@ -1,12 +1,24 @@
<#
<#
. SYNOPSIS
. SYNOPSIS
" Windows 10 Setup Script " is a set of tweaks for OS fine-tuning and automating the routine tasks
" Windows 10 Setup Script " is a set of tweaks for OS fine-tuning and automating the routine tasks
Version : v4 . 4 . 3
Date : 23 . 06 . 2020
Copyright ( c ) 2020 farag & oZ-Zo
Thanks to all http : / / forum . ru-board . com members involved
. DESCRIPTION
. DESCRIPTION
Supported Windows 10 version : 2004 ( 20H1 ) , 19041 build , x64
Supported Windows 10 version : 2004 ( 20H1 ) , 19041 build , x64
Most of functions can be run also on LTSB / LTSC
Most of functions can be run also on LTSB / LTSC
Tested on Home / Pro / Enterprise editions
Tested on Home / Pro / Enterprise editions
Due to the fact that the script includes about 150 functions ,
you should read the entire script and comment out those sections that you do not want to be execute
Running the script is best done on a fresh install because running the script on tweaked system may result in occurring errors
Check whether the . ps1 file is encoded in UTF - 8 with BOM
Check whether the . ps1 file is encoded in UTF - 8 with BOM
The script can not be executed via PowerShell ISE
The script can not be executed via PowerShell ISE
PowerShell must be run with elevated privileges
PowerShell must be run with elevated privileges
@ -14,15 +26,10 @@
Set execution policy to be able to run scripts only in the current PowerShell session :
Set execution policy to be able to run scripts only in the current PowerShell session :
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
Running the script is best done on a fresh install
. EXAMPLE
. EXAMPLE
PS C: \ > & '.\Win 10.ps1'
PS C: \ > & '.\Win 10 2004.ps1'
. NOTES
Version : v4 . 4 . 3
Date : 19 . 06 . 2020
Written by : farag & oZ-Zo
Thanks to all http : / / forum . ru-board . com members involved
. NOTES
Ask a question on
Ask a question on
http : / / forum . ru-board . com / topic . cgi ? forum = 62 & topic = 30617 #15
http : / / forum . ru-board . com / topic . cgi ? forum = 62 & topic = 30617 #15
https : / / habr . com / en / post / 465365 /
https : / / habr . com / en / post / 465365 /
@ -30,7 +37,6 @@
https : / / forums . mydigitallife . net / threads / powershell-script -setup -windows - 10 . 81675 /
https : / / forums . mydigitallife . net / threads / powershell-script -setup -windows - 10 . 81675 /
https : / / www . reddit . com / r / PowerShell / comments / go2n5v / powershell_script_setup_windows_10 /
https : / / www . reddit . com / r / PowerShell / comments / go2n5v / powershell_script_setup_windows_10 /
Copyright ( c ) 2020 farag & oZ-Zo
. LINK
. LINK
https : / / github . com / farag2 / Windows - 10 -Setup -Script
https : / / github . com / farag2 / Windows - 10 -Setup -Script
#>
#>
@ -1954,7 +1960,7 @@ switch ($Result)
" @
" @
$StartMenuLayoutPath = " $ env:TEMP\StartMenuLayout.xml "
$StartMenuLayoutPath = " $ env:TEMP\StartMenuLayout.xml "
# Saving StartMenuLayout.xml in UTF-8 encoding
# Saving StartMenuLayout.xml in UTF-8 encoding
# Сохраняем StartMenuLayout.xml в кодирв оке UTF-8
# Сохраняем StartMenuLayout.xml в кодиров ке UTF-8
Set-Content -Value ( New-Object System . Text . UTF8Encoding ) . GetBytes ( $StartMenuLayout ) -Encoding Byte -Path $StartMenuLayoutPath -Force
Set-Content -Value ( New-Object System . Text . UTF8Encoding ) . GetBytes ( $StartMenuLayout ) -Encoding Byte -Path $StartMenuLayoutPath -Force
# Temporarily disable changing Start layout
# Temporarily disable changing Start layout
@ -2910,18 +2916,18 @@ if ((Get-MpPreference).EnableControlledFolderAccess -eq 1)
}
}
}
}
# Add exclusion folder from Microsoft Defender Antivirus scanning
# Add exclusion folder from Windows Defender Antivirus scanning
# Добавить папку в список исключений сканирования Microsoft Defender
# Добавить папку в список исключений сканирования Windows Defender
if ( $RU )
if ( $RU )
{
{
$Title = " Microsoft Defender"
$Title = " Windows Defender"
$Message = " Чтобы исключить папку из списка сканирования антивредоносной программы Microsoft Defender, введите необходимую букву "
$Message = " Чтобы исключить папку из списка сканирования антивредоносной программы Windows Defender, введите необходимую букву "
$Options = " &Исключить папку " , " &Пропустить "
$Options = " &Исключить папку " , " &Пропустить "
}
}
else
else
{
{
$Title = " Microsoft Defender"
$Title = " Windows Defender"
$Message = " To exclude folder from Microsoft Defender Antivirus Scan enter the required letter "
$Message = " To exclude folder from Windows Defender Antivirus Scan enter the required letter "
$Options = " &Exclude folder " , " &Skip "
$Options = " &Exclude folder " , " &Skip "
}
}
$DefaultChoice = 1
$DefaultChoice = 1
@ -2965,18 +2971,18 @@ switch ($Result)
}
}
}
}
# Add exclusion file from Microsoft Defender Antivirus scanning
# Add exclusion file from Windows Defender Antivirus scanning
# Добавить файл в список исключений сканирования Microsoft Defender
# Добавить файл в список исключений сканирования Windows Defender
if ( $RU )
if ( $RU )
{
{
$Title = " Windows Defender "
$Title = " Windows Defender "
$Message = " Чтобы исключить файл из списка сканирования антивредоносной программы Microsoft Defender, введите необходимую букву "
$Message = " Чтобы исключить файл из списка сканирования антивредоносной программы Windows Defender, введите необходимую букву "
$Options = " &Исключить файл " , " &Пропустить "
$Options = " &Исключить файл " , " &Пропустить "
}
}
else
else
{
{
$Title = " Windows Defender "
$Title = " Windows Defender "
$Message = " To exclude file from Microsoft Defender Antivirus Scan enter the required letter "
$Message = " To exclude file from Windows Defender Antivirus Scan enter the required letter "
$Options = " &Exclude file " , " &Skip "
$Options = " &Exclude file " , " &Skip "
}
}
$DefaultChoice = 1
$DefaultChoice = 1
@ -3038,7 +3044,7 @@ setx /M MP_FORCE_USE_SANDBOX 1
New-ItemProperty -Path " HKCU:\Software\Microsoft\Windows Security Health\State " -Name AccountProtection_MicrosoftAccount_Disconnected -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path " HKCU:\Software\Microsoft\Windows Security Health\State " -Name AccountProtection_MicrosoftAccount_Disconnected -PropertyType DWord -Value 1 -Force
# Dismiss Windows Defender offer in the Windows Security about to turn on the SmartScreen filter for Microsoft Edge
# Dismiss Windows Defender offer in the Windows Security about to turn on the SmartScreen filter for Microsoft Edge
# Отклонить предложение Microsoft Defender в "Безопасность Windows" включить фильтр SmartScreen для Microsoft Edge
# Отклонить предложение Windows Defender в "Безопасность Windows" включить фильтр SmartScreen для Microsoft Edge
New-ItemProperty -Path " HKCU:\Software\Microsoft\Windows Security Health\State " -Name AppAndBrowser_EdgeSmartScreenOff -PropertyType DWord -Value 0 -Force
New-ItemProperty -Path " HKCU:\Software\Microsoft\Windows Security Health\State " -Name AppAndBrowser_EdgeSmartScreenOff -PropertyType DWord -Value 0 -Force
# Turn on events auditing generated when a process is created or starts
# Turn on events auditing generated when a process is created or starts
@ -3057,6 +3063,52 @@ if ($ProcessCreation -ne "No Auditing")
New-ItemProperty -Path HKLM : \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ Audit -Name ProcessCreationIncludeCmdLine_Enabled -PropertyType DWord -Value 1 -Force
New-ItemProperty -Path HKLM : \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ Audit -Name ProcessCreationIncludeCmdLine_Enabled -PropertyType DWord -Value 1 -Force
}
}
# Create "Process Creation" Event Viewer Custom View
# Создать настаиваемое представление "Создание процесса" в Настраиваемых представлениях
if ( $RU )
{
$OutputEncoding = [System.Console] :: OutputEncoding = [System.Console] :: InputEncoding = [System.Text.Encoding] :: UTF8
}
$ProcessCreation = auditpol / get / subcategory : " {0CCE922B-69AE-11D9-BED3-505054503030} " / r | ConvertFrom-Csv | Select-Object -ExpandProperty " Inclusion Setting "
if ( Get-ItemProperty -Path HKLM : \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ Audit -Name ProcessCreationIncludeCmdLine_Enabled -ErrorAction Ignore )
{
$ProcessCreationIncludeCmdLine_Enabled = $true
}
if ( ( $ProcessCreation -ne " No Auditing " ) -and ( $ProcessCreationIncludeCmdLine_Enabled -eq $true ) )
{
$XMLfile = @ "
< ViewerConfig >
< QueryConfig >
< QueryParams >
< UserQuery / >
< / QueryParams >
< QueryNode >
< Name > Process Creation < / Name >
< Description > Process Creation and Command-line Auditing Events < / Description >
< QueryList >
< Query Id = " 0 " Path = " Security " >
< Select Path = " Security " > * [ System [ ( EventID = 4688 ) ] ] < / Select >
< / Query >
< / QueryList >
< / QueryNode >
< / QueryConfig >
< / ViewerConfig >
" @
$ProcessCreationPath = " $ env:ProgramData\Microsoft\Event Viewer\Views\ProcessCreation.xml "
# Saving ProcessCreation.xml in UTF-8 encoding
# Сохраняем ProcessCreation.xml в кодировке UTF-8
Set-Content -Value ( New-Object System . Text . UTF8Encoding ) . GetBytes ( $XMLfile ) -Encoding Byte -Path $ProcessCreationPath -Force
if ( $RU )
{
[xml] $XML = Get-Content -Path $ProcessCreationPath
$XML . ViewerConfig . QueryConfig . QueryNode . Name = " Создание процесса "
$XML . ViewerConfig . QueryConfig . QueryNode . Description = " События содания нового процесса и аудит командной строки "
$xml . Save ( " $ env:ProgramData\Microsoft\Event Viewer\Views\ProcessCreation.xml " )
}
}
# Turn on logging for all Windows PowerShell modules
# Turn on logging for all Windows PowerShell modules
# Включить ведение журнала для всех модулей Windows PowerShell
# Включить ведение журнала для всех модулей Windows PowerShell
if ( -not ( Test-Path -Path HKLM : \ SOFTWARE \ Policies \ Microsoft \ Windows \ PowerShell \ ModuleLogging \ ModuleNames ) )
if ( -not ( Test-Path -Path HKLM : \ SOFTWARE \ Policies \ Microsoft \ Windows \ PowerShell \ ModuleLogging \ ModuleNames ) )