<# .SYNOPSIS "Windows 10 Sophia Script" (LTSC version) is a PowerShell module for Windows 10 fine-tuning and automating the routine tasks Version: v5.0.4 Date: 20.02.2021 Copyright (c) 2015–2021 farag & oZ-Zo https://github.com/farag2 https://github.com/oz-zo Thanks to all https://forum.ru-board.com members involved .DESCRIPTION Running the script is best done on a fresh install because running it on wrong tweaked system may result in errors occurring .NOTES https://forum.ru-board.com/topic.cgi?forum=62&topic=30617#15 https://habr.com/post/521202/ https://forums.mydigitallife.net/threads/powershell-windows-10-sophia-script.81675/ https://www.reddit.com/r/PowerShell/comments/go2n5v/powershell_script_setup_windows_10/ .NOTES Supported Windows 10 Version: 1809 Build: 17763 Edition: Enterprise LTSC Architecture: x64 .NOTES Set execution policy to be able to run scripts only in the current PowerShell session: Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force .LINK https://github.com/farag2/Windows-10-Sophia-Script #> #region Checkings function Checkings { Set-StrictMode -Version Latest # Сlear the $Error variable $Global:Error.Clear() # Detect the OS bitness switch ([System.Environment]::Is64BitOperatingSystem) { $false { Write-Warning -Message $Localization.UnsupportedOSBitness exit } } # Detect the OS build version switch ((Get-CimInstance -ClassName Win32_OperatingSystem).BuildNumber -eq 17763) { $false { Write-Warning -Message $Localization.UnsupportedOSBuild exit } } # Checking whether the current module version is the latest try { $DownloadsFolder = Get-ItemPropertyValue -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" -Name "{374DE290-123F-4565-9164-39C4925E467B}" Invoke-WebRequest -Uri "https://raw.githubusercontent.com/farag2/Windows-10-Sophia-Script/master/Sophia/LTSC/Sophia.psd1" -OutFile $DownloadsFolder\Manifest.psd1 -UseBasicParsing $LatestRelease = (Import-PowerShellDataFile -Path $DownloadsFolder\Manifest.psd1).ModuleVersion $CurrentRelease = (Get-Module -Name Sophia).Version.ToString() Remove-Item -Path $DownloadsFolder\Manifest.psd1 -Force switch ([System.Version]$LatestRelease -gt [System.Version]$CurrentRelease) { $true { Write-Warning -Message $Localization.UnsupportedRelease Start-Sleep -Seconds 5 Start-Process -FilePath "https://github.com/farag2/Windows-10-Sophia-Script/releases/latest" exit } } } catch [System.Net.WebException] { Write-Warning -Message $Localization.NoInternetConnection Write-Error -Message $Localization.NoInternetConnection -ErrorAction SilentlyContinue } # Unblock all files in the folder by removing the Zone.Identifier alternate data stream with a value of "3" Get-ChildItem -Path $PSScriptRoot -Recurse -Force | Unblock-File -Confirm:$false # Turn off Controlled folder access to let the script proceed switch ((Get-MpPreference).EnableControlledFolderAccess) { "1" { Write-Warning -Message $Localization.ControlledFolderAccessDisabled $Script:ControlledFolderAccess = $true Set-MpPreference -EnableControlledFolderAccess Disabled # Open "Ransomware protection" page Start-Process -FilePath windowsdefender://RansomwareProtection } "0" { $Script:ControlledFolderAccess = $false } } } #endregion Checkings # Enable script logging. The log will be being recorded into the script folder # To stop logging just close the console or type "Stop-Transcript" function Logging { $TrascriptFilename = "Log-$((Get-Date).ToString("dd.MM.yyyy-HH-mm"))" Start-Transcript -Path $PSScriptRoot\$TrascriptFilename.txt -Force } # Create a restore point for the system drive function CreateRestorePoint { $SystemDriveUniqueID = (Get-Volume | Where-Object {$_.DriveLetter -eq "$($env:SystemDrive[0])"}).UniqueID $SystemProtection = ((Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP\Clients")."{09F7EDC5-294E-4180-AF6A-FB0E6A0E9513}") | Where-Object -FilterScript {$_ -match [regex]::Escape($SystemDriveUniqueID)} $ComputerRestorePoint = $false switch ($null -eq $SystemProtection) { $true { $ComputerRestorePoint = $true Enable-ComputerRestore -Drive $env:SystemDrive } } # Never skip creating a restore point New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" -Name SystemRestorePointCreationFrequency -PropertyType DWord -Value 0 -Force Checkpoint-Computer -Description "Windows 10 Sophia Script" -RestorePointType MODIFY_SETTINGS # Revert the System Restore checkpoint creation frequency to 1440 minutes New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" -Name SystemRestorePointCreationFrequency -PropertyType DWord -Value 1440 -Force # Turn off System Protection for the system drive if it was turned off without deleting existing restore points if ($ComputerRestorePoint) { Disable-ComputerRestore -Drive $env:SystemDrive } } #region Privacy & Telemetry <# .SYNOPSIS Configure the DiagTrack service, firewall rule for Unified Telemetry Client Outbound Traffic and block connection .PARAMETER Disable Disable the DiagTrack service, firewall rule for Unified Telemetry Client Outbound Traffic and block connection .PARAMETER Enable Enable the DiagTrack service, firewall rule for Unified Telemetry Client Outbound Traffic and allow connection .EXAMPLE DiagTrackService -Disable .EXAMPLE DiagTrackService -Enable .NOTES Current user #> function DiagTrackService { param ( [Parameter( Mandatory = $true, ParameterSetName = "Enable" )] [switch] $Enable, [Parameter( Mandatory = $true, ParameterSetName = "Disable" )] [switch] $Disable ) switch ($PSCmdlet.ParameterSetName) { "Enable" { Get-Service -Name DiagTrack | Set-Service -StartupType Automatic Get-Service -Name DiagTrack | Start-Service # Enable firewall rule for Unified Telemetry Client Outbound Traffic and allow connection Get-NetFirewallRule -Group DiagTrack | Set-NetFirewallRule -Enabled True -Action Allow } "Disable" { Get-Service -Name DiagTrack | Stop-Service -Force Get-Service -Name DiagTrack | Set-Service -StartupType Disabled # Disable firewall rule for Unified Telemetry Client Outbound Traffic and block connection Get-NetFirewallRule -Group DiagTrack | Set-NetFirewallRule -Enabled False -Action Block } } } <# .SYNOPSIS Configure the OS level of diagnostic data gathering .PARAMETER Minimal Set the OS level of diagnostic data gathering to minimum .PARAMETER Default Set the OS level of diagnostic data gathering to minimum .EXAMPLE DiagnosticDataLevel -Minimal .EXAMPLE DiagnosticDataLevel -Default .NOTES Machine-wide #> function DiagnosticDataLevel { param ( [Parameter( Mandatory = $true, ParameterSetName = "Minimal" )] [switch] $Minimal, [Parameter( Mandatory = $true, ParameterSetName = "Default" )] [switch] $Default ) switch ($PSCmdlet.ParameterSetName) { "Minimal" { New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection -Name AllowTelemetry -PropertyType DWord -Value 0 -Force } "Default" { New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection -Name AllowTelemetry -PropertyType DWord -Value 3 -Force } } } <# .SYNOPSIS Configure the Windows Error Reporting .PARAMETER Disable Turn off Windows Error Reporting .PARAMETER Enable Turn on Windows Error Reporting .EXAMPLE ErrorReporting -Disable .EXAMPLE ErrorReporting -Enable .NOTES Current user #> function ErrorReporting { param ( [Parameter( Mandatory = $true, ParameterSetName = "Disable" )] [switch] $Disable, [Parameter( Mandatory = $true, ParameterSetName = "Enable" )] [switch] $Enable ) switch ($PSCmdlet.ParameterSetName) { "Disable" { if ((Get-WindowsEdition -Online).Edition -notmatch "Core*") { Get-ScheduledTask -TaskName QueueReporting | Disable-ScheduledTask New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\Windows Error Reporting" -Name Disabled -PropertyType DWord -Value 1 -Force } } "Enable" { Get-ScheduledTask -TaskName QueueReporting | Enable-ScheduledTask Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\Windows Error Reporting" -Name Disabled -Force -ErrorAction SilentlyContinue } } } <# .SYNOPSIS Configure the Windows feedback frequency .PARAMETER Disable Change Windows feedback frequency to "Never" .PARAMETER Enable Change Windows feedback frequency to "Automatically" .EXAMPLE WindowsFeedback -Disable .EXAMPLE WindowsFeedback -Enable .NOTES Current user #> function WindowsFeedback { param ( [Parameter( Mandatory = $true, ParameterSetName = "Disable" )] [switch] $Disable, [Parameter( Mandatory = $true, ParameterSetName = "Enable" )] [switch] $Enable ) switch ($PSCmdlet.ParameterSetName) { "Disable" { if (-not (Test-Path -Path HKCU:\SOFTWARE\Microsoft\Siuf\Rules)) { New-Item -Path HKCU:\SOFTWARE\Microsoft\Siuf\Rules -Force } New-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Siuf\Rules -Name NumberOfSIUFInPeriod -PropertyType DWord -Value 0 -Force } "Enable" { Remove-Item -Path HKCU:\SOFTWARE\Microsoft\Siuf\Rules -Force -ErrorAction SilentlyContinue } } } <# .SYNOPSIS Configure the diagnostics tracking scheduled tasks .PARAMETER Disable Turn off the diagnostics tracking scheduled tasks .PARAMETER Enable Turn on the diagnostics tracking scheduled tasks .EXAMPLE ScheduledTasks -Disable .EXAMPLE ScheduledTasks -Enable .NOTES A pop-up dialog box enables the user to select tasks Current user #> function ScheduledTasks { param ( [Parameter( Mandatory = $true, ParameterSetName = "Enable" )] [switch] $Enable, [Parameter( Mandatory = $true, ParameterSetName = "Disable" )] [switch] $Disable ) Add-Type -AssemblyName PresentationCore, PresentationFramework #region Variables # Initialize an array list to store the selected scheduled tasks $SelectedTasks = New-Object -TypeName System.Collections.ArrayList($null) # The following tasks will have their checkboxes checked [string[]]$CheckedScheduledTasks = @( # Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program # Сбор телеметрических данных программы при участии в программе улучшения качества ПО "ProgramDataUpdater", # This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program # Эта задача собирает и загружает данные SQM при участии в программе улучшения качества программного обеспечения "Proxy", # If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft # Если пользователь изъявил желание участвовать в программе по улучшению качества программного обеспечения Windows, эта задача будет собирать и отправлять сведения о работе программного обеспечения в Майкрософт "Consolidator", # The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft # При выполнении задачи программы улучшения качества ПО шины USB (USB CEIP) осуществляется сбор статистических данных об использовании универсальной последовательной шины USB и с ведений о компьютере, которые направляются инженерной группе Майкрософт по вопросам подключения устройств в Windows "UsbCeip", # The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program # Для пользователей, участвующих в программе контроля качества программного обеспечения, служба диагностики дисков Windows предоставляет общие сведения о дисках и системе в корпорацию Майкрософт "Microsoft-Windows-DiskDiagnosticDataCollector", # This task shows various Map related toasts # Эта задача показывает различные тосты (всплывающие уведомления) приложения "Карты" "MapsToastTask", # This task checks for updates to maps which you have downloaded for offline use # Эта задача проверяет наличие обновлений для карт, загруженных для автономного использования "MapsUpdateTask", # Initializes Family Safety monitoring and enforcement # Инициализация контроля и применения правил семейной безопасности "FamilySafetyMonitor", # Synchronizes the latest settings with the Microsoft family features service # Синхронизирует последние параметры со службой функций семьи учетных записей Майкрософт "FamilySafetyRefreshTask", # XblGameSave Standby Task "XblGameSaveTask" ) # Check if device has a camera $DeviceHasCamera = Get-CimInstance -ClassName Win32_PnPEntity | Where-Object -FilterScript {($_.PNPClass -eq "Camera") -or ($_.PNPClass -eq "Image")} if (-not $DeviceHasCamera) { # Windows Hello $CheckedScheduledTasks += "FODCleanupTask" } #endregion Variables #region XAML Markup # The section defines the design of the upcoming dialog box [xml]$XAML = '