Mirrors
/
Debloat-Windows-10
mirror of https://github.com/W4RH4WK/Debloat-Windows-10
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

slightly adapt #2

pull/8/head
Alex Hirsch 9 years ago
parent
4fc197ae4e
commit
9bc9774f9d
6 changed files with 82 additions and 83 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 103
      lib/reg-helper.psm1
  2. 2
      scripts/disable-defender.ps1
  3. 2
      scripts/disable-telemetry.ps1
  4. 54
      scripts/fix-privacy-settings.ps1
  5. 2
      scripts/optimize-windows-update.ps1
  6. 2
      scripts/remove-onedrive.ps1

103
lib/reg-helper.psm1
View File

@ -1,28 +1,75 @@
function Import-Registry($reg) {
# add reg file hander
$reg = "Windows Registry Editor Version 5.00`r`n`r`n" + $reg
# store, import and remove reg file
$regfile = "$env:windir\Temp\registry.reg"
$reg | Out-File $regfile
Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
rm $regfile
}
function Takeown-Registry($key) {
# TODO works only for LocalMachine for now
$key = $key.substring(19)
# set owner
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows Defender\Spynet", "ReadWriteSubTree", "TakeOwnership")
$owner = [Security.Principal.NTAccount]"Administrators"
$acl = $key.GetAccessControl()
$acl.SetOwner($owner)
$key.SetAccessControl($acl)
# set FullControl
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
}
function Import-Registry($reg) {
# add reg file hander
$reg = "Windows Registry Editor Version 5.00`r`n`r`n" + $reg
# store, import and remove reg file
$regfile = "$env:windir\Temp\registry.reg"
$reg | Out-File $regfile
Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
rm $regfile
}
function Takeown-Registry($key) {
# TODO works only for LocalMachine for now
$key = $key.substring(19)
# set owner
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows Defender\Spynet", "ReadWriteSubTree", "TakeOwnership")
$owner = [Security.Principal.NTAccount]"Administrators"
$acl = $key.GetAccessControl()
$acl.SetOwner($owner)
$key.SetAccessControl($acl)
# set FullControl
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
}
function Elevate-Privileges {
param($Privilege)
$Definition = @"
using System;
using System.Runtime.InteropServices;
public class AdjPriv {
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
internal struct TokPriv1Luid {
public int Count;
public long Luid;
public int Attr;
}
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public static bool EnablePrivilege(long processHandle, string privilege) {
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = new IntPtr(processHandle);
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_ENABLED;
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
return retVal;
}
}
"@
$ProcessHandle = (Get-Process -id $pid).Handle
$type = Add-Type $definition -PassThru
$type[0]::EnablePrivilege($processHandle, $Privilege)
}

2
scripts/disable-defender.ps1
View File

@ -1,7 +1,7 @@
# Description:
# This script will disable Windows Defender via Group Policies.
Import-Module $PSScriptRoot\..\lib\reg-helper.psm1
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1
echo "Disabling Windows Defender"
Import-Registry(@"

2
scripts/disable-telemetry.ps1
View File

@ -2,7 +2,7 @@
# This script redirects telemetry related domains to your nowhere using the
# hosts file. Additionally telemetry is disallows via Group Policies.
Import-Module $PSScriptRoot\..\lib\reg-helper.psm1
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1
echo "Adding telemetry routes to hosts file"
$hosts = @"

54
scripts/fix-privacy-settings.ps1
View File

@ -2,58 +2,10 @@
# This script will try to fix many of the privacy settings for the user. This
# is work in progress!
Import-Module $PSScriptRoot\..\lib\reg-helper.psm1
function Enable-Privilege {
param($Privilege)
$Definition = @"
using System;
using System.Runtime.InteropServices;
public class AdjPriv {
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
internal struct TokPriv1Luid {
public int Count;
public long Luid;
public int Attr;
}
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public static bool EnablePrivilege(long processHandle, string privilege) {
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = new IntPtr(processHandle);
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_ENABLED;
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
return retVal;
}
}
"@
$ProcessHandle = (Get-Process -id $pid).Handle
$type = Add-Type $definition -PassThru
$type[0]::EnablePrivilege($processHandle, $Privilege)
}
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1
echo "Elevating priviledges for this process"
do {} until (Enable-Privilege SeTakeOwnershipPrivilege)
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
echo "Defuse Windows search settings"
Set-WindowsSearchSetting -EnableWebResultsSetting $false
@ -313,7 +265,7 @@ Import-Registry(@"
"SensorPermissionState"=dword:00000000
"@)
echo "Disable submission of Windows Defender findings"
echo "Disable submission of Windows Defender findings (w/ elevated privileges)"
Takeown-Registry("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet")
Import-Registry(@"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet]

2
scripts/optimize-windows-update.ps1
View File

@ -2,7 +2,7 @@
# This script optimizes Windows updates by disabling automatic download and
# seeding updates to other computers.
Import-Module $PSScriptRoot\..\lib\reg-helper.psm1
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1
echo "Disable automatic download and installation of Windows updates"
Import-Registry(@"

2
scripts/remove-onedrive.ps1
View File

@ -1,7 +1,7 @@
# Description:
# This script will remove and disable OneDrive integration.
Import-Module $PSScriptRoot\..\lib\reg-helper.psm1
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\reg-helper.psm1
echo "Kill OneDrive process"
taskkill.exe /F /IM "OneDrive.exe"

Write Preview
Loading…
Cancel
Save