I have not yet realized that there is a problem! No Blacksreen! Is then in the boot process the administrator is no longer visible when I created an account! That had always been a bit annoying with the orginalen unattend.xml file!?
No,but the first boot process never ending! I have now also used the original unattend.xml, the same output! Always the boot does not end! do you know how to start the script from Haz367?
Did you modify your install.wim aside from using my script? I haven't experienced yet a boot loop with my script so I don't know what the problem could be
So the black screen lasts for just for a minute after a clean install when using the other "unattend.xml" Otherwise there is no problem with my "disable_telemetry" script
StateRepository-Machine_19044_LTSC_EDGE.sql Code: /*#################################################################################################################################*/ /* Windows App-Deployment Database modification Script */ /* Windows 10 Enterprise LTSC 2021 -- 21H2 19041-44 */ /*#################################################################################################################################*/ /* Drop all Package related Triggers to avoid error messages */ DROP TRIGGER TRG_AFTER_UPDATE_Package_SRJournal; DROP TRIGGER TRG_AFTERINSERT_Package; DROP TRIGGER TRG_BEFOREDELETE_Package_SRJournal; DROP TRIGGER TRG_IDX_Package_PackageFamily_ResourceId_Architecture_Version__WorkId; /* Alter IsInbox-Values in Package Table for all Packages you want to uninstall to 0 */ UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.MicrosoftEdgeDevToolsClient_1000.19041.1023.0_neutral_neutral_8wekyb3d8bbwe'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Win32WebViewHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.Apprep.ChxApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy'; /* Recreate all Package related Triggers */ CREATE TRIGGER TRG_AFTER_UPDATE_Package_SRJournal AFTER UPDATE ON Package FOR EACH ROW BEGIN UPDATE Sequence SET LastValue=LastValue+1 WHERE Id=2 ;INSERT INTO SRJournal(_Revision, _WorkId, ObjectType, Action, ObjectId, PackageIdentity, WhenOccurred, SequenceId)SELECT 1, workid(), 1, 2, NEW._PackageID, pi._PackageIdentityID, now(), s.LastValue FROM Sequence AS s CROSS JOIN PackageIdentity AS pi WHERE s.Id=2 AND pi.PackageFullName=NEW.PackageFullName; END; CREATE TRIGGER TRG_AFTERINSERT_Package AFTER INSERT ON Package FOR EACH ROW BEGIN INSERT OR IGNORE INTO PackageIdentity (PackageFamily, PackageFullName) VALUES(NEW.PackageFamily, NEW.PackageFullName);UPDATE Sequence SET LastValue=LastValue+1 WHERE Id=2 ;INSERT INTO SRJournal(_Revision, _WorkId, ObjectType, Action, ObjectId, PackageIdentity, WhenOccurred, SequenceId)SELECT 1, workid(), 1, 1, NEW._PackageID, pi._PackageIdentityID, now(), s.LastValue FROM Sequence AS s CROSS JOIN PackageIdentity AS pi WHERE s.Id=2 AND pi.PackageFullName=NEW.PackageFullName; END; CREATE TRIGGER TRG_BEFOREDELETE_Package_SRJournal BEFORE DELETE ON Package FOR EACH ROW BEGIN UPDATE Sequence SET LastValue=LastValue+1 WHERE Id=2 ;INSERT INTO SRJournal(_Revision, _WorkId, ObjectType, Action, ObjectId, PackageIdentity, WhenOccurred, SequenceId)SELECT 1, workid(), 1, 3, OLD._PackageID, pi._PackageIdentityID, now(), s.LastValue FROM Sequence AS s CROSS JOIN PackageIdentity AS pi WHERE s.Id=2 AND pi.PackageFullName=OLD.PackageFullName; END; CREATE TRIGGER TRG_IDX_Package_PackageFamily_ResourceId_Architecture_Version__WorkId BEFORE INSERT ON Package FOR EACH ROW BEGIN SELECT CASE WHEN ((SELECT _PackageID FROM Package WHERE PackageFamily=NEW.PackageFamily AND ResourceId IS NEW.ResourceId AND Architecture=NEW.Architecture AND Version=NEW.Version AND _WorkId=NEW._WorkId) IS NOT NULL)THEN RAISE(ABORT, 'INSERT INTO "Package" violates the unique index "IDX_Package_PackageFamily_ResourceId_Architecture_Version__WorkId"') END; END; /*#################################################################################################################################*/
StateRepository-Machine_19044_LTSC_ALL.sql Code: /*#################################################################################################################################*/ /* Windows App-Deployment Database modification Script */ /* Windows 10 Enterprise LTSC 2021 -- 21H2 19041-44 */ /*#################################################################################################################################*/ /* All packages safe to remove */ /* Drop all Package related Triggers to avoid error messages */ DROP TRIGGER TRG_AFTER_UPDATE_Package_SRJournal; DROP TRIGGER TRG_AFTERINSERT_Package; DROP TRIGGER TRG_BEFOREDELETE_Package_SRJournal; DROP TRIGGER TRG_IDX_Package_PackageFamily_ResourceId_Architecture_Version__WorkId; /* Alter IsInbox-Values in Package Table for all Packages you want to uninstall to 0 */ UPDATE Package SET IsInbox=0 WHERE PackageFullName='1527c705-839a-4832-9118-54d4Bd6a0c89_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='c5e2524a-ea46-4f67-841f-6a9465d9d515_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.ECApp_10.0.19041.1023_neutral__8wekyb3d8bbwe'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.LockApp_10.0.19041.1023_neutral__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.MicrosoftEdgeDevToolsClient_1000.19041.1023.0_neutral_neutral_8wekyb3d8bbwe'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Win32WebViewHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.Apprep.ChxApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.CloudExperienceHost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.NarratorQuickStart_10.0.19041.1023_neutral_neutral_8wekyb3d8bbwe'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.PeopleExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.PinningConfirmationDialog_1000.19041.1023.0_neutral__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.XGpuEjectDialog_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.XboxGameCallableUI_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='NcsiUwpApp_1000.19041.1023.0_neutral_neutral_8wekyb3d8bbwe'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.AccountsControl_10.0.19041.1023_neutral__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.AsyncTextService_10.0.19041.1023_neutral__8wekyb3d8bbwe'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.CredDialogHost_10.0.19041.1023_neutral__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.AssignedAccessLockApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.CallingShellApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.CapturePicker_10.0.19041.1023_neutral__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.OOBENetworkCaptivePortal_10.0.19041.1023_neutral__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.OOBENetworkConnectionFlow_10.0.19041.1023_neutral__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='MicrosoftWindows.Client.CBS_120.2212.4180.0_x86__cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='MicrosoftWindows.UndockedDevKit_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy'; UPDATE Package SET IsInbox=0 WHERE PackageFullName='Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy'; /* DELETE FROM Package WHERE PackageFullName='InputApp_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy'; */ /* Recreate all Package related Triggers */ CREATE TRIGGER TRG_AFTER_UPDATE_Package_SRJournal AFTER UPDATE ON Package FOR EACH ROW BEGIN UPDATE Sequence SET LastValue=LastValue+1 WHERE Id=2 ;INSERT INTO SRJournal(_Revision, _WorkId, ObjectType, Action, ObjectId, PackageIdentity, WhenOccurred, SequenceId)SELECT 1, workid(), 1, 2, NEW._PackageID, pi._PackageIdentityID, now(), s.LastValue FROM Sequence AS s CROSS JOIN PackageIdentity AS pi WHERE s.Id=2 AND pi.PackageFullName=NEW.PackageFullName; END; CREATE TRIGGER TRG_AFTERINSERT_Package AFTER INSERT ON Package FOR EACH ROW BEGIN INSERT OR IGNORE INTO PackageIdentity (PackageFamily, PackageFullName) VALUES(NEW.PackageFamily, NEW.PackageFullName);UPDATE Sequence SET LastValue=LastValue+1 WHERE Id=2 ;INSERT INTO SRJournal(_Revision, _WorkId, ObjectType, Action, ObjectId, PackageIdentity, WhenOccurred, SequenceId)SELECT 1, workid(), 1, 1, NEW._PackageID, pi._PackageIdentityID, now(), s.LastValue FROM Sequence AS s CROSS JOIN PackageIdentity AS pi WHERE s.Id=2 AND pi.PackageFullName=NEW.PackageFullName; END; CREATE TRIGGER TRG_BEFOREDELETE_Package_SRJournal BEFORE DELETE ON Package FOR EACH ROW BEGIN UPDATE Sequence SET LastValue=LastValue+1 WHERE Id=2 ;INSERT INTO SRJournal(_Revision, _WorkId, ObjectType, Action, ObjectId, PackageIdentity, WhenOccurred, SequenceId)SELECT 1, workid(), 1, 3, OLD._PackageID, pi._PackageIdentityID, now(), s.LastValue FROM Sequence AS s CROSS JOIN PackageIdentity AS pi WHERE s.Id=2 AND pi.PackageFullName=OLD.PackageFullName; END; CREATE TRIGGER TRG_IDX_Package_PackageFamily_ResourceId_Architecture_Version__WorkId BEFORE INSERT ON Package FOR EACH ROW BEGIN SELECT CASE WHEN ((SELECT _PackageID FROM Package WHERE PackageFamily=NEW.PackageFamily AND ResourceId IS NEW.ResourceId AND Architecture=NEW.Architecture AND Version=NEW.Version AND _WorkId=NEW._WorkId) IS NOT NULL)THEN RAISE(ABORT, 'INSERT INTO "Package" violates the unique index "IDX_Package_PackageFamily_ResourceId_Architecture_Version__WorkId"') END; END; /*#################################################################################################################################*/ IsInbox_Allow_Uninstall.bat Code: @echo off set "nul=>nul 1>nul 2>nul" if exist "%WinDIR%\SysWOW64" set "arch=x64" if not exist "%WinDIR%\SysWOW64" set "arch=x86" set nsd=%systemdrive%\detel_online\Tools\%arch%\NSudo\NSudo -U:T -P:E -UseCurrentConsole cmd /c sc stop AppXSvc %nul% %nsd% sc config StateRepository start= disabled %nul% %nsd% sc stop StateRepository %nul% %nsd% sqlite3.exe %ProgramData%/Microsoft/Windows/AppRepository/StateRepository-Machine.srd ".read %systemdrive%/detel_online/Packages/LTSC2021/StateRepository-Machine_19044_LTSC_ALL.sql" %nul% %nsd% sqlite3.exe %ProgramData%/Microsoft/Windows\AppRepository/StateRepository-Machine.srd ".save %ProgramData%/Microsoft/Windows/AppRepository/StateRepository-Machine.srd" %nul% sc start AppXSv %nul% %nsd% sc config StateRepository start= auto %nul% sc start StateRepository %nul%
Disable_Tasks.bat Code: @echo off if exist "%WinDIR%\SysWOW64" set "arch=x64" if not exist "%WinDIR%\SysWOW64" set "arch=x86" set "nul=>nul 1>nul 2>nul" set nsd=%systemdrive%\detel_online\Tools\%arch%\NSudo\NSudo -U:T -P:E -UseCurrentConsole cmd /c set "_schtasks=%nsd% SCHTASKS /Change /DISABLE /TN" set "_schedule=Microsoft\Windows" echo. echo. %_schtasks% "%_schedule%\AppID\EDP Policy Manager" %nul% %_schtasks% "%_schedule%\AppID\SmartScreenSpecific" %nul% %_schtasks% "%_schedule%\Application Experience\Microsoft Compatibility Appraiser" %nul% %_schtasks% "%_schedule%\Application Experience\ProgramDataUpdater" %nul% %_schtasks% "%_schedule%\Application Experience\StartupAppTask" %nul% %_schtasks% "%_schedule%\ApplicationData\appuriverifierdaily" %nul% %_schtasks% "%_schedule%\ApplicationData\appuriverifierinstall" %nul% %_schtasks% "%_schedule%\ApplicationData\DsSvcCleanup" %nul% %_schtasks% "%_schedule%\AppxDeploymentClient\Pre-staged app cleanup" %nul% %_schtasks% "%_schedule%\Autochk\Proxy" %nul% %_schtasks% "%_schedule%\BitLocker\BitLocker Encrypt All Drives" %nul% %_schtasks% "%_schedule%\BitLocker\BitLocker MDM policy Refresh" %nul% %_schtasks% "%_schedule%\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask" %nul% %_schtasks% "%_schedule%\Chkdsk\ProactiveScan" %nul% %_schtasks% "%_schedule%\Chkdsk\SyspartRepair" %nul% %_schtasks% "%_schedule%\CloudExperienceHost\CreateObjectTask" %nul% %_schtasks% "%_schedule%\Customer Experience Improvement Program\BthSQM" %nul% %_schtasks% "%_schedule%\Customer Experience Improvement Program\Consolidator" %nul% %_schtasks% "%_schedule%\Customer Experience Improvement Program\KernelCeipTask" %nul% %_schtasks% "%_schedule%\Customer Experience Improvement Program\TelTask" %nul% %_schtasks% "%_schedule%\Customer Experience Improvement Program\UsbCeip"%nul% %_schtasks% "%_schedule%\Data Integrity Scan\Data Integrity Scan" %nul% %_schtasks% "%_schedule%\Data Integrity Scan\Data Integrity Scan for Crash Recovery" %nul% %_schtasks% "%_schedule%\Defrag\ScheduledDefrag" %nul% %_schtasks% "%_schedule%\Device Information\Device" %nul% %_schtasks% "%_schedule%\Device Information\Device User" %nul% %_schtasks% "%_schedule%\Device Setup\Metadata Refresh" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\HandleCommand" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\HandleWnsCommand" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\IntegrityCheck" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\LocateCommandUserSession" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDeviceAccountChange" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDeviceLocationRightsChange" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDevicePeriodic1" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDevicePeriodic24" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDevicePeriodic6" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDevicePolicyChange" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDeviceScreenOnOff" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterDeviceSettingChange" %nul% %_schtasks% "%_schedule%\DeviceDirectoryClient\RegisterUserDevice" %nul% %_schtasks% "%_schedule%\Diagnosis\RecommendedTroubleshootingScanner" %nul% %_schtasks% "%_schedule%\Diagnosis\Scheduled" %nul% %_schtasks% "%_schedule%\DirectX\DXGIAdapterCache" %nul% %_schtasks% "%_schedule%\DiskCleanup\SilentCleanup" %nul% %_schtasks% "%_schedule%\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" %nul% %_schtasks% "%_schedule%\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver"%nul% %_schtasks% "%_schedule%\DiskFootprint\Diagnostics" %nul% %_schtasks% "%_schedule%\DiskFootprint\StorageSense" %nul% %_schtasks% "%_schedule%\DUSM\dusmtask" %nul% %_schtasks% "%_schedule%\EDP\EDP App Launch Task" %nul% %_schtasks% "%_schedule%\EDP\EDP Auth Task" %nul% %_schtasks% "%_schedule%\EDP\EDP Inaccessible Credentials Task" %nul% %_schtasks% "%_schedule%\EDP\StorageCardEncryption Task" %nul% %_schtasks% "%_schedule%\ErrorDetails\EnableErrorDetailsUpdate" %nul% %_schtasks% "%_schedule%\ErrorDetails\ErrorDetailsUpdate" %nul% %_schtasks% "%_schedule%\ExploitGuard\ExploitGuard MDM policy Refresh" %nul% %_schtasks% "%_schedule%\Feedback\Siuf\DmClient" %nul% %_schtasks% "%_schedule%\Feedback\Siuf\DmClientOnScenarioDownload" %nul% %_schtasks% "%_schedule%\FileHistory\File History (maintenance mode)" %nul% %_schtasks% "%_schedule%\Flighting\FeatureConfig\ReconcileFeatures" %nul% %_schtasks% "%_schedule%\Flighting\OneSettings\RefreshCache" %nul% %_schtasks% "%_schedule%\HelloFace\FODCleanupTask" %nul% %_schtasks% "%_schedule%\Input\LocalUserSyncDataAvailable" %nul% %_schtasks% "%_schedule%\Input\MouseSyncDataAvailable" %nul% %_schtasks% "%_schedule%\Input\PenSyncDataAvailable" %nul% %_schtasks% "%_schedule%\Input\TouchpadSyncDataAvailable" %nul% %_schtasks% "%_schedule%\InstallService\ScanForUpdates" %nul% %_schtasks% "%_schedule%\InstallService\ScanForUpdatesAsUser" %nul% %_schtasks% "%_schedule%\InstallService\SmartRetry" %nul% %_schtasks% "%_schedule%\LanguageComponentsInstaller\Installation" %nul% %_schtasks% "%_schedule%\LanguageComponentsInstaller\Uninstallation" %nul% %_schtasks% "%_schedule%\LanguageComponentsInstaller\ReconcileLanguageResources" %nul% %_schtasks% "%_schedule%\Location\Notifications" %nul% %_schtasks% "%_schedule%\Location\WindowsActionDialog" %nul% %_schtasks% "%_schedule%\Maintenance\WinSAT" %nul% %_schtasks% "%_schedule%\Management\Provisioning\Cellular" %nul% %_schtasks% "%_schedule%\Management\Provisioning\Logon" %nul% %_schtasks% "%_schedule%\Maps\MapsToastTask" %nul% %_schtasks% "%_schedule%\Maps\MapsUpdateTask" %nul% %_schtasks% "%_schedule%\MemoryDiagnostic\ProcessMemoryDiagnosticEvents" %nul% %_schtasks% "%_schedule%\MemoryDiagnostic\RunFullMemoryDiagnostic" %nul% %_schtasks% "%_schedule%\Mobile Broadband Accounts\MNO Metadata Parser" %nul% %_schtasks% "%_schedule%\MUI\LPRemove" %nul% %_schtasks% "%_schedule%\NetTrace\GatherNetworkInfo" %nul% %_schtasks% "%_schedule%\NlaSvc\WiFiTask" %nul% %_schtasks% "%_schedule%\Offline Files\Synchronization" %nul% %_schtasks% "%_schedule%\PI\Secure-Boot-Update" %nul% %_schtasks% "%_schedule%\PI\Sqm-Tasks" %nul% %_schtasks% "%_schedule%\Power Efficiency Diagnostics\AnalyzeSystem" %nul% %_schtasks% "%_schedule%\Printing\EduPrintProv" %nul% %_schtasks% "%_schedule%\PushToInstall\Registration" %nul% %_schtasks% "%_schedule%\Ras\MobilityManager" %nul% %_schtasks% "%_schedule%\RecoveryEnvironment\VerifyWinRE" %nul% %_schtasks% "%_schedule%\RemoteAssistance\RemoteAssistanceTask" %nul% %_schtasks% "%_schedule%\RetailDemo\CleanupOfflineContent" %nul% %_schtasks% "%_schedule%\Servicing\StartComponentCleanup" %nul% %_schtasks% "%_schedule%\SettingSync\BackupTask" %nul% %_schtasks% "%_schedule%\SettingSync\BackgroundUploadTask" %nul% %_schtasks% "%_schedule%\SettingSync\NetworkStateChangeTask" %nul% %_schtasks% "%_schedule%\Setup\SetupSQMTask" %nul% %_schtasks% "%_schedule%\Setup\SetupCleanupTask" %nul% %_schtasks% "%_schedule%\Shell\CreateObjectTask" %nul% %_schtasks% "%_schedule%\Shell\FamilySafetyMonitor" %nul% %_schtasks% "%_schedule%\Shell\FamilySafetyRefresh" %nul% %_schtasks% "%_schedule%\Shell\FamilySafetyRefreshTask" %nul% %_schtasks% "%_schedule%\Shell\UpdateUserPictureTask" %nul% %_schtasks% "%_schedule%\Shell\IndexerAutomaticMaintenance" %nul% %_schtasks% "%_schedule%\SMB\UninstallSMB1ClientTask" %nul% %_schtasks% "%_schedule%\SMB\UninstallSMB1ServerTask" %nul% %_schtasks% "%_schedule%\SpacePort\SpaceAgentTask" %nul% %_schtasks% "%_schedule%\SpacePort\SpaceManagerTask" %nul% %_schtasks% "%_schedule%\Speech\HeadsetButtonPress" %nul% %_schtasks% "%_schedule%\Speech\SpeechModelDownloadTask" %nul% %_schtasks% "%_schedule%\Storage Tiers Management\Storage Tiers Management Initialization" %nul% %_schtasks% "%_schedule%\Storage Tiers Management\Storage Tiers Optimization" %nul% %_schtasks% "%_schedule%\Subscription\EnableLicenseAcquisition" %nul% %_schtasks% "%_schedule%\Subscription\LicenseAcquisition" %nul% %_schtasks% "%_schedule%\Sysmain\ResPriStaticDbSync" %nul% %_schtasks% "%_schedule%\Sysmain\WsSwapAssessmentTask" %nul% %_schtasks% "%_schedule%\SystemRestore\SR" %nul% %_schtasks% "%_schedule%\TPM\Tpm-Maintenance" %nul% %_schtasks% "%_schedule%\UNP\RunUpdateNotificationMgr" %nul% %_schtasks% "%_schedule%\USB\Usb-Notifications" %nul% %_schtasks% "%_schedule%\WCM\WiFiTask" %nul% %_schtasks% "%_schedule%\WDI\ResolutionHost" %nul% %_schtasks% "%_schedule%\Windows Defender\Windows Defender Cache Maintenance" %nul% %_schtasks% "%_schedule%\Windows Defender\Windows Defender Cleanup" %nul% %_schtasks% "%_schedule%\Windows Defender\Windows Defender Scheduled Scan" %nul% %_schtasks% "%_schedule%\Windows Defender\Windows Defender Verification" %nul% %_schtasks% "%_schedule%\Windows Error Reporting\QueueReporting" %nul% %_schtasks% "%_schedule%\Windows Filtering Platform\BfeOnServiceStartTypeChange" %nul% %_schtasks% "%_schedule%\Windows Media Sharing\UpdateLibrary" %nul% %_schtasks% "%_schedule%\WindowsColorSystem\Calibration Loader" %nul% %_schtasks% "%_schedule%\WindowsUpdate\Automatic App Update" %nul% %_schtasks% "%_schedule%\WindowsUpdate\Scheduled Start" %nul% %_schtasks% "%_schedule%\WindowsUpdate\sih" %nul% %_schtasks% "%_schedule%\WindowsUpdate\sihboot" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Backup Scan"%nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Battery Saver Deferred Install" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Maintenance Install" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\MusUx_UpdateInterval" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Policy Install" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Reboot" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Refresh Settings" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Report policies" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Resume On Boot" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Schedule Retry Scan" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Schedule Scan Static Task" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\Schedule Scan" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\UpdateModelTask" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\USO_Broker_Display" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\USO_UxBroker_Display" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\USO_UxBroker_ReadyToReboot" %nul% %_schtasks% "%_schedule%\UpdateOrchestrator\USO_UxBroker" %nul% %_schtasks% "%_schedule%\UPnP\UPnPHostConfig" %nul% %_schtasks% "%_schedule%\WaaSMedic\PerformRemediation" %nul% %_schtasks% "%_schedule%\WindowsUpdate\sihpostreboot" %nul% %_schtasks% "%_schedule%\WlanSvc\CDSSync" %nul% %_schtasks% "%_schedule%\WOF\WIM-Hash-Management" %nul% %_schtasks% "%_schedule%\WOF\WIM-Hash-Validation" %nul% %_schtasks% "%_schedule%\Work Folders\Work Folders Logon Synchronization" %nul% %_schtasks% "%_schedule%\Work Folders\Work Folders Maintenance Work" %nul% %_schtasks% "%_schedule%\WS\WSTask" %nul% %_schtasks% "%_schedule%\WwanSvc\NotificationTask" %nul% %_schtasks% "MicrosoftEdgeUpdateTaskMachineCore" %nul% %_schtasks% "MicrosoftEdgeUpdateTaskMachineUA" %nul% %_schtasks% "Microsoft\XblGameSave\XblGameSaveTask" %nul% %_schtasks% "Microsoft\XblGameSave\XblGameSaveTaskLogon" %nul% %_schtasks% "Microsoft\OneCore\DirectX\DirectXDatabaseUpdater" %nul%
Network.bat Code: @echo off if exist "%WinDIR%\SysWOW64" set "arch=x64" if not exist "%WinDIR%\SysWOW64" set "arch=x86" set "nul=>nul 1>nul 2>nul" set network=%systemdrive%\detel_online\Tools\%arch%\ echo. echo. echo Disable: echo. echo. echo * NetBIOS Over TCP/IP echo * Client for Microsoft Networks echo * Internet Protocol Version 6 (TCP/IPv6 echo * Link-Layer Topology Discovery Responder echo * NetBIOS Interface on the dafault adapter echo * File and Printer Sharing for Microsoft Networks echo * Link-Layer Topology Discovery Mapper I/O Driver echo. echo. timeout /t 4 >nul REM Powershell -NoProfile -ExecutionPolicy Bypass -File %~dp0Setup_Scripts\Disable_Network_Services_%arch%.ps1 set key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces for /f %%a in ('reg query "%key%"') do ( reg add "%key%\%%~na" /t REG_DWORD /v NetbiosOptions /d 0x2 /f %nul% ) echo. Powershell %network%cmd_tools\nvspbind.exe /d "Ethernet" ms_netbios Powershell %network%cmd_tools\nvspbind.exe /d "Ethernet" ms_server Powershell %network%cmd_tools\nvspbind.exe /d "Ethernet" ms_msclient Powershell %network%cmd_tools\nvspbind.exe /d "Ethernet" ms_tcpip6 Powershell %network%cmd_tools\nvspbind.exe /d "Ethernet" ms_lltdio Powershell %network%cmd_tools\nvspbind.exe /d "Ethernet" ms_rspndr Powershell %network%cmd_tools\nvspbind.exe /d "Ethernet" ms_netbt Powershell %network%cmd_tools\nvspbind.exe /d "LOCAL AREA CONNECTION" ms_netbios Powershell %network%cmd_tools\nvspbind.exe /d "LOCAL AREA CONNECTION" ms_server Powershell %network%cmd_tools\nvspbind.exe /d "LOCAL AREA CONNECTION" ms_msclient Powershell %network%cmd_tools\nvspbind.exe /d "LOCAL AREA CONNECTION" ms_tcpip6 Powershell %network%cmd_tools\nvspbind.exe /d "LOCAL AREA CONNECTION" ms_lltdio Powershell %network%cmd_tools\nvspbind.exe /d "LOCAL AREA CONNECTION" ms_rspndr Powershell %network%cmd_tools\nvspbind.exe /d "LOCAL AREA CONNECTION" ms_netbt netsh interface set interface "Ethernet" disable %nul% netsh interface set interface "Ethernet" enable %nul% netsh interface set interface "LOCAL AREA CONNECTION" disable %nul% netsh interface set interface "LOCAL AREA CONNECTION" enable %nul% echo. echo Set the default DNS servers to OPENCLOUD echo. netsh interface ipv4 add dnsservers name="LOCAL AREA CONNECTION" 1.1.1.1 %nul% netsh interface ipv4 add dnsservers name="LOCAL AREA CONNECTION" 1.0.0.1 INDEX=2 %nul% netsh interface ipv4 add dnsservers name="Ethernet" 1.1.1.1%nul% netsh interface ipv4 add dnsservers name="Ethernet" 1.0.0.1 INDEX=2 %nul% ipconfig /flushdns %nul%
Registry_Settings.bat Code: @echo off if exist "%WinDIR%\SysWOW64" set "arch=x64" if not exist "%WinDIR%\SysWOW64" set "arch=x86" set "nul=>nul 1>nul 2>nul" set clr=%systemdrive%\detel_online\Tools\%arch%\cmd_tools\cecho.exe set nsd1=%systemdrive%\detel_online\Tools\%arch%\NSudo\NSudo -U:T -P:E -UseCurrentConsole set cmd="wmic useraccount where name='%username%' get sid" for /f "skip=1" %%i IN ( ' %cmd% ' ) DO if not defined SID set "SID=%%i" echo. %clr% {0f}* {0e}Enable Full Administrator Account {#} echo. echo. reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t REG_DWORD /d 0 /f reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f echo. %clr% {0f}* {0e}Enable Reboot to Recovery {#} echo. echo. %nsd1% reg add "HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Reboot to Recovery\command" /ve /t REG_SZ /d "shutdown.exe /r /o /f /t 00" /f >nul echo The operation completed successfully. echo. %clr% {0f}* {0e}Show desktop shortcut icons -- Windows 10 {#} echo. echo. REM Add MyPC -- Control Panel -- %UserProfile% -- Recycle Bin to the Desktop reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu /v {20D04FE0-3AEA-1069-A2D8-08002B30309D} /t REG_DWORD /d 0 /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu /v {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /t REG_DWORD /d 0 /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu /v {59031a47-3f72-44a7-89c5-5595fe6b30ee} /t REG_DWORD /d 0 /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu /v {645FF040-5081-101B-9F08-00AA002F954E} /t REG_DWORD /d 0 /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel /v {20D04FE0-3AEA-1069-A2D8-08002B30309D} /t REG_DWORD /d 0 /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel /v {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /t REG_DWORD /d 0 /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel /v {59031a47-3f72-44a7-89c5-5595fe6b30ee} /t REG_DWORD /d 0 /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel /v {645FF040-5081-101B-9F08-00AA002F954E} /t REG_DWORD /d 0 /f echo. %clr% {0f}* {0e}Disable the search bar :: Taskbar ? {#} echo. echo. choice /c:YN /n /m "[Y]es/[N]o]: " if errorlevel 2 goto :noop if errorlevel 1 goto :search :search echo. reg add HKU\%SID%\SOFTWARE\Microsoft\Windows\CurrentVersion\Search /t REG_DWORD /v SearchboxTaskbarMode /d 0 /f REM reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Search /t REG_DWORD /v SearchboxTaskbarMode /d 0 /f :noop echo. %clr% {0f}* {0e}Enable single click :: Windows 10 {#} echo. echo. reg add HKU\%SID%\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer /v "ShellState" /t REG_BINARY /d 240000001728000000000000000000000000000001000000130000000000000062000000 /f echo. %clr% {0f}* {0e}Show hidden files and extensions {#} echo. echo. reg add "HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t REG_DWORD /d 1 /f reg add "HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 0 /f echo. %clr% {0f}* {0e}Removing some entries to make it more clean :: File Explorer related :: MY PC {#} echo. echo. %nsd1% regedit /s %systemdrive%\detel_online\Registry\File_Explorer_Related.reg /f echo The operation completed successfully. echo. %clr% {0f}* {0e}Disable automatically installing apps {#} echo. echo. %nsd1% reg add HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SilentInstalledAppsEnabled /t REG_DWORD /d 0 /f >nul echo The operation completed successfully. echo. %clr% {0f}* {0e}Restore Windows Photo Viewer in Windows 10 {#} echo. echo. %nsd1% regedit /s %systemdrive%\detel_online\Registry\PhotoViewer.reg /f echo The operation completed successfully. echo. %clr% {0f}* {0e}Open File Explorer to ThisPC {#} echo. echo. %nsd1% reg add HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v LaunchTo /t REG_DWORD /d 1 /f >nul echo The operation completed successfully. echo. %clr% {0f}* {0e}Set Control Panel on Classic View and small icons {#} echo. echo. reg add HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel /v AllItemsIconView /t REG_DWORD /d 1 /f reg add HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel /v StartupPage /t REG_DWORD /d 1 /f echo. %clr% {0f}* {0e}Disable Notifications and Action Center {#} echo. echo. reg add HKU\%SID%\SOFTWARE\Policies\Microsoft\Windows\Explorer /v DisableNotificationCenter /t REG_DWORD /d 1 /f echo. %clr% {0f}* {0e}Show All Tray Icons {#} echo. echo. reg add HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Explorer /v "EnableAutoTray" /t REG_DWORD /d 0 /f echo. %clr% {0f}*{0e}Unlock the taskbar {#} echo. echo. reg add HKU\%SID%\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarSizeMove /t REG_DWORD /d 1 /f echo. %clr% {0f}* {0e}Enable Old Style Legacy Balloon Notifications :: Change Windows 10 toast notifications into balloon notifications {#} echo. echo. reg add HKU\%SID%\SOFTWARE\Policies\Microsoft\Windows\Explorer /v EnableLegacyBalloonNotifications /t REG_DWORD /d 1 /f echo. %clr% {0f}* {0e}Disable Remote Assistance Connections {#} echo. echo. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v fAllowFullControl /t REG_DWORD /d 0 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v fAllowToGetHelp /t REG_DWORD /d 0 /f echo. echo. echo. echo =================== %clr% {0f}Context Menu Items: {#} echo. echo =================== echo. echo. %clr% {0f}1] {0e}Directory context menu for MakeISO - lean and mean snippet by AveYo, 2022.05.04 {#} echo. echo. ::: [-HKEY_CLASSES_ROOT\MakeISO] ::: [-HKEY_CLASSES_ROOT\Directory\shell\extract] ::: To remove entries, copy paste above into undo_MakeISO.reg file, then import it %nsd1% regedit /s %systemdrive%\detel_online\Registry\MakeISO.reg /f echo The operation completed successfully. echo. %clr% {0f}2] {0e}Add RunAS :: Install as Trusted Installer to the context menu :: snippet by AveYo, 2018-2022 {#} echo. %clr% {0f} Added Elevated CMD :: Powershell to the snippet {#} echo. echo. %nsd1% regedit /s %systemdrive%\detel_online\Registry\RunAsTI.reg /f echo The operation completed successfully. echo. %clr% {0f}3] {0e}Add Logoff and Reboot :: MY PC {#} echo. echo. %nsd1% regedit /s %systemdrive%\detel_online\Registry\Reboot.reg /f echo The operation completed successfully. echo. %clr% {0f}4] {0e}Copy as path {#} echo. echo. reg add "HKEY_CLASSES_ROOT\*\shell\Copy as Path\command" /ve /d @="cmd.exe /c echo %1|clip /f echo. %clr% {0f}5] {0e}Add Copy to :: Move to Folder... {#} echo. echo. reg add "HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\{C2FBB630-2971-11D1-A18C-00C04FD75D13}" /f reg add "HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\{C2FBB631-2971-11D1-A18C-00C04FD75D13}" /f echo. %clr% {0f}6] {0e}Add RUN {#} echo. echo. reg add "HKEY_CLASSES_ROOT\Directory\background\shell\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" /ve /d Run... /f reg add "HKEY_CLASSES_ROOT\Directory\background\shell\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" /v SeparatorAfter /t REG_SZ /d "" /f reg add "HKEY_CLASSES_ROOT\Directory\background\shell\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" /v Position /t REG_SZ /d "Bottom" /f reg add "HKEY_CLASSES_ROOT\Directory\background\shell\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" /v Icon /t REG_SZ /d shell32.dll,-25 /f reg add "HKEY_CLASSES_ROOT\Directory\background\shell\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\command" /ve /d "explorer.exe shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" /f echo. %clr% {0f}7] {0e}Add the Firewall Console ::: FWc ::: Credits to shewolf {#} echo. echo. %nsd1% regedit /s %systemdrive%\detel_online\Registry\FWc.reg /f echo The operation completed successfully. echo. %clr% {0f}8] {0e}Add Install WU CAB Package {#} echo. echo. reg add HKEY_CLASSES_ROOT\CABFolder\Shell\runas /ve /d "Install WU Package" /f reg add HKEY_CLASSES_ROOT\CABFolder\Shell\runas /v MUIVerb /t REG_SZ /d "" /f reg add HKEY_CLASSES_ROOT\CABFolder\Shell\runas /v HasLUAShield /t REG_SZ /d "" /f reg add HKEY_CLASSES_ROOT\CABFolder\Shell\runas /v NeverDefault /t REG_SZ /d "" /f reg add HKEY_CLASSES_ROOT\CABFolder\Shell\runas\Command /ve /d "CMD /K Dism /Online /Add-Package /PackagePath:\"%1\" /NoRestart" /f echo. %clr% {0e}Set {0f}This PC {0e}Name {#} echo. echo. set /p "MyPC=: " %nsd1% reg add HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} /ve /t REG_SZ /d "%MyPC%" /f >nul %nsd1% reg add HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} /v LocalizedString /t REG_EXPAND_SZ /d "%MyPC%" /f >nul echo. echo The operation completed successfully. timeout /t 5 >nul REM Set PowerShell Execution Policy to RemoteSigned REM reg add HKU\%SID%\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell /v ExecutionPolicy /t REG_SZ /d RemoteSigned REM Disable Internet -- WFC REM Powershell -Command New-NetFirewallRule -DisplayName "Block_Internet_Access" -Direction Outbound -Protocol Any -Action Block -Verbose
GPO_Tweaks.reg Not complete and to much entries for LTSC 2021. Repost small full LTSC2021 Telemetry list later on. Requires some usersid/HKU values. Code: set cmd="wmic useraccount where name='%username%' get sid" for /f "skip=1" %%i IN ( ' %cmd% ' ) DO if not defined SID set "SID=%%i" ::: User specific Telemetry Settings ::: Limit Tailored Experiences :: Enterprise LTSC 2021 21H2 19044 ::: reg add "HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Privacy" /v TailoredExperiencesWithDiagnosticDataEnabled /t REG_DWORD /d 0 /f %nul% ::: Cloud Content :: Enterprise LTSC 2021 21H2 19044 ::: reg add HKU\%SID%\Software\Policies\Microsoft\Windows\CloudContent" /v DisableWindowsConsumerFeatures /t REG_DWORD /d 1 /f %nul% Code: Windows Registry Editor Version 5.00 ; MS Windows 10 GPO Tweaks ; based on MANAGE CONNECTIONS FROM WINDOWS 10 OPERATING SYSTEM COMPONENTS TO MICROSOFT SERVICES as of 2019.09.16 ; Telemetry and Error Reporting GPO Tweaks ; Disable Telemetry Group ; Security level is only supported on Education and Enterprise [best editions privacy-wise] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection] "DoNotShowFeedbackNotifications"=dword:00000001 "AllowDeviceNameInTelemetry"=dword:00000000 "AllowTelemetry"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds] "EnableConfigFlighting"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat] "AITEnable"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack] "DiagTrackAuthorization"=dword:00000000 ;[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener] "Start"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Diagtrack-Listener] "Start"=dword:00000000 ; Disable Application Experience Group [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat] "AITEnable"=dword:00000000 "DisableUAR"=dword:00000001 "DisableInventory"=dword:00000001 "DisablePCA"=dword:00000001 ; Disable CEIP Group [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows] "CEIPEnable"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows] "CEIPEnable"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\IE] "CEIPEnable"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Reliability] "CEIPEnable"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppV\CEIP] "CEIPEnable"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\SQM] "DisableCustomerImprovementProgram"=dword:0000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client] "CEIP"=dword:00000002 ; Disable SQM Group [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\IE] "SqmLoggerRunning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Reliability] "SqmLoggerRunning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows] "SqmLoggerRunning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows] "DisableOptinExperience"=dword:00000001 ; Disable Microsoft Compatibility Appraiser [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser] "HaveUploadedForTarget"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AIT] "AITEnable"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\ClientTelemetry] "DontRetryOnError"=dword:00000001 "IsCensusDisabled"=dword:00000001 "TaskEnableRun"=dword:00000000 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController] ;Disable Query Remote Server [HKEY_LOCAL_MACHINE\SOFTWARE\policies\microsoft\windows\scripteddiagnosticsprovider\policy] "enablequeryremoteserver"=dword:00000000 ; Disable Error Reporting Group [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting] "Disabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting] "Disabled"=dword:0000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting] "DoReport"=dword:00000000 ; Other Diagnostics [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy] "DisableQueryRemoteServer"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Assistance\Client\1.0] "NoOnlineAssist"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\StorageHealth] "AllowDiskHealthModelUpdates"=dword:00000000 ; Search and Cortana GPO Tweaks ; Disable Cortana Group [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search] "AllowCortana"=dword:00000000 "AllowSearchToUseLocation"=dword:00000000 ; Disable Online Search Group [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search] "DisableWebSearch"=dword:000000001 "ConnectedSearchUseWeb"=dword:00000000 "ConnectedSearchPrivacy"=dword:00000003 ; Turn off Search Companion content file updates [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion] "DisableContentFileUpdates"=dword:00000001 ; MS Windows Defender GPO Tweaks ; Disable Windows Defender Group [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] "DisableRealtimeMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI] "AllowAppHVSI_ProviderSet"=dword:00000000 [[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService] "Start"=dword:00000004 ; Silence Windows Defender Group [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting] "DisableEnhancedNotifications"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] "SpynetReporting"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] "SubmitSamplesConsent"=dword:00000002 ; Disable SmartScreen [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "EnableSmartScreen"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen] "ConfigureAppInstallControlEnabled"=dword:00000000 "ConfigureAppInstallControl"="Anywhere" ; No Smartscreen For Store APPS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost] "EnableWebContentEvaluation"=dword:00000000 ; Disable Smartscreen for MS EGDE [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter] "EnabledV9"=dword:00000000 ; Disable Smartscreen for IE [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter] "EnabledV9"=dword:00000000 ; Delete ShellSmartScreenLevel [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "ShellSmartScreenLevel"="" ; Turn off Windows Network Connectivity Status Indicator active tests [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator] "NoActiveProbe"dword:00000001 ; Silence MRT-Tool - Windows Malicious Removal Tool [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT] "DontOfferThroughWUAU"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT] "DontReportInfectionInformation"=dword:00000001 ; Privacy and Advertisement GPO Tweaks ; Disable Advertisement Group ; Turn off Advertising [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo] "DisabledByGroupPolicy"=dword:00000001 ; Turn off Consumer Experiences - MS Store [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CloudContent] "DisableWindowsConsumerFeatures"=dword:00000001 ; Limit Tailored Experiences -- Admin [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy] "TailoredExperiencesWithDiagnosticDataEnabled"=dword:00000000 ; Limit Tailored Experiences -- User [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent] "DisableTailoredExperiencesWithDiagnosticData"=dword:00000001 ; Turn off Windows Spotlight [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent] "DisableWindowsSpotlightFeatures"=dword:000000001 ; Disable Online Tips in Settings [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "AllowOnlineTips"=dword:00000000 ; Don't show Windows Tips [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent] "DisableSoftLanding"=dword:00000001 ;Prevents Suggested Applications returning [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent] "DisableThirdPartySuggestions"=dword:00000001 ; Disable Lock Screen Group ;Don't use Lock Screen [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization] "NoLockScreen"=dword:00000001 ;Set LockScreen Image and Enable LockScreen Image [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization] "LockScreenImage"="C:\\Windows\\Web\\Screen\\lockscreen.jpg" "LockScreenOverlaysDisabled"=dword:00000001 ; No Personalization Group ;Disable input personalization [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization] "AllowInputPersonalization"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\InputPersonalization] "AllowInputPersonalization"=dword:00000000 ;Disable Test Collection [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization] "RestrictImplicitTextCollection"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\InputPersonalization] "RestrictImplicitTextCollection"=dword:00000001 ;Disable Inc Collection [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization] "RestrictImplicitInkCollection"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\InputPersonalization] "RestrictImplicitInkCollection"=dword:00000001 ;Disable Linguistic Data Collection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput] "AllowLinguisticDataCollection"=dword:00000000 ;Disable Handwriting Error Reports [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReport] "PreventHandwritingErrorReports"=dword:00000001 ;Disable Handwriting Data Sharing [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TabletPC] "PreventHandwritingDataSharing"=dword:00000001 ;Protect Location Group ;Disable Location Provider [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors] "DisableLocation"=dword:00000001 ;Don't Share Language List [HKEY_CURRENT_USER\Control Panel\International\User Profile] "HttpAcceptLanguageOptOut"=dword:00000001 ;Online Speech Privacy [HKEY_CURRENT_USER\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy] "HasAccepted"=dword:00000000 ;Change Windows Feedback Frequency [HKEY_CURRENT_USER\Software\Microsoft\Siuf\Rules] "PeriodInNanoSeconds"=dword:00000000 "NumberOfSIUFInPeriod"=dword:00000000 ;No Registration Group ;Disable KMS GenTicket [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform] "NoGenTicket"=dword:00000001 ;Disable Registration [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control] "NoRegistration"=dword:00000001 ;No Push Notifications Group ;Disable Cloud Notification [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications] "NoCloudApplicationNotification"=dword:00000001 ;Disable Cloud Notification [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications] "NoCloudApplicationNotification"=dword:00000001 ; Microsoft Account GPO Tweaks ;Disable Disable OneDrive Group ; Disable OneDrive Usage [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive] "DisableFileSyncNGSC"=dword:00000001 ;Silence OneDrive [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OneDrive] "PreventNetworkTrafficPreUserSignIn"=dword:00000001 ;No Microsoft Accounts Group ;Disable Microsoft Accounts [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "NoConnectedUser"=dword:00000003 ;No Settings Sync Group ;Disable Settings Sync [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SettingSync] "DisableSettingSync"=dword:00000002 ;Force Disable Settings Sync [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SettingSync] "DisableSettingSyncUserOverride"=dword:00000001 ;Disable WiFi-Sense [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager\config] "AutoConnectAllowedOEM"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager] "WifiSenseCredShared"=dword:00000000 "WifiSenseOpen"=dword:00000000 ;No Find My Device Group ;Don't Allow FindMyDevice [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FindMyDevice] "AllowFindMyDevice"=dword:00000000 ;No Cloud Clipboard Group ;Disable Cloud Clipboard [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System] "AllowCrossDeviceClipboard"=dword:000000 [HKEY_CURRENT_USER\Software\Microsoft\Clipboard] "EnableClipboardHistory"=dword:00000000 ;No Cloud Messages Group ;Don't Sync Messages -- Admin [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Messaging] "AllowMessageSync"=dword:00000000 ;Don't Sync Messages -- User [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Messaging] "AllowMessageSync"=dword:00000000 ;Disable Activity Feed Group ;Disable Activity Feed [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System] "EnableActivityFeed"=dword:00000000 ;Don't Upload User Activities [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System] "UploadUserActivities"=dword:00000000 ;Don't Publish User Activities [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System] "PublishUserActivities"=dword:00000000 ;No Cross Device Experience Group [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System] "EnableCdp"=dword:00000000 ;Visual Studio GPO Tweaks ;Turn off VS telemetry Group [HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\Telemetry] "TurnOffSwitch"=dword:00000001 ;Turn off PerfWatson2.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\SQM] "OptIn"=dword:00000000 ;Block Microsoft.ServiceHub.Controller.exe ;Optional ;%ProgramFiles(x86)%\Microsoft Visual Studio\2019\Community\Common7\ServiceHub\controller\Microsoft.ServiceHub.Controller.exe ;Turn off VS Feedback button Group ;DisableFeedbackDialog [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback] "DisableFeedbackDialog"=dword:00000001 ;Disable Email Input [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback] "DisableEmailInput"=dword:00000001 ;Disable Screenshot Capture [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback] "DisableScreenshotCapture"=dword:00000001 ; Various others GPO Tweaks ;No Explorer AutoComplete Group -- Recommended ;Disable Auto Suggest -- Admin [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete] "AutoSuggest"="no" ;;Disable Auto Suggest -- User [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer\AutoComplete] "AutoSuggest"="no" ;No Delivery Optimizations Group ;Disable WU Delivery Optimizations -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization] "DODownloadMode"="100" ;No Internet Open With Group -- Recommended ;Disable Internet Open With -- Admin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoInternetOpenWith"=dword:00000001 ;Disable Internet Open With -- User [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoInternetOpenWith"=dword:00000001 ;Disable Driver Update Group ;Don't Update Drivers With WU [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "ExcludeWUDriversInQualityUpdate"=dword:00000001 ;Don't get Device Info from Web [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Device Metadata] "PreventDeviceMetadataFromNetwork"=dword:00000001 ;No Speech Updates Group ;Don't Update SpeechModel [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Speech] "AllowSpeechModelUpdate"=dword:00000000 ;Lockdown MS Edge (non Chromium) Group ;Prevent Live Tile Data Collection [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main] "PreventLiveTileDataCollection"=dword:00000001 ; Disable Pre-launch [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main] "AllowPrelaunch"=dword:00000000 ;Disable Tab Pre-Loading [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader] "AllowTabPreloading"=dword:00000000 ;Disable Adobe Flash Player [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Addons] "FlashPlayerEnabled"=dword:00000000 ;Don't Update Compatibility Lists [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\BrowserEmulation] "MSCompatibilityMode"=dword:00000000 ;Set Blank Stat Page [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings] "ProvisionedHomePages"="about:blank" ;Set 'DoNotTrack' [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main] "DoNotTrack"=dword:00000001 ;No Password Auto Complete [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main] "FormSuggest Passwords"="no" ;Disable First Start Page [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main] "PreventFirstRunPage"=dword:00000001 ;No Form Auto Complete [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main] "Use FormSuggest"="no" ;Disable AddressBar Suggestions [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes] "ShowSearchSuggestionsGlobal"=dword:00000000 ;Disable AddressBar (drop down) Suggestions [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\ServiceUI] "ShowOneBox"=dword:00000000 ;Keep New Tabs Empty [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\ServiceUI] "AllowWebContentOnNewTabPage"=dword:00000000 ;Disable Books Library Updating [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary] "AllowConfigurationUpdateForBooksLibrary"=dword:00000000 ;No Font Updates Group ;Don't Update Fonts [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "EnableFontProviders"=dword:00000000 ;Automatic certificate updates Group ;Disable Certificate Auto Update [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot] "DisableRootAutoUpdate"=dword:00000001 ;Date and Time (NTP Client) Group ;Disable NTP Client [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient] "Enabled"=dword:00000000 ;Disable Teredo (IPv6) Group ;Disable Teredo Tunneling [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition] "Teredo_State"="Disabled" ;Disable Map Updates Group ;Turn off unsolicited Maps Downloads [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Maps] "AllowUntriggeredNetworkTrafficOnSettingsPage"=dword:00000000 ;Turn off Auto Maps Update [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Maps] "AutoDownloadAndUpdateMapData"=dword:00000000 ;Lockdown Internet Explorer Group ;Disable Enhanced AddressBar Suggestions [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer] "AllowServicePoweredQSA"=dword:00000001 ;Turn off Browser Geolocation [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Geolocation] "PolicyDisableGeolocation"=dword:00000001 ;Turn off Site Suggestions [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Suggested Sites] "Enabled"=dword:00000000 ;Turn off FlipAhead Prediction [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FlipAhead] "Enabled"=dword:00000000 ; Disable Download Version List [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\VersionManager] "DownloadVersionList"=dword:00000000 ;Disable Sync of Feeds and Slices [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds] "BackgroundSyncStatus"=dword:00000000 ;Disable Compatibility View [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation] "DisableSiteListEditing"=dword:00000001 ;Disable First Run Wizard [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main] "DisableFirstRunCustomize"=dword:00000001 ;Keep New Tabs Empty [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing] "NewTabPageShow"=dword:00000000 ;Apps and Store GPO Tweaks ;Disable Store Group ;Disable Store Apps [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore] "DisableStoreApps"=dword:00000001 ;Don't Auto Update Apps [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore] "AutoDownload"=dword:00000002 ;Disable App Uri Handlers [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System] "EnableAppUriHandlers"=dword:00000000 ; Remove the Windows Store [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore] "RemoveWindowsStore"=dword:00000001 ;Lockdown Apps Group ;Don't Let Apps Access AccountInfo -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessAccountInfo"=dword:00000002 ;Don't Let Apps Access Calendar -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessCalendar"=dword:00000002 ;Don't Let Apps Access CallHistory -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessCallHistory"=dword:00000002 ;Don't Let Apps Access Camera -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessCamera"=dword:00000002 ;Don't Let Apps Access Contacts -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessContacts"=dword:00000002 ;Don't Let Apps Access Email -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessEmail"=dword:00000002 ;Don't Let Apps Access Location -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessLocation"=dword:00000002 ;Don't Let Apps Access Messaging -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessMessaging"=dword:00000002 ;Don't Let Apps Access Microphone -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessMicrophone"=dword:00000002 ;Don't Let Apps Access Motion -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessMotion"=dword:00000002 ;Don't Let Apps Access Notifications -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessNotifications"=dword:00000002 ;Don't Let Apps Access Radio -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessRadios"=dword:00000002 ;Don't Let Apps Access Tasks -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessTasks"=dword:00000002 ;Don't Let Apps Access TrustedDevices -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsAccessTrustedDevices"=dword:00000002 ;Don't Let Apps get Diagnostic Info -- Recommended [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsGetDiagnosticInfo"=dword:00000002 ;LetAppsRunInBackground [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsRunInBackground"=dword:00000002 ;Don't Let Apps Sync With Devices [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy] "LetAppsSyncWithDevices"=dword:00000002 ;Block Mail and People Group ;Disable Mail App [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail] "ManualLaunchAllowed"=dword:00000000 ;Hide People from Taskbar -- Admin [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer] "HidePeopleBar"=dword:00000001 ;Hide People from Taskbar -- User [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer] "HidePeopleBar"=dword:00000001 ; Disable Clipboard History [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "AllowClipboardHistory"=dword:00000000
To make it pretty... Code: @echo off start "" "%Windir%\Resources\Themes\Matte - Line.theme" & timeout /t 5 & taskkill /im "systemsettings.exe" /f Code: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v "Custom Theme" /t REG_SZ /d "%Systemdrive%\detel_online\Tools\%arch%\cmd_tools\runnhide\RunNHide.exe %Systemdrive%\detel_online\Setup_Scripts\Set_Custom_Theme.bat" /f %nul% Fully tweaked online + 2 reboots... NSudo ftw
Incase you run SFC... It does restore disabled Systemapps folders (useless) Nothing restores "properly fully removed" Systemapps. Creating a new user might reset the IsInbox values back to "1" Just run the batch to reset the values incase you like to remove a couple... They show on "Apps&Features" so you can remove there when u set the value to 0 Code: @echo off if exist "%WinDIR%\SysWOW64" set "arch=x64" if not exist "%WinDIR%\SysWOW64" set "arch=x86" set "nul=>nul 1>nul 2>nul" set nsd3=%systemdrive%\detel_online\Tools\%arch%\NSudo\NSudo -U:T -P:E -UseCurrentConsole cmd /c Taskkill /IM smartscreen.exe %nul% %nsd3% del /s %windir%\System32\smartscreen.exe %nul% %nsd3% del /s /q %windir%\System32\CompatTelRunner.exe %nul% %nsd3% del /s /q %windir%\System32\OneDriveSetup.exe %nul%