From 79df17763a63c156d7ce8148e67fc94d633df9fa Mon Sep 17 00:00:00 2001 From: EzekialSA Date: Sun, 28 Sep 2025 11:59:28 -0500 Subject: [PATCH] Add DSC configurations for user interface, Windows features, and services; implement app installation and removal scripts - Created `DSC-UserInterfaceConfiguration.ps1` to manage user interface settings via registry changes. - Developed `DSC-WindowsFeatures.ps1` to install OpenSSH Client and enable NFS Client features. - Implemented `DSC-WindowsServices.ps1` to ensure Terminal Services are running and set to automatic startup. - Added `PS-InstallApps.ps1` to manage app installations and remove the msstore source if it exists. - Created `PS-RemoveApps.ps1` to remove unwanted apps, provisioned packages, and handle Office applications via winget. --- 1_Install.ps1 | 363 ++++++++----------- 2_ConfigUpdate.ps1 | 94 +---- DSC-EnvironmentVariables.ps1 | 89 +++++ DSC-FileOperations.ps1 | 256 ++++++++++++++ DSC-TelemetryPrivacySecurity.ps1 | 541 +++++++++++++++++++++++++++++ DSC-UserInterfaceConfiguration.ps1 | 464 +++++++++++++++++++++++++ DSC-WindowsFeatures.ps1 | 88 +++++ DSC-WindowsServices.ps1 | 26 ++ PS-InstallApps.ps1 | 13 + PS-RemoveApps.ps1 | 193 ++++++++++ winget.json | 75 ++-- 11 files changed, 1842 insertions(+), 360 deletions(-) create mode 100644 DSC-EnvironmentVariables.ps1 create mode 100644 DSC-FileOperations.ps1 create mode 100644 DSC-TelemetryPrivacySecurity.ps1 create mode 100644 DSC-UserInterfaceConfiguration.ps1 create mode 100644 DSC-WindowsFeatures.ps1 create mode 100644 DSC-WindowsServices.ps1 create mode 100644 PS-InstallApps.ps1 create mode 100644 PS-RemoveApps.ps1 diff --git a/1_Install.ps1 b/1_Install.ps1 index 2440a56..0b3ec63 100644 --- a/1_Install.ps1 +++ b/1_Install.ps1 @@ -1,3 +1,5 @@ +# === Admin Check === + # set-executionpolicy unrestricted # Check if running as administrator @@ -21,243 +23,158 @@ if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdent } Write-Host "Running with administrator privileges." -ForegroundColor Green - $uid = $Env:UserName # Get current username for use in paths Write-Host "Current user: $uid" -ForegroundColor Green -reg.exe add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve +# === PREREQUISITE CHECKS === -# Check and install OpenSSH Client if not already installed -$sshCapability = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" } -if ($sshCapability.State -ne "Installed") { - Write-Host "Installing OpenSSH Client..." -ForegroundColor Yellow - Add-WindowsCapability -Online -Name 'OpenSSH.Client~~~~0.0.1.0' -} else { - Write-Host "OpenSSH Client is already installed." -ForegroundColor Green +# Check if winget is installed +Write-Host "Checking winget installation..." -ForegroundColor Yellow +try { + $wingetVersion = winget --version + Write-Host "winget is installed: $wingetVersion" -ForegroundColor Green +} +catch { + Write-Error "winget is not installed or not accessible. Please install winget first." + Write-Host "You can install winget from the Microsoft Store (App Installer) or GitHub." -ForegroundColor Red + Write-Host "GitHub: https://github.com/microsoft/winget-cli/releases" -ForegroundColor Cyan + pause + exit 1 } -# Check and enable NFS features if not already enabled -$nfsClientOnly = Get-WindowsOptionalFeature -Online -FeatureName "ServicesForNFS-ClientOnly" -$nfsInfrastructure = Get-WindowsOptionalFeature -Online -FeatureName "ClientForNFS-Infrastructure" - -if ($nfsClientOnly.State -ne "Enabled" -or $nfsInfrastructure.State -ne "Enabled") { - Write-Host "Enabling NFS Client features..." -ForegroundColor Yellow - Enable-WindowsOptionalFeature -FeatureName ServicesForNFS-ClientOnly, ClientForNFS-Infrastructure -Online -NoRestart -} else { - Write-Host "NFS Client features are already enabled." -ForegroundColor Green -} - -# Check if msstore source exists before trying to remove it -$msstoreSource = winget source list | Select-String "msstore" -if ($msstoreSource) { - Write-Host "Removing msstore source..." -ForegroundColor Yellow - winget source remove msstore -} else { - Write-Host "msstore source is already removed or not found." -ForegroundColor Green -} - -winget import -i .\winget.json -winget pin add Discord.Discord - -#RDP Magic -Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -Set-Service -Name TermService -StartupType Automatic -Start-Service -Name TermService - - -# Remove unwanted Windows apps -Write-Host "Checking and removing unwanted Windows apps..." -ForegroundColor Yellow - -$appsToRemove = @( - "Microsoft.MicrosoftSolitaireCollection", # Solitaire - "Microsoft.MicrosoftOfficeHub", # Office preinstalls - "Microsoft.Windows.Photos", # Photos - "Microsoft.Copilot", # Copilot - "Microsoft.BingNews", # News - "Microsoft.BingWeather", # Weather - "Clipchamp.Clipchamp", # Clipchamp - "MSTeams", # Teams - "Microsoft.Todos", # To-Do - "Microsoft.WebMediaExtensions", # Media extensions - "Microsoft.WindowsMediaPlayer", # Legacy Media Player (if exists) - "Microsoft.ZuneMusic", # Music app - "Microsoft.ZuneVideo", # Movies & TV app (if exists) - "Microsoft.Media.Player", # New Windows Media Player (if exists) - "Microsoft.OutlookForWindows", # New Outlook app - "Microsoft.Office.OneNote", # OneNote (AppX version) - "Microsoft.MicrosoftOfficeHub", # Office Hub - "7EX16E2Z690YF.LinkedInforWindows", # LinkedIn (actual package name) - "LinkedIn.LinkedIn", # LinkedIn (alternative name) - "Microsoft.OneDrive" # OneDrive (if exists as app package) -) - -foreach ($app in $appsToRemove) { - $installedApp = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue - if ($installedApp) { - try { - Write-Host "Removing $app..." -ForegroundColor Red - Remove-AppxPackage -Package $installedApp.PackageFullName -ErrorAction Stop - Write-Host "Successfully removed $app" -ForegroundColor Green +# Install Microsoft DSC +Write-Host "Installing Microsoft DSC..." -ForegroundColor Yellow +try { + # Check if already installed + $dscInstalled = winget list --id Microsoft.DSC --exact 2>$null + if ($LASTEXITCODE -eq 0 -and $dscInstalled -match "Microsoft.DSC") { + Write-Host "Microsoft DSC is already installed." -ForegroundColor Green + } else { + Write-Host "Installing Microsoft DSC via winget..." -ForegroundColor Yellow + winget install Microsoft.DSC --silent --accept-source-agreements --accept-package-agreements + if ($LASTEXITCODE -eq 0) { + Write-Host "Microsoft DSC installed successfully." -ForegroundColor Green + } else { + Write-Warning "Failed to install Microsoft DSC. DSC configurations may not work properly." } - catch { - Write-Warning "Failed to remove $app`: $_" - } - } - else { - Write-Host "$app is not installed or already removed" -ForegroundColor Gray } } - -# Also remove for all users (provisioned packages) -Write-Host "Checking and removing provisioned app packages for all users..." -ForegroundColor Yellow - -foreach ($app in $appsToRemove) { - $provisionedApp = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $app } - if ($provisionedApp) { - try { - Write-Host "Removing provisioned package for $app..." -ForegroundColor Red - Remove-AppxProvisionedPackage -Online -PackageName $provisionedApp.PackageName -ErrorAction Stop - Write-Host "Successfully removed provisioned package for $app" -ForegroundColor Green - } - catch { - Write-Warning "Failed to remove provisioned package for $app`: $_" - } - } - else { - Write-Host "Provisioned package for $app is not found or already removed" -ForegroundColor Gray - } +catch { + Write-Warning "Failed to check/install Microsoft DSC: $_" } -Write-Host "App removal process completed." -ForegroundColor Green - -# Remove unwanted Office applications via winget -Write-Host "Checking and removing unwanted Office applications..." -ForegroundColor Yellow - -# Cache winget list to avoid multiple calls (it's slow) -Write-Host "Getting installed applications list (this may take a moment)..." -ForegroundColor Gray -$wingetList = winget list | Out-String - -$officeAppsToRemove = @( - "Microsoft.OneDrive", # OneDrive (if exists as winget package) - "OneNoteFreeRetail - en-us", # Microsoft OneNote - en-us - "OneNoteFreeRetail - es-es", # Microsoft OneNote - es-es - "OneNoteFreeRetail - fr-fr", # Microsoft OneNote - fr-fr - "OneNoteFreeRetail - pt-br", # Microsoft OneNote - pt-br - "O365HomePremRetail - en-us", # Microsoft 365 - en-us - "O365HomePremRetail - es-es", # Microsoft 365 - es-es - "O365HomePremRetail - fr-fr", # Microsoft 365 - fr-fr - "O365HomePremRetail - pt-br", # Microsoft 365 - pt-br - "Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe", # Feedback Hub - "Microsoft.BingSearch_8wekyb3d8bbwe", # Bing Search (if exists) - "Microsoft.OutlookForWindows_8wekyb3d8bbwe", # New Outlook (if exists) - "MicrosoftCorporationII.MicrosoftFamily_8wekyb3d8bbwe" # Microsoft Family (if exists) -) - -foreach ($app in $officeAppsToRemove) { - # Check if the app is installed using the cached winget list - $appFound = $wingetList -match [regex]::Escape($app) - - if ($appFound) { - try { - Write-Host "Removing $app..." -ForegroundColor Red - winget uninstall "$app" --silent --accept-source-agreements - if ($LASTEXITCODE -eq 0) { - Write-Host "Successfully removed $app" -ForegroundColor Green - } else { - Write-Warning "winget uninstall returned exit code $LASTEXITCODE for $app" - } +# Configure WinRM service for DSC +Write-Host "Configuring WinRM service..." -ForegroundColor Yellow +try { + # Start WinRM service + $winrmService = Get-Service -Name WinRM -ErrorAction SilentlyContinue + if ($winrmService) { + if ($winrmService.Status -ne "Running") { + Write-Host "Starting WinRM service..." -ForegroundColor Yellow + Start-Service WinRM + Write-Host "WinRM service started." -ForegroundColor Green + } else { + Write-Host "WinRM service is already running." -ForegroundColor Green } - catch { - Write-Warning "Failed to remove $app`: $_" - } - } - else { - Write-Host "$app is not installed or already removed" -ForegroundColor Gray - } -} - -Write-Host "Office application removal process completed." -ForegroundColor Green - -# Remove Edge Progressive Web Apps (PWAs) like LinkedIn -Write-Host "Checking and removing Edge Progressive Web Apps..." -ForegroundColor Yellow - -$edgePWAPath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Web Applications" -if (Test-Path $edgePWAPath) { - try { - $pwaFolders = Get-ChildItem -Path $edgePWAPath -Directory -ErrorAction SilentlyContinue - foreach ($folder in $pwaFolders) { - $manifestPath = Join-Path $folder.FullName "Manifest" - if (Test-Path $manifestPath) { - $manifestContent = Get-Content $manifestPath -Raw -ErrorAction SilentlyContinue - if ($manifestContent -match "linkedin" -or $manifestContent -match "LinkedIn") { - Write-Host "Found LinkedIn PWA, removing folder: $($folder.Name)" -ForegroundColor Red - Remove-Item -Path $folder.FullName -Recurse -Force -ErrorAction SilentlyContinue - Write-Host "Removed LinkedIn PWA" -ForegroundColor Green - } - } - } - } - catch { - Write-Warning "Failed to check Edge PWAs: $_" - } -} else { - Write-Host "Edge PWA directory not found" -ForegroundColor Gray -} - -Write-Host "Edge PWA removal process completed." -ForegroundColor Green - -# Font Install -Write-Host "Checking and installing fonts..." -ForegroundColor Yellow -$fontSourceFolder = ".\Fonts" -$fontDestFolder = "C:\Windows\Fonts" -$regPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Fonts" - -# Process each TTF file -Get-ChildItem -Path $fontSourceFolder -Filter "*.ttf" | ForEach-Object { - $fontFile = $_.FullName - $fontName = $_.BaseName - $destFile = Join-Path -Path $fontDestFolder -ChildPath $_.Name - $regName = "$fontName (TrueType)" - - # Check if font file already exists in destination - $fontExists = Test-Path -Path $destFile - - # Check if registry entry already exists - $regExists = $false - try { - $regValue = Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue - $regExists = ($regValue -ne $null) - } - catch { - $regExists = $false - } - - # Only install if font file doesn't exist or registry entry is missing - if (-not $fontExists -or -not $regExists) { - try { - Write-Host "Installing font: $($_.Name)..." -ForegroundColor Yellow - - # Copy font file if it doesn't exist - if (-not $fontExists) { - Copy-Item -Path $fontFile -Destination $destFile -Force - Write-Host " - Copied font file to Windows\Fonts" -ForegroundColor Green - } else { - Write-Host " - Font file already exists, skipping copy" -ForegroundColor Gray - } - - # Add/update registry entry if it doesn't exist - if (-not $regExists) { - New-ItemProperty -Path $regPath -Name $regName -Value $_.Name -PropertyType String -Force | Out-Null - Write-Host " - Added registry entry" -ForegroundColor Green - } else { - Write-Host " - Registry entry already exists, skipping" -ForegroundColor Gray - } - } - catch { - Write-Warning "Failed to install font $($_.Name): $_" + + # Set to automatic startup + if ($winrmService.StartType -ne "Automatic") { + Write-Host "Setting WinRM service to automatic startup..." -ForegroundColor Yellow + Set-Service WinRM -StartupType Automatic + Write-Host "WinRM service set to automatic startup." -ForegroundColor Green + } else { + Write-Host "WinRM service is already set to automatic startup." -ForegroundColor Green } } else { - Write-Host "Font $($_.Name) is already installed (file and registry entry exist)" -ForegroundColor Green + Write-Warning "WinRM service not found. DSC configurations may not work properly." } } +catch { + Write-Warning "Failed to configure WinRM service: $_" +} +# Clear any pending DSC configurations +Write-Host "Checking and clearing any pending DSC configurations..." -ForegroundColor Yellow +try { + # Force stop any running DSC operations + Write-Host "Stopping any active DSC operations..." -ForegroundColor Yellow + Stop-DscConfiguration -Force -ErrorAction SilentlyContinue + Start-Sleep -Seconds 3 + + # Check DSC status + $dscStatus = Get-DscLocalConfigurationManager -ErrorAction SilentlyContinue + if ($dscStatus) { + Write-Host "Current DSC LCM State: $($dscStatus.LCMState)" -ForegroundColor Cyan + + # If still not idle, try more aggressive cleanup + if ($dscStatus.LCMState -ne "Idle") { + Write-Host "Performing aggressive DSC cleanup..." -ForegroundColor Yellow + + # Try to cancel any pending operations + Stop-DscConfiguration -Force -ErrorAction SilentlyContinue + Start-Sleep -Seconds 2 + + # Remove any pending.mof files that might be causing issues + $pendingMof = "$env:SystemRoot\System32\Configuration\pending.mof" + $currentMof = "$env:SystemRoot\System32\Configuration\current.mof" + + if (Test-Path $pendingMof) { + Remove-Item $pendingMof -Force -ErrorAction SilentlyContinue + Write-Host "Removed pending.mof file." -ForegroundColor Green + } + + # Re-check status + Start-Sleep -Seconds 2 + $dscStatus = Get-DscLocalConfigurationManager -ErrorAction SilentlyContinue + Write-Host "Final DSC LCM State: $($dscStatus.LCMState)" -ForegroundColor Cyan + } + + if ($dscStatus.LCMState -eq "Idle") { + Write-Host "DSC is ready for new configurations." -ForegroundColor Green + } else { + Write-Warning "DSC may still be in pending state. Will use -Force parameter for configurations." + } + } +} +catch { + Write-Warning "Failed to check/clear DSC status: $_" + Write-Host "Will proceed with -Force parameter for DSC configurations." -ForegroundColor Yellow +} + +# === Install Features/Enable Services === + +$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path +Write-Host "Running Windows Features DSC configuration..." -ForegroundColor Yellow +& "$scriptDir\DSC-WindowsFeatures.ps1" + +Write-Host "Running Windows Services DSC configuration..." -ForegroundColor Yellow +& "$scriptDir\DSC-WindowsServices.ps1" + +# === Disable Telemetry === + +Write-Host "Running Telemetry, Privacy & Security DSC configuration..." -ForegroundColor Yellow +& "$scriptDir\DSC-TelemetryPrivacySecurity.ps1" + +# === Remove Apps === + +Write-Host "Running App Removal script..." -ForegroundColor Yellow +& "$scriptDir\PS-RemoveApps.ps1" + +# === Install Apps === + +Write-Host "Running App Installation script..." -ForegroundColor Yellow +& "$scriptDir\PS-InstallApps.ps1" + +# === Configure User Interface === + +Write-Host "Running User Interface DSC configuration..." -ForegroundColor Yellow +& "$scriptDir\DSC-UserInterfaceConfiguration.ps1" + +# === Configure Environment Variables === + +Write-Host "Running Environment Variables DSC configuration..." -ForegroundColor Yellow +& "$scriptDir\DSC-EnvironmentVariables.ps1" + +# === File Operations === +Write-Host "Running File Operations DSC configuration..." -ForegroundColor Yellow +& "$scriptDir\DSC-FileOperations.ps1" diff --git a/2_ConfigUpdate.ps1 b/2_ConfigUpdate.ps1 index d2519ae..675a292 100644 --- a/2_ConfigUpdate.ps1 +++ b/2_ConfigUpdate.ps1 @@ -27,7 +27,9 @@ $uid = $Env:UserName # Get the directory where this script is located $scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path -Copy-Item -Path "$scriptDir\FastStone" -Destination "C:\Users\$uid\AppData\Local\" -Recurse -Force +# Copy-Item -Path "$scriptDir\FastStone" -Destination "C:\Users\$uid\AppData\Local\" -Recurse -Force + +# === FIREFOX POLICIES AND USER.JS === # Define the Firefox installation directory $firefoxPath = "C:\Program Files\Mozilla Firefox" @@ -47,91 +49,7 @@ Copy-Item -Path $sourceFile -Destination $destinationFile -Force Write-Host "policies.json has been copied/replaced in the distribution folder." -$forgePath = "C:\ProgramData\miniforge3" -$forgeScriptsPath = "C:\ProgramData\miniforge3\Scripts" -$systemPathReference = [System.Environment]::GetEnvironmentVariable("Path", "Machine") - -# Check if the path already contains $forgePath -if (-not ($systemPathReference -split ";" | Where-Object { $_ -eq $forgePath })) { - # Append $forgePath to the existing path, with proper separation by semicolon - $newPath = $systemPathReference + ";" + $forgePath - [System.Environment]::SetEnvironmentVariable("Path", $newPath, "Machine") -} - -# Check if the path already contains $forgeScriptsPath -if (-not ($systemPathReference -split ";" | Where-Object { $_ -eq $forgeScriptsPath })) { - # Get the updated path (in case it was modified above) - $currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine") - # Append $forgeScriptsPath to the existing path, with proper separation by semicolon - $newPath = $currentPath + ";" + $forgeScriptsPath - [System.Environment]::SetEnvironmentVariable("Path", $newPath, "Machine") -} - -# Define the base Firefox profiles directory -$profilesDir = "$env:APPDATA\Mozilla\Firefox\Profiles" - -# Define the source user.js file -$sourceFile = "$scriptDir\Firefox\user.js" # Use absolute path based on script location - -# Check if the source file exists -if (-not (Test-Path -Path $sourceFile)) { - Write-Error "Source user.js file not found at $sourceFile" - exit -} - -# Loop through all subdirectories in the profiles folder -Get-ChildItem -Path $profilesDir -Directory | ForEach-Object { - $profilePath = $_.FullName - $destinationFile = Join-Path -Path $profilePath -ChildPath "user.js" - - # Copy the user.js file to the profile directory - Copy-Item -Path $sourceFile -Destination $destinationFile -Force - Write-Host "user.js has been placed in: $profilePath" -} - -Write-Host "Operation completed for all Firefox profiles." - - - -# Path to the CSV file -$csvFilePath = "$scriptDir\registry.csv" -$entries = Import-Csv -Path $csvFilePath - -foreach ($entry in $entries) { - # Trim fields to remove extra spaces - $registryPath = $entry.registryPath.Trim() - $propertyName = $entry.propertyName.Trim() - $propertyType = $entry.propertyType.Trim() - $propertyValue = $entry.propertyValue.Trim() - - # Validate required fields - if (-not $registryPath -or -not $propertyName -or -not $propertyType -or -not $propertyValue) { - Write-Warning "Skipping row with incomplete data: $($entry | Out-String)" - continue - } - - # Print debug info - #Write-Host "Processing: Path=$registryPath Name=$propertyName Type=$propertyType Value=$propertyValue" - - # Check if registry path exists, create if necessary - if (-not (Test-Path $registryPath)) { - try { - New-Item -Path $registryPath -Force | Out-Null - Write-Host "Created missing path: $registryPath" - } catch { - Write-Warning "Failed to create path: $registryPath. $_" - continue - } - } - - # Set the registry property - try { - Set-ItemProperty -Path $registryPath -Name $propertyName -Type $propertyType -Value $propertyValue - # Write-Host "Successfully set $propertyName in $registryPath to $propertyValue." - } catch { - Write-Warning "Failed to set $propertyName in $registryPath. $_" - } -} +# === ShareX Configs === # ShareX - Remove "Capture Entire Screen" shortcut Write-Host "Configuring ShareX shortcuts..." @@ -267,6 +185,8 @@ if ($shareXProcess -and (Test-Path -Path $shareXExePath)) { Write-Warning "Could not restart ShareX: Executable not found at $shareXExePath" } +# === XMouseButtonControl Configs === + # XMouseButtonControl - Replace configuration files Write-Host "Configuring XMouseButtonControl..." @@ -300,6 +220,8 @@ if (Test-Path -Path $sourceProfile) { Write-Warning "psymon's XMBC Settings.xmbcp not found in source directory" } +# === ENVIRONMENT VARIABLES AND PATH UPDATES === + # Update Windows hosts file with entries to block license servers Write-Host "Updating Windows hosts file..." diff --git a/DSC-EnvironmentVariables.ps1 b/DSC-EnvironmentVariables.ps1 new file mode 100644 index 0000000..9158794 --- /dev/null +++ b/DSC-EnvironmentVariables.ps1 @@ -0,0 +1,89 @@ +Configuration EnvironmentVariables { + Import-DscResource -ModuleName PSDesiredStateConfiguration + + Node localhost { + + # === MINIFORGE PYTHON ENVIRONMENT (from 2_ConfigUpdate.ps1) === + + # Add Miniforge3 base directory to PATH + Script AddMiniforgePath { + SetScript = { + $forgePath = "C:\ProgramData\miniforge3" + $currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + if (-not ($currentPath -split ";" | Where-Object { $_ -eq $forgePath })) { + $newPath = $currentPath + ";" + $forgePath + [System.Environment]::SetEnvironmentVariable("Path", $newPath, "Machine") + Write-Verbose "Added $forgePath to system PATH" + } + } + TestScript = { + $forgePath = "C:\ProgramData\miniforge3" + $currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + return ($currentPath -split ";" | Where-Object { $_ -eq $forgePath }).Count -gt 0 + } + GetScript = { + $forgePath = "C:\ProgramData\miniforge3" + $currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + $exists = ($currentPath -split ";" | Where-Object { $_ -eq $forgePath }).Count -gt 0 + return @{Result = "Miniforge path exists: $exists"} + } + } + + # Add Miniforge3 Scripts directory to PATH + Script AddMiniforgeScriptsPath { + SetScript = { + $forgeScriptsPath = "C:\ProgramData\miniforge3\Scripts" + $currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + if (-not ($currentPath -split ";" | Where-Object { $_ -eq $forgeScriptsPath })) { + $newPath = $currentPath + ";" + $forgeScriptsPath + [System.Environment]::SetEnvironmentVariable("Path", $newPath, "Machine") + Write-Verbose "Added $forgeScriptsPath to system PATH" + } + } + TestScript = { + $forgeScriptsPath = "C:\ProgramData\miniforge3\Scripts" + $currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + return ($currentPath -split ";" | Where-Object { $_ -eq $forgeScriptsPath }).Count -gt 0 + } + GetScript = { + $forgeScriptsPath = "C:\ProgramData\miniforge3\Scripts" + $currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + $exists = ($currentPath -split ";" | Where-Object { $_ -eq $forgeScriptsPath }).Count -gt 0 + return @{Result = "Miniforge Scripts path exists: $exists"} + } + DependsOn = "[Script]AddMiniforgePath" + } + + # Set Conda/Mamba environment variables + Environment SetCondaDefault { + Name = "CONDA_DEFAULT_ENV" + Value = "base" + Ensure = "Present" + } + Environment SetCondaEnvPrompt { + Name = "CONDA_PROMPT_MODIFIER" + Value = "(base) " + Ensure = "Present" + } + + # Python/Conda specific + Environment SetPythonPath { + Name = "PYTHONPATH" + Value = "C:\ProgramData\miniforge3\Lib\site-packages" + Ensure = "Present" + } + + Environment SetDeveloperMode { + Name = "DEVELOPER_MODE" + Value = "1" + Ensure = "Present" + } + } +} + +# Generate the MOF file +$outputPath = "$env:TEMP\DSC\EnvironmentVariables" +EnvironmentVariables -OutputPath $outputPath + +# Apply the configuration +Start-DscConfiguration -Path $outputPath -Wait -Verbose -Force \ No newline at end of file diff --git a/DSC-FileOperations.ps1 b/DSC-FileOperations.ps1 new file mode 100644 index 0000000..ed940a2 --- /dev/null +++ b/DSC-FileOperations.ps1 @@ -0,0 +1,256 @@ +Configuration FileOperations { + param( + [string]$ScriptDir + ) + + Import-DscResource -ModuleName PSDesiredStateConfiguration + + # Calculate paths outside of Script resources + $FontsPath = Join-Path $ScriptDir "Fonts" + $FastStonePath = Join-Path $ScriptDir "FastStone" + $FirefoxPath = Join-Path $ScriptDir "Firefox\policies.json" + $ShareXAppConfigPath = Join-Path $ScriptDir "ShareX\ApplicationConfig.json" + $ShareXHotkeysPath = Join-Path $ScriptDir "ShareX\HotkeysConfig.json" + $PowerToysPath = Join-Path $ScriptDir "PowerToys\settings_133974244713307595.ptb" + + Node localhost { + + # === FONT INSTALLATION === + + # Install all Unifont files using Script resource for dynamic paths + Script InstallUnifontFonts { + SetScript = { + $fontSourceFolder = $using:FontsPath + $fontDestFolder = "C:\Windows\Fonts" + $regPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Fonts" + + # List of font files to install + $fontFiles = @( + "unifont-15.1.05.ttf", + "unifont-all.ttf", + "unifont-smooth.ttf", + "unifont_csur-15.1.05.ttf", + "unifont_jp-15.1.05.ttf", + "unifont_upper-15.1.05.ttf" + ) + + foreach ($fontFile in $fontFiles) { + $sourcePath = Join-Path $fontSourceFolder $fontFile + $destPath = Join-Path $fontDestFolder $fontFile + $fontName = [System.IO.Path]::GetFileNameWithoutExtension($fontFile) + $regName = "$fontName (TrueType)" + + if (Test-Path $sourcePath) { + # Copy font file + if (-not (Test-Path $destPath)) { + Copy-Item -Path $sourcePath -Destination $destPath -Force + Write-Verbose "Copied font: $fontFile" + } + + # Register font in registry + try { + $regValue = Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue + if (-not $regValue) { + New-ItemProperty -Path $regPath -Name $regName -Value $fontFile -PropertyType String -Force | Out-Null + Write-Verbose "Registered font: $regName" + } + } + catch { + Write-Warning "Failed to register font $fontFile in registry: $_" + } + } else { + Write-Warning "Source font file not found: $sourcePath" + } + } + } + TestScript = { + $fontSourceFolder = $using:FontsPath + $fontDestFolder = "C:\Windows\Fonts" + $regPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Fonts" + + $fontFiles = @( + "unifont-15.1.05.ttf", + "unifont-all.ttf", + "unifont-smooth.ttf", + "unifont_csur-15.1.05.ttf", + "unifont_jp-15.1.05.ttf", + "unifont_upper-15.1.05.ttf" + ) + + $allInstalled = $true + foreach ($fontFile in $fontFiles) { + $sourcePath = Join-Path $fontSourceFolder $fontFile + $destPath = Join-Path $fontDestFolder $fontFile + $fontName = [System.IO.Path]::GetFileNameWithoutExtension($fontFile) + $regName = "$fontName (TrueType)" + + # Check if source exists (skip if not available) + if (Test-Path $sourcePath) { + # Check if font file exists and is registered + $fileExists = Test-Path $destPath + $regExists = $false + try { + $regValue = Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue + $regExists = ($regValue -ne $null) + } + catch { + $regExists = $false + } + + if (-not ($fileExists -and $regExists)) { + $allInstalled = $false + break + } + } + } + return $allInstalled + } + GetScript = { + $fontDestFolder = "C:\Windows\Fonts" + $installedFonts = Get-ChildItem "$fontDestFolder\unifont*.ttf" -ErrorAction SilentlyContinue + return @{Result = "Installed Unifont files: $($installedFonts.Count)"} + } + } + + # === APPLICATION CONFIGURATION DEPLOYMENTS === + + # Deploy FastStone Image Viewer configuration + Script DeployFastStoneConfig { + SetScript = { + $sourcePath = $using:FastStonePath + $uid = [System.Environment]::UserName + $destPath = "C:\Users\$uid\AppData\Local\FastStone" + + if (Test-Path $sourcePath) { + if (-not (Test-Path $destPath)) { + New-Item -ItemType Directory -Path (Split-Path $destPath) -Force | Out-Null + } + Copy-Item -Path $sourcePath -Destination "C:\Users\$uid\AppData\Local\" -Recurse -Force + Write-Verbose "Deployed FastStone configuration" + } + } + TestScript = { + $uid = [System.Environment]::UserName + $destPath = "C:\Users\$uid\AppData\Local\FastStone" + return (Test-Path $destPath) + } + GetScript = { + $uid = [System.Environment]::UserName + $destPath = "C:\Users\$uid\AppData\Local\FastStone" + return @{ + Result = if (Test-Path $destPath) { "Present" } else { "Absent" } + } + } + } + + # Deploy Firefox policies + Script DeployFirefoxPolicies { + SetScript = { + $sourceFile = $using:FirefoxPath + $firefoxPath = "C:\Program Files\Mozilla Firefox" + $distributionPath = Join-Path $firefoxPath "distribution" + $destinationFile = Join-Path $distributionPath "policies.json" + + if (Test-Path $sourceFile) { + if (-not (Test-Path $distributionPath)) { + New-Item -ItemType Directory -Path $distributionPath -Force | Out-Null + } + Copy-Item -Path $sourceFile -Destination $destinationFile -Force + Write-Verbose "Deployed Firefox policies" + } + } + TestScript = { + $firefoxPath = "C:\Program Files\Mozilla Firefox" + $distributionPath = Join-Path $firefoxPath "distribution" + $destinationFile = Join-Path $distributionPath "policies.json" + return (Test-Path $destinationFile) + } + GetScript = { + $firefoxPath = "C:\Program Files\Mozilla Firefox" + $distributionPath = Join-Path $firefoxPath "distribution" + $destinationFile = Join-Path $distributionPath "policies.json" + return @{ + Result = if (Test-Path $destinationFile) { "Present" } else { "Absent" } + } + } + } + + # Deploy ShareX configuration + Script DeployShareXConfig { + SetScript = { + $sourceConfigPath = $using:ShareXAppConfigPath + $sourceHotkeyPath = $using:ShareXHotkeysPath + $shareXSettingsDir = "$env:USERPROFILE\Documents\ShareX" + + if (-not (Test-Path $shareXSettingsDir)) { + New-Item -ItemType Directory -Path $shareXSettingsDir -Force | Out-Null + } + + if (Test-Path $sourceConfigPath) { + $destConfigPath = Join-Path $shareXSettingsDir "ApplicationConfig.json" + Copy-Item -Path $sourceConfigPath -Destination $destConfigPath -Force + Write-Verbose "Deployed ShareX ApplicationConfig.json" + } + + if (Test-Path $sourceHotkeyPath) { + $destHotkeyPath = Join-Path $shareXSettingsDir "HotkeysConfig.json" + Copy-Item -Path $sourceHotkeyPath -Destination $destHotkeyPath -Force + Write-Verbose "Deployed ShareX HotkeysConfig.json" + } + } + TestScript = { + $shareXSettingsDir = "$env:USERPROFILE\Documents\ShareX" + $configExists = Test-Path (Join-Path $shareXSettingsDir "ApplicationConfig.json") + $hotkeyExists = Test-Path (Join-Path $shareXSettingsDir "HotkeysConfig.json") + return ($configExists -and $hotkeyExists) + } + GetScript = { + $shareXSettingsDir = "$env:USERPROFILE\Documents\ShareX" + $configExists = Test-Path (Join-Path $shareXSettingsDir "ApplicationConfig.json") + $hotkeyExists = Test-Path (Join-Path $shareXSettingsDir "HotkeysConfig.json") + return @{ + Result = if ($configExists -and $hotkeyExists) { "Present" } else { "Absent" } + } + } + } + + # Deploy PowerToys settings + Script DeployPowerToysSettings { + SetScript = { + $sourceFile = $using:PowerToysPath + $powerToysSettingsDir = "$env:LOCALAPPDATA\Microsoft\PowerToys" + + if (-not (Test-Path $powerToysSettingsDir)) { + New-Item -ItemType Directory -Path $powerToysSettingsDir -Force | Out-Null + } + + if (Test-Path $sourceFile) { + $destFile = Join-Path $powerToysSettingsDir "settings.ptb" + Copy-Item -Path $sourceFile -Destination $destFile -Force + Write-Verbose "Deployed PowerToys settings" + } + } + TestScript = { + $powerToysSettingsDir = "$env:LOCALAPPDATA\Microsoft\PowerToys" + $settingsFile = Join-Path $powerToysSettingsDir "settings.ptb" + return (Test-Path $settingsFile) + } + GetScript = { + $powerToysSettingsDir = "$env:LOCALAPPDATA\Microsoft\PowerToys" + $settingsFile = Join-Path $powerToysSettingsDir "settings.ptb" + return @{ + Result = if (Test-Path $settingsFile) { "Present" } else { "Absent" } + } + } + } + + } +} + +# Generate the MOF file +$outputPath = "$env:TEMP\DSC\FileOperations" +$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path +FileOperations -ScriptDir $scriptDir -OutputPath $outputPath + +# Apply the configuration +Start-DscConfiguration -Path $outputPath -Wait -Verbose -Force \ No newline at end of file diff --git a/DSC-TelemetryPrivacySecurity.ps1 b/DSC-TelemetryPrivacySecurity.ps1 new file mode 100644 index 0000000..99b84a5 --- /dev/null +++ b/DSC-TelemetryPrivacySecurity.ps1 @@ -0,0 +1,541 @@ +Configuration TelemetryPrivacySecurity { + Import-DscResource -ModuleName PSDesiredStateConfiguration + + Node localhost { + + # === TELEMETRY & DATA COLLECTION === + + # Disable Windows Telemetry + Registry DisableTelemetry1 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" + ValueName = "AllowTelemetry" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableTelemetry2 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" + ValueName = "MaxTelemetryAllowed" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableTelemetry3 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" + ValueName = "AllowTelemetry" + ValueType = "DWord" + ValueData = "0" + } + + # Disable Application Compatibility Telemetry + Registry DisableAppCompatTelemetry { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat" + ValueName = "AITEnable" + ValueType = "DWord" + ValueData = "0" + } + + # Disable Edge UI MFU Tracking + Registry DisableEdgeMFUTracking { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\EdgeUI" + ValueName = "DisableMFUTracking" + ValueType = "DWord" + ValueData = "1" + } + + # Disable TIPC (Text Input Panel Component) + Registry DisableTIPC { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Input\TIPC" + ValueName = "Enabled" + ValueType = "DWord" + ValueData = "0" + } + + # Disable System Instrumentation + Registry DisableInstrumentation1 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" + ValueName = "NoInstrumentation" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableInstrumentation2 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" + ValueName = "NoInstrumentation" + ValueType = "DWord" + ValueData = "1" + } + + # Disable Handwriting Error Reports + Registry DisableHandwritingErrorReports { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports" + ValueName = "PreventHandwritingErrorReports" + ValueType = "DWord" + ValueData = "1" + } + + # Disable Input Personalization Data Collection + Registry DisableImplicitInkCollection1 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\InputPersonalization" + ValueName = "RestrictImplicitInkCollection" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableImplicitInkCollection2 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization" + ValueName = "RestrictImplicitInkCollection" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableImplicitTextCollection { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization" + ValueName = "RestrictImplicitTextCollection" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableHarvestContacts { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" + ValueName = "HarvestContacts" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisablePrivacyPolicy { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" + ValueName = "AcceptedPrivacyPolicy" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableLinguisticDataCollection { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput" + ValueName = "AllowLinguisticDataCollection" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableFeedbackNotifications { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" + ValueName = "DoNotShowFeedbackNotifications" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableDeviceNameTelemetry { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" + ValueName = "AllowDeviceNameInTelemetry" + ValueType = "DWord" + ValueData = "0" + } + + # Disable Error Reporting + Registry DisableErrorReporting1 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\PCHealth\ErrorReporting" + ValueName = "DoReport" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableErrorReporting2 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\PCHealth\ErrorReporting" + ValueName = "ShowUI" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableErrorReporting3 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting" + ValueName = "DoReport" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableErrorReporting4 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting" + ValueName = "ShowUI" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableStorageTelemetry { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl\StorageTelemetry" + ValueName = "DeviceDumpEnabled" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableAccountNotifications1 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications" + ValueName = "DisableAccountNotifications" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableAccountNotifications2 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" + ValueName = "Start_AccountNotifications" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableConnectedUser { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" + ValueName = "NoConnectedUser" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableScoobeSystemSetting { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement" + ValueName = "ScoobeSystemSettingEnabled" + ValueType = "DWord" + ValueData = "0" + } + + # === PRIVACY & LOCATION SERVICES === + + # Disable Location Services + Registry DisableLocationService { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" + ValueName = "Status" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableLocationMachine { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" + ValueName = "Value" + ValueType = "String" + ValueData = "Deny" + } + + Registry DisableLocationUser { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" + ValueName = "Value" + ValueType = "String" + ValueData = "Deny" + } + + Registry DisableLocationNonPackaged { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\NonPackaged" + ValueName = "Value" + ValueType = "String" + ValueData = "Deny" + } + + Registry DisableLocationCamera { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Microsoft.WindowsCamera_8wekyb3d8bbwe" + ValueName = "Value" + ValueType = "String" + ValueData = "Deny" + } + + Registry DisableLocationOverride { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CPSS\Store\UserLocationOverridePrivacySetting" + ValueName = "Value" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableLocationWeather { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Microsoft.BingWeather_8wekyb3d8bbwe" + ValueName = "Value" + ValueType = "String" + ValueData = "Deny" + } + + # === SEARCH & CORTANA === + + # Disable Bing Search + Registry DisableBingSearch { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" + ValueName = "BingSearchEnabled" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableSearchBoxSuggestions { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" + ValueName = "DisableSearchBoxSuggestions" + ValueType = "DWord" + ValueData = "1" + } + + # Disable Cloud Search + Registry DisableCloudSearch { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" + ValueName = "AllowCloudSearch" + ValueType = "DWord" + ValueData = "0" + } + + # Disable Cortana + Registry DisableCortana1 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" + ValueName = "AllowCortana" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableCortana2 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" + ValueName = "AllowCortanaAboveLock" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableCortana3 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" + ValueName = "CortanaEnabled" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableCortana4 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" + ValueName = "CortanaConsent" + ValueType = "DWord" + ValueData = "0" + } + + # === SECURITY === + + # Disable SmartScreen + Registry DisableSmartScreen { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" + ValueName = "SmartScreenEnabled" + ValueType = "String" + ValueData = "Off" + } + + Registry DisableEdgePhishingFilter { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" + ValueName = "EnabledV9" + ValueType = "DWord" + ValueData = "0" + } + + # Disable Active Help + Registry DisableActiveHelp { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Assistance\Client\1.0" + ValueName = "NoActiveHelp" + ValueType = "DWord" + ValueData = "1" + } + + # Configure Zone Information for attachments + Registry SaveZoneInformation { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" + ValueName = "SaveZoneInformation" + ValueType = "DWord" + ValueData = "1" + } + + Registry LowRiskFileTypes { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" + ValueName = "LowRiskFileTypes" + ValueType = "String" + ValueData = ".zip;.rar;.7z" + } + + # Configure Trusted Sites + Registry TrustedSite1 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\192.168.100.5" + ValueName = "*" + ValueType = "DWord" + ValueData = "1" + } + + Registry TrustedSite2 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\callisto.andrewspolytechnic.com" + ValueName = "*" + ValueType = "DWord" + ValueData = "1" + } + + # Disable UAC prompts for Admin + Registry DisableUACPrompt { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" + ValueName = "ConsentPromptBehaviorAdmin" + ValueType = "DWord" + ValueData = "0" + } + + # === CONSUMER FEATURES & CONTENT DELIVERY === + + # Disable Windows Consumer Features + Registry DisableConsumerFeatures { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" + ValueName = "DisableWindowsConsumerFeatures" + ValueType = "DWord" + ValueData = "1" + } + + # Disable Content Delivery Manager Features + Registry DisableSilentInstalledApps { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" + ValueName = "SilentInstalledAppsEnabled" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableSubscribedContent { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" + ValueName = "SubscribedContent-338388Enabled" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableOemPreInstalledApps { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" + ValueName = "OemPreInstalledAppsEnabled" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisablePreInstalledApps { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" + ValueName = "PreInstalledAppsEnabled" + ValueType = "DWord" + ValueData = "0" + } + + # === NVIDIA TELEMETRY === + + Registry DisableNvidiaOptIn { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client" + ValueName = "OptInOrOutPreference" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableNvidiaRID1 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS" + ValueName = "EnableRID44231" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableNvidiaRID2 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS" + ValueName = "EnableRID64640" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableNvidiaRID3 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS" + ValueName = "EnableRID66610" + ValueType = "DWord" + ValueData = "0" + } + + Registry DisableNvTelemetryContainer { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Services\NvTelemetryContainer" + ValueName = "Start" + ValueType = "DWord" + ValueData = "4" + } + + # === DISABLE THUMBNAILS ON NETWORK === + + Registry DisableThumbsDB1 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows" + ValueName = "DisableThumbsDBOnNetworkFolders" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableThumbsDB2 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" + ValueName = "DisableThumbsDBOnNetworkFolders" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableThumbsDB3 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" + ValueName = "DisableThumbsDBOnNetworkFolders" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisableThumbnailCache { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" + ValueName = "NoThumbnailCache" + ValueType = "DWord" + ValueData = "1" + } + } +} + +# Generate the MOF file +TelemetryPrivacySecurity -OutputPath "\temp\DSC\TelemetryPrivacySecurity" + +# Apply the configuration +Start-DscConfiguration -Path "\temp\DSC\TelemetryPrivacySecurity" -Wait -Verbose -Force \ No newline at end of file diff --git a/DSC-UserInterfaceConfiguration.ps1 b/DSC-UserInterfaceConfiguration.ps1 new file mode 100644 index 0000000..0447213 --- /dev/null +++ b/DSC-UserInterfaceConfiguration.ps1 @@ -0,0 +1,464 @@ +Configuration UserInterfaceConfiguration { + Import-DscResource -ModuleName PSDesiredStateConfiguration + + Node localhost { + + # === TASKBAR WIDGETS === + + # Disable Taskbar Widgets (Windows 11) + Registry DisableTaskbarWidgets { + Ensure = "Present" + Key = "HKCU:\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" + ValueName = "(Default)" + ValueType = "String" + ValueData = "" + } + + # === KEYBOARD & INPUT SETTINGS === + + # Disable Print Screen key for Snipping Tool + Registry DisablePrintScreenSnipping { + Ensure = "Present" + Key = "HKCU:\Control Panel\Keyboard" + ValueName = "PrintScreenKeyForSnippingEnabled" + ValueType = "DWord" + ValueData = "0" + } + + # Configure Sticky Keys + Registry ConfigureStickyKeys { + Ensure = "Present" + Key = "HKCU:\Control Panel\Accessibility\StickyKeys" + ValueName = "Flags" + ValueType = "String" + ValueData = "506" + } + + # Configure Keyboard Response + Registry ConfigureKeyboardResponse { + Ensure = "Present" + Key = "HKCU:\Control Panel\Accessibility\Keyboard Response" + ValueName = "Flags" + ValueType = "String" + ValueData = "122" + } + + # === EXPLORER SETTINGS === + + # Disable Cloud Files in Quick Access + Registry DisableCloudFilesQuickAccess { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" + ValueName = "ShowCloudFilesInQuickAccess" + ValueType = "DWord" + ValueData = "0" + } + + # Disable Frequent folders + Registry DisableShowFrequent { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" + ValueName = "ShowFrequent" + ValueType = "DWord" + ValueData = "0" + } + + # Disable Recent files + Registry DisableShowRecent { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" + ValueName = "ShowRecent" + ValueType = "DWord" + ValueData = "0" + } + + # Open File Explorer to This PC + Registry LaunchToThisPC { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" + ValueName = "LaunchTo" + ValueType = "DWord" + ValueData = "1" + } + + # Show file extensions + Registry ShowFileExtensions { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" + ValueName = "HideFileExt" + ValueType = "DWord" + ValueData = "0" + } + + # Show hidden files + Registry ShowHiddenFiles { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" + ValueName = "Hidden" + ValueType = "DWord" + ValueData = "1" + } + + # Disable AutoComplete append completion + Registry DisableAutoCompleteAppend { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete" + ValueName = "Append Completion" + ValueType = "String" + ValueData = "no" + } + + # Hide Recently Added Apps + Registry HideRecentlyAddedApps { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" + ValueName = "HideRecentlyAddedApps" + ValueType = "DWord" + ValueData = "1" + } + + # === TASKBAR SETTINGS === + + # Set Taskbar alignment to left + Registry TaskbarAlignLeft { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\microsoft\windows\currentversion\explorer\advanced" + ValueName = "TaskbarAl" + ValueType = "DWord" + ValueData = "0" + } + + # Hide Search box from taskbar + Registry HideSearchBox { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" + ValueName = "SearchboxTaskbarMode" + ValueType = "DWord" + ValueData = "0" + } + + # Hide Meet Now button + Registry HideMeetNow1 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" + ValueName = "HideSCAMeetNow" + ValueType = "DWord" + ValueData = "1" + } + + Registry HideMeetNow2 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" + ValueName = "HideSCAMeetNow" + ValueType = "DWord" + ValueData = "1" + } + + # Disable News and Interests + Registry DisableNewsAndInterests { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Dsh" + ValueName = "AllowNewsAndInterests" + ValueType = "DWord" + ValueData = "0" + } + + # Hide People Bar + Registry HidePeopleBar1 { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" + ValueName = "HidePeopleBar" + ValueType = "DWord" + ValueData = "1" + } + + Registry HidePeopleBar2 { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" + ValueName = "HidePeopleBar" + ValueType = "DWord" + ValueData = "1" + } + + Registry DisablePeopleBand { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" + ValueName = "PeopleBand" + ValueType = "DWord" + ValueData = "0" + } + + # Disable Windows Feeds + Registry DisableWindowsFeeds { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" + ValueName = "EnableFeeds" + ValueType = "DWord" + ValueData = "0" + } + + # === THEME & APPEARANCE === + + # Set Dark theme for apps + Registry DarkThemeApps { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" + ValueName = "AppsUseLightTheme" + ValueType = "DWord" + ValueData = "0" + } + + # Set Dark theme for system + Registry DarkThemeSystem { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" + ValueName = "SystemUsesLightTheme" + ValueType = "DWord" + ValueData = "0" + } + + # Enable transparency effects + Registry EnableTransparency { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" + ValueName = "EnableTransparency" + ValueType = "DWord" + ValueData = "1" + } + + # === REMOTE DESKTOP SETTINGS === + + # Enable Remote Desktop + Registry EnableRDP1 { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" + ValueName = "fDenyTSConnections" + ValueType = "DWord" + ValueData = "0" + } + + Registry EnableRDP2 { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" + ValueName = "fSingleSessionPerUser" + ValueType = "DWord" + ValueData = "0" + } + + Registry EnableTermService { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Services\TermService" + ValueName = "Start" + ValueType = "DWord" + ValueData = "2" + } + + Registry EnableRDPWD { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Services\RDPWD" + ValueName = "Start" + ValueType = "DWord" + ValueData = "2" + } + + Registry EnableRDPTcp { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Services\RDP-Tcp" + ValueName = "Start" + ValueType = "DWord" + ValueData = "2" + } + + Registry EnableRDPPolicy { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" + ValueName = "fDenyTSConnections" + ValueType = "DWord" + ValueData = "0" + } + + # === MPC-HC MEDIA PLAYER SETTINGS === + + Registry MPCHCKeepHistory { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "KeepHistory" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCRememberFilePos { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "RememberFilePos" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCRememberPosAudio { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "RememberPosForAudioFiles" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCAfterPlayback { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "AfterPlayback" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCRememberWindowPos { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "RememberWindowPos" + ValueType = "DWord" + ValueData = "1" + } + + Registry MPCHCRememberWindowSize { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "RememberWindowSize" + ValueType = "DWord" + ValueData = "1" + } + + Registry MPCHCLoopFolder { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "LoopFolderOnPlayNextFile" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCLockNoPause { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "LockNoPause" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCPreventDisplaySleep { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "PreventDisplaySleep" + ValueType = "DWord" + ValueData = "1" + } + + Registry MPCHCShufflePlaylist { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "ShufflePlaylistItems" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCRememberPlaylist { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "RememberPlaylistItems" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCHidePlaylistFullScreen { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "HidePlaylistFullScreen" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCLoop { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "Loop" + ValueType = "DWord" + ValueData = "1" + } + + Registry MPCHCUpdaterAutoCheck { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "UpdaterAutoCheck" + ValueType = "DWord" + ValueData = "0" + } + + Registry MPCHCUpdaterDelay { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings" + ValueName = "UpdaterDelay" + ValueType = "DWord" + ValueData = "0" + } + + # === NETWORK SETTINGS === + + # TCP Window Size optimization + Registry TcpWindowSize { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" + ValueName = "TcpWindowSize" + ValueType = "DWord" + ValueData = "16711680" + } + + Registry GlobalMaxTcpWindowSize { + Ensure = "Present" + Key = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" + ValueName = "GlobalMaxTcpWindowSize" + ValueType = "DWord" + ValueData = "16711680" + } + + # === APPLICATION SETTINGS === + + # ShareX Settings + Registry ShareXDisableUpdateCheck { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\ShareX" + ValueName = "DisableUpdateCheck" + ValueType = "DWord" + ValueData = "1" + } + + Registry ShareXDisableUpload { + Ensure = "Present" + Key = "HKLM:\SOFTWARE\ShareX" + ValueName = "DisableUpload" + ValueType = "DWord" + ValueData = "1" + } + + # Firefox Default Search Engine + Registry FirefoxDefaultSearch { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\Policies\Mozilla\Firefox\SearchEngines" + ValueName = "Default" + ValueType = "String" + ValueData = "DuckDuckGo" + } + + # ACDSee Settings + Registry ACDSeeSettings { + Ensure = "Present" + Key = "HKCU:\SOFTWARE\ACD Systems\LUXEA Pro\080\LClient" + ValueName = "cod" + ValueType = "DWord" + ValueData = "1" + } + } +} + +# Generate the MOF file +UserInterfaceConfiguration -OutputPath "\temp\DSC\UserInterfaceConfiguration" + +# Apply the configuration +Start-DscConfiguration -Path "\temp\DSC\UserInterfaceConfiguration" -Wait -Verbose -Force \ No newline at end of file diff --git a/DSC-WindowsFeatures.ps1 b/DSC-WindowsFeatures.ps1 new file mode 100644 index 0000000..cb7068c --- /dev/null +++ b/DSC-WindowsFeatures.ps1 @@ -0,0 +1,88 @@ +Configuration WindowsFeatures { + Import-DscResource -ModuleName PSDesiredStateConfiguration + + Node localhost { + + # === WINDOWS CAPABILITIES === + + # Install OpenSSH Client + Script InstallOpenSSHClient { + SetScript = { + $capability = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" } + if ($capability.State -ne "Installed") { + Add-WindowsCapability -Online -Name 'OpenSSH.Client~~~~0.0.1.0' + } + } + TestScript = { + $capability = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" } + return ($capability.State -eq "Installed") + } + GetScript = { + $capability = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" } + return @{Result = "OpenSSH Client State: $($capability.State)"} + } + } + + # === WINDOWS OPTIONAL FEATURES === + + # Enable NFS Client features + Script EnableNFSClientOnly { + SetScript = { + $feature = Get-WindowsOptionalFeature -Online -FeatureName "ServicesForNFS-ClientOnly" + if ($feature.State -ne "Enabled") { + Enable-WindowsOptionalFeature -FeatureName "ServicesForNFS-ClientOnly" -Online -NoRestart + } + } + TestScript = { + $feature = Get-WindowsOptionalFeature -Online -FeatureName "ServicesForNFS-ClientOnly" + return ($feature.State -eq "Enabled") + } + GetScript = { + $feature = Get-WindowsOptionalFeature -Online -FeatureName "ServicesForNFS-ClientOnly" + return @{Result = "NFS ClientOnly State: $($feature.State)"} + } + } + + Script EnableNFSInfrastructure { + SetScript = { + $feature = Get-WindowsOptionalFeature -Online -FeatureName "ClientForNFS-Infrastructure" + if ($feature.State -ne "Enabled") { + Enable-WindowsOptionalFeature -FeatureName "ClientForNFS-Infrastructure" -Online -NoRestart + } + } + TestScript = { + $feature = Get-WindowsOptionalFeature -Online -FeatureName "ClientForNFS-Infrastructure" + return ($feature.State -eq "Enabled") + } + GetScript = { + $feature = Get-WindowsOptionalFeature -Online -FeatureName "ClientForNFS-Infrastructure" + return @{Result = "NFS Infrastructure State: $($feature.State)"} + } + } + + # === FIREWALL RULES === + + # Enable Remote Desktop firewall rules + Script EnableRDPFirewall { + SetScript = { + Enable-NetFirewallRule -DisplayGroup "Remote Desktop" + } + TestScript = { + $rules = Get-NetFirewallRule -DisplayGroup "Remote Desktop" | Where-Object {$_.Enabled -eq $false} + return ($rules.Count -eq 0) + } + GetScript = { + $rules = Get-NetFirewallRule -DisplayGroup "Remote Desktop" + $enabledCount = ($rules | Where-Object {$_.Enabled -eq $true}).Count + return @{Result = "RDP Firewall Rules Enabled: $enabledCount of $($rules.Count)"} + } + } + + } +} + +# Generate the MOF file +WindowsFeatures -OutputPath "\temp\DSC\WindowsFeatures" + +# Apply the configuration +Start-DscConfiguration -Path "\temp\DSC\WindowsFeatures" -Wait -Verbose -Force \ No newline at end of file diff --git a/DSC-WindowsServices.ps1 b/DSC-WindowsServices.ps1 new file mode 100644 index 0000000..a933ae8 --- /dev/null +++ b/DSC-WindowsServices.ps1 @@ -0,0 +1,26 @@ +Configuration WindowsServices { + Import-DscResource -ModuleName PSDesiredStateConfiguration + + Node localhost { + + # === REMOTE DESKTOP SERVICES === + + # Enable Terminal Services (Remote Desktop) + Service TerminalServices { + Name = "TermService" + State = "Running" + StartupType = "Automatic" + } + + # === ADDITIONAL SERVICES CONFIGURATION === + + # Note: Other services from the registry.csv could be added here + # if they were service-related rather than registry-based + } +} + +# Generate the MOF file +WindowsServices -OutputPath "\temp\DSC\WindowsServices" + +# Apply the configuration +Start-DscConfiguration -Path "\temp\DSC\WindowsServices" -Wait -Verbose -Force \ No newline at end of file diff --git a/PS-InstallApps.ps1 b/PS-InstallApps.ps1 new file mode 100644 index 0000000..35e5b4f --- /dev/null +++ b/PS-InstallApps.ps1 @@ -0,0 +1,13 @@ +# Check if msstore source exists before trying to remove it +$msstoreSource = winget source list | Select-String "msstore" +if ($msstoreSource) { + Write-Host "Removing msstore source..." -ForegroundColor Yellow + winget source remove msstore +} else { + Write-Host "msstore source is already removed or not found." -ForegroundColor Green +} + +winget import -i .\winget.json +winget pin add Discord.Discord +winget pin add Brave.Brave + diff --git a/PS-RemoveApps.ps1 b/PS-RemoveApps.ps1 new file mode 100644 index 0000000..957b86d --- /dev/null +++ b/PS-RemoveApps.ps1 @@ -0,0 +1,193 @@ +# === Admin Check === + +# set-executionpolicy unrestricted + +# Check if running as administrator +if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { + Write-Host "This script requires administrator privileges. Attempting to restart as administrator..." -ForegroundColor Yellow + + # Get the current script path + $scriptPath = $MyInvocation.MyCommand.Path + + # Restart the script with administrator privileges + try { + Start-Process PowerShell -Verb RunAs -ArgumentList "-ExecutionPolicy Bypass -File `"$scriptPath`"" + exit + } + catch { + Write-Error "Failed to restart as administrator. Please run this script as administrator manually." + Write-Host "Right-click on PowerShell and select 'Run as administrator', then run this script again." -ForegroundColor Red + pause + exit 1 + } +} + +Write-Host "Running with administrator privileges." -ForegroundColor Green +$uid = $Env:UserName # Get current username for use in paths +Write-Host "Current user: $uid" -ForegroundColor Green + +# === Install Features/Enable Services === + +$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path +powershell "$scriptDir\DSC-WindowsFeatures.ps1" +powershell "$scriptDir\DSC-WindowsServices.ps1" + +# === Disable Telemetry === + +powershell "$scriptDir\DSC-TelemetryPrivacySecurity.ps1" + +# === Remove Apps === + +$appsToRemove = @( + "Microsoft.MicrosoftSolitaireCollection", # Solitaire + "Microsoft.MicrosoftOfficeHub", # Office preinstalls + "Microsoft.Windows.Photos", # Photos + "Microsoft.Copilot", # Copilot + "Microsoft.BingNews", # News + "Microsoft.BingWeather", # Weather + "Clipchamp.Clipchamp", # Clipchamp + "MSTeams", # Teams + "Microsoft.Todos", # To-Do + "Microsoft.WebMediaExtensions", # Media extensions + "Microsoft.WindowsMediaPlayer", # Legacy Media Player (if exists) + "Microsoft.ZuneMusic", # Music app + "Microsoft.ZuneVideo", # Movies & TV app (if exists) + "Microsoft.Media.Player", # New Windows Media Player (if exists) + "Microsoft.OutlookForWindows", # New Outlook app + "Microsoft.Office.OneNote", # OneNote (AppX version) + "Microsoft.MicrosoftOfficeHub", # Office Hub + "7EX16E2Z690YF.LinkedInforWindows", # LinkedIn (actual package name) + "LinkedIn.LinkedIn", # LinkedIn (alternative name) + "Microsoft.OneDrive" # OneDrive (if exists as app package) +) + +foreach ($app in $appsToRemove) { + $installedApp = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue + if ($installedApp) { + try { + Write-Host "Removing $app..." -ForegroundColor Red + Remove-AppxPackage -Package $installedApp.PackageFullName -ErrorAction Stop + Write-Host "Successfully removed $app" -ForegroundColor Green + } + catch { + Write-Warning "Failed to remove $app`: $_" + } + } + else { + Write-Host "$app is not installed or already removed" -ForegroundColor Gray + } +} + +# === Remove Provisioned Packages === + +Write-Host "Checking and removing provisioned app packages for all users..." -ForegroundColor Yellow + +foreach ($app in $appsToRemove) { + $provisionedApp = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $app } + if ($provisionedApp) { + try { + Write-Host "Removing provisioned package for $app..." -ForegroundColor Red + Remove-AppxProvisionedPackage -Online -PackageName $provisionedApp.PackageName -ErrorAction Stop + Write-Host "Successfully removed provisioned package for $app" -ForegroundColor Green + } + catch { + Write-Warning "Failed to remove provisioned package for $app`: $_" + } + } + else { + Write-Host "Provisioned package for $app is not found or already removed" -ForegroundColor Gray + } +} + +Write-Host "App removal process completed." -ForegroundColor Green + +# Remove unwanted Office applications via winget +Write-Host "Checking and removing unwanted Office applications..." -ForegroundColor Yellow + +# Cache winget list to avoid multiple calls (it's slow) +Write-Host "Getting installed applications list (this may take a moment)..." -ForegroundColor Gray +$wingetList = winget list | Out-String + +$officeAppsToRemove = @( + "Microsoft.OneDrive", # OneDrive (if exists as winget package) + "OneNoteFreeRetail - en-us", # Microsoft OneNote - en-us + "OneNoteFreeRetail - es-es", # Microsoft OneNote - es-es + "OneNoteFreeRetail - fr-fr", # Microsoft OneNote - fr-fr + "OneNoteFreeRetail - pt-br", # Microsoft OneNote - pt-br + "O365HomePremRetail - en-us", # Microsoft 365 - en-us + "O365HomePremRetail - es-es", # Microsoft 365 - es-es + "O365HomePremRetail - fr-fr", # Microsoft 365 - fr-fr + "O365HomePremRetail - pt-br", # Microsoft 365 - pt-br + "Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe", # Feedback Hub + "Microsoft.BingSearch_8wekyb3d8bbwe", # Bing Search (if exists) + "Microsoft.OutlookForWindows_8wekyb3d8bbwe", # New Outlook (if exists) + "MicrosoftCorporationII.MicrosoftFamily_8wekyb3d8bbwe" # Microsoft Family (if exists) +) + +foreach ($app in $officeAppsToRemove) { + # Check if the app is installed using the cached winget list + $appFound = $wingetList -match [regex]::Escape($app) + + if ($appFound) { + try { + Write-Host "Removing $app..." -ForegroundColor Red + winget uninstall "$app" --silent --accept-source-agreements + if ($LASTEXITCODE -eq 0) { + Write-Host "Successfully removed $app" -ForegroundColor Green + } else { + Write-Warning "winget uninstall returned exit code $LASTEXITCODE for $app" + } + } + catch { + Write-Warning "Failed to remove $app`: $_" + } + } + else { + Write-Host "$app is not installed or already removed" -ForegroundColor Gray + } +} + +Write-Host "Office application removal process completed." -ForegroundColor Green + +# Remove Edge Progressive Web Apps (PWAs) like LinkedIn +Write-Host "Checking and removing Edge Progressive Web Apps..." -ForegroundColor Yellow + +$edgePWAPath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Web Applications" +if (Test-Path $edgePWAPath) { + try { + $pwaFolders = Get-ChildItem -Path $edgePWAPath -Directory -ErrorAction SilentlyContinue + foreach ($folder in $pwaFolders) { + $manifestPath = Join-Path $folder.FullName "Manifest" + if (Test-Path $manifestPath) { + $manifestContent = Get-Content $manifestPath -Raw -ErrorAction SilentlyContinue + if ($manifestContent -match "linkedin" -or $manifestContent -match "LinkedIn") { + Write-Host "Found LinkedIn PWA, removing folder: $($folder.Name)" -ForegroundColor Red + Remove-Item -Path $folder.FullName -Recurse -Force -ErrorAction SilentlyContinue + Write-Host "Removed LinkedIn PWA" -ForegroundColor Green + } + } + } + } + catch { + Write-Warning "Failed to check Edge PWAs: $_" + } +} else { + Write-Host "Edge PWA directory not found" -ForegroundColor Gray +} + +Write-Host "Edge PWA removal process completed." -ForegroundColor Green + +# Check if msstore source exists before trying to remove it +$msstoreSource = winget source list | Select-String "msstore" +if ($msstoreSource) { + Write-Host "Removing msstore source..." -ForegroundColor Yellow + winget source remove msstore +} else { + Write-Host "msstore source is already removed or not found." -ForegroundColor Green +} + +winget import -i .\winget.json +winget pin add Discord.Discord + +powershell "$scriptDir\DSC-FileOperations.ps1" + diff --git a/winget.json b/winget.json index 63b4c72..64bcd78 100644 --- a/winget.json +++ b/winget.json @@ -6,12 +6,36 @@ { "Packages" : [ + { + "PackageIdentifier" : "Microsoft.VCRedist.2015+.x86" + }, + { + "PackageIdentifier" : "Microsoft.VCRedist.2015+.x64" + }, + { + "PackageIdentifier" : "Microsoft.XNARedist" + }, + { + "PackageIdentifier" : "Microsoft.DotNet.DesktopRuntime.8" + }, + { + "PackageIdentifier" : "Microsoft.VCLibs.Desktop.14" + }, { "PackageIdentifier" : "7zip.7zip" }, + { + "PackageIdentifier" : "Microsoft.VisualStudioCode" + }, + { + "PackageIdentifier" : "Microsoft.PowerToys" + }, { "PackageIdentifier" : "Git.Git" }, + { + "PackageIdentifier" : "tldr-pages.tlrc" + }, { "PackageIdentifier" : "ShareX.ShareX" }, @@ -48,42 +72,6 @@ { "PackageIdentifier" : "Valve.Steam" }, - { - "PackageIdentifier" : "Microsoft.VCRedist.2013.x64" - }, - { - "PackageIdentifier" : "Microsoft.DotNet.DesktopRuntime.6" - }, - { - "PackageIdentifier" : "Microsoft.DotNet.DesktopRuntime.5" - }, - { - "PackageIdentifier" : "Microsoft.VCRedist.2012.x86" - }, - { - "PackageIdentifier" : "Microsoft.VCRedist.2015+.x64" - }, - { - "PackageIdentifier" : "Microsoft.DotNet.Runtime.6" - }, - { - "PackageIdentifier" : "Microsoft.VCRedist.2013.x86" - }, - { - "PackageIdentifier" : "Microsoft.XNARedist" - }, - { - "PackageIdentifier" : "Microsoft.VCRedist.2010.x86" - }, - { - "PackageIdentifier" : "Microsoft.DotNet.DesktopRuntime.8" - }, - { - "PackageIdentifier" : "Microsoft.VCRedist.2012.x64" - }, - { - "PackageIdentifier" : "Microsoft.VCRedist.2015+.x86" - }, { "PackageIdentifier" : "Brave.Brave" }, @@ -92,21 +80,6 @@ }, { "PackageIdentifier" : "WinSCP.WinSCP" - }, - { - "PackageIdentifier" : "Microsoft.VisualStudioCode" - }, - { - "PackageIdentifier" : "Microsoft.PowerToys" - }, - { - "PackageIdentifier" : "Microsoft.UI.Xaml.2.7" - }, - { - "PackageIdentifier" : "Microsoft.UI.Xaml.2.8" - }, - { - "PackageIdentifier" : "Microsoft.VCLibs.Desktop.14" } ], "SourceDetails" :