Bug fix
This commit is contained in:
simeononsecurity
@ -33,10 +33,10 @@ Start-Job -Name "Installing Optional Windows Features" -ScriptBlock {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget?view=powershell-7.1
|
#https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget?view=powershell-7.1
|
||||||
Install-PackageProvider -Name "NuGet -Force
|
Install-PackageProvider -Name "NuGet" -Force
|
||||||
|
|
||||||
#https://github.com/PowerShell/PowerShellGetv2/issues/303
|
#https://github.com/PowerShell/PowerShellGetv2/issues/303
|
||||||
Set-PSRepository -Name "PSGallery -InstallationPolicy Trusted
|
Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
|
||||||
Install-PackageProvider -Name "PowerShellGet" -Force -Scope CurrentUser
|
Install-PackageProvider -Name "PowerShellGet" -Force -Scope CurrentUser
|
||||||
|
|
||||||
#https://github.com/PowerShell/PowerShellGetv2/issues/295
|
#https://github.com/PowerShell/PowerShellGetv2/issues/295
|
||||||
@ -71,7 +71,8 @@ Start-Job -Name "Installing Software" -Scriptblock {
|
|||||||
Write-Host "Failed to install $_" -ForegroundColor Red -BackgroundColor Black
|
Write-Host "Failed to install $_" -ForegroundColor Red -BackgroundColor Black
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} Else {
|
}
|
||||||
|
Else {
|
||||||
Write-Output $chocopackages | ForEach-Object {
|
Write-Output $chocopackages | ForEach-Object {
|
||||||
Write-Host "Installing $_" -ForegroundColor White -BackgroundColor Black
|
Write-Host "Installing $_" -ForegroundColor White -BackgroundColor Black
|
||||||
Try {
|
Try {
|
||||||
@ -242,54 +243,6 @@ Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening"
|
|||||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "ColorPrevalence" -Type "DWORD" -Value "00000000" -Force
|
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "ColorPrevalence" -Type "DWORD" -Value "00000000" -Force
|
||||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "EnableTransparency" -Type "DWORD" -Value "00000001" -Force
|
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "EnableTransparency" -Type "DWORD" -Value "00000001" -Force
|
||||||
|
|
||||||
#Clear Start Menu
|
|
||||||
#https://github.com/builtbybel/privatezilla/blob/master/scripts/Unpin%20Startmenu%20Tiles.ps1
|
|
||||||
$START_MENU_LAYOUT = @"
|
|
||||||
<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
|
|
||||||
<LayoutOptions StartTileGroupCellWidth="6" />
|
|
||||||
<DefaultLayoutOverride>
|
|
||||||
<StartLayoutCollection>
|
|
||||||
<defaultlayout:StartLayout GroupCellWidth="6" />
|
|
||||||
</StartLayoutCollection>
|
|
||||||
</DefaultLayoutOverride>
|
|
||||||
</LayoutModificationTemplate>
|
|
||||||
"@
|
|
||||||
$layoutFile = "C:\Windows\StartMenuLayout.xml"
|
|
||||||
|
|
||||||
#Delete layout file if it already exists
|
|
||||||
If (Test-Path $layoutFile) {
|
|
||||||
Remove-Item $layoutFile
|
|
||||||
}
|
|
||||||
#Creates the blank layout file
|
|
||||||
$START_MENU_LAYOUT | Out-File $layoutFile -Encoding ASCII
|
|
||||||
$regAliases = @("HKLM", "HKCU")
|
|
||||||
#Assign the start layout and force it to apply with "LockedStartLayout" at both the machine and user level
|
|
||||||
foreach ($regAlias in $regAliases) {
|
|
||||||
$basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows"
|
|
||||||
$keyPath = $basePath + "\Explorer"
|
|
||||||
IF (!(Test-Path -Path $keyPath)) {
|
|
||||||
New-Item -Path $basePath -Name "Explorer"
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 1
|
|
||||||
Set-ItemProperty -Path $keyPath -Name "StartLayoutFile" -Value $layoutFile
|
|
||||||
}
|
|
||||||
#Restart Explorer, open the start menu (necessary to load the new layout), and give it a few seconds to process
|
|
||||||
Stop-Process -Force -name explorer
|
|
||||||
Start-Sleep -s 5
|
|
||||||
$wshell = New-Object -ComObject wscript.shell; $wshell.SendKeys('^{ESCAPE}')
|
|
||||||
Start-Sleep -s 5
|
|
||||||
#Enable the ability to pin items again by disabling "LockedStartLayout"
|
|
||||||
foreach ($regAlias in $regAliases) {
|
|
||||||
$basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows"
|
|
||||||
$keyPath = $basePath + "\Explorer"
|
|
||||||
Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 0
|
|
||||||
}
|
|
||||||
#Restart Explorer and delete the layout file
|
|
||||||
Stop-Process -Force -name explorer
|
|
||||||
#Uncomment the next line to make clean start menu default for all new users
|
|
||||||
Import-StartLayout -LayoutPath $layoutFile -MountPath $env:SystemDrive\
|
|
||||||
Remove-Item $layoutFile
|
|
||||||
|
|
||||||
#https://notes.ponderworthy.com/fsutil-tweaks-for-ntfs-performance-and-reliability
|
#https://notes.ponderworthy.com/fsutil-tweaks-for-ntfs-performance-and-reliability
|
||||||
fsutil behavior set memoryusage 2
|
fsutil behavior set memoryusage 2
|
||||||
#fsutil behavior set disablelastaccess 1
|
#fsutil behavior set disablelastaccess 1
|
||||||
@ -460,32 +413,4 @@ Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening"
|
|||||||
#Enable Sandboxing for Windows Defender
|
#Enable Sandboxing for Windows Defender
|
||||||
setx /M MP_FORCE_USE_SANDBOX 1
|
setx /M MP_FORCE_USE_SANDBOX 1
|
||||||
|
|
||||||
# Dismiss Microsoft Defender offer in the Windows Security about signing in Microsoft account
|
|
||||||
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows Security Health\State" -Name "AccountProtection_MicrosoftAccount_Disconnected" -PropertyType "DWORD" -Value "1" -Force
|
|
||||||
|
|
||||||
#Enable PowerShell Module Logging
|
|
||||||
if (-not (Test-Path -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames")) {
|
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" -Force
|
|
||||||
}
|
|
||||||
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -Name "EnableModuleLogging" -PropertyType "DWORD" -Value "1" -Force
|
|
||||||
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" -Name "*" -PropertyType "String" -Value "*" -Force
|
|
||||||
|
|
||||||
#Enable Windows Sandbox
|
|
||||||
if (Get-WindowsEdition -Online | Where-Object -FilterScript { $_.Edition -eq "Professional" -or $_.Edition -like "Enterprise*" }) {
|
|
||||||
# Checking whether x86 virtualization is enabled in the firmware
|
|
||||||
if ((Get-CimInstance -ClassName CIM_Processor).VirtualizationFirmwareEnabled -eq $true) {
|
|
||||||
Enable-WindowsOptionalFeature -FeatureName Containers-DisposableClientVM -All -Online -NoRestart
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
try {
|
|
||||||
# Determining whether Hyper-V is enabled
|
|
||||||
if ((Get-CimInstance -ClassName CIM_ComputerSystem).HypervisorPresent -eq $true) {
|
|
||||||
Enable-WindowsOptionalFeature -FeatureName Containers-DisposableClientVM -All -Online -NoRestart
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch [System.Exception] {
|
|
||||||
Write-Error -Message $Localization.EnableHardwareVT -ErrorAction SilentlyContinue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user