Thank you very much for sharing, I've been testing it on 23H2 Enterprise and it works really well. I've got a few notes though: Some registry tweaks display an "Access Denied" message when applying, those are: Code: & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize' '/v' 'EnableTransparency' '/t' 'REG_DWORD' '/d' '0' '/f' > $null & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Feeds' '/v' 'ShellFeedsTaskbarViewMode' '/t' 'REG_DWORD' '/d' '2' '/f' > $null And one that doesn't seem to exist: Code: & 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\SuggestedApps' '/f' > $null I've done a few personal modifications (disabling OneDrive and Copilot, and other small things) but I've been struggling to find a way to disable Microsoft Teams (both and the (personal) one) and I'd appreciate some help. It doesn't seem to exist during the installation, but after updating Windows and opening MS Store it seems to get automatically installed, which is quite frustrating. Is the only way to disable the teams installation to Install Windows > Apply HKCU edits AFTER making the first user? I suppose I could automate this procedure with an autounattend but that's not ideal. Some information about the software used: VMware Workstation (17.0.0) ISO used: EN-GB Windows 11 23H2 (22631.5039) Business Edition -> Enterprise Host OS: W10 Enterprise 22H2 (19045.5198)
What is the purpose of the "Enable-Privilege" function present in the script? I understand the description you gave in the comment, to be able to modify protected keys, but as far as I can understand (which is not much) while the function does take ownership of some keys, it does not modify them whatsoever, making the section pointless. Was that a section you're planning to expand later on or am I missing something?
I have downloaded the script and ran it in my new windows installation and started getting heavily spammed in my event viewer logs which might have caused a crash i wouldn't know, and looked more into the thread and noticed you removed smartscreen. " Unable to start a DCOM Server: {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: C:\Windows\System32\smartscreen.exe -Embedding" if it is related is there an option to make the computer to stop executing these commands to start smartscreen?
alright didn't know if there's a difference but unfortunately I didn't get an answer to my question, so if smartscreen is disabled shouldn't windows stop trying to launch smartscreen.exe? I'm asking because my event log is clogged with the same error over and over
I do not know where is the script, so I can not compare it, but I disable smartscreen and I get no errors for smartscreen, only occasionally for Start, and I have removed smartscreen.exe But if you use Defender, it might be triggered by it. Spoiler Code: rem Off - Disable Windows SmartScreen / On - Enable Windows SmartScreen reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f rem 0 - Disable SmartScreen Filter in Microsoft Edge / 1 - Enable reg add "HKCU\Software\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d "0" /f rem 0 - Disable SmartScreen PUA in Microsoft Edge / 1 - Enable reg add "HKCU\Software\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d "0" /f rem 0 - Disable Windows SmartScreen for Windows Store Apps / 1 - Enable reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f rem ________________________________________________________________________________________ reg add "HKLM\Software\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t "REG_DWORD" /d "0" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t "REG_DWORD" /d "0" /f rem 1 - Enable Microsoft Defender SmartScreen DNS requests reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SmartScreenDnsRequestsEnabled" /t REG_DWORD /d "0" /f rem Remove Smartscreen (to restore run "sfc /scannow") takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe" icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F taskkill /im smartscreen.exe /f del "%WinDir%\System32\smartscreen.exe" /s /f /q
Smartscreen are disabled by HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explore\DisallowRun