public/windows-install
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add DSC configurations for user interface, Windows features, and services; implement app installation and removal scripts

Browse Source 
- Created `DSC-UserInterfaceConfiguration.ps1` to manage user interface settings via registry changes.
- Developed `DSC-WindowsFeatures.ps1` to install OpenSSH Client and enable NFS Client features.
- Implemented `DSC-WindowsServices.ps1` to ensure Terminal Services are running and set to automatic startup.
- Added `PS-InstallApps.ps1` to manage app installations and remove the msstore source if it exists.
- Created `PS-RemoveApps.ps1` to remove unwanted apps, provisioned packages, and handle Office applications via winget.
This commit is contained in:
EzekialSA
2025-09-28 11:59:28 -05:00
parent 7e9ad6b9eb
commit 79df17763a
11 changed files with 1842 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

363
1_Install.ps1
View File

@@ -1,3 +1,5 @@
# === Admin Check ===
# set-executionpolicy unrestricted # set-executionpolicy unrestricted
# Check if running as administrator # Check if running as administrator
@@ -21,243 +23,158 @@ if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdent
} }
Write-Host "Running with administrator privileges." -ForegroundColor Green Write-Host "Running with administrator privileges." -ForegroundColor Green
$uid = $Env:UserName # Get current username for use in paths $uid = $Env:UserName # Get current username for use in paths
Write-Host "Current user: $uid" -ForegroundColor Green Write-Host "Current user: $uid" -ForegroundColor Green
reg.exe add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve # === PREREQUISITE CHECKS ===
# Check and install OpenSSH Client if not already installed # Check if winget is installed
$sshCapability = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" } Write-Host "Checking winget installation..." -ForegroundColor Yellow
if ($sshCapability.State -ne "Installed") { try {
Write-Host "Installing OpenSSH Client..." -ForegroundColor Yellow $wingetVersion = winget --version
Add-WindowsCapability -Online -Name 'OpenSSH.Client~~~~0.0.1.0' Write-Host "winget is installed: $wingetVersion" -ForegroundColor Green
} else { }
Write-Host "OpenSSH Client is already installed." -ForegroundColor Green catch {
Write-Error "winget is not installed or not accessible. Please install winget first."
Write-Host "You can install winget from the Microsoft Store (App Installer) or GitHub." -ForegroundColor Red
Write-Host "GitHub: https://github.com/microsoft/winget-cli/releases" -ForegroundColor Cyan
pause
exit 1
} }
# Check and enable NFS features if not already enabled # Install Microsoft DSC
$nfsClientOnly = Get-WindowsOptionalFeature -Online -FeatureName "ServicesForNFS-ClientOnly" Write-Host "Installing Microsoft DSC..." -ForegroundColor Yellow
$nfsInfrastructure = Get-WindowsOptionalFeature -Online -FeatureName "ClientForNFS-Infrastructure" try {
# Check if already installed
if ($nfsClientOnly.State -ne "Enabled" -or $nfsInfrastructure.State -ne "Enabled") { $dscInstalled = winget list --id Microsoft.DSC --exact 2>$null
Write-Host "Enabling NFS Client features..." -ForegroundColor Yellow if ($LASTEXITCODE -eq 0 -and $dscInstalled -match "Microsoft.DSC") {
Enable-WindowsOptionalFeature -FeatureName ServicesForNFS-ClientOnly, ClientForNFS-Infrastructure -Online -NoRestart Write-Host "Microsoft DSC is already installed." -ForegroundColor Green
} else { } else {
Write-Host "NFS Client features are already enabled." -ForegroundColor Green Write-Host "Installing Microsoft DSC via winget..." -ForegroundColor Yellow
} winget install Microsoft.DSC --silent --accept-source-agreements --accept-package-agreements
if ($LASTEXITCODE -eq 0) {
# Check if msstore source exists before trying to remove it Write-Host "Microsoft DSC installed successfully." -ForegroundColor Green
$msstoreSource = winget source list | Select-String "msstore" } else {
if ($msstoreSource) { Write-Warning "Failed to install Microsoft DSC. DSC configurations may not work properly."
Write-Host "Removing msstore source..." -ForegroundColor Yellow
winget source remove msstore
} else {
Write-Host "msstore source is already removed or not found." -ForegroundColor Green
}
winget import -i .\winget.json
winget pin add Discord.Discord
#RDP Magic
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Set-Service -Name TermService -StartupType Automatic
Start-Service -Name TermService
# Remove unwanted Windows apps
Write-Host "Checking and removing unwanted Windows apps..." -ForegroundColor Yellow
$appsToRemove = @(
"Microsoft.MicrosoftSolitaireCollection", # Solitaire
"Microsoft.MicrosoftOfficeHub", # Office preinstalls
"Microsoft.Windows.Photos", # Photos
"Microsoft.Copilot", # Copilot
"Microsoft.BingNews", # News
"Microsoft.BingWeather", # Weather
"Clipchamp.Clipchamp", # Clipchamp
"MSTeams", # Teams
"Microsoft.Todos", # To-Do
"Microsoft.WebMediaExtensions", # Media extensions
"Microsoft.WindowsMediaPlayer", # Legacy Media Player (if exists)
"Microsoft.ZuneMusic", # Music app
"Microsoft.ZuneVideo", # Movies & TV app (if exists)
"Microsoft.Media.Player", # New Windows Media Player (if exists)
"Microsoft.OutlookForWindows", # New Outlook app
"Microsoft.Office.OneNote", # OneNote (AppX version)
"Microsoft.MicrosoftOfficeHub", # Office Hub
"7EX16E2Z690YF.LinkedInforWindows", # LinkedIn (actual package name)
"LinkedIn.LinkedIn", # LinkedIn (alternative name)
"Microsoft.OneDrive" # OneDrive (if exists as app package)
)
foreach ($app in $appsToRemove) {
$installedApp = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if ($installedApp) {
try {
Write-Host "Removing $app..." -ForegroundColor Red
Remove-AppxPackage -Package $installedApp.PackageFullName -ErrorAction Stop
Write-Host "Successfully removed $app" -ForegroundColor Green
} }
catch {
Write-Warning "Failed to remove $app`: $_"
}
}
else {
Write-Host "$app is not installed or already removed" -ForegroundColor Gray
} }
} }
catch {
# Also remove for all users (provisioned packages) Write-Warning "Failed to check/install Microsoft DSC: $_"
Write-Host "Checking and removing provisioned app packages for all users..." -ForegroundColor Yellow
foreach ($app in $appsToRemove) {
$provisionedApp = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $app }
if ($provisionedApp) {
try {
Write-Host "Removing provisioned package for $app..." -ForegroundColor Red
Remove-AppxProvisionedPackage -Online -PackageName $provisionedApp.PackageName -ErrorAction Stop
Write-Host "Successfully removed provisioned package for $app" -ForegroundColor Green
}
catch {
Write-Warning "Failed to remove provisioned package for $app`: $_"
}
}
else {
Write-Host "Provisioned package for $app is not found or already removed" -ForegroundColor Gray
}
} }
Write-Host "App removal process completed." -ForegroundColor Green # Configure WinRM service for DSC
Write-Host "Configuring WinRM service..." -ForegroundColor Yellow
# Remove unwanted Office applications via winget try {
Write-Host "Checking and removing unwanted Office applications..." -ForegroundColor Yellow # Start WinRM service
$winrmService = Get-Service -Name WinRM -ErrorAction SilentlyContinue
# Cache winget list to avoid multiple calls (it's slow) if ($winrmService) {
Write-Host "Getting installed applications list (this may take a moment)..." -ForegroundColor Gray if ($winrmService.Status -ne "Running") {
$wingetList = winget list | Out-String Write-Host "Starting WinRM service..." -ForegroundColor Yellow
Start-Service WinRM
$officeAppsToRemove = @( Write-Host "WinRM service started." -ForegroundColor Green
"Microsoft.OneDrive", # OneDrive (if exists as winget package) } else {
"OneNoteFreeRetail - en-us", # Microsoft OneNote - en-us Write-Host "WinRM service is already running." -ForegroundColor Green
"OneNoteFreeRetail - es-es", # Microsoft OneNote - es-es
"OneNoteFreeRetail - fr-fr", # Microsoft OneNote - fr-fr
"OneNoteFreeRetail - pt-br", # Microsoft OneNote - pt-br
"O365HomePremRetail - en-us", # Microsoft 365 - en-us
"O365HomePremRetail - es-es", # Microsoft 365 - es-es
"O365HomePremRetail - fr-fr", # Microsoft 365 - fr-fr
"O365HomePremRetail - pt-br", # Microsoft 365 - pt-br
"Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe", # Feedback Hub
"Microsoft.BingSearch_8wekyb3d8bbwe", # Bing Search (if exists)
"Microsoft.OutlookForWindows_8wekyb3d8bbwe", # New Outlook (if exists)
"MicrosoftCorporationII.MicrosoftFamily_8wekyb3d8bbwe" # Microsoft Family (if exists)
)
foreach ($app in $officeAppsToRemove) {
# Check if the app is installed using the cached winget list
$appFound = $wingetList -match [regex]::Escape($app)
if ($appFound) {
try {
Write-Host "Removing $app..." -ForegroundColor Red
winget uninstall "$app" --silent --accept-source-agreements
if ($LASTEXITCODE -eq 0) {
Write-Host "Successfully removed $app" -ForegroundColor Green
} else {
Write-Warning "winget uninstall returned exit code $LASTEXITCODE for $app"
}
} }
catch {
Write-Warning "Failed to remove $app`: $_" # Set to automatic startup
} if ($winrmService.StartType -ne "Automatic") {
} Write-Host "Setting WinRM service to automatic startup..." -ForegroundColor Yellow
else { Set-Service WinRM -StartupType Automatic
Write-Host "$app is not installed or already removed" -ForegroundColor Gray Write-Host "WinRM service set to automatic startup." -ForegroundColor Green
} } else {
} Write-Host "WinRM service is already set to automatic startup." -ForegroundColor Green
Write-Host "Office application removal process completed." -ForegroundColor Green
# Remove Edge Progressive Web Apps (PWAs) like LinkedIn
Write-Host "Checking and removing Edge Progressive Web Apps..." -ForegroundColor Yellow
$edgePWAPath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Web Applications"
if (Test-Path $edgePWAPath) {
try {
$pwaFolders = Get-ChildItem -Path $edgePWAPath -Directory -ErrorAction SilentlyContinue
foreach ($folder in $pwaFolders) {
$manifestPath = Join-Path $folder.FullName "Manifest"
if (Test-Path $manifestPath) {
$manifestContent = Get-Content $manifestPath -Raw -ErrorAction SilentlyContinue
if ($manifestContent -match "linkedin" -or $manifestContent -match "LinkedIn") {
Write-Host "Found LinkedIn PWA, removing folder: $($folder.Name)" -ForegroundColor Red
Remove-Item -Path $folder.FullName -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "Removed LinkedIn PWA" -ForegroundColor Green
}
}
}
}
catch {
Write-Warning "Failed to check Edge PWAs: $_"
}
} else {
Write-Host "Edge PWA directory not found" -ForegroundColor Gray
}
Write-Host "Edge PWA removal process completed." -ForegroundColor Green
# Font Install
Write-Host "Checking and installing fonts..." -ForegroundColor Yellow
$fontSourceFolder = ".\Fonts"
$fontDestFolder = "C:\Windows\Fonts"
$regPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Fonts"
# Process each TTF file
Get-ChildItem -Path $fontSourceFolder -Filter "*.ttf" | ForEach-Object {
$fontFile = $_.FullName
$fontName = $_.BaseName
$destFile = Join-Path -Path $fontDestFolder -ChildPath $_.Name
$regName = "$fontName (TrueType)"
# Check if font file already exists in destination
$fontExists = Test-Path -Path $destFile
# Check if registry entry already exists
$regExists = $false
try {
$regValue = Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue
$regExists = ($regValue -ne $null)
}
catch {
$regExists = $false
}
# Only install if font file doesn't exist or registry entry is missing
if (-not $fontExists -or -not $regExists) {
try {
Write-Host "Installing font: $($_.Name)..." -ForegroundColor Yellow
# Copy font file if it doesn't exist
if (-not $fontExists) {
Copy-Item -Path $fontFile -Destination $destFile -Force
Write-Host " - Copied font file to Windows\Fonts" -ForegroundColor Green
} else {
Write-Host " - Font file already exists, skipping copy" -ForegroundColor Gray
}
# Add/update registry entry if it doesn't exist
if (-not $regExists) {
New-ItemProperty -Path $regPath -Name $regName -Value $_.Name -PropertyType String -Force | Out-Null
Write-Host " - Added registry entry" -ForegroundColor Green
} else {
Write-Host " - Registry entry already exists, skipping" -ForegroundColor Gray
}
}
catch {
Write-Warning "Failed to install font $($_.Name): $_"
} }
} else { } else {
Write-Host "Font $($_.Name) is already installed (file and registry entry exist)" -ForegroundColor Green Write-Warning "WinRM service not found. DSC configurations may not work properly."
} }
} }
catch {
Write-Warning "Failed to configure WinRM service: $_"
}
# Clear any pending DSC configurations
Write-Host "Checking and clearing any pending DSC configurations..." -ForegroundColor Yellow
try {
# Force stop any running DSC operations
Write-Host "Stopping any active DSC operations..." -ForegroundColor Yellow
Stop-DscConfiguration -Force -ErrorAction SilentlyContinue
Start-Sleep -Seconds 3
# Check DSC status
$dscStatus = Get-DscLocalConfigurationManager -ErrorAction SilentlyContinue
if ($dscStatus) {
Write-Host "Current DSC LCM State: $($dscStatus.LCMState)" -ForegroundColor Cyan
# If still not idle, try more aggressive cleanup
if ($dscStatus.LCMState -ne "Idle") {
Write-Host "Performing aggressive DSC cleanup..." -ForegroundColor Yellow
# Try to cancel any pending operations
Stop-DscConfiguration -Force -ErrorAction SilentlyContinue
Start-Sleep -Seconds 2
# Remove any pending.mof files that might be causing issues
$pendingMof = "$env:SystemRoot\System32\Configuration\pending.mof"
$currentMof = "$env:SystemRoot\System32\Configuration\current.mof"
if (Test-Path $pendingMof) {
Remove-Item $pendingMof -Force -ErrorAction SilentlyContinue
Write-Host "Removed pending.mof file." -ForegroundColor Green
}
# Re-check status
Start-Sleep -Seconds 2
$dscStatus = Get-DscLocalConfigurationManager -ErrorAction SilentlyContinue
Write-Host "Final DSC LCM State: $($dscStatus.LCMState)" -ForegroundColor Cyan
}
if ($dscStatus.LCMState -eq "Idle") {
Write-Host "DSC is ready for new configurations." -ForegroundColor Green
} else {
Write-Warning "DSC may still be in pending state. Will use -Force parameter for configurations."
}
}
}
catch {
Write-Warning "Failed to check/clear DSC status: $_"
Write-Host "Will proceed with -Force parameter for DSC configurations." -ForegroundColor Yellow
}
# === Install Features/Enable Services ===
$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
Write-Host "Running Windows Features DSC configuration..." -ForegroundColor Yellow
& "$scriptDir\DSC-WindowsFeatures.ps1"
Write-Host "Running Windows Services DSC configuration..." -ForegroundColor Yellow
& "$scriptDir\DSC-WindowsServices.ps1"
# === Disable Telemetry ===
Write-Host "Running Telemetry, Privacy & Security DSC configuration..." -ForegroundColor Yellow
& "$scriptDir\DSC-TelemetryPrivacySecurity.ps1"
# === Remove Apps ===
Write-Host "Running App Removal script..." -ForegroundColor Yellow
& "$scriptDir\PS-RemoveApps.ps1"
# === Install Apps ===
Write-Host "Running App Installation script..." -ForegroundColor Yellow
& "$scriptDir\PS-InstallApps.ps1"
# === Configure User Interface ===
Write-Host "Running User Interface DSC configuration..." -ForegroundColor Yellow
& "$scriptDir\DSC-UserInterfaceConfiguration.ps1"
# === Configure Environment Variables ===
Write-Host "Running Environment Variables DSC configuration..." -ForegroundColor Yellow
& "$scriptDir\DSC-EnvironmentVariables.ps1"
# === File Operations ===
Write-Host "Running File Operations DSC configuration..." -ForegroundColor Yellow
& "$scriptDir\DSC-FileOperations.ps1"

94
2_ConfigUpdate.ps1
View File

@@ -27,7 +27,9 @@ $uid = $Env:UserName
# Get the directory where this script is located # Get the directory where this script is located
$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path $scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
Copy-Item -Path "$scriptDir\FastStone" -Destination "C:\Users\$uid\AppData\Local\" -Recurse -Force # Copy-Item -Path "$scriptDir\FastStone" -Destination "C:\Users\$uid\AppData\Local\" -Recurse -Force
# === FIREFOX POLICIES AND USER.JS ===
# Define the Firefox installation directory # Define the Firefox installation directory
$firefoxPath = "C:\Program Files\Mozilla Firefox" $firefoxPath = "C:\Program Files\Mozilla Firefox"
@@ -47,91 +49,7 @@ Copy-Item -Path $sourceFile -Destination $destinationFile -Force
Write-Host "policies.json has been copied/replaced in the distribution folder." Write-Host "policies.json has been copied/replaced in the distribution folder."
$forgePath = "C:\ProgramData\miniforge3" # === ShareX Configs ===
$forgeScriptsPath = "C:\ProgramData\miniforge3\Scripts"
$systemPathReference = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
# Check if the path already contains $forgePath
if (-not ($systemPathReference -split ";" | Where-Object { $_ -eq $forgePath })) {
# Append $forgePath to the existing path, with proper separation by semicolon
$newPath = $systemPathReference + ";" + $forgePath
[System.Environment]::SetEnvironmentVariable("Path", $newPath, "Machine")
}
# Check if the path already contains $forgeScriptsPath
if (-not ($systemPathReference -split ";" | Where-Object { $_ -eq $forgeScriptsPath })) {
# Get the updated path (in case it was modified above)
$currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
# Append $forgeScriptsPath to the existing path, with proper separation by semicolon
$newPath = $currentPath + ";" + $forgeScriptsPath
[System.Environment]::SetEnvironmentVariable("Path", $newPath, "Machine")
}
# Define the base Firefox profiles directory
$profilesDir = "$env:APPDATA\Mozilla\Firefox\Profiles"
# Define the source user.js file
$sourceFile = "$scriptDir\Firefox\user.js" # Use absolute path based on script location
# Check if the source file exists
if (-not (Test-Path -Path $sourceFile)) {
Write-Error "Source user.js file not found at $sourceFile"
exit
}
# Loop through all subdirectories in the profiles folder
Get-ChildItem -Path $profilesDir -Directory | ForEach-Object {
$profilePath = $_.FullName
$destinationFile = Join-Path -Path $profilePath -ChildPath "user.js"
# Copy the user.js file to the profile directory
Copy-Item -Path $sourceFile -Destination $destinationFile -Force
Write-Host "user.js has been placed in: $profilePath"
}
Write-Host "Operation completed for all Firefox profiles."
# Path to the CSV file
$csvFilePath = "$scriptDir\registry.csv"
$entries = Import-Csv -Path $csvFilePath
foreach ($entry in $entries) {
# Trim fields to remove extra spaces
$registryPath = $entry.registryPath.Trim()
$propertyName = $entry.propertyName.Trim()
$propertyType = $entry.propertyType.Trim()
$propertyValue = $entry.propertyValue.Trim()
# Validate required fields
if (-not $registryPath -or -not $propertyName -or -not $propertyType -or -not $propertyValue) {
Write-Warning "Skipping row with incomplete data: $($entry | Out-String)"
continue
}
# Print debug info
#Write-Host "Processing: Path=$registryPath Name=$propertyName Type=$propertyType Value=$propertyValue"
# Check if registry path exists, create if necessary
if (-not (Test-Path $registryPath)) {
try {
New-Item -Path $registryPath -Force | Out-Null
Write-Host "Created missing path: $registryPath"
} catch {
Write-Warning "Failed to create path: $registryPath. $_"
continue
}
}
# Set the registry property
try {
Set-ItemProperty -Path $registryPath -Name $propertyName -Type $propertyType -Value $propertyValue
# Write-Host "Successfully set $propertyName in $registryPath to $propertyValue."
} catch {
Write-Warning "Failed to set $propertyName in $registryPath. $_"
}
}
# ShareX - Remove "Capture Entire Screen" shortcut # ShareX - Remove "Capture Entire Screen" shortcut
Write-Host "Configuring ShareX shortcuts..." Write-Host "Configuring ShareX shortcuts..."
@@ -267,6 +185,8 @@ if ($shareXProcess -and (Test-Path -Path $shareXExePath)) {
Write-Warning "Could not restart ShareX: Executable not found at $shareXExePath" Write-Warning "Could not restart ShareX: Executable not found at $shareXExePath"
} }
# === XMouseButtonControl Configs ===
# XMouseButtonControl - Replace configuration files # XMouseButtonControl - Replace configuration files
Write-Host "Configuring XMouseButtonControl..." Write-Host "Configuring XMouseButtonControl..."
@@ -300,6 +220,8 @@ if (Test-Path -Path $sourceProfile) {
Write-Warning "psymon's XMBC Settings.xmbcp not found in source directory" Write-Warning "psymon's XMBC Settings.xmbcp not found in source directory"
} }
# === ENVIRONMENT VARIABLES AND PATH UPDATES ===
# Update Windows hosts file with entries to block license servers # Update Windows hosts file with entries to block license servers
Write-Host "Updating Windows hosts file..." Write-Host "Updating Windows hosts file..."

89
DSC-EnvironmentVariables.ps1 Normal file
View File

@@ -0,0 +1,89 @@
Configuration EnvironmentVariables {
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node localhost {
# === MINIFORGE PYTHON ENVIRONMENT (from 2_ConfigUpdate.ps1) ===
# Add Miniforge3 base directory to PATH
Script AddMiniforgePath {
SetScript = {
$forgePath = "C:\ProgramData\miniforge3"
$currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
if (-not ($currentPath -split ";" | Where-Object { $_ -eq $forgePath })) {
$newPath = $currentPath + ";" + $forgePath
[System.Environment]::SetEnvironmentVariable("Path", $newPath, "Machine")
Write-Verbose "Added $forgePath to system PATH"
}
}
TestScript = {
$forgePath = "C:\ProgramData\miniforge3"
$currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
return ($currentPath -split ";" | Where-Object { $_ -eq $forgePath }).Count -gt 0
}
GetScript = {
$forgePath = "C:\ProgramData\miniforge3"
$currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
$exists = ($currentPath -split ";" | Where-Object { $_ -eq $forgePath }).Count -gt 0
return @{Result = "Miniforge path exists: $exists"}
}
}
# Add Miniforge3 Scripts directory to PATH
Script AddMiniforgeScriptsPath {
SetScript = {
$forgeScriptsPath = "C:\ProgramData\miniforge3\Scripts"
$currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
if (-not ($currentPath -split ";" | Where-Object { $_ -eq $forgeScriptsPath })) {
$newPath = $currentPath + ";" + $forgeScriptsPath
[System.Environment]::SetEnvironmentVariable("Path", $newPath, "Machine")
Write-Verbose "Added $forgeScriptsPath to system PATH"
}
}
TestScript = {
$forgeScriptsPath = "C:\ProgramData\miniforge3\Scripts"
$currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
return ($currentPath -split ";" | Where-Object { $_ -eq $forgeScriptsPath }).Count -gt 0
}
GetScript = {
$forgeScriptsPath = "C:\ProgramData\miniforge3\Scripts"
$currentPath = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
$exists = ($currentPath -split ";" | Where-Object { $_ -eq $forgeScriptsPath }).Count -gt 0
return @{Result = "Miniforge Scripts path exists: $exists"}
}
DependsOn = "[Script]AddMiniforgePath"
}
# Set Conda/Mamba environment variables
Environment SetCondaDefault {
Name = "CONDA_DEFAULT_ENV"
Value = "base"
Ensure = "Present"
}
Environment SetCondaEnvPrompt {
Name = "CONDA_PROMPT_MODIFIER"
Value = "(base) "
Ensure = "Present"
}
# Python/Conda specific
Environment SetPythonPath {
Name = "PYTHONPATH"
Value = "C:\ProgramData\miniforge3\Lib\site-packages"
Ensure = "Present"
}
Environment SetDeveloperMode {
Name = "DEVELOPER_MODE"
Value = "1"
Ensure = "Present"
}
}
}
# Generate the MOF file
$outputPath = "$env:TEMP\DSC\EnvironmentVariables"
EnvironmentVariables -OutputPath $outputPath
# Apply the configuration
Start-DscConfiguration -Path $outputPath -Wait -Verbose -Force

256
DSC-FileOperations.ps1 Normal file
View File

@@ -0,0 +1,256 @@
Configuration FileOperations {
param(
[string]$ScriptDir
)
Import-DscResource -ModuleName PSDesiredStateConfiguration
# Calculate paths outside of Script resources
$FontsPath = Join-Path $ScriptDir "Fonts"
$FastStonePath = Join-Path $ScriptDir "FastStone"
$FirefoxPath = Join-Path $ScriptDir "Firefox\policies.json"
$ShareXAppConfigPath = Join-Path $ScriptDir "ShareX\ApplicationConfig.json"
$ShareXHotkeysPath = Join-Path $ScriptDir "ShareX\HotkeysConfig.json"
$PowerToysPath = Join-Path $ScriptDir "PowerToys\settings_133974244713307595.ptb"
Node localhost {
# === FONT INSTALLATION ===
# Install all Unifont files using Script resource for dynamic paths
Script InstallUnifontFonts {
SetScript = {
$fontSourceFolder = $using:FontsPath
$fontDestFolder = "C:\Windows\Fonts"
$regPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Fonts"
# List of font files to install
$fontFiles = @(
"unifont-15.1.05.ttf",
"unifont-all.ttf",
"unifont-smooth.ttf",
"unifont_csur-15.1.05.ttf",
"unifont_jp-15.1.05.ttf",
"unifont_upper-15.1.05.ttf"
)
foreach ($fontFile in $fontFiles) {
$sourcePath = Join-Path $fontSourceFolder $fontFile
$destPath = Join-Path $fontDestFolder $fontFile
$fontName = [System.IO.Path]::GetFileNameWithoutExtension($fontFile)
$regName = "$fontName (TrueType)"
if (Test-Path $sourcePath) {
# Copy font file
if (-not (Test-Path $destPath)) {
Copy-Item -Path $sourcePath -Destination $destPath -Force
Write-Verbose "Copied font: $fontFile"
}
# Register font in registry
try {
$regValue = Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue
if (-not $regValue) {
New-ItemProperty -Path $regPath -Name $regName -Value $fontFile -PropertyType String -Force | Out-Null
Write-Verbose "Registered font: $regName"
}
}
catch {
Write-Warning "Failed to register font $fontFile in registry: $_"
}
} else {
Write-Warning "Source font file not found: $sourcePath"
}
}
}
TestScript = {
$fontSourceFolder = $using:FontsPath
$fontDestFolder = "C:\Windows\Fonts"
$regPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Fonts"
$fontFiles = @(
"unifont-15.1.05.ttf",
"unifont-all.ttf",
"unifont-smooth.ttf",
"unifont_csur-15.1.05.ttf",
"unifont_jp-15.1.05.ttf",
"unifont_upper-15.1.05.ttf"
)
$allInstalled = $true
foreach ($fontFile in $fontFiles) {
$sourcePath = Join-Path $fontSourceFolder $fontFile
$destPath = Join-Path $fontDestFolder $fontFile
$fontName = [System.IO.Path]::GetFileNameWithoutExtension($fontFile)
$regName = "$fontName (TrueType)"
# Check if source exists (skip if not available)
if (Test-Path $sourcePath) {
# Check if font file exists and is registered
$fileExists = Test-Path $destPath
$regExists = $false
try {
$regValue = Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue
$regExists = ($regValue -ne $null)
}
catch {
$regExists = $false
}
if (-not ($fileExists -and $regExists)) {
$allInstalled = $false
break
}
}
}
return $allInstalled
}
GetScript = {
$fontDestFolder = "C:\Windows\Fonts"
$installedFonts = Get-ChildItem "$fontDestFolder\unifont*.ttf" -ErrorAction SilentlyContinue
return @{Result = "Installed Unifont files: $($installedFonts.Count)"}
}
}
# === APPLICATION CONFIGURATION DEPLOYMENTS ===
# Deploy FastStone Image Viewer configuration
Script DeployFastStoneConfig {
SetScript = {
$sourcePath = $using:FastStonePath
$uid = [System.Environment]::UserName
$destPath = "C:\Users\$uid\AppData\Local\FastStone"
if (Test-Path $sourcePath) {
if (-not (Test-Path $destPath)) {
New-Item -ItemType Directory -Path (Split-Path $destPath) -Force | Out-Null
}
Copy-Item -Path $sourcePath -Destination "C:\Users\$uid\AppData\Local\" -Recurse -Force
Write-Verbose "Deployed FastStone configuration"
}
}
TestScript = {
$uid = [System.Environment]::UserName
$destPath = "C:\Users\$uid\AppData\Local\FastStone"
return (Test-Path $destPath)
}
GetScript = {
$uid = [System.Environment]::UserName
$destPath = "C:\Users\$uid\AppData\Local\FastStone"
return @{
Result = if (Test-Path $destPath) { "Present" } else { "Absent" }
}
}
}
# Deploy Firefox policies
Script DeployFirefoxPolicies {
SetScript = {
$sourceFile = $using:FirefoxPath
$firefoxPath = "C:\Program Files\Mozilla Firefox"
$distributionPath = Join-Path $firefoxPath "distribution"
$destinationFile = Join-Path $distributionPath "policies.json"
if (Test-Path $sourceFile) {
if (-not (Test-Path $distributionPath)) {
New-Item -ItemType Directory -Path $distributionPath -Force | Out-Null
}
Copy-Item -Path $sourceFile -Destination $destinationFile -Force
Write-Verbose "Deployed Firefox policies"
}
}
TestScript = {
$firefoxPath = "C:\Program Files\Mozilla Firefox"
$distributionPath = Join-Path $firefoxPath "distribution"
$destinationFile = Join-Path $distributionPath "policies.json"
return (Test-Path $destinationFile)
}
GetScript = {
$firefoxPath = "C:\Program Files\Mozilla Firefox"
$distributionPath = Join-Path $firefoxPath "distribution"
$destinationFile = Join-Path $distributionPath "policies.json"
return @{
Result = if (Test-Path $destinationFile) { "Present" } else { "Absent" }
}
}
}
# Deploy ShareX configuration
Script DeployShareXConfig {
SetScript = {
$sourceConfigPath = $using:ShareXAppConfigPath
$sourceHotkeyPath = $using:ShareXHotkeysPath
$shareXSettingsDir = "$env:USERPROFILE\Documents\ShareX"
if (-not (Test-Path $shareXSettingsDir)) {
New-Item -ItemType Directory -Path $shareXSettingsDir -Force | Out-Null
}
if (Test-Path $sourceConfigPath) {
$destConfigPath = Join-Path $shareXSettingsDir "ApplicationConfig.json"
Copy-Item -Path $sourceConfigPath -Destination $destConfigPath -Force
Write-Verbose "Deployed ShareX ApplicationConfig.json"
}
if (Test-Path $sourceHotkeyPath) {
$destHotkeyPath = Join-Path $shareXSettingsDir "HotkeysConfig.json"
Copy-Item -Path $sourceHotkeyPath -Destination $destHotkeyPath -Force
Write-Verbose "Deployed ShareX HotkeysConfig.json"
}
}
TestScript = {
$shareXSettingsDir = "$env:USERPROFILE\Documents\ShareX"
$configExists = Test-Path (Join-Path $shareXSettingsDir "ApplicationConfig.json")
$hotkeyExists = Test-Path (Join-Path $shareXSettingsDir "HotkeysConfig.json")
return ($configExists -and $hotkeyExists)
}
GetScript = {
$shareXSettingsDir = "$env:USERPROFILE\Documents\ShareX"
$configExists = Test-Path (Join-Path $shareXSettingsDir "ApplicationConfig.json")
$hotkeyExists = Test-Path (Join-Path $shareXSettingsDir "HotkeysConfig.json")
return @{
Result = if ($configExists -and $hotkeyExists) { "Present" } else { "Absent" }
}
}
}
# Deploy PowerToys settings
Script DeployPowerToysSettings {
SetScript = {
$sourceFile = $using:PowerToysPath
$powerToysSettingsDir = "$env:LOCALAPPDATA\Microsoft\PowerToys"
if (-not (Test-Path $powerToysSettingsDir)) {
New-Item -ItemType Directory -Path $powerToysSettingsDir -Force | Out-Null
}
if (Test-Path $sourceFile) {
$destFile = Join-Path $powerToysSettingsDir "settings.ptb"
Copy-Item -Path $sourceFile -Destination $destFile -Force
Write-Verbose "Deployed PowerToys settings"
}
}
TestScript = {
$powerToysSettingsDir = "$env:LOCALAPPDATA\Microsoft\PowerToys"
$settingsFile = Join-Path $powerToysSettingsDir "settings.ptb"
return (Test-Path $settingsFile)
}
GetScript = {
$powerToysSettingsDir = "$env:LOCALAPPDATA\Microsoft\PowerToys"
$settingsFile = Join-Path $powerToysSettingsDir "settings.ptb"
return @{
Result = if (Test-Path $settingsFile) { "Present" } else { "Absent" }
}
}
}
}
}
# Generate the MOF file
$outputPath = "$env:TEMP\DSC\FileOperations"
$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
FileOperations -ScriptDir $scriptDir -OutputPath $outputPath
# Apply the configuration
Start-DscConfiguration -Path $outputPath -Wait -Verbose -Force

541
DSC-TelemetryPrivacySecurity.ps1 Normal file
View File

@@ -0,0 +1,541 @@
Configuration TelemetryPrivacySecurity {
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node localhost {
# === TELEMETRY & DATA COLLECTION ===
# Disable Windows Telemetry
Registry DisableTelemetry1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
ValueName = "AllowTelemetry"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableTelemetry2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
ValueName = "MaxTelemetryAllowed"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableTelemetry3 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection"
ValueName = "AllowTelemetry"
ValueType = "DWord"
ValueData = "0"
}
# Disable Application Compatibility Telemetry
Registry DisableAppCompatTelemetry {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat"
ValueName = "AITEnable"
ValueType = "DWord"
ValueData = "0"
}
# Disable Edge UI MFU Tracking
Registry DisableEdgeMFUTracking {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\EdgeUI"
ValueName = "DisableMFUTracking"
ValueType = "DWord"
ValueData = "1"
}
# Disable TIPC (Text Input Panel Component)
Registry DisableTIPC {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Input\TIPC"
ValueName = "Enabled"
ValueType = "DWord"
ValueData = "0"
}
# Disable System Instrumentation
Registry DisableInstrumentation1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
ValueName = "NoInstrumentation"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableInstrumentation2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
ValueName = "NoInstrumentation"
ValueType = "DWord"
ValueData = "1"
}
# Disable Handwriting Error Reports
Registry DisableHandwritingErrorReports {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports"
ValueName = "PreventHandwritingErrorReports"
ValueType = "DWord"
ValueData = "1"
}
# Disable Input Personalization Data Collection
Registry DisableImplicitInkCollection1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\InputPersonalization"
ValueName = "RestrictImplicitInkCollection"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableImplicitInkCollection2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization"
ValueName = "RestrictImplicitInkCollection"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableImplicitTextCollection {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization"
ValueName = "RestrictImplicitTextCollection"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableHarvestContacts {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore"
ValueName = "HarvestContacts"
ValueType = "DWord"
ValueData = "0"
}
Registry DisablePrivacyPolicy {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Personalization\Settings"
ValueName = "AcceptedPrivacyPolicy"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableLinguisticDataCollection {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput"
ValueName = "AllowLinguisticDataCollection"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableFeedbackNotifications {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
ValueName = "DoNotShowFeedbackNotifications"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableDeviceNameTelemetry {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
ValueName = "AllowDeviceNameInTelemetry"
ValueType = "DWord"
ValueData = "0"
}
# Disable Error Reporting
Registry DisableErrorReporting1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\PCHealth\ErrorReporting"
ValueName = "DoReport"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableErrorReporting2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\PCHealth\ErrorReporting"
ValueName = "ShowUI"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableErrorReporting3 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting"
ValueName = "DoReport"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableErrorReporting4 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting"
ValueName = "ShowUI"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableStorageTelemetry {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl\StorageTelemetry"
ValueName = "DeviceDumpEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableAccountNotifications1 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications"
ValueName = "DisableAccountNotifications"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableAccountNotifications2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
ValueName = "Start_AccountNotifications"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableConnectedUser {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
ValueName = "NoConnectedUser"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableScoobeSystemSetting {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement"
ValueName = "ScoobeSystemSettingEnabled"
ValueType = "DWord"
ValueData = "0"
}
# === PRIVACY & LOCATION SERVICES ===
# Disable Location Services
Registry DisableLocationService {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration"
ValueName = "Status"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableLocationMachine {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
Registry DisableLocationUser {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
Registry DisableLocationNonPackaged {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\NonPackaged"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
Registry DisableLocationCamera {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Microsoft.WindowsCamera_8wekyb3d8bbwe"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
Registry DisableLocationOverride {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CPSS\Store\UserLocationOverridePrivacySetting"
ValueName = "Value"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableLocationWeather {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Microsoft.BingWeather_8wekyb3d8bbwe"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
# === SEARCH & CORTANA ===
# Disable Bing Search
Registry DisableBingSearch {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search"
ValueName = "BingSearchEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableSearchBoxSuggestions {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "DisableSearchBoxSuggestions"
ValueType = "DWord"
ValueData = "1"
}
# Disable Cloud Search
Registry DisableCloudSearch {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search"
ValueName = "AllowCloudSearch"
ValueType = "DWord"
ValueData = "0"
}
# Disable Cortana
Registry DisableCortana1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search"
ValueName = "AllowCortana"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableCortana2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search"
ValueName = "AllowCortanaAboveLock"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableCortana3 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search"
ValueName = "CortanaEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableCortana4 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search"
ValueName = "CortanaConsent"
ValueType = "DWord"
ValueData = "0"
}
# === SECURITY ===
# Disable SmartScreen
Registry DisableSmartScreen {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
ValueName = "SmartScreenEnabled"
ValueType = "String"
ValueData = "Off"
}
Registry DisableEdgePhishingFilter {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter"
ValueName = "EnabledV9"
ValueType = "DWord"
ValueData = "0"
}
# Disable Active Help
Registry DisableActiveHelp {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Assistance\Client\1.0"
ValueName = "NoActiveHelp"
ValueType = "DWord"
ValueData = "1"
}
# Configure Zone Information for attachments
Registry SaveZoneInformation {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments"
ValueName = "SaveZoneInformation"
ValueType = "DWord"
ValueData = "1"
}
Registry LowRiskFileTypes {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments"
ValueName = "LowRiskFileTypes"
ValueType = "String"
ValueData = ".zip;.rar;.7z"
}
# Configure Trusted Sites
Registry TrustedSite1 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\192.168.100.5"
ValueName = "*"
ValueType = "DWord"
ValueData = "1"
}
Registry TrustedSite2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\callisto.andrewspolytechnic.com"
ValueName = "*"
ValueType = "DWord"
ValueData = "1"
}
# Disable UAC prompts for Admin
Registry DisableUACPrompt {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
ValueName = "ConsentPromptBehaviorAdmin"
ValueType = "DWord"
ValueData = "0"
}
# === CONSUMER FEATURES & CONTENT DELIVERY ===
# Disable Windows Consumer Features
Registry DisableConsumerFeatures {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
ValueName = "DisableWindowsConsumerFeatures"
ValueType = "DWord"
ValueData = "1"
}
# Disable Content Delivery Manager Features
Registry DisableSilentInstalledApps {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
ValueName = "SilentInstalledAppsEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableSubscribedContent {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
ValueName = "SubscribedContent-338388Enabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableOemPreInstalledApps {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
ValueName = "OemPreInstalledAppsEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisablePreInstalledApps {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
ValueName = "PreInstalledAppsEnabled"
ValueType = "DWord"
ValueData = "0"
}
# === NVIDIA TELEMETRY ===
Registry DisableNvidiaOptIn {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client"
ValueName = "OptInOrOutPreference"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableNvidiaRID1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS"
ValueName = "EnableRID44231"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableNvidiaRID2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS"
ValueName = "EnableRID64640"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableNvidiaRID3 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS"
ValueName = "EnableRID66610"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableNvTelemetryContainer {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\NvTelemetryContainer"
ValueName = "Start"
ValueType = "DWord"
ValueData = "4"
}
# === DISABLE THUMBNAILS ON NETWORK ===
Registry DisableThumbsDB1 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows"
ValueName = "DisableThumbsDBOnNetworkFolders"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableThumbsDB2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "DisableThumbsDBOnNetworkFolders"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableThumbsDB3 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "DisableThumbsDBOnNetworkFolders"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableThumbnailCache {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
ValueName = "NoThumbnailCache"
ValueType = "DWord"
ValueData = "1"
}
}
}
# Generate the MOF file
TelemetryPrivacySecurity -OutputPath "\temp\DSC\TelemetryPrivacySecurity"
# Apply the configuration
Start-DscConfiguration -Path "\temp\DSC\TelemetryPrivacySecurity" -Wait -Verbose -Force

464
DSC-UserInterfaceConfiguration.ps1 Normal file
View File

@@ -0,0 +1,464 @@
Configuration UserInterfaceConfiguration {
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node localhost {
# === TASKBAR WIDGETS ===
# Disable Taskbar Widgets (Windows 11)
Registry DisableTaskbarWidgets {
Ensure = "Present"
Key = "HKCU:\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32"
ValueName = "(Default)"
ValueType = "String"
ValueData = ""
}
# === KEYBOARD & INPUT SETTINGS ===
# Disable Print Screen key for Snipping Tool
Registry DisablePrintScreenSnipping {
Ensure = "Present"
Key = "HKCU:\Control Panel\Keyboard"
ValueName = "PrintScreenKeyForSnippingEnabled"
ValueType = "DWord"
ValueData = "0"
}
# Configure Sticky Keys
Registry ConfigureStickyKeys {
Ensure = "Present"
Key = "HKCU:\Control Panel\Accessibility\StickyKeys"
ValueName = "Flags"
ValueType = "String"
ValueData = "506"
}
# Configure Keyboard Response
Registry ConfigureKeyboardResponse {
Ensure = "Present"
Key = "HKCU:\Control Panel\Accessibility\Keyboard Response"
ValueName = "Flags"
ValueType = "String"
ValueData = "122"
}
# === EXPLORER SETTINGS ===
# Disable Cloud Files in Quick Access
Registry DisableCloudFilesQuickAccess {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
ValueName = "ShowCloudFilesInQuickAccess"
ValueType = "DWord"
ValueData = "0"
}
# Disable Frequent folders
Registry DisableShowFrequent {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
ValueName = "ShowFrequent"
ValueType = "DWord"
ValueData = "0"
}
# Disable Recent files
Registry DisableShowRecent {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
ValueName = "ShowRecent"
ValueType = "DWord"
ValueData = "0"
}
# Open File Explorer to This PC
Registry LaunchToThisPC {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
ValueName = "LaunchTo"
ValueType = "DWord"
ValueData = "1"
}
# Show file extensions
Registry ShowFileExtensions {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
ValueName = "HideFileExt"
ValueType = "DWord"
ValueData = "0"
}
# Show hidden files
Registry ShowHiddenFiles {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
ValueName = "Hidden"
ValueType = "DWord"
ValueData = "1"
}
# Disable AutoComplete append completion
Registry DisableAutoCompleteAppend {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete"
ValueName = "Append Completion"
ValueType = "String"
ValueData = "no"
}
# Hide Recently Added Apps
Registry HideRecentlyAddedApps {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "HideRecentlyAddedApps"
ValueType = "DWord"
ValueData = "1"
}
# === TASKBAR SETTINGS ===
# Set Taskbar alignment to left
Registry TaskbarAlignLeft {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\microsoft\windows\currentversion\explorer\advanced"
ValueName = "TaskbarAl"
ValueType = "DWord"
ValueData = "0"
}
# Hide Search box from taskbar
Registry HideSearchBox {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search"
ValueName = "SearchboxTaskbarMode"
ValueType = "DWord"
ValueData = "0"
}
# Hide Meet Now button
Registry HideMeetNow1 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
ValueName = "HideSCAMeetNow"
ValueType = "DWord"
ValueData = "1"
}
Registry HideMeetNow2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
ValueName = "HideSCAMeetNow"
ValueType = "DWord"
ValueData = "1"
}
# Disable News and Interests
Registry DisableNewsAndInterests {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Dsh"
ValueName = "AllowNewsAndInterests"
ValueType = "DWord"
ValueData = "0"
}
# Hide People Bar
Registry HidePeopleBar1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "HidePeopleBar"
ValueType = "DWord"
ValueData = "1"
}
Registry HidePeopleBar2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "HidePeopleBar"
ValueType = "DWord"
ValueData = "1"
}
Registry DisablePeopleBand {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People"
ValueName = "PeopleBand"
ValueType = "DWord"
ValueData = "0"
}
# Disable Windows Feeds
Registry DisableWindowsFeeds {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds"
ValueName = "EnableFeeds"
ValueType = "DWord"
ValueData = "0"
}
# === THEME & APPEARANCE ===
# Set Dark theme for apps
Registry DarkThemeApps {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize"
ValueName = "AppsUseLightTheme"
ValueType = "DWord"
ValueData = "0"
}
# Set Dark theme for system
Registry DarkThemeSystem {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize"
ValueName = "SystemUsesLightTheme"
ValueType = "DWord"
ValueData = "0"
}
# Enable transparency effects
Registry EnableTransparency {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize"
ValueName = "EnableTransparency"
ValueType = "DWord"
ValueData = "1"
}
# === REMOTE DESKTOP SETTINGS ===
# Enable Remote Desktop
Registry EnableRDP1 {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server"
ValueName = "fDenyTSConnections"
ValueType = "DWord"
ValueData = "0"
}
Registry EnableRDP2 {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server"
ValueName = "fSingleSessionPerUser"
ValueType = "DWord"
ValueData = "0"
}
Registry EnableTermService {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\TermService"
ValueName = "Start"
ValueType = "DWord"
ValueData = "2"
}
Registry EnableRDPWD {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\RDPWD"
ValueName = "Start"
ValueType = "DWord"
ValueData = "2"
}
Registry EnableRDPTcp {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\RDP-Tcp"
ValueName = "Start"
ValueType = "DWord"
ValueData = "2"
}
Registry EnableRDPPolicy {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"
ValueName = "fDenyTSConnections"
ValueType = "DWord"
ValueData = "0"
}
# === MPC-HC MEDIA PLAYER SETTINGS ===
Registry MPCHCKeepHistory {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "KeepHistory"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCRememberFilePos {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "RememberFilePos"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCRememberPosAudio {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "RememberPosForAudioFiles"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCAfterPlayback {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "AfterPlayback"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCRememberWindowPos {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "RememberWindowPos"
ValueType = "DWord"
ValueData = "1"
}
Registry MPCHCRememberWindowSize {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "RememberWindowSize"
ValueType = "DWord"
ValueData = "1"
}
Registry MPCHCLoopFolder {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "LoopFolderOnPlayNextFile"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCLockNoPause {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "LockNoPause"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCPreventDisplaySleep {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "PreventDisplaySleep"
ValueType = "DWord"
ValueData = "1"
}
Registry MPCHCShufflePlaylist {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "ShufflePlaylistItems"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCRememberPlaylist {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "RememberPlaylistItems"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCHidePlaylistFullScreen {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "HidePlaylistFullScreen"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCLoop {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "Loop"
ValueType = "DWord"
ValueData = "1"
}
Registry MPCHCUpdaterAutoCheck {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "UpdaterAutoCheck"
ValueType = "DWord"
ValueData = "0"
}
Registry MPCHCUpdaterDelay {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\MPC-HC\MPC-HC\Settings"
ValueName = "UpdaterDelay"
ValueType = "DWord"
ValueData = "0"
}
# === NETWORK SETTINGS ===
# TCP Window Size optimization
Registry TcpWindowSize {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
ValueName = "TcpWindowSize"
ValueType = "DWord"
ValueData = "16711680"
}
Registry GlobalMaxTcpWindowSize {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
ValueName = "GlobalMaxTcpWindowSize"
ValueType = "DWord"
ValueData = "16711680"
}
# === APPLICATION SETTINGS ===
# ShareX Settings
Registry ShareXDisableUpdateCheck {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\ShareX"
ValueName = "DisableUpdateCheck"
ValueType = "DWord"
ValueData = "1"
}
Registry ShareXDisableUpload {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\ShareX"
ValueName = "DisableUpload"
ValueType = "DWord"
ValueData = "1"
}
# Firefox Default Search Engine
Registry FirefoxDefaultSearch {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Mozilla\Firefox\SearchEngines"
ValueName = "Default"
ValueType = "String"
ValueData = "DuckDuckGo"
}
# ACDSee Settings
Registry ACDSeeSettings {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\ACD Systems\LUXEA Pro\080\LClient"
ValueName = "cod"
ValueType = "DWord"
ValueData = "1"
}
}
}
# Generate the MOF file
UserInterfaceConfiguration -OutputPath "\temp\DSC\UserInterfaceConfiguration"
# Apply the configuration
Start-DscConfiguration -Path "\temp\DSC\UserInterfaceConfiguration" -Wait -Verbose -Force

88
DSC-WindowsFeatures.ps1 Normal file
View File

@@ -0,0 +1,88 @@
Configuration WindowsFeatures {
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node localhost {
# === WINDOWS CAPABILITIES ===
# Install OpenSSH Client
Script InstallOpenSSHClient {
SetScript = {
$capability = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" }
if ($capability.State -ne "Installed") {
Add-WindowsCapability -Online -Name 'OpenSSH.Client~~~~0.0.1.0'
}
}
TestScript = {
$capability = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" }
return ($capability.State -eq "Installed")
}
GetScript = {
$capability = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Client*" }
return @{Result = "OpenSSH Client State: $($capability.State)"}
}
}
# === WINDOWS OPTIONAL FEATURES ===
# Enable NFS Client features
Script EnableNFSClientOnly {
SetScript = {
$feature = Get-WindowsOptionalFeature -Online -FeatureName "ServicesForNFS-ClientOnly"
if ($feature.State -ne "Enabled") {
Enable-WindowsOptionalFeature -FeatureName "ServicesForNFS-ClientOnly" -Online -NoRestart
}
}
TestScript = {
$feature = Get-WindowsOptionalFeature -Online -FeatureName "ServicesForNFS-ClientOnly"
return ($feature.State -eq "Enabled")
}
GetScript = {
$feature = Get-WindowsOptionalFeature -Online -FeatureName "ServicesForNFS-ClientOnly"
return @{Result = "NFS ClientOnly State: $($feature.State)"}
}
}
Script EnableNFSInfrastructure {
SetScript = {
$feature = Get-WindowsOptionalFeature -Online -FeatureName "ClientForNFS-Infrastructure"
if ($feature.State -ne "Enabled") {
Enable-WindowsOptionalFeature -FeatureName "ClientForNFS-Infrastructure" -Online -NoRestart
}
}
TestScript = {
$feature = Get-WindowsOptionalFeature -Online -FeatureName "ClientForNFS-Infrastructure"
return ($feature.State -eq "Enabled")
}
GetScript = {
$feature = Get-WindowsOptionalFeature -Online -FeatureName "ClientForNFS-Infrastructure"
return @{Result = "NFS Infrastructure State: $($feature.State)"}
}
}
# === FIREWALL RULES ===
# Enable Remote Desktop firewall rules
Script EnableRDPFirewall {
SetScript = {
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
}
TestScript = {
$rules = Get-NetFirewallRule -DisplayGroup "Remote Desktop" | Where-Object {$_.Enabled -eq $false}
return ($rules.Count -eq 0)
}
GetScript = {
$rules = Get-NetFirewallRule -DisplayGroup "Remote Desktop"
$enabledCount = ($rules | Where-Object {$_.Enabled -eq $true}).Count
return @{Result = "RDP Firewall Rules Enabled: $enabledCount of $($rules.Count)"}
}
}
}
}
# Generate the MOF file
WindowsFeatures -OutputPath "\temp\DSC\WindowsFeatures"
# Apply the configuration
Start-DscConfiguration -Path "\temp\DSC\WindowsFeatures" -Wait -Verbose -Force

26
DSC-WindowsServices.ps1 Normal file
View File

@@ -0,0 +1,26 @@
Configuration WindowsServices {
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node localhost {
# === REMOTE DESKTOP SERVICES ===
# Enable Terminal Services (Remote Desktop)
Service TerminalServices {
Name = "TermService"
State = "Running"
StartupType = "Automatic"
}
# === ADDITIONAL SERVICES CONFIGURATION ===
# Note: Other services from the registry.csv could be added here
# if they were service-related rather than registry-based
}
}
# Generate the MOF file
WindowsServices -OutputPath "\temp\DSC\WindowsServices"
# Apply the configuration
Start-DscConfiguration -Path "\temp\DSC\WindowsServices" -Wait -Verbose -Force

13
PS-InstallApps.ps1 Normal file
View File

@@ -0,0 +1,13 @@
# Check if msstore source exists before trying to remove it
$msstoreSource = winget source list | Select-String "msstore"
if ($msstoreSource) {
Write-Host "Removing msstore source..." -ForegroundColor Yellow
winget source remove msstore
} else {
Write-Host "msstore source is already removed or not found." -ForegroundColor Green
}
winget import -i .\winget.json
winget pin add Discord.Discord
winget pin add Brave.Brave

193
PS-RemoveApps.ps1 Normal file
View File

@@ -0,0 +1,193 @@
# === Admin Check ===
# set-executionpolicy unrestricted
# Check if running as administrator
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Host "This script requires administrator privileges. Attempting to restart as administrator..." -ForegroundColor Yellow
# Get the current script path
$scriptPath = $MyInvocation.MyCommand.Path
# Restart the script with administrator privileges
try {
Start-Process PowerShell -Verb RunAs -ArgumentList "-ExecutionPolicy Bypass -File `"$scriptPath`""
exit
}
catch {
Write-Error "Failed to restart as administrator. Please run this script as administrator manually."
Write-Host "Right-click on PowerShell and select 'Run as administrator', then run this script again." -ForegroundColor Red
pause
exit 1
}
}
Write-Host "Running with administrator privileges." -ForegroundColor Green
$uid = $Env:UserName # Get current username for use in paths
Write-Host "Current user: $uid" -ForegroundColor Green
# === Install Features/Enable Services ===
$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
powershell "$scriptDir\DSC-WindowsFeatures.ps1"
powershell "$scriptDir\DSC-WindowsServices.ps1"
# === Disable Telemetry ===
powershell "$scriptDir\DSC-TelemetryPrivacySecurity.ps1"
# === Remove Apps ===
$appsToRemove = @(
"Microsoft.MicrosoftSolitaireCollection", # Solitaire
"Microsoft.MicrosoftOfficeHub", # Office preinstalls
"Microsoft.Windows.Photos", # Photos
"Microsoft.Copilot", # Copilot
"Microsoft.BingNews", # News
"Microsoft.BingWeather", # Weather
"Clipchamp.Clipchamp", # Clipchamp
"MSTeams", # Teams
"Microsoft.Todos", # To-Do
"Microsoft.WebMediaExtensions", # Media extensions
"Microsoft.WindowsMediaPlayer", # Legacy Media Player (if exists)
"Microsoft.ZuneMusic", # Music app
"Microsoft.ZuneVideo", # Movies & TV app (if exists)
"Microsoft.Media.Player", # New Windows Media Player (if exists)
"Microsoft.OutlookForWindows", # New Outlook app
"Microsoft.Office.OneNote", # OneNote (AppX version)
"Microsoft.MicrosoftOfficeHub", # Office Hub
"7EX16E2Z690YF.LinkedInforWindows", # LinkedIn (actual package name)
"LinkedIn.LinkedIn", # LinkedIn (alternative name)
"Microsoft.OneDrive" # OneDrive (if exists as app package)
)
foreach ($app in $appsToRemove) {
$installedApp = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if ($installedApp) {
try {
Write-Host "Removing $app..." -ForegroundColor Red
Remove-AppxPackage -Package $installedApp.PackageFullName -ErrorAction Stop
Write-Host "Successfully removed $app" -ForegroundColor Green
}
catch {
Write-Warning "Failed to remove $app`: $_"
}
}
else {
Write-Host "$app is not installed or already removed" -ForegroundColor Gray
}
}
# === Remove Provisioned Packages ===
Write-Host "Checking and removing provisioned app packages for all users..." -ForegroundColor Yellow
foreach ($app in $appsToRemove) {
$provisionedApp = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $app }
if ($provisionedApp) {
try {
Write-Host "Removing provisioned package for $app..." -ForegroundColor Red
Remove-AppxProvisionedPackage -Online -PackageName $provisionedApp.PackageName -ErrorAction Stop
Write-Host "Successfully removed provisioned package for $app" -ForegroundColor Green
}
catch {
Write-Warning "Failed to remove provisioned package for $app`: $_"
}
}
else {
Write-Host "Provisioned package for $app is not found or already removed" -ForegroundColor Gray
}
}
Write-Host "App removal process completed." -ForegroundColor Green
# Remove unwanted Office applications via winget
Write-Host "Checking and removing unwanted Office applications..." -ForegroundColor Yellow
# Cache winget list to avoid multiple calls (it's slow)
Write-Host "Getting installed applications list (this may take a moment)..." -ForegroundColor Gray
$wingetList = winget list | Out-String
$officeAppsToRemove = @(
"Microsoft.OneDrive", # OneDrive (if exists as winget package)
"OneNoteFreeRetail - en-us", # Microsoft OneNote - en-us
"OneNoteFreeRetail - es-es", # Microsoft OneNote - es-es
"OneNoteFreeRetail - fr-fr", # Microsoft OneNote - fr-fr
"OneNoteFreeRetail - pt-br", # Microsoft OneNote - pt-br
"O365HomePremRetail - en-us", # Microsoft 365 - en-us
"O365HomePremRetail - es-es", # Microsoft 365 - es-es
"O365HomePremRetail - fr-fr", # Microsoft 365 - fr-fr
"O365HomePremRetail - pt-br", # Microsoft 365 - pt-br
"Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe", # Feedback Hub
"Microsoft.BingSearch_8wekyb3d8bbwe", # Bing Search (if exists)
"Microsoft.OutlookForWindows_8wekyb3d8bbwe", # New Outlook (if exists)
"MicrosoftCorporationII.MicrosoftFamily_8wekyb3d8bbwe" # Microsoft Family (if exists)
)
foreach ($app in $officeAppsToRemove) {
# Check if the app is installed using the cached winget list
$appFound = $wingetList -match [regex]::Escape($app)
if ($appFound) {
try {
Write-Host "Removing $app..." -ForegroundColor Red
winget uninstall "$app" --silent --accept-source-agreements
if ($LASTEXITCODE -eq 0) {
Write-Host "Successfully removed $app" -ForegroundColor Green
} else {
Write-Warning "winget uninstall returned exit code $LASTEXITCODE for $app"
}
}
catch {
Write-Warning "Failed to remove $app`: $_"
}
}
else {
Write-Host "$app is not installed or already removed" -ForegroundColor Gray
}
}
Write-Host "Office application removal process completed." -ForegroundColor Green
# Remove Edge Progressive Web Apps (PWAs) like LinkedIn
Write-Host "Checking and removing Edge Progressive Web Apps..." -ForegroundColor Yellow
$edgePWAPath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Web Applications"
if (Test-Path $edgePWAPath) {
try {
$pwaFolders = Get-ChildItem -Path $edgePWAPath -Directory -ErrorAction SilentlyContinue
foreach ($folder in $pwaFolders) {
$manifestPath = Join-Path $folder.FullName "Manifest"
if (Test-Path $manifestPath) {
$manifestContent = Get-Content $manifestPath -Raw -ErrorAction SilentlyContinue
if ($manifestContent -match "linkedin" -or $manifestContent -match "LinkedIn") {
Write-Host "Found LinkedIn PWA, removing folder: $($folder.Name)" -ForegroundColor Red
Remove-Item -Path $folder.FullName -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "Removed LinkedIn PWA" -ForegroundColor Green
}
}
}
}
catch {
Write-Warning "Failed to check Edge PWAs: $_"
}
} else {
Write-Host "Edge PWA directory not found" -ForegroundColor Gray
}
Write-Host "Edge PWA removal process completed." -ForegroundColor Green
# Check if msstore source exists before trying to remove it
$msstoreSource = winget source list | Select-String "msstore"
if ($msstoreSource) {
Write-Host "Removing msstore source..." -ForegroundColor Yellow
winget source remove msstore
} else {
Write-Host "msstore source is already removed or not found." -ForegroundColor Green
}
winget import -i .\winget.json
winget pin add Discord.Discord
powershell "$scriptDir\DSC-FileOperations.ps1"

75
winget.json
View File

@@ -6,12 +6,36 @@
{ {
"Packages" : "Packages" :
[ [
{
"PackageIdentifier" : "Microsoft.VCRedist.2015+.x86"
},
{
"PackageIdentifier" : "Microsoft.VCRedist.2015+.x64"
},
{
"PackageIdentifier" : "Microsoft.XNARedist"
},
{
"PackageIdentifier" : "Microsoft.DotNet.DesktopRuntime.8"
},
{
"PackageIdentifier" : "Microsoft.VCLibs.Desktop.14"
},
{ {
"PackageIdentifier" : "7zip.7zip" "PackageIdentifier" : "7zip.7zip"
}, },
{
"PackageIdentifier" : "Microsoft.VisualStudioCode"
},
{
"PackageIdentifier" : "Microsoft.PowerToys"
},
{ {
"PackageIdentifier" : "Git.Git" "PackageIdentifier" : "Git.Git"
}, },
{
"PackageIdentifier" : "tldr-pages.tlrc"
},
{ {
"PackageIdentifier" : "ShareX.ShareX" "PackageIdentifier" : "ShareX.ShareX"
}, },
@@ -48,42 +72,6 @@
{ {
"PackageIdentifier" : "Valve.Steam" "PackageIdentifier" : "Valve.Steam"
}, },
{
"PackageIdentifier" : "Microsoft.VCRedist.2013.x64"
},
{
"PackageIdentifier" : "Microsoft.DotNet.DesktopRuntime.6"
},
{
"PackageIdentifier" : "Microsoft.DotNet.DesktopRuntime.5"
},
{
"PackageIdentifier" : "Microsoft.VCRedist.2012.x86"
},
{
"PackageIdentifier" : "Microsoft.VCRedist.2015+.x64"
},
{
"PackageIdentifier" : "Microsoft.DotNet.Runtime.6"
},
{
"PackageIdentifier" : "Microsoft.VCRedist.2013.x86"
},
{
"PackageIdentifier" : "Microsoft.XNARedist"
},
{
"PackageIdentifier" : "Microsoft.VCRedist.2010.x86"
},
{
"PackageIdentifier" : "Microsoft.DotNet.DesktopRuntime.8"
},
{
"PackageIdentifier" : "Microsoft.VCRedist.2012.x64"
},
{
"PackageIdentifier" : "Microsoft.VCRedist.2015+.x86"
},
{ {
"PackageIdentifier" : "Brave.Brave" "PackageIdentifier" : "Brave.Brave"
}, },
@@ -92,21 +80,6 @@
}, },
{ {
"PackageIdentifier" : "WinSCP.WinSCP" "PackageIdentifier" : "WinSCP.WinSCP"
},
{
"PackageIdentifier" : "Microsoft.VisualStudioCode"
},
{
"PackageIdentifier" : "Microsoft.PowerToys"
},
{
"PackageIdentifier" : "Microsoft.UI.Xaml.2.7"
},
{
"PackageIdentifier" : "Microsoft.UI.Xaml.2.8"
},
{
"PackageIdentifier" : "Microsoft.VCLibs.Desktop.14"
} }
], ],
"SourceDetails" : "SourceDetails" :