269 lines
11 KiB
PowerShell
269 lines
11 KiB
PowerShell
#requires -RunAsAdministrator
|
|
Import-Module NetSecurity #Useful to manipulate firewall rules
|
|
|
|
$HOST_FILE = "$env:windir\System32\drivers\etc\hosts"
|
|
$HOST_IP = "0.0.0.0"
|
|
$ErrorActionPreference = "SilentlyContinue"
|
|
|
|
#Thanks to https://gist.github.com/markembling/173887
|
|
function block_shitty_host {
|
|
param([string]$filename, [string]$ip, [string]$hostname)
|
|
remove-host $filename $hostname
|
|
Write-Host -NoNewline -ForegroundColor White "Block shitty host $hostname"
|
|
try {
|
|
if ( ! $(is_host_present $filename $hostname) ){
|
|
$ip + "`t`t" + $hostname | Out-File -encoding ASCII -append $filename
|
|
}
|
|
else {
|
|
Write-Host -ForegroundColor Yellow " Already blocked "
|
|
return
|
|
}
|
|
}
|
|
catch {
|
|
Write-Host -ForegroundColor Red " Error "
|
|
return
|
|
}
|
|
Write-Host -ForegroundColor Green " done "
|
|
}
|
|
|
|
function is_host_present {
|
|
param([string]$filename, [string]$hostname)
|
|
$c = Get-Content $filename
|
|
|
|
foreach ($line in $c) {
|
|
$bits = [regex]::Split($line, "\t+")
|
|
if ($bits[1] -eq $hostname) {
|
|
return $true
|
|
}
|
|
}
|
|
return $false
|
|
}
|
|
|
|
function block_shitty_ip {
|
|
param($ip)
|
|
Write-Host -ForegroundColor white -NoNewline "Blacklist IP $ip : "
|
|
if ( Get-NetFirewallRule -Name Blacklist_$ip) {
|
|
Write-Host -ForegroundColor Yellow "Already blacklisted"
|
|
return
|
|
}
|
|
else {
|
|
Try {
|
|
New-NetFirewallRule -Name Blacklist_$ip -DisplayName "BlackList $ip" -Protocol any -Enabled True -Profile Any -RemoteAddress $ip -Action Block | Out-Null
|
|
}
|
|
Catch {
|
|
Write-Host -Nonewline -ForegroundColor Red " Error "
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
function remove_shitty_tasks () {
|
|
param($taskList)
|
|
Foreach ($task in $taskList){
|
|
Write-Host -ForegroundColor white -NoNewline "Remove Task " $task
|
|
if ($PSVersionTable.PSVersion.Major -gt 2) {
|
|
if (Get-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue) {
|
|
Write-Host -NoNewline -ForegroundColor DarkGreen " found! "
|
|
Write-Host -Nonewline -ForegroundColor white "removing ... "
|
|
Try {Unregister-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue -Confirm:$false}
|
|
Catch {
|
|
Write-Host -Nonewline -ForegroundColor Red " Error "
|
|
}
|
|
Write-Host -ForegroundColor Green " Done"
|
|
}
|
|
else { Write-Host -ForegroundColor Yellow " Already removed"}
|
|
}
|
|
else {
|
|
Write-Host -Nonewline -ForegroundColor Red " Damned! this is not Windows 10!"
|
|
}
|
|
}
|
|
}
|
|
|
|
# Modify a reg value
|
|
# Params :
|
|
# path : the complete path to reg key
|
|
# key : key name
|
|
# value : The value to write
|
|
function modify_shitty_reg_value {
|
|
param([string]$path, [string]$key, [string]$value, [string]$type)
|
|
Write-Host -ForegroundColor white -NoNewline "Modify $key reg value to $value :"
|
|
if (!(Test-Path $path)){
|
|
Write-Host -ForegroundColor Gray -NoNewline " creating path "
|
|
New-Item -Path $path -Force | Out-Null
|
|
}
|
|
|
|
try {
|
|
if ($type) {
|
|
Set-ItemProperty -Path $path -Name $key -Value $value -Type $type -Force
|
|
}
|
|
else {
|
|
Set-ItemProperty -Path $path -Name $key -Value $value -Type Dword -Force
|
|
}
|
|
}
|
|
catch [System.Security.SecurityException]{
|
|
Write-Host -ForegroundColor Red "Access denied"
|
|
return
|
|
}
|
|
catch {
|
|
Write-Host -ForegroundColor Red " Error "
|
|
Write-Host $Error[0]
|
|
return
|
|
}
|
|
Write-host -ForegroundColor Green " done "
|
|
}
|
|
|
|
# Function to remove shitty prog from shitty win
|
|
# Params :
|
|
# $name : Feature name
|
|
function disable_shitty_feature {
|
|
param ($name)
|
|
Write-Host -NoNewline -ForegroundColor White "Disable $name feature :"
|
|
$requestInstall = dism /online /Get-FeatureInfo /FeatureName:$name /English
|
|
$isInstalled = $requestInstall | Select-String "state"
|
|
If ($isInstalled -match "Enable") {
|
|
try {
|
|
Dism /online /Disable-Feature /FeatureName:$name /NoRestart | Out-Null
|
|
}
|
|
catch {
|
|
Write-Host -ForegroundColor Red " Error"
|
|
Return
|
|
}
|
|
Write-Host -ForegroundColor Green " done "
|
|
}
|
|
else {
|
|
Write-Host -ForegroundColor Yellow " already disable "
|
|
}
|
|
}
|
|
|
|
# disable "Modern App"
|
|
# Params
|
|
# $name : Name of modern app
|
|
function disable_shitty_modern_app {
|
|
param([string]$name)
|
|
Write-Host -ForegroundColor white -NoNewLine "Remove $name modern app"
|
|
$package = Get-AppxPackage -AllUsers -name *$name*
|
|
if ( $package ) {
|
|
Write-Host -ForegroundColor white -NoNewLine " installed :"
|
|
try {
|
|
$package | Remove-AppxPackage
|
|
}
|
|
catch {
|
|
Write-Host -ForegroundColor Red " Uninstall error"
|
|
return
|
|
}
|
|
Write-Host -ForegroundColor Green -NoNewLine " uninstalled"
|
|
}
|
|
else { Write-Host -ForegroundColor Yellow -NoNewLine " Not installed"}
|
|
|
|
Write-Host -ForegroundColor white -NoNewLine " |"
|
|
$provisioned = Get-AppxProvisionedPackage -Online | where-Object {$_.PackageName -like "*$name*"}
|
|
if ( $provisioned ) {
|
|
Write-Host -ForegroundColor White -NoNewLine " Provisonned"
|
|
try {
|
|
$provisioned | Remove-AppxProvisionedPackage -Online | Out-Null
|
|
}
|
|
catch {
|
|
Write-Host -ForegroundColor red " Error"
|
|
return
|
|
}
|
|
Write-Host -ForegroundColor Green " Done"
|
|
}
|
|
else { Write-Host -ForegroundColor Yellow " Not provisionned"}
|
|
}
|
|
|
|
function disable_shitty_service ([string]$name){
|
|
Write-Host -ForegroundColor White -NoNewline "Disable service $name :"
|
|
$serv = Get-Service -name $name
|
|
if ( !$serv) {
|
|
Write-Host -ForegroundColor Red " Not found "
|
|
return
|
|
}
|
|
if ( $serv.StartType -eq "Disable") {
|
|
Write-Host -ForegroundColor Yellow " Already disabled"
|
|
}
|
|
else {
|
|
service Stop-Service -InputObject $serv -PassThru | Set-Service -StartupType disabled
|
|
Write-Host -ForegroundColor Green " Done "
|
|
}
|
|
}
|
|
|
|
Write-Output ""
|
|
Write-Output "I's time to kick ass and chew bubble gum"
|
|
Write-Output "________________________________________"
|
|
write-Output ""
|
|
|
|
foreach ($line in Get-Content "lib\hosts.txt"){ block_shitty_host $HOST_FILE $HOST_IP $line }
|
|
foreach ($line in Get-Content "lib\ip.txt"){ block_shitty_ip $line }
|
|
foreach ($line in Get-Content "lib\features.txt"){ disable_shitty_feature $line }
|
|
foreach ($line in Get-Content "lib\services.txt") { disable_shitty_featureService $line }
|
|
foreach ($line in Get-Content "lib\apps.txt") { disable_shitty_modern_app $line }
|
|
foreach ($line in Get-Content "lib\tasks.txt") {remove_shitty_tasks $line }
|
|
|
|
|
|
#Advertiging...
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\AdvertisingInfo" "Enabled" "0"
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" "DisabledByGroupPolicy" 1
|
|
|
|
# Geoloc.
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableLocation" 1
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableLocationScripting" 1
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" "DisableWindowsLocationProvider" 1
|
|
|
|
#smartscreen filter
|
|
modify_shitty_reg_value "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" "EnableWebContentEvaluation"
|
|
|
|
# AllowTelemetry
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0
|
|
|
|
#OneDrive
|
|
|
|
modify_shitty_reg_value "HKLM:\Software\Policies\Microsoft\Windows\OneDrive" "DisableFileSyncNGSC" 1
|
|
modify_shitty_reg_value "HKLM:\Software\Policies\Microsoft\Windows\OneDrive" "DisableFileSync" 1
|
|
modify_shitty_reg_value "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" "OneDrive" "0300000021B9DEB396D7D001" "Binary"
|
|
|
|
# Windows Defender Delivery Optimization Download
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" "DODownloadMode" "0"
|
|
|
|
# WifiSense Credential Share
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseCredShared" "0"
|
|
|
|
# WifiSense Open-ness
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" "WiFiSenseOpen" "0"
|
|
|
|
# Windows Defender Spynet
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "SpynetReporting" 0
|
|
|
|
# Windows Defender Sample Submission
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "SubmitSamplesConsent" 2
|
|
|
|
# Windows Defender Behavior monitoring and Spynet reporting.
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableBehaviorMonitoring" 1
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "SpynetReporting" 0
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "SubmitSamplesConsent" 2
|
|
|
|
# Disable Cortana
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" "AllowCortana" "0"
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\" "ConnectedSearchUseWeb" "0"
|
|
|
|
# App right.
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessAccountInfo" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCalendar" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCallHistory" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessCamera" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessContacts" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessEmail" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessLocation" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMessaging" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMicrophone" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessMotion" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessRadios" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsAccessTrustedDevices" 2
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" "LetAppsSyncWithDevices" 2
|
|
|
|
# MS Account
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" "NoConnectedUser" 3
|
|
|
|
# App suggestion (Cloud Content)
|
|
modify_shitty_reg_value "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" "DisableWindowsConsumerFeatures" 1
|
|
|
|
Write-Host "all done!"
|