Browse Source

merge disable feature scripts

pull/31/head
Alex Hirsch 9 years ago
parent
commit
e230c2352f
  1. 9
      scripts/disable-defender.ps1
  2. 4
      scripts/disable-notification-center.ps1
  3. 8
      scripts/disable-searchfeatures.ps1
  4. 16
      scripts/disable-searchui.ps1
  5. 31
      scripts/disable-telemetry.ps1
  6. 57
      scripts/disable-windows-features.ps1

9
scripts/disable-defender.ps1

@ -1,9 +0,0 @@
# Description:
# This script will disable Windows Defender via Group Policies.
echo "Disabling Windows Defender"
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1

4
scripts/disable-notification-center.ps1

@ -1,4 +0,0 @@
# Description:
# This script disables the notification center.
sp "HKLM:\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" UseActionCenterExperience 0

8
scripts/disable-searchfeatures.ps1

@ -1,8 +0,0 @@
# Description:
# This script will disable certain unwanted startmenu search features.
mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\Windows Search"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowCortana 0
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" DisableWebSearch 1
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowSearchToUseLocation 0
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" ConnectedSearchUseWeb 0

16
scripts/disable-searchui.ps1

@ -1,16 +0,0 @@
# Description:
# This script will rename the Cortana app folder so SeachUI.exe cannot be
# started.
taskkill.exe /F /IM "SearchUI.exe"
# try to rename folder while SearchUI is restarting
foreach ($_ in (0..15)) {
if (Test-Path "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy") {
mv "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" `
"$env:windir\SystemApps\_Microsoft.Windows.Cortana_cw5n1h2txyewy" `
-ErrorAction SilentlyContinue
} else {
break
}
}

31
scripts/disable-telemetry.ps1

@ -1,31 +0,0 @@
# Description:
# This script redirects telemetry related domains to your nowhere using the
# hosts file. Hard coded telemetry related IPs are blocked by Windows firewall.
# Additionally telemetry is disallows via Group Policies.
echo "Adding telemetry domains to hosts file"
$hosts = cat "$PSScriptRoot\..\res\telemetry-hosts.txt"
$hosts_file = "$env:systemroot\System32\drivers\etc\hosts"
[ipaddress[]] $ips = @()
foreach ($h in $hosts) {
try {
# store for next part
$ips += [ipaddress]$h
} catch [System.InvalidCastException] {
$contaisHost = Select-String -Path $hosts_file -Pattern $h
If (-Not $contaisHost) {
# can be redirected by hosts
echo "0.0.0.0 $h" | Out-File -Encoding ASCII -Append $hosts_file
}
}
}
echo "Adding telemetry ips to firewall"
Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound `
-Action Block -RemoteAddress ([string[]]$ips)
echo "Disabling telemetry via Group Policies"
mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0

57
scripts/disable-windows-features.ps1

@ -2,11 +2,66 @@
# This script disables unwanted Windows features. If you do not want to # This script disables unwanted Windows features. If you do not want to
# disable certain features comment out the corresponding lines below. # disable certain features comment out the corresponding lines below.
echo "Disabling so-called Windows Features"
$features = @( $features = @(
"Internet-Explorer-Optional-amd64" "Internet-Explorer-Optional-amd64"
"MediaPlayback" "MediaPlayback"
"WindowsMediaPlayer" "WindowsMediaPlayer"
"WorkFolders-Client" "WorkFolders-Client"
) )
Disable-WindowsOptionalFeature -Online -NoRestart -FeatureName $features Disable-WindowsOptionalFeature -Online -NoRestart -FeatureName $features
echo "Disabling Windows Defender via Group Policies"
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1
echo "Disable Notification Center"
sp "HKLM:\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" UseActionCenterExperience 0
echo "Disable startmenu search features"
mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\Windows Search"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowCortana 0
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" DisableWebSearch 1
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowSearchToUseLocation 0
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" ConnectedSearchUseWeb 0
echo "Disable searchUI.exe"
taskkill.exe /F /IM "SearchUI.exe"
# try to rename folder while SearchUI is restarting
foreach ($_ in (0..15)) {
if (Test-Path "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy") {
mv "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" `
"$env:windir\SystemApps\_Microsoft.Windows.Cortana_cw5n1h2txyewy" `
-ErrorAction SilentlyContinue
} else {
break
}
}
echo "Adding telemetry domains to hosts file"
$hosts = cat "$PSScriptRoot\..\res\telemetry-hosts.txt"
$hosts_file = "$env:systemroot\System32\drivers\etc\hosts"
[ipaddress[]] $ips = @()
foreach ($h in $hosts) {
try {
# store for next part
$ips += [ipaddress]$h
} catch [System.InvalidCastException] {
$contaisHost = Select-String -Path $hosts_file -Pattern $h
If (-Not $contaisHost) {
# can be redirected by hosts
echo "0.0.0.0 $h" | Out-File -Encoding ASCII -Append $hosts_file
}
}
}
echo "Adding telemetry ips to firewall"
Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound `
-Action Block -RemoteAddress ([string[]]$ips)
echo "Disabling telemetry via Group Policies"
mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0

Loading…
Cancel
Save