ephase/win10-privacy-script
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
This repository has been archived on 2024-09-06. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
win10-privacy-script/cleanW10.ps1

321 lines
13 KiB
PowerShell
Executable file
Raw Blame History

#requires -RunAsAdministrator
Import-Module NetSecurity #Useful to manipulate firewall rules
$HOST_FILE = "$env:windir\System32\drivers\etc\hosts"
$HOST_IP = "0.0.0.0"
$ErrorActionPreference = "SilentlyContinue"
#Thanks to https://gist.github.com/markembling/173887
function block_shitty_host {
param([string]$filename, [string]$ip, [string]$hostname)
remove-host $filename $hostname
Write-Host -NoNewline "`t$hostname :"
try {
if ( ! $(is_host_present $filename $hostname) ){
$ip + "`t`t" + $hostname | Out-File -encoding ASCII -append $filename
}
else {
Write-Host -ForegroundColor Yellow "already blocked "
return
}
}
catch {
Write-Host -ForegroundColor Red "error"
return
}
Write-Host -ForegroundColor Green "done"
}
function is_host_present {
param([string]$filename, [string]$hostname)
$c = Get-Content $filename
foreach ($line in $c) {
$bits = [regex]::Split($line, "\t+")
if ($bits[1] -eq $hostname) {
return $true
}
}
return $false
}
function block_shitty_ip {
param($ip)
Write-Host -NoNewline "`t$ip : "
if ( Get-NetFirewallRule -Name Blacklist_$ip -ErrorAction SilentlyContinue) {
Write-Host -ForegroundColor Yellow "already blacklisted"
return
}
else {
Try {
New-NetFirewallRule -Name Blacklist_$ip -DisplayName "BlackList $ip" -Protocol any -Enabled True -Profile Any -RemoteAddress $ip -Action Block | Out-Null
}
Catch {
Write-Host -ForegroundColor Red "error"
return
}
Write-Host -ForegroundColor Green "done"
}
}
function remove_shitty_tasks () {
param($taskList)
Foreach ($task in $taskList){
Write-Host -NoNewline "`t$task : "
if ($PSVersionTable.PSVersion.Major -gt 2) {
if (Get-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue) {
Write-Host -NoNewline -ForegroundColor DarkGreen "found! "
Write-Host -Nonewline -ForegroundColor white "removing : "
Try {Unregister-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue -Confirm:$false}
Catch {
Write-Host -Nonewline -ForegroundColor Red "error"
}
Write-Host -ForegroundColor Green "done"
}
else { Write-Host -ForegroundColor Yellow "already removed"}
}
else {
Write-Host -ForegroundColor Red "damned! this is not Windows 10!"
}
}
}
# Modify a reg value
# Params :
# path : the complete path to reg key
# key : key name
# value : The value to write
function modify_shitty_reg_value {
param([string]$path, [string]$key, [string]$value, [string]$type)
Write-Host -NoNewline "`t$key reg key to $value : "
if (!(Test-Path $path)){
Write-Host -NoNewline "creating path "
New-Item -Path $path -Force | Out-Null
}
try {
if ($type) {
Set-ItemProperty -Path $path -Name $key -Value $value -Type $type -Force
}
else {
Set-ItemProperty -Path $path -Name $key -Value $value -Type Dword -Force
}
}
catch [System.Security.SecurityException]{
Write-Host -ForegroundColor Red "access denied"
return
}
catch {
Write-Host -ForegroundColor Red "error"
Write-Host "`t$Error[0]"
return
}
Write-host -ForegroundColor Green "done"
}
# Function to remove shitty prog from shitty win
# Params :
# $name : Feature name
function disable_shitty_feature {
param ($name)
Write-Host -NoNewline "`t$name : "
$requestInstall = dism /online /Get-FeatureInfo /FeatureName:$name /English
$isInstalled = $requestInstall | Select-String "state"
If ($isInstalled -match "Enable") {
try {
Dism /online /Disable-Feature /FeatureName:$name /NoRestart | Out-Null
}
catch {
Write-Host -ForegroundColor Red "error"
Return
}
Write-Host -ForegroundColor Green "done"
}
else {
Write-Host -ForegroundColor Yellow "already disable"
}
}
# remove unwanted "Modern App"
# Params
# $pkg : Package (Object)
function remove_shitty_modern_app {
param($pkg)
Write-Host -NoNewLine "`t$($pkg.Name) :"
try {
$pkg | Remove-AppxPackage
}
catch {
Write-Host -ForegroundColor Red "error"
write-Host $Error[0]
return
}
Write-Host -ForegroundColor Green "done"
}
function remove_provisioned_shitty_modern_app {
param($pkg)
Write-Host -NoNewline "`t$($pkg.DisplayName) : "
try {
$pkg | Remove-AppxProvisionedPackage -Online | Out-Null
}
catch {
Write-Host -ForegroundColor red "error"
Write-Host $Error[0]
return
}
Write-Host -ForegroundColor Green "done"
}
function disable_shitty_service {
param([string]$name)
Write-Host -NoNewline "`t$name : "
$serv = Get-Service -name $name
if ( !$serv) {
Write-Host -ForegroundColor Red "not found"
return
}
if ( $serv.StartType -eq "Disable") {
Write-Host -ForegroundColor Yellow "already disabled"
}
else {
Stop-Service -InputObject $serv -PassThru | Set-Service -StartupType disabled
Write-Host -ForegroundColor Green "done "
}
}
# Kill a process
# Param :
# $process : name of process to kill (String)
function kill_shitty_process {
param([string]$process)
Write-Host -NoNewLine "`tKilling $process : "
try {
$p = Get-Process $process
Stop-Process $p | Out-Null
Write-Host -ForegroundColor Green "Done"
}
catch {
Write-host -ForegroundColor Yellow "Not started"
}
}
Write-Output "`nI's time to kick ass and chew bubble gum"
Write-Output "________________________________________`n"
Write-Host -ForegroundColor White "Blacklist hosts :"
foreach ($line in Get-Content "lib\hosts.txt"){ block_shitty_host $HOST_FILE $HOST_IP $line }
Write-Host -ForegroundColor White "`nBlacklist IPs :"
foreach ($line in Get-Content "lib\ip.txt"){ block_shitty_ip $line }
Write-Host -ForegroundColor White "`nDisable features :"
foreach ($line in Get-Content "lib\features.txt"){ disable_shitty_feature $line }
Write-Host -ForegroundColor White "`nDisable services :"
foreach ($line in Get-Content "lib\services.txt") { disable_shitty_service $line }
Write-Host -ForegroundColor White "`nRemove modern apps :"
Get-AppxPackage -AllUsers | Where-Object { $_.name -in $(Get-Content "lib\apps.txt")} | foreach {
remove_shitty_modern_app $_
}
Write-Host -ForegroundColor White "`nRemove provisioned modern apps :"
Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -in $(Get-Content "lib\apps.txt")} | foreach {
remove_provisioned_shitty_modern_app $_
}
Write-Host -ForegroundColor White "`nRemove tasks :"
foreach ($line in Get-Content "lib\tasks.txt") {remove_shitty_tasks $line }
#Remove all OneDrive Stuff thanks to https://github.com/W4RH4WK/Debloat-Windows-10/
Write-Host -ForegroundColor white "`nRemoving all Onedrive stuff :"
# Kill onedrive qnd explorer for proper uninstallation
kill_shitty_process "onedrive"
kill_shitty_process "explorer"
Write-Host "`tUninstalling Onedrive"
if (Test-Path "$env:systemroot\System32\OneDriveSetup.exe") {
& "$env:systemroot\System32\OneDriveSetup.exe" /uninstall
}
if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") {
& "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall
}
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive"
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive"
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:systemdrive\OneDriveTemp"
Write-Host "`tModify OneDrive shitty registery values :"
#OneDrive
modify_shitty_reg_value "HKLM:\Software\Policies\Microsoft\Windows\OneDrive" "DisableFileSyncNGSC" 1
modify_shitty_reg_value "HKLM:\Software\Policies\Microsoft\Windows\OneDrive" "DisableFileSync" 1
modify_shitty_reg_value "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" "OneDrive" "0300000021B9DEB396D7D001" "Binary"
# Onedrive Explorer integration
New-PSDrive -PSProvider Registry -Root HKEY_CLASSES_ROOT -Name HKCR | Out-Null
modify_shitty_reg_value "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
modify_shitty_reg_value "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
Remove-PSDrive -Name HKCR
Start-Process "explorer.exe"
#Advertiging...
Write-Host -ForegroundColor White "`nDisable Advertising :"
modify_shitty_reg_value "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\AdvertisingInfo" "Enabled" "0"
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" "DisabledByGroupPolicy" 1
# Geoloc.
Write-Host -ForegroundColor White "`nDisable Geolocalization :"
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableLocation" 1
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableLocationScripting" 1
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableWindowsLocationProvider" 1
#smartscreen filter
Write-Host -ForegroundColor White "`nDisable Smartscreen filter :"
modify_shitty_reg_value "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" "EnableWebContentEvaluation"
# AllowTelemetry
Write-Host -ForegroundColor White "`nDisable Telemetry :"
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0
Write-Host -ForegroundColor White "`nModify somes Windows defendenr behaviors :"
# Windows Defender Delivery Optimization Download
modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" "DODownloadMode" "0"
# Windows Defender Behavior monitoring and Spynet reporting.
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableBehaviorMonitoring" 1
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "SpynetReporting" 0
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "SubmitSamplesConsent" 2
Write-Host -ForegroundColor White "`nDisable Wifi-Sense :"
# WifiSense Credential Share
modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseCredShared" "0"
# WifiSense Open-ness
modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseOpen" "0"
# Disable Cortana
Write-Host -ForegroundColor White "`nDisable Cortana (online at least) :"
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" "AllowCortana" "0"
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" "ConnectedSearchUseWeb" "0"
# App right.
Write-Host -ForegroundColor White "`nDisable rights for applications :"
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessAccountInfo" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCalendar" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCallHistory" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCamera" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessContacts" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessEmail" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessLocation" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMessaging" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMicrophone" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMotion" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessRadios" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessTrustedDevices" 2
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsSyncWithDevices" 2
# MS Account
Write-Host -ForegroundColor White "`nDisable MS online account for login :"
modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" "NoConnectedUser" 3
# App suggestion (Cloud Content)
Write-Host -ForegroundColor White "`nDisable suggestions :"
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" "DisableWindowsConsumerFeatures" 1
Write-Host "all done!"
Reference in a new issue View git blame Copy permalink