ephase/win10-privacy-script
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Rewrite modules (untested)

Browse source
This commit is contained in:
Yorick Barbanneau 2018-03-25 16:15:10 +02:00
parent b3d3ee6403
commit eba57e6c8a
53 changed files with 1288 additions and 394 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules.d/BlockHosts.conf
View file

@ -1,11 +0,0 @@
{
"name" : "Block unwanted Host",
"description" : "This module block some hosts from Microsoft",
"actions" : [
{
"action" : "BlockHost",
"file" : "hosts.txt",
"host" : ""
}
]
}

130
modules.d/BlockHosts/hosts.txt
View file

@ -1,130 +0,0 @@
184-86-53-99.deploy.static.akamaitechnologies.com
a-0001.a-msedge.net
a-0002.a-msedge.net
a-0003.a-msedge.net
a-0004.a-msedge.net
a-0005.a-msedge.net
a-0006.a-msedge.net
a-0007.a-msedge.net
a-0008.a-msedge.net
a-0009.a-msedge.net
a-msedge.net
a.ads1.msn.com
a.ads2.msads.net
a.ads2.msn.com
a.rad.msn.com
a1621.g.akamai.net
a1856.g2.akamai.net
a1961.g.akamai.net
a978.i6g1.akamai.net
ac3.msn.com
ad.doubleclick.net
adnexus.net
adnxs.com
ads.msn.com
ads1.msads.net
ads1.msn.com
aidps.atdmt.com
aka-cdn-ns.adtech.de
apps.skype.com
az361816.vo.msecnd.net
az512334.vo.msecnd.net
b.ads1.msn.com
b.ads2.msads.net
b.rad.msn.com
bingads.microsoft.com
bs.serving-sys.com
c.atdmt.com
c.msn.com
cdn.atdmt.com
cds26.ams9.msecn.net
choice.microsoft.com
choice.microsoft.com.nsatc.net
compatexchange.cloudapp.net
corp.sts.microsoft.com
corpext.msitadfs.glbdns2.microsoft.com
cs1.wpc.v0cdn.net
cy2.vortex.data.microsoft.com.akadns.net
db3aqu.atdmt.com
df.telemetry.microsoft.com
diagnostics.support.microsoft.com
e2835.dspb.akamaiedge.net
e7341.g.akamaiedge.net
e7502.ce.akamaiedge.net
e8218.ce.akamaiedge.net
ec.atdmt.com
fe2.update.microsoft.com.akadns.net
feedback.microsoft-hohm.com
feedback.search.microsoft.com
feedback.windows.com
flex.msn.com
g.msn.com
h1.msn.com
h2.msn.com
hostedocsp.globalsign.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
ipv6.msftncsi.com
ipv6.msftncsi.com.edgesuite.net
lb1.www.ms.akadns.net
live.rads.msn.com
m.adnxs.com
m.hotmail.com
msedge.net
msftncsi.com
msnbot-65-55-108-23.search.msn.com
msntest.serving-sys.com
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
preview.msn.com
pricelist.skype.com
rad.live.com
rad.msn.com
redir.metaservices.microsoft.com
reports.wes.df.telemetry.microsoft.com
s.gateway.messenger.live.com
s0.2mdn.net
schemas.microsoft.akadns.net
secure.adnxs.com
secure.flashtalking.com
services.wes.df.telemetry.microsoft.com
settings-sandbox.data.microsoft.com
settings-win.data.microsoft.com
sls.update.microsoft.com.akadns.net
sqm.df.telemetry.microsoft.com
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
ssw.live.com
static.2mdn.net
statsfe1.ws.microsoft.com
statsfe2.update.microsoft.com.akadns.net
statsfe2.ws.microsoft.com
survey.watson.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.microsoft.com
telemetry.urs.microsoft.com
ui.skype.com
v10.vortex-win.data.microsoft.com
view.atdmt.com
vortex-bn2.metron.live.com.nsatc.net
vortex-cy2.metron.live.com.nsatc.net
vortex-sandbox.data.microsoft.com
vortex-win.data.metron.live.com.nsatc.net
vortex-win.data.microsoft.com
vortex.data.glbdns2.microsoft.com
vortex.data.microsoft.com
watson.live.com
watson.microsoft.com
watson.ppe.telemetry.microsoft.com
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
web.vortex.data.microsoft.com
wes.df.telemetry.microsoft.com
www.msftncsi.com
win10.ipv6.microsoft.com
www.bingads.microsoft.com
www.go.microsoft.akadns.net
www.msftncsi.com

12
modules.d/BlockIP.conf
View file

@ -1,12 +0,0 @@
{
"name" : "Block IP From MS servers",
"description" : "Disable Advertising",
"actions" : [
{
"action" : "FwBlockOutputIP",
"ip" : "",
"file" : "ip.txt"
}
]
}

12
modules.d/BlockIP/ip.txt
View file

@ -1,12 +0,0 @@
2.22.61.43
2.22.61.66
64.4.54.254
65.39.117.230
65.52.108.33
65.55.108.23
23.218.212.69
134.170.30.202
137.116.81.24
157.56.106.189
184.86.53.99
204.79.197.200

11
modules.d/DelModernApp.conf
View file

@ -1,11 +0,0 @@
{
"name" : "Delete Metro App",
"description" : "This module delete all useless modern app",
"actions" : [
{
"action" : "UninstallModernApp",
"file" : "apps.txt",
"removeProvisionned" : "true"
}
]
}

49
modules.d/DelModernApp/apps.txt
View file

@ -1,49 +0,0 @@
Microsoft.3dbuilder
Microsoft.Appconnector
Microsoft.BingFinance
Microsoft.BingFoodAndDrink
Microsoft.BingHealthAndFitness
Microsoft.BingNews
Microsoft.BingSports
Microsoft.BingTravel
Microsoft.BingWeather
Microsoft.CommsPhone
Microsoft.ConnectivityStore
Microsoft.Getstarted
Microsoft.Messaging
Microsoft.Microsoft3DViewer
Microsoft.MicrosoftOfficeHub
Microsoft.MicrosoftPowerBIForWindows
Microsoft.MicrosoftSolitaireCollection
Microsoft.MicrosoftStickyNotes
Microsoft.MinecraftUWP
Microsoft.MSPaint
Microsoft.Office.OneNote
Microsoft.Office.Sway
Microsoft.OneConnect
Microsoft.People
Microsoft.Services.Store.Engagement
Microsoft.SkypeApp
Microsoft.Windows.Photos
Microsoft.WindowsAlarms
Microsoft.WindowsCalculator
Microsoft.WindowsCamera
microsoft.windowscommunicationsapps
Microsoft.WindowsFeedbackHub
Microsoft.WindowsMaps
Microsoft.WindowsPhone
Microsoft.WindowsSoundRecorder
Microsoft.WindowsStore
Microsoft.XboxApp
Microsoft.ZuneMusic
Microsoft.ZuneVideo
Microsoft.Advertising.Xaml
9E2F88E3.Twitter
king.com.CandyCrushSodaSaga
f5.vpn.client
SonicWALL.MobileConnect
Microsoft.BingMaps
Microsoft.XboxLIVEGames
Microsoft.Reader
Microsoft.WindowsReadingList
Microsoft.WindowsScan

14
modules.d/DisableAdvertising.conf
View file

@ -1,14 +0,0 @@
{
"name" : "Disable Advertising",
"description" : "Disable Advertising",
"actions" : [
{
"action" : "AddRegKey",
"value" : "1",
"key" : "DisabledByGroupPolicy",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo",
"type" : ""
}
]
}

11
modules.d/DisableFeatures.conf
View file

@ -1,11 +0,0 @@
{
"name" : "Disable Features",
"description" : "This module disable some useless Windows Features",
"actions" : [
{
"action" : "DisableFeature",
"file" : "features.txt",
"name" : ""
}
]
}

4
modules.d/DisableFeatures/features.txt
View file

@ -1,4 +0,0 @@
Internet-Explorer-Optional-amd64
FaxServicesClientPackage
WindowsMediaPlayer
MediaPlayback

28
modules.d/DisableGeolocation.conf
View file

@ -1,28 +0,0 @@
{
"name" : "Disable Geolocation",
"description" : "Disable GeoLocation",
"actions" : [
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors",
"key" : "DisableLocation",
"value" : "1",
"type" : ""
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors",
"key" : "DisableLocationScripting",
"value" : "1",
"type" : ""
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors",
"key" : "DisableWindowsLocationProvider",
"value" : "1",
"type" : ""
}
]
}

11
modules.d/DisableServices.conf
View file

@ -1,11 +0,0 @@
{
"name" : "Disable Service",
"description" : "This module delete services known to send data to Microsoft",
"actions" : [
{
"action" : "DisableService",
"file" : "services.txt",
"name" : ""
}
]
}

17
modules.d/DisableServices/services.txt
View file

@ -1,17 +0,0 @@
diagnosticshub.standardcollector.service
DiagTrack
dmwappushservice
HomeGroupListener
HomeGroupProvider
lfsvc
MapsBroker
NetTcpPortSharing
RemoteAccess
RemoteRegistry
SharedAccess
TrkWks
WbioSrvc
WMPNetworkSvc
XblAuthManager
XblGameSave
XboxNetApiSvc

22
modules.d/DisableSheduledTasks.conf
View file

@ -1,22 +0,0 @@
{
"name" : "Remove Scheduled tasks",
"description" : "Remove some scheduled tasks",
"actions" : [
{
"action" : "RemoveScheduledTask",
"path" : "",
"name" : "",
"file" : "tasks.txt"
},
{
"action" : "RemoveScheduledTask",
"path" : "\\Microsoft\\Windows\\Device Setup\\",
"name" : "Metadata Refresh"
},
{
"action" : "RemoveScheduledTask",
"path" : "\\Microsoft\\Device Setup\\",
"name" : "Metadata Refresh"
}
]
}

11
modules.d/DisableSheduledTasks/tasks.txt
View file

@ -1,11 +0,0 @@
Microsoft Compatibility Appraiser
ProgramDataUpdater
CreateObjectTask
Consolidator
KernelCeipTask
UsbCeip
SmartScreenSpecific
Microsoft-Windows-DiskDiagnosticDataCollector
DmClient
MNO Metadata Parser
QueueReporting

22
modules.d/DisableSmartScreen.conf
View file

@ -1,22 +0,0 @@
{
"name" : "Disable Smartscreen",
"description" : "Disable Smartscreen protection for Edge / IE",
"actions" : [
{
"action" : "AddRegKey",
"path" : "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost",
"key" : "EnableWebContentEvaluation",
"value" : "0",
"type" : ""
},
{
"_comment" : "EXPERIMENTAL Disable Smartscreen for new created Users",
"action" : "AddRegKey",
"path" : "HKU:\\Default\\Microsoft\\Windows\\CurrentVersion\\AppHost",
"key" : "EnableWebContentEvaluation",
"value" : "0",
"type" : ""
}
]
}

12
modules.d/FW_Cortana.conf Normal file
View file

@ -0,0 +1,12 @@
{
"Name" : "Cortana (Firewall)",
"Description" : "This module Add a firewall rule to desactivate Cortana net traffic",
"actions" :
[
{
"action" : "FwBlockProgram",
"name" : "Cortana"
"path" : "$env:systemroot\\systemapps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe"
}
]
}

33
modules.d/GPO_Account.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Account Info (GPO)",
"Description" : "This module desactivate Account Info access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessAccountInfo",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessAccountInfo_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessAccountInfo_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessAccountInfo_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

13
modules.d/GPO_Advertising.conf Normal file
View file

@ -0,0 +1,13 @@
{
"Name" : "Advertising (GPO)",
"Description" : "This module desactivate Advertising info like GPO did.",
"actions" :
[
{
" action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo",
"key" : "DisabledByGroupPolicy",
"value" : "1"
}
]
}

33
modules.d/GPO_BackgoundApps.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Apps in Background (GPO)",
"Description" : "This module desactivate run in background for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsRunInBackgound",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsRunInBackgound_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsRunInBackgound_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsRunInBackgound_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

33
modules.d/GPO_Calendars.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Calendar (GPO)",
"Description" : "This module desactivate Calendar access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCalendar",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCalendar_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCalendar_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCalendar_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

33
modules.d/GPO_CallHistory.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Call history (GPO)",
"Description" : "This module desactivate Call history access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCallHistory",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCallHistory_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCallHistory_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCallHistory_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

33
modules.d/GPO_Camera.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Camera (GPO)",
"Description" : "This module desactivate Camera access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCamera",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCamera_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCamera_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessCamera_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

35
modules.d/GPO_CloudContent.conf Normal file
View file

@ -0,0 +1,35 @@
{
"Name" : "CloudContent (GPO)",
"Description" : "This module Desactivate somes Windows like GPO does.",
"actions" :
[
{
"_comment" : "Disable third party suggestion (for current user)",
"action" : "AddRegKey",
"path" : "HKCU:\\Software\\Policies\\Microsoft\\Windows\\CloudContent",,
"key" : "DisableThirdPartysuggestions",
"value" : "1"
},
{
"_comment" : "Disable Windows Spotlight (for current user)",
"action" : "AddRegKey",
"path" : "HKCU:\\Software\\Policies\\Microsoft\\Windows\\CloudContent",,
"key" : "DisableWindowsSpotlightFeatures",
"value" : "1"
},
"_comment" : "Disable third party suggestion (for user template hive)",
"action" : "AddRegKey",
"path" : "HKU:\\Default\\Software\\Policies\\Microsoft\\Windows\\CloudContent",,
"key" : "DisableThirdPartysuggestions",
"value" : "1"
},
{
"_comment" : "Disable Windows Spotlight (for user template hive)",
"action" : "AddRegKey",
"path" : "HKU:\\Default\\Software\\Policies\\Microsoft\\Windows\\CloudContent",,
"key" : "DisableWindowsSpotlightFeatures",
"value" : "1"
}
]
}

14
modules.d/GPO_ConnectionProbe.conf Normal file
View file

@ -0,0 +1,14 @@
{
"Name" : "Connection Probe (GPO)",
"Description" : "This module desactivate Internet connection probe like GPO does.",
"actions" :
[
{
"_comment" : "Disable connection probe",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator",
"key" : "NoActiveProbe",
"value" : "1"
}
]
}

33
modules.d/GPO_Contacts.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Contacts (GPO)",
"Description" : "This module desactivate Contacts access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessContacts",
"value" : "0"
},
{
"_comment" : "The 3 bottom keys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessContacts_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessContacts_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessContacts_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

70
modules.d/GPO_Cortana.conf Normal file
View file

@ -0,0 +1,70 @@
{
"Name" : "Cortana and Windows Search (GPO)",
"Description" : "This module Desactivate Cortana and some Windows Search functionnality like GPO does.",
"actions" :
[
{
"_comment" : "Desactivate location access for Cortana",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search",
"key" : "AllowSearchToUseLocation",
"value" : "0"
},
{
"_comment" : "Disable Web Search from Cortana",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search",
"key" : "DisableWebSearch",
"value" : "1"
},
{
"_comment" : "Disable Web Search result from Windows Search",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search",
"key" : "ConnectedSearchUseWeb",
"value" : "0"
},
{
"_comment" : "Do not Search over the Web with limited connections",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search",
"key" : "ConnectedSearchUseWebOverMeteredConnections",
"value" : "0"
},
{
"_comment" : "Disable Cortana",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search",
"key" : "AllowCortana",
"value" : "0"
},
{
"_comment" : "Define which informations are sent to Web Search (anonymous informations)",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search",
"key" : "ConnectedSearchPrivacy",
"value" : "3"
},
{
"_comment" : "Disable SafeSearch for Search",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search",
"key" : "ConnectedSearchSafeSearch",
"value" : "3"
},
{
"_comment" : "Disable encrypted file indexation",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search\\CurrentPolicies",
"key" : "AllowIndexingEncryptedStoresOrItems",
"value" : "0"
},
{
"_comment" : "Disable Cortana on lock screen",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search",
"key" : "AllowCortanaAboveLock",
"value" : "0"
}
]
}

42
modules.d/GPO_Diagnostic.conf Normal file
View file

@ -0,0 +1,42 @@
{
"Name" : " Diagnostic Data (GPO)",
"Description" : "This module try to disable diagnostic tracking like GPO does.",
"actions" :
[
{
"_comment" : "Do not show feedback notification",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection",
"key" : "DoNotShowFeedbackNotifications",
"value" : "1"
},
{
"_comment" : "Disable Telemetry, 1 for minimum information leak (Home and Pro edition) and 0 for total disable (Entreprise only)",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection",
"key" : "AllowTelemetry",
"value" : "1"
},
{
"_comment" : "Disable 'Use diagnostic data for personnalized experience",
"action" : "AddRegKey",
"path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent",
"key" : "DisableTailoredExperiencesWithDiagnosticData",
"value" : "1"
},
{
"_comment" : "Disable App compatibility telemetry",
"action" : "AddRegKey",
"path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppCompat",
"key" : "AITEnable",
"value" : "1"
},
{
"_comment" : "Disable pre-version functionnality",
"action" : "AddRegKey",
"path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection",
"key" : "EnableConfigFlighting",
"value" : "1"
}
]
}

33
modules.d/GPO_DiagnosticInfo.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "DiagnisticInfo (GPO)",
"Description" : "This module desactivate diagnistic info access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsGetDiagnosticInfo",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsGetDiagnosticInfo_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsGetDiagnosticInfo_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsGetDiagnosticInfo_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

37
modules.d/GPO_DynamicTiles.conf Normal file
View file

@ -0,0 +1,37 @@
{
"Name" : "Tiles content (GPO)",
"Description" : "This module desactivate Internet data loading for tiles like GPO does.",
"actions" :
[
{
"_comment" : "Disable cloud notifications for tiles (for current user)",
"action" : "AddRegKey",
"path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications",
"key" : "NoCloudApplicationNotification",
"value" : "1"
},
{
"_comment" : "Disable notifications for tiles (for current user)",
"action" : "AddRegKey",
"path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications",
"key" : "NoTileApplicationNotification",
"value" : "1"
}
,
{
"_comment" : "Disable cloud notifications for tiles (for user template hive)",
"action" : "AddRegKey",
"path" : "HKU:\\Default\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications",
"key" : "NoCloudApplicationNotification",
"value" : "1"
},
{
"_comment" : "Disable notifications for tiles (for user templte hive)",
"action" : "AddRegKey",
"path" : "HKU:\\Default\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications",
"key" : "NoTileApplicationNotification",
"value" : "1"
}
]
}

33
modules.d/GPO_Email.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Email access (GPO)",
"Description" : "This module desactivate email access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessEmail",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys s eems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessEmail_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessEmail_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessEmail_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

56
modules.d/GPO_ErrorReporting.conf Normal file
View file

@ -0,0 +1,56 @@
{
"Name" : "Error Reporting (GPO)",
"Description" : "This module desactivate some error Reporting function like GPO does.",
"actions" :
[
{
"_comment" : "Disable error Reporting to Microsoft",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting",
"key" : "Disabled",
"value" : "1"
},
{
"_comment" : "Do not allow operating system memory dump sent to Microsoft",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting",
"key" : "AutoApproveOSDumps",
"value" : "0"
},
{
"_comment" : "Do not sent additional dada to Microsoft when reporting",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting",
"key" : "DontSendAdditionalData",
"value" : "1"
},
{
"_comment" : "Disable Windows Error Reporting ",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\PCHealth\\ErrorReporting",
"key" : "DoReport",
"value" : "0"
},
{
"_comment" : "Disable WER (Not a GPO rule)",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UnattendSettings\\Windows Error Reporting",
"key" : "Disabled",
"value" : "1"
},
{
"_comment" : "Disable WMR (Not a GPO rule)",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\WMR",
"key" : "Disabled",
"value" : "1"
},
{
"_comment" : "Do not consent Error Reporting (not a GPO rule) ",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\consent",
"key" : "DefaultConsent",
"value" : "0"
}
]
}

36
modules.d/GPO_InputSpeechInk.conf Normal file
View file

@ -0,0 +1,36 @@
{
"Name" : "Input Speech Ink (GPO)",
"Description" : "This module desactivate Input personalization, speech and ink recognition like GPO did.",
"actions" :
[
{
"_comment" : "Desactivate text learning",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization",
"key" : "RestrictImplicitTextCollection",
"value" : "1"
},
{
"_comment" : "Desactivate ink learning",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization",
"key" : "RestrictImplicitInkCollection",
"value" : "1"
},
{
"_comment" : "Desactivate input personalization",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization",
"key" : "AllowInputPersonnalization",
"value" : "0"
},
{
"_comment" : "Desactivate voice data automatic updates",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Speech",
"key" : "AllowSpeechModelUpdate",
"value" : "0"
}
]
}

68
modules.d/GPO_Location.conf Normal file
View file

@ -0,0 +1,68 @@
{
"Name" : "Location (GPO)",
"Description" : "This module desactivate Location access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessLocation",
"value" : "0"
},
{
"_comment" : "The 3 bottom keys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessLocation_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessLocation_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessLocation_ForceDenyTheseApps",
"value" : "MultiString"
},
{
"_comment" : "Disable hardware location sensors",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors",
"key" : "DisableLocation",
"value" : "1"
},
{
"_comment" : "Disable location sensor",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors",
"key" : "DisableLocation",
"value" : "1"
},
{
"_comment" : "Disable Windows location service provider",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors",
"key" : "DisableWindowsLocationProvider",
"value" : "1"
},
{
"_comment" : "Disable location scripting",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors",
"key" : "DisableLocationScripting",
"value" : "1"
},
{
"_comment" : "Disable sensors (rotation will be disable in tablet PC)",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors",
"key" : "DisableSensors",
"value" : "1"
}
]
}

33
modules.d/GPO_Messaging.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Messaging (GPO)",
"Description" : "This module desactivate Messaging access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMessaging",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMessaging_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMessaging_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMessaging_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

33
modules.d/GPO_Microphone.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Microphone (GPO)",
"Description" : "This module desactivate Microphone access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMicrophone",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMicrophone_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMicrophone_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMicrophone_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

14
modules.d/GPO_MicrosoftAccount.conf Normal file
View file

@ -0,0 +1,14 @@
{
"Name" : "Microsoft Account (GPO)",
"Description" : "This module desactivate posibility to add a Microsoft account like GPO does.",
"actions" :
[
{
"_comment" : "Disable MS Account",
" action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"key" : "NoConnectedUser",
"value" : "3"
}
]
}

33
modules.d/GPO_Motion.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Motion Sensor (GPO)",
"Description" : "This module desactivate Motion sensor access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMotion",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMotion_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMotion_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessMotion_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

33
modules.d/GPO_Notifications.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Notifications (GPO)",
"Description" : "This module desactivate Notifications access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessNotifications",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessNotifications_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessNotifications_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessNotifications_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

52
modules.d/UninstallOnedrive.conf → modules.d/GPO_OneDrive.conf
View file

@ -1,28 +1,32 @@
{
"name" : "Uninstall One Drive",
"description" : "This module Uninstall Onedrive",
"actions" : [
{
"action" : "KillProcess",
"Name" : "Disable OneDrive (GPO)",
"Description" : "This module Remove Onedrive like GPO does and delete if.",
"actions" :
[
{
"_comment" : "Kill Onedrive process",
"action" : "KillProcess",
"name" : "onedrive"
},
{
"_comment" : "Kill explorer process",
"action" : "KillProcess",
"name" : "explorer"
},
{
"_comment" : "OneDrive Uninstaller x64 version",
"action" : "ExecCommand",
"_comment" : "Execute OneDrive Uninstaller (x64 version)",
"action" : "ExecCommand",
"path" : "$env:systemroot\\SysWOW64\\OneDriveSetup.exe",
"arguments" : "/uninstall"
},
{
"_comment" : "OneDrive Uninstaller x86 version",
"_comment" : "Execute OneDrive Uninstaller (x86 version)",
"action" : "ExecCommand",
"path" : "$env:systemroot\\System32\\OneDriveSetup.exe",
"arguments" : "/uninstall"
},
{
"_comment" : "The 3 actions bellow delete Onedrive folders ",
"action" : "DelFile",
"path" : "$env:localappdata\\Microsoft\\OneDrive",
"recurse" : "True"
@ -38,39 +42,31 @@
"recurse" : "True"
},
{
"_comment" : "Do not allow OneDrive for file storage",
"action" : "AddRegKey",
"value" : "1",
"key" : "DisableFileSyncNGSC",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive",
"type" : ""
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive"
},
{
"_comment" : "Disable OneDrive file sync with limited connection",
"action" : "AddRegKey",
"value" : "1",
"key" : "DisableFileSync",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive",
"type" : ""
"key" : "DisableMeteredNetworkFileSync",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive"
},
{
{
"_comment" : "Disable save file to Onedrive",
"action" : "AddRegKey",
"value" : "0",
"key" : "System.IsPinnedToNameSpaceTree",
"path" : "HKCR:\\Wow6432Node\\CLSID\\{018D5C66-4533-4307-9B53-224DE2ED1FE6}",
"type" : ""
"value" : "1",
"key" : "DisableLibrariesDefaultSaveToOneDrive",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive"
},
{
"action" : "AddRegKey",
"value" : "0",
"key" : "System.IsPinnedToNameSpaceTree",
"path" : "HKCR:\\CLSID\\{018D5C66-4533-4307-9B53-224DE2ED1FE6}",
"type" : ""
},
{
"_comment" : "Prevent Onedrive installation for new created user",
"_comment" : "Prevent Onedrive installation for new created user (non GPO key)",
"action" : "DelRegKey",
"key" : "OneDriveSetup",
"path" : "HKU:\\Default\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
}
]
]
}

33
modules.d/GPO_Phone.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Phone (GPO)",
"Description" : "This module desactivate Phone access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessPhone",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessPhone_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessPhone_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessPhone_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

56
modules.d/GPO_Privacy.conf Normal file
View file

@ -0,0 +1,56 @@
{
"Name" : "Privacy (GPO)",
"Description" : "This module set some privati life settings like GPO does.",
"actions" :
[
{
"_comment" : "Disable hand writing share",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\TabletPC",
"action" : "AddRegKey",
"key" : "PreventHandwritingDataSharing",
"value" : "1"
},
{
"_comment" : "Disable hand writing error reporting",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\HandwritingErrorReports",
"key" : "PreventHandwritingErrorReports",
"value" : "1"
},
{
"_comment" : "Disable Inventory Collector",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppCompat",
"key" : "DisableInventory",
"value" : "1"
},
{
"_comment" : "Disable camera on lock screen",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization",
"key" : "NoLockScreenCamera",
"value" : "1"
},
{
"_comment" : "Disable notification for tile, application and Lockscreen (non GPO key)(current user)",
"action" : "AddRegKey",
"path" : "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PushNotifications",
"key" : "ToastEnabled",
"value" : "0"
},
{
"_comment" : "Disable notification for tiles, applications and lockscreen (non GPO key)(user template hive)",
"action" : "AddRegKey",
"path" : "HKU:\\Default\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PushNotifications",
"key" : "ToastEnabled",
"value" : "0"
},
{
"_comment" : "Disable user experience amelioration program ",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\SQMClient\\Windows",
"key" : "CEIPEnabled",
"value" : "0"
}
]
}

33
modules.d/GPO_Radios.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Radios (GPO)",
"Description" : "This module desactivate Radios (Bluetooth, Wifi ...) access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessRadios",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessRadios_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessRadios_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessRadios_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

35
modules.d/GPO_SettingSync.conf Normal file
View file

@ -0,0 +1,35 @@
{
"Name" : "Setting Sync (GPO)",
"Description" : "This module desactivate Setting sync between devices like GPO did.",
"actions" :
[
{
"_comment" : "Disable Setting Sync",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync",
"key" : "DisableSettingSync",
"value" : "1"
},
{
"_comment" : "Disable Possibility for user to reactivate setting sync",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync",
"key" : "DisableSettingSyncUserOverride",
"value" : "1"
},
{
"_comment" : "Disable Setting Sync for third party Apps",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync",
"key" : "DisableApplicationSettingSync",
"value" : "1"
},
{
"_comment" : "Disable Possibility for user to reactivate setting sync for third party Apps",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync",
"key" : "DisableApplicationSettingSyncUserOverride",
"value" : "1"
}
]
}

33
modules.d/GPO_SyncDevices.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Sync with devices (GPO)",
"Description" : "This module desactivate sync with devices for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsSyncWithDevices",
"value" : "0"
},
{
"_comment" : "The 3 bottom keys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsSyncWithDevices_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsSyncWithDevices_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsSyncWithDevices_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

33
modules.d/GPO_Tasks.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "Tasks (GPO)",
"Description" : "This module desactivate Tasks access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessTasks",
"value" : "0"
},
{
"_comment" : "The 3 bottom keys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessTasks_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessTasks_ForceAllowTheseApps",
"type" : "MultiString"
},
{
" action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessTasks_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

15
modules.d/GPO_Teredo.conf Normal file
View file

@ -0,0 +1,15 @@
{
"Name" : "Teredo (GPO)",
"Description" : "This module desactivate Teredo pseudo interface like GPO did.",
"actions" :
[
{
"_comment" : "Disable Teredo with key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition",
"key" : "Teredo_State",
"value" : "Disable",
"type" : "String"
}
]
}

33
modules.d/GPO_TrustedDevices.conf Normal file
View file

@ -0,0 +1,33 @@
{
"Name" : "TrustedDevices (GPO)",
"Description" : "This module desactivate Trusted Devices access for third party Apps like GPO did.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessTrustedDevices",
"value" : "0"
},
{
"_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessTrustedDevices_UserInControlOfTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessTrustedDevices_ForceAllowTheseApps",
"type" : "MultiString"
},
{
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy",
"key" : "LetAppsAccessTrustedDevices_ForceDenyTheseApps",
"value" : "MultiString"
}
]
}

13
modules.d/GPO_Wifi.conf Normal file
View file

@ -0,0 +1,13 @@
{
"Name" : "Contact, open and paid Wifi (GPO)",
"Description" : "This module desactivate Wifi connexion to shared network by contacts, paid and open AP like GPO does.",
"actions" :
[
{
"_comment" : "This is the principal reg key controlled by GPO",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config",
"key" : "AutoConnectAllowedOEM",
"value" : "0"
} ]
}

35
modules.d/GPO_WindowsDefender.conf Normal file
View file

@ -0,0 +1,35 @@
{
"Name" : "Windows Defender (GPO)",
"Description" : "This module Desactivate somes Windows Defender functionnallity like GPO does.",
"actions" :
[
{
"_comment" : "Disable Spynet Reporting",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet",
"key" : "SpyNetReporting",
"value" : "0"
},
{
"_comment" : "Disable sample submission to Microsoft",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet",
"key" : "SubmitSamplesConsent",
"value" : "2"
},
{
"_comment" : "Do not report infection informations to Microsoft",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\MRT",
"key" : "DontReportInfectionInformation",
"value" : "1"
},
{
"_comment" : "Do not allow setting override for Spynet reporting",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet",
"key" : "LocalSettingOverrideSpynetReporting",
"value" : "0"
}
]
}

49
modules.d/GPO_WindowsStore.conf Normal file
View file

@ -0,0 +1,49 @@
{
"Name" : "Windows Store (GPO)",
"Description" : "This module Desactivate Windows Store functionnality like GPO does.",
"actions" :
[
{
"_comment" : "Disable All Windows Store Application - Appx (Windows Entreprise and Education)",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore",
"key" : "DisableStoreApps",
"value" : "1"
},
{
"_comment" : "Disable Windows Store (Windows Pro, Entreprise ans Education)",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore",
"key" : "RemoveWindowsStore",
"value" : "1"
},
{
"_comment" : "Disable Open with Windows Store in Explorer (Windows Pro, Entreprise and Education)",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
"key" : "NoUseStoreOpenWith",
"value" : "1"
},
{
"_comment" : "Show only private repository (Windows Pro, Entreprise and Education)",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore",
"key" : "RequirePrivateStoreOnly",
"value" : "1"
},
{
"_comment" : "Disable message to update tu Windows last version (Windows Pro, Entreprise and Education)",
"action" : "AddRegKey",
"path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\WindowsStore",
"key" : "DisableOsUpgrade",
"value" : "1"
},
{
"_comment" : "Disable push to install (Windows Pro, Entreprise and Education)",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\PushToInstall",
"key" : "DisablePushToInstall",
"value" : "1"
}
]
}

22
modules.d/GPO_WindowsTips.conf Normal file
View file

@ -0,0 +1,22 @@
{
"Name" : "Windows Tips (GPO)",
"Description" : "This module desactivate Windows tips like GPO does.",
"actions" :
[
{
"_comment" : "Do not display Windows Tips",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent",
"key" : "DisableSoftLanding",
"value" : "1"
}
,
{
"_comment" : "Disable Windows Consumers Features",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent",
"key" : "DisableWindowsConsumerFeatures",
"value" : "1"
}
]
}

70
modules.d/GPO_WindowsUpdate.conf Normal file
View file

@ -0,0 +1,70 @@
{
"Name" : "Windows Update (GPO)",
"Description" : "Disable sone Windows Update features like GPO does.",
"actions" :
[
{
"_comment" : "Disable Download Optimization",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization",
"key" : "DODownloadMode",
"value" : "0"
},
{
"_comment" : "Disable Peer to Peer connection for Windows Update",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Peernet",
"key" : "Disabled",
"value" : "1"
},
{
"_comment" : "Notify Update download and installation",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU",
"key" : "AUOptions",
"value" : "2"
},
{
"_comment" : "Activate Windows Update all day ( 0:All days, 1:sunday, 2:monday, ...",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU",
"key" : "ScheduledInstallDay",
"value" : "0"
},
{
"_comment" : "Define hour of installation",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU",
"key" : "ScheduledInstallTime",
"value" : "12"
},
{
"_comment" : "Enable Defered Updates (Windows Pro and +) (https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb)",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"key" : "DeferFeatureUpdates",
"value" : "1"
},
{
"_comment" : "Select CBB branch for Defered Updates",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"key" : "BranchReadinessLevel",
"value" : "32"
},
{
"_comment" : "Defer Feature installation for 1 year",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"key" : "DeferFeatureUpdatesPeriodInDays",
"value" : "365"
},
{
"_comment" : "Disable drivers update",
"action" : "AddRegKey",
"path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU",
"key" : "ExcludeWUDriversInQualityUpdate",
"value" : "1"
}
]
}

10
modules.d/SER_Location.conf Normal file
View file

@ -0,0 +1,10 @@
{
"name" : "Disable Location Service",
"description" : "This module disable location service",
"actions" : [
{
"action" : "DisableService",
"name" : "lfsvc"
}
]
}