From eba57e6c8a78bf55309fb492b3aaf71f3596b5de Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Sun, 25 Mar 2018 16:15:10 +0200 Subject: [PATCH] Rewrite modules (untested) --- modules.d/BlockHosts.conf | 11 -- modules.d/BlockHosts/hosts.txt | 130 ------------------ modules.d/BlockIP.conf | 12 -- modules.d/BlockIP/ip.txt | 12 -- modules.d/DelModernApp.conf | 11 -- modules.d/DelModernApp/apps.txt | 49 ------- modules.d/DisableAdvertising.conf | 14 -- modules.d/DisableFeatures.conf | 11 -- modules.d/DisableFeatures/features.txt | 4 - modules.d/DisableGeolocation.conf | 28 ---- modules.d/DisableServices.conf | 11 -- modules.d/DisableServices/services.txt | 17 --- modules.d/DisableSheduledTasks.conf | 22 --- modules.d/DisableSheduledTasks/tasks.txt | 11 -- modules.d/DisableSmartScreen.conf | 22 --- modules.d/FW_Cortana.conf | 12 ++ modules.d/GPO_Account.conf | 33 +++++ modules.d/GPO_Advertising.conf | 13 ++ modules.d/GPO_BackgoundApps.conf | 33 +++++ modules.d/GPO_Calendars.conf | 33 +++++ modules.d/GPO_CallHistory.conf | 33 +++++ modules.d/GPO_Camera.conf | 33 +++++ modules.d/GPO_CloudContent.conf | 35 +++++ modules.d/GPO_ConnectionProbe.conf | 14 ++ modules.d/GPO_Contacts.conf | 33 +++++ modules.d/GPO_Cortana.conf | 70 ++++++++++ modules.d/GPO_Diagnostic.conf | 42 ++++++ modules.d/GPO_DiagnosticInfo.conf | 33 +++++ modules.d/GPO_DynamicTiles.conf | 37 +++++ modules.d/GPO_Email.conf | 33 +++++ modules.d/GPO_ErrorReporting.conf | 56 ++++++++ modules.d/GPO_InputSpeechInk.conf | 36 +++++ modules.d/GPO_Location.conf | 68 +++++++++ modules.d/GPO_Messaging.conf | 33 +++++ modules.d/GPO_Microphone.conf | 33 +++++ modules.d/GPO_MicrosoftAccount.conf | 14 ++ modules.d/GPO_Motion.conf | 33 +++++ modules.d/GPO_Notifications.conf | 33 +++++ ...installOnedrive.conf => GPO_OneDrive.conf} | 54 ++++---- modules.d/GPO_Phone.conf | 33 +++++ modules.d/GPO_Privacy.conf | 56 ++++++++ modules.d/GPO_Radios.conf | 33 +++++ modules.d/GPO_SettingSync.conf | 35 +++++ modules.d/GPO_SyncDevices.conf | 33 +++++ modules.d/GPO_Tasks.conf | 33 +++++ modules.d/GPO_Teredo.conf | 15 ++ modules.d/GPO_TrustedDevices.conf | 33 +++++ modules.d/GPO_Wifi.conf | 13 ++ modules.d/GPO_WindowsDefender.conf | 35 +++++ modules.d/GPO_WindowsStore.conf | 49 +++++++ modules.d/GPO_WindowsTips.conf | 22 +++ modules.d/GPO_WindowsUpdate.conf | 70 ++++++++++ modules.d/SER_Location.conf | 10 ++ 53 files changed, 1288 insertions(+), 394 deletions(-) delete mode 100644 modules.d/BlockHosts.conf delete mode 100644 modules.d/BlockHosts/hosts.txt delete mode 100644 modules.d/BlockIP.conf delete mode 100644 modules.d/BlockIP/ip.txt delete mode 100644 modules.d/DelModernApp.conf delete mode 100644 modules.d/DelModernApp/apps.txt delete mode 100644 modules.d/DisableAdvertising.conf delete mode 100644 modules.d/DisableFeatures.conf delete mode 100644 modules.d/DisableFeatures/features.txt delete mode 100644 modules.d/DisableGeolocation.conf delete mode 100644 modules.d/DisableServices.conf delete mode 100644 modules.d/DisableServices/services.txt delete mode 100644 modules.d/DisableSheduledTasks.conf delete mode 100644 modules.d/DisableSheduledTasks/tasks.txt delete mode 100644 modules.d/DisableSmartScreen.conf create mode 100644 modules.d/FW_Cortana.conf create mode 100644 modules.d/GPO_Account.conf create mode 100644 modules.d/GPO_Advertising.conf create mode 100644 modules.d/GPO_BackgoundApps.conf create mode 100644 modules.d/GPO_Calendars.conf create mode 100644 modules.d/GPO_CallHistory.conf create mode 100644 modules.d/GPO_Camera.conf create mode 100644 modules.d/GPO_CloudContent.conf create mode 100644 modules.d/GPO_ConnectionProbe.conf create mode 100644 modules.d/GPO_Contacts.conf create mode 100644 modules.d/GPO_Cortana.conf create mode 100644 modules.d/GPO_Diagnostic.conf create mode 100644 modules.d/GPO_DiagnosticInfo.conf create mode 100644 modules.d/GPO_DynamicTiles.conf create mode 100644 modules.d/GPO_Email.conf create mode 100644 modules.d/GPO_ErrorReporting.conf create mode 100644 modules.d/GPO_InputSpeechInk.conf create mode 100644 modules.d/GPO_Location.conf create mode 100644 modules.d/GPO_Messaging.conf create mode 100644 modules.d/GPO_Microphone.conf create mode 100644 modules.d/GPO_MicrosoftAccount.conf create mode 100644 modules.d/GPO_Motion.conf create mode 100644 modules.d/GPO_Notifications.conf rename modules.d/{UninstallOnedrive.conf => GPO_OneDrive.conf} (54%) create mode 100644 modules.d/GPO_Phone.conf create mode 100644 modules.d/GPO_Privacy.conf create mode 100644 modules.d/GPO_Radios.conf create mode 100644 modules.d/GPO_SettingSync.conf create mode 100644 modules.d/GPO_SyncDevices.conf create mode 100644 modules.d/GPO_Tasks.conf create mode 100644 modules.d/GPO_Teredo.conf create mode 100644 modules.d/GPO_TrustedDevices.conf create mode 100644 modules.d/GPO_Wifi.conf create mode 100644 modules.d/GPO_WindowsDefender.conf create mode 100644 modules.d/GPO_WindowsStore.conf create mode 100644 modules.d/GPO_WindowsTips.conf create mode 100644 modules.d/GPO_WindowsUpdate.conf create mode 100644 modules.d/SER_Location.conf diff --git a/modules.d/BlockHosts.conf b/modules.d/BlockHosts.conf deleted file mode 100644 index 1909b97..0000000 --- a/modules.d/BlockHosts.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "name" : "Block unwanted Host", - "description" : "This module block some hosts from Microsoft", - "actions" : [ - { - "action" : "BlockHost", - "file" : "hosts.txt", - "host" : "" - } - ] -} \ No newline at end of file diff --git a/modules.d/BlockHosts/hosts.txt b/modules.d/BlockHosts/hosts.txt deleted file mode 100644 index 2008428..0000000 --- a/modules.d/BlockHosts/hosts.txt +++ /dev/null @@ -1,130 +0,0 @@ -184-86-53-99.deploy.static.akamaitechnologies.com -a-0001.a-msedge.net -a-0002.a-msedge.net -a-0003.a-msedge.net -a-0004.a-msedge.net -a-0005.a-msedge.net -a-0006.a-msedge.net -a-0007.a-msedge.net -a-0008.a-msedge.net -a-0009.a-msedge.net -a-msedge.net -a.ads1.msn.com -a.ads2.msads.net -a.ads2.msn.com -a.rad.msn.com -a1621.g.akamai.net -a1856.g2.akamai.net -a1961.g.akamai.net -a978.i6g1.akamai.net -ac3.msn.com -ad.doubleclick.net -adnexus.net -adnxs.com -ads.msn.com -ads1.msads.net -ads1.msn.com -aidps.atdmt.com -aka-cdn-ns.adtech.de -apps.skype.com -az361816.vo.msecnd.net -az512334.vo.msecnd.net -b.ads1.msn.com -b.ads2.msads.net -b.rad.msn.com -bingads.microsoft.com -bs.serving-sys.com -c.atdmt.com -c.msn.com -cdn.atdmt.com -cds26.ams9.msecn.net -choice.microsoft.com -choice.microsoft.com.nsatc.net -compatexchange.cloudapp.net -corp.sts.microsoft.com -corpext.msitadfs.glbdns2.microsoft.com -cs1.wpc.v0cdn.net -cy2.vortex.data.microsoft.com.akadns.net -db3aqu.atdmt.com -df.telemetry.microsoft.com -diagnostics.support.microsoft.com -e2835.dspb.akamaiedge.net -e7341.g.akamaiedge.net -e7502.ce.akamaiedge.net -e8218.ce.akamaiedge.net -ec.atdmt.com -fe2.update.microsoft.com.akadns.net -feedback.microsoft-hohm.com -feedback.search.microsoft.com -feedback.windows.com -flex.msn.com -g.msn.com -h1.msn.com -h2.msn.com -hostedocsp.globalsign.com -i1.services.social.microsoft.com -i1.services.social.microsoft.com.nsatc.net -ipv6.msftncsi.com -ipv6.msftncsi.com.edgesuite.net -lb1.www.ms.akadns.net -live.rads.msn.com -m.adnxs.com -m.hotmail.com -msedge.net -msftncsi.com -msnbot-65-55-108-23.search.msn.com -msntest.serving-sys.com -oca.telemetry.microsoft.com -oca.telemetry.microsoft.com.nsatc.net -pre.footprintpredict.com -preview.msn.com -pricelist.skype.com -rad.live.com -rad.msn.com -redir.metaservices.microsoft.com -reports.wes.df.telemetry.microsoft.com -s.gateway.messenger.live.com -s0.2mdn.net -schemas.microsoft.akadns.net -secure.adnxs.com -secure.flashtalking.com -services.wes.df.telemetry.microsoft.com -settings-sandbox.data.microsoft.com -settings-win.data.microsoft.com -sls.update.microsoft.com.akadns.net -sqm.df.telemetry.microsoft.com -sqm.telemetry.microsoft.com -sqm.telemetry.microsoft.com.nsatc.net -ssw.live.com -static.2mdn.net -statsfe1.ws.microsoft.com -statsfe2.update.microsoft.com.akadns.net -statsfe2.ws.microsoft.com -survey.watson.microsoft.com -telecommand.telemetry.microsoft.com -telecommand.telemetry.microsoft.com.nsatc.net -telemetry.appex.bing.net -telemetry.microsoft.com -telemetry.urs.microsoft.com -ui.skype.com -v10.vortex-win.data.microsoft.com -view.atdmt.com -vortex-bn2.metron.live.com.nsatc.net -vortex-cy2.metron.live.com.nsatc.net -vortex-sandbox.data.microsoft.com -vortex-win.data.metron.live.com.nsatc.net -vortex-win.data.microsoft.com -vortex.data.glbdns2.microsoft.com -vortex.data.microsoft.com -watson.live.com -watson.microsoft.com -watson.ppe.telemetry.microsoft.com -watson.telemetry.microsoft.com -watson.telemetry.microsoft.com.nsatc.net -web.vortex.data.microsoft.com -wes.df.telemetry.microsoft.com -www.msftncsi.com -win10.ipv6.microsoft.com -www.bingads.microsoft.com -www.go.microsoft.akadns.net -www.msftncsi.com diff --git a/modules.d/BlockIP.conf b/modules.d/BlockIP.conf deleted file mode 100644 index 37328cd..0000000 --- a/modules.d/BlockIP.conf +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name" : "Block IP From MS servers", - "description" : "Disable Advertising", - "actions" : [ - { - "action" : "FwBlockOutputIP", - "ip" : "", - "file" : "ip.txt" - } - ] - -} \ No newline at end of file diff --git a/modules.d/BlockIP/ip.txt b/modules.d/BlockIP/ip.txt deleted file mode 100644 index c534941..0000000 --- a/modules.d/BlockIP/ip.txt +++ /dev/null @@ -1,12 +0,0 @@ -2.22.61.43 -2.22.61.66 -64.4.54.254 -65.39.117.230 -65.52.108.33 -65.55.108.23 -23.218.212.69 -134.170.30.202 -137.116.81.24 -157.56.106.189 -184.86.53.99 -204.79.197.200 \ No newline at end of file diff --git a/modules.d/DelModernApp.conf b/modules.d/DelModernApp.conf deleted file mode 100644 index 39ee397..0000000 --- a/modules.d/DelModernApp.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "name" : "Delete Metro App", - "description" : "This module delete all useless modern app", - "actions" : [ - { - "action" : "UninstallModernApp", - "file" : "apps.txt", - "removeProvisionned" : "true" - } - ] -} \ No newline at end of file diff --git a/modules.d/DelModernApp/apps.txt b/modules.d/DelModernApp/apps.txt deleted file mode 100644 index a9255b0..0000000 --- a/modules.d/DelModernApp/apps.txt +++ /dev/null @@ -1,49 +0,0 @@ -Microsoft.3dbuilder -Microsoft.Appconnector -Microsoft.BingFinance -Microsoft.BingFoodAndDrink -Microsoft.BingHealthAndFitness -Microsoft.BingNews -Microsoft.BingSports -Microsoft.BingTravel -Microsoft.BingWeather -Microsoft.CommsPhone -Microsoft.ConnectivityStore -Microsoft.Getstarted -Microsoft.Messaging -Microsoft.Microsoft3DViewer -Microsoft.MicrosoftOfficeHub -Microsoft.MicrosoftPowerBIForWindows -Microsoft.MicrosoftSolitaireCollection -Microsoft.MicrosoftStickyNotes -Microsoft.MinecraftUWP -Microsoft.MSPaint -Microsoft.Office.OneNote -Microsoft.Office.Sway -Microsoft.OneConnect -Microsoft.People -Microsoft.Services.Store.Engagement -Microsoft.SkypeApp -Microsoft.Windows.Photos -Microsoft.WindowsAlarms -Microsoft.WindowsCalculator -Microsoft.WindowsCamera -microsoft.windowscommunicationsapps -Microsoft.WindowsFeedbackHub -Microsoft.WindowsMaps -Microsoft.WindowsPhone -Microsoft.WindowsSoundRecorder -Microsoft.WindowsStore -Microsoft.XboxApp -Microsoft.ZuneMusic -Microsoft.ZuneVideo -Microsoft.Advertising.Xaml -9E2F88E3.Twitter -king.com.CandyCrushSodaSaga -f5.vpn.client -SonicWALL.MobileConnect -Microsoft.BingMaps -Microsoft.XboxLIVEGames -Microsoft.Reader -Microsoft.WindowsReadingList -Microsoft.WindowsScan \ No newline at end of file diff --git a/modules.d/DisableAdvertising.conf b/modules.d/DisableAdvertising.conf deleted file mode 100644 index 6cb4cef..0000000 --- a/modules.d/DisableAdvertising.conf +++ /dev/null @@ -1,14 +0,0 @@ -{ - "name" : "Disable Advertising", - "description" : "Disable Advertising", - "actions" : [ - { - "action" : "AddRegKey", - "value" : "1", - "key" : "DisabledByGroupPolicy", - "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo", - "type" : "" - } - ] - -} \ No newline at end of file diff --git a/modules.d/DisableFeatures.conf b/modules.d/DisableFeatures.conf deleted file mode 100644 index 36922ea..0000000 --- a/modules.d/DisableFeatures.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "name" : "Disable Features", - "description" : "This module disable some useless Windows Features", - "actions" : [ - { - "action" : "DisableFeature", - "file" : "features.txt", - "name" : "" - } - ] -} \ No newline at end of file diff --git a/modules.d/DisableFeatures/features.txt b/modules.d/DisableFeatures/features.txt deleted file mode 100644 index f50f2f1..0000000 --- a/modules.d/DisableFeatures/features.txt +++ /dev/null @@ -1,4 +0,0 @@ -Internet-Explorer-Optional-amd64 -FaxServicesClientPackage -WindowsMediaPlayer -MediaPlayback \ No newline at end of file diff --git a/modules.d/DisableGeolocation.conf b/modules.d/DisableGeolocation.conf deleted file mode 100644 index eff221a..0000000 --- a/modules.d/DisableGeolocation.conf +++ /dev/null @@ -1,28 +0,0 @@ -{ - "name" : "Disable Geolocation", - "description" : "Disable GeoLocation", - "actions" : [ - { - "action" : "AddRegKey", - "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", - "key" : "DisableLocation", - "value" : "1", - "type" : "" - }, - { - "action" : "AddRegKey", - "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", - "key" : "DisableLocationScripting", - "value" : "1", - "type" : "" - }, - { - "action" : "AddRegKey", - "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", - "key" : "DisableWindowsLocationProvider", - "value" : "1", - "type" : "" - } - ] - -} \ No newline at end of file diff --git a/modules.d/DisableServices.conf b/modules.d/DisableServices.conf deleted file mode 100644 index 947f01d..0000000 --- a/modules.d/DisableServices.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "name" : "Disable Service", - "description" : "This module delete services known to send data to Microsoft", - "actions" : [ - { - "action" : "DisableService", - "file" : "services.txt", - "name" : "" - } - ] -} \ No newline at end of file diff --git a/modules.d/DisableServices/services.txt b/modules.d/DisableServices/services.txt deleted file mode 100644 index c864704..0000000 --- a/modules.d/DisableServices/services.txt +++ /dev/null @@ -1,17 +0,0 @@ -diagnosticshub.standardcollector.service -DiagTrack -dmwappushservice -HomeGroupListener -HomeGroupProvider -lfsvc -MapsBroker -NetTcpPortSharing -RemoteAccess -RemoteRegistry -SharedAccess -TrkWks -WbioSrvc -WMPNetworkSvc -XblAuthManager -XblGameSave -XboxNetApiSvc diff --git a/modules.d/DisableSheduledTasks.conf b/modules.d/DisableSheduledTasks.conf deleted file mode 100644 index 3596d7f..0000000 --- a/modules.d/DisableSheduledTasks.conf +++ /dev/null @@ -1,22 +0,0 @@ -{ - "name" : "Remove Scheduled tasks", - "description" : "Remove some scheduled tasks", - "actions" : [ - { - "action" : "RemoveScheduledTask", - "path" : "", - "name" : "", - "file" : "tasks.txt" - }, - { - "action" : "RemoveScheduledTask", - "path" : "\\Microsoft\\Windows\\Device Setup\\", - "name" : "Metadata Refresh" - }, - { - "action" : "RemoveScheduledTask", - "path" : "\\Microsoft\\Device Setup\\", - "name" : "Metadata Refresh" - } - ] -} \ No newline at end of file diff --git a/modules.d/DisableSheduledTasks/tasks.txt b/modules.d/DisableSheduledTasks/tasks.txt deleted file mode 100644 index e9005a3..0000000 --- a/modules.d/DisableSheduledTasks/tasks.txt +++ /dev/null @@ -1,11 +0,0 @@ -Microsoft Compatibility Appraiser -ProgramDataUpdater -CreateObjectTask -Consolidator -KernelCeipTask -UsbCeip -SmartScreenSpecific -Microsoft-Windows-DiskDiagnosticDataCollector -DmClient -MNO Metadata Parser -QueueReporting diff --git a/modules.d/DisableSmartScreen.conf b/modules.d/DisableSmartScreen.conf deleted file mode 100644 index 66cfeb2..0000000 --- a/modules.d/DisableSmartScreen.conf +++ /dev/null @@ -1,22 +0,0 @@ -{ - "name" : "Disable Smartscreen", - "description" : "Disable Smartscreen protection for Edge / IE", - "actions" : [ - { - "action" : "AddRegKey", - "path" : "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost", - "key" : "EnableWebContentEvaluation", - "value" : "0", - "type" : "" - }, - { - "_comment" : "EXPERIMENTAL Disable Smartscreen for new created Users", - "action" : "AddRegKey", - "path" : "HKU:\\Default\\Microsoft\\Windows\\CurrentVersion\\AppHost", - "key" : "EnableWebContentEvaluation", - "value" : "0", - "type" : "" - } - ] - -} \ No newline at end of file diff --git a/modules.d/FW_Cortana.conf b/modules.d/FW_Cortana.conf new file mode 100644 index 0000000..4c8befc --- /dev/null +++ b/modules.d/FW_Cortana.conf @@ -0,0 +1,12 @@ +{ + "Name" : "Cortana (Firewall)", + "Description" : "This module Add a firewall rule to desactivate Cortana net traffic", + "actions" : + [ + { + "action" : "FwBlockProgram", + "name" : "Cortana" + "path" : "$env:systemroot\\systemapps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" + } + ] +} diff --git a/modules.d/GPO_Account.conf b/modules.d/GPO_Account.conf new file mode 100644 index 0000000..df8e448 --- /dev/null +++ b/modules.d/GPO_Account.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Account Info (GPO)", + "Description" : "This module desactivate Account Info access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessAccountInfo", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessAccountInfo_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessAccountInfo_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessAccountInfo_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Advertising.conf b/modules.d/GPO_Advertising.conf new file mode 100644 index 0000000..0eac576 --- /dev/null +++ b/modules.d/GPO_Advertising.conf @@ -0,0 +1,13 @@ +{ + "Name" : "Advertising (GPO)", + "Description" : "This module desactivate Advertising info like GPO did.", + "actions" : + [ + { + " action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo", + "key" : "DisabledByGroupPolicy", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_BackgoundApps.conf b/modules.d/GPO_BackgoundApps.conf new file mode 100644 index 0000000..05c1afe --- /dev/null +++ b/modules.d/GPO_BackgoundApps.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Apps in Background (GPO)", + "Description" : "This module desactivate run in background for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsRunInBackgound", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsRunInBackgound_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsRunInBackgound_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsRunInBackgound_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Calendars.conf b/modules.d/GPO_Calendars.conf new file mode 100644 index 0000000..6b96d00 --- /dev/null +++ b/modules.d/GPO_Calendars.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Calendar (GPO)", + "Description" : "This module desactivate Calendar access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCalendar", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCalendar_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCalendar_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCalendar_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_CallHistory.conf b/modules.d/GPO_CallHistory.conf new file mode 100644 index 0000000..5d968b6 --- /dev/null +++ b/modules.d/GPO_CallHistory.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Call history (GPO)", + "Description" : "This module desactivate Call history access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCallHistory", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCallHistory_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCallHistory_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCallHistory_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Camera.conf b/modules.d/GPO_Camera.conf new file mode 100644 index 0000000..76e73d4 --- /dev/null +++ b/modules.d/GPO_Camera.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Camera (GPO)", + "Description" : "This module desactivate Camera access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCamera", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCamera_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCamera_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCamera_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_CloudContent.conf b/modules.d/GPO_CloudContent.conf new file mode 100644 index 0000000..cff0aa4 --- /dev/null +++ b/modules.d/GPO_CloudContent.conf @@ -0,0 +1,35 @@ +{ + "Name" : "CloudContent (GPO)", + "Description" : "This module Desactivate somes Windows like GPO does.", + "actions" : + [ + { + "_comment" : "Disable third party suggestion (for current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\Software\\Policies\\Microsoft\\Windows\\CloudContent",, + "key" : "DisableThirdPartysuggestions", + "value" : "1" + }, + { + "_comment" : "Disable Windows Spotlight (for current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\Software\\Policies\\Microsoft\\Windows\\CloudContent",, + "key" : "DisableWindowsSpotlightFeatures", + "value" : "1" + }, + "_comment" : "Disable third party suggestion (for user template hive)", + "action" : "AddRegKey", + "path" : "HKU:\\Default\\Software\\Policies\\Microsoft\\Windows\\CloudContent",, + "key" : "DisableThirdPartysuggestions", + "value" : "1" + }, + { + "_comment" : "Disable Windows Spotlight (for user template hive)", + "action" : "AddRegKey", + "path" : "HKU:\\Default\\Software\\Policies\\Microsoft\\Windows\\CloudContent",, + "key" : "DisableWindowsSpotlightFeatures", + "value" : "1" + } + + ] +} diff --git a/modules.d/GPO_ConnectionProbe.conf b/modules.d/GPO_ConnectionProbe.conf new file mode 100644 index 0000000..19ecc0d --- /dev/null +++ b/modules.d/GPO_ConnectionProbe.conf @@ -0,0 +1,14 @@ +{ + "Name" : "Connection Probe (GPO)", + "Description" : "This module desactivate Internet connection probe like GPO does.", + "actions" : + [ + { + "_comment" : "Disable connection probe", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator", + "key" : "NoActiveProbe", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_Contacts.conf b/modules.d/GPO_Contacts.conf new file mode 100644 index 0000000..5576782 --- /dev/null +++ b/modules.d/GPO_Contacts.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Contacts (GPO)", + "Description" : "This module desactivate Contacts access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessContacts", + "value" : "0" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessContacts_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessContacts_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessContacts_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Cortana.conf b/modules.d/GPO_Cortana.conf new file mode 100644 index 0000000..735c271 --- /dev/null +++ b/modules.d/GPO_Cortana.conf @@ -0,0 +1,70 @@ +{ + "Name" : "Cortana and Windows Search (GPO)", + "Description" : "This module Desactivate Cortana and some Windows Search functionnality like GPO does.", + "actions" : + [ + { + "_comment" : "Desactivate location access for Cortana", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "AllowSearchToUseLocation", + "value" : "0" + }, + { + "_comment" : "Disable Web Search from Cortana", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "DisableWebSearch", + "value" : "1" + }, + { + "_comment" : "Disable Web Search result from Windows Search", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "ConnectedSearchUseWeb", + "value" : "0" + }, + { + "_comment" : "Do not Search over the Web with limited connections", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "ConnectedSearchUseWebOverMeteredConnections", + "value" : "0" + }, + { + "_comment" : "Disable Cortana", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "AllowCortana", + "value" : "0" + }, + { + "_comment" : "Define which informations are sent to Web Search (anonymous informations)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "ConnectedSearchPrivacy", + "value" : "3" + }, + { + "_comment" : "Disable SafeSearch for Search", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "ConnectedSearchSafeSearch", + "value" : "3" + }, + { + "_comment" : "Disable encrypted file indexation", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search\\CurrentPolicies", + "key" : "AllowIndexingEncryptedStoresOrItems", + "value" : "0" + }, + { + "_comment" : "Disable Cortana on lock screen", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "AllowCortanaAboveLock", + "value" : "0" + } + ] +} diff --git a/modules.d/GPO_Diagnostic.conf b/modules.d/GPO_Diagnostic.conf new file mode 100644 index 0000000..a20928e --- /dev/null +++ b/modules.d/GPO_Diagnostic.conf @@ -0,0 +1,42 @@ +{ + "Name" : " Diagnostic Data (GPO)", + "Description" : "This module try to disable diagnostic tracking like GPO does.", + "actions" : + [ + { + "_comment" : "Do not show feedback notification", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection", + "key" : "DoNotShowFeedbackNotifications", + "value" : "1" + }, + { + "_comment" : "Disable Telemetry, 1 for minimum information leak (Home and Pro edition) and 0 for total disable (Entreprise only)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection", + "key" : "AllowTelemetry", + "value" : "1" + }, + { + "_comment" : "Disable 'Use diagnostic data for personnalized experience", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent", + "key" : "DisableTailoredExperiencesWithDiagnosticData", + "value" : "1" + }, + { + "_comment" : "Disable App compatibility telemetry", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppCompat", + "key" : "AITEnable", + "value" : "1" + }, + { + "_comment" : "Disable pre-version functionnality", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection", + "key" : "EnableConfigFlighting", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_DiagnosticInfo.conf b/modules.d/GPO_DiagnosticInfo.conf new file mode 100644 index 0000000..10b0ebf --- /dev/null +++ b/modules.d/GPO_DiagnosticInfo.conf @@ -0,0 +1,33 @@ +{ + "Name" : "DiagnisticInfo (GPO)", + "Description" : "This module desactivate diagnistic info access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsGetDiagnosticInfo", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsGetDiagnosticInfo_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsGetDiagnosticInfo_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsGetDiagnosticInfo_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_DynamicTiles.conf b/modules.d/GPO_DynamicTiles.conf new file mode 100644 index 0000000..f1182a1 --- /dev/null +++ b/modules.d/GPO_DynamicTiles.conf @@ -0,0 +1,37 @@ +{ + "Name" : "Tiles content (GPO)", + "Description" : "This module desactivate Internet data loading for tiles like GPO does.", + "actions" : + [ + { + "_comment" : "Disable cloud notifications for tiles (for current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "NoCloudApplicationNotification", + "value" : "1" + }, + { + "_comment" : "Disable notifications for tiles (for current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "NoTileApplicationNotification", + "value" : "1" + } + , + { + "_comment" : "Disable cloud notifications for tiles (for user template hive)", + "action" : "AddRegKey", + "path" : "HKU:\\Default\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "NoCloudApplicationNotification", + "value" : "1" + }, + { + "_comment" : "Disable notifications for tiles (for user templte hive)", + "action" : "AddRegKey", + "path" : "HKU:\\Default\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "NoTileApplicationNotification", + "value" : "1" + } + + ] +} diff --git a/modules.d/GPO_Email.conf b/modules.d/GPO_Email.conf new file mode 100644 index 0000000..981d4af --- /dev/null +++ b/modules.d/GPO_Email.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Email access (GPO)", + "Description" : "This module desactivate email access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessEmail", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys s eems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessEmail_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessEmail_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessEmail_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_ErrorReporting.conf b/modules.d/GPO_ErrorReporting.conf new file mode 100644 index 0000000..6098345 --- /dev/null +++ b/modules.d/GPO_ErrorReporting.conf @@ -0,0 +1,56 @@ +{ + "Name" : "Error Reporting (GPO)", + "Description" : "This module desactivate some error Reporting function like GPO does.", + "actions" : + [ + { + "_comment" : "Disable error Reporting to Microsoft", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting", + "key" : "Disabled", + "value" : "1" + }, + { + "_comment" : "Do not allow operating system memory dump sent to Microsoft", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting", + "key" : "AutoApproveOSDumps", + "value" : "0" + }, + { + "_comment" : "Do not sent additional dada to Microsoft when reporting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting", + "key" : "DontSendAdditionalData", + "value" : "1" + }, + { + "_comment" : "Disable Windows Error Reporting ", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\PCHealth\\ErrorReporting", + "key" : "DoReport", + "value" : "0" + }, + { + "_comment" : "Disable WER (Not a GPO rule)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UnattendSettings\\Windows Error Reporting", + "key" : "Disabled", + "value" : "1" + }, + { + "_comment" : "Disable WMR (Not a GPO rule)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\WMR", + "key" : "Disabled", + "value" : "1" + }, + { + "_comment" : "Do not consent Error Reporting (not a GPO rule) ", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\consent", + "key" : "DefaultConsent", + "value" : "0" + } + ] +} diff --git a/modules.d/GPO_InputSpeechInk.conf b/modules.d/GPO_InputSpeechInk.conf new file mode 100644 index 0000000..3548533 --- /dev/null +++ b/modules.d/GPO_InputSpeechInk.conf @@ -0,0 +1,36 @@ +{ + "Name" : "Input Speech Ink (GPO)", + "Description" : "This module desactivate Input personalization, speech and ink recognition like GPO did.", + "actions" : + [ + { + "_comment" : "Desactivate text learning", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization", + "key" : "RestrictImplicitTextCollection", + "value" : "1" + }, + { + "_comment" : "Desactivate ink learning", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization", + "key" : "RestrictImplicitInkCollection", + "value" : "1" + + }, + { + "_comment" : "Desactivate input personalization", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization", + "key" : "AllowInputPersonnalization", + "value" : "0" + }, + { + "_comment" : "Desactivate voice data automatic updates", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Speech", + "key" : "AllowSpeechModelUpdate", + "value" : "0" + } + ] +} diff --git a/modules.d/GPO_Location.conf b/modules.d/GPO_Location.conf new file mode 100644 index 0000000..ee76b0b --- /dev/null +++ b/modules.d/GPO_Location.conf @@ -0,0 +1,68 @@ +{ + "Name" : "Location (GPO)", + "Description" : "This module desactivate Location access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessLocation", + "value" : "0" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessLocation_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessLocation_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessLocation_ForceDenyTheseApps", + "value" : "MultiString" + }, + { + "_comment" : "Disable hardware location sensors", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableLocation", + "value" : "1" + }, + { + "_comment" : "Disable location sensor", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableLocation", + "value" : "1" + }, + { + "_comment" : "Disable Windows location service provider", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableWindowsLocationProvider", + "value" : "1" + }, + { + "_comment" : "Disable location scripting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableLocationScripting", + "value" : "1" + }, + { + "_comment" : "Disable sensors (rotation will be disable in tablet PC)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableSensors", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_Messaging.conf b/modules.d/GPO_Messaging.conf new file mode 100644 index 0000000..d01edb8 --- /dev/null +++ b/modules.d/GPO_Messaging.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Messaging (GPO)", + "Description" : "This module desactivate Messaging access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMessaging", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMessaging_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMessaging_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMessaging_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Microphone.conf b/modules.d/GPO_Microphone.conf new file mode 100644 index 0000000..b06468d --- /dev/null +++ b/modules.d/GPO_Microphone.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Microphone (GPO)", + "Description" : "This module desactivate Microphone access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMicrophone", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMicrophone_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMicrophone_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMicrophone_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_MicrosoftAccount.conf b/modules.d/GPO_MicrosoftAccount.conf new file mode 100644 index 0000000..19f331c --- /dev/null +++ b/modules.d/GPO_MicrosoftAccount.conf @@ -0,0 +1,14 @@ +{ + "Name" : "Microsoft Account (GPO)", + "Description" : "This module desactivate posibility to add a Microsoft account like GPO does.", + "actions" : + [ + { + "_comment" : "Disable MS Account", + " action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", + "key" : "NoConnectedUser", + "value" : "3" + } + ] +} diff --git a/modules.d/GPO_Motion.conf b/modules.d/GPO_Motion.conf new file mode 100644 index 0000000..7ad2062 --- /dev/null +++ b/modules.d/GPO_Motion.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Motion Sensor (GPO)", + "Description" : "This module desactivate Motion sensor access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMotion", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMotion_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMotion_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMotion_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Notifications.conf b/modules.d/GPO_Notifications.conf new file mode 100644 index 0000000..2b9af06 --- /dev/null +++ b/modules.d/GPO_Notifications.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Notifications (GPO)", + "Description" : "This module desactivate Notifications access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessNotifications", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessNotifications_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessNotifications_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessNotifications_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/UninstallOnedrive.conf b/modules.d/GPO_OneDrive.conf similarity index 54% rename from modules.d/UninstallOnedrive.conf rename to modules.d/GPO_OneDrive.conf index 984c978..c4815a7 100644 --- a/modules.d/UninstallOnedrive.conf +++ b/modules.d/GPO_OneDrive.conf @@ -1,33 +1,37 @@ { - "name" : "Uninstall One Drive", - "description" : "This module Uninstall Onedrive", - "actions" : [ - { - "action" : "KillProcess", + "Name" : "Disable OneDrive (GPO)", + "Description" : "This module Remove Onedrive like GPO does and delete if.", + "actions" : + [ + { + "_comment" : "Kill Onedrive process", + "action" : "KillProcess", "name" : "onedrive" }, { + "_comment" : "Kill explorer process", "action" : "KillProcess", "name" : "explorer" }, { - "_comment" : "OneDrive Uninstaller x64 version", - "action" : "ExecCommand", + "_comment" : "Execute OneDrive Uninstaller (x64 version)", + "action" : "ExecCommand", "path" : "$env:systemroot\\SysWOW64\\OneDriveSetup.exe", "arguments" : "/uninstall" }, { - "_comment" : "OneDrive Uninstaller x86 version", + "_comment" : "Execute OneDrive Uninstaller (x86 version)", "action" : "ExecCommand", "path" : "$env:systemroot\\System32\\OneDriveSetup.exe", "arguments" : "/uninstall" }, { + "_comment" : "The 3 actions bellow delete Onedrive folders ", "action" : "DelFile", "path" : "$env:localappdata\\Microsoft\\OneDrive", "recurse" : "True" }, - { + { "action" : "DelFile", "path" : "$env:programdata\\Microsoft OneDrive", "recurse" : "True" @@ -38,39 +42,31 @@ "recurse" : "True" }, { + "_comment" : "Do not allow OneDrive for file storage", "action" : "AddRegKey", "value" : "1", "key" : "DisableFileSyncNGSC", - "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive", - "type" : "" + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive" }, { + "_comment" : "Disable OneDrive file sync with limited connection", "action" : "AddRegKey", "value" : "1", - "key" : "DisableFileSync", - "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive", - "type" : "" + "key" : "DisableMeteredNetworkFileSync", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive" }, - { + { + "_comment" : "Disable save file to Onedrive", "action" : "AddRegKey", - "value" : "0", - "key" : "System.IsPinnedToNameSpaceTree", - "path" : "HKCR:\\Wow6432Node\\CLSID\\{018D5C66-4533-4307-9B53-224DE2ED1FE6}", - "type" : "" + "value" : "1", + "key" : "DisableLibrariesDefaultSaveToOneDrive", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive" }, { - "action" : "AddRegKey", - "value" : "0", - "key" : "System.IsPinnedToNameSpaceTree", - "path" : "HKCR:\\CLSID\\{018D5C66-4533-4307-9B53-224DE2ED1FE6}", - "type" : "" - }, - { - "_comment" : "Prevent Onedrive installation for new created user", + "_comment" : "Prevent Onedrive installation for new created user (non GPO key)", "action" : "DelRegKey", "key" : "OneDriveSetup", "path" : "HKU:\\Default\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" } - - ] + ] } diff --git a/modules.d/GPO_Phone.conf b/modules.d/GPO_Phone.conf new file mode 100644 index 0000000..f281089 --- /dev/null +++ b/modules.d/GPO_Phone.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Phone (GPO)", + "Description" : "This module desactivate Phone access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessPhone", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessPhone_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessPhone_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessPhone_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Privacy.conf b/modules.d/GPO_Privacy.conf new file mode 100644 index 0000000..9f19cc1 --- /dev/null +++ b/modules.d/GPO_Privacy.conf @@ -0,0 +1,56 @@ +{ + "Name" : "Privacy (GPO)", + "Description" : "This module set some privati life settings like GPO does.", + "actions" : + [ + { + "_comment" : "Disable hand writing share", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\TabletPC", + "action" : "AddRegKey", + "key" : "PreventHandwritingDataSharing", + "value" : "1" + }, + { + "_comment" : "Disable hand writing error reporting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\HandwritingErrorReports", + "key" : "PreventHandwritingErrorReports", + "value" : "1" + }, + { + "_comment" : "Disable Inventory Collector", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppCompat", + "key" : "DisableInventory", + "value" : "1" + }, + { + "_comment" : "Disable camera on lock screen", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization", + "key" : "NoLockScreenCamera", + "value" : "1" + }, + { + "_comment" : "Disable notification for tile, application and Lockscreen (non GPO key)(current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "ToastEnabled", + "value" : "0" + }, + { + "_comment" : "Disable notification for tiles, applications and lockscreen (non GPO key)(user template hive)", + "action" : "AddRegKey", + "path" : "HKU:\\Default\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "ToastEnabled", + "value" : "0" + }, + { + "_comment" : "Disable user experience amelioration program ", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\SQMClient\\Windows", + "key" : "CEIPEnabled", + "value" : "0" + } + ] +} diff --git a/modules.d/GPO_Radios.conf b/modules.d/GPO_Radios.conf new file mode 100644 index 0000000..aef16a3 --- /dev/null +++ b/modules.d/GPO_Radios.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Radios (GPO)", + "Description" : "This module desactivate Radios (Bluetooth, Wifi ...) access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessRadios", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessRadios_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessRadios_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessRadios_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_SettingSync.conf b/modules.d/GPO_SettingSync.conf new file mode 100644 index 0000000..8d61ed2 --- /dev/null +++ b/modules.d/GPO_SettingSync.conf @@ -0,0 +1,35 @@ +{ + "Name" : "Setting Sync (GPO)", + "Description" : "This module desactivate Setting sync between devices like GPO did.", + "actions" : + [ + { + "_comment" : "Disable Setting Sync", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync", + "key" : "DisableSettingSync", + "value" : "1" + }, + { + "_comment" : "Disable Possibility for user to reactivate setting sync", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync", + "key" : "DisableSettingSyncUserOverride", + "value" : "1" + }, + { + "_comment" : "Disable Setting Sync for third party Apps", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync", + "key" : "DisableApplicationSettingSync", + "value" : "1" + }, + { + "_comment" : "Disable Possibility for user to reactivate setting sync for third party Apps", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync", + "key" : "DisableApplicationSettingSyncUserOverride", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_SyncDevices.conf b/modules.d/GPO_SyncDevices.conf new file mode 100644 index 0000000..3156554 --- /dev/null +++ b/modules.d/GPO_SyncDevices.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Sync with devices (GPO)", + "Description" : "This module desactivate sync with devices for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsSyncWithDevices", + "value" : "0" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsSyncWithDevices_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsSyncWithDevices_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsSyncWithDevices_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Tasks.conf b/modules.d/GPO_Tasks.conf new file mode 100644 index 0000000..dfb3570 --- /dev/null +++ b/modules.d/GPO_Tasks.conf @@ -0,0 +1,33 @@ +{ + "Name" : "Tasks (GPO)", + "Description" : "This module desactivate Tasks access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTasks", + "value" : "0" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTasks_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTasks_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + " action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTasks_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Teredo.conf b/modules.d/GPO_Teredo.conf new file mode 100644 index 0000000..278fcad --- /dev/null +++ b/modules.d/GPO_Teredo.conf @@ -0,0 +1,15 @@ +{ + "Name" : "Teredo (GPO)", + "Description" : "This module desactivate Teredo pseudo interface like GPO did.", + "actions" : + [ + { + "_comment" : "Disable Teredo with key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition", + "key" : "Teredo_State", + "value" : "Disable", + "type" : "String" + } + ] +} diff --git a/modules.d/GPO_TrustedDevices.conf b/modules.d/GPO_TrustedDevices.conf new file mode 100644 index 0000000..6df443a --- /dev/null +++ b/modules.d/GPO_TrustedDevices.conf @@ -0,0 +1,33 @@ +{ + "Name" : "TrustedDevices (GPO)", + "Description" : "This module desactivate Trusted Devices access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTrustedDevices", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTrustedDevices_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTrustedDevices_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTrustedDevices_ForceDenyTheseApps", + "value" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Wifi.conf b/modules.d/GPO_Wifi.conf new file mode 100644 index 0000000..1322f57 --- /dev/null +++ b/modules.d/GPO_Wifi.conf @@ -0,0 +1,13 @@ +{ + "Name" : "Contact, open and paid Wifi (GPO)", + "Description" : "This module desactivate Wifi connexion to shared network by contacts, paid and open AP like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config", + "key" : "AutoConnectAllowedOEM", + "value" : "0" + } ] +} diff --git a/modules.d/GPO_WindowsDefender.conf b/modules.d/GPO_WindowsDefender.conf new file mode 100644 index 0000000..d52443d --- /dev/null +++ b/modules.d/GPO_WindowsDefender.conf @@ -0,0 +1,35 @@ +{ + "Name" : "Windows Defender (GPO)", + "Description" : "This module Desactivate somes Windows Defender functionnallity like GPO does.", + "actions" : + [ + { + "_comment" : "Disable Spynet Reporting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet", + "key" : "SpyNetReporting", + "value" : "0" + }, + { + "_comment" : "Disable sample submission to Microsoft", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet", + "key" : "SubmitSamplesConsent", + "value" : "2" + }, + { + "_comment" : "Do not report infection informations to Microsoft", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\MRT", + "key" : "DontReportInfectionInformation", + "value" : "1" + }, + { + "_comment" : "Do not allow setting override for Spynet reporting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet", + "key" : "LocalSettingOverrideSpynetReporting", + "value" : "0" + } + ] +} diff --git a/modules.d/GPO_WindowsStore.conf b/modules.d/GPO_WindowsStore.conf new file mode 100644 index 0000000..8bf53b4 --- /dev/null +++ b/modules.d/GPO_WindowsStore.conf @@ -0,0 +1,49 @@ +{ + "Name" : "Windows Store (GPO)", + "Description" : "This module Desactivate Windows Store functionnality like GPO does.", + "actions" : + [ + { + "_comment" : "Disable All Windows Store Application - Appx (Windows Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore", + "key" : "DisableStoreApps", + "value" : "1" + }, + { + "_comment" : "Disable Windows Store (Windows Pro, Entreprise ans Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore", + "key" : "RemoveWindowsStore", + "value" : "1" + }, + { + "_comment" : "Disable Open with Windows Store in Explorer (Windows Pro, Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer", + "key" : "NoUseStoreOpenWith", + "value" : "1" + }, + { + "_comment" : "Show only private repository (Windows Pro, Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore", + "key" : "RequirePrivateStoreOnly", + "value" : "1" + }, + { + "_comment" : "Disable message to update tu Windows last version (Windows Pro, Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\WindowsStore", + "key" : "DisableOsUpgrade", + "value" : "1" + }, + { + "_comment" : "Disable push to install (Windows Pro, Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\PushToInstall", + "key" : "DisablePushToInstall", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_WindowsTips.conf b/modules.d/GPO_WindowsTips.conf new file mode 100644 index 0000000..bd3f16f --- /dev/null +++ b/modules.d/GPO_WindowsTips.conf @@ -0,0 +1,22 @@ +{ + "Name" : "Windows Tips (GPO)", + "Description" : "This module desactivate Windows tips like GPO does.", + "actions" : + [ + { + "_comment" : "Do not display Windows Tips", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent", + "key" : "DisableSoftLanding", + "value" : "1" + } + , + { + "_comment" : "Disable Windows Consumers Features", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent", + "key" : "DisableWindowsConsumerFeatures", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_WindowsUpdate.conf b/modules.d/GPO_WindowsUpdate.conf new file mode 100644 index 0000000..74a7530 --- /dev/null +++ b/modules.d/GPO_WindowsUpdate.conf @@ -0,0 +1,70 @@ +{ + "Name" : "Windows Update (GPO)", + "Description" : "Disable sone Windows Update features like GPO does.", + "actions" : + [ + { + "_comment" : "Disable Download Optimization", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization", + "key" : "DODownloadMode", + "value" : "0" + }, + { + "_comment" : "Disable Peer to Peer connection for Windows Update", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Peernet", + "key" : "Disabled", + "value" : "1" + }, + { + "_comment" : "Notify Update download and installation", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", + "key" : "AUOptions", + "value" : "2" + }, + { + "_comment" : "Activate Windows Update all day ( 0:All days, 1:sunday, 2:monday, ...", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", + "key" : "ScheduledInstallDay", + "value" : "0" + }, + { + "_comment" : "Define hour of installation", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", + "key" : "ScheduledInstallTime", + "value" : "12" + }, + { + "_comment" : "Enable Defered Updates (Windows Pro and +) (https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate", + "key" : "DeferFeatureUpdates", + "value" : "1" + }, + { + "_comment" : "Select CBB branch for Defered Updates", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate", + "key" : "BranchReadinessLevel", + "value" : "32" + }, + { + "_comment" : "Defer Feature installation for 1 year", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate", + "key" : "DeferFeatureUpdatesPeriodInDays", + "value" : "365" + }, + { + "_comment" : "Disable drivers update", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", + "key" : "ExcludeWUDriversInQualityUpdate", + "value" : "1" + } + ] +} diff --git a/modules.d/SER_Location.conf b/modules.d/SER_Location.conf new file mode 100644 index 0000000..229a6e5 --- /dev/null +++ b/modules.d/SER_Location.conf @@ -0,0 +1,10 @@ +{ + "name" : "Disable Location Service", + "description" : "This module disable location service", + "actions" : [ + { + "action" : "DisableService", + "name" : "lfsvc" + } + ] +}