public/windows-install
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79df17763a63c156d7ce8148e67fc94d633df9fa
windows-install/DSC-TelemetryPrivacySecurity.ps1
EzekialSA 79df17763a Add DSC configurations for user interface, Windows features, and services; implement app installation and removal scripts 
- Created `DSC-UserInterfaceConfiguration.ps1` to manage user interface settings via registry changes.
- Developed `DSC-WindowsFeatures.ps1` to install OpenSSH Client and enable NFS Client features.
- Implemented `DSC-WindowsServices.ps1` to ensure Terminal Services are running and set to automatic startup.
- Added `PS-InstallApps.ps1` to manage app installations and remove the msstore source if it exists.
- Created `PS-RemoveApps.ps1` to remove unwanted apps, provisioned packages, and handle Office applications via winget.
2025-09-28 11:59:28 -05:00

541 lines
18 KiB
PowerShell
Raw Blame History

Configuration TelemetryPrivacySecurity {
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node localhost {
# === TELEMETRY & DATA COLLECTION ===
# Disable Windows Telemetry
Registry DisableTelemetry1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
ValueName = "AllowTelemetry"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableTelemetry2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
ValueName = "MaxTelemetryAllowed"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableTelemetry3 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection"
ValueName = "AllowTelemetry"
ValueType = "DWord"
ValueData = "0"
}
# Disable Application Compatibility Telemetry
Registry DisableAppCompatTelemetry {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat"
ValueName = "AITEnable"
ValueType = "DWord"
ValueData = "0"
}
# Disable Edge UI MFU Tracking
Registry DisableEdgeMFUTracking {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\EdgeUI"
ValueName = "DisableMFUTracking"
ValueType = "DWord"
ValueData = "1"
}
# Disable TIPC (Text Input Panel Component)
Registry DisableTIPC {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Input\TIPC"
ValueName = "Enabled"
ValueType = "DWord"
ValueData = "0"
}
# Disable System Instrumentation
Registry DisableInstrumentation1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
ValueName = "NoInstrumentation"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableInstrumentation2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
ValueName = "NoInstrumentation"
ValueType = "DWord"
ValueData = "1"
}
# Disable Handwriting Error Reports
Registry DisableHandwritingErrorReports {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports"
ValueName = "PreventHandwritingErrorReports"
ValueType = "DWord"
ValueData = "1"
}
# Disable Input Personalization Data Collection
Registry DisableImplicitInkCollection1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\InputPersonalization"
ValueName = "RestrictImplicitInkCollection"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableImplicitInkCollection2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization"
ValueName = "RestrictImplicitInkCollection"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableImplicitTextCollection {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization"
ValueName = "RestrictImplicitTextCollection"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableHarvestContacts {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore"
ValueName = "HarvestContacts"
ValueType = "DWord"
ValueData = "0"
}
Registry DisablePrivacyPolicy {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Personalization\Settings"
ValueName = "AcceptedPrivacyPolicy"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableLinguisticDataCollection {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput"
ValueName = "AllowLinguisticDataCollection"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableFeedbackNotifications {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
ValueName = "DoNotShowFeedbackNotifications"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableDeviceNameTelemetry {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
ValueName = "AllowDeviceNameInTelemetry"
ValueType = "DWord"
ValueData = "0"
}
# Disable Error Reporting
Registry DisableErrorReporting1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\PCHealth\ErrorReporting"
ValueName = "DoReport"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableErrorReporting2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\PCHealth\ErrorReporting"
ValueName = "ShowUI"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableErrorReporting3 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting"
ValueName = "DoReport"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableErrorReporting4 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting"
ValueName = "ShowUI"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableStorageTelemetry {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl\StorageTelemetry"
ValueName = "DeviceDumpEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableAccountNotifications1 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications"
ValueName = "DisableAccountNotifications"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableAccountNotifications2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
ValueName = "Start_AccountNotifications"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableConnectedUser {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
ValueName = "NoConnectedUser"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableScoobeSystemSetting {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement"
ValueName = "ScoobeSystemSettingEnabled"
ValueType = "DWord"
ValueData = "0"
}
# === PRIVACY & LOCATION SERVICES ===
# Disable Location Services
Registry DisableLocationService {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration"
ValueName = "Status"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableLocationMachine {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
Registry DisableLocationUser {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
Registry DisableLocationNonPackaged {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\NonPackaged"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
Registry DisableLocationCamera {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Microsoft.WindowsCamera_8wekyb3d8bbwe"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
Registry DisableLocationOverride {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CPSS\Store\UserLocationOverridePrivacySetting"
ValueName = "Value"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableLocationWeather {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Microsoft.BingWeather_8wekyb3d8bbwe"
ValueName = "Value"
ValueType = "String"
ValueData = "Deny"
}
# === SEARCH & CORTANA ===
# Disable Bing Search
Registry DisableBingSearch {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search"
ValueName = "BingSearchEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableSearchBoxSuggestions {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "DisableSearchBoxSuggestions"
ValueType = "DWord"
ValueData = "1"
}
# Disable Cloud Search
Registry DisableCloudSearch {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search"
ValueName = "AllowCloudSearch"
ValueType = "DWord"
ValueData = "0"
}
# Disable Cortana
Registry DisableCortana1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search"
ValueName = "AllowCortana"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableCortana2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search"
ValueName = "AllowCortanaAboveLock"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableCortana3 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search"
ValueName = "CortanaEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableCortana4 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search"
ValueName = "CortanaConsent"
ValueType = "DWord"
ValueData = "0"
}
# === SECURITY ===
# Disable SmartScreen
Registry DisableSmartScreen {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
ValueName = "SmartScreenEnabled"
ValueType = "String"
ValueData = "Off"
}
Registry DisableEdgePhishingFilter {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter"
ValueName = "EnabledV9"
ValueType = "DWord"
ValueData = "0"
}
# Disable Active Help
Registry DisableActiveHelp {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Assistance\Client\1.0"
ValueName = "NoActiveHelp"
ValueType = "DWord"
ValueData = "1"
}
# Configure Zone Information for attachments
Registry SaveZoneInformation {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments"
ValueName = "SaveZoneInformation"
ValueType = "DWord"
ValueData = "1"
}
Registry LowRiskFileTypes {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments"
ValueName = "LowRiskFileTypes"
ValueType = "String"
ValueData = ".zip;.rar;.7z"
}
# Configure Trusted Sites
Registry TrustedSite1 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\192.168.100.5"
ValueName = "*"
ValueType = "DWord"
ValueData = "1"
}
Registry TrustedSite2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\callisto.andrewspolytechnic.com"
ValueName = "*"
ValueType = "DWord"
ValueData = "1"
}
# Disable UAC prompts for Admin
Registry DisableUACPrompt {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
ValueName = "ConsentPromptBehaviorAdmin"
ValueType = "DWord"
ValueData = "0"
}
# === CONSUMER FEATURES & CONTENT DELIVERY ===
# Disable Windows Consumer Features
Registry DisableConsumerFeatures {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
ValueName = "DisableWindowsConsumerFeatures"
ValueType = "DWord"
ValueData = "1"
}
# Disable Content Delivery Manager Features
Registry DisableSilentInstalledApps {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
ValueName = "SilentInstalledAppsEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableSubscribedContent {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
ValueName = "SubscribedContent-338388Enabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableOemPreInstalledApps {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
ValueName = "OemPreInstalledAppsEnabled"
ValueType = "DWord"
ValueData = "0"
}
Registry DisablePreInstalledApps {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
ValueName = "PreInstalledAppsEnabled"
ValueType = "DWord"
ValueData = "0"
}
# === NVIDIA TELEMETRY ===
Registry DisableNvidiaOptIn {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client"
ValueName = "OptInOrOutPreference"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableNvidiaRID1 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS"
ValueName = "EnableRID44231"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableNvidiaRID2 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS"
ValueName = "EnableRID64640"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableNvidiaRID3 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS"
ValueName = "EnableRID66610"
ValueType = "DWord"
ValueData = "0"
}
Registry DisableNvTelemetryContainer {
Ensure = "Present"
Key = "HKLM:\SYSTEM\CurrentControlSet\Services\NvTelemetryContainer"
ValueName = "Start"
ValueType = "DWord"
ValueData = "4"
}
# === DISABLE THUMBNAILS ON NETWORK ===
Registry DisableThumbsDB1 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows"
ValueName = "DisableThumbsDBOnNetworkFolders"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableThumbsDB2 {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "DisableThumbsDBOnNetworkFolders"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableThumbsDB3 {
Ensure = "Present"
Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer"
ValueName = "DisableThumbsDBOnNetworkFolders"
ValueType = "DWord"
ValueData = "1"
}
Registry DisableThumbnailCache {
Ensure = "Present"
Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
ValueName = "NoThumbnailCache"
ValueType = "DWord"
ValueData = "1"
}
}
}
# Generate the MOF file
TelemetryPrivacySecurity -OutputPath "\temp\DSC\TelemetryPrivacySecurity"
# Apply the configuration
Start-DscConfiguration -Path "\temp\DSC\TelemetryPrivacySecurity" -Wait -Verbose -Force
Reference in New Issue View Git Blame Copy Permalink