2024-04-24 03:48:03 +00:00
# Enable debugging
#Set-PSDebug -Trace 1
# Check if PowerShell execution is restricted
2024-04-21 00:02:55 +00:00
if ( ( Get-ExecutionPolicy ) -eq 'Restricted' ) {
Write-Host " Your current PowerShell Execution Policy is set to Restricted, which prevents scripts from running. Do you want to change it to RemoteSigned? (yes/no) "
$response = Read-Host
if ( $response -eq 'yes' ) {
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Confirm: $false
} else {
Write-Host " The script cannot be run without changing the execution policy. Exiting... "
exit
}
}
2024-04-24 03:48:03 +00:00
# Check and run the script as admin if required
2024-05-01 23:30:41 +00:00
$adminSID = New-Object System . Security . Principal . SecurityIdentifier ( " S-1-5-32-544 " )
$adminGroup = $adminSID . Translate ( [ System.Security.Principal.NTAccount ] )
2024-04-21 00:02:55 +00:00
$myWindowsID = [ System.Security.Principal.WindowsIdentity ] :: GetCurrent ( )
$myWindowsPrincipal = new-object System . Security . Principal . WindowsPrincipal ( $myWindowsID )
$adminRole = [ System.Security.Principal.WindowsBuiltInRole ] :: Administrator
2024-04-24 03:48:03 +00:00
if ( ! $myWindowsPrincipal . IsInRole ( $adminRole ) )
2024-04-21 00:02:55 +00:00
{
2024-04-24 03:48:03 +00:00
Write-Host " Restarting Tiny11 image creator as admin in a new window, you can close this one. "
2024-04-22 08:40:16 +00:00
$newProcess = new-object System . Diagnostics . ProcessStartInfo " PowerShell " ;
$newProcess . Arguments = $myInvocation . MyCommand . Definition ;
$newProcess . Verb = " runas " ;
[ System.Diagnostics.Process ] :: Start ( $newProcess ) ;
exit
2024-04-21 00:02:55 +00:00
}
2024-04-24 03:48:03 +00:00
# Start the transcript and prepare the window
2024-05-01 20:40:33 +00:00
Start-Transcript -Path " $PSScriptRoot \tiny11.log "
2024-04-24 03:48:03 +00:00
$Host . UI . RawUI . WindowTitle = " Tiny11 image creator "
2024-04-21 00:02:55 +00:00
Clear-Host
2024-05-01 20:40:33 +00:00
Write-Host " Welcome to the tiny11 image creator! Release: 05-01-2024 "
2024-04-24 03:48:03 +00:00
2024-04-21 00:02:55 +00:00
$mainOSDrive = $env:SystemDrive
2024-04-24 03:48:03 +00:00
$hostArchitecture = $Env:PROCESSOR_ARCHITECTURE
2024-05-01 20:40:33 +00:00
New-Item -ItemType Directory -Force -Path " $mainOSDrive \tiny11\sources " > null
2024-04-21 00:02:55 +00:00
$DriveLetter = Read-Host " Please enter the drive letter for the Windows 11 image "
$DriveLetter = $DriveLetter + " : "
if ( ( Test-Path " $DriveLetter \sources\boot.wim " ) -eq $false -or ( Test-Path " $DriveLetter \sources\install.wim " ) -eq $false ) {
2024-05-01 20:40:33 +00:00
if ( ( Test-Path " $DriveLetter \sources\install.esd " ) -eq $true ) {
Write-Host " Found install.esd, converting to install.wim... "
2024-05-03 12:56:34 +00:00
Get-WindowsImage -ImagePath " $DriveLetter \sources\install.esd "
2024-05-01 20:40:33 +00:00
$index = Read-Host " Please enter the image index "
Write-Host ' '
Write-Host 'Converting install.esd to install.wim. This may take a while...'
2024-05-03 12:56:34 +00:00
Export-WindowsImage -SourceImagePath " $DriveLetter \sources\install.esd " -SourceIndex $index -DestinationImagePath " $mainOSDrive \tiny11\sources\install.wim " -CompressionType 'max' -CheckIntegrity
2024-05-01 20:40:33 +00:00
} else {
Write-Host " Can't find Windows OS Installation files in the specified Drive Letter.. "
Write-Host " Please enter the correct DVD Drive Letter.. "
exit
}
2024-04-21 00:02:55 +00:00
}
Write-Host " Copying Windows image... "
2024-05-01 20:40:33 +00:00
Copy-Item -Path " $DriveLetter \* " -Destination " $mainOSDrive \tiny11 " -Recurse -Force > null
Set-ItemProperty -Path " $mainOSDrive \tiny11\sources\install.esd " -Name IsReadOnly -Value $false > $null 2 > & 1
Remove-Item " $mainOSDrive \tiny11\sources\install.esd " > $null 2 > & 1
2024-04-21 00:02:55 +00:00
Write-Host " Copy complete! "
Start-Sleep -Seconds 2
Clear-Host
Write-Host " Getting image information: "
2024-05-03 12:56:34 +00:00
Get-WindowsImage -ImagePath " $mainOSDrive \tiny11\sources\install.wim "
2024-04-21 00:02:55 +00:00
$index = Read-Host " Please enter the image index "
Write-Host " Mounting Windows image. This may take a while. "
2024-05-01 20:40:33 +00:00
$wimFilePath = " $( $env:SystemDrive ) \tiny11\sources\install.wim "
& takeown " /F " $wimFilePath
2024-05-01 22:51:15 +00:00
& icacls $wimFilePath " /grant " " $( $adminGroup . Value ) :(F) "
2024-05-01 20:40:33 +00:00
try {
Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false -ErrorAction Stop
} catch {
# This block will catch the error and suppress it.
}
New-Item -ItemType Directory -Force -Path " $mainOSDrive \scratchdir " > $null
2024-05-03 12:56:34 +00:00
Mount-WindowsImage -ImagePath $wimFilePath -Index $index -Path " $( $env:SystemDrive ) \scratchdir "
2024-04-21 00:02:55 +00:00
2024-05-03 12:56:34 +00:00
$imageInfo = Get-WindowsImage -ImagePath $wimFilePath -Index $index
2024-04-21 00:02:55 +00:00
2024-05-03 12:56:34 +00:00
$languageCode = $imageInfo . Languages [ $imageInfo . DefaultLanguageIndex ]
Write-Host " Default system UI language code: $languageCode "
2024-04-21 00:02:55 +00:00
2024-05-03 12:56:34 +00:00
# Architecture enumeration found at https://github.com/jeffkl/ManagedDism/blob/94cf084528f4a986089335327ea67ff747a1dc6d/src/Microsoft.Dism/NativeEnums.cs#L275
switch ( $imageInfo . Architecture ) {
0 { $architecture = 'x86' }
9 { $architecture = 'amd64' }
5 { $architecture = 'arm' }
12 { $architecture = 'arm64' }
6 { $architecture = 'ia64' }
11 { $architecture = 'neutral' }
Default { $architecture = 'unknown' }
2024-04-21 00:02:55 +00:00
}
2024-05-03 12:56:34 +00:00
Write-Host " Architecture: $architecture "
2024-04-21 00:02:55 +00:00
Write-Host " Mounting complete! Performing removal of applications... "
2024-05-03 12:56:34 +00:00
$packagesToRemove = @ (
'Clipchamp.Clipchamp' , 'Microsoft.BingNews' , 'Microsoft.BingWeather' ,
'Microsoft.GamingApp' , 'Microsoft.GetHelp' , 'Microsoft.Getstarted' ,
'Microsoft.MicrosoftOfficeHub' , 'Microsoft.MicrosoftSolitaireCollection' ,
'Microsoft.People' , 'Microsoft.PowerAutomateDesktop' , 'Microsoft.Todos' ,
'Microsoft.WindowsAlarms' , 'microsoft.windowscommunicationsapps' ,
'Microsoft.WindowsFeedbackHub' , 'Microsoft.WindowsMaps' ,
'Microsoft.WindowsSoundRecorder' , 'Microsoft.Xbox.TCUI' ,
'Microsoft.XboxGamingOverlay' , 'Microsoft.XboxGameOverlay' ,
'Microsoft.XboxSpeechToTextOverlay' , 'Microsoft.YourPhone' ,
'Microsoft.ZuneMusic' , 'Microsoft.ZuneVideo' ,
'MicrosoftCorporationII.MicrosoftFamily' , 'MicrosoftCorporationII.QuickAssist' ,
'MicrosoftTeams' , 'Microsoft.549981C3F5F10'
)
Get-AppxProvisionedPackage -Path " $( $env:SystemDrive ) \scratchdir " | Where-Object { $_ . DisplayName -In $packagesToRemove } | Remove-AppxProvisionedPackage -Path " $( $env:SystemDrive ) \scratchdir "
2024-04-21 00:02:55 +00:00
Write-Host " Removing Edge: "
2024-05-01 20:40:33 +00:00
Remove-Item -Path " $mainOSDrive \scratchdir\Program Files (x86)\Microsoft\Edge " -Recurse -Force > null
Remove-Item -Path " $mainOSDrive \scratchdir\Program Files (x86)\Microsoft\EdgeUpdate " -Recurse -Force > null
Remove-Item -Path " $mainOSDrive \scratchdir\Program Files (x86)\Microsoft\EdgeCore " -Recurse -Force > null
2024-04-21 00:02:55 +00:00
if ( $architecture -eq 'amd64' ) {
$folderPath = Get-ChildItem -Path " $mainOSDrive \scratchdir\Windows\WinSxS " -Filter " amd64_microsoft-edge-webview_31bf3856ad364e35* " -Directory | Select-Object -ExpandProperty FullName
if ( $folderPath ) {
2024-05-01 20:40:33 +00:00
& 'takeown' '/f' $folderPath '/r' > null
2024-05-01 22:51:15 +00:00
& icacls $folderPath " /grant " " $( $adminGroup . Value ) :(F) " '/T' '/C' > null
2024-05-01 20:40:33 +00:00
Remove-Item -Path $folderPath -Recurse -Force > null
2024-04-21 00:02:55 +00:00
} else {
Write-Host " Folder not found. "
}
} elseif ( $architecture -eq 'arm64' ) {
2024-05-01 20:40:33 +00:00
$folderPath = Get-ChildItem -Path " $mainOSDrive \scratchdir\Windows\WinSxS " -Filter " arm64_microsoft-edge-webview_31bf3856ad364e35* " -Directory | Select-Object -ExpandProperty FullName > null
2024-04-21 00:02:55 +00:00
if ( $folderPath ) {
2024-05-01 20:40:33 +00:00
& 'takeown' '/f' $folderPath '/r' > null
2024-05-01 22:51:15 +00:00
& icacls $folderPath " /grant " " $( $adminGroup . Value ) :(F) " '/T' '/C' > null
2024-05-01 20:40:33 +00:00
Remove-Item -Path $folderPath -Recurse -Force > null
2024-04-21 00:02:55 +00:00
} else {
Write-Host " Folder not found. "
}
} else {
Write-Host " Unknown architecture: $architecture "
}
2024-05-01 20:40:33 +00:00
& 'takeown' '/f' " $mainOSDrive \scratchdir\Windows\System32\Microsoft-Edge-Webview " '/r' > null
2024-05-01 22:51:15 +00:00
& 'icacls' " $mainOSDrive \scratchdir\Windows\System32\Microsoft-Edge-Webview " '/grant' " $( $adminGroup . Value ) :(F) " '/T' '/C' > null
2024-05-01 20:40:33 +00:00
Remove-Item -Path " $mainOSDrive \scratchdir\Windows\System32\Microsoft-Edge-Webview " -Recurse -Force > null
2024-04-21 00:02:55 +00:00
Write-Host " Removing OneDrive: "
2024-05-01 20:40:33 +00:00
& 'takeown' '/f' " $mainOSDrive \scratchdir\Windows\System32\OneDriveSetup.exe " > null
2024-05-01 22:51:15 +00:00
& 'icacls' " $mainOSDrive \scratchdir\Windows\System32\OneDriveSetup.exe " '/grant' " $( $adminGroup . Value ) :(F) " '/T' '/C' > null
2024-05-01 20:40:33 +00:00
Remove-Item -Path " $mainOSDrive \scratchdir\Windows\System32\OneDriveSetup.exe " -Force > null
2024-04-21 00:02:55 +00:00
Write-Host " Removal complete! "
Start-Sleep -Seconds 2
Clear-Host
Write-Host " Loading registry... "
2024-05-01 20:40:33 +00:00
reg load HKLM \ zCOMPONENTS $mainOSDrive \ scratchdir \ Windows \ System32 \ config \ COMPONENTS > null
reg load HKLM \ zDEFAULT $mainOSDrive \ scratchdir \ Windows \ System32 \ config \ default > null
reg load HKLM \ zNTUSER $mainOSDrive \ scratchdir \ Users \ Default \ ntuser . dat > null
reg load HKLM \ zSOFTWARE $mainOSDrive \ scratchdir \ Windows \ System32 \ config \ SOFTWARE > null
reg load HKLM \ zSYSTEM $mainOSDrive \ scratchdir \ Windows \ System32 \ config \ SYSTEM > null
2024-04-21 00:02:55 +00:00
Write-Host " Bypassing system requirements(on the system image): "
2024-05-01 20:40:33 +00:00
& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' > null
2024-04-21 00:02:55 +00:00
Write-Host " Disabling Sponsored Apps: "
2024-05-01 20:40:33 +00:00
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableWindowsConsumerFeatures' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\PolicyManager\current\device\Start' '/v' 'ConfigureStartPins' '/t' 'REG_SZ' '/d' '{"pinnedList": [{}]}' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'FeatureManagementEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEverEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SoftLandingEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-310093Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338388Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338389Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338393Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353694Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353696Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SystemPaneSuggestionsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\PushToInstall' '/v' 'DisablePushToInstall' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\MRT' '/v' 'DontOfferThroughWUAU' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions' '/f' > null
& 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\SuggestedApps' '/f' > null
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableConsumerAccountStateContent' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableCloudOptimizedContent' '/t' 'REG_DWORD' '/d' '1' '/f' > null
2024-04-21 00:02:55 +00:00
Write-Host " Enabling Local Accounts on OOBE: "
2024-05-01 20:40:33 +00:00
& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' '/v' 'BypassNRO' '/t' 'REG_DWORD' '/d' '1' '/f' > null
Copy-Item -Path " $PSScriptRoot \autounattend.xml " -Destination " $mainOSDrive \scratchdir\Windows\System32\Sysprep\autounattend.xml " -Force > null
2024-04-21 00:02:55 +00:00
Write-Host " Disabling Reserved Storage: "
2024-05-01 20:40:33 +00:00
& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' '/v' 'ShippedWithReserves' '/t' 'REG_DWORD' '/d' '0' '/f' > null
2024-04-21 00:02:55 +00:00
Write-Host " Disabling Chat icon: "
2024-05-01 20:40:33 +00:00
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\Windows Chat' '/v' 'ChatIcon' '/t' 'REG_DWORD' '/d' '3' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' '/v' 'TaskbarMn' '/t' 'REG_DWORD' '/d' '0' '/f' > null
Write-Host " Removing Edge related registries "
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge " / f > null
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update " / f > null
2024-04-29 16:59:03 +00:00
Write-Host " Disabling Telemetry: "
2024-05-01 20:40:33 +00:00
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy' '/v' 'TailoredExperiencesWithDiagnosticDataEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy' '/v' 'HasAccepted' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Input\TIPC' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitInkCollection' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitTextCollection' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization\TrainedDataStore' '/v' 'HarvestContacts' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' '/v' 'AcceptedPrivacyPolicy' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' '/v' 'AllowTelemetry' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f' > null
2024-05-02 08:56:55 +00:00
Write-Host " Disabling bing in Start Menu: "
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer'
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer' '/v' 'ShowRunAsDifferentUserInStart' '/t' 'REG_DWORD' '/d' '1' '/f'
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer' '/v' 'DisableSearchBoxSuggestions' '/t' 'REG_DWORD' '/d' '1' '/f'
2024-04-29 16:59:03 +00:00
## this function allows PowerShell to take ownership of the Scheduled Tasks registry key from TrustedInstaller. Based on Jose Espitia's script.
function Enable-Privilege {
param (
[ ValidateSet (
" SeAssignPrimaryTokenPrivilege " , " SeAuditPrivilege " , " SeBackupPrivilege " ,
" SeChangeNotifyPrivilege " , " SeCreateGlobalPrivilege " , " SeCreatePagefilePrivilege " ,
" SeCreatePermanentPrivilege " , " SeCreateSymbolicLinkPrivilege " , " SeCreateTokenPrivilege " ,
" SeDebugPrivilege " , " SeEnableDelegationPrivilege " , " SeImpersonatePrivilege " , " SeIncreaseBasePriorityPrivilege " ,
" SeIncreaseQuotaPrivilege " , " SeIncreaseWorkingSetPrivilege " , " SeLoadDriverPrivilege " ,
" SeLockMemoryPrivilege " , " SeMachineAccountPrivilege " , " SeManageVolumePrivilege " ,
" SeProfileSingleProcessPrivilege " , " SeRelabelPrivilege " , " SeRemoteShutdownPrivilege " ,
" SeRestorePrivilege " , " SeSecurityPrivilege " , " SeShutdownPrivilege " , " SeSyncAgentPrivilege " ,
" SeSystemEnvironmentPrivilege " , " SeSystemProfilePrivilege " , " SeSystemtimePrivilege " ,
" SeTakeOwnershipPrivilege " , " SeTcbPrivilege " , " SeTimeZonePrivilege " , " SeTrustedCredManAccessPrivilege " ,
" SeUndockPrivilege " , " SeUnsolicitedInputPrivilege " ) ]
$Privilege ,
## The process on which to adjust the privilege. Defaults to the current process.
$ProcessId = $pid ,
## Switch to disable the privilege, rather than enable it.
[ Switch ] $Disable
)
$definition = @ '
using System ;
using System . Runtime . InteropServices ;
public class AdjPriv
{
[ DllImport ( " advapi32.dll " , ExactSpelling = true , SetLastError = true ) ]
internal static extern bool AdjustTokenPrivileges ( IntPtr htok , bool disall ,
ref TokPriv1Luid newst , int len , IntPtr prev , IntPtr relen ) ;
[ DllImport ( " advapi32.dll " , ExactSpelling = true , SetLastError = true ) ]
internal static extern bool OpenProcessToken ( IntPtr h , int acc , ref IntPtr phtok ) ;
[ DllImport ( " advapi32.dll " , SetLastError = true ) ]
internal static extern bool LookupPrivilegeValue ( string host , string name , ref long pluid ) ;
[ StructLayout ( LayoutKind . Sequential , Pack = 1 ) ]
internal struct TokPriv1Luid
{
public int Count ;
public long Luid ;
public int Attr ;
}
internal const int SE_PRIVILEGE_ENABLED = 0x00000002 ;
internal const int SE_PRIVILEGE_DISABLED = 0x00000000 ;
internal const int TOKEN_QUERY = 0x00000008 ;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020 ;
public static bool EnablePrivilege ( long processHandle , string privilege , bool disable )
{
bool retVal ;
TokPriv1Luid tp ;
IntPtr hproc = new IntPtr ( processHandle ) ;
IntPtr htok = IntPtr . Zero ;
retVal = OpenProcessToken ( hproc , TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY , ref htok ) ;
tp . Count = 1 ;
tp . Luid = 0 ;
if ( disable )
{
tp . Attr = SE_PRIVILEGE_DISABLED ;
}
else
{
tp . Attr = SE_PRIVILEGE_ENABLED ;
}
retVal = LookupPrivilegeValue ( null , privilege , ref tp . Luid ) ;
retVal = AdjustTokenPrivileges ( htok , false , ref tp , 0 , IntPtr . Zero , IntPtr . Zero ) ;
return retVal ;
}
}
' @
$processHandle = ( Get-Process -id $ProcessId ) . Handle
$type = Add-Type $definition -PassThru
$type [ 0 ] :: EnablePrivilege ( $processHandle , $Privilege , $Disable )
}
Enable-Privilege SeTakeOwnershipPrivilege
$regKey = [ Microsoft.Win32.Registry ] :: LocalMachine . OpenSubKey ( " zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks " , [ Microsoft.Win32.RegistryKeyPermissionCheck ] :: ReadWriteSubTree , [ System.Security.AccessControl.RegistryRights ] :: TakeOwnership )
$regACL = $regKey . GetAccessControl ( )
2024-05-01 23:30:41 +00:00
$regACL . SetOwner ( $adminGroup )
2024-04-29 16:59:03 +00:00
$regKey . SetAccessControl ( $regACL )
$regKey . Close ( )
Write-Host " Owner changed to Administrators. "
$regKey = [ Microsoft.Win32.Registry ] :: LocalMachine . OpenSubKey ( " zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks " , [ Microsoft.Win32.RegistryKeyPermissionCheck ] :: ReadWriteSubTree , [ System.Security.AccessControl.RegistryRights ] :: ChangePermissions )
$regACL = $regKey . GetAccessControl ( )
2024-05-01 23:30:41 +00:00
$regRule = New-Object System . Security . AccessControl . RegistryAccessRule ( $adminGroup , " FullControl " , " ContainerInherit " , " None " , " Allow " )
2024-04-29 16:59:03 +00:00
$regACL . SetAccessRule ( $regRule )
$regKey . SetAccessControl ( $regACL )
Write-Host " Permissions modified for Administrators group. "
Write-Host " Registry key permissions successfully updated. "
$regKey . Close ( )
Write-Host 'Deleting Application Compatibility Appraiser'
2024-05-01 20:40:33 +00:00
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0600DD45-FAF2-4131-A006-0B17509B9F78} " / f > null
2024-04-29 16:59:03 +00:00
Write-Host 'Deleting Customer Experience Improvement Program'
2024-05-01 20:40:33 +00:00
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81} " / f > null
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FAC31FA-4A85-4E64-BFD5-2154FF4594B3} " / f > null
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC931F16-B50A-472E-B061-B6F79A71EF59} " / f > null
Write-Host 'Deleting Program Data Updater'
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0671EB05-7D95-4153-A32B-1426B9FE61DB} " / f > null
2024-04-29 16:59:03 +00:00
Write-Host 'Deleting autochk proxy'
2024-05-01 20:40:33 +00:00
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87BF85F4-2CE1-4160-96EA-52F554AA28A2} " / f > null
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A9C643C-3D74-4099-B6BD-9C6D170898B1} " / f > null
2024-04-29 16:59:03 +00:00
Write-Host 'Deleting QueueReporting'
2024-05-01 20:40:33 +00:00
reg delete " HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3176A65-4E44-4ED3-AA73-3283660ACB9C} " / f > null
2024-04-21 00:02:55 +00:00
Write-Host " Tweaking complete! "
Write-Host " Unmounting Registry... "
2024-04-29 16:59:03 +00:00
$regKey . Close ( )
2024-05-01 20:40:33 +00:00
reg unload HKLM \ zCOMPONENTS > null
reg unload HKLM \ zDRIVERS > null
reg unload HKLM \ zDEFAULT > null
reg unload HKLM \ zNTUSER > null
reg unload HKLM \ zSCHEMA > null
2024-04-21 00:02:55 +00:00
reg unload HKLM \ zSOFTWARE
2024-05-01 20:40:33 +00:00
reg unload HKLM \ zSYSTEM > null
2024-04-21 00:02:55 +00:00
Write-Host " Cleaning up image... "
2024-05-03 12:56:34 +00:00
Repair-WindowsImage -Path " $mainOSDrive \scratchdir " -StartComponentCleanup -ResetBase
2024-04-21 00:02:55 +00:00
Write-Host " Cleanup complete. "
2024-05-01 20:40:33 +00:00
Write-Host ' '
2024-04-21 00:02:55 +00:00
Write-Host " Unmounting image... "
2024-05-03 12:56:34 +00:00
Dismount-WindowsImage -Path " $mainOSDrive \scratchdir " -Save
2024-04-21 00:02:55 +00:00
Write-Host " Exporting image... "
2024-05-03 12:56:34 +00:00
Export-WindowsImage -SourceImagePath " $mainOSDrive \tiny11\sources\install.wim " -SourceIndex $index -DestinationImagePath " $mainOSDrive \tiny11\sources\install2.wim " -CompressionType 'max'
2024-05-01 20:40:33 +00:00
Remove-Item -Path " $mainOSDrive \tiny11\sources\install.wim " -Force > null
Rename-Item -Path " $mainOSDrive \tiny11\sources\install2.wim " -NewName " install.wim " > null
2024-04-21 00:02:55 +00:00
Write-Host " Windows image completed. Continuing with boot.wim. "
Start-Sleep -Seconds 2
Clear-Host
Write-Host " Mounting boot image: "
2024-05-01 20:40:33 +00:00
$wimFilePath = " $( $env:SystemDrive ) \tiny11\sources\boot.wim "
& takeown " /F " $wimFilePath > null
2024-05-01 22:51:15 +00:00
& icacls $wimFilePath " /grant " " $( $adminGroup . Value ) :(F) "
2024-04-21 00:02:55 +00:00
Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false
2024-05-03 12:56:34 +00:00
Mount-WindowsImage -ImagePath $wimFilePath -Index 2 -Path " $mainOSDrive \scratchdir "
2024-04-21 00:02:55 +00:00
Write-Host " Loading registry... "
reg load HKLM \ zCOMPONENTS $mainOSDrive \ scratchdir \ Windows \ System32 \ config \ COMPONENTS
reg load HKLM \ zDEFAULT $mainOSDrive \ scratchdir \ Windows \ System32 \ config \ default
reg load HKLM \ zNTUSER $mainOSDrive \ scratchdir \ Users \ Default \ ntuser . dat
reg load HKLM \ zSOFTWARE $mainOSDrive \ scratchdir \ Windows \ System32 \ config \ SOFTWARE
reg load HKLM \ zSYSTEM $mainOSDrive \ scratchdir \ Windows \ System32 \ config \ SYSTEM
Write-Host " Bypassing system requirements(on the setup image): "
2024-05-01 20:40:33 +00:00
& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' > null
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' > null
2024-04-21 00:02:55 +00:00
Write-Host " Tweaking complete! "
Write-Host " Unmounting Registry... "
2024-04-29 16:59:03 +00:00
$regKey . Close ( )
2024-05-01 20:40:33 +00:00
reg unload HKLM \ zCOMPONENTS > null
reg unload HKLM \ zDRIVERS > null
reg unload HKLM \ zDEFAULT > null
reg unload HKLM \ zNTUSER > null
reg unload HKLM \ zSCHEMA > null
2024-04-29 16:59:03 +00:00
$regKey . Close ( )
2024-04-21 00:02:55 +00:00
reg unload HKLM \ zSOFTWARE
2024-05-01 20:40:33 +00:00
reg unload HKLM \ zSYSTEM > null
2024-04-21 00:02:55 +00:00
Write-Host " Unmounting image... "
2024-05-03 12:56:34 +00:00
Dismount-WindowsImage -Path " $mainOSDrive \scratchdir " -Save
2024-04-21 00:02:55 +00:00
Clear-Host
Write-Host " The tiny11 image is now completed. Proceeding with the making of the ISO... "
Write-Host " Copying unattended file for bypassing MS account on OOBE... "
2024-05-01 20:40:33 +00:00
Copy-Item -Path " $PSScriptRoot \autounattend.xml " -Destination " $mainOSDrive \tiny11\autounattend.xml " -Force > null
2024-04-21 00:02:55 +00:00
Write-Host " Creating ISO image... "
2024-04-24 03:48:03 +00:00
$ADKDepTools = " C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\ $hostarchitecture \Oscdimg "
if ( [ System.IO.Directory ] :: Exists ( $ADKDepTools ) ) {
Write-Host " Will be using oscdimg.exe from system ADK. "
$OSCDIMG = " $ADKDepTools \oscdimg.exe "
} else {
Write-Host " Will be using bundled oscdimg.exe. "
$OSCDIMG = " $PSScriptRoot \oscdimg.exe "
}
& " $OSCDIMG " '-m' '-o' '-u2' '-udfver102' " -bootdata:2#p0,e,b $mainOSDrive \tiny11\boot\etfsboot.com#pEF,e,b $mainOSDrive \tiny11\efi\microsoft\boot\efisys.bin " " $mainOSDrive \tiny11 " " $PSScriptRoot \tiny11.iso "
# Finishing up
2024-04-21 00:02:55 +00:00
Write-Host " Creation completed! Press any key to exit the script... "
Read-Host " Press Enter to continue "
Write-Host " Performing Cleanup... "
2024-05-01 20:40:33 +00:00
Remove-Item -Path " $mainOSDrive \tiny11 " -Recurse -Force > null
Remove-Item -Path " $mainOSDrive \scratchdir " -Recurse -Force > null
2024-04-24 03:48:03 +00:00
# Stop the transcript
Stop-Transcript
exit