diff --git a/README.md b/README.md index 79e1a67..b3651e3 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,251 @@ -Win10 privacy helper script -========================== +Clean Win10 +=========== -This Powershell script disable some anti-privacy Windows 10 features. -I created this for my work needs. +CleanW10 est un script powershell pour rendre Windows plus respectueux de la +vie privée de son|ses utilisateur(s) - Utilisatrice(s). Il réalise tout un tas +d'actions afin de désactiver, supprimer, modifier des composant du système et +applications tierces. - * redirect some Microsoft domain known to 0.0.0.0 - * add firewall rules to block some Ms IP used to collect data - * disable some Windows 10 features (Fax, MediaPlayer ...) - * disable somes services - * disable most Modern Apps (because there are useless ...) - * disable some task - * write plenty of reg key to disable some features : - * advertising - * geolocation - * telemetry - * disable apps righs - * disable MS Account for login - * Onedrive - * (...) +Ce script est avant tout destiné aux utilisateurs avancés, il réalise beaucoup +d'actions normalement réservées aux GPO (version pro et entreprise de Windows +mais accessible) via la base de registre, ou autre (désactivation de +services par exemple) -### Warning! +# Actions réalisées -Do not use this script if you're logged with a MS Account on your -Windows sesssion. Because this script disable MS Account, your account -may be blocked and you could not login again. +CleanW10 réalise beaucoup d'actions, en voici une liste non exhaustive : + + * Désinstallation d'applications universelles (ModernApp) pour l'utilisateur + et en version provisionnée. Attention, **Windows Store sera aussi supprimé**. + * Blocage d'applications dans le pare-feu Windows (explorer, Cortana, + Edge). Attention, **vous ne pourrez plus utiliser Edge**. + * Blocage d'adresse IP Microsoft connue pour récolter des données de + télémétrie. Attention, des IP utilisées pour **Skype et Outlook** seront + bloquées. + * Blocage de noms de domaine appartenant à Microsoft connus pour récolter des + données + * Désintallation de OneDrive + * Désactivation des comptes Microsoft. Attention, si vous utilisew des + comptes Microsoft sous Windows 10, **transformez-le en compte local AVANT de + lancer CleanW10**. + * Désactivation des droits pour les applications (caméra, localisation, + synchronisation des contacts / calendriers etc.) + * Modifications des paramètres relatifs au programme d’amélioration de + l’expérience utilisateur (apprentissage de la saisie clavier, envoi de + rapports d'erreurs ...) + * Désactivation des services relatifs aux données personnelles / de + télémétrie. + * Supression des tâches planifiées problématiques pour les données + personelles + +# Lancer le CleanW10 + +Par défaut, Windows n'autorise pas l'execution de script powershell non signé +ou dont il ne connait pas la signature. Pour exécuter ce script, Il est donc +conseillé d'exécuter la commande suivante dans une fenêtre powershell en mode +administrateur : + +``` +Set-ExecutionPolicy unrestricted +``` + +Vous pouvez cependant lancer ``launcher.cmd`` en tant qu'administrateur.Il se +chargera de basculer la politique de sécurité relative à powershell, de lancer +CleanW10 puis de la remettre à son état initial. + +## Options de la ligne de commande + +voici les options du script en ligne de commande : + +``` +CleanW10.ps1 -module -dir -debug +``` + +### -module + +Avec cette option vous pouvez executer un seul module. Le paramètre est suivi +par le chemin complet du fichier module. + +### -dir + +Cette option donne le chemin complet vers le répertoire contenant les modules à +executer, par défaut ``./modules.d/``. Elle est imcompatible avec ``-module`` + +### -debug + +Affiche des information de debug en plus des messages relatifs au script. + +# Comment ça marche? + +Le script fonctionne à partir de modules sous forme de fichiers écrits en JSON. +Un module contient un ensemble d'actions à réaliser ainsi que leurs paramètres. +Voici un exemple de fichier module : + +```JSON +{ + "name" : "Block Telemetry IPs", + "description" : "Block IPs relative to Microsoft telemery.", + "actions" : + [ + { + "_comment" : "Block telemetry IPS", + "action" : "FwBlockOutputIP", + "file" : "telemetry.txt" + }, + { + "_comment" : "Block IP relative to Skype and Messenger", + "action" : "FwBlockOutputIP", + "file" : "skype-msn.txt" + } + ] +} +``` + +Chaque module contient un nom (``name``), une description (``description``) et +une série d'actions à réaliser (``actions``). + +Une action contient une instruction à réaliser (ici ``FwBlockOutputIP``), +éventuellement un commentaire (``_comment``) puis un ou plusieurs paramètre(s) +en fonction de l'action. Voici une liste des actions disponibles : + +## Liste des actions + +### BlockHost + +Bloque un ou plusieurs noms d'hôtes via le fichier hosts, les paramètres de +cette action sont : + + * ``host`` : nom d'hote à bloquer + * ``file`` : nom du fichier contenant une adresse IP par ligne pour un + traitement par lots. Voir la section (#fichiers-externes)[fichiers] + * ``firewall`` [Booléen] : Bloque la ou les adresse(s) IP relative au nom + d'hôte par le module FwBlockOutputIP + + Activer ce paramètre permet de bloquer par le firewall certains hôtes pour + lesquels Windows ne prends pas en compte le fichier hosts. + +### FwBlockOutputIP + +Bloque une ou plusieurs adresse(s) IP, les paramètres relatifs à cette action +sont : + + * ``ip`` : adresse IP à bloquer + * ``file`` : nom du fichier contenant une adresse IP par ligne pour un + traitement par lot. Voir la section [#fichiers-externes](fichiers) -### Licence +### FwBlockProgram -Do what you're want with it and feel fre to offer me a beer :) +Bloque un ou plusieurs programmes dans le pare-feu, les paramètres relatifs à +cette action sont : + + * ``name`` : ce paramètre est utilisé pour créer le nom de la règle du + pare-feu Windows - facultatif, utilise le chemin complet si absent + * ``path`` : chemin complet vers l'exécutable à bloquer. + * ``file`` : nom du fichier contenant un chemin par ligne pour un traitement + par lot. Voir la section [#fichiers-externes](fichiers) + + +### AddRegKey + +Ajoute ou modifie une clé de registre. Si une clé concerne l'utilisateur +courant (HKCU) alors la clé sera ajoutée / modifiée pour tous les utilisateurs +mais aussi sur le gabarit de registre pour la création d'utilisateurs. Les +paramètres sont : + + * ``path`` : chemin vers la clé + * ``key`` : la clé + * ``value`` : la nouvelle valeur - facultatif + * ``type`` : le type de valeur (DWord QWord, Multistring ...) - facutlatif, + DWord par défaut + +### DelRegKey + +Supprime une clé de registre, les mêmes actions que pour ``AddRegKey`` seront +réalisées si la clé concerne HKCU. Les paramètres sont : + + * ``path`` : chemin vers la clé + * ``key`` : clé à supprimer. + +### UninstallModernApp + +Désintalle une ou plusieurs applications universelles, les paramètres sont : + + * ``name`` : nom de l'application à désintaller + * ``removeProvisionned`` [Booléen] : supprimer aussi des application + provisionnées (que le système réinstallera pour tout nouvel utilisateur créé) + * ``file`` : nom du fichier contenant un nom d' application par ligne pour un + traitement par lots. Voir la section [fichiers externes](#fichiers-externes) + +### DisableService + +Désactive un service, les paramètres sont : + + * ``name`` : nom du service à désactiver + * ``userService`` [Booléen] : service est lancé en mode utilisateur. Pour + désactiver la création du service par utilisateur, la clé de registre + ``userServiceFlag`` sera modifiée. + * ``file`` : nom du fichier contenant un nom de service par ligne pour un + traitement par lots. Voir la section [fichiers externes](#fichiers-externes) + + +### RemoveSchedukedTask + +Désactive une tâche planifiés, les paramètres sont : + + * ``name`` : nom de la tache planifiée + * ``path`` : chemin de la tache planifiée - facultatif + * ``file`` : nom du fichier contenant un nom de tâche par ligne pour un + traitement par lots. Voir la section [fichiers externes](#fichiers-externes) + +### DisableFeature + +Désactive une fonctionnalité de Windows (accessible via dism.exe) les paramètres +sont : + + * ``name`` : nom de la fonctionnalité + * ``file`` : nom du fichier contenant un nom de fonctionnalité par ligne pour + un traitement par lot. Voir la section [fichiers externes](#fichiers-externes) + +### KillProcess + +Tue un processus, le paramètre est : + + * ``name`` : nom du processus à tuer + +### DelFile + +Supprime un fichier / dossier, les paramètres sont : + + * ``path`` : chemin du fichier / dossier à supprimer + * ``recurse``[Booléen] : supprimmer de manière récursive. - facultatif + +### ExecCommand + +Executer un commande, les paramètres sont : + + * ``path`` : chemin vers l'exécutable. Celui-ci peut contenir des variables + d'environnement powershell comme par exemple ``"$env:systemroot\``, Si la + * ``arguments`` : liste des arguments + +## Fichiers externes + +Pour certaines actions il est possible de charger un fichier externe pour du +traitement par lot. Ce peut être le cas pour ``BlockHost`` par exemple. Il +faut alors renseigner le paramètre ``file`` dans l'action correspondante avec +le nom du fichier à charger, Celui-ci decra se trouver **obligatoirement** dans +un sous-dossier portant le même nom que le fichier module. + +Prenons l'exemple du module FW_Hosts.conf, il contient l'action ``BlockHost`` +avec commr paramètre ``file`` hosts.txt, voici donc l'arborescence obtenue : + +``` +modules.d\FW_Hosts\hosts.txt +modules.d\FW_Hosts.conf +``` + +# Licence + +Ce script est disponible sous licence Beeware : utilisez, copiez, modifiez, +redistribuez comme ça vous chante. Et offrez-moi une bière si l'on se recontre +un de ces 4 (et si ça vous chante). diff --git a/cleanW10.ps1 b/cleanW10.ps1 index bcd583d..20e66c8 100755 --- a/cleanW10.ps1 +++ b/cleanW10.ps1 @@ -1,225 +1,540 @@ +param ( + [cmdletbinding()] + [string]$dir="modules.d", + [string]$module, + [switch]$debug = $false + ) #requires -RunAsAdministrator -Import-Module NetSecurity #Useful to manipulate firewall rules +Import-Module NetSecurity #Useful to manipulate firewall rules +Set-StrictMode -Version 2 +#$PSDefaultParameterValues=@{$dir = "./modules.d"} $HOST_FILE = "$env:windir\System32\drivers\etc\hosts" $HOST_IP = "0.0.0.0" -$ErrorActionPreference = "SilentlyContinue" +$FW_RULE_NAME_PREFIX = "CleanW10" +$IP4_REGEX = "((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" +$ProgressPreference = "SilentlyContinue" #Thanks to https://gist.github.com/markembling/173887 -function block_shitty_host { - param([string]$filename, [string]$ip, [string]$hostname) - remove-host $filename $hostname - Write-Host -NoNewline "`t$hostname :" - try { - if ( ! $(is_host_present $filename $hostname) ){ - $ip + "`t`t" + $hostname | Out-File -encoding ASCII -append $filename +function BlockHost { + param( + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + if ( $params.ContainsKey('file') ) { + if ( -not $params.ContainsKey('firewall') -or $params.firewall -eq "" ) { + $params.firewall = $false } - else { - Write-Host -ForegroundColor Yellow "already blocked " - return + Get-Content $params.file | where { $_ -notmatch "^#.*$|^$" } | Foreach{ BlockHost -params @{host=$_;firewall=$params.firewall} } + } + elseif ( $params.ContainsKey('host') -and $params.host -ne "" ) { + Write-Host "`n`tBlock host $($params.host) : " + try { + if ( $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){ + #If host is in hosts.conf, verify that ip is blocked in FW + if ( $params.ContainsKey('firewall') -and $params.firewall -eq $true ) { + $tmp = Get-Content $HOST_FILE | Where { $_ -ne "$HOST_IP`t`t$($params.host)" } + Set-Content $HOST_FILE $tmp + BlockHostByIP $params.host + $HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE + } + Write-Host -ForegroundColor Yellow "`t`tHost Already blocked" + } + else { + if ( $params.ContainsKey('firewall') -and $params.firewall -eq $true ) { + BlockHostByIP $params.host + } + $HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE + Write-Host -ForegroundColor Green "`t`tHost blocked" + } + } + catch { + Write-Host -ForegroundColor Red "`t`tError" + Write-Debug $Error[0].Exception.Message } } - catch { - Write-Host -ForegroundColor Red "error" - return + else { + Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" } - Write-Host -ForegroundColor Green "done" } -function is_host_present { - param([string]$filename, [string]$hostname) - $c = Get-Content $filename - - foreach ($line in $c) { - $bits = [regex]::Split($line, "\t+") - if ($bits[1] -eq $hostname) { - return $true +function BlockHostByIP { + param( + [string]$hostname + ) + #$resolv = [system.net.Dns]::GetHostAddresses($hostname) | Select IPAddressToString + $resolv = Resolve-DnsName $hostname -ErrorAction SilentlyContinue | Where { $_.type -match "^A{1,4}$" } | select Address + $resolv | Foreach { + Write-Host -NoNewLine "`t" + $ip = $_.Address + Write-Debug "Found a valid IP $ip" + $rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } | Get-NetFirewallRule + if ( $rule ) { + Write-Host -NoNewLine " exist " + Write-Host -ForegroundColor yellow $rule.name } + else { + FwBlockOutputIP @{ + ip=$ip; + name="H_$hostname" + } + } + } +} + +function IsHostAlreadyBlocked { + param([string]$filename, [string]$hostname) + $c = Get-Content $filename | where { $_ -eq "$HOST_IP`t`t$hostname" } + Write-Debug "`tMatch hostname on host file : $c" + if ( $c ) { + return $true } return $false } -function block_shitty_ip { - param($ip) - Write-Host -NoNewline "`t$ip : " - if ( Get-NetFirewallRule -Name Blacklist_$ip -ErrorAction SilentlyContinue) { - Write-Host -ForegroundColor Yellow "already blacklisted" - return +function FwBlockOutputIP { + param( + [object]$params + ) + if ( $params.ContainsKey('file') ) { + Get-Content $params.file | where { $_ -notmatch "^#.*$|^$" } | Foreach { FwBlockOutputIP @{ip=$_} } + } + elseif ( $params.ContainsKey('ip') ) { + if (-not $params.ContainsKey('name') -or $params.name -eq "" ) { + $name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.ip + } + else { + $name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name + "-" + $params.ip + } + Write-Host -NoNewline "`tAdd FW IP rule $name ($($params.ip)) : " + $rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $params.ip } | Get-NetFirewallRule + if ( $rule ) { + Write-Host -NoNewLine " exist " + Write-Host -ForegroundColor yellow $rule.name + } + else { + Try { + New-NetFirewallRule -Name "$name" -DisplayName "$name" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null + Write-Host -ForegroundColor Green "Done" + } + Catch { + Write-Host -ForegroundColor Red "Error" + Write-Debug $Error[0].Exception.Message + } + } } else { - Try { - New-NetFirewallRule -Name Blacklist_$ip -DisplayName "BlackList $ip" -Protocol any -Enabled True -Profile Any -RemoteAddress $ip -Action Block | Out-Null + Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" + } +} + +function FwBlockProgram { + param ( + [cmdletbinding( + DefaultParameterSetName='params' + )] + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + if ( $params.ContainsKey('file') ) { + Get-Content $params.file | where { $_ -notmatch "^#.*$|^$" } | Foreach { FwBlockProgram @{path=$_} } + } + elseif ( $params.ContainsKey('path') ) { + $path = Invoke-Expression """$($params.path)""" + if ( -not $params.ContainsKey('name') -or $params.name -eq "" ) { + $name = $FW_RULE_NAME_PREFIX + "_PROG_" + $params.path } - Catch { - Write-Host -ForegroundColor Red "error" + $name = $FW_RULE_NAME_PREFIX + "_PROG_" + $params.name + Write-Host -NoNewline "`tAdd FW program rule $name ($($path)) : " + if ( Get-NetFirewallRule -Name $name -ErrorAction SilentlyContinue) { + Write-Host -ForegroundColor Yellow "already exist" + return + } + if ( -not (Test-Path $path) ) { + Write-Host -Foregroundcolor Red "Error (path not found)" return } - Write-Host -ForegroundColor Green "done" - } -} - -function remove_shitty_tasks () { - param($taskList) - Foreach ($task in $taskList){ - Write-Host -NoNewline "`t$task : " - if ($PSVersionTable.PSVersion.Major -gt 2) { - if (Get-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue) { - Write-Host -NoNewline -ForegroundColor DarkGreen "found! " - Write-Host -Nonewline -ForegroundColor white "removing : " - Try {Unregister-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue -Confirm:$false} - Catch { - Write-Host -Nonewline -ForegroundColor Red "error" - } - Write-Host -ForegroundColor Green "done" - } - else { Write-Host -ForegroundColor Yellow "already removed"} - } - else { - Write-Host -ForegroundColor Red "damned! this is not Windows 10!" - } - } -} - -# Modify a reg value -# Params : -# path : the complete path to reg key -# key : key name -# value : The value to write -function modify_shitty_reg_value { - param([string]$path, [string]$key, [string]$value, [string]$type) - Write-Host -NoNewline "`t$key reg key to $value : " - if (!(Test-Path $path)){ - Write-Host -NoNewline "creating path " - New-Item -Path $path -Force | Out-Null - } - - try { - if ($type) { - Set-ItemProperty -Path $path -Name $key -Value $value -Type $type -Force - } - else { - Set-ItemProperty -Path $path -Name $key -Value $value -Type Dword -Force - } - } - catch [System.Security.SecurityException]{ - Write-Host -ForegroundColor Red "access denied" - return - } - catch { - Write-Host -ForegroundColor Red "error" - Write-Host "`t$Error[0]" - return - } - Write-host -ForegroundColor Green "done" -} - -# Delete a reg key -# Params : -# path : the complete path to reg key -# key : key name -function delete_shitty_reg_key { - param([string]$path, [string]$key) - Write-Host -NoNewline "`tDelete key $key reg : " - if (!(Test-Path $path)){ - Write-Host -ForegroundColor Red -NoNewline "path not found" - return - } - - try { - Remove-ItemProperty -Path $path -Name $key - } - catch [System.Security.SecurityException]{ - Write-Host -ForegroundColor Red "access denied" - return - } - catch { - Write-Host -ForegroundColor Red "error" - Write-Host "`t$Error[0]" - return - } - Write-host -ForegroundColor Green "done" -} - -# Function to remove shitty prog from shitty win -# Params : -# $name : Feature name -function disable_shitty_feature { - param ($name) - Write-Host -NoNewline "`t$name : " - $requestInstall = dism /online /Get-FeatureInfo /FeatureName:$name /English - $isInstalled = $requestInstall | Select-String "state" - If ($isInstalled -match "Enable") { try { - Dism /online /Disable-Feature /FeatureName:$name /NoRestart | Out-Null + New-NetFirewallRule -Name "$name" -DisplayName "$name (program : $($params.path))" -Program "$path" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress any -Action Block | Out-Null + Write-Host -ForegroundColor Green "done" } catch { Write-Host -ForegroundColor Red "error" - Return + Write-Debug $Error[0].Exception.Message } + } + else { + Write-Host -ForegroundColor Red "`tError : No path or file for action $($MyInvocation.MyCommand.Name)" + } +} + +function RemoveScheduledTask () { + param ( + [cmdletbinding( + DefaultParameterSetName='params' + )] + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + if ( $params.ContainsKey('file') ) { + Get-Content $params.file | where { $_ -notmatch "^#.*$|^$" } | foreach { RemoveScheduledTask @{name=$_} } + } + elseif ( $params.ContainsKey('name') ) { + $command = "Get-ScheduledTask -ErrorAction Stop -TaskName `"$($params.name)`"" + if ($params.ContainsKey('path') -and $params.path -ne '') { + $command += " -TaskPath `"$($params.path)`"" + } + else { $params.path="" } + try { + $task = Invoke-Expression $command + Write-Host -NoNewline "`tRemove task $($params.name) : " + $task | Unregister-ScheduledTask -ErrorAction SilentlyContinue -Confirm:$false + Write-Host -ForegroundColor Green "done" + } + catch [Microsoft.PowerShell.Cmdletization.Cim.CimJobException]{ + Write-Host -ForegroundColor Yellow "`tScheduled Task $($params.path)$($params.name) not found" + } + catch { + Write-Host -NoNewLine -ForegroundColor Red "`tError in RemoveSheduledTask" + Write-Debug $Error[0].Exception.Message + } + } + else { + Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" + } +} + +function AddRegKey { + param( + [Parameter(Mandatory=$true)] + [object]$params + ) + if ( -not $params.ContainsKey('path') -or -not $params.ContainsKey('key') ) { + Write-Host -ForegroundColor Red -NoNewline "Error in AddRegKey : no path, key or value`n" + return + } + if ( -not $params.ContainsKey('value') ) { + $params.value = $null + } + if ( -not $params.ContainsKey('type') -or $params.type -eq "" ){ $params.type="DWord" } + + #When keypath start with HKCU, we need to apply it ro all users + if ( ($params.path).StartsWith("HKCU") ) { + $script:users | Foreach { + #If so, we need to put the key on all users hives + AddRegKey @{ + path = (($params.path).replace('HKCU:','HKU:\' + $_.sid)); + key = $params.key; + value = $params.value; + type = $params.type + } + } + #then put key to default user hive + AddRegKey @{ + path = (($params.path).replace('HKCU:','HKU:\Default')); + key = $params.key; + value = $params.value; + type = $params.type + } + return + } + + #Let's begin... + Write-Host -NoNewline "`t$($params.path.substring(0,30))...$($params.key) reg key to '$($params.value)' : " + if ( -not (Test-Path $params.path) ){ + Write-Host -NoNewline -ForegroundColor DarkGreen "creating path " + try { + New-Item -Path $params.path -Force | Out-Null + } + catch { + Write-Host -NoNewLine -ForegroundColor Red "Error" + Write-Debug $Error[0].Exception.Message + return + } + } + + # Test if the key already exist + try { + $current_value = (Get-ItemPropertyValue -Path $params.path -Name $params.key) + #current_value and params.value both empty need a special condition + if ( ( [string]::IsNullOrWhitespace($current_value) -and [string]::IsNullOrWhitespace($params.value) ) -or ($current_value -eq $params.value) ) { + Write-Host -ForegroundColor Yellow "Already done" + return + } + else { Write-Host -NoNewline -ForegroundColor DarkGreen " old value $current_value - " } + } + catch { + Write-Host -NoNewline -ForegroundColor DarkGreen "new key " + } + + # Put the key + try { + Set-ItemProperty -Path $params.path -Name $params.key -Value $params.value -Type $params.type -Force Write-Host -ForegroundColor Green "done" } - else { - Write-Host -ForegroundColor Yellow "already disable" + catch [System.Security.SecurityException]{ + Write-Host -ForegroundColor Red "Error (access denied)" + } + catch { + Write-Host -NoNewLine -ForegroundColor Red "Error" + Write-Debug $Error[0].Exception.Message } } -# remove unwanted "Modern App" -# Params -# $pkg : Package (Object) -function remove_shitty_modern_app { - param($pkg) - Write-Host -NoNewLine "`t$($pkg.Name) :" - try { - $pkg | Remove-AppxPackage - } - catch { - Write-Host -ForegroundColor Red "error" - write-Host $Error[0] +function DelRegKey { + param( + [Parameter(Mandatory=$true)] + [object]$params + ) + #When keypath start with HKCU, we need to apply it ro all users + if ( ($params.path).StartsWith("HKCU") ) { + $script:users | Foreach { + #If so, we need to put the key on all users hives + DelRegKey @{ + path = (($params.path).replace('HKCU:','HKU:\' + $_.sid)); + key = $params.key; + } + } + #then put key to default user hive + DelRegKey @{ + path = (($params.path).replace('HKCU:','HKU:\Default')); + key = $params.key; + } return - } - Write-Host -ForegroundColor Green "done" -} - -function remove_provisioned_shitty_modern_app { - param($pkg) - Write-Host -NoNewline "`t$($pkg.DisplayName) : " + } + Write-Host -NoNewline "`tDelete registery key $($params.key) : " + if ( ! (Test-Path $params.path) ){ + Write-Host -ForegroundColor Red "Error (path not found)" + return + } try { - $pkg | Remove-AppxProvisionedPackage -Online | Out-Null - } - catch { - Write-Host -ForegroundColor red "error" - Write-Host $Error[0] - return - } - Write-Host -ForegroundColor Green "done" -} - -function disable_shitty_service { - param([string]$name) - Write-Host -NoNewline "`t$name : " - $serv = Get-Service -name $name - if ( !$serv) { - Write-Host -ForegroundColor Red "not found" + Get-ItemProperty -Path $params.path -Name $params.key -ErrorAction Stop | Out-Null + } + catch { + Write-Host -ForegroundColor Yellow "key not exist (already deleted?)" return } - if ( $serv.StartType -eq "Disable") { + try { + Remove-ItemProperty -Path $params.path -Name $params.key + Write-host -ForegroundColor Green "done" + } + catch [System.Security.SecurityException]{ + Write-Host -ForegroundColor Red "Error (access denied)" + } + catch { + Write-Host -ForegroundColor Red -NoNewLine "Error" + Write-Debug $Error[0].Exception.Message + } +} + +function DisableFeature { + param ( + [cmdletbinding( + DefaultParameterSetName='params' + )] + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + if ( $params.ContainsKey('file') ) { + Get-Content $params.file | where { $_ -notmatch "^#.*$|^$" } | foreach { DisableFeature @{name=$_} } + } + elseif ( $params.ContainsKey('name') ) { + $feature = $(dism /online /Get-FeatureInfo /FeatureName:$($params.name) /English) + $name = $feature | Select-String "Feature Name" | %{($_ -split " : ")[1]} + if (-not $name){ + Write-Host -ForegroundColor Yellow "`tFeature $params.name not found" + return + } + Write-Host -NoNewline "`tDisable Feature $name : " + if ( $($feature | Select-String "state") -match "Disable" ){ + Write-Host -ForegroundColor Yellow "already disable" + return + } + try { + Dism /online /Disable-Feature /FeatureName:$name /NoRestart | Out-Null + Write-Host -ForegroundColor Green "done" + } + catch { + Write-Host -ForegroundColor Red "Error" + Write-Debug $Error[0].Exception.Message + } + } + else { + Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" + } +} + +function UninstallModernApp { + param( + [cmdletbinding( + DefaultParameterSetName='params' + )] + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + if ( $params.ContainsKey('removeProvisioned') -and $params.removeProvisioned -eq $true ) { + UninstallModernProvisionedApp $params + } + if ( $params.ContainsKey('file') ) { + $pkgs = $(Get-AppxPackage -AllUsers).name + $uninstall_list = Get-Content $params.file | Where { $_ -notmatch "^#.*$|^$" } + $pkgs | Where-Object { $_ -in $uninstall_list } | Foreach { + UninstallModernApp @{name=$_} + } + $uninstall_list | Where-Object { $_ -notin $pkgs } | Foreach { + Write-Debug "`tModern App $_ not installed" + } + } + elseif ( $params.ContainsKey('name') ) { + Write-Host -NoNewLine "`tUninstall $($params.name) : " + try { + $(Get-AppxPackage -AllUsers | Where-Object { $_.name -like "*$($params.name)*" } | Remove-AppxPackage -AllUsers) + Write-Host -ForegroundColor Green "done" + } + catch { + Write-Host -NoNewLine -ForegroundColor Red "Error" + Write-Debug $Error[0].Exception.Message + } + } + else { + Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" + } +} + +function UninstallModernProvisionedApp { + param( + [cmdletbinding( + DefaultParameterSetName='params' + )] + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + if ( $params.ContainsKey('file') ) { + $pkgs = $(Get-AppxProvisionedPackage -Online).DisplayName + $list = Get-Content $params.file | Where { $_ -notmatch "^#.*$|^$" } + $pkgs | Where-Object { $_ -in $list } | Foreach { + UninstallModernProvisionedApp @{name=$_} + } + $list | Where-Object { $_ -notin $pkgs } | Foreach { + Write-Debug "`tProvisioned App $_ not found" + } + } + elseif ( $params.ContainsKey('name') ){ + Write-Host -NoNewLine "`tUninstall Provisioned $($params.name) :" + try { + $(Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $($params.name) }) | Remove-AppxProvisionedPackage -Online | Out-Null + Write-Host -ForegroundColor Green "done" + } + catch { + Write-Host -NoNewLine -ForegroundColor Red "`tError" + Write-Debug $Error[0].Exception.Message + } + } + else { + Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" + } +} + +function DisableService { + param ( + [cmdletbinding( + DefaultParameterSetName='params' + )] + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + if ( $params.ContainsKey('file') ) { + $services = $(Get-Service).name + $list = Get-Content $params.file | Where { $_ -notmatch "^#.*$|^$" } + $services | Where-Object { $_ -in $list } | Foreach { + DisableService @{name=$_} + } + + $list | Where-Object { $_ -notin $services } | Foreach { + Write-Debug "`t Service $_ not found" + } + } + elseif ( $params.ContainsKey('name') ) { + $service = Get-Service -Name $params.name + if ( -not $service ){ + Write-Host -ForegroundColor "`t Service $($params.name) not found" + return + } + Write-Host -NoNewline "`tDisable service $($params.name) : " + if ( $service.StartType -eq "Disable") { Write-Host -ForegroundColor Yellow "already disabled" + return + } + try { + Stop-Service -InputObject $service + $service | Set-Service -StartupType disabled -ErrorAction Stop + Write-Host -ForegroundColor Green "done" + } + catch { + Write-Host -ForegroundColor Red "Error" + Write-Debug $Error[0].Exception.Message + } + finally { + if ( $params.ContainsKey('userService') -and $params.userService -eq $true ) { + # For this kind of service, we need to add a key t create a user service + # Where user log-in. + AddRegKey @{ + path="HKLM:\SYSTEM\CurrentControlSet\Services\$($params.name)"; + key="UserServiceFlags" + value="0" + } + } + } } else { - Stop-Service -InputObject $serv -PassThru | Set-Service -StartupType disabled - Write-Host -ForegroundColor Green "done " + Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" } } -# Kill a process -# Param : -# $process : name of process to kill (String) -function kill_shitty_process { - param([string]$process) - Write-Host -NoNewLine "`tKilling $process : " +function KillProcess { + param( + [cmdletbinding( + DefaultParameterSetName='params' + )] + + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + Write-Host -NoNewLine "`tKilling $($params.name) : " try { - $p = Get-Process $process - Stop-Process $p | Out-Null + Stop-Process $(Get-Process $params.name -ErrorAction SilentlyContinue ) Write-Host -ForegroundColor Green "Done" } catch { @@ -227,131 +542,213 @@ function kill_shitty_process { } } -Write-Output "`nI's time to kick ass and chew bubble gum" -Write-Output "________________________________________`n" - -Write-Host -ForegroundColor White "Blacklist hosts :" -foreach ($line in Get-Content "lib\hosts.txt"){ block_shitty_host $HOST_FILE $HOST_IP $line } -Write-Host -ForegroundColor White "`nBlacklist IPs :" -foreach ($line in Get-Content "lib\ip.txt"){ block_shitty_ip $line } -Write-Host -ForegroundColor White "`nDisable features :" -foreach ($line in Get-Content "lib\features.txt"){ disable_shitty_feature $line } -Write-Host -ForegroundColor White "`nDisable services :" -foreach ($line in Get-Content "lib\services.txt") { disable_shitty_service $line } - -Write-Host -ForegroundColor White "`nRemove modern apps :" -Get-AppxPackage -AllUsers | Where-Object { $_.name -in $(Get-Content "lib\apps.txt")} | foreach { - remove_shitty_modern_app $_ +function DelFile { + param ( + [cmdletbinding( + DefaultParameterSetName='params' + )] + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + $path = Invoke-Expression """$($params.path)""" + Write-Host -NoNewline "`tDelete $path : " + if ( -not (Test-Path $path) ){ + Write-Host -ForegroundColor Yellow "not found" + return + } + $command = "Remove-Item -ErrorAction SilentlyContinue -Force -Path `"$path`"" + if ( $params.ContainsKey('recurse') -and $params.recurse -eq $true ) { + $command += "-Recurse" + } + try { + Invoke-Expression $command + Write-Host -ForegroundColor Green "done" + } + catch { + Write-Host -ForegroundColor Red "`tError" + write-Debug $Error[0].Exception.Message + } } -Write-Host -ForegroundColor White "`nRemove provisioned modern apps :" -Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -in $(Get-Content "lib\apps.txt")} | foreach { - remove_provisioned_shitty_modern_app $_ -} -Write-Host -ForegroundColor White "`nRemove tasks :" -foreach ($line in Get-Content "lib\tasks.txt") {remove_shitty_tasks $line } - -#Remove all OneDrive Stuff thanks to https://github.com/W4RH4WK/Debloat-Windows-10/ -Write-Host -ForegroundColor white "`nRemoving all Onedrive stuff :" - -# Kill onedrive qnd explorer for proper uninstallation -kill_shitty_process "onedrive" -kill_shitty_process "explorer" - -Write-Host "`tUninstalling Onedrive" -if (Test-Path "$env:systemroot\System32\OneDriveSetup.exe") { - & "$env:systemroot\System32\OneDriveSetup.exe" /uninstall -} -if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") { - & "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall -} -Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive" -Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive" -Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:systemdrive\OneDriveTemp" - -Write-Host "`tModify OneDrive shitty registery values :" -#OneDrive -modify_shitty_reg_value "HKLM:\Software\Policies\Microsoft\Windows\OneDrive" "DisableFileSyncNGSC" 1 -modify_shitty_reg_value "HKLM:\Software\Policies\Microsoft\Windows\OneDrive" "DisableFileSync" 1 -modify_shitty_reg_value "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" "OneDrive" "0300000021B9DEB396D7D001" "Binary" -# Onedrive Explorer integration -New-PSDrive -PSProvider Registry -Root HKEY_CLASSES_ROOT -Name HKCR | Out-Null -modify_shitty_reg_value "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0 -modify_shitty_reg_value "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0 -Remove-PSDrive -Name HKCR -Get-ScheduledTask -TaskPath '\' -TaskName 'OneDrive*' -ea SilentlyContinue | foreach { - remove_shitty_tasks $_ +function ExecCommand { + param ( + [cmdletbinding( + DefaultParameterSetName='params' + )] + [Parameter( + ValueFromPipeline=$False, + ParameterSetName="params", + Position = 0 + )] + [object]$params + ) + $path = $params.path.Replace("##mod_path##", $script:current_module_path) + $args = $params.arguments.Replace("##mod_path##", $script:current_module_path) + Write-Host "`n`tExecute $path : " + $path = Invoke-Expression """$($path)""" + if ( -not ((Test-Path $path) -or $path -eq "powershell") ) { + Write-Host -ForegroundColor Yellow "`t`tFile not found" + return + } + try { + Start-Process -NoNewWindow -wait -filepath $path -ArgumentList $args -ErrorAction Stop + Write-Host -ForegroundColor Green "`t`tExecution done" + } + catch { + Write-Host -NoNewLine -ForegroundColor Red "`tError`n`t`t" + Write-Debug $Error[0].Exception.Message + } } -reg load "hku\Default" "C:\Users\Default\NTUSER.DAT" | Out-Null -New-PSDrive -PSProvider Registry -Root HKEY_USERS -Name HKU | Out-Null -delete_shitty_reg_key "HKU:\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "OneDriveSetup" -Remove-PSDrive -Name HKU -reg unload "hku\Default" | Out-Null -Start-Process "explorer.exe" +function ProcessModuleFile { + param ( + [Parameter( + Mandatory=$true, + ValueFromPipeline=$True, + ParameterSetName="path" + )] + [string]$path + ) + try { + $mod = Get-Content $(Get-ChildItem $path).FullName -Raw | ConvertFrom-Json + } + catch { + Write-Host -ForegroundColor Red "Error While Loading JSON : $path `n`n" + Write-Debug $Error[0].Exception.Message + return + } + Write-Host -ForegroundColor White "`nProcess Module $($mod.name) `n" -#Advertiging... -Write-Host -ForegroundColor White "`nDisable Advertising :" -modify_shitty_reg_value "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\AdvertisingInfo" "Enabled" "0" -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" "DisabledByGroupPolicy" 1 + $mod.actions | Foreach { + $action_file = "" + $current_action = @{} + $script:current_module_path = $(Get-ChildItem $path).DirectoryName + "\" + $(Get-ChildItem $path).BaseName + '\' + foreach( $p in $_.psobject.properties.name ){ + $current_action[$p] = $_.$p + } + if ( -not $current_action.ContainsKey('action') ) { + Write-Host -ForegroundColor Red "`tError : action not found" + return + } + # If action content a file element, need to test if file exist + if ( $current_action.ContainsKey('file')) { + $action_file = $script:current_module_path + $current_action.file + if ( -not (Test-Path $action_file) ) { + Write-Host -ForegroundColor Red "`tError in $($mod.name) : file $action_file not found`n" + return + } + $current_action.file = $action_file + } + # Invoke function + if (Get-Command $($_.action) -ErrorAction SilentlyContinue ){ + Invoke-Expression "$($_.action) `$current_action" + } + else { + Write-Host -ForegroundColor Red "`tError in $($mod.name) : action $($_.action) not exist" + } + } +} -# Geoloc. -Write-Host -ForegroundColor White "`nDisable Geolocalization :" -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableLocation" 1 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableLocationScripting" 1 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableWindowsLocationProvider" 1 +Write-Output "`nIt's time to kick ass and chew bubble gum" +Write-Output "_________________________________________`n" -#smartscreen filter -Write-Host -ForegroundColor White "`nDisable Smartscreen filter :" -modify_shitty_reg_value "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" "EnableWebContentEvaluation" +$script:users = @() -# AllowTelemetry -Write-Host -ForegroundColor White "`nDisable Telemetry :" -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0 +try { + Write-Host -NoNewline "Mount Default user registery hive : " + reg load "HKU\Default" "C:\Users\Default\NTUSER.DAT" | Out-Null + New-PSDrive -PSProvider Registry -Root HKEY_USERS -Name HKU | Out-Null + Write-Host -ForegroundColor Green "done" + Write-Host -NoNewline "Mount HK_CLASSES_ROOT registery hive : " + New-PSDrive -PSProvider Registry -Root HKEY_CLASSES_ROOT -Name HKCR | Out-Null + New-PSDrive -PSProvider Registry -Root HKEY_CURRENT_USER -Name HKCU | Out-Null + Write-Host -ForegroundColor Green "done" +} +catch { + Write-Host -NoNewline -ForegroundColor Red "Error while mounting Registery`n`t" + Write-Debug $Error[0].Exception.Message + return +} -Write-Host -ForegroundColor White "`nModify somes Windows defendenr behaviors :" -# Windows Defender Delivery Optimization Download -modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" "DODownloadMode" "0" -# Windows Defender Behavior monitoring and Spynet reporting. -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableBehaviorMonitoring" 1 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "SpynetReporting" 0 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "SubmitSamplesConsent" 2 +#We need access to users registry hive for applying modifications to existing users +$profile_list = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" +Get-LocalUser | Where-Object { $_.Enabled -eq $true } | foreach { + $current_user_path = Get-ItemPropertyValue -Path "$profile_list$($_.SID.Value)\" -Name "ProfileImagePath" + $script:users += @{name = $_.name;'sid' = $_.SID.Value; 'was_mounted' = $false; 'directory' = $current_user_path} +} +Write-Host "Mount users registry hives :" +$script:users | foreach { + Write-Host -NoNewline "`tMount $($_.name) hive : " + if ( -not (Test-Path "HKU:\$($_.sid)") ) { + try { + reg load "HKU\$($_.sid)" "$($_.directory)\NTUSER.DAT" 2>&1 | Out-Null + Write-Host -ForegroundColor Green "done" + } + catch { + Write-Host -ForegroundColor Red "Error`n`t" + Write-Debug $Error[0].Exception.Message + } + } + else { + $_.was_mounted = $true + Write-Host -ForegroundColor Yellow "Already mounted" + } +} +if ( $debug ) { + $DebugPreference = "Continue" +} +if ( $module -and $( Test-Path $module ) ) { + Write-Host "File to process : $module" + $module | ProcessModuleFile +} +else { + Write-Host "Folder to process : $dir" + Get-ChildItem -Path $dir -Filter "*.conf" | foreach { + $_.FullName | ProcessModuleFile + } +} +Write-Host -Nonewline "`nRemove powershell access to HKCR, HKCU and HKU : " +try { + Remove-PSDrive -Name HKCR + Remove-PSDrive -Name HKCU + Remove-PSDrive -Name HKU + Write-Host -ForegroundColor Green "done" +} +catch { + Write-Host -NoNewline -ForegroundColor Red "Error`n`t" + Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message +} -Write-Host -ForegroundColor White "`nDisable Wifi-Sense :" -# WifiSense Credential Share -modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseCredShared" "0" -# WifiSense Open-ness -modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseOpen" "0" +[gc]::collect() +Write-Host "`nUnload Users hives : " +#Unmount Registery +$script:users | foreach { + Write-Host -Nonewline "`tUnmount $($_.name) hive : " + #Need to unmount all not-connected users hives" + if ($_.was_mounted -eq $false) { + try { + reg unload "HKU\$($_.sid)" 2>&1 | Out-Null + Write-Host -foregroundColor Green "Done" + } + catch { + Write-Host -NoNewline -ForegroundColor Red "Error`n`t" + Write-Host -ForegroundColor Red $Error[0].Exception.Message + } + } + else { Write-Host -ForegroundColor Yellow "Was mounted (User connected)" } +} - -# Disable Cortana -Write-Host -ForegroundColor White "`nDisable Cortana (online at least) :" -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" "AllowCortana" "0" -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" "ConnectedSearchUseWeb" "0" - -# App right. -Write-Host -ForegroundColor White "`nDisable rights for applications :" -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessAccountInfo" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCalendar" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCallHistory" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCamera" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessContacts" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessEmail" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessLocation" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMessaging" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMicrophone" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMotion" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessRadios" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessTrustedDevices" 2 -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsSyncWithDevices" 2 - -# MS Account -Write-Host -ForegroundColor White "`nDisable MS online account for login :" -modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" "NoConnectedUser" 3 - -# App suggestion (Cloud Content) -Write-Host -ForegroundColor White "`nDisable suggestions :" -modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" "DisableWindowsConsumerFeatures" 1 - -Write-Host "all done!" +Write-Host -nonewline "`nUnload default user hive : " +try { + reg unload "HKU\Default" 2>&1 | Out-Null + Write-Host -ForegroundColor Green "done" +} +catch { + Write-Host -NoNewline -ForegroundColor Red "Error`n`t" + Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message +} diff --git a/lib/hosts.txt b/lib/hosts.txt deleted file mode 100755 index 2008428..0000000 --- a/lib/hosts.txt +++ /dev/null @@ -1,130 +0,0 @@ -184-86-53-99.deploy.static.akamaitechnologies.com -a-0001.a-msedge.net -a-0002.a-msedge.net -a-0003.a-msedge.net -a-0004.a-msedge.net -a-0005.a-msedge.net -a-0006.a-msedge.net -a-0007.a-msedge.net -a-0008.a-msedge.net -a-0009.a-msedge.net -a-msedge.net -a.ads1.msn.com -a.ads2.msads.net -a.ads2.msn.com -a.rad.msn.com -a1621.g.akamai.net -a1856.g2.akamai.net -a1961.g.akamai.net -a978.i6g1.akamai.net -ac3.msn.com -ad.doubleclick.net -adnexus.net -adnxs.com -ads.msn.com -ads1.msads.net -ads1.msn.com -aidps.atdmt.com -aka-cdn-ns.adtech.de -apps.skype.com -az361816.vo.msecnd.net -az512334.vo.msecnd.net -b.ads1.msn.com -b.ads2.msads.net -b.rad.msn.com -bingads.microsoft.com -bs.serving-sys.com -c.atdmt.com -c.msn.com -cdn.atdmt.com -cds26.ams9.msecn.net -choice.microsoft.com -choice.microsoft.com.nsatc.net -compatexchange.cloudapp.net -corp.sts.microsoft.com -corpext.msitadfs.glbdns2.microsoft.com -cs1.wpc.v0cdn.net -cy2.vortex.data.microsoft.com.akadns.net -db3aqu.atdmt.com -df.telemetry.microsoft.com -diagnostics.support.microsoft.com -e2835.dspb.akamaiedge.net -e7341.g.akamaiedge.net -e7502.ce.akamaiedge.net -e8218.ce.akamaiedge.net -ec.atdmt.com -fe2.update.microsoft.com.akadns.net -feedback.microsoft-hohm.com -feedback.search.microsoft.com -feedback.windows.com -flex.msn.com -g.msn.com -h1.msn.com -h2.msn.com -hostedocsp.globalsign.com -i1.services.social.microsoft.com -i1.services.social.microsoft.com.nsatc.net -ipv6.msftncsi.com -ipv6.msftncsi.com.edgesuite.net -lb1.www.ms.akadns.net -live.rads.msn.com -m.adnxs.com -m.hotmail.com -msedge.net -msftncsi.com -msnbot-65-55-108-23.search.msn.com -msntest.serving-sys.com -oca.telemetry.microsoft.com -oca.telemetry.microsoft.com.nsatc.net -pre.footprintpredict.com -preview.msn.com -pricelist.skype.com -rad.live.com -rad.msn.com -redir.metaservices.microsoft.com -reports.wes.df.telemetry.microsoft.com -s.gateway.messenger.live.com -s0.2mdn.net -schemas.microsoft.akadns.net -secure.adnxs.com -secure.flashtalking.com -services.wes.df.telemetry.microsoft.com -settings-sandbox.data.microsoft.com -settings-win.data.microsoft.com -sls.update.microsoft.com.akadns.net -sqm.df.telemetry.microsoft.com -sqm.telemetry.microsoft.com -sqm.telemetry.microsoft.com.nsatc.net -ssw.live.com -static.2mdn.net -statsfe1.ws.microsoft.com -statsfe2.update.microsoft.com.akadns.net -statsfe2.ws.microsoft.com -survey.watson.microsoft.com -telecommand.telemetry.microsoft.com -telecommand.telemetry.microsoft.com.nsatc.net -telemetry.appex.bing.net -telemetry.microsoft.com -telemetry.urs.microsoft.com -ui.skype.com -v10.vortex-win.data.microsoft.com -view.atdmt.com -vortex-bn2.metron.live.com.nsatc.net -vortex-cy2.metron.live.com.nsatc.net -vortex-sandbox.data.microsoft.com -vortex-win.data.metron.live.com.nsatc.net -vortex-win.data.microsoft.com -vortex.data.glbdns2.microsoft.com -vortex.data.microsoft.com -watson.live.com -watson.microsoft.com -watson.ppe.telemetry.microsoft.com -watson.telemetry.microsoft.com -watson.telemetry.microsoft.com.nsatc.net -web.vortex.data.microsoft.com -wes.df.telemetry.microsoft.com -www.msftncsi.com -win10.ipv6.microsoft.com -www.bingads.microsoft.com -www.go.microsoft.akadns.net -www.msftncsi.com diff --git a/lib/ip.txt b/lib/ip.txt deleted file mode 100755 index c534941..0000000 --- a/lib/ip.txt +++ /dev/null @@ -1,12 +0,0 @@ -2.22.61.43 -2.22.61.66 -64.4.54.254 -65.39.117.230 -65.52.108.33 -65.55.108.23 -23.218.212.69 -134.170.30.202 -137.116.81.24 -157.56.106.189 -184.86.53.99 -204.79.197.200 \ No newline at end of file diff --git a/lib/services.txt b/lib/services.txt deleted file mode 100755 index c864704..0000000 --- a/lib/services.txt +++ /dev/null @@ -1,17 +0,0 @@ -diagnosticshub.standardcollector.service -DiagTrack -dmwappushservice -HomeGroupListener -HomeGroupProvider -lfsvc -MapsBroker -NetTcpPortSharing -RemoteAccess -RemoteRegistry -SharedAccess -TrkWks -WbioSrvc -WMPNetworkSvc -XblAuthManager -XblGameSave -XboxNetApiSvc diff --git a/lib/tasks.txt b/lib/tasks.txt deleted file mode 100755 index e9005a3..0000000 --- a/lib/tasks.txt +++ /dev/null @@ -1,11 +0,0 @@ -Microsoft Compatibility Appraiser -ProgramDataUpdater -CreateObjectTask -Consolidator -KernelCeipTask -UsbCeip -SmartScreenSpecific -Microsoft-Windows-DiskDiagnosticDataCollector -DmClient -MNO Metadata Parser -QueueReporting diff --git a/modules.d/DisableFeatures.conf b/modules.d/DisableFeatures.conf new file mode 100644 index 0000000..36922ea --- /dev/null +++ b/modules.d/DisableFeatures.conf @@ -0,0 +1,11 @@ +{ + "name" : "Disable Features", + "description" : "This module disable some useless Windows Features", + "actions" : [ + { + "action" : "DisableFeature", + "file" : "features.txt", + "name" : "" + } + ] +} \ No newline at end of file diff --git a/lib/features.txt b/modules.d/DisableFeatures/features.txt similarity index 84% rename from lib/features.txt rename to modules.d/DisableFeatures/features.txt index e92b9c5..f50f2f1 100644 --- a/lib/features.txt +++ b/modules.d/DisableFeatures/features.txt @@ -1,4 +1,4 @@ Internet-Explorer-Optional-amd64 FaxServicesClientPackage WindowsMediaPlayer -MediaPlayback +MediaPlayback \ No newline at end of file diff --git a/modules.d/FW_BlockIP.conf b/modules.d/FW_BlockIP.conf new file mode 100644 index 0000000..6f25789 --- /dev/null +++ b/modules.d/FW_BlockIP.conf @@ -0,0 +1,17 @@ +{ + "name" : "Block Telemetry IPs", + "description" : "Block IPs relative to Microsoft telemery.", + "actions" : + [ + { + "_comment" : "Block telemetry IPS", + "action" : "FwBlockOutputIP", + "file" : "telemetry.txt" + }, + { + "comment" : "Block IP relative to Skype and Messenger", + "action" : "FwBlockOutputIP", + "file" : "skype-msn.txt" + } + ] +} diff --git a/modules.d/FW_BlockIP/skype-msn.txt b/modules.d/FW_BlockIP/skype-msn.txt new file mode 100644 index 0000000..a15ccf7 --- /dev/null +++ b/modules.d/FW_BlockIP/skype-msn.txt @@ -0,0 +1,29 @@ +2.18.122.78 +2.18.126.223 +23.40.1.36 +40.69.132.130 +40.74.50.25 +40.77.226.192 +40.77.226.194 +40.77.226.246 +40.79.79.123 +40.127.139.224 +64.4.23.151 +65.54.225.167 +92.122.180.48 +93.184.221.200 +95.101.148.83 +104.71.185.14 +104.85.27.201 +104.94.168.220 +104.96.28.184 +131.253.14.76 +134.170.0.216 +134.170.3.200 +157.55.56.161 +157.55.130.155 +157.56.198.14 +157.56.109.8 +157.56.123.82 +157.56.114.104 +157.56.194.24 \ No newline at end of file diff --git a/modules.d/FW_BlockIP/telemetry.txt b/modules.d/FW_BlockIP/telemetry.txt new file mode 100644 index 0000000..ac753b8 --- /dev/null +++ b/modules.d/FW_BlockIP/telemetry.txt @@ -0,0 +1,361 @@ +2.17.21.70 +2.18.126.144 +2.18.126.99 +2.18.245.121 +2.18.245.81 +2.18.245.97 +2.19.224.131 +2.19.225.200 +2.22.61.43 +2.22.61.66 +4.23.62.126 +13.81.59.242 +13.107.3.128 +13.107.4.50 +13.107.4.52 +13.107.5.88 +13.107.21.200 +23.101.115.193 +23.101.156.198 +23.101.187.68 +23.102.17.214 +23.102.21.4 +23.103.189.125 +23.103.189.126 +23.193.225.197 +23.193.230.88 +23.193.236.70 +23.193.238.90 +23.193.251.132 +23.206.42.56 +23.210.48.42 +23.210.5.16 +23.210.63.75 +23.211.159.37 +23.211.170.9 +23.217.138.11 +23.217.138.122 +23.217.138.18 +23.217.138.25 +23.217.138.43 +23.67.60.97 +23.74.8.80 +23.74.8.99 +23.74.9.198 +23.74.9.217 +23.9.123.27 +23.96.212.225 +23.97.178.173 +23.97.197.207 +23.99.10.11 +31.13.92.2 +37.252.162.217 +37.252.163.144 +37.252.163.145 +37.252.170.141 +40.113.10.78 +40.113.11.93 +40.117.145.132 +40.122.214.188 +40.69.66.208 +40.77.134.24 +40.77.226.249 +40.77.226.250 +40.77.229.2 +40.77.229.133 +40.77.229.141 +40.84.199.233 +52.71.117.99 +52.164.227.208 +52.166.197.207 +52.169.118.173 +52.178.167.109 +64.4.6.100 +64.4.11.42 +64.4.54.18 +64.4.54.22 +64.4.54.32 +64.4.54.98 +64.4.54.99 +64.4.54.116 +64.4.54.117 +4.4.54.153 +64.4.54.167 +64.4.54.253 +64.4.54.254 +65.39.117.230 +65.52.100.7 +65.52.100.9 +65.52.100.11 +65.52.100.91 +65.52.100.92 +65.52.100.93 +65.52.100.94 +65.52.108.3 +65.52.108.27 +65.52.108.29 +65.52.108.33 +65.52.108.92 +65.52.108.94 +65.52.108.103 +65.52.108.153 +65.52.108.154 +65.52.108.252 +65.52.161.64 +65.52.236.160 +65.54.226.187 +65.55.29.238 +65.55.39.10 +65.55.44.85 +65.55.44.108 +65.55.44.109 +65.55.57.27 +65.55.83.120 +65.55.108.23 +65.55.113.13 +65.55.128.80 +65.55.128.81 +65.55.130.50 +65.55.138.110 +65.55.138.111 +65.55.138.114 +65.55.138.126 +65.55.138.186 +65.55.163.221 +65.55.163.222 +65.55.176.90 +65.55.206.154 +65.55.252.190 +65.55.252.43 +65.55.252.63 +65.55.252.71 +65.55.252.92 +65.55.252.93 +66.119.144.157 +66.119.144.158 +66.119.144.189 +66.119.144.190 +66.119.147.131 +66.119.152.204 +66.119.152.205 +68.232.34.200 +72.21.81.200 +72.21.91.8 +74.125.206.148 +74.125.206.149 +77.67.29.176 +8.23.91.254 +8.253.7.126 +8.253.91.126 +8.253.91.254 +8.253.92.126 +8.254.226.254 +8.254.227.126 +82.199.68.72 +82.199.80.143 +88.221.113.72 +88.221.113.96 +88.221.14.168 +88.221.15.43 +88.221.15.59 +92.123.182.27 +92.123.182.58 +94.245.121.176 +94.245.121.177 +94.245.121.178 +94.245.121.179 +94.245.121.251 +94.245.121.253 +94.245.121.254 +95.101.148.186 +95.101.149.158 +98.124.243.41 +104.101.172.250 +104.121.1.194 +104.208.28.54 +104.40.208.40 +104.47.166.140 +104.69.67.29 +104.69.119.19 +104.69.135.172 +104.73.92.149 +104.73.138.217 +104.73.143.160 +104.73.153.9 +104.73.160.16 +104.73.160.51 +104.73.160.58 +104.82.14.146 +104.82.22.249 +104.85.17.76 +104.85.38.129 +104.91.166.82 +104.91.188.21 +104.94.111.30 +104.94.163.155 +104.94.172.176 +104.96.20.117 +104.96.28.44 +104.96.147.3 +111.221.29.177 +111.221.29.253 +128.63.2.53 +131.107.113.238 +131.107.255.255 +131.253.14.121 +131.253.14.153 +131.253.14.76 +131.253.34.240 +131.253.40.109 +131.253.40.37 +131.253.40.53 +131.253.40.59 +131.253.61.100 +131.253.61.66 +131.253.61.82 +131.253.61.84 +131.253.61.96 +134.170.30.202 +134.170.51.190 +134.170.51.246 +134.170.51.247 +134.170.51.248 +134.170.51.250 +134.170.52.151 +134.170.53.29 +134.170.53.30 +134.170.58.118 +134.170.58.121 +134.170.58.123 +134.170.58.189 +134.170.58.190 +134.170.104.154 +134.170.111.154 +134.170.115.60 +134.170.115.62 +134.170.165.248 +134.170.165.251 +134.170.165.253 +134.170.179.87 +134.170.185.70 +134.170.188.248 +134.170.188.84 +137.116.74.190 +137.116.81.24 +137.117.235.16 +157.55.129.21 +157.55.133.204 +157.55.240.220 +157.56.17.248 +157.56.23.91 +157.56.57.5 +157.56.74.250 +157.56.77.138 +157.56.77.139 +157.56.91.77 +157.56.91.82 +157.56.96.54 +157.56.96.58 +157.56.96.123 +157.56.106.184 +157.56.106.189 +157.56.121.89 +157.56.124.87 +157.56.144.215 +157.56.144.216 +157.56.149.250 +157.56.194.72 +157.58.211.44 +157.58.249.57 +161.69.13.20 +161.69.17.33 +161.69.28.13 +161.69.29.54 +161.69.165.22 +161.69.165.23 +161.69.165.24 +161.69.165.26 +161.69.165.56 +161.69.165.57 +161.69.165.60 +161.69.165.62 +168.61.24.141 +168.62.187.13 +168.63.29.74 +168.63.108.233 +172.217.20.38 +173.194.113.219 +173.194.113.220 +173.194.40.123 +173.194.40.124 +173.223.10.103 +173.223.10.169 +173.223.10.232 +173.223.11.142 +173.223.11.143 +173.223.11.152 +173.223.11.166 +173.252.90.192 +178.255.83.1 +185.13.160.61 +191.232.140.76 +191.232.80.58 +191.232.80.60 +191.232.80.62 +191.234.72.183 +191.234.72.186 +191.234.72.188 +191.234.72.190 +191.237.208.126 +192.168.1.255 +192.229.233.249 +194.44.4.200 +194.44.4.208 +198.41.214.183 +198.41.214.184 +198.41.214.186 +198.41.214.187 +198.41.215.182 +198.41.215.185 +198.41.215.186 +198.78.208.254 +204.79.197.209 +204.79.197.210 +204.79.197.211 +204.79.197.213 +207.123.34.126 +207.123.56.252 +207.68.166.254 +212.30.134.204 +212.30.134.205 +216.38.172.128 +216.58.198.230 +216.58.209.166 +216.58.211.102 +216.58.213.134 +64.4.23.0/24 +65.55.223.0/24 +157.55.52.0/24 +157.55.56.0/24 +157.55.235.0/24 +111.221.64.0/24 +157.55.130.0/24 +157.55.236.0/24 +195.138.255.0/24 +213.199.179.0/24 +191.232.139.2/24 +23.55.155.27 +23.214.171.90 +64.4.11.25 +65.52.100.46 +88.221.113.10 +88.221.113.57 +95.101.148.156 +184.87.182.252 +198.41.214.185 +198.41.215.183 +198.41.215.184 +221.221.112.129 +221.221.112.145 +221.221.112.160 +221.221.112.203 \ No newline at end of file diff --git a/modules.d/FW_Hosts.conf b/modules.d/FW_Hosts.conf new file mode 100644 index 0000000..961da41 --- /dev/null +++ b/modules.d/FW_Hosts.conf @@ -0,0 +1,16 @@ +{ + "name" : "Block unwanted Host", + "description" : "This module block some hosts from Microsoft", + "actions" : [ + { + "action" : "BlockHost", + "file" : "base.txt", + "host" : "", + "firewall" : false + }, + { + "action" : "BlockHost", + "file" : "ms-skype-messenger.txt" + } + ] +} diff --git a/modules.d/FW_Hosts/base.txt b/modules.d/FW_Hosts/base.txt new file mode 100644 index 0000000..451d401 --- /dev/null +++ b/modules.d/FW_Hosts/base.txt @@ -0,0 +1,161 @@ +a-0001.a-msedge.net +a-0002.a-msedge.net +a-0003.a-msedge.net +a-0004.a-msedge.net +a-0005.a-msedge.net +a-0006.a-msedge.net +a-0007.a-msedge.net +a-0008.a-msedge.net +a-0009.a-msedge.net +a.ads1.msn.com +a.ads2.msn.com +a1095.g2.akamai.net +a23-193-236-70.deploy.static.akamaitechnologies.com +a23-193-238-90.deploy.static.akamaitechnologies.com +a23-210-48-42.deploy.static.akamaitechnologies.com +a23-210-5-16.deploy.static.akamaitechnologies.com +a23-210-63-75.deploy.static.akamaitechnologies.com +a23-217-138-11.deploy.static.akamaitechnologies.com +a23-217-138-122.deploy.static.akamaitechnologies.com +a23-217-138-18.deploy.static.akamaitechnologies.com +a23-217-138-25.deploy.static.akamaitechnologies.com +a23-217-138-43.deploy.static.akamaitechnologies.com +a23-217-138-90.deploy.static.akamaitechnologies.com +a23-217-138-97.deploy.static.akamaitechnologies.com +a23-218-212-69.deploy.static.akamaitechnologies.com +a23-67-60-65.deploy.static.akamaitechnologies.com +a23-67-60-73.deploy.static.akamaitechnologies.com +a23-67-60-97.deploy.static.akamaitechnologies.com +a23-9-123-27.deploy.static.akamaitechnologies.com +a569.g.akamai.net +activity.windows.com +ads.msn.com +ads.msn.com.nsatc.net +ads1.msads.net +ads1.msn.com +appex.bing.com +apprep.smartscreen.microsoft.com +array201-prod.do.dsp.mp.microsoft.com +array202-prod.do.dsp.mp.microsoft.com +array203-prod.do.dsp.mp.microsoft.com +array204-prod.do.dsp.mp.microsoft.com +bingads.microsoft.com +bn1303.settings.live.net +c.microsoft.com +c.s-microsoft.com +c.urs.microsoft.com +c1.microsoft.com +cache.datamart.windows.com +cdn.content.prod.cms.msn.com +choice.microsoft.com +choice.microsoft.com.nsatc.net +co4.telecommand.telemetry.microsoft.com.akadns.net +corp.sts.microsoft.com +corpext.msitadfs.glbdns2.microsoft.com +cp201-prod.do.dsp.mp.microsoft.com +cs1.wpc.v0cdn.net +db3aqu.atdmt.com +df.telemetry.microsoft.com +diagnostics.support.microsoft.akadns.net +diagnostics.support.microsoft.com +dl.delivery.mp.microsoft.com +dns.msftncsi.com +download-ssl.msgamestudios.com +e2236.g.akamaiedge.net +e7173.g.akamaiedge.net +e8011.g.akamaiedge.net +fe1.update.microsoft.com.akadns.net + +#Problem with windows update +#fe2.update.microsoft.com.akadns.net + +fe3.delivery.dsp.mp.microsoft.com.nsatc.net +feedback.microsoft-hohm.com +feedback.search.microsoft.com +feedback.windows.com +finances.services.appx.bing.com +fr-fr.appx-rf.msn.com +g.bing.com +geo-prod.do.dsp.mp.microsoft.com +geover-prod.do.dsp.mp.microsoft.com +ieonline.microsoft.com +ieonlinews.microsoft.com +i1.services.social.microsoft.com +i1.services.social.microsoft.com.nsatc.net +Inprod.support.services.microsoft.com +lb1.www.ms.akadns.net +licensing.md.mp.microsoft.com +mpd.mxptint.net +msedge.net +msnbot-207-46-194-33.search.msn.com +msnbot-65-52-108-27.search.msn.com +msnbot-65-52-108-29.search.msn.com +msnbot-65-52-108-92.search.msn.com +msnbot-65-52-108-94.search.msn.com +msnbot-65-55-252-43.search.msn.com +next-services.apps.microsoft.com +nexus.officeapps.live.com +nexusrules.officeapps.live.com +oca.telemetry.microsoft.com +ocos-office365-s2s.msedge.net +ocsa.office.microsoft.com +ocsp.usertrust.com +odc.officeapps.live.com +pre.footprintpredict.com +preview.msn.com +public-family.api.account.microsoft.com +redir.metaservices.microsoft.com +redir.metaservices.microsoft.com.edgesuite.net +redirection.prod.cms.msn.com.akadns.net +reports.wes.df.telemetry.microsoft.com +roaming.officeapps.live.com +rr.office.microsoft.com +sc.iasds01.com +schemas.microsoft.akadns.net +services.wes.df.telemetry.microsoft.com +settings-sandbox.data.glbdns2.microsoft.com +settings-sandbox.data.microsoft.com +settings.data.microsoft.com +siWeb.microsoft.akadns.net +sls.update.microsoft.com.akadns.net +solitaireprod.maelstrom.xboxlive.com +spynet2.microsoft.akadns.net +spynetalt.microsoft.akadns.net +spynetalt.microsoft.com +spyneteurope.microsoft.akadns.net +sqm.df.telemetry.microsoft.com +sqm.telemetry.microsoft.com +sqm.telemetry.microsoft.com.nsatc.net +ssw.live.com +ssw.live.com.nsatc.net +statsfe1.update.microsoft.com.akadns.net +statsfe1.ws.microsoft.com +statsfe1.ws.microsoft.com.nsatc.net +statsfe2.update.microsoft.com.akadns.net +statsfe2.ws.microsoft.com +statsfe2.ws.microsoft.com.nsatc.net +storeedgefd.dsx.mp.microsoft.com +support.msn.microsoft.akadns.net +survey.watson.microsoft.com +t.urs.microsoft.com.nsatc.net +telecommand.telemetry.microsoft.com +telemetry.appex.bing.net +telemetry.appex.search.prod.ms.akadns.net +telemetry.microsoft.com +telemetry.urs.microsoft.com +tunnel.cfw.trustedsource.org +uci.officeapps.live.com +urs.smartscreen.microsoft.com +v10.vortex-win.data.microsoft.com +vortex-sandbox.data.glbdns2.microsoft.com +vortex-sandbox.data.microsoft.com +vortex-win.data.microsoft.com +vortex.data.microsoft.com +watson.live.com +watson.microsoft.com +watson.ppe.telemetry.microsoft.com +watson.telemetry.microsoft.com +wes.df.telemetry.microsoft.com +win10.ipv6.microsoft.com +www.msftconnecttest.com +www.msftncsi.com \ No newline at end of file diff --git a/modules.d/FW_Hosts/ms-skype-messenger.txt b/modules.d/FW_Hosts/ms-skype-messenger.txt new file mode 100644 index 0000000..2cd994b --- /dev/null +++ b/modules.d/FW_Hosts/ms-skype-messenger.txt @@ -0,0 +1,25 @@ +a.rad.msn.com +ac3.msn.com +apps.skype.com +arc.msn.com +az361816.vo.msecnd.net +az512334.vo.msecnd.net +b.rad.msn.com +c.msn.com +client-s.gateway.messenger.live.com +client.wns.windows.com +dub407-m.hotmail.com +flex.msn.com +g.msn.com +h1.msn.com +h2.msn.com +live.rads.msn.com +m.hotmail.com +mscrl.microsoft.com +msnbot-65-55-108-23.search.msn.com +rad.live.com +rad.msn.com +rpt.msn.com +s.gateway.messenger.live.com +otf.msn.com +ui.skype.com \ No newline at end of file diff --git a/modules.d/FW_ProgramsApps.conf b/modules.d/FW_ProgramsApps.conf new file mode 100644 index 0000000..998eb97 --- /dev/null +++ b/modules.d/FW_ProgramsApps.conf @@ -0,0 +1,184 @@ +{ + "name" : "Applications (Firewall)", + "description" : "This module Add a firewall rule to desactivate some windows program / application net traffic", + "actions" : + [ + { + "action" : "FwBlockProgram", + "name" : "explorer", + "path" : "$env:systemroot\\explorer.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SystemSettings", + "path" : "$env:systemroot\\ImmersiveControlPanel\\SystemSettings.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BgTaskHost", + "path" : "$env:systemroot\\System32\\backgroundTaskHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BgTransfertHost", + "path" : "$env:systemroot\\System32\\BackgroundTransferHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BrowserBroker", + "path" : "$env:systemroot\\System32\\browser_broker.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "CompatTelRunner", + "path" : "$env:systemroot\\System32\\CompatTelRunner.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "DmClient", + "path" : "$env:systemroot\\System32\\dmclient.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "InstallAgentUserBroker", + "path" : "$env:systemroot\\System32\\InstallAgentUserBroker.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "lsass", + "path" : "$env:systemroot\\System32\\lsass.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "msfeedssync", + "path" : "$env:systemroot\\System32\\msfeedssync.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "run32dll", + "path" : "$env:systemroot\\System32\\rundll32.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SettingSyncHost", + "path" : "$env:systemroot\\System32\\SettingSyncHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SIHClient", + "path" : "$env:systemroot\\System32\\SIHClient.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SmartScreen", + "path" : "$env:systemroot\\System32\\smartscreen.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "TaskHostw", + "path" : "$env:systemroot\\System32\\taskhostw.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WmiPrvSE", + "path" : "$env:systemroot\\System32\\wbem\\WmiPrvSE.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WerFault", + "path" : "$env:systemroot\\System32\\WerFault.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WerMgr", + "path" : "$env:systemroot\\System32\\wermgr.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "Wsqmcons", + "path" : "$env:systemroot\\System32\\wsqmcons.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WWAHost", + "path" : "$env:systemroot\\System32\\WWAHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "ContactSupport", + "path" : "$env:systemroot\\systemapps\\ContactSupport_cw5n1h2txyewy\\ContactSupport.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "Edge", + "path" : "$env:systemroot\\systemapps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe" + }, + { + "_comment" : "With this rule, Edge will not be able to join Internet", + "action" : "FwBlockProgram", + "name" : "EdgeCP", + "path" : "$env:systemroot\\systemapps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe" + }, + { + "_comment" : "Same as above, but new versions of this exe is located in system32", + "action" : "FwBlockProgram", + "name" : "EdgeCP", + "path" : "$env:systemroot\\System32\\MicrosoftEdgeCP.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "cleanw10_Cortana", + "path" : "$env:systemroot\\systemapps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BackgroundTaskHost64", + "path" : "$env:systemroot\\SysWOW64\\backgroundTaskHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BackgroundTransferHost64", + "path" : "$env:systemroot\\SysWOW64\\BackgroundTransferHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "InstallAgentUserBroker64", + "path" : "$env:systemroot\\SysWOW64\\InstallAgentUserBroker.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "MsFeedsSync64", + "path" : "$env:systemroot\\SysWOW64\\msfeedssync.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "rundll3264", + "path" : "$env:systemroot\\SysWOW64\\rundll32.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SettingSyncHost64", + "path" : "$env:systemroot\\SysWOW64\\SettingSyncHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WmiPrvSE64", + "path" : "$env:systemroot\\SysWOW64\\wbem\\WmiPrvSE.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WerFault64", + "path" : "$env:systemroot\\SysWOW64\\WerFault.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WerMgr64", + "path" : "$env:systemroot\\SysWOW64\\wermgr.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WWAHost64", + "path" : "$env:systemroot\\SysWOW64\\WWAHost.exe" + } + ] +} diff --git a/modules.d/GPO_Account.conf b/modules.d/GPO_Account.conf new file mode 100644 index 0000000..0d70a2f --- /dev/null +++ b/modules.d/GPO_Account.conf @@ -0,0 +1,33 @@ +{ + "name" : "Account Info (GPO)", + "description" : "This module desactivate Account Info access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessAccountInfo", + "value" : "2" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessAccountInfo_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessAccountInfo_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessAccountInfo_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Advertising.conf b/modules.d/GPO_Advertising.conf new file mode 100644 index 0000000..5ac94bd --- /dev/null +++ b/modules.d/GPO_Advertising.conf @@ -0,0 +1,13 @@ +{ + "name" : "Advertising (GPO)", + "description" : "This module desactivate Advertising info like GPO does.", + "actions" : + [ + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo", + "key" : "DisabledByGroupPolicy", + "value" : "1" + } + ] +} \ No newline at end of file diff --git a/modules.d/GPO_BackgoundApps.conf b/modules.d/GPO_BackgoundApps.conf new file mode 100644 index 0000000..193a504 --- /dev/null +++ b/modules.d/GPO_BackgoundApps.conf @@ -0,0 +1,33 @@ +{ + "name" : "Apps in Background (GPO)", + "description" : "This module desactivate run in background for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsRunInBackground", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsRunInBackground_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsRunInBackground_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsRunInBackground_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Calendars.conf b/modules.d/GPO_Calendars.conf new file mode 100644 index 0000000..60d0121 --- /dev/null +++ b/modules.d/GPO_Calendars.conf @@ -0,0 +1,33 @@ +{ + "name" : "Calendar (GPO)", + "description" : "This module desactivate Calendar access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCalendar", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCalendar_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCalendar_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCalendar_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_CallHistory.conf b/modules.d/GPO_CallHistory.conf new file mode 100644 index 0000000..adf142a --- /dev/null +++ b/modules.d/GPO_CallHistory.conf @@ -0,0 +1,33 @@ +{ + "name" : "Call history (GPO)", + "description" : "This module desactivate Call history access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCallHistory", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCallHistory_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCallHistory_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCallHistory_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Camera.conf b/modules.d/GPO_Camera.conf new file mode 100644 index 0000000..6625600 --- /dev/null +++ b/modules.d/GPO_Camera.conf @@ -0,0 +1,34 @@ +{ + "name" : "Camera (GPO)", + "description" : "This module desactivate Camera access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCamera", + "value" : "0" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCamera_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCamera_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessCamera_ForceDenyTheseApps", + "type" : "MultiString", + "value" : "Microsoft.MicrosoftEdge_8wekyb3d8bbwe Microsoft.Win32WebViewHost_cw5n1h2txyewy Microsoft.Windows.Cortana_cw5n1h2txyewy Microsoft.WindowsStore_8wekyb3d8bbwe Microsoft.XboxGamingOverlay_8wekyb3d8bbwe" + } + ] +} diff --git a/modules.d/GPO_CloudContent.conf b/modules.d/GPO_CloudContent.conf new file mode 100644 index 0000000..adda5b5 --- /dev/null +++ b/modules.d/GPO_CloudContent.conf @@ -0,0 +1,21 @@ +{ + "name" : "CloudContent (GPO)", + "description" : "This module Desactivate somes Windows suggestionlike GPO does.", + "actions" : + [ + { + "_comment" : "Disable third party suggestion (for current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\Software\\Policies\\Microsoft\\Windows\\CloudContent", + "key" : "DisableThirdPartysuggestions", + "value" : "1" + }, + { + "_comment" : "Disable Windows Spotlight (for current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\Software\\Policies\\Microsoft\\Windows\\CloudContent", + "key" : "DisableWindowsSpotlightFeatures", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_ConnectionProbe.conf b/modules.d/GPO_ConnectionProbe.conf new file mode 100644 index 0000000..c3ced39 --- /dev/null +++ b/modules.d/GPO_ConnectionProbe.conf @@ -0,0 +1,14 @@ +{ + "name" : "Connection Probe (GPO)", + "description" : "This module desactivate Internet connection probe like GPO does.", + "actions" : + [ + { + "_comment" : "Disable connection probe", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator", + "key" : "NoActiveProbe", + "value" : "1" + } + ] +} \ No newline at end of file diff --git a/modules.d/GPO_Contacts.conf b/modules.d/GPO_Contacts.conf new file mode 100644 index 0000000..00e24dc --- /dev/null +++ b/modules.d/GPO_Contacts.conf @@ -0,0 +1,33 @@ +{ + "name" : "Contacts (GPO)", + "description" : "This module desactivate Contacts access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessContacts", + "value" : "2" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessContacts_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessContacts_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessContacts_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Cortana.conf b/modules.d/GPO_Cortana.conf new file mode 100644 index 0000000..fbeec81 --- /dev/null +++ b/modules.d/GPO_Cortana.conf @@ -0,0 +1,70 @@ +{ + "name" : "Cortana and Windows Search (GPO)", + "description" : "This module Desactivate Cortana and some Windows Search functionnality like GPO does.", + "actions" : + [ + { + "_comment" : "Desactivate location access for Cortana", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "AllowSearchToUseLocation", + "value" : "0" + }, + { + "_comment" : "Disable Web Search from Cortana", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "DisableWebSearch", + "value" : "1" + }, + { + "_comment" : "Disable Web Search result from Windows Search", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "ConnectedSearchUseWeb", + "value" : "0" + }, + { + "_comment" : "Do not Search over the Web with limited connections", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "ConnectedSearchUseWebOverMeteredConnections", + "value" : "0" + }, + { + "_comment" : "Disable Cortana", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "AllowCortana", + "value" : "0" + }, + { + "_comment" : "Define which informations are sent to Web Search (anonymous informations)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "ConnectedSearchPrivacy", + "value" : "3" + }, + { + "_comment" : "Disable SafeSearch for Search", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "ConnectedSearchSafeSearch", + "value" : "3" + }, + { + "_comment" : "Disable encrypted file indexation", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search\\CurrentPolicies", + "key" : "AllowIndexingEncryptedStoresOrItems", + "value" : "0" + }, + { + "_comment" : "Disable Cortana on lock screen", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\Windows Search", + "key" : "AllowCortanaAboveLock", + "value" : "0" + } + ] +} \ No newline at end of file diff --git a/modules.d/GPO_Diagnostic.conf b/modules.d/GPO_Diagnostic.conf new file mode 100644 index 0000000..7df95ca --- /dev/null +++ b/modules.d/GPO_Diagnostic.conf @@ -0,0 +1,42 @@ +{ + "name" : " Diagnostic Data (GPO)", + "description" : "This module try to disable diagnostic tracking like GPO does.", + "actions" : + [ + { + "_comment" : "Do not show feedback notification", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection", + "key" : "DoNotShowFeedbackNotifications", + "value" : "1" + }, + { + "_comment" : "Disable Telemetry, 1 for minimum information leak (Home and Pro edition) and 0 for total disable (Entreprise only)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection", + "key" : "AllowTelemetry", + "value" : "1" + }, + { + "_comment" : "Disable 'Use diagnostic data for personnalized experience", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent", + "key" : "DisableTailoredExperiencesWithDiagnosticData", + "value" : "1" + }, + { + "_comment" : "Disable App compatibility telemetry", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppCompat", + "key" : "AITEnable", + "value" : "1" + }, + { + "_comment" : "Disable pre-version functionnality", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection", + "key" : "EnableConfigFlighting", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_DiagnosticInfo.conf b/modules.d/GPO_DiagnosticInfo.conf new file mode 100644 index 0000000..72cc1f6 --- /dev/null +++ b/modules.d/GPO_DiagnosticInfo.conf @@ -0,0 +1,33 @@ +{ + "name" : "DiagnisticInfo (GPO)", + "description" : "This module desactivate diagnistic info access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsGetDiagnosticInfo", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsGetDiagnosticInfo_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsGetDiagnosticInfo_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsGetDiagnosticInfo_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_DynamicTiles.conf b/modules.d/GPO_DynamicTiles.conf new file mode 100644 index 0000000..42d1b37 --- /dev/null +++ b/modules.d/GPO_DynamicTiles.conf @@ -0,0 +1,35 @@ +{ + "name" : "Tiles content (GPO)", + "description" : "This module desactivate Internet data loading for tiles like GPO does.", + "actions" : + [ + { + "_comment" : "Disable cloud notifications for tiles (for current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "NoCloudApplicationNotification", + "value" : "1" + }, + { + "_comment" : "Disable notifications for tiles (for current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "NoTileApplicationNotification", + "value" : "1" + }, + { + "_comment" : "Disable cloud notifications for tiles (for user template hive)", + "action" : "AddRegKey", + "path" : "HKU:\\Default\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "NoCloudApplicationNotification", + "value" : "1" + }, + { + "_comment" : "Disable notifications for tiles (for user template hive)", + "action" : "AddRegKey", + "path" : "HKU:\\Default\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "NoTileApplicationNotification", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_Email.conf b/modules.d/GPO_Email.conf new file mode 100644 index 0000000..1ce1f83 --- /dev/null +++ b/modules.d/GPO_Email.conf @@ -0,0 +1,33 @@ +{ + "name" : "Email access (GPO)", + "description" : "This module desactivate email access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessEmail", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys s eems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessEmail_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessEmail_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessEmail_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_ErrorReporting.conf b/modules.d/GPO_ErrorReporting.conf new file mode 100644 index 0000000..9e8afe1 --- /dev/null +++ b/modules.d/GPO_ErrorReporting.conf @@ -0,0 +1,56 @@ +{ + "name" : "Error Reporting (GPO)", + "description" : "This module desactivate some error Reporting function like GPO does.", + "actions" : + [ + { + "_comment" : "Disable error Reporting to Microsoft", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting", + "key" : "Disabled", + "value" : "1" + }, + { + "_comment" : "Do not allow operating system memory dump sent to Microsoft", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting", + "key" : "AutoApproveOSDumps", + "value" : "0" + }, + { + "_comment" : "Do not sent additional dada to Microsoft when reporting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting", + "key" : "DontSendAdditionalData", + "value" : "1" + }, + { + "_comment" : "Disable Windows Error Reporting ", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\PCHealth\\ErrorReporting", + "key" : "DoReport", + "value" : "0" + }, + { + "_comment" : "Disable WER (Not a GPO rule)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UnattendSettings\\Windows Error Reporting", + "key" : "Disabled", + "value" : "1" + }, + { + "_comment" : "Disable WMR (Not a GPO rule)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\WMR", + "key" : "Disabled", + "value" : "1" + }, + { + "_comment" : "Do not consent Error Reporting (not a GPO rule) ", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\consent", + "key" : "DefaultConsent", + "value" : "0" + } + ] +} \ No newline at end of file diff --git a/modules.d/GPO_InputSpeechInk.conf b/modules.d/GPO_InputSpeechInk.conf new file mode 100644 index 0000000..40657bd --- /dev/null +++ b/modules.d/GPO_InputSpeechInk.conf @@ -0,0 +1,36 @@ +{ + "name" : "Input Speech Ink (GPO)", + "description" : "This module desactivate Input personalization, speech and ink recognition like GPO does.", + "actions" : + [ + { + "_comment" : "Desactivate text learning", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization", + "key" : "RestrictImplicitTextCollection", + "value" : "1" + }, + { + "_comment" : "Desactivate ink learning", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization", + "key" : "RestrictImplicitInkCollection", + "value" : "1" + + }, + { + "_comment" : "Desactivate input personalization", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization", + "key" : "AllowInputPersonnalization", + "value" : "0" + }, + { + "_comment" : "Desactivate voice data automatic updates", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Speech", + "key" : "AllowSpeechModelUpdate", + "value" : "0" + } + ] +} diff --git a/modules.d/GPO_Location.conf b/modules.d/GPO_Location.conf new file mode 100644 index 0000000..e5651ad --- /dev/null +++ b/modules.d/GPO_Location.conf @@ -0,0 +1,68 @@ +{ + "name" : "Location ans sensors (GPO)", + "description" : "This module desactivate Location access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessLocation", + "value" : "2" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessLocation_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessLocation_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessLocation_ForceDenyTheseApps", + "type" : "MultiString" + }, + { + "_comment" : "Disable hardware location sensors", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableLocation", + "value" : "1" + }, + { + "_comment" : "Disable location sensor", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableLocation", + "value" : "1" + }, + { + "_comment" : "Disable Windows location service provider", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableWindowsLocationProvider", + "value" : "1" + }, + { + "_comment" : "Disable location scripting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableLocationScripting", + "value" : "1" + }, + { + "_comment" : "Disable sensors (rotation will be disable in tablet PC)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors", + "key" : "DisableSensors", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_Messaging.conf b/modules.d/GPO_Messaging.conf new file mode 100644 index 0000000..b3581c7 --- /dev/null +++ b/modules.d/GPO_Messaging.conf @@ -0,0 +1,33 @@ +{ + "name" : "Messaging (GPO)", + "description" : "This module desactivate Messaging access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMessaging", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMessaging_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMessaging_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMessaging_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Microphone.conf b/modules.d/GPO_Microphone.conf new file mode 100644 index 0000000..baef3c7 --- /dev/null +++ b/modules.d/GPO_Microphone.conf @@ -0,0 +1,34 @@ +{ + "name" : "Microphone (GPO)", + "description" : "This module desactivate Microphone access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMicrophone", + "value" : "0" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMicrophone_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMicrophone_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMicrophone_ForceDenyTheseApps", + "type" : "MultiString", + "value" : "Microsoft.MicrosoftEdge_8wekyb3d8bbwe Microsoft.Win32WebViewHost_cw5n1h2txyewy Microsoft.Windows.Cortana_cw5n1h2txyewy Microsoft.WindowsStore_8wekyb3d8bbwe Microsoft.XboxGamingOverlay_8wekyb3d8bbwe" + } + ] +} diff --git a/modules.d/GPO_MicrosoftAccount.conf b/modules.d/GPO_MicrosoftAccount.conf new file mode 100644 index 0000000..9006b3d --- /dev/null +++ b/modules.d/GPO_MicrosoftAccount.conf @@ -0,0 +1,14 @@ +{ + "name" : "Microsoft Account (GPO)", + "description" : "This module desactivate posibility to add a Microsoft account like GPO does.", + "actions" : + [ + { + "_comment" : "Disable MS Account", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", + "key" : "NoConnectedUser", + "value" : "3" + } + ] +} diff --git a/modules.d/GPO_Motion.conf b/modules.d/GPO_Motion.conf new file mode 100644 index 0000000..0fe30e5 --- /dev/null +++ b/modules.d/GPO_Motion.conf @@ -0,0 +1,33 @@ +{ + "name" : "Motion Sensor (GPO)", + "description" : "This module desactivate Motion sensor access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMotion", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMotion_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMotion_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessMotion_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Notifications.conf b/modules.d/GPO_Notifications.conf new file mode 100644 index 0000000..7889a56 --- /dev/null +++ b/modules.d/GPO_Notifications.conf @@ -0,0 +1,33 @@ +{ + "name" : "Notifications (GPO)", + "description" : "This module desactivate Notifications access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessNotifications", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessNotifications_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessNotifications_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessNotifications_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_OneDrive.conf b/modules.d/GPO_OneDrive.conf new file mode 100644 index 0000000..48b1fa9 --- /dev/null +++ b/modules.d/GPO_OneDrive.conf @@ -0,0 +1,86 @@ +{ + "name" : "Disable OneDrive (GPO)", + "description" : "This module Remove Onedrive like GPO does and delete if.", + "actions" : + [ + { + "_comment" : "Kill Onedrive process", + "action" : "KillProcess", + "name" : "onedrive" + }, + { + "_comment" : "Kill explorer process", + "action" : "KillProcess", + "name" : "explorer" + }, + { + "_comment" : "Execute OneDrive Uninstaller (x64 version)", + "action" : "ExecCommand", + "path" : "$env:systemroot\\SysWOW64\\OneDriveSetup.exe", + "arguments" : "/uninstall" + }, + { + "_comment" : "Execute OneDrive Uninstaller (x86 version)", + "action" : "ExecCommand", + "path" : "$env:systemroot\\System32\\OneDriveSetup.exe", + "arguments" : "/uninstall" + }, + { + "_comment" : "The 3 actions bellow delete Onedrive folders ", + "action" : "DelFile", + "path" : "$env:localappdata\\Microsoft\\OneDrive", + "recurse" : "True" + }, + { + "action" : "DelFile", + "path" : "$env:programdata\\Microsoft OneDrive", + "recurse" : "True" + }, + { + "action" : "DelFile", + "path" : "$env:systemdrive\\OneDriveTemp", + "recurse" : "True" + }, + { + "_comment" : "Do not allow OneDrive for file storage", + "action" : "AddRegKey", + "value" : "1", + "key" : "DisableFileSyncNGSC", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive" + }, + { + "_comment" : "Disable OneDrive file sync with limited connection", + "action" : "AddRegKey", + "value" : "1", + "key" : "DisableMeteredNetworkFileSync", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive" + }, + { + "_comment" : "Disable save file to Onedrive", + "action" : "AddRegKey", + "value" : "1", + "key" : "DisableLibrariesDefaultSaveToOneDrive", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\OneDrive" + }, + { + "_comment" : "Prevent Onedrive installation for new created user (non GPO key)", + "action" : "DelRegKey", + "key" : "OneDriveSetup", + "path" : "HKU:\\Default\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" + }, + { + "_comment" : "Hide Onedrive icon from explorer", + "action" : "AddRegKey", + "value" : "0", + "key" : "System.IsPinnedToNameSpaceTree", + "path" : "HKCR:\\Wow6432Node\\CLSID\\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" + }, + { + "_comment" : "Hide Onedrive icon from explorer (2)", + "action" : "AddRegKey", + "value" : "0", + "key" : "System.IsPinnedToNameSpaceTree", + "path" : "HKCR:\\CLSID\\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" + } + ] +} diff --git a/modules.d/GPO_Phone.conf b/modules.d/GPO_Phone.conf new file mode 100644 index 0000000..ffd72b8 --- /dev/null +++ b/modules.d/GPO_Phone.conf @@ -0,0 +1,33 @@ +{ + "name" : "Phone (GPO)", + "description" : "This module desactivate Phone access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessPhone", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessPhone_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessPhone_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessPhone_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Privacy.conf b/modules.d/GPO_Privacy.conf new file mode 100644 index 0000000..eb8439e --- /dev/null +++ b/modules.d/GPO_Privacy.conf @@ -0,0 +1,49 @@ +{ + "name" : "Privacy (GPO)", + "description" : "This module set some privati life settings like GPO does.", + "actions" : + [ + { + "_comment" : "Disable hand writing share", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\TabletPC", + "action" : "AddRegKey", + "key" : "PreventHandwritingDataSharing", + "value" : "1" + }, + { + "_comment" : "Disable hand writing error reporting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\HandwritingErrorReports", + "key" : "PreventHandwritingErrorReports", + "value" : "1" + }, + { + "_comment" : "Disable Inventory Collector", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppCompat", + "key" : "DisableInventory", + "value" : "1" + }, + { + "_comment" : "Disable camera on lock screen", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization", + "key" : "NoLockScreenCamera", + "value" : "1" + }, + { + "_comment" : "Disable notification for tile, application and Lockscreen (non GPO key)(current user)", + "action" : "AddRegKey", + "path" : "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", + "key" : "ToastEnabled", + "value" : "0" + }, + { + "_comment" : "Disable user experience amelioration program ", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\SQMClient\\Windows", + "key" : "CEIPEnabled", + "value" : "0" + } + ] +} diff --git a/modules.d/GPO_Radios.conf b/modules.d/GPO_Radios.conf new file mode 100644 index 0000000..559bc09 --- /dev/null +++ b/modules.d/GPO_Radios.conf @@ -0,0 +1,33 @@ +{ + "name" : "Radios (GPO)", + "description" : "This module desactivate Radios (Bluetooth, Wifi ...) access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessRadios", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessRadios_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessRadios_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessRadios_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_SettingSync.conf b/modules.d/GPO_SettingSync.conf new file mode 100644 index 0000000..70e6697 --- /dev/null +++ b/modules.d/GPO_SettingSync.conf @@ -0,0 +1,35 @@ +{ + "name" : "Setting Sync (GPO)", + "description" : "This module desactivate Setting sync between devices like GPO does.", + "actions" : + [ + { + "_comment" : "Disable Setting Sync", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync", + "key" : "DisableSettingSync", + "value" : "1" + }, + { + "_comment" : "Disable Possibility for user to reactivate setting sync", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync", + "key" : "DisableSettingSyncUserOverride", + "value" : "1" + }, + { + "_comment" : "Disable Setting Sync for third party Apps", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync", + "key" : "DisableApplicationSettingSync", + "value" : "1" + }, + { + "_comment" : "Disable Possibility for user to reactivate setting sync for third party Apps", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync", + "key" : "DisableApplicationSettingSyncUserOverride", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_SyncDevices.conf b/modules.d/GPO_SyncDevices.conf new file mode 100644 index 0000000..a50710b --- /dev/null +++ b/modules.d/GPO_SyncDevices.conf @@ -0,0 +1,33 @@ +{ + "name" : "Sync with devices (GPO)", + "description" : "This module desactivate sync with devices for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsSyncWithDevices", + "value" : "2" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsSyncWithDevices_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsSyncWithDevices_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsSyncWithDevices_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Tasks.conf b/modules.d/GPO_Tasks.conf new file mode 100644 index 0000000..1757073 --- /dev/null +++ b/modules.d/GPO_Tasks.conf @@ -0,0 +1,33 @@ +{ + "name" : "Tasks (GPO)", + "description" : "This module desactivate Tasks access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTasks", + "value" : "2" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTasks_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTasks_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTasks_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Teredo.conf b/modules.d/GPO_Teredo.conf new file mode 100644 index 0000000..eb9185c --- /dev/null +++ b/modules.d/GPO_Teredo.conf @@ -0,0 +1,15 @@ +{ + "name" : "Teredo (GPO)", + "description" : "This module desactivate Teredo pseudo interface like GPO did.", + "actions" : + [ + { + "_comment" : "Disable Teredo with key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition", + "key" : "Teredo_State", + "value" : "Disable", + "type" : "String" + } + ] +} diff --git a/modules.d/GPO_TrustedDevices.conf b/modules.d/GPO_TrustedDevices.conf new file mode 100644 index 0000000..9d7cff4 --- /dev/null +++ b/modules.d/GPO_TrustedDevices.conf @@ -0,0 +1,33 @@ +{ + "name" : "TrustedDevices (GPO)", + "description" : "This module desactivate Trusted Devices access for third party Apps like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTrustedDevices", + "value" : "2" + }, + { + "_comment" : "The 3 bottom k eys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTrustedDevices_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTrustedDevices_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsAccessTrustedDevices_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_VoiceActivation.conf b/modules.d/GPO_VoiceActivation.conf new file mode 100644 index 0000000..cda9165 --- /dev/null +++ b/modules.d/GPO_VoiceActivation.conf @@ -0,0 +1,33 @@ +{ + "name" : "Account Info (GPO)", + "description" : "This module desactivate Account Info access for third party Apps like GPO did.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsActivateWithVoice", + "value" : "2" + }, + { + "_comment" : "The 3 bottom keys seems to be some kind of ACL for App right", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsActivateWithVoice_UserInControlOfTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsActivateWithVoice_ForceAllowTheseApps", + "type" : "MultiString" + }, + { + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy", + "key" : "LetAppsActivateWithVoice_ForceDenyTheseApps", + "type" : "MultiString" + } + ] +} diff --git a/modules.d/GPO_Wifi.conf b/modules.d/GPO_Wifi.conf new file mode 100644 index 0000000..c3e30d3 --- /dev/null +++ b/modules.d/GPO_Wifi.conf @@ -0,0 +1,13 @@ +{ + "name" : "Contact, open and paid Wifi (GPO)", + "description" : "This module desactivate Wifi connexion to shared network by contacts, paid and open AP like GPO does.", + "actions" : + [ + { + "_comment" : "This is the principal reg key controlled by GPO", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config", + "key" : "AutoConnectAllowedOEM", + "value" : "0" + } ] +} diff --git a/modules.d/GPO_WindowsDefender.conf b/modules.d/GPO_WindowsDefender.conf new file mode 100644 index 0000000..ac783d7 --- /dev/null +++ b/modules.d/GPO_WindowsDefender.conf @@ -0,0 +1,35 @@ +{ + "name" : "Windows Defender (GPO)", + "description" : "This module Desactivate somes Windows Defender functionnallity like GPO does.", + "actions" : + [ + { + "_comment" : "Disable Spynet Reporting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet", + "key" : "SpyNetReporting", + "value" : "0" + }, + { + "_comment" : "Disable sample submission to Microsoft", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet", + "key" : "SubmitSamplesConsent", + "value" : "2" + }, + { + "_comment" : "Do not report infection informations to Microsoft", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\MRT", + "key" : "DontReportInfectionInformation", + "value" : "1" + }, + { + "_comment" : "Do not allow setting override for Spynet reporting", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet", + "key" : "LocalSettingOverrideSpynetReporting", + "value" : "0" + } + ] +} diff --git a/modules.d/GPO_WindowsStore.conf b/modules.d/GPO_WindowsStore.conf new file mode 100644 index 0000000..3626231 --- /dev/null +++ b/modules.d/GPO_WindowsStore.conf @@ -0,0 +1,49 @@ +{ + "name" : "Windows Store (GPO)", + "description" : "This module Desactivate Windows Store functionnality like GPO does.", + "actions" : + [ + { + "_comment" : "Disable All Windows Store Application - Appx (Windows Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore", + "key" : "DisableStoreApps", + "value" : "1" + }, + { + "_comment" : "Disable Windows Store (Windows Pro, Entreprise ans Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore", + "key" : "RemoveWindowsStore", + "value" : "1" + }, + { + "_comment" : "Disable Open with Windows Store in Explorer (Windows Pro, Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer", + "key" : "NoUseStoreOpenWith", + "value" : "1" + }, + { + "_comment" : "Show only private repository (Windows Pro, Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\WindowsStore", + "key" : "RequirePrivateStoreOnly", + "value" : "1" + }, + { + "_comment" : "Disable message to update tu Windows last version (Windows Pro, Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\Software\\Policies\\Microsoft\\Windows\\WindowsStore", + "key" : "DisableOsUpgrade", + "value" : "1" + }, + { + "_comment" : "Disable push to install (Windows Pro, Entreprise and Education)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\PushToInstall", + "key" : "DisablePushToInstall", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_WindowsTips.conf b/modules.d/GPO_WindowsTips.conf new file mode 100644 index 0000000..e36e415 --- /dev/null +++ b/modules.d/GPO_WindowsTips.conf @@ -0,0 +1,22 @@ +{ + "name" : "Windows Tips (GPO)", + "description" : "This module desactivate Windows tips like GPO does.", + "actions" : + [ + { + "_comment" : "Do not display Windows Tips", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent", + "key" : "DisableSoftLanding", + "value" : "1" + } + , + { + "_comment" : "Disable Windows Consumers Features", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent", + "key" : "DisableWindowsConsumerFeatures", + "value" : "1" + } + ] +} diff --git a/modules.d/GPO_WindowsUpdate.conf b/modules.d/GPO_WindowsUpdate.conf new file mode 100644 index 0000000..74a7530 --- /dev/null +++ b/modules.d/GPO_WindowsUpdate.conf @@ -0,0 +1,70 @@ +{ + "Name" : "Windows Update (GPO)", + "Description" : "Disable sone Windows Update features like GPO does.", + "actions" : + [ + { + "_comment" : "Disable Download Optimization", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization", + "key" : "DODownloadMode", + "value" : "0" + }, + { + "_comment" : "Disable Peer to Peer connection for Windows Update", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Peernet", + "key" : "Disabled", + "value" : "1" + }, + { + "_comment" : "Notify Update download and installation", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", + "key" : "AUOptions", + "value" : "2" + }, + { + "_comment" : "Activate Windows Update all day ( 0:All days, 1:sunday, 2:monday, ...", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", + "key" : "ScheduledInstallDay", + "value" : "0" + }, + { + "_comment" : "Define hour of installation", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", + "key" : "ScheduledInstallTime", + "value" : "12" + }, + { + "_comment" : "Enable Defered Updates (Windows Pro and +) (https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb)", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate", + "key" : "DeferFeatureUpdates", + "value" : "1" + }, + { + "_comment" : "Select CBB branch for Defered Updates", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate", + "key" : "BranchReadinessLevel", + "value" : "32" + }, + { + "_comment" : "Defer Feature installation for 1 year", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate", + "key" : "DeferFeatureUpdatesPeriodInDays", + "value" : "365" + }, + { + "_comment" : "Disable drivers update", + "action" : "AddRegKey", + "path" : "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", + "key" : "ExcludeWUDriversInQualityUpdate", + "value" : "1" + } + ] +} diff --git a/modules.d/SER_Location.conf b/modules.d/SER_Location.conf new file mode 100644 index 0000000..229a6e5 --- /dev/null +++ b/modules.d/SER_Location.conf @@ -0,0 +1,10 @@ +{ + "name" : "Disable Location Service", + "description" : "This module disable location service", + "actions" : [ + { + "action" : "DisableService", + "name" : "lfsvc" + } + ] +} diff --git a/modules.d/SER_Sensors.conf b/modules.d/SER_Sensors.conf new file mode 100644 index 0000000..a77be34 --- /dev/null +++ b/modules.d/SER_Sensors.conf @@ -0,0 +1,21 @@ +{ + "name" : "Sensors Services", + "description" : "Disable sensors related services should impact orientation, auto-brightness orientation etc.", + "actions" : [ + { + "_comment" : "disable sensors service", + "action" : "DisableService", + "name" : "sensorservice" + }, + { + "_comment" : "Disable sensors monitoring service", + "action" : "DisableService", + "name" : "SensrSvc" + }, + { + "_comment" : "Disable sensors data service", + "action" : "DisableService", + "name" : "SensorDataService" + } + ] +} diff --git a/modules.d/SER_Users.conf b/modules.d/SER_Users.conf new file mode 100644 index 0000000..9a14348 --- /dev/null +++ b/modules.d/SER_Users.conf @@ -0,0 +1,49 @@ +{ + "name" : "User services", + "description" : "User specific services, ones ends with ????? need to be disable per account", + "actions" : + [ + { + "_comment" : "Disable sync service (useful for calendars, contact, mesaging and other sync applications)", + "action" : "DisableService", + "name" : "OneSyncSvc", + "userService" : true + }, + { + "_comment" : "Disable connected user platform service", + "action" : "DisableService", + "name" : "CDPUserSvc", + "userService" : true + }, + { + "_comment" : "Disable messaging service", + "action" : "DisableService", + "name" : "MessagingService", + "userService" : true + }, + { + "_comment" : "Disable contact data service", + "action" : "DisableService", + "name" : "PimIndexMaintenanceSvc", + "userService" : true + }, + { + "_comment" : "Disable contact data service", + "action" : "DisableService", + "name" : "UnistoreSvc", + "userService" : true + }, + { + "_comment" : "Disable user data sharing service", + "action" : "DisableService", + "name" : "UserDataSvc", + "userService" : true + }, + { + "_comment" : "Disable contact data service", + "action" : "DisableService", + "name" : "WpnUserService", + "userService" : true + } + ] +} diff --git a/modules.d/SER_VariousServices.conf b/modules.d/SER_VariousServices.conf new file mode 100644 index 0000000..4860e81 --- /dev/null +++ b/modules.d/SER_VariousServices.conf @@ -0,0 +1,22 @@ +{ + "name" : "Remove Services", + "description" : "", + "actions" : [ + { + "_comment" : "Disable most diagnostic related services", + "action" : "DisableService", + "file" : "DiagServices.txt", + "firewall" : "True" + }, + { + "_comment" : "Disable Biometric service", + "action" : "DisableService", + "name" : "WbioSrvc" + }, + { + "_comment" : "Disable Windows Licence Manager", + "action" : "DisableService", + "name" : "LicenseManager" + } + ] +} diff --git a/modules.d/SER_VariousServices/DiagServices.txt b/modules.d/SER_VariousServices/DiagServices.txt new file mode 100644 index 0000000..24e975b --- /dev/null +++ b/modules.d/SER_VariousServices/DiagServices.txt @@ -0,0 +1,4 @@ +DiagTrack +dmwappushservice +diagnosticshub.standardcollector.service +RetailDemo diff --git a/modules.d/TSK_ApplicationExperiences.conf b/modules.d/TSK_ApplicationExperiences.conf new file mode 100644 index 0000000..d9537cc --- /dev/null +++ b/modules.d/TSK_ApplicationExperiences.conf @@ -0,0 +1,31 @@ +{ + "name" : "Remove Applcation Experiences Tasks", + "description" : "Is mostly consist of user data analyse for user experience", + "actions" : + [ + { + "_comment" : "", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Application Experience\\", + "name" : "AitAgent" + }, + { + "_comment" : "Disable telemetry collect for Microsoft user experience - Compatibility", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Application Experience\\", + "name" : "Microsoft Compatibility Appraiser" + }, + { + "_comment" : "Disable telemetry collect for Microsoft user experience - Program Data", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Application Experience\\", + "name" : "ProgramDataUpdater" + }, + { + "_comment" : "Disable startup tasks analyser and user notification", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Application Experience\\", + "name" : "StartupAppTask" + } + ] +} diff --git a/modules.d/TSK_CustomerExperience.conf b/modules.d/TSK_CustomerExperience.conf new file mode 100644 index 0000000..10e9a6c --- /dev/null +++ b/modules.d/TSK_CustomerExperience.conf @@ -0,0 +1,31 @@ +{ + "name" : "Remove Customer xperiences Tasks", + "description" : "Is mostly consist of user data analyse for user experience", + "actions" : + [ + { + "_comment" : "", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Customer Experience Improvement Program\\", + "name" : "BthSQM" + }, + { + "_comment" : "Disable user data consolidation and sent to Microsoft (if user subscribe to MS User Experience program)", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Customer Experience Improvement Program\\", + "name" : "Consolidator" + }, + { + "_comment" : "", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Customer Experience Improvement Program\\", + "name" : "KernelCeipTask" + }, + { + "_comment" : "Disable USB data collect and sent to Microsoft (if user subscribe to MS User Experience program)", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Customer Experience Improvement Program\\", + "name" : "UsbCeip" + } + ] +} diff --git a/modules.d/TSK_Feedback.conf b/modules.d/TSK_Feedback.conf new file mode 100644 index 0000000..bc7a953 --- /dev/null +++ b/modules.d/TSK_Feedback.conf @@ -0,0 +1,19 @@ +{ + "name" : "User feedback tasks", + "description" : "Disable User Feedback tasks", + "actions" : + [ + { + "_comment" : "", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Feedback\\Siuf\\", + "name" : "DmClient" + }, + { + "_comment" : "", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Feedback\\Siuf\\", + "name" : "DmClientOnScenarioDownload" + } + ] +} diff --git a/modules.d/TSK_LocationMaps.conf b/modules.d/TSK_LocationMaps.conf new file mode 100644 index 0000000..0d11986 --- /dev/null +++ b/modules.d/TSK_LocationMaps.conf @@ -0,0 +1,31 @@ +{ + "name" : "Location and Maps Tasks", + "description" : "Remove Location ans Maps relative tasks", + "actions" : + [ + { + "_comment" : "Disable location notification task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Location\\", + "name" : "Notifications" + }, + { + "_comment" : "", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Location\\", + "name" : "WindowsActionDialog" + }, + { + "_comment" : "Disable maps toasts task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Maps\\", + "name" : "MapsToastTask" + }, + { + "_comment" : "Disable maps update task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Maps\\", + "name" : "MapsUpdateTask" + } + ] +} diff --git a/modules.d/TSK_Shell.conf b/modules.d/TSK_Shell.conf new file mode 100644 index 0000000..59e302d --- /dev/null +++ b/modules.d/TSK_Shell.conf @@ -0,0 +1,25 @@ +{ + "name" : "Remove Windows shell Tasks", + "description" : "Disable tasks relative to parental lock", + "actions" : + [ + { + "_comment" : "Disable sync setting with Microsoft familly service task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Shell\\", + "name" : "FamilySafetyMonitorToastTask" + }, + { + "_comment" : "Disable parental lock monitor task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\shell\\", + "name" : "FamilySafetyMonitor" + }, + { + "_comment" : "Disable parental lock update task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Shell\\", + "name" : "FamilySafetyRefreshTask" + } + ] +} diff --git a/modules.d/TSK_Various.conf b/modules.d/TSK_Various.conf new file mode 100644 index 0000000..74227f4 --- /dev/null +++ b/modules.d/TSK_Various.conf @@ -0,0 +1,103 @@ +{ + "name" : "Varisous Tasks", + "description" : "Unsorted Task to disable", + "actions" : + [ + { + "_comment" : "Disable proxy for telemetry data", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Autochk\\", + "name" : "Proxy" + }, + { + "_comment" : "Disable Windows Store licence check task, task exist but Get-ScheduledTask doesn't found it!", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Clip\\", + "name" : "License Validation" + }, + { + "_comment" : "", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\CloudExperienceHost\\", + "name" : "CreateObjectTask" + }, + { + "_comment" : "", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Device Information\\", + "name" : "device" + }, + { + "_comment" : "Disable disk diagnostic data collect and sent task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\DiskDiagnostic\\", + "name" : "Microsoft-Windows-DiskDiagnosticDataCollector" + }, + { + "_comment" : "Disable exchanges temporary preinstalled licenses for Windows Store licenses task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\License Manager\\", + "name" : "TempSignedLicenseExchange" + }, + { + "_comment" : "Disable system performance probe task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Maintenance\\", + "name" : "WinSAT" + }, + { + "_comment" : "Disable mobile broadband data analysis and sent to Microsoft", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Mobile Broadband Accounts\\", + "name" : "MNO Metadata Parsee" + }, + { + "_comment" : "Disable network information data collect", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\NetTrace\\", + "name" : "GatherNetworkInfo" + }, + { + "_comment" : "disable secure boot and boot time data collect and analysis task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\PI\\", + "name" : "Sqm-Tasks" + }, + { + "_comment" : "Disable system analysis for power managment efficiency", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Power Efficiency Diagnostics\\", + "name" : "AnalyzeSystem" + }, + { + "_comment" : "On my test system this task do not exist", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\RetailDemo\\", + "name" : "CleanupOfflineContent" + }, + { + "_comment" : "Disable backgroud upload settings to Microsoft servers task (for sync I suppose)", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\SettingSync\\", + "name" : "BackgroundUploadTask" + }, + { + "_comment" : "Disable speech model download task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Speech\\", + "name" : "SpeechModelDownloadTask" + }, + { + "_comment" : "Disable queued data report analysis and sent task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\Windows Error Reporting\\", + "name" : "QueueReporting" + }, + { + "_comment" : "Disable automatic application update from Microsoft Store task", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\Windows\\WindowsUpdate\\", + "name" : "Automatic App Update" + } + ] +} diff --git a/modules.d/UninstallModernApp.conf b/modules.d/UninstallModernApp.conf new file mode 100644 index 0000000..fb15da7 --- /dev/null +++ b/modules.d/UninstallModernApp.conf @@ -0,0 +1,53 @@ +{ + "name" : "Uninstall Modern Apps", + "description" : "Uninstall unwanted Modern App", + "actions" : + [ + { + "_comment" : "Disable MapsBoker service for uninstall Windows Map", + "action" : "DisableService", + "name" : "MapsBroker" + }, + { + "_comment" : "Uninstall Windows Maps", + "action" : "UninstallModernApp", + "name" : "Microsoft.WindowsMaps", + "removeProvisioned" : true + }, + { + "_comment" : "Disable xbox services for uninstall Apps", + "action" : "DisableService", + "file" : "XboxServices.txt" + }, + { + "_comment" : "Disable Xbox sheduled tasks", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\XblGameSave\\", + "name" : "XblGameSaveTask" + }, + { + "_comment" : "Disable Xbox sheduled tasks", + "action" : "RemoveScheduledTask", + "path" : "\\Microsoft\\XblGameSave\\", + "name" : "XblGameSaveTaskLogon" + }, + { + "_comment" : "Uninstall Xbox Apps", + "action" : "UninstallModernApp", + "file" : "XboxApps.txt", + "removeProvisioned" : true + }, + { + "_comment" : "Uninstall Microsoft Apps", + "action" : "UninstallModernApp", + "file" : "MicrosoftApps.txt", + "removeProvisioned" : true + }, + { + "_comment" : "Uninstall third party apps", + "action" : "UninstallModernApp", + "file" : "OthersApps.txt", + "removeProvisioned" : true + } + ] +} diff --git a/lib/apps.txt b/modules.d/UninstallModernApp/MicrosoftApps.txt old mode 100755 new mode 100644 similarity index 89% rename from lib/apps.txt rename to modules.d/UninstallModernApp/MicrosoftApps.txt index 3fc0758..7b21b5b --- a/lib/apps.txt +++ b/modules.d/UninstallModernApp/MicrosoftApps.txt @@ -1,4 +1,5 @@ Microsoft.3dbuilder +Microsoft.Advertising.Xaml Microsoft.Appconnector Microsoft.BingFinance Microsoft.BingFoodAndDrink @@ -17,13 +18,16 @@ Microsoft.MicrosoftPowerBIForWindows Microsoft.MicrosoftSolitaireCollection Microsoft.MicrosoftStickyNotes Microsoft.MinecraftUWP +Microsoft.MixedReality.Portal Microsoft.MSPaint Microsoft.Office.OneNote Microsoft.Office.Sway Microsoft.OneConnect Microsoft.People +Microsoft.Print3D Microsoft.Services.Store.Engagement Microsoft.SkypeApp +Microsoft.Wallet Microsoft.Windows.Photos Microsoft.WindowsAlarms Microsoft.WindowsCalculator @@ -33,10 +37,6 @@ Microsoft.WindowsFeedbackHub Microsoft.WindowsMaps Microsoft.WindowsPhone Microsoft.WindowsSoundRecorder -Microsoft.WindowsStore -Microsoft.XboxApp +Microsoft.YourPhone Microsoft.ZuneMusic -Microsoft.ZuneVideo -Microsoft.Advertising.Xaml -9E2F88E3.Twitter -king.com.CandyCrushSodaSaga +Microsoft.ZuneVideo \ No newline at end of file diff --git a/modules.d/UninstallModernApp/OthersApps.txt b/modules.d/UninstallModernApp/OthersApps.txt new file mode 100644 index 0000000..ca4e4e3 --- /dev/null +++ b/modules.d/UninstallModernApp/OthersApps.txt @@ -0,0 +1,24 @@ +2414FC7A.Viber +64885BlueEdge.OneCalendar +7906AAC0.TOSHIBAManual +7906AAC0.TOSHIBAPCInformation +7906AAC0.TOSHIBAServiceStation +7906AAC0.TOSHIBASettings +89006A2E.AutodeskSketchBook +906AAC0.TOSHIBAPCInformation +9E2F88E3.Twitter +A278AB0D.DisneyMagicKingdoms +A278AB0D.MarchofEmpires +Amazon.com.Amazon +CAF9E577.Plex +CyberLinkCorp.to.PowerDVDforToshiba +WavesAudio.MaxxAudioProforDell2019 +DolbyLaboratories.DolbyAccess +Expedia.ExpediaHotelsFlightsCarsActivities +king.com.BubbleWitch3Saga +king.com.CandyCrushFriends +king.com.CandyCrushSodaSaga +king.com.FarmHeroesSaga +SpotifyAB.SpotifyMusic +WinZipComputing.WinZipUniversal +WinZipComputing.41990D275AB9A diff --git a/modules.d/UninstallModernApp/XboxApps.txt b/modules.d/UninstallModernApp/XboxApps.txt new file mode 100644 index 0000000..ed5c7a9 --- /dev/null +++ b/modules.d/UninstallModernApp/XboxApps.txt @@ -0,0 +1,5 @@ +Microsoft.Xbox.TCUI +Microsoft.XboxApp +Microsoft.XboxGameOverlay +Microsoft.XboxIdentityProvider +Microsoft.XboxSpeechToTextOverlay diff --git a/modules.d/UninstallModernApp/XboxServices.txt b/modules.d/UninstallModernApp/XboxServices.txt new file mode 100644 index 0000000..1a59b98 --- /dev/null +++ b/modules.d/UninstallModernApp/XboxServices.txt @@ -0,0 +1,5 @@ +XblAuthManager +XblGameSave +XboxNetApiSvc +xboxgip +XboxGipSvc