-
Notifications
You must be signed in to change notification settings - Fork 0
/
NewPCClean.ps1
225 lines (188 loc) · 9.43 KB
/
NewPCClean.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
#####################################
# Brock IT Install #
#####################################
# 1. Copy This file to C:\ of PC
# 2. Open powershell as admin
# 3. Run with powershell -ExecutionPolicy Bypass NewPCSetup.ps1
# 4. Run This Script as Admin
# Written by Jonathan Bullock
# 01 - 01 - 2020
# Start Powershell As Admin
param([switch]$Elevated)
function Test-Admin {
$currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
}
if ((Test-Admin) -eq $false) {
if ($elevated) {
# tried to elevate, did not work, aborting
} else {
Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
}
exit
}
'running with full privileges'
# Create BrockIT directory
New-Item -Path "c:\" -Name "BrockIT" -ItemType "directory"
# Uninstall Garbage
$packages = "*maps*","*news*","*groove*","*disney*","*officehub*","*spotify*","*3d*","*candy*","*camera*","*feedback*","*reality*","*people*","*voice*","*solitaire*","*phone*","*weather*","*dell*","*HP*","*lenovo*","*xbox*","*skype*","*zune*","*office*","*windowscommunicationsapps*"
foreach ($package in $packages) {
Get-AppxPackage -AllUsers -Name $package | Remove-AppxPackage
}
# Prompt for PC name
# $PCName = Read-Host -Prompt 'Input Desired PC name'
# Copy Files from InstallScriptDependencies
Copy-Item -Path "J:\InstallScriptDependencies\" -Destination "C:\BrockIT\InstallScriptDependencies\" -Recurse
Start-Sleep -s 20
#Install Software#
## Firefox, Chrome, Installer
cd c:\BrockIT\InstallScriptDependencies\
./ninite.exe
Start-Sleep -s 60
## Office Installer
./setup.exe /configure configuration-default.xml
Write-Host 'Disabling services...'
$services = @(
# See https://virtualfeller.com/2017/04/25/optimize-vdi-windows-10-services-original-anniversary-and-creator-updates/
# CDPSvc doesn't seem to do anything useful, that I found. See note on CDPUserSvc further down the script
'CDPSvc',
# Connected User Experiences and Telemetry
'DiagTrack',
# Data Usage service
'DusmSvc',
# Peer-to-peer updates
'DoSvc',
# AllJoyn Router Service (IoT)
'AJRouter',
# SSDP Discovery (UPnP)
'SSDPSRV',
'upnphost',
# Superfetch
'SysMain',
# http://www.csoonline.com/article/3106076/data-protection/disable-wpad-now-or-have-your-accounts-and-private-data-compromised.html
'iphlpsvc',
'WinHttpAutoProxySvc',
# Black Viper 'Safe for DESKTOP' services.
# See http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/
'tzautoupdate',
'AppVClient',
'RemoteRegistry',
'RemoteAccess',
'shpamsvc',
'SCardSvr',
'UevAgentService',
'ALG',
'PeerDistSvc',
'NfsClnt',
'dmwappushservice',
'MapsBroker',
'lfsvc',
'HvHost',
'vmickvpexchange',
'vmicguestinterface',
'vmicshutdown',
'vmicheartbeat',
'vmicvmsession',
'vmicrdv',
'vmictimesync',
'vmicvss',
'irmon',
'SharedAccess',
'MSiSCSI',
'SmsRouter',
'CscService',
'SEMgrSvc',
'PhoneSvc',
'RpcLocator',
'RetailDemo',
'SensorDataService',
'SensrSvc',
'SensorService',
'ScDeviceEnum',
'SCPolicySvc',
'SNMPTRAP',
'TabletInputService',
'WFDSConSvc',
'FrameServer',
'wisvc',
'icssvc',
'WinRM',
'WwanSvc',
'XblAuthManager',
'XblGameSave',
'XboxNetApiSvc'
)
foreach ($service in $services) {
Set-Service $service -StartupType Disabled
}
# CDPUserSvc is a mysterious service that just seems to throws errors in the event viewer. I haven't seen any problems with it disabled.
# See https://social.technet.microsoft.com/Forums/en-US/c165a54a-4a69-441c-94a7-b5712b54385d/what-is-the-cdpusersvc-for-?forum=win10itprogeneral
# Note that the related service CDPSvc is also disabled in the above services loop. CDPUserSvc can't be disabled by Set-Service, due to a random
# hash after the service name, but disabling via the registry is perfectly fine.
Write-Host 'Disabling CDPUserSvc...'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc' -Name 'Start' -Value '4'
Write-Host 'Disabling hibernate...'
powercfg -h off
# Disables all of the known enabled-by-default optional features. There are some particulary bad defaults like SMB1. Sigh.
Write-Host 'Disabling optional features...'
$features = @(
'MediaPlayback',
'SMB1Protocol',
'Xps-Foundation-Xps-Viewer',
'WorkFolders-Client',
'WCF-Services45',
'NetFx4-AdvSrvs',
'Printing-Foundation-Features',
'Printing-PrintToPDFServices-Features',
'Printing-XPSServices-Features',
'MSRDC-Infrastructure',
'MicrosoftWindowsPowerShellV2Root',
'Internet-Explorer-Optional-amd64'
)
foreach ($feature in $features) {
Disable-WindowsOptionalFeature -Online -FeatureName $feature -NoRestart
}
# Disable data collection and telemetry settings.
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' -Name 'SmartScreenEnabled' -PropertyType String -Value 'Off' -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection' -Name 'AllowTelemetry' -PropertyType DWord -Value '0' -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection' -Name 'AllowTelemetry' -PropertyType DWord -Value '0' -Force
# Disable Windows Defender submission of samples and reporting.
New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\' -Name 'Spynet'
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' -Name 'SpynetReporting' -PropertyType DWord -Value '0' -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' -Name 'SubmitSamplesConsent' -PropertyType DWord -Value '2' -Force
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
Write-Host 'Updating registry settings...'
# Disable some of the "new" features of Windows 10, such as forcibly installing apps you don't want, and the new annoying animation for first time login.
New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\' -Name 'CloudContent'
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent' -Name 'DisableWindowsConsumerFeatures' -PropertyType DWord -Value '1' -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent' -Name 'DisableSoftLanding' -PropertyType DWord -Value '1' -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableFirstLogonAnimation' -PropertyType DWord -Value '0' -Force
# Set some commonly changed settings for the current user. The interesting one here is "NoTileApplicationNotification" which disables a bunch of start menu tiles.
New-Item -Path 'HKCU:\Software\Policies\Microsoft\Windows\CurrentVersion\' -Name 'PushNotifications'
New-ItemProperty -Path 'HKCU:\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications' -Name 'NoTileApplicationNotification' -PropertyType DWord -Value '1' -Force
New-Item -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\' -Name 'CabinetState'
New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState' -Name 'FullPath' -PropertyType DWord -Value '1' -Force
New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'HideFileExt' -PropertyType DWord -Value '0' -Force
New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'Hidden' -PropertyType DWord -Value '1' -Force
New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'ShowSyncProviderNotifications' -PropertyType DWord -Value '0' -Force
# Remove all Windows 10 apps, including Windows Store. You may not want this, but I don't ever use any of the apps or the start menu tiles.
# This makes Windows 10 similar to Windows 7. Don't forget to unpin all the tiles after installation to trim down the start menu!
#Get-AppxProvisionedPackage -Online | Remove-AppxProvisionedPackage -Online
#Get-AppxPackage | Remove-AppxPackage
# Disable Cortana, and disable any kind of web search or location settings.
New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\' -Name 'Windows Search'
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'AllowCortana' -PropertyType DWord -Value '0' -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'AllowSearchToUseLocation' -PropertyType DWord -Value '0' -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'DisableWebSearch' -PropertyType DWord -Value '1' -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'ConnectedSearchUseWeb' -PropertyType DWord -Value '0' -Force
# Rename PC
Rename-Computer -NewName $PCName
# Restart PC
Write-Host "Please Restart PC"
# Delete NewPCSetup Script
Write-Host "As always, should you or any of your IM Force be caught or killed, the Secretary will disavow any knowledge of your actions. This Script will self-destruct in five seconds."
Write-Host -NoNewLine 'Press any key to Acknowledge';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
Remove-Item C:\BrockIT\InstallScriptDependencies\NewPCSetup.ps1
Remove-Item C:\BrockIT\NewPCSetup.ps1
Remove-Item C:\NewPCSetup.ps1