From 3bf58b2fdaaa782b788416d39f4b6be55de4e557 Mon Sep 17 00:00:00 2001 From: simeononsecurity <4913771+simeononsecurity@users.noreply.github.com> Date: Mon, 27 Dec 2021 01:22:26 +0000 Subject: [PATCH] New Optimizations --- windows10.ps1 | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 89 insertions(+), 1 deletion(-) diff --git a/windows10.ps1 b/windows10.ps1 index 5e41ea9..3418d87 100644 --- a/windows10.ps1 +++ b/windows10.ps1 @@ -229,6 +229,13 @@ Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening" #Set Screen Timeout to 15 Minutes powercfg -change -monitor-timeout-ac 15 + #Enable Ultimate Performance + powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61 + powercfg /setactive e9a42b02-d5df-448d-aa00-03f14749eb61 + + #Process Idle Tasks + Rundll32.exe advapi32.dll,ProcessIdleTasks + #Enable Num Lock on logon and lock screen Set-ItemProperty "HKU:\.DEFAULT\Control Panel\Keyboard" "InitialKeyboardIndicators" 2 @@ -247,6 +254,12 @@ Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening" fsutil behavior set memoryusage 2 #fsutil behavior set disablelastaccess 1 fsutil behavior set mftzone 2 + #https://github.com/djdallmann/GamingPCSetup/blob/master/CONTENT/DOCS/POSTINSTALL/README.md + fsutil behavior query Disabledeletenotify + fsutil behavior set DisableDeleteNotify 0 + #Optimize NTFS file system parameters to reduce updates to some of the metadata that is tracked. + fsutil behavior set disableLastAccess 1 + fsutil behavior set disable8dot3 1 $DriveLetters = (Get-WmiObject -Class Win32_Volume).DriveLetter ForEach ($Drive in $DriveLetters) { If (-not ([string]::IsNullOrEmpty($Drive))) { @@ -258,6 +271,81 @@ Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening" fsutil resource setconsistent "$Drive" } } + + #Windows Defender Exclusions + Add-MpPreference -ExclusionPath ${env:ProgramFiles(x86)}"\Steam\" + Add-MpPreference -ExclusionPath $env:LOCALAPPDATA"\Temp\NVIDIA Corporation\NV_Cache" + Add-MpPreference -ExclusionPath $env:PROGRAMDATA"\NVIDIA Corporation\NV_Cache" + Add-MpPreference -ExclusionProcess ${env:ProgramFiles(x86)}"\Common Files\Steam\SteamService.exe" + + #Disable Unrequired Services + #https://github.com/djdallmann/GamingPCSetup/tree/master/CONTENT/DOCS/SERVICES + #ActiveX Controlls and Policy Enforcement via GPU - Uncomment if not used + #Set-Service AxInstSV -StartupType Disabled + #Time Zone Automatic Update - Uncomment if not used + #Set-Service tzautoupdate -StartupType Disabled + #Uncomment if you don't use or plan to use Bluetooth devices + #Set-Service bthserv -StartupType Disabled + Set-Service dmwappushservice -StartupType Disabled + Set-Service MapsBroker -StartupType Disabled + Set-Service lfsvc -StartupType Disabled + Set-Service SharedAccess -StartupType Disabled + Set-Service lltdsvc -StartupType Disabled + Set-Service AppVClient -StartupType Disabled + Set-Service NetTcpPortSharing -StartupType Disabled + Set-Service CscService -StartupType Disabled + Set-Service PhoneSvc -StartupType Disabled + #Disable unless you use printers or scanners + #Set-Service Spooler -StartupType Disabled + #Disable unless you use printers or scanners + #Set-Service PrintNotify -StartupType Disabled + Set-Service QWAVE -StartupType Disabled + #Disable if you don't use or plan to use wifi etc + #Set-Service RmSvc -StartupType Disabled + Set-Service RemoteAccess -StartupType Disabled + Set-Service SensorDataService -StartupType Disabled + Set-Service SensrSvc -StartupType Disabled + Set-Service SensorService -StartupType Disabled + Set-Service ShellHWDetection -StartupType Disabled + #Disable if you don't use smart cards + #Set-Service SCardSvr -StartupType Disabled + ##Disable if you don't use smart cards + #Set-Service ScDeviceEnum -StartupType Disabled + Set-Service SSDPSRV -StartupType Disabled + #Disable if you don't use a scanner. + #Set-Service WiaRpc -StartupType Disabled + #Disable if you don't use these features. + #Set-Service TabletInputService -StartupType Disabled + Set-Service upnphost -StartupType Disabled + Set-Service UserDataSvc -StartupType Disabled + Set-Service UevAgentService -StartupType Disabled + Set-Service WalletService -StartupType Disabled + Set-Service FrameServer -StartupType Disabled + #Disable if you don't use image scanners + #Set-Service stisvc -StartupType Disabled + Set-Service wisvc -StartupType Disabled + Set-Service icssvc -StartupType Disabled + #Breaks Xbox Live Features - Uncomment if not used + #Set-Service XblAuthManager -StartupType Disabled + #Set-Service XblGameSave -StartupType Disabled + Set-Service SEMgrSvc -StartupType Disabled + Set-Service DiagTrack -StartupType Disabled + + #Remove Appx Packages (duplicate, but can't be too sure) + Get-AppxPackage *print3d* | Remove-AppxPackage + Get-AppxPackage *3dviewer* | Remove-AppxPackage + Get-AppxPackage *zune* | Remove-AppxPackage + Get-AppxPackage *minecraft* | Remove-AppxPackage + Get-AppxPackage *bing* | Remove-AppxPackage + Get-AppxPackage *skype* | Remove-AppxPackage + Get-AppxPackage *solitaire* | Remove-AppxPackage + Get-AppxPackage *candycrush* | Remove-AppxPackage + Get-AppxPackage *netflix* | Remove-AppxPackage + Get-AppxPackage *onenote* | Remove-AppxPackage + Get-AppxPackage *dolby* | Remove-AppxPackage + Get-AppxPackage *fitbit* | Remove-AppxPackage + Get-AppxPackage *feedback* | Remove-AppxPackage + Get-AppxPackage *yourphone* | Remove-AppxPackage #https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name "DefaultShell" -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType "String" -Force @@ -413,4 +501,4 @@ Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening" #Enable Sandboxing for Windows Defender setx /M MP_FORCE_USE_SANDBOX 1 -} \ No newline at end of file +}