search

Disassembler0 / Win10-Initial-Setup-Script

PowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019
MIT License
4.69k stars 1.08k forks source link

Some tweaks don't work on non admin #274

Closed imtrobin closed 4 years ago

imtrobin commented 4 years ago

Hi, I've tried on an Admin and non admin account. Some settings like HideTaskbarPeopleIcon, DisableShortcutInName, ShowKnownExtensions etc. works in Admin account but not for non admins. Is that supposed to be so?

Disassembler0 commented 4 years ago

Can't reproduce. From the 3 tweaks you've mentioned, all of them worked for a "Standard user" with no administrative permissions. All the tweaks touch just HKCU keys which are not part of any group policies, so I don't see any reason why it shouldn't work.

1) Please paste or attach your preset 2) Do you happen to have any of the script files (ps1, psm1, preset) on network shares? 3) a. Do you happen to use any antivirus software besides Defender? If so, check if the registry modificaten wasn't blocked by it. b. If you use Defender, did you enable any of the advanced protection mechanisms (e.g. Controlled folder access)?

imtrobin commented 4 years ago
  1. No
  2. No. It's a Win10 LTSC. I'm running it on the user account 
    
##########
# Win 10 / Server 2016 / Server 2019 Initial Setup Script - Default preset
# Author: Disassembler <disassembler@dasm.cz>
# Version: v3.8, 2019-09-11
# Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script
##########

Require administrator privileges

RequireAdmin

Privacy Tweaks

DisableTelemetry # EnableTelemetry DisableWiFiSense # EnableWiFiSense DisableSmartScreen # EnableSmartScreen DisableWebSearch # EnableWebSearch DisableAppSuggestions # EnableAppSuggestions DisableActivityHistory # EnableActivityHistory DisableBackgroundApps # EnableBackgroundApps DisableSensors # EnableSensors DisableLocation # EnableLocation DisableMapUpdates # EnableMapUpdates DisableFeedback # EnableFeedback DisableTailoredExperiences # EnableTailoredExperiences DisableAdvertisingID # EnableAdvertisingID DisableWebLangList # EnableWebLangList DisableCortana # EnableCortana DisableBiometrics # EnableBiometrics DisableCamera # EnableCamera DisableMicrophone # EnableMicrophone DisableErrorReporting # EnableErrorReporting

SetP2PUpdateLocal # SetP2PUpdateInternet

SetP2PUpdateDisable DisableDiagTrack # EnableDiagTrack DisableWAPPush # EnableWAPPush

EnableClearRecentFiles

DisableClearRecentFiles DisableRecentFiles # EnableRecentFiles

Security Tweaks

SetUACLow # SetUACHigh

EnableSharingMappedDrives # DisableSharingMappedDrives

DisableAdminShares # EnableAdminShares

DisableFirewall # EnableFirewall

HideDefenderTrayIcon # ShowDefenderTrayIcon DisableDefender # EnableDefender DisableDefenderCloud # EnableDefenderCloud

EnableCtrldFolderAccess # DisableCtrldFolderAccess

EnableCIMemoryIntegrity # DisableCIMemoryIntegrity

EnableDefenderAppGuard # DisableDefenderAppGuard

HideAccountProtectionWarn # ShowAccountProtectionWarn

DisableDownloadBlocking # EnableDownloadBlocking

DisableScriptHost # EnableScriptHost EnableDotNetStrongCrypto # DisableDotNetStrongCrypto

EnableMeltdownCompatFlag # DisableMeltdownCompatFlag

EnableF8BootMenu # DisableF8BootMenu

DisableBootRecovery # EnableBootRecovery

DisableRecoveryAndReset # EnableRecoveryAndReset

SetDEPOptOut # SetDEPOptIn

Network Tweaks

SetCurrentNetworkPrivate # SetCurrentNetworkPublic

SetUnknownNetworksPrivate # SetUnknownNetworksPublic

DisableNetDevicesAutoInst # EnableNetDevicesAutoInst

DisableHomeGroups # EnableHomeGroups

DisableSMB1 # EnableSMB1

DisableSMBServer # EnableSMBServer

DisableNetBIOS # EnableNetBIOS

DisableLLMNR # EnableLLMNR

DisableLLDP # EnableLLDP

DisableLLTD # EnableLLTD

DisableMSNetClient # EnableMSNetClient

DisableQoS # EnableQoS

DisableIPv4 # EnableIPv4

DisableIPv6 # EnableIPv6

DisableNCSIProbe # EnableNCSIProbe

DisableConnectionSharing # EnableConnectionSharing DisableRemoteAssistance # EnableRemoteAssistance

EnableRemoteDesktop

DisableRemoteDesktop

Service Tweaks

DisableUpdateMSRT # EnableUpdateMSRT

DisableUpdateDriver # EnableUpdateDriver EnableUpdateMSProducts # DisableUpdateMSProducts DisableUpdateAutoDownload # EnableUpdateAutoDownload DisableUpdateRestart # EnableUpdateRestart DisableMaintenanceWakeUp # EnableMaintenanceWakeUp DisableSharedExperiences # EnableSharedExperiences

EnableClipboardHistory

DisableClipboardHistory DisableAutoplay # EnableAutoplay DisableAutorun # EnableAutorun DisableRestorePoints # EnableRestorePoints

EnableStorageSense

DisableStorageSense DisableDefragmentation # EnableDefragmentation DisableSuperfetch # EnableSuperfetch DisableIndexing # EnableIndexing DisableSwapFile # EnableSwapFile DisableRecycleBin # EnableRecycleBin EnableNTFSLongPaths # DisableNTFSLongPaths

DisableNTFSLastAccess # EnableNTFSLastAccess

SetBIOSTimeUTC # SetBIOSTimeLocal

EnableHibernation

DisableHibernation DisableSleepButton # EnableSleepButton DisableSleepTimeout # EnableSleepTimeout DisableFastStartup # EnableFastStartup DisableAutoRebootOnCrash # EnableAutoRebootOnCrash

UI Tweaks

DisableActionCenter # EnableActionCenter DisableLockScreen # EnableLockScreen DisableLockScreenRS1 # EnableLockScreenRS1 HideNetworkFromLockScreen # ShowNetworkOnLockScreen HideShutdownFromLockScreen # ShowShutdownOnLockScreen DisableLockScreenBlur # EnableLockScreenBlur DisableAeroShake # EnableAeroShake DisableAccessibilityKeys # EnableAccessibilityKeys ShowTaskManagerDetails # HideTaskManagerDetails ShowFileOperationsDetails # HideFileOperationsDetails

EnableFileDeleteConfirm # DisableFileDeleteConfirm

HideTaskbarSearch # ShowTaskbarSearchIcon # ShowTaskbarSearchBox HideTaskView # ShowTaskView ShowSmallTaskbarIcons # ShowLargeTaskbarIcons

SetTaskbarCombineWhenFull # SetTaskbarCombineNever # SetTaskbarCombineAlways

SetTaskbarCombineNever HideTaskbarPeopleIcon # ShowTaskbarPeopleIcon

ShowTrayIcons # HideTrayIcons

ShowSecondsInTaskbar # HideSecondsFromTaskbar

DisableSearchAppInStore # EnableSearchAppInStore DisableNewAppPrompt # EnableNewAppPrompt HideRecentlyAddedApps # ShowRecentlyAddedApps HideMostUsedApps # ShowMostUsedApps

SetControlPanelSmallIcons # SetControlPanelLargeIcons # SetControlPanelCategories

SetControlPanelLargeIcons DisableShortcutInName # EnableShortcutInName

HideShortcutArrow # ShowShortcutArrow

SetVisualFXPerformance # SetVisualFXAppearance

EnableTitleBarColor # DisableTitleBarColor

EnableDarkTheme # DisableDarkTheme

AddENKeyboard # RemoveENKeyboard

EnableNumlock # DisableNumlock

DisableEnhPointerPrecision # EnableEnhPointerPrecision

SetSoundSchemeNone # SetSoundSchemeDefault

DisableStartupSound # EnableStartupSound DisableChangingSoundScheme # EnableChangingSoundScheme

EnableVerboseStatus # DisableVerboseStatus

DisableF1HelpKey # EnableF1HelpKey

Explorer UI Tweaks

ShowExplorerTitleFullPath # HideExplorerTitleFullPath

ShowKnownExtensions # HideKnownExtensions ShowHiddenFiles # HideHiddenFiles

ShowSuperHiddenFiles # HideSuperHiddenFiles

ShowEmptyDrives # HideEmptyDrives

ShowFolderMergeConflicts # HideFolderMergeConflicts

EnableNavPaneExpand

DisableNavPaneExpand

ShowNavPaneAllFolders # HideNavPaneAllFolders

EnableFldrSeparateProcess # DisableFldrSeparateProcess

EnableRestoreFldrWindows

DisableRestoreFldrWindows

ShowEncCompFilesColor # HideEncCompFilesColor

DisableSharingWizard # EnableSharingWizard HideSelectCheckboxes # ShowSelectCheckboxes HideSyncNotifications # ShowSyncNotifications HideRecentShortcuts # ShowRecentShortcuts SetExplorerThisPC # SetExplorerQuickAccess HideQuickAccess # ShowQuickAccess HideRecycleBinFromDesktop # ShowRecycleBinOnDesktop ShowThisPCOnDesktop # HideThisPCFromDesktop

ShowUserFolderOnDesktop # HideUserFolderFromDesktop

ShowControlPanelOnDesktop # HideControlPanelFromDesktop

ShowNetworkOnDesktop # HideNetworkFromDesktop

ShowBuildNumberOnDesktop # HideBuildNumberFromDesktop

HideDesktopFromThisPC # ShowDesktopInThisPC

HideDesktopFromExplorer # ShowDesktopInExplorer

HideDocumentsFromThisPC # ShowDocumentsInThisPC HideDocumentsFromExplorer # ShowDocumentsInExplorer HideDownloadsFromThisPC # ShowDownloadsInThisPC HideDownloadsFromExplorer # ShowDownloadsInExplorer HideMusicFromThisPC # ShowMusicInThisPC HideMusicFromExplorer # ShowMusicInExplorer HidePicturesFromThisPC # ShowPicturesInThisPC HidePicturesFromExplorer # ShowPicturesInExplorer HideVideosFromThisPC # ShowVideosInThisPC HideVideosFromExplorer # ShowVideosInExplorer Hide3DObjectsFromThisPC # Show3DObjectsInThisPC Hide3DObjectsFromExplorer # Show3DObjectsInExplorer HideIncludeInLibraryMenu # ShowIncludeInLibraryMenu HideGiveAccessToMenu # ShowGiveAccessToMenu

HideShareMenu # ShowShareMenu

DisableThumbnails # EnableThumbnails DisableThumbnailCache # EnableThumbnailCache DisableThumbsDBOnNetwork # EnableThumbsDBOnNetwork

Application Tweaks

DisableOneDrive # EnableOneDrive UninstallOneDrive # InstallOneDrive UninstallMsftBloat # InstallMsftBloat UninstallThirdPartyBloat # InstallThirdPartyBloat UninstallWindowsStore # InstallWindowsStore DisableXboxFeatures # EnableXboxFeatures

DisableFullscreenOptims # EnableFullscreenOptims

DisableAdobeFlash # EnableAdobeFlash DisableEdgePreload # EnableEdgePreload DisableEdgeShortcutCreation # EnableEdgeShortcutCreation DisableIEFirstRun # EnableIEFirstRun DisableFirstLogonAnimation # EnableFirstLogonAnimation DisableMediaSharing # EnableMediaSharing

UninstallMediaPlayer # InstallMediaPlayer

UninstallInternetExplorer # InstallInternetExplorer

UninstallWorkFolders # InstallWorkFolders

UninstallPowerShellV2 # InstallPowerShellV2

InstallLinuxSubsystem # UninstallLinuxSubsystem

InstallHyperV # UninstallHyperV

InstallNET23 # UninstallNET23

SetPhotoViewerAssociation # UnsetPhotoViewerAssociation AddPhotoViewerOpenWith # RemovePhotoViewerOpenWith UninstallPDFPrinter # InstallPDFPrinter UninstallXPSPrinter # InstallXPSPrinter RemoveFaxPrinter # AddFaxPrinter UninstallFaxAndScan # InstallFaxAndScan

Server Specific Tweaks

HideServerManagerOnLogin # ShowServerManagerOnLogin

DisableShutdownTracker # EnableShutdownTracker DisablePasswordPolicy # EnablePasswordPolicy DisableCtrlAltDelLogin # EnableCtrlAltDelLogin DisableIEEnhancedSecurity # EnableIEEnhancedSecurity EnableAudio # DisableAudio

Unpinning

UnpinStartMenuTiles UnpinTaskbarIcons

Auxiliary Functions

WaitForKey Restart

Disassembler0 commented 4 years ago

Well, if this is the preset you're runing as unprivileged user, then no wonder. The very first thing this preset does is asking for elevation - so you enter some credentials and from then on all user setting (including the registry) is taken from that user you're impersonating, so you're effectively applying the tweaks for that user who's credentials you have entered.

If you want to run the tweaks for unprivileged user, you need to create a separate preset which won't include RequireAdmin and all other tweaks usable only by admin. See comments in #29 for some more tips for multiuser environments.

imtrobin commented 4 years ago

Thanks, make sense. So then it's a bit hard for me to know which is admin, which is not. Will it be group nicely in near future?

Disassembler0 commented 4 years ago

Right now, the only way is to skim through the script and see what the tweaks do and which registry keys they modify (which you should do anyway). In the near future, there will be a wiki (#225) or some spreadsheet containing that info.