## ## Windows 10 cleanup script. ## Remove dodgy tracking settings, unneeded services, all apps, and optional features that come with Windows 10. Make it more like Windows 7. ## ## Instructions ## 1. Start Windows 10 installation. At the first point you are asked for input during Windows 10 setup, hit Shift-F10. This gives you a command prompt. ## 2. Now mount a network volume, or insert a USB key with this script on it and change directory to it. e.g. ## net use x: \\mynetworkmount ## cd x: ## 3. Run the script ## powershell -ExectionPolicy Bypass cleanup-win10.ps1 ## 4. Let it run through, you may see a few errors, this is normal ## 5. Reboot ## shutdown /r /t 0 ## 6. Contine installation as normal ## 7. Once you login for the first time, run this script again (under Powershell as Administrator): ## powershell -ExectionPolicy Bypass cleanup-win10.ps1 ## 8. Go through the "Things to do after" shown at the end of the script ## 9. Done! ## New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT Write-Host 'Updating registry settings...' # Disable some of the "new" features of Windows 10, such as forcibly installing apps you don't want, and the new annoying animation for first time login. New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\' -Name 'CloudContent' New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent' -Name 'DisableWindowsConsumerFeatures' -PropertyType DWord -Value '1' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent' -Name 'DisableSoftLanding' -PropertyType DWord -Value '1' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableFirstLogonAnimation' -PropertyType DWord -Value '0' -Force # Set some commonly changed settings for the current user. The interesting one here is "NoTileApplicationNotification" which disables a bunch of start menu tiles. New-Item -Path 'HKCU:\Software\Policies\Microsoft\Windows\CurrentVersion\' -Name 'PushNotifications' New-ItemProperty -Path 'HKCU:\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications' -Name 'NoTileApplicationNotification' -PropertyType DWord -Value '1' -Force New-Item -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\' -Name 'CabinetState' New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState' -Name 'FullPath' -PropertyType DWord -Value '1' -Force New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'HideFileExt' -PropertyType DWord -Value '0' -Force New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'Hidden' -PropertyType DWord -Value '1' -Force New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'ShowSyncProviderNotifications' -PropertyType DWord -Value '0' -Force # Remove all Windows 10 apps, including Windows Store. You may not want this, but I don't ever use any of the apps or the start menu tiles. # This makes Windows 10 similar to Windows 7. Don't forget to unpin all the tiles after installation to trim down the start menu! Get-AppxProvisionedPackage -Online | Remove-AppxProvisionedPackage -Online Get-AppxPackage | Remove-AppxPackage # Disable Cortana, and disable any kind of web search or location settings. New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\' -Name 'Windows Search' New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'AllowCortana' -PropertyType DWord -Value '0' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'AllowSearchToUseLocation' -PropertyType DWord -Value '0' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'DisableWebSearch' -PropertyType DWord -Value '1' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'ConnectedSearchUseWeb' -PropertyType DWord -Value '0' -Force # Remove OneDrive, and stop it from showing in Explorer side menu. # If OneDrive is *still* hanging around, remove it in Windows Settings > Apps > Programs and Features. C:\Windows\SysWOW64\OneDriveSetup.exe /uninstall Start-Sleep -s 10 New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\' -Name 'Skydrive' New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Skydrive' -Name 'DisableFileSync' -PropertyType DWord -Value '1' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Skydrive' -Name 'DisableLibrariesDefaultSaveToSkyDrive' -PropertyType DWord -Value '1' -Force New-Item -Path 'HKCR:\CLSID\' -Name '{018D5C66-4533-4307-9B53-224DE2ED1FE6}' New-Item -Path 'HKCR:\Wow6432Node\CLSID\' -Name '{018D5C66-4533-4307-9B53-224DE2ED1FE6}' New-ItemProperty -Path 'HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}' -Name 'System.IsPinnedToNameSpaceTree' -PropertyType DWord -Value '0' -Force New-ItemProperty -Path 'HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}' -Name 'System.IsPinnedToNameSpaceTree' -PropertyType DWord -Value '0' -Force # Disable data collection and telemetry settings. New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' -Name 'SmartScreenEnabled' -PropertyType String -Value 'Off' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection' -Name 'AllowTelemetry' -PropertyType DWord -Value '0' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection' -Name 'AllowTelemetry' -PropertyType DWord -Value '0' -Force New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Remote Assistance' -Name 'fAllowFullControl' -PropertyType DWord -Value '0' -Force # Disable Windows Defender submission of samples and reporting. New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\' -Name 'Spynet' New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' -Name 'SpynetReporting' -PropertyType DWord -Value '0' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' -Name 'SubmitSamplesConsent' -PropertyType DWord -Value '2' -Force # Disables PeerCaching, so updates are downloaded from Microsoft instead of other computers on the internet. New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\' -Name 'DeliveryOptimization' New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization' -Name 'DODownloadMode' -PropertyType DWord -Value '0' -Force New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization' -Name 'SystemSettingsDownloadMode' -PropertyType DWord -Value '0' -Force New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\' -Name 'Config' New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config' -Name 'DODownloadMode' -PropertyType DWord -Value '0' -Force Write-Host 'Disabling services...' $services = @( # CDPSvc doesn't seem to do anything useful, that I found. See note on CDPUserSvc further down the script. # DiagTrack is a feedback and diagnostics service, known for tracking. 'CDPSvc', 'DiagTrack', # Black Viper 'Safe for DESKTOP' services. # See http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/ 'tzautoupdate', 'AppVClient', 'RemoteRegistry', 'RemoteAccess', 'shpamsvc', 'SCardSvr', 'UevAgentService', 'ALG', 'PeerDistSvc', 'NfsClnt', 'dmwappushservice', 'MapsBroker', 'lfsvc', 'HvHost', 'vmickvpexchange', 'vmicguestinterface', 'vmicshutdown', 'vmicheartbeat', 'vmicvmsession', 'vmicrdv', 'vmictimesync', 'vmicvss', 'irmon', 'SharedAccess', 'MSiSCSI', 'SmsRouter', 'CscService', 'SEMgrSvc', 'PhoneSvc', 'RpcLocator', 'RetailDemo', 'SensorDataService', 'SensrSvc', 'SensorService', 'ScDeviceEnum', 'SCPolicySvc', 'SNMPTRAP', 'TabletInputService', 'WFDSConSvc', 'FrameServer', 'wisvc', 'icssvc', 'WinRM', 'WwanSvc', 'XblAuthManager', 'XblGameSave', 'XboxNetApiSvc' ) foreach ($service in $services) { Set-Service $service -StartupType Disabled } # CDPUserSvc is a mysterious service that just seems to throws errors in the event viewer. I haven't seen any problems with it disabled. # See https://social.technet.microsoft.com/Forums/en-US/c165a54a-4a69-441c-94a7-b5712b54385d/what-is-the-cdpusersvc-for-?forum=win10itprogeneral # Note that the related service CDPSvc is also disabled in the above services loop. CDPUserSvc can't be disabled by Set-Service, due to a random # hash after the service name, but disabling via the registry is perfectly fine. Write-Host 'Disabling CDPUserSvc...' Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc' -Name 'Start' -Value '4' Write-Host 'Disabling hibernate...' powercfg -h off # Disables all of the known enabled-by-default optional features. There are some particulary bad defaults like SMB1. Sigh. Write-Host 'Disabling optional features...' $features = @( 'MediaPlayback', 'SMB1Protocol', 'Xps-Foundation-Xps-Viewer', 'WorkFolders-Client', 'WCF-Services45', 'NetFx4-AdvSrvs', 'Printing-Foundation-Features', 'Printing-PrintToPDFServices-Features', 'Printing-XPSServices-Features', 'MSRDC-Infrastructure', 'MicrosoftWindowsPowerShellV2Root', 'Internet-Explorer-Optional-amd64' ) foreach ($feature in $features) { Disable-WindowsOptionalFeature -Online -FeatureName $feature -NoRestart } Write-Host 'Finished. Reboot system with: shutdown /r /t 0' Write-Host '' Write-Host '***' Write-Host 'If you ran this script during installation, make sure to run it again after logging in for the first time!' Write-Host '***' Write-Host '' Write-Host '***' Write-Host 'Things to do after you have logged in for the first time and ran the script again:' Write-Host ' * Unpin all the tiles in the start menu' Write-Host ' * Settings > Privacy: switch off all the radio buttons through all menus on the left' Write-Host ' * Settings > Privacy > Feedback & diagnostics menu: select Never for Feedback frequency' Write-Host ' * Settings > Apps, click the Manage optional features link. Remove Contact Support, Internet Explorer 11, Microsoft Quick Assist, and Windows Media Player' Write-Host ' * Settings > System > Notifications & actions: switch off "Get notifications from apps and other senders"' Write-Host ' * Settings > System > Notifications & actions: switch off "Show me the Windows welcome experience..."' Write-Host ' * Settings > System > Shared experiences: switch off "Let me open apps on other devices..."' Write-Host ' * Settings > Update & security, click the Advanced options link. Tick "Give me updates for other Microsoft products when I update Windows."' Write-Host ' * Run Windows Update for the first time!' Write-Host '***'