From e230c2352fb1da07a1d3519ed87186a819ec115c Mon Sep 17 00:00:00 2001 From: Alex Hirsch Date: Sat, 22 Aug 2015 23:25:54 +0200 Subject: [PATCH] merge disable feature scripts --- scripts/disable-defender.ps1 | 9 ---- scripts/disable-notification-center.ps1 | 4 -- scripts/disable-searchfeatures.ps1 | 8 ---- scripts/disable-searchui.ps1 | 16 ------- scripts/disable-telemetry.ps1 | 31 -------------- scripts/disable-windows-features.ps1 | 57 ++++++++++++++++++++++++- 6 files changed, 56 insertions(+), 69 deletions(-) delete mode 100644 scripts/disable-defender.ps1 delete mode 100644 scripts/disable-notification-center.ps1 delete mode 100644 scripts/disable-searchfeatures.ps1 delete mode 100644 scripts/disable-searchui.ps1 delete mode 100644 scripts/disable-telemetry.ps1 diff --git a/scripts/disable-defender.ps1 b/scripts/disable-defender.ps1 deleted file mode 100644 index 1a4181b..0000000 --- a/scripts/disable-defender.ps1 +++ /dev/null @@ -1,9 +0,0 @@ -# Description: -# This script will disable Windows Defender via Group Policies. - -echo "Disabling Windows Defender" -mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" -sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1 -sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1 -mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" -sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1 diff --git a/scripts/disable-notification-center.ps1 b/scripts/disable-notification-center.ps1 deleted file mode 100644 index 3d16e3f..0000000 --- a/scripts/disable-notification-center.ps1 +++ /dev/null @@ -1,4 +0,0 @@ -# Description: -# This script disables the notification center. - -sp "HKLM:\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" UseActionCenterExperience 0 diff --git a/scripts/disable-searchfeatures.ps1 b/scripts/disable-searchfeatures.ps1 deleted file mode 100644 index 2a29b5a..0000000 --- a/scripts/disable-searchfeatures.ps1 +++ /dev/null @@ -1,8 +0,0 @@ -# Description: -# This script will disable certain unwanted startmenu search features. - -mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\Windows Search" -sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowCortana 0 -sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" DisableWebSearch 1 -sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowSearchToUseLocation 0 -sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" ConnectedSearchUseWeb 0 diff --git a/scripts/disable-searchui.ps1 b/scripts/disable-searchui.ps1 deleted file mode 100644 index 8f545f7..0000000 --- a/scripts/disable-searchui.ps1 +++ /dev/null @@ -1,16 +0,0 @@ -# Description: -# This script will rename the Cortana app folder so SeachUI.exe cannot be -# started. - -taskkill.exe /F /IM "SearchUI.exe" - -# try to rename folder while SearchUI is restarting -foreach ($_ in (0..15)) { - if (Test-Path "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy") { - mv "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" ` - "$env:windir\SystemApps\_Microsoft.Windows.Cortana_cw5n1h2txyewy" ` - -ErrorAction SilentlyContinue - } else { - break - } -} diff --git a/scripts/disable-telemetry.ps1 b/scripts/disable-telemetry.ps1 deleted file mode 100644 index 0fe45fa..0000000 --- a/scripts/disable-telemetry.ps1 +++ /dev/null @@ -1,31 +0,0 @@ -# Description: -# This script redirects telemetry related domains to your nowhere using the -# hosts file. Hard coded telemetry related IPs are blocked by Windows firewall. -# Additionally telemetry is disallows via Group Policies. - -echo "Adding telemetry domains to hosts file" -$hosts = cat "$PSScriptRoot\..\res\telemetry-hosts.txt" -$hosts_file = "$env:systemroot\System32\drivers\etc\hosts" - -[ipaddress[]] $ips = @() -foreach ($h in $hosts) { - try { - # store for next part - $ips += [ipaddress]$h - } catch [System.InvalidCastException] { - $contaisHost = Select-String -Path $hosts_file -Pattern $h - If (-Not $contaisHost) { - # can be redirected by hosts - echo "0.0.0.0 $h" | Out-File -Encoding ASCII -Append $hosts_file - } - } -} - -echo "Adding telemetry ips to firewall" -Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue -New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound ` - -Action Block -RemoteAddress ([string[]]$ips) - -echo "Disabling telemetry via Group Policies" -mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0 diff --git a/scripts/disable-windows-features.ps1 b/scripts/disable-windows-features.ps1 index 10020eb..cda666b 100644 --- a/scripts/disable-windows-features.ps1 +++ b/scripts/disable-windows-features.ps1 @@ -2,11 +2,66 @@ # This script disables unwanted Windows features. If you do not want to # disable certain features comment out the corresponding lines below. +echo "Disabling so-called Windows Features" $features = @( "Internet-Explorer-Optional-amd64" "MediaPlayback" "WindowsMediaPlayer" "WorkFolders-Client" ) - Disable-WindowsOptionalFeature -Online -NoRestart -FeatureName $features + +echo "Disabling Windows Defender via Group Policies" +mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" +sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1 +sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1 +mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" +sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1 + +echo "Disable Notification Center" +sp "HKLM:\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" UseActionCenterExperience 0 + +echo "Disable startmenu search features" +mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\Windows Search" +sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowCortana 0 +sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" DisableWebSearch 1 +sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowSearchToUseLocation 0 +sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" ConnectedSearchUseWeb 0 + +echo "Disable searchUI.exe" +taskkill.exe /F /IM "SearchUI.exe" +# try to rename folder while SearchUI is restarting +foreach ($_ in (0..15)) { + if (Test-Path "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy") { + mv "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" ` + "$env:windir\SystemApps\_Microsoft.Windows.Cortana_cw5n1h2txyewy" ` + -ErrorAction SilentlyContinue + } else { + break + } +} + +echo "Adding telemetry domains to hosts file" +$hosts = cat "$PSScriptRoot\..\res\telemetry-hosts.txt" +$hosts_file = "$env:systemroot\System32\drivers\etc\hosts" +[ipaddress[]] $ips = @() +foreach ($h in $hosts) { + try { + # store for next part + $ips += [ipaddress]$h + } catch [System.InvalidCastException] { + $contaisHost = Select-String -Path $hosts_file -Pattern $h + If (-Not $contaisHost) { + # can be redirected by hosts + echo "0.0.0.0 $h" | Out-File -Encoding ASCII -Append $hosts_file + } + } +} +echo "Adding telemetry ips to firewall" +Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue +New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound ` + -Action Block -RemoteAddress ([string[]]$ips) + +echo "Disabling telemetry via Group Policies" +mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" +sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0