mirror of
https://github.com/ntdevlabs/tiny11builder.git
synced 2024-11-24 04:45:30 +00:00
Introducing tiny11 core builder!
This commit is contained in:
NTDEV
GitHub
parent
08eb2ff741
commit
218e141897
14
README.md
14
README.md
@ -13,12 +13,14 @@ Since it is written in PowerShell, you need to set the execution policy to `Unr
|
|||||||
If you haven't done this before, make sure to run `Set-ExecutionPolicy unrestricted` as administrator in PowerShell before running the script, otherwise it would just crash.
|
If you haven't done this before, make sure to run `Set-ExecutionPolicy unrestricted` as administrator in PowerShell before running the script, otherwise it would just crash.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
This is a script created to automate the build of a streamlined Windows 11 image, similar to tiny11.
|
This is a script created to automate the build of a streamlined Windows 11 image, similar to tiny11.
|
||||||
My main goal is to use only Microsoft utilities like DISM, and no utilities from external sources. The only executable included is **oscdimg.exe**, which is provided in the Windows ADK and it is used to create bootable ISO images.
|
My main goal is to use only Microsoft utilities like DISM, and no utilities from external sources. The only executable included is **oscdimg.exe**, which is provided in the Windows ADK and it is used to create bootable ISO images.
|
||||||
Also included is an unattended answer file, which is used to bypass the Microsoft Account on OOBE and to deploy the image with the `/compact` flag.
|
Also included is an unattended answer file, which is used to bypass the Microsoft Account on OOBE and to deploy the image with the `/compact` flag.
|
||||||
It's open-source, **so feel free to add or remove anything you want!** Feedback is also much appreciated.
|
It's open-source, **so feel free to add or remove anything you want!** Feedback is also much appreciated.
|
||||||
|
|
||||||
|
Also, for the very first time, **introducing tiny11 core builder**! A more powerful script, designed for a quick and dirty development testbed. Just the bare minimun, none of the fluff.
|
||||||
|
This script generates a significantly reduced Windows 11 image. However, it's not suitable for regular use due to its lack of serviceability - you can't add languages, updates, or features post-creation. tiny11 Core is not a full Windows 11 substitute but a rapid testing or development tool, potentially useful for VM environments.
|
||||||
|
|
||||||
Instructions:
|
Instructions:
|
||||||
|
|
||||||
1. Download Windows 11 from the Microsoft website (<https://www.microsoft.com/software-download/windows11>)
|
1. Download Windows 11 from the Microsoft website (<https://www.microsoft.com/software-download/windows11>)
|
||||||
@ -54,6 +56,16 @@ What is removed:
|
|||||||
- Edge
|
- Edge
|
||||||
- OneDrive
|
- OneDrive
|
||||||
|
|
||||||
|
For tiny11 core:
|
||||||
|
- all of the above +
|
||||||
|
- Windows Component Store (WinSxS)
|
||||||
|
- Windows Defender (only disabled, can be enabled back if needed)
|
||||||
|
- Windows Update (Windows Update wouldn't work anyway without WinSxS, so enabling it would only put the system in a state where it would try to update but fail spectacularily)
|
||||||
|
- WinRE
|
||||||
|
Keep in mind that **you cannot add back features in tiny11 core**!
|
||||||
|
<br>
|
||||||
|
You will be asked during iamge creation if you want to enable .net 3.5 support!
|
||||||
|
</br>
|
||||||
Known issues:
|
Known issues:
|
||||||
|
|
||||||
1. Although Edge is removed, there are some remnants in the Settings. But the app in itself is deleted. You can install any browser using WinGet (after you update the app using Microsoft Store). If you want Edge, Copilot and Web Search back, simply install Edge using Winget: `winget install edge`.
|
1. Although Edge is removed, there are some remnants in the Settings. But the app in itself is deleted. You can install any browser using WinGet (after you update the app using Microsoft Store). If you want Edge, Copilot and Web Search back, simply install Edge using Winget: `winget install edge`.
|
||||||
|
|||||||
758
tiny11Coremaker.ps1
Normal file
758
tiny11Coremaker.ps1
Normal file
@ -0,0 +1,758 @@
|
|||||||
|
# Enable debugging
|
||||||
|
#Set-PSDebug -Trace 1
|
||||||
|
|
||||||
|
# Check if PowerShell execution is restricted
|
||||||
|
if ((Get-ExecutionPolicy) -eq 'Restricted') {
|
||||||
|
Write-Host "Your current PowerShell Execution Policy is set to Restricted, which prevents scripts from running. Do you want to change it to RemoteSigned? (yes/no)"
|
||||||
|
$response = Read-Host
|
||||||
|
if ($response -eq 'yes') {
|
||||||
|
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Confirm:$false
|
||||||
|
} else {
|
||||||
|
Write-Host "The script cannot be run without changing the execution policy. Exiting..."
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check and run the script as admin if required
|
||||||
|
$adminSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
|
||||||
|
$adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount])
|
||||||
|
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
|
||||||
|
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
|
||||||
|
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
|
||||||
|
if (! $myWindowsPrincipal.IsInRole($adminRole))
|
||||||
|
{
|
||||||
|
Write-Host "Restarting Tiny11 image creator as admin in a new window, you can close this one."
|
||||||
|
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
|
||||||
|
$newProcess.Arguments = $myInvocation.MyCommand.Definition;
|
||||||
|
$newProcess.Verb = "runas";
|
||||||
|
[System.Diagnostics.Process]::Start($newProcess);
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
Start-Transcript -Path "$PSScriptRoot\tiny11.log"
|
||||||
|
# Ask the user for input
|
||||||
|
Write-Host "Welcome to tiny11 core builder! BETA 05-06-24"
|
||||||
|
Write-Host "This script generates a significantly reduced Windows 11 image. However, it's not suitable for regular use due to its lack of serviceability - you can't add languages, updates, or features post-creation. tiny11 Core is not a full Windows 11 substitute but a rapid testing or development tool, potentially useful for VM environments."
|
||||||
|
Write-Host "Do you want to continue? (y/n)"
|
||||||
|
$input = Read-Host
|
||||||
|
|
||||||
|
if ($input -eq 'y') {
|
||||||
|
Write-Host "Off we go..."
|
||||||
|
Start-Sleep -Seconds 3
|
||||||
|
Clear-Host
|
||||||
|
|
||||||
|
$mainOSDrive = $env:SystemDrive
|
||||||
|
$hostArchitecture = $Env:PROCESSOR_ARCHITECTURE
|
||||||
|
New-Item -ItemType Directory -Force -Path "$mainOSDrive\tiny11\sources" >null
|
||||||
|
$DriveLetter = Read-Host "Please enter the drive letter for the Windows 11 image"
|
||||||
|
$DriveLetter = $DriveLetter + ":"
|
||||||
|
|
||||||
|
if ((Test-Path "$DriveLetter\sources\boot.wim") -eq $false -or (Test-Path "$DriveLetter\sources\install.wim") -eq $false) {
|
||||||
|
if ((Test-Path "$DriveLetter\sources\install.esd") -eq $true) {
|
||||||
|
Write-Host "Found install.esd, converting to install.wim..."
|
||||||
|
& 'dism' '/English' "/Get-WimInfo" "/wimfile:$DriveLetter\sources\install.esd"
|
||||||
|
$index = Read-Host "Please enter the image index"
|
||||||
|
Write-Host ' '
|
||||||
|
Write-Host 'Converting install.esd to install.wim. This may take a while...'
|
||||||
|
& 'DISM' /Export-Image /SourceImageFile:"$DriveLetter\sources\install.esd" /SourceIndex:$index /DestinationImageFile:"$mainOSDrive\tiny11\sources\install.wim" /Compress:max /CheckIntegrity
|
||||||
|
} else {
|
||||||
|
Write-Host "Can't find Windows OS Installation files in the specified Drive Letter.."
|
||||||
|
Write-Host "Please enter the correct DVD Drive Letter.."
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Host "Copying Windows image..."
|
||||||
|
Copy-Item -Path "$DriveLetter\*" -Destination "$mainOSDrive\tiny11" -Recurse -Force > null
|
||||||
|
Set-ItemProperty -Path "$mainOSDrive\tiny11\sources\install.esd" -Name IsReadOnly -Value $false > $null 2>&1
|
||||||
|
Remove-Item "$mainOSDrive\tiny11\sources\install.esd" > $null 2>&1
|
||||||
|
Write-Host "Copy complete!"
|
||||||
|
Start-Sleep -Seconds 2
|
||||||
|
Clear-Host
|
||||||
|
Write-Host "Getting image information:"
|
||||||
|
& 'dism' '/English' "/Get-WimInfo" "/wimfile:$mainOSDrive\tiny11\sources\install.wim"
|
||||||
|
$index = Read-Host "Please enter the image index"
|
||||||
|
Write-Host "Mounting Windows image. This may take a while."
|
||||||
|
$wimFilePath = "$($env:SystemDrive)\tiny11\sources\install.wim"
|
||||||
|
& takeown "/F" $wimFilePath
|
||||||
|
& icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)"
|
||||||
|
try {
|
||||||
|
Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false -ErrorAction Stop
|
||||||
|
} catch {
|
||||||
|
# This block will catch the error and suppress it.
|
||||||
|
}
|
||||||
|
New-Item -ItemType Directory -Force -Path "$mainOSDrive\scratchdir" > $null
|
||||||
|
& dism /English "/mount-image" "/imagefile:$($env:SystemDrive)\tiny11\sources\install.wim" "/index:$index" "/mountdir:$($env:SystemDrive)\scratchdir"
|
||||||
|
|
||||||
|
$imageIntl = & dism /English /Get-Intl "/Image:$($env:SystemDrive)\scratchdir"
|
||||||
|
$languageLine = $imageIntl -split '\n' | Where-Object { $_ -match 'Default system UI language : ([a-zA-Z]{2}-[a-zA-Z]{2})' }
|
||||||
|
|
||||||
|
if ($languageLine) {
|
||||||
|
$languageCode = $Matches[1]
|
||||||
|
Write-Host "Default system UI language code: $languageCode"
|
||||||
|
} else {
|
||||||
|
Write-Host "Default system UI language code not found."
|
||||||
|
}
|
||||||
|
|
||||||
|
$imageInfo = & 'dism' '/English' '/Get-WimInfo' "/wimFile:$($env:SystemDrive)\tiny11\sources\install.wim" "/index:$index"
|
||||||
|
$lines = $imageInfo -split '\r?\n'
|
||||||
|
|
||||||
|
foreach ($line in $lines) {
|
||||||
|
if ($line -like '*Architecture : *') {
|
||||||
|
$architecture = $line -replace 'Architecture : ',''
|
||||||
|
# If the architecture is x64, replace it with amd64
|
||||||
|
if ($architecture -eq 'x64') {
|
||||||
|
$architecture = 'amd64'
|
||||||
|
}
|
||||||
|
Write-Host "Architecture: $architecture"
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (-not $architecture) {
|
||||||
|
Write-Host "Architecture information not found."
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Host "Mounting complete! Performing removal of applications..."
|
||||||
|
|
||||||
|
$packages = & 'dism' '/English' "/image:$($env:SystemDrive)\scratchdir" '/Get-ProvisionedAppxPackages' |
|
||||||
|
ForEach-Object {
|
||||||
|
if ($_ -match 'PackageName : (.*)') {
|
||||||
|
$matches[1]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$packagePrefixes = 'Clipchamp.Clipchamp_', 'Microsoft.SecHealthUI_', 'Microsoft.Windows.PeopleExperienceHost_', 'Microsoft.Windows.PinningConfirmationDialog_', 'Windows.CBSPreview_', 'Microsoft.BingNews_', 'Microsoft.BingWeather_', 'Microsoft.GamingApp_', 'Microsoft.GetHelp_', 'Microsoft.Getstarted_', 'Microsoft.MicrosoftOfficeHub_', 'Microsoft.MicrosoftSolitaireCollection_', 'Microsoft.People_', 'Microsoft.PowerAutomateDesktop_', 'Microsoft.Todos_', 'Microsoft.WindowsAlarms_', 'microsoft.windowscommunicationsapps_', 'Microsoft.WindowsFeedbackHub_', 'Microsoft.WindowsMaps_', 'Microsoft.WindowsSoundRecorder_', 'Microsoft.Xbox.TCUI_', 'Microsoft.XboxGamingOverlay_', 'Microsoft.XboxGameOverlay_', 'Microsoft.XboxSpeechToTextOverlay_', 'Microsoft.YourPhone_', 'Microsoft.ZuneMusic_', 'Microsoft.ZuneVideo_', 'MicrosoftCorporationII.MicrosoftFamily_', 'MicrosoftCorporationII.QuickAssist_', 'MicrosoftTeams_', 'Microsoft.549981C3F5F10_'
|
||||||
|
|
||||||
|
$packagesToRemove = $packages | Where-Object {
|
||||||
|
$packageName = $_
|
||||||
|
$packagePrefixes -contains ($packagePrefixes | Where-Object { $packageName -like "$_*" })
|
||||||
|
}
|
||||||
|
foreach ($package in $packagesToRemove) {
|
||||||
|
write-host "Removing $package :"
|
||||||
|
& 'dism' '/English' "/image:$($env:SystemDrive)\scratchdir" '/Remove-ProvisionedAppxPackage' "/PackageName:$package"
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Host "Removing of system apps complete! Now proceeding to removal of system packages..."
|
||||||
|
Start-Sleep -Seconds 1
|
||||||
|
Clear-Host
|
||||||
|
|
||||||
|
$scratchDir = "$($env:SystemDrive)\scratchdir"
|
||||||
|
$packagePatterns = @(
|
||||||
|
"Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35",
|
||||||
|
"Microsoft-Windows-Kernel-LA57-FoD-Package~31bf3856ad364e35~amd64",
|
||||||
|
"Microsoft-Windows-LanguageFeatures-Handwriting-$languageCode-Package~31bf3856ad364e35",
|
||||||
|
"Microsoft-Windows-LanguageFeatures-OCR-$languageCode-Package~31bf3856ad364e35",
|
||||||
|
"Microsoft-Windows-LanguageFeatures-Speech-$languageCode-Package~31bf3856ad364e35",
|
||||||
|
"Microsoft-Windows-LanguageFeatures-TextToSpeech-$languageCode-Package~31bf3856ad364e35",
|
||||||
|
"Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35",
|
||||||
|
"Microsoft-Windows-Wallpaper-Content-Extended-FoD-Package~31bf3856ad364e35",
|
||||||
|
"Windows-Defender-Client-Package~31bf3856ad364e35~",
|
||||||
|
"Microsoft-Windows-WordPad-FoD-Package~",
|
||||||
|
"Microsoft-Windows-TabletPCMath-Package~",
|
||||||
|
"Microsoft-Windows-StepsRecorder-Package~"
|
||||||
|
|
||||||
|
)
|
||||||
|
|
||||||
|
# Get all packages
|
||||||
|
$allPackages = & dism /image:$scratchDir /Get-Packages /Format:Table
|
||||||
|
$allPackages = $allPackages -split "`n" | Select-Object -Skip 1
|
||||||
|
|
||||||
|
foreach ($packagePattern in $packagePatterns) {
|
||||||
|
# Filter the packages to remove
|
||||||
|
$packagesToRemove = $allPackages | Where-Object { $_ -like "$packagePattern*" }
|
||||||
|
|
||||||
|
foreach ($package in $packagesToRemove) {
|
||||||
|
# Extract the package identity
|
||||||
|
$packageIdentity = ($package -split "\s+")[0]
|
||||||
|
|
||||||
|
Write-Host "Removing $packageIdentity..."
|
||||||
|
& dism /image:$scratchDir /Remove-Package /PackageName:$packageIdentity
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Host "Do you want to enable .NET 3.5? (y/n)"
|
||||||
|
$input = Read-Host
|
||||||
|
|
||||||
|
# Check the user's input
|
||||||
|
if ($input -eq 'y') {
|
||||||
|
# If the user entered 'y', enable .NET 3.5 using DISM
|
||||||
|
Write-Host "Enabling .NET 3.5..."
|
||||||
|
& 'dism' "/image:$scratchDir" '/enable-feature' '/featurename:NetFX3' '/All' "/source:$($env:SystemDrive)\tiny11\sources\sxs"
|
||||||
|
Write-Host ".NET 3.5 has been enabled."
|
||||||
|
}
|
||||||
|
elseif ($input -eq 'n') {
|
||||||
|
# If the user entered 'n', exit the script
|
||||||
|
Write-Host "You chose not to enable .NET 3.5. Continuing..."
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
# If the user entered anything other than 'y' or 'n', ask for input again
|
||||||
|
Write-Host "Invalid input. Please enter 'y' to enable .NET 3.5 or 'n' to continue without installing .net 3.5."
|
||||||
|
}
|
||||||
|
Write-Host "Removing Edge:"
|
||||||
|
Remove-Item -Path "$mainOSDrive\scratchdir\Program Files (x86)\Microsoft\Edge" -Recurse -Force >null
|
||||||
|
Remove-Item -Path "$mainOSDrive\scratchdir\Program Files (x86)\Microsoft\EdgeUpdate" -Recurse -Force >null
|
||||||
|
Remove-Item -Path "$mainOSDrive\scratchdir\Program Files (x86)\Microsoft\EdgeCore" -Recurse -Force >null
|
||||||
|
if ($architecture -eq 'amd64') {
|
||||||
|
$folderPath = Get-ChildItem -Path "$mainOSDrive\scratchdir\Windows\WinSxS" -Filter "amd64_microsoft-edge-webview_31bf3856ad364e35*" -Directory | Select-Object -ExpandProperty FullName
|
||||||
|
|
||||||
|
if ($folderPath) {
|
||||||
|
& 'takeown' '/f' $folderPath '/r' >null
|
||||||
|
& icacls $folderPath "/grant" "$($adminGroup.Value):(F)" '/T' '/C' >null
|
||||||
|
Remove-Item -Path $folderPath -Recurse -Force >null
|
||||||
|
} else {
|
||||||
|
Write-Host "Folder not found."
|
||||||
|
}
|
||||||
|
} elseif ($architecture -eq 'arm64') {
|
||||||
|
$folderPath = Get-ChildItem -Path "$mainOSDrive\scratchdir\Windows\WinSxS" -Filter "arm64_microsoft-edge-webview_31bf3856ad364e35*" -Directory | Select-Object -ExpandProperty FullName >null
|
||||||
|
|
||||||
|
if ($folderPath) {
|
||||||
|
& 'takeown' '/f' $folderPath '/r'>null
|
||||||
|
& icacls $folderPath "/grant" "$($adminGroup.Value):(F)" '/T' '/C' >null
|
||||||
|
Remove-Item -Path $folderPath -Recurse -Force >null
|
||||||
|
} else {
|
||||||
|
Write-Host "Folder not found."
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Write-Host "Unknown architecture: $architecture"
|
||||||
|
}
|
||||||
|
& 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/r'
|
||||||
|
& 'icacls' "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/grant' "$($adminGroup.Value):(F)" '/T' '/C'
|
||||||
|
Remove-Item -Path "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" -Recurse -Force
|
||||||
|
Write-Host "Removing WinRE"
|
||||||
|
& 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\System32\Recovery" '/r'
|
||||||
|
& 'icacls' "$mainOSDrive\scratchdir\Windows\System32\Recovery" '/grant' 'Administrators:F' '/T' '/C'
|
||||||
|
Remove-Item -Path "$mainOSDrive\scratchdir\Windows\System32\Recovery" -Recurse -Force
|
||||||
|
& 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/r' >null
|
||||||
|
& 'icacls' "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' >null
|
||||||
|
Remove-Item -Path "$mainOSDrive\scratchdir\Windows\System32\Microsoft-Edge-Webview" -Recurse -Force >null
|
||||||
|
Write-Host "Removing OneDrive:"
|
||||||
|
& 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\System32\OneDriveSetup.exe" >null
|
||||||
|
& 'icacls' "$mainOSDrive\scratchdir\Windows\System32\OneDriveSetup.exe" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' >null
|
||||||
|
Remove-Item -Path "$mainOSDrive\scratchdir\Windows\System32\OneDriveSetup.exe" -Force >null
|
||||||
|
Write-Host "Removal complete!"
|
||||||
|
Start-Sleep -Seconds 2
|
||||||
|
Clear-Host
|
||||||
|
Write-Host "Taking ownership of the WinSxS folder. This might take a while..."
|
||||||
|
& 'takeown' '/f' "$mainOSDrive\scratchdir\Windows\WinSxS" '/r'
|
||||||
|
& 'icacls' "$mainOSDrive\scratchdir\Windows\WinSxS" '/grant' "$($adminGroup.Value):(F)" '/T' '/C'
|
||||||
|
Write-host "Complete!"
|
||||||
|
Start-Sleep -Seconds 2
|
||||||
|
Clear-Host
|
||||||
|
Write-Host "Preparing..."
|
||||||
|
$folderPath = Join-Path -Path $mainOSDrive -ChildPath "\scratchdir\Windows\WinSxS_edit"
|
||||||
|
$sourceDirectory = "$mainOSDrive\scratchdir\Windows\WinSxS"
|
||||||
|
$destinationDirectory = "$mainOSDrive\scratchdir\Windows\WinSxS_edit"
|
||||||
|
New-Item -Path $folderPath -ItemType Directory
|
||||||
|
if ($architecture -eq "amd64") {
|
||||||
|
# Specify the list of files to copy
|
||||||
|
$dirsToCopy = @(
|
||||||
|
"x86_microsoft.windows.common-controls_6595b64144ccf1df_*",
|
||||||
|
"x86_microsoft.windows.gdiplus_6595b64144ccf1df_*",
|
||||||
|
"x86_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*",
|
||||||
|
"x86_microsoft.windows.isolationautomation_6595b64144ccf1df_*",
|
||||||
|
"x86_microsoft-windows-s..ngstack-onecorebase_31bf3856ad364e35_*",
|
||||||
|
"x86_microsoft-windows-s..stack-termsrv-extra_31bf3856ad364e35_*",
|
||||||
|
"x86_microsoft-windows-servicingstack_31bf3856ad364e35_*",
|
||||||
|
"x86_microsoft-windows-servicingstack-inetsrv_*",
|
||||||
|
"x86_microsoft-windows-servicingstack-onecore_*",
|
||||||
|
"amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_*",
|
||||||
|
"amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_*",
|
||||||
|
"amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*",
|
||||||
|
"amd64_microsoft.windows.common-controls_6595b64144ccf1df_*",
|
||||||
|
"amd64_microsoft.windows.gdiplus_6595b64144ccf1df_*",
|
||||||
|
"amd64_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*",
|
||||||
|
"amd64_microsoft.windows.isolationautomation_6595b64144ccf1df_*",
|
||||||
|
"amd64_microsoft-windows-s..stack-inetsrv-extra_31bf3856ad364e35_*",
|
||||||
|
"amd64_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_*",
|
||||||
|
"amd64_microsoft-windows-s..stack-termsrv-extra_31bf3856ad364e35_*",
|
||||||
|
"amd64_microsoft-windows-servicingstack_31bf3856ad364e35_*",
|
||||||
|
"amd64_microsoft-windows-servicingstack-inetsrv_31bf3856ad364e35_*",
|
||||||
|
"amd64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_*",
|
||||||
|
"amd64_microsoft-windows-servicingstack-onecore_31bf3856ad364e35_*",
|
||||||
|
"Catalogs",
|
||||||
|
"FileMaps",
|
||||||
|
"Fusion",
|
||||||
|
"InstallTemp",
|
||||||
|
"Manifests",
|
||||||
|
"x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_*",
|
||||||
|
"x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_*",
|
||||||
|
"x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*",
|
||||||
|
"x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*"
|
||||||
|
)
|
||||||
|
# Copy each directory
|
||||||
|
foreach ($dir in $dirsToCopy) {
|
||||||
|
$sourceDirs = Get-ChildItem -Path $sourceDirectory -Filter $dir -Directory
|
||||||
|
foreach ($sourceDir in $sourceDirs) {
|
||||||
|
$destDir = Join-Path -Path $destinationDirectory -ChildPath $sourceDir.Name
|
||||||
|
Write-Host "Copying $sourceDir.FullName to $destDir"
|
||||||
|
Copy-Item -Path $sourceDir.FullName -Destination $destDir -Recurse -Force
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ($architecture -eq "arm64") {
|
||||||
|
# Specify the list of files to copy
|
||||||
|
$dirsToCopy = @(
|
||||||
|
"arm64_microsoft-windows-servicingstack-onecore_31bf3856ad364e35_*",
|
||||||
|
"Catalogs"
|
||||||
|
"FileMaps"
|
||||||
|
"Fusion"
|
||||||
|
"InstallTemp"
|
||||||
|
"Manifests"
|
||||||
|
"SettingsManifests"
|
||||||
|
"Temp"
|
||||||
|
"x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_*"
|
||||||
|
"x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_*"
|
||||||
|
"x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*"
|
||||||
|
"x86_microsoft.windows.common-controls_6595b64144ccf1df_*"
|
||||||
|
"x86_microsoft.windows.gdiplus_6595b64144ccf1df_*"
|
||||||
|
"x86_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*"
|
||||||
|
"x86_microsoft.windows.isolationautomation_6595b64144ccf1df_*"
|
||||||
|
"arm_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*"
|
||||||
|
"arm_microsoft.windows.common-controls_6595b64144ccf1df_*"
|
||||||
|
"arm_microsoft.windows.gdiplus_6595b64144ccf1df_*"
|
||||||
|
"arm_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*"
|
||||||
|
"arm_microsoft.windows.isolationautomation_6595b64144ccf1df_*"
|
||||||
|
"arm64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_*"
|
||||||
|
"arm64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_*"
|
||||||
|
"arm64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_*"
|
||||||
|
"arm64_microsoft.windows.common-controls_6595b64144ccf1df_*"
|
||||||
|
"arm64_microsoft.windows.gdiplus_6595b64144ccf1df_*"
|
||||||
|
"arm64_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_*"
|
||||||
|
"arm64_microsoft.windows.isolationautomation_6595b64144ccf1df_*"
|
||||||
|
"arm64_microsoft-windows-servicing-adm_31bf3856ad364e35_*"
|
||||||
|
"arm64_microsoft-windows-servicingcommon_31bf3856ad364e35_*"
|
||||||
|
"arm64_microsoft-windows-servicing-onecore-uapi_31bf3856ad364e35_*"
|
||||||
|
"arm64_microsoft-windows-servicingstack_31bf3856ad364e35_*"
|
||||||
|
"arm64_microsoft-windows-servicingstack-inetsrv_31bf3856ad364e35_*"
|
||||||
|
"arm64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_*"
|
||||||
|
)
|
||||||
|
}
|
||||||
|
foreach ($dir in $dirsToCopy) {
|
||||||
|
$sourceDirs = Get-ChildItem -Path $sourceDirectory -Filter $dir -Directory
|
||||||
|
foreach ($sourceDir in $sourceDirs) {
|
||||||
|
$destDir = Join-Path -Path $destinationDirectory -ChildPath $sourceDir.Name
|
||||||
|
Write-Host "Copying $sourceDir.FullName to $destDir"
|
||||||
|
Copy-Item -Path $sourceDir.FullName -Destination $destDir -Recurse -Force
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Write-Host "Deleting WinSxS. This may take a while..."
|
||||||
|
Remove-Item -Path $mainOSDrive\scratchdir\Windows\WinSxS -Recurse -Force
|
||||||
|
|
||||||
|
Rename-Item -Path $mainOSDrive\scratchdir\Windows\WinSxS_edit -NewName $mainOSDrive\scratchdir\Windows\WinSxS
|
||||||
|
Write-Host "Complete!"
|
||||||
|
|
||||||
|
Write-Host "Loading registry..."
|
||||||
|
reg load HKLM\zCOMPONENTS $mainOSDrive\scratchdir\Windows\System32\config\COMPONENTS >null
|
||||||
|
reg load HKLM\zDEFAULT $mainOSDrive\scratchdir\Windows\System32\config\default >null
|
||||||
|
reg load HKLM\zNTUSER $mainOSDrive\scratchdir\Users\Default\ntuser.dat >null
|
||||||
|
reg load HKLM\zSOFTWARE $mainOSDrive\scratchdir\Windows\System32\config\SOFTWARE >null
|
||||||
|
reg load HKLM\zSYSTEM $mainOSDrive\scratchdir\Windows\System32\config\SYSTEM >null
|
||||||
|
Write-Host "Bypassing system requirements(on the system image):"
|
||||||
|
& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
Write-Host "Disabling Sponsored Apps:"
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableWindowsConsumerFeatures' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\PolicyManager\current\device\Start' '/v' 'ConfigureStartPins' '/t' 'REG_SZ' '/d' '{"pinnedList": [{}]}' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'FeatureManagementEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEverEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SoftLandingEnabled' '/t' 'REG_DWORD' '/d' '0' '/f'>null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-310093Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338388Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338389Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338393Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353694Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353696Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SystemPaneSuggestionsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\PushToInstall' '/v' 'DisablePushToInstall' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\MRT' '/v' 'DontOfferThroughWUAU' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions' '/f' >null
|
||||||
|
& 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\SuggestedApps' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableConsumerAccountStateContent' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableCloudOptimizedContent' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
Write-Host "Enabling Local Accounts on OOBE:"
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' '/v' 'BypassNRO' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
Copy-Item -Path "$PSScriptRoot\autounattend.xml" -Destination "$mainOSDrive\scratchdir\Windows\System32\Sysprep\autounattend.xml" -Force >null
|
||||||
|
Write-Host "Disabling Reserved Storage:"
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' '/v' 'ShippedWithReserves' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
Write-Host "Disabling Chat icon:"
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\Windows Chat' '/v' 'ChatIcon' '/t' 'REG_DWORD' '/d' '3' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' '/v' 'TaskbarMn' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
Write-Host "Disabling Telemetry:"
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy' '/v' 'TailoredExperiencesWithDiagnosticDataEnabled' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy' '/v' 'HasAccepted' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Input\TIPC' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitInkCollection' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitTextCollection' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization\TrainedDataStore' '/v' 'HarvestContacts' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' '/v' 'AcceptedPrivacyPolicy' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' '/v' 'AllowTelemetry' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\Windows Chat' '/v' 'ChatIcon' '/t' 'REG_DWORD' '/d' '3' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' '/v' 'TaskbarMn' '/t' 'REG_DWORD' '/d' '0' '/f'
|
||||||
|
Write-Host "Disabling OneDrive folder backup"
|
||||||
|
& 'reg' 'add' "HKLM\zSOFTWARE\Policies\Microsoft\Windows\OneDrive" '/v' 'DisableFileSyncNGSC' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
Write-Host "Removing Edge related registries"
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /f
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update" /f
|
||||||
|
Write-Host "Disabling bing in Start Menu:"
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer' '/v' 'ShowRunAsDifferentUserInStart' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer' '/v' 'DisableSearchBoxSuggestions' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
## this function allows PowerShell to take ownership of the Scheduled Tasks registry key from TrustedInstaller. Based on Jose Espitia's script.
|
||||||
|
function Enable-Privilege {
|
||||||
|
param(
|
||||||
|
[ValidateSet(
|
||||||
|
"SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
|
||||||
|
"SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
|
||||||
|
"SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
|
||||||
|
"SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
|
||||||
|
"SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
|
||||||
|
"SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
|
||||||
|
"SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
|
||||||
|
"SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
|
||||||
|
"SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
|
||||||
|
"SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
|
||||||
|
"SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
|
||||||
|
$Privilege,
|
||||||
|
## The process on which to adjust the privilege. Defaults to the current process.
|
||||||
|
$ProcessId = $pid,
|
||||||
|
## Switch to disable the privilege, rather than enable it.
|
||||||
|
[Switch] $Disable
|
||||||
|
)
|
||||||
|
$definition = @'
|
||||||
|
using System;
|
||||||
|
using System.Runtime.InteropServices;
|
||||||
|
|
||||||
|
public class AdjPriv
|
||||||
|
{
|
||||||
|
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
|
||||||
|
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
|
||||||
|
ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
|
||||||
|
|
||||||
|
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
|
||||||
|
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
|
||||||
|
[DllImport("advapi32.dll", SetLastError = true)]
|
||||||
|
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
|
||||||
|
[StructLayout(LayoutKind.Sequential, Pack = 1)]
|
||||||
|
internal struct TokPriv1Luid
|
||||||
|
{
|
||||||
|
public int Count;
|
||||||
|
public long Luid;
|
||||||
|
public int Attr;
|
||||||
|
}
|
||||||
|
|
||||||
|
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
|
||||||
|
internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
|
||||||
|
internal const int TOKEN_QUERY = 0x00000008;
|
||||||
|
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
|
||||||
|
public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
|
||||||
|
{
|
||||||
|
bool retVal;
|
||||||
|
TokPriv1Luid tp;
|
||||||
|
IntPtr hproc = new IntPtr(processHandle);
|
||||||
|
IntPtr htok = IntPtr.Zero;
|
||||||
|
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
|
||||||
|
tp.Count = 1;
|
||||||
|
tp.Luid = 0;
|
||||||
|
if(disable)
|
||||||
|
{
|
||||||
|
tp.Attr = SE_PRIVILEGE_DISABLED;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
tp.Attr = SE_PRIVILEGE_ENABLED;
|
||||||
|
}
|
||||||
|
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
|
||||||
|
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
|
||||||
|
return retVal;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'@
|
||||||
|
|
||||||
|
$processHandle = (Get-Process -id $ProcessId).Handle
|
||||||
|
$type = Add-Type $definition -PassThru
|
||||||
|
$type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
|
||||||
|
}
|
||||||
|
|
||||||
|
Enable-Privilege SeTakeOwnershipPrivilege
|
||||||
|
|
||||||
|
$regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership)
|
||||||
|
$regACL = $regKey.GetAccessControl()
|
||||||
|
$regACL.SetOwner($adminGroup)
|
||||||
|
$regKey.SetAccessControl($regACL)
|
||||||
|
$regKey.Close()
|
||||||
|
Write-Host "Owner changed to Administrators."
|
||||||
|
$regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
|
||||||
|
$regACL = $regKey.GetAccessControl()
|
||||||
|
$regRule = New-Object System.Security.AccessControl.RegistryAccessRule ($adminGroup,"FullControl","ContainerInherit","None","Allow")
|
||||||
|
$regACL.SetAccessRule($regRule)
|
||||||
|
$regKey.SetAccessControl($regACL)
|
||||||
|
Write-Host "Permissions modified for Administrators group."
|
||||||
|
Write-Host "Registry key permissions successfully updated."
|
||||||
|
$regKey.Close()
|
||||||
|
|
||||||
|
Write-Host 'Deleting Application Compatibility Appraiser'
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0600DD45-FAF2-4131-A006-0B17509B9F78}" /f
|
||||||
|
Write-Host 'Deleting Customer Experience Improvement Program'
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81}" /f
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FAC31FA-4A85-4E64-BFD5-2154FF4594B3}" /f
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC931F16-B50A-472E-B061-B6F79A71EF59}" /f
|
||||||
|
Write-Host 'Deleting Program Data Updater'
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0671EB05-7D95-4153-A32B-1426B9FE61DB}" /f
|
||||||
|
Write-Host 'Deleting autochk proxy'
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87BF85F4-2CE1-4160-96EA-52F554AA28A2}" /f
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A9C643C-3D74-4099-B6BD-9C6D170898B1}" /f
|
||||||
|
Write-Host 'Deleting QueueReporting'
|
||||||
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3176A65-4E44-4ED3-AA73-3283660ACB9C}" /f
|
||||||
|
Write-Host "Disabling Windows Update..."
|
||||||
|
& 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'StopWUPostOOBE1' '/t' 'REG_SZ' '/d' 'net stop wuauserv' '/f'
|
||||||
|
& 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'StopWUPostOOBE2' '/t' 'REG_SZ' '/d' 'sc stop wuauserv' '/f'
|
||||||
|
& 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'StopWUPostOOBE3' '/t' 'REG_SZ' '/d' 'sc config wuauserv start= disabled' '/f'
|
||||||
|
& 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'DisbaleWUPostOOBE1' '/t' 'REG_SZ' '/d' 'reg add HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Start /t REG_DWORD /d 4 /f' '/f'
|
||||||
|
& 'reg' 'add' "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" '/v' 'DisbaleWUPostOOBE2' '/t' 'REG_SZ' '/d' 'reg add HKLM\SYSTEM\ControlSet001\Services\wuauserv /v Start /t REG_DWORD /d 4 /f' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'DoNotConnectToWindowsUpdateInternetLocations' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'DisableWindowsUpdateAccess' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'WUServer' '/t' 'REG_SZ' '/d' 'localhost' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'WUStatusServer' '/t' 'REG_SZ' '/d' 'localhost' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' '/v' 'UpdateServiceUrlAlternate' '/t' 'REG_SZ' '/d' 'localhost' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' '/v' 'UseWUServer' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' '/v' 'DisableOnline' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\wuauserv' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f'
|
||||||
|
function Disable-Privilege {
|
||||||
|
param(
|
||||||
|
[ValidateSet(
|
||||||
|
"SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
|
||||||
|
"SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
|
||||||
|
"SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
|
||||||
|
"SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
|
||||||
|
"SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
|
||||||
|
"SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
|
||||||
|
"SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
|
||||||
|
"SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
|
||||||
|
"SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
|
||||||
|
"SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
|
||||||
|
"SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
|
||||||
|
$Privilege,
|
||||||
|
## The process on which to adjust the privilege. Defaults to the current process.
|
||||||
|
$ProcessId = $pid,
|
||||||
|
## Switch to disable the privilege, rather than enable it.
|
||||||
|
[Switch] $Disable
|
||||||
|
)
|
||||||
|
$definition = @'
|
||||||
|
using System;
|
||||||
|
using System.Runtime.InteropServices;
|
||||||
|
|
||||||
|
public class AdjPriv
|
||||||
|
{
|
||||||
|
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
|
||||||
|
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
|
||||||
|
ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
|
||||||
|
|
||||||
|
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
|
||||||
|
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
|
||||||
|
[DllImport("advapi32.dll", SetLastError = true)]
|
||||||
|
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
|
||||||
|
[StructLayout(LayoutKind.Sequential, Pack = 1)]
|
||||||
|
internal struct TokPriv1Luid
|
||||||
|
{
|
||||||
|
public int Count;
|
||||||
|
public long Luid;
|
||||||
|
public int Attr;
|
||||||
|
}
|
||||||
|
|
||||||
|
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
|
||||||
|
internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
|
||||||
|
internal const int TOKEN_QUERY = 0x00000008;
|
||||||
|
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
|
||||||
|
public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
|
||||||
|
{
|
||||||
|
bool retVal;
|
||||||
|
TokPriv1Luid tp;
|
||||||
|
IntPtr hproc = new IntPtr(processHandle);
|
||||||
|
IntPtr htok = IntPtr.Zero;
|
||||||
|
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
|
||||||
|
tp.Count = 1;
|
||||||
|
tp.Luid = 0;
|
||||||
|
if(disable)
|
||||||
|
{
|
||||||
|
tp.Attr = SE_PRIVILEGE_DISABLED;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
tp.Attr = SE_PRIVILEGE_ENABLED;
|
||||||
|
}
|
||||||
|
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
|
||||||
|
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
|
||||||
|
return retVal;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'@
|
||||||
|
|
||||||
|
$processHandle = (Get-Process -id $ProcessId).Handle
|
||||||
|
$type = Add-Type $definition -PassThru
|
||||||
|
$type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
|
||||||
|
}
|
||||||
|
|
||||||
|
Disable-Privilege SeTakeOwnershipPrivilege
|
||||||
|
$everyone = New-Object System.Security.Principal.NTAccount('Everyone')
|
||||||
|
$accessRule = New-Object System.Security.AccessControl.RegistryAccessRule($everyone, 'ReadKey', 'Allow')
|
||||||
|
$regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSYSTEM\ControlSet001\Services\wuauserv",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership)
|
||||||
|
$regACL = $regKey.GetAccessControl()
|
||||||
|
$regACL.SetOwner($everyone)
|
||||||
|
$regKey.Close()
|
||||||
|
Write-Host "Owner changed to Everyone."
|
||||||
|
$regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSYSTEM\ControlSet001\Services\wuauserv",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
|
||||||
|
$regACL = $regKey.GetAccessControl()
|
||||||
|
$regRule = New-Object System.Security.AccessControl.RegistryAccessRule ($everyone, 'ReadKey', 'Allow')
|
||||||
|
$regACL.SetAccessRule($regRule)
|
||||||
|
$regKey.SetAccessControl($regACL)
|
||||||
|
Write-Host "Permissions modified for Everyone group."
|
||||||
|
Write-Host "Registry key permissions successfully updated."
|
||||||
|
|
||||||
|
|
||||||
|
Write-Host "All users have been granted read-only access to the registry key."
|
||||||
|
$regKey.Close()
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2540477E-E654-4302-AD44-383BBFFBFF16}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{341B2255-6A6B-442A-AF5A-C610B7DBE12D}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476E8CFA-78E2-4C51-854E-538F8643B4FD}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{764DDB74-CB08-4E0A-8580-B41F94F2C7BE}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{817CCFDD-4DD0-4102-AC6E-3F5D3B789FB8}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CEDA8C-A866-4787-BBD3-6F3C9F61DD5C}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B3CDCDA-4197-490B-AA5C-C9F5F42A9D88}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CBBFAAE-DB9F-48B4-BAC0-4CFF482A4E01}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A31197EC-EAEE-4837-8A9C-3A17D358B9EB}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4FBEFA9-6F7C-4C74-A891-3774B7BCD072}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B53BD60A-5823-411C-9C75-AA91DB3C35F8}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CECDC345-7460-4A15-9D8B-DAC3F9CC5368}" '/f'
|
||||||
|
& 'reg' 'delete' "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" '/f'
|
||||||
|
& 'reg' 'delete' 'HKLM\zSYSTEM\ControlSet001\Services\WaaSMedicSVC' '/f'
|
||||||
|
& 'reg' 'delete' 'HKLM\zSYSTEM\ControlSet001\Services\UsoSvc' '/f'
|
||||||
|
& 'reg' 'add' 'HKEY_LOCAL_MACHINE\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' '/v' 'NoAutoUpdate' '/t' 'REG_DWORD' '/d' '1' '/f'
|
||||||
|
Write-Host "Disabling Windows Defender"
|
||||||
|
# Set registry values for Windows Defender services
|
||||||
|
$servicePaths = @(
|
||||||
|
"WinDefend",
|
||||||
|
"WdNisSvc",
|
||||||
|
"WdNisDrv",
|
||||||
|
"WdFilter",
|
||||||
|
"Sense"
|
||||||
|
)
|
||||||
|
|
||||||
|
foreach ($path in $servicePaths) {
|
||||||
|
Set-ItemProperty -Path "HKLM:\zSYSTEM\ControlSet001\Services\$path" -Name "Start" -Value 4
|
||||||
|
}
|
||||||
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' '/v' 'SettingsPageVisibility' '/t' 'REG_SZ' '/d' 'hide:virus;windowsupdate' '/f'
|
||||||
|
Write-Host "Tweaking complete!"
|
||||||
|
Write-Host "Unmounting Registry..."
|
||||||
|
$regKey.Close()
|
||||||
|
reg unload HKLM\zCOMPONENTS >null
|
||||||
|
reg unload HKLM\zDEFAULT >null
|
||||||
|
reg unload HKLM\zNTUSER >null
|
||||||
|
reg unload HKLM\zSOFTWARE
|
||||||
|
reg unload HKLM\zSYSTEM >null
|
||||||
|
Write-Host "Cleaning up image..."
|
||||||
|
& 'dism' '/English' "/image:$mainOSDrive\scratchdir" '/Cleanup-Image' '/StartComponentCleanup' '/ResetBase' >null
|
||||||
|
Write-Host "Cleanup complete."
|
||||||
|
Write-Host ' '
|
||||||
|
Write-Host "Unmounting image..."
|
||||||
|
& 'dism' '/English' '/unmount-image' "/mountdir:$mainOSDrive\scratchdir" '/commit'
|
||||||
|
Write-Host "Exporting image..."
|
||||||
|
& 'dism' '/English' '/Export-Image' "/SourceImageFile:$mainOSDrive\tiny11\sources\install.wim" "/SourceIndex:$index" "/DestinationImageFile:$mainOSDrive\tiny11\sources\install2.wim" '/compress:max'
|
||||||
|
Remove-Item -Path "$mainOSDrive\tiny11\sources\install.wim" -Force >null
|
||||||
|
Rename-Item -Path "$mainOSDrive\tiny11\sources\install2.wim" -NewName "install.wim" >null
|
||||||
|
Write-Host "Windows image completed. Continuing with boot.wim."
|
||||||
|
Start-Sleep -Seconds 2
|
||||||
|
Clear-Host
|
||||||
|
Write-Host "Mounting boot image:"
|
||||||
|
$wimFilePath = "$($env:SystemDrive)\tiny11\sources\boot.wim"
|
||||||
|
& takeown "/F" $wimFilePath >null
|
||||||
|
& icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)"
|
||||||
|
Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false
|
||||||
|
& 'dism' '/English' '/mount-image' "/imagefile:$mainOSDrive\tiny11\sources\boot.wim" '/index:2' "/mountdir:$mainOSDrive\scratchdir"
|
||||||
|
Write-Host "Loading registry..."
|
||||||
|
reg load HKLM\zCOMPONENTS $mainOSDrive\scratchdir\Windows\System32\config\COMPONENTS
|
||||||
|
reg load HKLM\zDEFAULT $mainOSDrive\scratchdir\Windows\System32\config\default
|
||||||
|
reg load HKLM\zNTUSER $mainOSDrive\scratchdir\Users\Default\ntuser.dat
|
||||||
|
reg load HKLM\zSOFTWARE $mainOSDrive\scratchdir\Windows\System32\config\SOFTWARE
|
||||||
|
reg load HKLM\zSYSTEM $mainOSDrive\scratchdir\Windows\System32\config\SYSTEM
|
||||||
|
Write-Host "Bypassing system requirements(on the setup image):"
|
||||||
|
& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
& 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
|
Write-Host "Tweaking complete!"
|
||||||
|
Write-Host "Unmounting Registry..."
|
||||||
|
$regKey.Close()
|
||||||
|
reg unload HKLM\zCOMPONENTS >null
|
||||||
|
reg unload HKLM\zDEFAULT >null
|
||||||
|
reg unload HKLM\zNTUSER >null
|
||||||
|
$regKey.Close()
|
||||||
|
reg unload HKLM\zSOFTWARE
|
||||||
|
reg unload HKLM\zSYSTEM >null
|
||||||
|
Write-Host "Unmounting image..."
|
||||||
|
& 'dism' '/English' '/unmount-image' "/mountdir:$mainOSDrive\scratchdir" '/commit'
|
||||||
|
Clear-Host
|
||||||
|
Write-Host "Exporting ESD. This may take a while..."
|
||||||
|
& dism /Export-Image /SourceImageFile:"$mainOSDrive\tiny11\sources\install.wim" /SourceIndex:1 /DestinationImageFile:"$mainOSDrive\tiny11\sources\install.esd" /Compress:recovery
|
||||||
|
Remove-Item "$mainOSDrive\tiny11\sources\install.wim" > $null 2>&1
|
||||||
|
Write-Host "The tiny11 image is now completed. Proceeding with the making of the ISO..."
|
||||||
|
Write-Host "Copying unattended file for bypassing MS account on OOBE..."
|
||||||
|
Copy-Item -Path "$PSScriptRoot\autounattend.xml" -Destination "$mainOSDrive\tiny11\autounattend.xml" -Force >null
|
||||||
|
|
||||||
|
Write-Host "Creating ISO image..."
|
||||||
|
$ADKDepTools = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\$hostarchitecture\Oscdimg"
|
||||||
|
if ([System.IO.Directory]::Exists($ADKDepTools)) {
|
||||||
|
Write-Host "Will be using oscdimg.exe from system ADK."
|
||||||
|
$OSCDIMG = "$ADKDepTools\oscdimg.exe"
|
||||||
|
} else {
|
||||||
|
Write-Host "Will be using bundled oscdimg.exe."
|
||||||
|
$OSCDIMG = "$PSScriptRoot\oscdimg.exe"
|
||||||
|
}
|
||||||
|
& "$OSCDIMG" '-m' '-o' '-u2' '-udfver102' "-bootdata:2#p0,e,b$mainOSDrive\tiny11\boot\etfsboot.com#pEF,e,b$mainOSDrive\tiny11\efi\microsoft\boot\efisys.bin" "$mainOSDrive\tiny11" "$PSScriptRoot\tiny11.iso"
|
||||||
|
|
||||||
|
# Finishing up
|
||||||
|
Write-Host "Creation completed! Press any key to exit the script..."
|
||||||
|
Read-Host "Press Enter to continue"
|
||||||
|
Write-Host "Performing Cleanup..."
|
||||||
|
Remove-Item -Path "$mainOSDrive\tiny11" -Recurse -Force >null
|
||||||
|
Remove-Item -Path "$mainOSDrive\scratchdir" -Recurse -Force >null
|
||||||
|
|
||||||
|
# Stop the transcript
|
||||||
|
Stop-Transcript
|
||||||
|
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
elseif ($input -eq 'n') {
|
||||||
|
Write-Host "You chose not to continue. The script will now exit."
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
Write-Host "Invalid input. Please enter 'y' to continue or 'n' to exit."
|
||||||
|
}
|
||||||
@ -34,7 +34,7 @@ Start-Transcript -Path "$PSScriptRoot\tiny11.log"
|
|||||||
|
|
||||||
$Host.UI.RawUI.WindowTitle = "Tiny11 image creator"
|
$Host.UI.RawUI.WindowTitle = "Tiny11 image creator"
|
||||||
Clear-Host
|
Clear-Host
|
||||||
Write-Host "Welcome to the tiny11 image creator! Release: 05-01-2024"
|
Write-Host "Welcome to the tiny11 image creator! Release: 05-06-24"
|
||||||
|
|
||||||
$mainOSDrive = $env:SystemDrive
|
$mainOSDrive = $env:SystemDrive
|
||||||
$hostArchitecture = $Env:PROCESSOR_ARCHITECTURE
|
$hostArchitecture = $Env:PROCESSOR_ARCHITECTURE
|
||||||
@ -222,6 +222,8 @@ Write-Host "Disabling Chat icon:"
|
|||||||
Write-Host "Removing Edge related registries"
|
Write-Host "Removing Edge related registries"
|
||||||
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /f >null
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /f >null
|
||||||
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update" /f >null
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update" /f >null
|
||||||
|
Write-Host "Disabling OneDrive folder backup"
|
||||||
|
& 'reg' 'add' "HKLM\zSOFTWARE\Policies\Microsoft\Windows\OneDrive" '/v' 'DisableFileSyncNGSC' '/t' 'REG_DWORD' '/d' '1' '/f' >null
|
||||||
Write-Host "Disabling Telemetry:"
|
Write-Host "Disabling Telemetry:"
|
||||||
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy' '/v' 'TailoredExperiencesWithDiagnosticDataEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy' '/v' 'TailoredExperiencesWithDiagnosticDataEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
@ -233,10 +235,6 @@ Write-Host "Disabling Telemetry:"
|
|||||||
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' '/v' 'AcceptedPrivacyPolicy' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' '/v' 'AcceptedPrivacyPolicy' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' '/v' 'AllowTelemetry' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' '/v' 'AllowTelemetry' '/t' 'REG_DWORD' '/d' '0' '/f' >null
|
||||||
& 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f' >null
|
& 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f' >null
|
||||||
Write-Host "Disabling bing in Start Menu:"
|
|
||||||
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer'
|
|
||||||
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer' '/v' 'ShowRunAsDifferentUserInStart' '/t' 'REG_DWORD' '/d' '1' '/f'
|
|
||||||
& 'reg' 'add' 'HKLM\zNTUSER\Software\Policies\Microsoft\Windows\Explorer' '/v' 'DisableSearchBoxSuggestions' '/t' 'REG_DWORD' '/d' '1' '/f'
|
|
||||||
## this function allows PowerShell to take ownership of the Scheduled Tasks registry key from TrustedInstaller. Based on Jose Espitia's script.
|
## this function allows PowerShell to take ownership of the Scheduled Tasks registry key from TrustedInstaller. Based on Jose Espitia's script.
|
||||||
function Enable-Privilege {
|
function Enable-Privilege {
|
||||||
param(
|
param(
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user