ephase/win10-privacy-script
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
This repository has been archived on 2024-09-06. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
win10-privacy-script/cleanW10.ps1

197 lines
10 KiB
PowerShell
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#requires -RunAsAdministrator
Import-Module NetSecurity #Useful to manipulate firewall rules
$shittyFeatures = ("Internet-Explorer-Optional-amd64", "FaxServicesClientPackage", "WindowsMediaPlayer", "MediaPlayback")
$shittyIP = ("2.22.61.43", "2.22.61.66", "65.39.117.230", "65.55.108.23", "23.218.212.69", "134.170.30.202", "137.116.81.24", "157.56.106.189", "204.79.197.200", "65.52.108.33", "64.4.54.254")
$shittyModernApp = ("messaging", "onenote", "sway", "edge", "3dbuilder", "windowscommunicationsapps", "windowscamera", "officehub", "skypeapp", "getstarted", "zunemusic", "windowsmaps", "solitairecollection", "bingfinance", "zunevideo", "bingnews", "onenote", "people", "windowsphone", "photos", "bingsports", "soundrecorder", "bingweather", "xboxapp", "twitter")
$shittyHosts = ("a-0001.a-msedge.net", "a-0002.a-msedge.net", "a-0003.a-msedge.net", "a-0004.a-msedge.net", "a-0005.a-msedge.net", "a-0006.a-msedge.net", "a-0007.a-msedge.net", "a-0008.a-msedge.net", "a-0009.a-msedge.net", "a-msedge.net", "a.ads1.msn.com", "a.ads2.msads.net","a.ads2.msn.com", "a.rad.msn.com", "ac3.msn.com", "ad.doubleclick.net", "adnexus.net", "adnxs.com", "ads.msn.com", "ads1.msads.net", "ads1.msn.com", "aidps.atdmt.com", "aka-cdn-ns.adtech.de", "az361816.vo.msecnd.net", "az512334.vo.msecnd.net", "b.ads1.msn.com", "b.ads2.msads.net", "b.rad.msn.com", "bs.serving-sys.com", "c.atdmt.com", "c.msn.com", "cdn.atdmt.com", "cds26.ams9.msecn.net", "choice.microsoft.com", "choice.microsoft.com.nsatc.net", "compatexchange.cloudapp.net", "corp.sts.microsoft.com", "corpext.msitadfs.glbdns2.microsoft.com", "cs1.wpc.v0cdn.net", "db3aqu.atdmt.com", "df.telemetry.microsoft.com", "diagnostics.support.microsoft.com", "ec.atdmt.com", "feedback.microsoft-hohm.com", "feedback.search.microsoft.com", "feedback.windows.com", "flex.msn.com", "g.msn.com", "h1.msn.com", "i1.services.social.microsoft.com", "i1.services.social.microsoft.com.nsatc.net", "lb1.www.ms.akadns.net", "live.rads.msn.com", "m.adnxs.com", "msedge.net", "msftncsi.com", "msnbot-65-55-108-23.search.msn.com", "msntest.serving-sys.com", "oca.telemetry.microsoft.com", "oca.telemetry.microsoft.com.nsatc.net", "pre.footprintpredict.com", "preview.msn.com", "rad.live.com", "rad.msn.com", "redir.metaservices.microsoft.com", "schemas.microsoft.akadns.net ", "secure.adnxs.com", "secure.flashtalking.com", "settings-sandbox.data.microsoft.com", "settings-win.data.microsoft.com", "sls.update.microsoft.com.akadns.net", "sqm.df.telemetry.microsoft.com", "sqm.telemetry.microsoft.com", "sqm.telemetry.microsoft.com.nsatc.net", "static.2mdn.net", "statsfe1.ws.microsoft.com", "statsfe2.ws.microsoft.com", "telecommand.telemetry.microsoft.com", "telecommand.telemetry.microsoft.com.nsatc.net", "telemetry.appex.bing.net", "telemetry.microsoft.com", "telemetry.urs.microsoft.com", "vortex-bn2.metron.live.com.nsatc.net", "vortex-cy2.metron.live.com.nsatc.net", "vortex-sandbox.data.microsoft.com", "vortex-win.data.microsoft.com", "vortex.data.microsoft.com", "watson.live.com", "www.msftncsi.com", "ssw.live.com", "reports.wes.df.telemetry.microsoft.com", "services.wes.df.telemetry.microsoft.com", "web.vortex.data.microsoft.com", "vortex-win.data.metron.live.com.nsatc.net", "v10.vortex-win.data.microsoft.com", "vortex-cy2.metron.live.com.nsatc.net", "vortex.data.glbdns2.microsoft.com", "vortex-win.data.microsoft.com", "vortex.data.microsoft.com", "fe2.update.microsoft.com.akadns.net", "s0.2mdn.net", "statsfe2.update.microsoft.com.akadns.net", "survey.watson.microsoft.com", "view.atdmt.com", "watson.microsoft.com", "watson.ppe.telemetry.microsoft.com", "watson.telemetry.microsoft.com", "watson.telemetry.microsoft.com.nsatc.net", "wes.df.telemetry.microsoft.com", "ui.skype.com","pricelist.skype.com", "apps.skype.com", "m.hotmail.com", "s.gateway.messenger.live.com")
$shittyServices = ("DiagTrack", "dmwappushsvc", "XblAuthManager", "XblGameSave", "XboxNetApiSvc")
$shittyTasks = ("Microsoft Compatibility Appraiser", "ProgramDataUpdater", "Consolidator", "KernelCeipTask", "UsbCeip")
$HOST_FILE = "$env:windir\System32\drivers\etc\hosts"
$HOST_IP = "0.0.0.0"
$ErrorActionPreference = "SilentlyContinue"
#Thanks to https://gist.github.com/markembling/173887
function blockShittyHost {
param([string]$filename, [string]$ip, [string]$hostname)
remove-host $filename $hostname
Write-Host -NoNewline -ForegroundColor White "Block shitty host $hostname"
try {
if ( ! $(is_host_present $filename $hostname) ){
$ip + "`t`t" + $hostname | Out-File -encoding ASCII -append $filename
}
else {
Write-Host -NoNewline -ForegroundColor Yellow " Already blocked "
}
}
catch {
Write-Host -ForegroundColor Red " Error "
return
}
Write-Host -ForegroundColor Green " done "
}
function is_host_present {
param([string]$filename, [string]$hostname)
$c = Get-Content $filename
foreach ($line in $c) {
$bits = [regex]::Split($line, "\t+")
if ($bits[1] -eq $hostname) {
return $true
}
}
return $false
}
function remove_shittyTasks () {
param($taskList)
Foreach ($task in $taskList){
Write-Host -ForegroundColor white -NoNewline "Remove Task " $task
if ($PSVersionTable.PSVersion.Major -gt 2) {
if (Get-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue) {
Write-Host -NoNewline -ForegroundColor DarkGreen " found! "
Write-Host -Nonewline -ForegroundColor white "removing ... "
Try {Unregister-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue -Confirm:$false}
Catch {
Write-Host -Nonewline -ForegroundColor Red " Error "
}
Write-Host -ForegroundColor Green " Done"
}
else { Write-Host -ForegroundColor Yellow " Already removed"}
}
else {
Write-Host -Nonewline -ForegroundColor Red " Damned! this is not Windows 10!"
}
}
}
# Modify a reg value
# Params :
# path : the complete path to reg key
# key : key name
# value : The value to write
function modifyShittyRegValue {
param([string]$path, [string]$key, [string]$value, [string]$type)
Write-Host -ForegroundColor white -NoNewline "Modify $key reg value to $value :"
if (!(Test-Path $path)){
Write-Host -ForegroundColor Gray -NoNewline " creating path "
New-Item -Path $path -Force | Out-Null
}
try {
if ($type) {
Set-ItemProperty -Path $path -Name $key -Value $value -Type $type -Force
}
else {
Set-ItemProperty -Path $path -Name $key -Value $value -Force
}
}
catch [System.Security.SecurityException]{
Write-Host -ForegroundColor Red "Access denied"
return
}
catch {
Write-Host -ForegroundColor Red " Error "
Write-Host $Error[0]
return
}
Write-host -ForegroundColor Green " done "
}
# Function to remove shitty prog from shitty win
# Params :
# $name : Feature name
function disableShitty {
param ($name)
Write-Host -NoNewline -ForegroundColor White "Disable $name feature :"
$requestInstall = dism /online /Get-FeatureInfo /FeatureName:$name /English
$isInstalled = $requestInstall | Select-String "state"
If ($isInstalled -match "Enable") {
try {
Dism /online /Disable-Feature /FeatureName:$name /NoRestart | Out-Null
}
catch {
Write-Host -ForegroundColor Red " Error"
Return
}
Write-Host -ForegroundColor Green " done "
}
else {
Write-Host -ForegroundColor Yellow " already disable "
}
}
# disable "Modern App"
# Params
# $name : Name of modern app
function disableModernShitty {
param([string]$name)
Write-Host -ForegroundColor white -NoNewline "Remove $name modern app"
try {
$pkgname = Get-AppxPackage -allusers -name *$name*
if (Get-AppxPackage $pkgname.Name) {
Remove-AppxPackage $pkgname
}
Get-AppxProvisionedPackage -Online | where-Object {$_.PackageName -like "*$name*"} | Remove-AppxProvisionedPackage -Online | Out-Null
}
catch {
Write-Host -ForegroundColor Red " Error "
return
}
Write-Host -ForegroundColor Green " Done "
}
function disableShittyService ([string]$name){
Write-Host -ForegroundColor White -NoNewline "Disable service $name :"
$serv = Get-Service -name $name
if ( !$serv) {
Write-Host -ForegroundColor Red " Not found "
return
}
if ( $serv.StartType -eq "Disable") {
Write-Host -ForegroundColor Yellow " Already disabled"
}
else {
service Stop-Service -InputObject $serv -PassThru | Set-Service -StartupType disabled
Write-Host -ForegroundColor Green " Done "
}
}
Write-Output ""
Write-Output "I's time to kick ass and chew bubble gum"
Write-Output "________________________________________"
write-Output ""
#$shittyFeatures | foreach { disableShitty $_ }
#$shittyServices | Foreach { disableShittyService $_ }
#$shittyModernApp | Foreach { disableModernShitty $_ }
$shittyHosts | Foreach { blockShittyHost $HOST_FILE $HOST_IP $_ }
remove_shittyTasks $shittyTasks
$shittyIP | Foreach {
New-NetFirewallRule -Name Blacklist_$_ -DisplayName "BlackList $_" -Protocol any -Enabled True -Profile Any -RemoteAddress $_ -Action Block | Out-Null
Write-Output "Shitty IP $_ banned."
}
# AllowTelemetry
modifyShittyRegValue "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" "0"
# Windows Defender Delivery Optimization Download
modifyShittyRegValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" "DODownloadMode" "0"
# WifiSense Credential Share
modifyShittyRegValue "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseCredShared" "0"
# WifiSense Open-ness
modifyShittyRegValue "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseOpen" "0"
# Windows Defender Spynet
modifyShittyRegValue "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SpyNetReporting" "0"
# Windows Defender Sample Submission
modifyShittyRegValue "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SubmitSamplesConsent" "0"
#Désinstallation des applications "métro" inutiles
#Get-AppxPackage -AllUsers | Remove-AppxPackage
#Get-AppXProvisionedPackage -online | remove-appxprovisionedpackage -online
Reference in a new issue View git blame Copy permalink