|
@ -2,11 +2,66 @@ |
|
|
# This script disables unwanted Windows features. If you do not want to |
|
|
# This script disables unwanted Windows features. If you do not want to |
|
|
# disable certain features comment out the corresponding lines below. |
|
|
# disable certain features comment out the corresponding lines below. |
|
|
|
|
|
|
|
|
|
|
|
echo "Disabling so-called Windows Features" |
|
|
$features = @( |
|
|
$features = @( |
|
|
"Internet-Explorer-Optional-amd64" |
|
|
"Internet-Explorer-Optional-amd64" |
|
|
"MediaPlayback" |
|
|
"MediaPlayback" |
|
|
"WindowsMediaPlayer" |
|
|
"WindowsMediaPlayer" |
|
|
"WorkFolders-Client" |
|
|
"WorkFolders-Client" |
|
|
) |
|
|
) |
|
|
|
|
|
|
|
|
Disable-WindowsOptionalFeature -Online -NoRestart -FeatureName $features |
|
|
Disable-WindowsOptionalFeature -Online -NoRestart -FeatureName $features |
|
|
|
|
|
|
|
|
|
|
|
echo "Disabling Windows Defender via Group Policies" |
|
|
|
|
|
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1 |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1 |
|
|
|
|
|
mkdir -Force "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1 |
|
|
|
|
|
|
|
|
|
|
|
echo "Disable Notification Center" |
|
|
|
|
|
sp "HKLM:\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" UseActionCenterExperience 0 |
|
|
|
|
|
|
|
|
|
|
|
echo "Disable startmenu search features" |
|
|
|
|
|
mkdir -Force "HKLM:\Software\Policies\Microsoft\Windows\Windows Search" |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowCortana 0 |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" DisableWebSearch 1 |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" AllowSearchToUseLocation 0 |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" ConnectedSearchUseWeb 0 |
|
|
|
|
|
|
|
|
|
|
|
echo "Disable searchUI.exe" |
|
|
|
|
|
taskkill.exe /F /IM "SearchUI.exe" |
|
|
|
|
|
# try to rename folder while SearchUI is restarting |
|
|
|
|
|
foreach ($_ in (0..15)) { |
|
|
|
|
|
if (Test-Path "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy") { |
|
|
|
|
|
mv "$env:windir\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" ` |
|
|
|
|
|
"$env:windir\SystemApps\_Microsoft.Windows.Cortana_cw5n1h2txyewy" ` |
|
|
|
|
|
-ErrorAction SilentlyContinue |
|
|
|
|
|
} else { |
|
|
|
|
|
break |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
echo "Adding telemetry domains to hosts file" |
|
|
|
|
|
$hosts = cat "$PSScriptRoot\..\res\telemetry-hosts.txt" |
|
|
|
|
|
$hosts_file = "$env:systemroot\System32\drivers\etc\hosts" |
|
|
|
|
|
[ipaddress[]] $ips = @() |
|
|
|
|
|
foreach ($h in $hosts) { |
|
|
|
|
|
try { |
|
|
|
|
|
# store for next part |
|
|
|
|
|
$ips += [ipaddress]$h |
|
|
|
|
|
} catch [System.InvalidCastException] { |
|
|
|
|
|
$contaisHost = Select-String -Path $hosts_file -Pattern $h |
|
|
|
|
|
If (-Not $contaisHost) { |
|
|
|
|
|
# can be redirected by hosts |
|
|
|
|
|
echo "0.0.0.0 $h" | Out-File -Encoding ASCII -Append $hosts_file |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
echo "Adding telemetry ips to firewall" |
|
|
|
|
|
Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue |
|
|
|
|
|
New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound ` |
|
|
|
|
|
-Action Block -RemoteAddress ([string[]]$ips) |
|
|
|
|
|
|
|
|
|
|
|
echo "Disabling telemetry via Group Policies" |
|
|
|
|
|
mkdir -Force "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" |
|
|
|
|
|
sp "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0 |
|
|