Skip to content

Instantly share code, notes, and snippets.

@guillemcanal

guillemcanal/Microsoft.PowerShell_profile.ps1

Last active February 23, 2022 22:14
Show Gist options
  • Save guillemcanal/441cf4f0bf5da4ee7b84d778911eabba to your computer and use it in GitHub Desktop.
Save guillemcanal/441cf4f0bf5da4ee7b84d778911eabba to your computer and use it in GitHub Desktop.
Download ZIP
Boxstarter Install Script
Raw
boxstarter.ps1
#--- Check Windows version ---
if ([Environment]::OSVersion.Version.Major -ne 10) {
Write-Error 'Upgrade to Windows 10 before running this script'
Exit
}
#--- Utility Functions ---
function _ForceMkdir($path) {
if (!(Test-Path $path)) {
New-Item -ItemType Directory -Force -Path $path
}
}
#--- Windows Update ---
Enable-UAC
Enable-MicrosoftUpdate
Install-WindowsUpdate -AcceptEula
#--- Check Windows Revision ---
if ((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId -lt 2004) {
Write-Error 'You need to run Windows Update and install Feature Updates to at least version 2004'
Exit
}
#--- Termporarily disable ---
Disable-WindowsUpdate
Disable-UAC
#--- Windows Subsystems/Features ---
choco install -y Microsoft-Windows-Subsystem-Linux -source windowsfeatures
choco install -y VirtualMachinePlatform -source windowsfeatures
#--- Fonts
choco install -y cascadiacode
#--- Apps ---
choco install -y `
wsl-alpine `
firefox `
docker-desktop `
visualstudiocode `
jetbrainstoolbox `
microsoft-windows-terminal `
mkcert `
sharex `
spotify
refreshenv
#--- Block Telemetry---
# Description:
# This script blocks telemetry related domains via the hosts file and related
# IPs via Windows Firewall.
#
# Please note that adding these domains may break certain software like iTunes
# or Skype. As this issue is location dependent for some domains, they are not
# commented by default. The domains known to cause issues marked accordingly.
# Please see the related issue:
# <https://github.com/W4RH4WK/Debloat-Windows-10/issues/79>
# Thanks to raydric, this function should be used instead of `mkdir -force`.
#
# While `mkdir -force` works fine when dealing with regular folders, it behaves
# strange when using it at registry level. If the target registry key is
# already present, all values within that key are purged.
Write-Output "Disabling telemetry via Group Policies"
_ForceMkdir "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection"
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" 0
Write-Output "Adding telemetry domains to hosts file"
$hosts_file = "$env:systemroot\System32\drivers\etc\hosts"
$domains = @(
"184-86-53-99.deploy.static.akamaitechnologies.com"
"a-0001.a-msedge.net"
"a-0002.a-msedge.net"
"a-0003.a-msedge.net"
"a-0004.a-msedge.net"
"a-0005.a-msedge.net"
"a-0006.a-msedge.net"
"a-0007.a-msedge.net"
"a-0008.a-msedge.net"
"a-0009.a-msedge.net"
"a1621.g.akamai.net"
"a1856.g2.akamai.net"
"a1961.g.akamai.net"
#"a248.e.akamai.net" # makes iTunes download button disappear (#43)
"a978.i6g1.akamai.net"
"a.ads1.msn.com"
"a.ads2.msads.net"
"a.ads2.msn.com"
"ac3.msn.com"
"ad.doubleclick.net"
"adnexus.net"
"adnxs.com"
"ads1.msads.net"
"ads1.msn.com"
"ads.msn.com"
"aidps.atdmt.com"
"aka-cdn-ns.adtech.de"
"a-msedge.net"
"any.edge.bing.com"
"a.rad.msn.com"
"az361816.vo.msecnd.net"
"az512334.vo.msecnd.net"
"b.ads1.msn.com"
"b.ads2.msads.net"
"bingads.microsoft.com"
"b.rad.msn.com"
"bs.serving-sys.com"
"c.atdmt.com"
"cdn.atdmt.com"
"cds26.ams9.msecn.net"
"choice.microsoft.com"
"choice.microsoft.com.nsatc.net"
"compatexchange.cloudapp.net"
"corpext.msitadfs.glbdns2.microsoft.com"
"corp.sts.microsoft.com"
"cs1.wpc.v0cdn.net"
"db3aqu.atdmt.com"
"df.telemetry.microsoft.com"
"diagnostics.support.microsoft.com"
"e2835.dspb.akamaiedge.net"
"e7341.g.akamaiedge.net"
"e7502.ce.akamaiedge.net"
"e8218.ce.akamaiedge.net"
"ec.atdmt.com"
"fe2.update.microsoft.com.akadns.net"
"feedback.microsoft-hohm.com"
"feedback.search.microsoft.com"
"feedback.windows.com"
"flex.msn.com"
"g.msn.com"
"h1.msn.com"
"h2.msn.com"
"hostedocsp.globalsign.com"
"i1.services.social.microsoft.com"
"i1.services.social.microsoft.com.nsatc.net"
"ipv6.msftncsi.com"
"ipv6.msftncsi.com.edgesuite.net"
"lb1.www.ms.akadns.net"
"live.rads.msn.com"
"m.adnxs.com"
"msedge.net"
"msftncsi.com"
"msnbot-65-55-108-23.search.msn.com"
"msntest.serving-sys.com"
"oca.telemetry.microsoft.com"
"oca.telemetry.microsoft.com.nsatc.net"
"onesettings-db5.metron.live.nsatc.net"
"pre.footprintpredict.com"
"preview.msn.com"
"rad.live.com"
"rad.msn.com"
"redir.metaservices.microsoft.com"
"reports.wes.df.telemetry.microsoft.com"
"schemas.microsoft.akadns.net"
"secure.adnxs.com"
"secure.flashtalking.com"
"services.wes.df.telemetry.microsoft.com"
"settings-sandbox.data.microsoft.com"
#"settings-win.data.microsoft.com" # may cause issues with Windows Updates
"sls.update.microsoft.com.akadns.net"
#"sls.update.microsoft.com.nsatc.net" # may cause issues with Windows Updates
"sqm.df.telemetry.microsoft.com"
"sqm.telemetry.microsoft.com"
"sqm.telemetry.microsoft.com.nsatc.net"
"ssw.live.com"
"static.2mdn.net"
"statsfe1.ws.microsoft.com"
"statsfe2.update.microsoft.com.akadns.net"
"statsfe2.ws.microsoft.com"
"survey.watson.microsoft.com"
"telecommand.telemetry.microsoft.com"
"telecommand.telemetry.microsoft.com.nsatc.net"
"telemetry.appex.bing.net"
"telemetry.microsoft.com"
"telemetry.urs.microsoft.com"
"vortex-bn2.metron.live.com.nsatc.net"
"vortex-cy2.metron.live.com.nsatc.net"
"vortex.data.microsoft.com"
"vortex-sandbox.data.microsoft.com"
"vortex-win.data.microsoft.com"
"cy2.vortex.data.microsoft.com.akadns.net"
"watson.live.com"
"watson.microsoft.com"
"watson.ppe.telemetry.microsoft.com"
"watson.telemetry.microsoft.com"
"watson.telemetry.microsoft.com.nsatc.net"
"wes.df.telemetry.microsoft.com"
"win10.ipv6.microsoft.com"
"www.bingads.microsoft.com"
"www.go.microsoft.akadns.net"
"www.msftncsi.com"
"client.wns.windows.com"
#"wdcp.microsoft.com" # may cause issues with Windows Defender Cloud-based protection
#"dns.msftncsi.com" # This causes Windows to think it doesn't have internet
#"storeedgefd.dsx.mp.microsoft.com" # breaks Windows Store
"wdcpalt.microsoft.com"
"settings-ssl.xboxlive.com"
"settings-ssl.xboxlive.com-c.edgekey.net"
"settings-ssl.xboxlive.com-c.edgekey.net.globalredir.akadns.net"
"e87.dspb.akamaidege.net"
"insiderservice.microsoft.com"
"insiderservice.trafficmanager.net"
"e3843.g.akamaiedge.net"
"flightingserviceweurope.cloudapp.net"
#"sls.update.microsoft.com" # may cause issues with Windows Updates
"static.ads-twitter.com" # may cause issues with Twitter login
"www-google-analytics.l.google.com"
"p.static.ads-twitter.com" # may cause issues with Twitter login
"hubspot.net.edge.net"
"e9483.a.akamaiedge.net"
#"www.google-analytics.com"
#"padgead2.googlesyndication.com"
#"mirror1.malwaredomains.com"
#"mirror.cedia.org.ec"
"stats.g.doubleclick.net"
"stats.l.doubleclick.net"
"adservice.google.de"
"adservice.google.com"
"googleads.g.doubleclick.net"
"pagead46.l.doubleclick.net"
"hubspot.net.edgekey.net"
"insiderppe.cloudapp.net" # Feedback-Hub
"livetileedge.dsx.mp.microsoft.com"
# extra
"fe2.update.microsoft.com.akadns.net"
"s0.2mdn.net"
"statsfe2.update.microsoft.com.akadns.net"
"survey.watson.microsoft.com"
"view.atdmt.com"
"watson.microsoft.com"
"watson.ppe.telemetry.microsoft.com"
"watson.telemetry.microsoft.com"
"watson.telemetry.microsoft.com.nsatc.net"
"wes.df.telemetry.microsoft.com"
"m.hotmail.com"
# can cause issues with Skype (#79) or other services (#171)
"apps.skype.com"
"c.msn.com"
# "login.live.com" # prevents login to outlook and other live apps
"pricelist.skype.com"
"s.gateway.messenger.live.com"
"ui.skype.com"
)
Write-Output "" | Out-File -Encoding ASCII -Append $hosts_file
foreach ($domain in $domains) {
if (-Not (Select-String -Path $hosts_file -Pattern $domain)) {
Write-Output "0.0.0.0 $domain" | Out-File -Encoding ASCII -Append $hosts_file
}
}
Write-Output "Adding telemetry ips to firewall"
$ips = @(
"134.170.30.202"
"137.116.81.24"
"157.56.106.189"
"184.86.53.99"
"2.22.61.43"
"2.22.61.66"
"204.79.197.200"
"23.218.212.69"
"65.39.117.230"
"65.52.108.33" # Causes problems with Microsoft Store
"65.55.108.23"
"64.4.54.254"
)
Remove-NetFirewallRule -DisplayName "Block Telemetry IPs" -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName "Block Telemetry IPs" -Direction Outbound `
-Action Block -RemoteAddress ([string[]]$ips)
#--- Disable Services ---
# Description:
# This script disables unwanted Windows services. If you do not want to disable
# certain services comment out the corresponding lines below.
$services = @(
"diagnosticshub.standardcollector.service" # Microsoft (R) Diagnostics Hub Standard Collector Service
"DiagTrack" # Diagnostics Tracking Service
"dmwappushservice" # WAP Push Message Routing Service (see known issues)
"HomeGroupListener" # HomeGroup Listener
"HomeGroupProvider" # HomeGroup Provider
"lfsvc" # Geolocation Service
"MapsBroker" # Downloaded Maps Manager
"NetTcpPortSharing" # Net.Tcp Port Sharing Service
"RemoteAccess" # Routing and Remote Access
"RemoteRegistry" # Remote Registry
"SharedAccess" # Internet Connection Sharing (ICS)
"TrkWks" # Distributed Link Tracking Client
#"WbioSrvc" # Windows Biometric Service (required for Fingerprint reader / facial detection)
#"WlanSvc" # WLAN AutoConfig
"WMPNetworkSvc" # Windows Media Player Network Sharing Service
"wscsvc" # Windows Security Center Service
#"WSearch" # Windows Search
"XblAuthManager" # Xbox Live Auth Manager
"XblGameSave" # Xbox Live Game Save Service
"XboxNetApiSvc" # Xbox Live Networking Service
"ndu" # Windows Network Data Usage Monitor
# Services which cannot be disabled
#"WdNisSvc"
)
foreach ($service in $services) {
Write-Output "Trying to disable $service"
Get-Service -Name $service | Set-Service -StartupType Disabled
}
#--- Remove Default Apps ---
# Description:
# This script removes unwanted Apps that come with Windows. If you do not want
# to remove certain Apps comment out the corresponding lines below.
Write-Output "Uninstalling default apps"
$apps = @(
# default Windows 10 apps
"Microsoft.3DBuilder"
"Microsoft.Appconnector"
"Microsoft.BingFinance"
"Microsoft.BingNews"
"Microsoft.BingSports"
"Microsoft.BingTranslator"
"Microsoft.BingWeather"
#"Microsoft.FreshPaint"
"Microsoft.GamingServices"
"Microsoft.Microsoft3DViewer"
"Microsoft.MicrosoftOfficeHub"
"Microsoft.MicrosoftPowerBIForWindows"
"Microsoft.MicrosoftSolitaireCollection"
#"Microsoft.MicrosoftStickyNotes"
"Microsoft.MinecraftUWP"
"Microsoft.NetworkSpeedTest"
"Microsoft.Office.OneNote"
#"Microsoft.OneConnect"
"Microsoft.People"
"Microsoft.Print3D"
"Microsoft.SkypeApp"
"Microsoft.Wallet"
#"Microsoft.Windows.Photos"
"Microsoft.WindowsAlarms"
#"Microsoft.WindowsCalculator"
"Microsoft.WindowsCamera"
"microsoft.windowscommunicationsapps"
"Microsoft.WindowsMaps"
"Microsoft.WindowsPhone"
"Microsoft.WindowsSoundRecorder"
#"Microsoft.WindowsStore" # can't be re-installed
"Microsoft.Xbox.TCUI"
"Microsoft.XboxApp"
"Microsoft.XboxGameOverlay"
"Microsoft.XboxGamingOverlay"
"Microsoft.XboxSpeechToTextOverlay"
"Microsoft.YourPhone"
"Microsoft.ZuneMusic"
"Microsoft.ZuneVideo"
# Threshold 2 apps
"Microsoft.CommsPhone"
"Microsoft.ConnectivityStore"
"Microsoft.GetHelp"
"Microsoft.Getstarted"
"Microsoft.Messaging"
"Microsoft.Office.Sway"
"Microsoft.OneConnect"
"Microsoft.WindowsFeedbackHub"
# Creators Update apps
"Microsoft.Microsoft3DViewer"
#"Microsoft.MSPaint"
#Redstone apps
"Microsoft.BingFoodAndDrink"
"Microsoft.BingHealthAndFitness"
"Microsoft.BingTravel"
"Microsoft.WindowsReadingList"
# Redstone 5 apps
"Microsoft.MixedReality.Portal"
"Microsoft.ScreenSketch"
"Microsoft.XboxGamingOverlay"
"Microsoft.YourPhone"
# non-Microsoft
"2FE3CB00.PicsArt-PhotoStudio"
"46928bounde.EclipseManager"
"4DF9E0F8.Netflix"
"613EBCEA.PolarrPhotoEditorAcademicEdition"
"6Wunderkinder.Wunderlist"
"7EE7776C.LinkedInforWindows"
"89006A2E.AutodeskSketchBook"
"9E2F88E3.Twitter"
"A278AB0D.DisneyMagicKingdoms"
"A278AB0D.MarchofEmpires"
"ActiproSoftwareLLC.562882FEEB491" # next one is for the Code Writer from Actipro Software LLC
"CAF9E577.Plex"
"ClearChannelRadioDigital.iHeartRadio"
"D52A8D61.FarmVille2CountryEscape"
"D5EA27B7.Duolingo-LearnLanguagesforFree"
"DB6EA5DB.CyberLinkMediaSuiteEssentials"
"DolbyLaboratories.DolbyAccess"
"DolbyLaboratories.DolbyAccess"
"Drawboard.DrawboardPDF"
"Facebook.Facebook"
"Fitbit.FitbitCoach"
"Flipboard.Flipboard"
"GAMELOFTSA.Asphalt8Airborne"
"KeeperSecurityInc.Keeper"
"Microsoft.BingNews"
"NORDCURRENT.COOKINGFEVER"
"PandoraMediaInc.29680B314EFC2"
"Playtika.CaesarsSlotsFreeCasino"
"ShazamEntertainmentLtd.Shazam"
"SlingTVLLC.SlingTV"
"SpotifyAB.SpotifyMusic"
#"TheNewYorkTimes.NYTCrossword"
"ThumbmunkeysLtd.PhototasticCollage"
"TuneIn.TuneInRadio"
"WinZipComputing.WinZipUniversal"
"XINGAG.XING"
"flaregamesGmbH.RoyalRevolt2"
"king.com.*"
"king.com.BubbleWitch3Saga"
"king.com.CandyCrushSaga"
"king.com.CandyCrushSodaSaga"
# apps which cannot be removed using Remove-AppxPackage
#"Microsoft.BioEnrollment"
#"Microsoft.MicrosoftEdge"
#"Microsoft.Windows.Cortana"
#"Microsoft.WindowsFeedback"
#"Microsoft.XboxGameCallableUI"
#"Microsoft.XboxIdentityProvider"
#"Windows.ContactSupport"
# apps which other apps depend on
"Microsoft.Advertising.Xaml"
)
foreach ($app in $apps) {
Write-Output "Trying to remove $app"
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers
Get-AppXProvisionedPackage -Online |
Where-Object DisplayName -EQ $app |
Remove-AppxProvisionedPackage -Online
}
# Prevents Apps from re-installing
$cdm = @(
"ContentDeliveryAllowed"
"FeatureManagementEnabled"
"OemPreInstalledAppsEnabled"
"PreInstalledAppsEnabled"
"PreInstalledAppsEverEnabled"
"SilentInstalledAppsEnabled"
"SubscribedContent-314559Enabled"
"SubscribedContent-338387Enabled"
"SubscribedContent-338388Enabled"
"SubscribedContent-338389Enabled"
"SubscribedContent-338393Enabled"
"SubscribedContentEnabled"
"SystemPaneSuggestionsEnabled"
)
_ForceMkdir "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
foreach ($key in $cdm) {
Set-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" $key 0
}
_ForceMkdir "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" "AutoDownload" 2
# Prevents "Suggested Applications" returning
_ForceMkdir "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" "DisableWindowsConsumerFeatures" 1
#--- Restore Temporary Settings ---
Enable-UAC
Enable-MicrosoftUpdate
Install-WindowsUpdate -AcceptEula
refreshenv
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment