diff --git a/scripts/block-telemetry-domains.ps1 b/scripts/block-telemetry-domains.ps1 new file mode 100644 index 0000000..e36b4e8 --- /dev/null +++ b/scripts/block-telemetry-domains.ps1 @@ -0,0 +1,25 @@ +# Description: +# This script blocks telemetry related domains via the hosts file and related +# IPs via Windows Firewall. + +echo "Adding telemetry domains to hosts file" +$hosts = cat "$PSScriptRoot\..\res\telemetry-hosts.txt" +$hosts_file = "$env:systemroot\System32\drivers\etc\hosts" +[ipaddress[]] $ips = @() +foreach ($h in $hosts) { + try { + # store for next part + $ips += [ipaddress]$h + } catch [System.InvalidCastException] { + $contaisHost = Select-String -Path $hosts_file -Pattern $h + If (-Not $contaisHost) { + # can be redirected by hosts + echo "0.0.0.0 $h" | Out-File -Encoding ASCII -Append $hosts_file + } + } +} + +echo "Adding telemetry ips to firewall" +Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue +New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound ` + -Action Block -RemoteAddress ([string[]]$ips) diff --git a/scripts/disable-windows-features.ps1 b/scripts/disable-windows-features.ps1 index cda666b..8ddbb47 100644 --- a/scripts/disable-windows-features.ps1 +++ b/scripts/disable-windows-features.ps1 @@ -41,27 +41,6 @@ foreach ($_ in (0..15)) { } } -echo "Adding telemetry domains to hosts file" -$hosts = cat "$PSScriptRoot\..\res\telemetry-hosts.txt" -$hosts_file = "$env:systemroot\System32\drivers\etc\hosts" -[ipaddress[]] $ips = @() -foreach ($h in $hosts) { - try { - # store for next part - $ips += [ipaddress]$h - } catch [System.InvalidCastException] { - $contaisHost = Select-String -Path $hosts_file -Pattern $h - If (-Not $contaisHost) { - # can be redirected by hosts - echo "0.0.0.0 $h" | Out-File -Encoding ASCII -Append $hosts_file - } - } -} -echo "Adding telemetry ips to firewall" -Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue -New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound ` - -Action Block -RemoteAddress ([string[]]$ips) - echo "Disabling telemetry via Group Policies" mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0