PowerShell: Windows 10 Preparation Script

Set PowerShell execution policy prior to running script as an Administrator

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Confirm:$False -Force
function removeBloatware{
# Set protocol to TLS1.2 to avoid this error: Exception calling "DownloadFile" with "2" argument(s): "The request was aborted: Could not create SSL/TLS secure channel."
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$bloatwareRemovalDownload="https://github.com/Sycnex/Windows10Debloater/archive/master.zip"
$bloatwareRemovalDestination="C:\Temp\Windows10Debloater-master.zip"
(New-Object System.Net.WebClient).DownloadFile($bloatwareRemovalDownload, $bloatwareRemovalDestination)
$destination="C:\Temp"
expand-archive -path $bloatwareRemovalDestination -DestinationPath $destination
PowerShell.exe -executionpolicy bypass -File C:\Temp\Windows10Debloater-master\Windows10Debloater.ps1 -Confirm:$False

# Disable Windows Media (a vector of attack surface from malware)
Disable-WindowsOptionalFeature –FeatureName "WindowsMediaPlayer" -Online

# Disable XPS
Disable-WindowsOptionalFeature -Online -FeatureName "Printing-XPSServices-Features"

# Workfolder Client
Disable-WindowsOptionalFeature -Online -FeatureName "WorkFolders-Client"

# SMB1
Disable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol","SMB1Protocol-Client","SMB1Protocol-Server"

# Remove Windows Store
Get-AppxPackage -AllUsers | Where-Object {$_.Name -like "Microsoft.WindowsStore*"} | remove-appxpackage
}

function updateWindows{
# Set PowerShell Gallery as Trusted to bypass prompts
$trustPSGallery=(Get-psrepository -Name 'PSGallery').InstallationPolicy
If($trustPSGallery -ne 'Trusted'){
Install-PackageProvider -Name NuGet -Force
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted -InformationAction SilentlyContinue
}

#Install the PowerShell Windows Update module
$checkModule=Get-Module -ListAvailable -Name PSWindowsUpdate
if(!($checkModule)){Install-Module PSWindowsUpdate -Confirm:$false;}

# Register Windows Update Service if it has not been registered
$MicrosoftUpdateID="7971f918-a847-4430-9279-4a52d1efe18d"
$registered=$MicrosoftUpdateID -in (Get-WUServiceManager).ServiceID
if (!($registered)){
Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d -Confirm:$false
}

# Perform Updates
Get-WindowsUpdate -AcceptAll -MicrosoftUpdate -Install -IgnoreReboot;
"Windows Updated.";
}

function installChoco{
# Install Chocolatey if it's not already available
#$chocoInstalled=Test-Path -Path "$env:ProgramData\Chocolatey"

if (!(Get-Command choco.exe -ErrorAction SilentlyContinue)) {
# Install Chocolatey if Choco.exe yields negative
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

}

# Install commonly used packages
$packages = 'googlechrome','firefox', 'git', 'notepadplusplus','atom','adobereader','7zip','javaruntime','vlc','putty','sysinternals','transmission','ccleaner','everything','keyfinder','lockhunter','unlocker','filezilla','partitionwizard','recuva','sandboxie','speccy','quicklook','honeyview','keepass','winscp','poweriso','rdm','pdfcreator','mremoteng','advanced-ip-scanner','textpad','openssl.light'
ForEach ($package in $packages)
{
choco install $package -y
}
}

function cleanWindows{
"Disable startup repair..."
bcdedit /set {current} recoveryenabled no

"Clear Windows Update Cache..."
Dism.exe /online /Cleanup-Image /StartComponentCleanup

"Delete files in Temp directory..."
del C:\Temp\*.* -Recurse -Force

"Prune Event Logs..."
wevtutil el | Foreach-Object {wevtutil cl "$_"}

"Performing Disk Cleanup..."
$HKLM = [UInt32] "0x80000002"
$strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches"
$strValueName = "StateFlags0065"

$subkeys = gci -Path HKLM:\$strKeyPath -Name
ForEach ($subkey in $subkeys) {
New-ItemProperty -Path HKLM:\$strKeyPath\$subkey -Name $strValueName -PropertyType DWord -Value 2 -ErrorAction SilentlyContinue| Out-Null
Start-Process cleanmgr -ArgumentList "/sagerun:65" -Wait -NoNewWindow -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
}
ForEach ($subkey in $subkeys) {
Remove-ItemProperty -Path HKLM:\$strKeyPath\$subkey -Name $strValueName | Out-Null
}
}

function setPowerMax{
powercfg /setactive SCHEME_MIN
powercfg /hibernate off
}

removeBloatware;
installChoco;
updateWindows;
cleanWindows;
setPowerMax;

Leave a Reply

Your email address will not be published. Required fields are marked *