Add more scripts

[undergroundwires]

Based on comment in #15

• Do not let apps accesss my name, picture, and other account info
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /t REG_SZ /v "Value" /d DENY /f
• Do not let apps access my calendar
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}" /t REG_SZ /v "Value" /d DENY /f
• Do not let apps use camera
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}" /t REG_SZ /v "Value" /d DENY /f
• Do not let apps access my contacts
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{7D7E8402-7C54-4821-A34E-AEEFD62DED93}" /t REG_SZ /v "Value" /d DENY /f
• (already exists) Do not let apps access my location
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /t REG_SZ /v "Value" /d DENY /f
• Do not let apps access text/mms
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}" /t REG_SZ /v "Value" /d DENY /f
• (already exists) Do not let apps use microphone
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}" /t REG_SZ /v "Value" /d DENY /f
• Do not let apps share and sync non-explicitly paired wireless devices over uPnP
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" /t REG_SZ /v "Value" /d DENY /f
• Do not let apps access radios
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /t REG_SZ /v "Value" /d DENY /f
• Disable Advertising ID
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /t REG_DWORD /v Enabled /d 0 /f
• (already exists) Set feedback frequency to zero
  • reg add "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /t REG_DWORD /v NumberOfSIUFInPeriod /d 0 /f
  • https://www.tenforums.com/tutorials/2441-change-feedback-frequency-windows-10-a.html
• (already exists) Disable smartscreen
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /t REG_DWORD /v EnableWebContentEvaluation /d 0 /f
• Do not send typing info to microsoft
  • (already exists) reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /t REG_DWORD /v Enabled /d 0 /f
  • (already exists) reg add "HKCU\SOFTWARE\Microsoft\Personalization\Settings" /t REG_DWORD /v AcceptedPrivacyPolicy /d 0 /f
  • reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /t REG_DWORD /v Enabled /d 0 /f
  • (already exists) reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization" /t REG_DWORD /v RestrictImplicitTextCollection /d 1 /f
  • (already exists) reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization" /t REG_DWORD /v RestrictImplicitInkCollection /d 1 /f
  • (already exists) reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /t REG_DWORD /v HarvestContacts /d 0 /f
• Disable Automatic Installation of Microsoft Edge Chromium
  • reg add HKLM\SOFTWARE\Microsoft\EdgeUpdate /v DoNotUpdateToEdgeWithChromium /t REG_DWORD /d 1
  • https://www.tenforums.com/tutorials/146650-disable-installation-microsoft-edge-windows-update-windows-10-a.html

[ghost]

Dear Brother i have hundreds of reg files & i am working on privacy script downloaded from your domain to make it All in One Debloat , Privacy & Telemetry Script accroding to my needs for 100 percent debloated private & hardend win10 plus which will work as $OEM$ setupcomplete cmd method too for clean win10 installation in a private environment.

One more request to be taken under review :

:: ----------------------------------------------------------
:: -------------Remove This PC Libraries-------------------
:: ----------------------------------------------------------
echo --- Remove Libraries
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{d3162b92-9365-467a-956b-92703aca08af}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{d3162b92-9365-467a-956b-92703aca08af}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{374DE290-123F-4565-9164-39C4925E467B}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{088e3905-0323-4b02-9826-5d99428e115f}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{374DE290-123F-4565-9164-39C4925E467B}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{088e3905-0323-4b02-9826-5d99428e115f}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f
:: ----------------------------------------------------------

:: ----------------------------------------------------------
:: ------------ Remove Onedrive & All Traces-----------------
:: ----------------------------------------------------------
echo --- Remove OneDrive and All Traces for clean install
Taskkill /F /IM OneDrive.exe
%SystemRoot%\System32\OneDriveSetup.exe /uninstall
%SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall
rd "%UserProfile%\OneDrive" /Q /S
rd "%LocalAppData%\Microsoft\OneDrive" /Q /S
rd "%ProgramData%\Microsoft OneDrive" /Q /S
rd "C:\OneDriveTemp" /Q /S
reg delete "HKEY_CLASSES_ROOT\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
reg delete "HKEY_CLASSES_ROOT\Wow6432Node\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
:: ----------------------------------------------------------

:: ----------------------------------------------------------
:: --------------------Disable Unwanted Features----------
:: ----------------------------------------------------------
echo --- Disable Features for clean install
Dism /online /Disable-Feature /FeatureName:"SMB1Protocol"
Dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2Root"
Dism /online /disable-feature /featurename:"SmbDirect"
Dism /online /disable-feature /featurename:"Printing-XPSServices-Features"
Dism /online /disable-feature /featurename:"Printing-Foundation-Features"
Dism /online /disable-feature /featurename:"Printing-Foundation-InternetPrinting-Client"
Dism /online /disable-feature /featurename:"WorkFolders-Client"
Dism /online /disable-feature /featurename:"WCF-TCP-PortSharing45"
Dism /online /disable-feature /featurename:"MSRDC-Infrastructure"
Dism /online /disable-feature /featurename:"MediaPlayback"
:: ----------------------------------------------------------

:: ----------------------------------------------------------
:: --------------------Remove Printers-----------------------
:: ----------------------------------------------------------
echo --- Remove Extra Printers and Set Print to PDF as Default printer
printui.exe /dl /n "Fax"
printui.exe /dl /n "Microsoft XPS Document Writer"
wmic printer where name="Microsoft Print to PDF" call setdefaultprinter
:: ----------------------------------------------------------

:: ----------------------------------------------------------
:: -------------Disable Reserved Storage--------------------
:: ----------------------------------------------------------
echo --- Disable Reserved Storage
DISM /online /Set-ReservedStorageState /State:Disabled
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager" /v "MiscPolicyInfo" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager" /v "ShippedWithReserves" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager" /v "PassedPolicy" /t REG_DWORD /d "0" /f
:: ----------------------------------------------------------

:: ----------------------------------------------------------
:: --Add Extract All for MSI Package and Install Cab Files--
:: ----------------------------------------------------------
echo --- Add Extract All for MSI Package and Install Cab Files
reg add "HKCR\Msi.Package\shell\Extract" /v "MUIVerb" /t REG_SZ /d "@shell32.dll,-31382" /f
reg add "HKCR\Msi.Package\shell\Extract" /v "Icon" /t REG_SZ /d "shell32.dll,-16817" /f
reg add "HKCR\Msi.Package\shell\Extract\Command" /ve /t REG_SZ /d "msiexec.exe /a "%%1" /qb TARGETDIR="%%1 extracted"" /f
reg delete "HKCR\CABFolder\Shell\runas" /f
reg add "HKCR\CABFolder\Shell\runas" /ve /t REG_SZ /d "Install Package" /f
reg add "HKCR\CABFolder\Shell\runas" /v "MUIVerb" /t REG_SZ /d "@shell32.dll,-10210" /f
reg add "HKCR\CABFolder\Shell\runas" /v "HasLUAShield" /t REG_SZ /d "" /f
reg add "HKCR\CABFolder\Shell\runas" /v "NeverDefault" /t REG_SZ /d "" /f
reg add "HKCR\CABFolder\Shell\runas\Command" /ve /t REG_SZ /d "CMD /K Dism /Online /Add-Package /PackagePath:"%%1" /NoRestart & Pause" /f
:: ----------------------------------------------------------

Turn Hibernate off for clean install
powercfg -h off

Clear Windows product Key from Registry
slmgr /cpky

[ghost]

Remove Default Apps Associations :
dism /online /Remove-DefaultAppAssociations

:: ----------------------------------------------------------
:: -------- Add This PC and Control Panel to Desktop --------
:: ----------------------------------------------------------
echo --- Add This PC and Control Panel to Desktop
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" /t REG_DWORD /d "0" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" /t REG_DWORD /d "0" /f
:: ----------------------------------------------------------

:: ----------------------------------------------------------
:: ------------------Remove Capabilities---------------------
:: ----------------------------------------------------------
echo --- Remove Unwanted Capabilities
dism /online /Remove-Capability /CapabilityName:App.StepsRecorder~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:App.Support.QuickAssist~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:Browser.InternetExplorer~~~~0.0.11.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:Hello.Face.18967~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:Hello.Face.Migration.18967~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:MathRecognizer~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:Media.WindowsMediaPlayer~~~~0.0.12.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:Microsoft.Windows.PowerShell.ISE~~~~0.0.1.0 /Norestart
dism /online /Remove-Capability /CapabilityName:OneCoreUAP.OneSync~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:OpenSSH.Client~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:Print.Fax.Scan~~~~0.0.1.0 /NoRestart
dism /online /Remove-Capability /CapabilityName:Print.Management.Console~~~~0.0.1.0 /NoRestart
:: ----------------------------------------------------------

:: ----------------------------------------------------------
:: --------------Disable Extra Services----------------------
:: ----------------------------------------------------------
echo --- Disable Extra Services
sc stop "DusmSvc" & sc config "DusmSvc" start=disabled
sc stop "DoSvc" & sc config "DoSvc" start=disabled
sc stop "lfsvc" & sc config "lfsvc" start=disabled
sc stop "MessagingService" & sc config "MessagingService" start=disabled
sc stop "MapsBroker" & sc config "MapsBroker" start=disabled
sc stop "NetTcpPortSharing" & sc config "NetTcpPortSharing" start=disabled
sc stop "OneSyncSvc" & sc config "OneSyncSvc" start=disabled
sc stop "PimIndexMaintenanceSvc" & sc config "PimIndexMaintenanceSvc" start=disabled
sc stop "PcaSvc" & sc config "PcaSvc" start=disabled
sc stop "RemoteAccess" & sc config "RemoteAccess" start=disabled
sc stop "RemoteRegistry" & sc config "RemoteRegistry" start=disabled
sc stop "RetailDemo" & sc config "RetailDemo" start=disabled
sc stop "RasMan" & sc config "RasMan" start=disabled
sc stop "SysMain" & sc config "SysMain" start=disabled
sc stop "swrpc" & sc config "swprv" start= demand
sc stop "SharedAccess" & sc config "SharedAccess" start=disabled
sc stop "TrkWks" & sc config "TrkWks" start=disabled
sc stop "UnistoreSvc" & sc config "UnistoreSvc" start=disabled
sc stop "UserDataSvc" & sc config "UserDataSvc" start=disabled
sc stop "VSS" & sc config "VSS" start= demand
sc stop "WbioSrvc" & sc config "WbioSrvc" start=disabled
sc stop "WpnService" & sc config "WpnService" start=disabled
sc stop "XblAuthManager" & sc config "XblAuthManager" start=disabled
sc stop "XblGameSave" & sc config "XblGameSave" start=disabled
sc stop "XboxNetApiSvc" & sc config "XboxNetApiSvc" start=disabled
net stop DPS & del /F /S /Q /A "%windir%\System32\sru*" & net start DPS
:: ----------------------------------------------------------

At the end of script i have added somthing more :
:: ----------------------------------------------------------
:: ------- Clear Win Event logs and SR Backup -------------
:: ----------------------------------------------------------
echo --- Clear Win Event logs and SR Backup
for /f "tokens=*" %%G in ('wevtutil.exe el') DO (wevtutil.exe cl %1 "%%G")
vssadmin delete shadows /all /quiet
:: ----------------------------------------------------------

echo.
echo Your System is about to Restart Kindly save your Unsaved Work within 30 seconds.
shutdown /r /f /t 30
:: End ::

Now its a pure private win10 i am working on . Thanks a lot to Nir Sofer for assisting me to use reg from app & many other Awesome utilities he has developed to make our work more n more simpler then before.
After all these tweaks i have installed simplewall external firewall & get go to my 100% private win10 2004 build 19041.264 Virtual Machine Guest OS.
Used customized privacy script via $OEM$ Method setupcomplete cmd & it worked flawlessly now . user dont have to do even a single setting after using it as everything will be customized by privacy script.

Thanks a lot lot to you brother Undergroundwires for creating such an awesome project .

[undergroundwires]

I also use simplewall. It's a pretty nice GUI for Windows networking rules.

Calling sc stop before sc config is pretty good idea. So I added that all lines with sc config in #
a830173 😎 I'm working on adding rest of the stuff you posted here.

I'm happy that you're happy and it helped someone else too 😃 You've been the biggest contributor here after me so thanks, anyone looking at git history will see your name 👍

I'd also want to make this tool more popular. Do you have any idea to how to achieve that? Recommending to friends is always nice.. Many black-boxed closed-source tools (who knows what they do?) are more popular than this. There's no income so no marketing budget, on the contrary it costs me money to keep it public 😀 I'd really like to hear your opinions on how to publicize.

[undergroundwires]

With 3edc6a8, I renamed "uninstall apps" category to "remove bloatware" & added:

• Disable capabilities & features on demand (all of the possible ones & your code excluding Hello.Face.18967, Hello.Face.Migration.18967 as they appear to be obsolute )
• Remove Onedrive & All Traces (your code)
• Disable built-in Windows features (your code + some more)

Awesome recommendations, very cool working with you 👌🏿 I will deploy everything when all of them are implemented.

I have a question regarding Add Extract All for MSI Package and Install Cab Files. I don't really understand what it does. Would you mind enplaning the lines for me?

[ghost]

brother Add Extract All for MSI Package and Install Cab Files are added to contxt menu so that when somebody have a msi package & he or she dont want to install it rather want to extract its files to a directory then he or she will chhose that msi package right click in it & extract will apper there when he or she will click on extract the msi package will be extracted to a new directory at same path with same name as it is for that msi package name.
second install cab is also a context menu tweak to add install for cab packages to context menu as its not there by default in win10.
i will be adding more n more tweaks after my requests got added to your project till date. i still have 35 reg file tweaks left in my tweaks directory for win 10 .
all batch files in same tweaks directory are already requested to you to look at & add them to your awesome project project.

Brother i think it will be good to create an executable after we both will finish each & every tweak deployed into your project with on off switches like it is in oo software shutup app which i think will be a good idea & then its your decision to create two executables one will be free for publicity purpose & second will be ultimate version which will be paid but you must decide what will be the difference between both so that you will earn expenses for your project maintainance & upgrades plus domain name & hosting charges too. its just a suggestion from my side as i am just a beginner in front of you.

| Disk2019 |

[ghost]

Based on comment in #15

* Do not let apps accesss my name, picture, and other account info
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps access my calendar
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps use camera
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps access my contacts
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{7D7E8402-7C54-4821-A34E-AEEFD62DED93}" /t REG_SZ /v "Value" /d DENY /f`

* **(already exists)** Do not let apps access my location
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps access text/mms
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}" /t REG_SZ /v "Value" /d DENY /f`

* **(already exists)** Do not let apps use microphone
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps share and sync non-explicitly paired wireless devices over uPnP
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps access radios
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /t REG_SZ /v "Value" /d DENY /f`

* Disable Advertising ID
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /t REG_DWORD /v Enabled /d 0 /f`

* **(already exists)** Set feedback frequency to zero
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /t REG_DWORD /v NumberOfSIUFInPeriod /d 0 /f`
  * https://www.tenforums.com/tutorials/2441-change-feedback-frequency-windows-10-a.html

* **(already exists)** Disable smartscreen
  
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /t REG_DWORD /v EnableWebContentEvaluation /d 0 /f`

* Do not send typing info to microsoft
  
  * **(already exists)** `reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /t REG_DWORD /v Enabled /d 0 /f`
  * **(already exists)** `reg add "HKCU\SOFTWARE\Microsoft\Personalization\Settings" /t REG_DWORD /v AcceptedPrivacyPolicy /d 0 /f`
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /t REG_DWORD /v Enabled /d 0 /f`
  * **(already exists)**  `reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization" /t REG_DWORD /v RestrictImplicitTextCollection /d 1 /f`
  * **(already exists)**  `reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization" /t REG_DWORD /v RestrictImplicitInkCollection /d 1 /f`
  * **(already exists)**  `reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /t REG_DWORD /v HarvestContacts /d 0 /f`

* Disable Automatic Installation of Microsoft Edge Chromium
  
  * ` reg add HKLM\SOFTWARE\Microsoft\EdgeUpdate /v DoNotUpdateToEdgeWithChromium /t REG_DWORD /d 1`
  * https://www.tenforums.com/tutorials/146650-disable-installation-microsoft-edge-windows-update-windows-10-a.html

please update typo mistake :
reg add HKLM\SOFTWARE\Microsoft\EdgeUpdate /v DoNotUpdateToEdgeWithChromium /t REG_DWORD /d 1 /f

/f must be there in last to force reg tweak be merged into hive
or we can say
/f Adds the registry entry without prompting for confirmation

[undergroundwires]

/f mistake
Fixed it, thank you for reviewing and finding out! Awesome 🕺🏿

contributor list
You appear here, it's based on git history. When we do pull requests etc. your name appear.

I think it's great that you contribute in a open-source project and the department should be happy to have someone with open-source background. There's much to learn when doing that, I'd even bring it up in interviews/CV. I'd be happy to you give credit.

But I respect your choice. I can go in and rewrite the git history to get rid of your name. You now appear as Disk2019 <66840531+Disk2019@users.noreply.github.com> in git history. I can change it to anything we'd like, I just need a username and e-mail address (does not need to be users.noreply.github.com, it can be anything).

Add Extract All for MSI Package and Install Cab Files

Thanks for the explanation 😀 Now I know exactly what it does.

create an executable after we both will finish each & every tweak

It's actually possible with electron, so we can do both website export and also create an executable from the website using the same code base. I was also thinking about it for a while, would be fun to look at how to do it, never worked with electron before so it'd take some time. I might look at it in the future just to learn and to have fun, I'm open to any contribution to help.

on/off switches

It'd be great. But there are too many scripts. I cannot do a revert script for all of them due to time constraints.

ultimate version

This is actually a great idea. I don't have much time to drive it though. Commercializing, selling, licensing etc. Much simpler to open-source it and pay little bit to help the community 😀

[undergroundwires]

net stop DPS & del /F /S /Q /A "%windir%\System32\sru*" & net start DPS

This one forces start of DPS service which might be never running (stopped/disabled by the user). So I added check if it's running, and stopping & starting it only if it was running.

@echo off 
setlocal EnableDelayedExpansion 
	SET /A dps_service_running=0
	SC queryex "DPS"|Find "STATE"|Find /v "RUNNING">Nul||(
		SET /A dps_service_running=1
		net stop DPS
	)
	
	REM del /F /S /Q /A "%windir%\System32\sru*"
	
	IF !dps_service_running! == 1 (
		echo "Was running"
		net start DPS
	) ELSE (
		echo "Was not running"
	)
endlocal

[undergroundwires]

I've gone through everything. There are some golden tweaks & gems, thank you a lot again for collecting everything. I'm also learning a lot from you!

Added

Script	Category
Clear Windows Product Key from Registry	Privacy cleanup
Turn hibernate off to disable sleep for quick start	UI for privacy
Disable Reserved Storage	Advanced settings
Disable unsafe SMBv1 protocol	Security improvements
Disable PowerShell 2.0 against downgrade attacks	Security improvements
Clear Win Event logs	Privacy cleanup
Clear volume backups (shadow copies)	Privacy cleanup
Windows Push Notification Service	Disable OS services
Disable Xbox services	Disable OS services
Windows Biometric Service	Disable OS services
Clear (Reset) Network Data Usage	Privacy Cleanup

Not added

• They're useful and good but this project had only scope of having more privacy. Then added some "security improvements" and now we added "removing bloatware" categories. There's no stop if we keep adding stuff so I'd say we stop at security + privacy + removing bloatware.
  • Add This PC and Control Panel to Desktop
    • Instead I added Hide from This PC and Browse in dialog boxes section in UI for privacy with ability to hide 3D Objects, Desktop, Documents, Downloads and Movies.
  • Add Extract All for MSI Package and Install Cab Files
  • Remove Printers: I runned it myself, very good, boring to see Fax & XPS stuff. Who uses them anyway.. But still I believe this tweak does not belong here.
• I've also decided not to add disabling following services, mostly because not messing with OS if there's no clear need e.g.vulnerability/privacy issues:
  • RasMan
    • Remote Access Service Manager
    • Needed for VPN, so it actually makes harder to reach privacy
  • SysMain
    • This is mostly disabled to minize SSD writes.
    • Feels unnecessary to kill it for modern SSDs.
  • swrpc: Repair System Restore
    • Default is already on demand
    • Does not exist on Windows 10, probably legacy
  • SharedAccess
    • Does not run as default (only manually)
  • DusmSvc
    • What's the reason to stop this?
  • RemoteAccess
    • Not windows 10, probably a legacy service
  • TrkWks: Distributed Link Tracking Client
    • Used by other programms
    • Links NTFS files within your computer or across a domain
    • Why disable at all?
  • RemoteRegistry
    • Legacy service, does not exist in Win10

[undergroundwires]

I made a new release. So changes are now up in https://privacy.sexy , you can see all of the changes in same place here. I appreciate your feedback when you have time to look at them 🍻

When I was checking active services I also realized that Microsoft started to pop up services with random strings appended to make it harder to configure them. You can see those by checking all services sc query state = all
There are services that look line e.g. : WpnUserService_1cff74.

Behavior is explained here, and a way to disable them is brought up here.

Those strings are random for everyone, so we need to a smarter script that'll first recognize those strings and then go to registry and edit them in each run. I don't think that it'll be clean & easy to achieve this with batch, but I guess we need to solve it otherwise we're not really disabling many of the services...

[ghost]

Brother i know about sc query instaed this cmd will be usefull & will save all services state to dektop in a txt format :

sc query state= all>%UserProfile%\Desktop\Services.txt
There must not be space after state . Thanks a lot . I am finished requesting all my suggestions .

Regards,
[ Disk2019 ]
Associate Member @ Anon Ops India.

[undergroundwires]

Thanks for everything @Disk2019 , I played around making the application desktop app and it's much easier than I thought. I will do it as next big step when I have time. Your help was great, and much appreciated, you're more than welcome if you come up with something, just create a new issue when you feel like it. 🙏🏿🍻

[ghost]

Current User Policy Reg Tweak.
I have seen that script only apply group policy reg tweaks to local machine but not the current user. so i am uploading my own group policy reg tweaks for current user.
CurrentUserPolicy.reg.txt

App used to export reg tweak applied to current user group policy is Policy Plus by Fleex255
https://github.com/Fleex255/PolicyPlus

[ghost]

Plus one more request to kindly start 0.6 0.7 0.8 0.9 after 0.5.0 is plublished & final version1 might be as executable with all tweaks integerated till that date.
hope it will have all tweaks in form of a on off switch like is in oo software shutup app ,

[undergroundwires]

Executable

Let's do it with next version already. An offline version would be good for better privacy & also I can kill the website and still have the application installable if I get poor 😀. I created #20 , I will prioritize it & look at it in my free time. Would take for a while.

Current User Policy Reg Tweak.

Thanks! Can you check the ones that does not already exists in application.yml and create a new issue with batch commands as you did here? Or even better if you can do a pull request directly. Then we can work together on it there.

On/off switch

I can implement this functionality on UI, it would be easy but the hardest part is to find commands for doing the opposite of stuff we are doing now. Here I need help from the community, I cannot do it alone.

[mikhoul]

Found this:

Those strings are random for everyone, so we need to a smarter script that'll first recognize those strings and then go to registry and edit them in each run. I don't think that it'll be clean & easy to achieve this with batch, but I guess we need to solve it otherwise we're not really disabling many of the services...

# These services must be disabled through Registry
    $services = @(
        "CDPSvc"									# Used during connecting with Bluetooth devices and Printers, scanners, music players, mobile phones, cameras, etc. + related to the time line + Android ,Xbox Live or any other Bluetooth devices 
        "CDPUserSvc"
        "CDPUserSvc_*"
        "DevicesFlowUserSvc_*"						#  On 2-in-1 devices, Windows 10 will move easily between keyboard and mouse and touch and tablet as it detects the transition and conveniently switches to the new mode
        "EntAppSvc"									# Deployement d'apps en entreprise
        "MessagingService_*"						# Service supporting text messaging and related functionality With Phone App
        "OneSyncSvc"								# Sync mail, contacts, calendar, MS account, OneDrive and various other user data. Mail and other applications dependent on this functionality
        "OneSyncSvc_*"								# Sync mail, contacts, calendar, MS account, OneDrive and various other user data. Mail and other applications dependent on this functionality
        "PimIndexMaintenanceSvc"					# Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
        "PimIndexMaintenanceSvc_*" 					# Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
        #"PrintWorkflowUserSvc_*"					# À tester pour voir si ça roule toujours en arrière plan
        "UnistoreSvc"								# Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly
        "UnistoreSvc_*"								# Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly
        "UserDataSvc"								# Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly
        "UserDataSvc_*"								# Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly
        #"WinHttpAutoProxySvc"						# Pour accéder à Internet avec un proxy
        "WpnUserService"							# Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
        "WpnUserService_*"							# Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
    )

    foreach ($service in $services) {
        $exists = Get-Service -Name $service -ErrorAction SilentlyContinue
        if ($exists) {
            $start = Get-ItemPropertyValue -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$service" -Name Start
            if ($start -ne "4") {
                Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$service" -Name Start -Value 4 -ErrorVariable e -ErrorAction SilentlyContinue
                if (!$e) {
                    Write-Verbose -Message "[+] Service ($service) Disabled"
                } else {
                    Write-Verbose -Message "[ ] Service ($service) Not Disabled"
                }
            } else {
                Write-Verbose -Message "[-] Service ($service) Already Disabled"
            }
        } else {
            Write-Warning -Message "[ ] Service ($service) Does Not Exist"
        }
    } 

More Information here: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/fde79396c17f3d2d0c922b14e8fef513d8b60d4f/windows/application-management/per-user-services-in-windows.md

Regards

[undergroundwires]

Thanks @mikhoul 🤗! I can take a look at this after #53 is merged, I don't want to add anything with PowerShell before it.

From now on let's create issues instead of continuing the discussions here so I can track & manage them separately.