disassembler0 / win10-initial-setup-script Goto Github PK
View Code? Open in Web Editor NEWPowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019
License: MIT License
PowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019
License: MIT License
Greetings @Disassembler0 ,
I´ve noticed a couple more games that came by default (or at least in update) that are:
Name : A278AB0D.DisneyMagicKingdoms
Publisher : CN=276B8086-F8CA-495E-A880-D275ED83EA67
Architecture : X86
ResourceId :
Version : 2.5.1.2
PackageFullName : A278AB0D.DisneyMagicKingdoms_2.5.1.2_x86__h6adky7gbf63m
InstallLocation : C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_2.5.1.2_x86__h6adky7gbf63m
IsFramework : False
PackageFamilyName : A278AB0D.DisneyMagicKingdoms_h6adky7gbf63m
PublisherId : h6adky7gbf63m
IsResourcePackage : False
IsBundle : False
IsDevelopmentMode : False
Dependencies : {Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe}
IsPartiallyStaged : False
SignatureKind : Store
Status : Ok
Name : 828B5831.HiddenCityMysteryofShadows
Publisher : CN=A4F05332-BE3A-4155-B996-B100171CD4B1
Architecture : X86
ResourceId :
Version : 1.16.1700.0
PackageFullName : 828B5831.HiddenCityMysteryofShadows_1.16.1700.0_x86__ytsefhwckbdv6
InstallLocation : C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.16.1700.0_x86__ytsefhwckbdv6
IsFramework : False
PackageFamilyName : 828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6
PublisherId : ytsefhwckbdv6
IsResourcePackage : False
IsBundle : False
IsDevelopmentMode : False
Dependencies : {Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe}
IsPartiallyStaged : False
SignatureKind : Store
Status : Ok
Are you interested in add both?
Thanks
I just tested the "EnableRemoteDesktop" function. Actually the function works and changes the GUI in Remote Desktop settings. However, enabling the remote desktop by editing registry doesn't open firewall settings. So, adding Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
will solve this.
This script almost has everything I usually do on a new install, except a setting that switches DEP (Data Execution Prevention) to OptOut which is not the default because of legacy stuff.
Since this setting has multiple options not just enable/disable, I do not know how this should be integrated into your script, so I will leave this to you if you think it's worth the effort to add it.
The way I did it is as barebones as possible:
Function EnableDEP {
Write-Host "Switching DEP to OptOut..."
& $env:WINDIR\system32\bcdedit /set nx OptOut | Out-Null
}
What do you I need to change or re-enable to get phone link to work again. I've attatched the changes I have made to the original script.
Win10.txt
Here are additional third party bloat apps that I remove from a default install of the newest 1709 ISO that aren't currently included in the script. I add them to the UnInstallThirdPartyBloat and InstallThirdPartyBloat functions. 6 lines were added to the bottom of each function.
# Uninstall default third party applications
function UninstallThirdPartyBloat {
Write-Host "Uninstalling default third party applications..."
Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage
Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage
Get-AppxPackage "4DF9E0F8.Netflix" | Remove-AppxPackage
Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage
Get-AppxPackage "D52A8D61.FarmVille2CountryEscape" | Remove-AppxPackage
Get-AppxPackage "GAMELOFTSA.Asphalt8Airborne" | Remove-AppxPackage
Get-AppxPackage "flaregamesGmbH.RoyalRevolt2" | Remove-AppxPackage
Get-AppxPackage "AdobeSystemsIncorporated.AdobePhotoshopExpress" | Remove-AppxPackage
Get-AppxPackage "ActiproSoftwareLLC.562882FEEB491" | Remove-AppxPackage
Get-AppxPackage "D5EA27B7.Duolingo-LearnLanguagesforFree" | Remove-AppxPackage
Get-AppxPackage "Facebook.Facebook" | Remove-AppxPackage
Get-AppxPackage "46928bounde.EclipseManager" | Remove-AppxPackage
Get-AppxPackage "A278AB0D.MarchofEmpires" | Remove-AppxPackage
Get-AppxPackage "KeeperSecurityInc.Keeper" | Remove-AppxPackage
Get-AppxPackage "king.com.BubbleWitch3Saga" | Remove-AppxPackage
Get-AppxPackage "89006A2E.AutodeskSketchBook" | Remove-AppxPackage
Get-AppxPackage "CAF9E577.Plex" | Remove-AppxPackage
Get-AppxPackage "A278AB0D.DisneyMagicKingdoms" | Remove-AppxPackage
Get-AppxPackage "828B5831.HiddenCityMysteryofShadows" | Remove-AppxPackage
Get-AppxPackage "WinZipComputing.WinZipUniversal" | Remove-AppxPackage
Get-AppxPackage "SpotifyAB.SpotifyMusic" | Remove-AppxPackage
Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage
Get-AppxPackage "2414FC7A.Viber" | Remove-AppxPackage
Get-AppxPackage "64885BlueEdge.OneCalendar" | Remove-AppxPackage
Get-AppxPackage "41038Axilesoft.ACGMediaPlayer" | Remove-AppxPackage
}
# Install default third party applications
Function InstallThirdPartyBloat {
Write-Host "Installing default third party applications..."
Get-AppxPackage -AllUsers "9E2F88E3.Twitter" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "king.com.CandyCrushSodaSaga" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "4DF9E0F8.Netflix" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "Drawboard.DrawboardPDF" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "D52A8D61.FarmVille2CountryEscape" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "GAMELOFTSA.Asphalt8Airborne" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "flaregamesGmbH.RoyalRevolt2" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "AdobeSystemsIncorporated.AdobePhotoshopExpress" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "ActiproSoftwareLLC.562882FEEB491" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "D5EA27B7.Duolingo-LearnLanguagesforFree" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "Facebook.Facebook" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "46928bounde.EclipseManager" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "A278AB0D.MarchofEmpires" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "KeeperSecurityInc.Keeper" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "king.com.BubbleWitch3Saga" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "89006A2E.AutodeskSketchBook" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "CAF9E577.Plex" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "A278AB0D.DisneyMagicKingdoms" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "828B5831.HiddenCityMysteryofShadows" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "WinZipComputing.WinZipUniversal" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "SpotifyAB.SpotifyMusic" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "PandoraMediaInc.29680B314EFC2" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "2414FC7A.Viber" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "64885BlueEdge.OneCalendar" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "41038Axilesoft.ACGMediaPlayer" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
}
Problém ve scriptu. Pokud budete chtít vypnout stisknutí klávesy a restartování tak musíte umazat Auxiliary Functions ale nestačí a nepomůže ani smazání čárky za slovem EnableIEEnhancedSecurity.
Ale je třeba Auxiliary Functions nahradit buď dvouma uvozovkami. Nebo příkazem Exit na konci scriptu s odkazem v začátku scriptu.
# "DisableCtrlAltDelLogin", # "EnableCtrlAltDelLogin",
# "DisableIEEnhancedSecurity", # "EnableIEEnhancedSecurity",
### Auxiliary Functions ###
"WaitForKey",
"Restart"
)
I don't know what is the option beacause I used the default ones plus others but this is the second time It happends to me with this script. I know this kind of stuff could be problematic, but I love the way this litle script can with an only click configure and debloat the whole OS.
Well, thanks for de PS Script.
(... and sorry for my bad english).
:)
Might be related due to subsystem on new setup not being there?
Tried to run them but always gave me an error that the file was not present, copied them to the desktop and put in the absolut path for the preset and the win10.ps1 for the desired effect.
Greetings @Disassembler0 ,
I´ve come up with some tweaks for dealing with power plan settings that may be nice to include on your script, as na special session if you find interesting.
On laptops and batteries devices I think it really helps when you don´t have to remember all settings are.
In fact I use a laptop as server machine, and I don´t want it to turnoff anytime and wish everything online all the time.
Here is some piece of code that shows how to do it. Also tried to keep it clean with only powercfg snippet:
# Set Monitor presets to 'never'
powercfg -change -monitor-timeout-ac 0
powercfg -change -monitor-timeout-dc 0
powercfg -change -standby-timeout-ac 0
powercfg -change -standby-timeout-dc 0
powercfg -change -disk-timeout-ac 0
powercfg -change -disk-timeout-dc 0
powercfg -change -hibernate-timeout-ac 0
powercfg -change -hibernate-timeout-dc 0
# 48e6b7a6-50f5-4782-a5d4-53bb8f07e226 (Configuração de suspensão seletiva USB)
# USB Suspensão Seletiva - Desabilitar
powercfg /SETACVALUEINDEX SCHEME_CURRENT 2a737441-1930-4402-8d77-b2bebba308a3 48e6b7a6-50f5-4782-a5d4-53bb8f07e226 0
powercfg /SETDCVALUEINDEX SCHEME_CURRENT 2a737441-1930-4402-8d77-b2bebba308a3 48e6b7a6-50f5-4782-a5d4-53bb8f07e226 0
# Hibernar - Desabilitar
powercfg -h off
# GUID de Subgrupos: 44f3beca-a7c0-460e-9df2-bb8b99e0cba6 (Intel(R) Graphics Settings)
# GUID de Configuração de Energia: 3619c3f2-afb2-4afc-b0e9-e7fef372de36 (Intel(R) Graphics Power Plan)
powercfg /SETACVALUEINDEX SCHEME_CURRENT 44f3beca-a7c0-460e-9df2-bb8b99e0cba6 3619c3f2-afb2-4afc-b0e9-e7fef372de36 2
# GUID de Subgrupos: 4f971e89-eebd-4455-a8de-9e59040e7347 (Botões de energia e tampa)
# Alias GUID: SUB_BUTTONS
# GUID de Configuração de Energia: 5ca83367-6e45-459f-a27b-476b1d01c936 (Ação de fechamento da tampa)
# Alias GUID: LIDACTION
powercfg /SETACVALUEINDEX SCHEME_CURRENT SUB_BUTTONS LIDACTION 0
powercfg /SETDCVALUEINDEX SCHEME_CURRENT SUB_BUTTONS LIDACTION 0
# GUID de Configuração de Energia: 7648efa3-dd9c-4e3e-b566-50f929386280 (Ação do botão para ligar/desligar)
# Alias GUID: PBUTTONACTION
powercfg /SETACVALUEINDEX SCHEME_CURRENT SUB_BUTTONS PBUTTONACTION 0
powercfg /SETDCVALUEINDEX SCHEME_CURRENT SUB_BUTTONS PBUTTONACTION 0
# GUID de Configuração de Energia: 96996bc0-ad50-47ec-923b-6f41874dd9eb (Ação do botão de suspensão)
# Alias GUID: SBUTTONACTION
powercfg /SETACVALUEINDEX SCHEME_CURRENT SUB_BUTTONS SBUTTONACTION 0
powercfg /SETDCVALUEINDEX SCHEME_CURRENT SUB_BUTTONS SBUTTONACTION 0
# GUID de Configuração de Energia: a7066653-8d6c-40a8-910e-a1f54b84c7e5 (Botão para ligar/desligar do menu Iniciar)
# Alias GUID: UIBUTTON_ACTION
powercfg /SETACVALUEINDEX SCHEME_CURRENT SUB_BUTTONS UIBUTTON_ACTION 2
powercfg /SETDCVALUEINDEX SCHEME_CURRENT SUB_BUTTONS UIBUTTON_ACTION 2
# Enable Sleep Option
Function EnableSleep {
Write-Host "Enabling Sleep..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FlyoutMenuSettings" -Name "ShowSleepOption" -Type Dword -Value 1
}
# Disable Sleep Option
Function DisableSleep {
Write-Host "Disabling Sleep..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FlyoutMenuSettings" -Name "ShowSleepOption" -Type Dword -Value 0
}
DisableSleep
Some comments are in portuguese, however you may rip them off.
Also the GUIDs are default for any language.
It does apply to current energy plan however it would be nice to create a new energy scheme (that I still don´t know how to do) to apply them in a separated way.
Regards,
@thecek
Hi,
can you pls integrate the controlled folder access ?
That would be very nice !
Thx
Nitaro
When I would run the script and have my presets file to enable storage sense, it would give a general error. I used a cleanly installed 1709 machine to test it and figured out what the issue was. If this isn't the proper place for code changes I'm sorry, first time using Github to submit anything. But the code to fix the issue is this...
# Enable Storage Sense - automatic disk cleanup - Not applicable to Server
Function EnableStorageSense {
Write-Host "Enabling Storage Sense..."
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense" | Out-Null
}
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters" | Out-Null
}
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "01" -Type DWord -Value 1
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "04" -Type DWord -Value 1
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "08" -Type DWord -Value 1
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "32" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" -Name "StoragePoliciesNotified" -Type DWord -Value 1
}
No changes are required to the disable function, only the enable function. Apparently, on a brand new installed PC, the StorageSense registry entry doesn't even exist. The first time you open the Settings area and click "On" for Storage Sense it creates the folder, subfolders and keys. I just simply look for them and create them, then set the default registry entries that the settings menu did. Hope this helps.
HideDocumentsFromThisPC and similar also hides the folder from Userprofile.
Method used before change to using ThisPcPolicy does not have this potentially unwanted behavior.
When I use RequireAdmin in a preset file it looks like the args array being passed to the elevated instance is empty. I'm guessing $args in this case contains the arguments to the RequireAdmin function, not the arguments to the script. This causes the new, elevated Powershell instance to lose track the desired presets and apply the default tweaks.
Steps to repro:
RequireAdmin
DisableTelemetry
Thanks for the script. It's super helpful.
Would it be posiible to add feature "Disable automatic install network printers"? Thank you.
Hi there,
in Windows 10 1803 alias Spring Creators Update, the function UnpinStartMenuTiles isn't working anymore.
Do someone have a fix for this?
Došlo ke změně v registru:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
"SubscribedContent-338388Enabled"=dword:00000000
The script works great for the current user but when another user profile is created, the tweaks are not enabled.
Script have problem where not running complette script.
If comment lines...
### Auxiliary Functions ###
#"WaitForKey",
#"Restart"
If remove section then same problem.
Cz:
Zkoušel jsem odstranit také čárku za "EnableIEEnhancedSecurity", aby se regulérně ukončila funkce ale také to nepomohlo.
Especially in virtual environments (with SAN based storage) it is important to disable the scheduled defragmentation. This is done by disabling the corresponding scheduled task, which can only be done from a SYSTEM account, not from a regular Admin account.
Usually what you'd have to do is something like (note the -s
for psexec which means "run as SYSTEM")
psexec \\10.93.10.2 -u Administrator -p "p4ssw0rd" -s schtasks /change /tn "\Microsoft\Windows\TaskScheduler\Maintenance Configurator" /DISABLE
Windows 10 insider program shows "Your diagnostic and usage data settings require attention to get Insider Preview builds." and a "Fix me" button that was greyed out before I did RestoreAll, now I can press it but it does nothing. I've tried relinking my insider account as well. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry is set to 3. The diagnostic data option in settings is set to full but greyed out. "*Some settings are hidden or managed by your orginization." I've also tried setting the Allow Telemetry group policy to Enabled and 3 (it was not configured) but had no effect.
Is it possible to remove Safely Remove Hardware and Eject Media
icon? Would be so nice to see it as the new feature of your script.
Is there anything like this for win7? Which parts of this can we use for win7? Thank you.
Hey. Great script! It's exactly what I've been looking for.
I ran it today (slightly modified from the default) and everything worked great, but after the restart the media keys on my keyboard stopped working. I got it working again with these instructions, but it would be great if the issue could be avoided from the start.
I'm not sure what caused the problem. I did not run it with the UninstallMediaPlayer preset and I can't see any other presets that would interfere (maybe one of the bloatware apps?). Do you know what could cause it?
I'm pretty sure the script disabled it because I can't access my server via SMB, but I don't know what.
edit: nvm the issue wasn't the script, it was the latest update disabling smb
I’d like to find a universal, reliable, reversible and repeatable way to pin / unpin tiles in start menu and shortcuts in taskbar.
Microsoft makes it hard to achieve this function programmatically as they believe that application developers and publishers would abuse this mechanics to force their applications to every place possible. According to MS representative, pinning should be left entirely up to the user.
Now, I'm using Windows for quite some time and I'm aware that there are plenty of ways how the user interaction can be simulated using various macros, P/Invoke calls and other shady techniques. Pinning shouldn't be any different. I've already seen plenty of solutions like this one. The downside is, that such solution is not universal for all languages as both names and verbs (actions) are localized.
I've spent two days digging into this. So far I have found that there are universal, language independent verbs TaskbarPin, TaskbarUnpin and PinToStartScreen as described on Microsoft TechNet blog. Funny thing is, that TaskbarPin has been deliberately broken in KB3093266, and PinToStartScreen works as a toggle (i.e. unpins, if the app is already pinned and vice versa) and I haven't found any way how to get the current pinning status. I have also found that the tile pinning/unpinning is most likely handled by C:\Windows\SysWOW64\appresolver.dll
(CLSID {470C0EBD-5D73-4d58-9CED-E91E22E23282}) but there does not seem to be any exposed function or entry point which could be called directly. The tile database is stored in %LocalAppData%\TileDataLayer\Database
and there is also some registry cache under HKCU\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount
neither of which seem to be helpful in any way.
Another approach would be to use group policy to enforce start tiles and taskbar icons as described in Microsoft Docs and related document about the XML format. The user can still be allowed to modify the tiles using <DefaultLayoutOverride LayoutCustomizationRestrictionType="OnlySpecifiedGroups">
. This would also solve a problem with reversibility quite elegantly, as the local tile database would remain unchanged and the tweak function would just enable or disable the policy. The only problem with this approach is that it's not possible to enforce an empty layout. At least one tile is required, which kinda defeats the purpose.
As for the taskbar, it has its store in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
and auxiliary folder %AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
where it stores *.lnk files (shortcuts). Taskbar can be emptied simply by removing registry key FavoritesResolve
and setting key Favorites
to 0xff
(binary). But I'd like to make possible to remove the shortcuts one by one, which works for the applications, but seems problematic for the default File Explorer shortcut, as it's actually a PIDL (namespace) link to shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
and I have no idea how to handle it as application object. Moreover Shell.Application
objects do not seem to list "Pin to Taskbar" in their Verbs()
even though right-clicking the same item shows it.
Eventually, I have returned to the solution linked above and tried to figure out how it can be made universal and international. I have found that the strings like "Pin to Start" are defined in shell32.dll.mui
, so I'm now (ab)using P/Invoke calls to extract the strings from DLL, which automatically loads the MUI for current user's language. The resource string IDs are as follows:
5386 = Pin to taskbar
5387 = Unpin from taskbar
51201 = Pin to start
51394 = Unpin from start
The P/Invoke part for PowerShell (actually C# / .NET) is then
$getstring = @'
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("user32.dll", CharSet = CharSet.Auto)]
internal static extern int LoadString(IntPtr hInstance, uint uID, StringBuilder lpBuffer, int nBufferMax);
public static string GetString(uint strId) {
IntPtr intPtr = GetModuleHandle("shell32.dll");
StringBuilder sb = new StringBuilder(255);
LoadString(intPtr, strId, sb, sb.Capacity);
return sb.ToString();
}
'@
$getstring = Add-Type $getstring -PassThru -Name GetStr -Using System.Text
and the actual string can be loaded using the GetString
method and ID mentioned above.
$unpinFromStart = $getstring[0]::GetString(51394)
This string then can be used instead the hardcoded ones to match and execute the proper verb.
$apps = (New-Object -Com Shell.Application).NameSpace("shell:::{4234d49b-0245-4df3-b780-3893943456e1}").Items()
$apps | Where { $_.Path -like "Microsoft.MicrosoftEdge*" } | ForEach { $_.Verbs() | Where {$_.Name -eq $unpinFromStart} | ForEach {$_.DoIt()}}
$apps | Where { $_.Path -like "Microsoft.WindowsStore*" } | ForEach { $_.Verbs() | Where {$_.Name -eq $unpinFromStart} | ForEach {$_.DoIt()}}
...
Or simply unpin all applications in one go.
(New-Object -Com Shell.Application).NameSpace("shell:::{4234d49b-0245-4df3-b780-3893943456e1}").Items() | ForEach { $_.Verbs() | Where {$_.Name -eq $unpinFromStart} | ForEach {$_.DoIt()}}
The same approach works also for the taskbar unpinning, with the exception of File Explorer link mentioned above. For taskbar pinning, the most straightforward (and incredibly ugly) solution is to store the original Favorites
blobs in the script, which adds roughly 15 kB.
I have found relatively nice and clean workaround for taskbar pinning. It's based on reintroducing the pinning handler in 'all items' class scope of HKCU and then invoking it on whatever item you want to pin.
# Bring pinning / unpinning handler into '*' class scope
$pinHandler = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.taskbarpin" -Name "ExplorerCommandHandler"
New-Item -Path "HKCU:Software\Classes\*\shell\pin" -Force | Out-Null
Set-ItemProperty -LiteralPath "HKCU:Software\Classes\*\shell\pin" -Name "ExplorerCommandHandler" -Type String -Value $pinHandler
# Pin whatever you want to pin
# ....InvokeVerb("pin")
# Remove the handler
Remove-Item -LiteralPath "HKCU:Software\Classes\*\shell\pin" -Recurse
Few more details on its usage can be found in issue #147.
Now, I'd like to know from you, admins, powerusers and other users of the script, if this workaround is acceptable. There are several points I'd like to raise:
C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml
which would add even more complexity.Please let me know by voting (thumbs up/down) or commenting if the branch app-pining should be merged into master as it is. Any additional research or ideas how to make it harder easier, better, faster, stronger are welcome.
Q: For how long are you going to maintain the script?
A: As long as I use Windows 10.
Thank you for making this and maintaining. It's made my switch to Win 10 bearable. I've tried holding out switching from Win 7 for as long as I could and I've used your script on about 5 machines.
I run Windows update manually and have it disabled otherwise. I also use your script with https://github.com/crazy-max/WindowsSpyBlocker and block all MS IP's, domains on every level and stack.
Would be nice to see a donate method to show extended appreciation. Thanks.
Hello,
I've been trying to figure out how to get the tweaks to apply to all users that login to the PC. As per your FAQ, each user that runs the script should be added to the Administrators group before running the script, however, I only want to run it once (as local admin) and have the tweaks apply to all user accounts on login. Is this possible? Ideally I would like to run the script against an image I'm creating with MDT/VMware and have the tweaks applied to the custom image.
Tremendous job on this script BTW. Very handy!
Ryan
This is a master issue for all 1803 / RS4 shenanigans. I'll also track my work related to getting the script compatible with 1803 here. So far the commits will go into highly experimental 1803 branch (removed) until they're tested and readyish to be merged into master. For a newly found problem, please create a separate issue, I'll handle the tracking afterwards.
DisableWebSearch
- RS4 ignores DisableWebSearch GPO. Search can be now disabled only via Cortana consent removal in HKCU - fixed in 7b3398f. The GPO part was retained just in case.DisableAppSuggestions
- RS4 adds SubscribedContent-353698Enabled
) takes care of that - implemented in fea6de8.DisableBackgroundApps
- RS4 fixes the problem with disabled Cortana background app breaking search indexing described in #40 and #42, while simultaneously introducing completely different problem. The master Disable background apps switch doesn't disable anything anymore. It just instructs Windows to delete the keys from BackgroundAccessApplications
registry key during reboot and then re-enables the control, allowing the previously deleted apps to register again. Fortunately with the workaround introduced in 50362f3 no additional fixes are needed.DisableLocationTracking
- Disabling location tracking now needs to use capability manager instead of lfscv service configuration - fixed in 4b8a519.SetP2PUpdateLocal
- P2P restricted to LAN seems to be the default for quite some time - coommented out in 749150e.DisableAutoLogger
- The AutoLogger directory seems to be unused for quite some time (mentioned in #20), plus it was never confirmed what data does it collect and send (should be just system startup trace) - removed in eb82e5b.DisableUpdateDriver
- Seems like this actually never worked properly - fixed in 03e501b. Additional note: This still doesn't work properly if you attempt to use a driver intended for another hardware model. Even with all the GPOs, Windows will offer their own in updates.DisableHomeGroups
- Home groups are dead? Really? Finally! - commended out in d4fe000.DisableSharedExperiences
- Use GPO instead. There is also a new EnableMmx
policy in RS4, so use that as well - implemented in 98e106b.DisableLockScreenRS1
- The original DisableLockScreen
seems to work again on RS4. Task manager workaround retained for compatibility.InstallLinuxSubsystem
- Check if the developer flags are still needed and remove if they aren't - updated in 5fa6f44.UnpinStartMenuTiles
doesn't work anymore, as reported in #71. Can't say I'm surprised as the original tweak was a shot in the dark - fixed in 488baa1.$windows.data.unifiedtile.startglobalproperties
key. (╯°□°)╯︵ ┻━┻ I'm not going to implement it. I can already see the opened issue requesting different configurations.What are your thoughts to making a choco package? e.g.,
choco install win10setup --force
or
choco install win10setup --params "'/ApplyAll'" --force
@"
# Security tweaks
EnableFirewall
EnableDefender
# UI tweaks
ShowKnownExtensions
ShowHiddenFiles
"@ > ./mypreset.txt
choco install win10setup --params "'/Custom:./mypreset.txt'" --force
choco install win10setup --params "/EnableFirewall /EnableDefender" --force
choco install win10setup --params "/ApplyAll /EnableFirewall /EnableDefender" --force
@"
# Security tweaks
EnableFirewall
EnableDefender
# UI tweaks
ShowKnownExtensions
ShowHiddenFiles
"@ > ./mypreset.txt
choco install win10setup --params "/Custom:./mypreset.txt /EnableFirewall /EnableDefender" --force
choco install win10setup --params "/RestoreAll" --force
This totally abuses chocolatey, but would make it simple for users to copy, customize, and place in their private nuget server.
If you are interested and want a PR, let me know. Thanks.
Hi
Some registry key settings are missing from your script.
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name "AutoConnectAllowedOEM" -Type Dword -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name "WiFISenseAllowed" -Type Dword -Value 0
Regards,
kukubau
Other suggestions
Settings
> Privacy
> Background apps
I always off ability for apps to run in the background. Hope you can also add this feature,Settings
> System
> Storage
consider to on the Storage sense
option. When you go to advanced options after upgrading Windows 10 there is a tickbox that lets us remove the old Windows versions which can free up to 20 GB space, but usually gives us around 10 GB. More info: http://www.howto-connect.com/delete-windows-old-storage-sense-windows-10/I found new third party bloat after re-install Windows 10 that not included in the script
Get-AppxPackage "DolbyLaboratories.DolbyAccess" | Remove-AppxPackage
As of now i have to comment out stuff in mid of script. It would be more reusable to have named conditional variables in start of script to set true or false. Same variables could be set from command line.
Sorry, I'm not really up on Github etiquette, so please let me know if this is the wrong place to put this.
I've noticed that all of your screen output uses the Write-Host cmdlet. Jeffrey Snover (inventor of PS) has written an article on the harmful consequences using write-host can cause: http://www.jsnover.com/blog/2013/12/07/write-host-considered-harmful/
Very quick find->replace job, just thought I'd bring it up :)
Would it be possible to insert a check for "if the user is admin"?
This way "tweaks" to the system as a whole are run as admin,
otherwise user level UI changes can be pushed via GP or other methods and will not prompt for elevation.
This way this awesome script could be used for both admin system setups and ensuring that users have unified experience in their own profiles.
Hi,
great script, thanks for sharing! Will you also integrate a way for uninstalling/disabling Mixed Reality App?
The scripts hangs if SysInternals' Process Exlorer is the default task manager -- this can be done by replacing the Windows Task Manager with the one from SysInternals.
To make the script work, the Windows Task Manager needs to be set being the default task manager first.
Hello,
If I understand correct, this powershell script does not offer enablind/disabling windows updates?
Thank you
Slightly related to #26. The RequireAdmin
function loses current working directory, which breaks the relative preset path resolution. Even though the Start-Process
cmdlet passes -WorkingDirectory $pwd
, the -Verb RunAs
seems to cause powershell to ignore it and use the default SYSTEM path C:\Windows\system32 instead. This results in parameters like -preset preset.txt
to be resolved as -preset C:\Windows\system32\preset.txt
from any directory.
Absolute paths work correctly.
Hi,
thanks for the very great work!
I use your script since a few months and today I've tested the latest release on the very fresh Windows 10 Pro installation (the newest version - 1709/16299.15
).
Running your script was the absolutely the first thing I did after Windows was installed. I would like to share what left on the desktop/taskbar etc., which I thought your script will remove.
Things/functions not changed
DisableLockScreenRS1
option and left DisableLockScreen
commented,this would be very helpful in a packet/vagrant generated environment, having it in a repo makes it much more difficult than being able to pull a gist down.
This service keeps reenabling the disabled (by me) Windows Update stuff etc.
But even when I disable UsoSvc, the war is not over - MS has special scheduled tasks to revert these changes back at latest at OS restart and even with admin rights I could not disable them as usual via Task Scheduler.
So I had to take ownership of the:
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
and disabled any inherited rights and allow the SYSTEM and the LOCAL SERVICE to read&execute only. Then I was able to rename Reboot task file to Reboot.bak and Schedule Scan to Schedule Scan.bak (these files without extensions have XML format inside and represent the very scheduled tasks).
Can all this tedious stuff (disabling Windows Update and Update Orchestrator services + Reboot and Schedule Scan tasks) be automated somehow?
I find these two keys very annoying (both when I press them or when I get called by my parents...).
This contains an example how to disable it with some registry magic: https://www.wikihow.com/Disable-the-Capslock-Key-in-Windows (method 2 disables both).
The gist:
Add a new binary value under HKLM\System\CurrentControlSet\Control\Keyboard Layout -> "Scancode Map"
Values:
INSERT alone: 00000000 00000000 02000000 000052E0 00000000
CAPS LOCK alone: 00000000 00000000 02000000 00003A00 00000000
BOTH: 00000000 00000000 03000000 000052E0 00003A00 00000000
Explanation for the keymaps are here: https://www.howtogeek.com/howto/windows-vista/disable-caps-lock-key-in-windows-vista/
I can send a PR for the most trivial case: setting both at once via a DisableInsertAndCapsLockKey (and EnableInsertAndCapsLockKey which deletes the value again). IMO this should be two different methods (DisableCapsLockKey and DisableInsertKey) and it should take already replaced stuff into account, but my powershell is not good enough to parse that string and make the adjustments on the fly.
Would you take such a "simple" PR?
Hello,
Can I use this script for the new Windows 10 Fall Creators Update?
I recently tested your script on a two machines with Win 10 Pro and Home versions (the latest).
In both cases app tiles from star menu disappeared after the reboot. It looks like this:
When I click on any tile with the arrow You will need a new app to open this ms-get-started
dialog appears. It's actually not a big deal, because most of the tiles are games etc. but to get rid of it I have to unpin everything from star menu and then pin again.
at first I thought it was not caused by script and tried to find any solution. Microsoft answer does not help at all though.
I attach config I have used (on both machines) so maybe you will solve the problem out.
### Privacy Settings ###
"DisableTelemetry", # "EnableTelemetry",
"DisableWiFiSense", # "EnableWiFiSense",
"DisableSmartScreen", # "EnableSmartScreen",
"DisableWebSearch", # "EnableWebSearch",
"DisableStartSuggestions", # "EnableStartSuggestions",
"DisableLocationTracking", # "EnableLocationTracking",
"DisableMapUpdates", # "EnableMapUpdates",
"DisableFeedback", # "EnableFeedback",
"DisableAdvertisingID", # "EnableAdvertisingID",
"DisableCortana", # "EnableCortana",
"DisableErrorReporting", # "EnableErrorReporting",
"SetP2PUpdateLocal", # "SetP2PUpdateInternet",
"DisableAutoLogger", # "EnableAutoLogger",
"DisableDiagTrack", # "EnableDiagTrack",
"DisableWAPPush", # "EnableWAPPush",
### Service Tweaks ###
"SetUACLow", # "SetUACHigh",
# "EnableSharingMappedDrives", # "DisableSharingMappedDrives",
"DisableAdminShares", # "EnableAdminShares",
"DisableSMB1", # "EnableSMB1",
# "SetCurrentNetworkPrivate", # "SetCurrentNetworkPublic",
"SetUnknownNetworksPrivate", # "SetUnknownNetworksPublic",
"DisableCtrldFolderAccess", # "EnableCtrldFolderAccess",
"DisableFirewall", # "EnableFirewall",
"DisableDefender", # "EnableDefender",
"DisableUpdateMSRT", # "EnableUpdateMSRT",
# "DisableUpdateDriver", # "EnableUpdateDriver",
"DisableUpdateRestart", # "EnableUpdateRestart",
"DisableHomeGroups", # "EnableHomeGroups",
"DisableSharedExperiences", # "EnableSharedExperiences",
"DisableRemoteAssistance", # "EnableRemoteAssistance",
"DisableRemoteDesktop", # "EnableRemoteDesktop",
"DisableAutoplay", # "EnableAutoplay",
"DisableAutorun", # "EnableAutorun",
"DisableDefragmentation", # "EnableDefragmentation",
"DisableSuperfetch", # "EnableSuperfetch",
"DisableIndexing", # "EnableIndexing",
# "SetBIOSTimeUTC", # "SetBIOSTimeLocal",
"DisableHibernation", # "EnableHibernation",
"DisableFastStartup", # "EnableFastStartup",
### UI Tweaks ###
"DisableActionCenter", # "EnableActionCenter",
# "DisableLockScreen", # "EnableLockScreen",
"DisableLockScreenRS1", # "EnableLockScreenRS1",
"HideNetworkFromLockScreen", # "ShowNetworkOnLockScreen",
# "HideShutdownFromLockScreen", # "ShowShutdownOnLockScreen",
"DisableStickyKeys", # "EnableStickyKeys",
"ShowTaskManagerDetails" # "HideTaskManagerDetails",
"ShowFileOperationsDetails", # "HideFileOperationsDetails",
"DisableFileDeleteConfirm", # "EnableFileDeleteConfirm",
"HideTaskbarSearchBox", # "ShowTaskbarSearchBox",
"HideTaskView", # "ShowTaskView",
"ShowSmallTaskbarIcons", # "ShowLargeTaskbarIcons",
"ShowTaskbarTitles", # "HideTaskbarTitles",
"HideTaskbarPeopleIcon", # "ShowTaskbarPeopleIcon",
"HideTrayIcons", # "ShowTrayIcons",
"ShowKnownExtensions", # "HideKnownExtensions",
"HideHiddenFiles", # "ShowHiddenFiles",
"HideSyncNotifications" # "ShowSyncNotifications",
"HideRecentShortcuts", # "ShowRecentShortcuts",
"SetExplorerThisPC", # "SetExplorerQuickAccess",
"ShowThisPCOnDesktop", # "HideThisPCFromDesktop",
"HideDesktopFromThisPC", # "ShowDesktopInThisPC",
"HideDocumentsFromThisPC", # "ShowDocumentsInThisPC",
"HideDownloadsFromThisPC", # "ShowDownloadsInThisPC",
"HideMusicFromThisPC", # "ShowMusicInThisPC",
"HidePicturesFromThisPC", # "ShowPicturesInThisPC",
"HideVideosFromThisPC", # "ShowVideosInThisPC",
"Hide3DObjectsFromThisPC", # "Show3DObjectsInThisPC",
"SetVisualFXPerformance", # "SetVisualFXAppearance",
# "DisableThumbnails", # "EnableThumbnails",
"DisableThumbsDB", # "EnableThumbsDB",
# "AddENKeyboard", # "RemoveENKeyboard",
"EnableNumlock", # "DisableNumlock",
### Application Tweaks ###
"DisableOneDrive", # "EnableOneDrive",
"UninstallOneDrive", # "InstallOneDrive",
"UninstallMsftBloat", # "InstallMsftBloat",
"UninstallThirdPartyBloat", # "InstallThirdPartyBloat",
# "UninstallWindowsStore", # "InstallWindowsStore",
"DisableConsumerApps", # "EnableConsumerApps",
"DisableXboxFeatures", # "EnableXboxFeatures",
"DisableAdobeFlash", # "EnableAdobeFlash",
# "UninstallMediaPlayer", # "InstallMediaPlayer",
"UninstallWorkFolders", # "InstallWorkFolders",
# "InstallLinuxSubsystem", # "UninstallLinuxSubsystem",
# "InstallHyperV", # "UninstallHyperV",
# "SetPhotoViewerAssociation", # "UnsetPhotoViewerAssociation",
# "AddPhotoViewerOpenWith", # "RemovePhotoViewerOpenWith",
"DisableSearchAppInStore", # "EnableSearchAppInStore",
"DisableNewAppPrompt", # "EnableNewAppPrompt",
"EnableF8BootMenu", # "DisableF8BootMenu",
"SetDEPOptOut", # "SetDEPOptIn",
### Server Specific Tweaks ###
# "HideServerManagerOnLogin", # "ShowServerManagerOnLogin",
# "DisableShutdownTracker", # "EnableShutdownTracker",
# "DisablePasswordPolicy", # "EnablePasswordPolicy",
# "DisableCtrlAltDelLogin", # "EnableCtrlAltDelLogin",
# "DisableIEEnhancedSecurity", # "EnableIEEnhancedSecurity",
### Auxiliary Functions ###
"WaitForKey",
"Restart"
Additionally I commented the line that deletes the MSN Weather app.
Hello,
Is there a reason why AutoLogger is disabled by removing AutoLogger file and restricting directory instead of editing registry?
HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener\Start: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener\Start: 0x00000000
Hi,
wouldn't it be better to split the whole script into 2 scripts, one that needs admin privileges (changes to HKLM) and one that runs with standard user privileges (changes to HKCU)? This way you wouldn't need to give users temporarily admin privileges and could run the script(s) in your logon script.
Just an idea...
The script Win10-Initial-Setup is awesome and run like charm I also add one function for removing smile face on IE and working perfect. The question i have is:
I want to use script on multiple workstation the problem I am running into is "RequireAdmin" prompt. The users I want run script don't have admin rights on the machine. Is it any way to add function with admin credentials to script and run as startup script silently without prompting users for admin credentials?
Thanks a lot
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.