Windows-Optimize-Debloat

For those who seek to minimize their Windows 10 and 11 installs.

Note: This script should work for most, if not all, systems without issue. While @SimeonOnSecurity creates, reviews, and tests each repo intensivly, we can not test every possible configuration nor does @SimeonOnSecurity take any responsibility for breaking your system. If something goes wrong, be prepared to submit an issue. Do not run this script if you don't understand what it does.

Introduction:

Windows 10 and 11 is are invasive and insecure operating system out of the box. Organizations like Microsoft, PrivacyTools.io, and others have recommended configuration changes to optimize and debloat the Windows 10 operating system. These changes are include blocking telemetry, deleting logs, and removing bloatware to name a few. This script aims to automate the configurations recommended by those organizations.

Notes:

• This script is designed for operation in primarily Personal Use environments.
• This script is designed in such a way that the optimizations, unlike some other scripts, will not break core windows functionality.
  • Features like Windows Update, Windows Defender, the Windows Store, and Cortona have been restricted, but are not in a disfunctional state like most other Windows 10 Privacy scripts.
• If you seek a minimized script targeted only to commercial environments, please see this GitHub Repository

Requirements:

• [X] Windows 10/11 Enterprise, Windows 10 Professional, or Windows 10 Home
  • Windows Home does not allow for GPO configurations.
  • Script will still work but not all settings will apply.
  • Windows "N" Editions are not tested.
  • Run the Windows 10 Upgrade Assistant to update and verify latest major release.

Additions, notable changes, and bugfixes:

This script adds, removes, and changes settings on your system. Please review the script before running it.

Browsers:

• Browsers will have additional extentions installed to aid in privacy and security.
  • See here for additional information.
• Browsers extension management and other enterprise settings are set. For instructions on how to see these options, you'll need to look at the GPO instructions below.

Fixing Microsoft Account or Xbox Services:

This is because we block signing into microsoft accounts. Microsoft's telemetry and identity association is frowned upon. However, if you still wish to use these services see the following issue tickets for the resolution:

• https://github.com/simeononsecurity/Windows-Optimize-Harden-Debloat/issues/1
• https://github.com/simeononsecurity/Windows-Optimize-Harden-Debloat/issues/16
• https://github.com/simeononsecurity/Windows-Optimize-Harden-Debloat/issues/22

Editing policies in Local Group Policy after the fact:

If you need to modify or change a setting, they are most likely configurable via GPO:

• Import the ADMX Policy definitions from this repo into C:\windows\PolicyDefinitions on the system you're trying to modify.

• Open gpedit.msc on on the system you're trying to modify.

A list of scripts and tools this collection utilizes:

• Microsoft Security Compliance Toolkit 1.0

Additional configurations were considered from:

• BuiltByBel - PrivateZilla
• MelodysTweaks - Basic Tweaks
• Microsoft - Managing Windows 10 Telemetry and Callbacks
• Microsoft - Windows 10 Privacy
• Microsoft - Windows 10 VDI Recomendations
• Mirinsoft - SharpApp
• Mirinsoft - debotnet
• UnderGroundWires - Privacy.S**Y
• Sycnex - Windows10Debloater
• The-Virtual-Desktop-Team - Virtual-Desktop-Optimization-Tool
• TheVDIGuys - Windows 10 VDI Optimize
• W4H4WK - Debloat Windows 10

How to run the script:

Automated Install:

The script may be launched from the extracted GitHub download like this:

iwr -useb 'https://simeononsecurity.ch/scripts/windowsoptimizeanddebloat.ps1'|iex

Note: This installation version installs all of the configurations. If you seek to customize it, please use the Manual Install

Chocolatey Install:

Assuming you have Chocolatey installed. You may install this script via the following command.

choco install windows-optimize-debloat

Or view the package on the Chocolatey Repo.

Note: The Chocolatey version of this script may lag behind this repo by multiple major versions. We update it sparingly, but stably. Additionally, this version will install all of the configurations. If you seek to customize it, please use the Manual Install

Manual Install:

If manually downloaded, the script must be launched from an administrative powershell in the directory containing all the files from the GitHub Repository

The script "sos-optimize-windows.ps1" includes several parameters that allow for customization of the optimization process. Each parameter is a boolean value that defaults to true if not specified.

• $cleargpos: Clears Group Policy Objects settings.
• $installupdates: Installs updates to the system.
• $removebloatware: Removes unnecessary programs and features from the system.
• $disabletelemetry: Disables data collection and telemetry.
• $privacy: Makes changes to improve privacy.
• $imagecleanup: Cleans up unneeded files from the system.
• $diskcompression: Compresses the system disk.
• $updatemanagement: Changes the way updates are managed and improved on the system.
• $sosbrowsers: Optimizes the system's web browsers.

An example of how to launch the script with specific parameters would be:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Get-ChildItem -Recurse *.ps1 | Unblock-File
powershell.exe -ExecutionPolicy ByPass -File .\sos-optimize-windows.ps1 -cleargpos:$false -installupdates:$false

Learn more about Debloating Windows 10 and Windows 11

Explore the World of Cybersecurity

 

Links:

• github.com/simeononsecurity

• simeononsecurity.ch