search

undergroundwires / privacy.sexy

Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
https://privacy.sexy
GNU Affero General Public License v3.0
3.99k stars 170 forks source link

Add more scripts #16

Closed undergroundwires closed 4 years ago

undergroundwires commented 4 years ago

Based on comment in #15

ghost commented 4 years ago

Dear Brother i have hundreds of reg files & i am working on privacy script downloaded from your domain to make it All in One Debloat , Privacy & Telemetry Script accroding to my needs for 100 percent debloated private & hardend win10 plus which will work as $OEM$ setupcomplete cmd method too for clean win10 installation in a private environment.

One more request to be taken under review :

:: ---------------------------------------------------------- :: -------------Remove This PC Libraries------------------- :: ---------------------------------------------------------- echo --- Remove Libraries reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{d3162b92-9365-467a-956b-92703aca08af}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{d3162b92-9365-467a-956b-92703aca08af}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{374DE290-123F-4565-9164-39C4925E467B}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{088e3905-0323-4b02-9826-5d99428e115f}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{374DE290-123F-4565-9164-39C4925E467B}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{088e3905-0323-4b02-9826-5d99428e115f}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f :: ----------------------------------------------------------

:: ---------------------------------------------------------- :: ------------ Remove Onedrive & All Traces----------------- :: ---------------------------------------------------------- echo --- Remove OneDrive and All Traces for clean install Taskkill /F /IM OneDrive.exe %SystemRoot%\System32\OneDriveSetup.exe /uninstall %SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall rd "%UserProfile%\OneDrive" /Q /S rd "%LocalAppData%\Microsoft\OneDrive" /Q /S rd "%ProgramData%\Microsoft OneDrive" /Q /S rd "C:\OneDriveTemp" /Q /S reg delete "HKEY_CLASSES_ROOT\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f reg delete "HKEY_CLASSES_ROOT\Wow6432Node\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f :: ----------------------------------------------------------

:: ---------------------------------------------------------- :: --------------------Disable Unwanted Features---------- :: ---------------------------------------------------------- echo --- Disable Features for clean install Dism /online /Disable-Feature /FeatureName:"SMB1Protocol" Dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2Root" Dism /online /disable-feature /featurename:"SmbDirect" Dism /online /disable-feature /featurename:"Printing-XPSServices-Features" Dism /online /disable-feature /featurename:"Printing-Foundation-Features" Dism /online /disable-feature /featurename:"Printing-Foundation-InternetPrinting-Client" Dism /online /disable-feature /featurename:"WorkFolders-Client" Dism /online /disable-feature /featurename:"WCF-TCP-PortSharing45" Dism /online /disable-feature /featurename:"MSRDC-Infrastructure" Dism /online /disable-feature /featurename:"MediaPlayback" :: ----------------------------------------------------------

:: ---------------------------------------------------------- :: --------------------Remove Printers----------------------- :: ---------------------------------------------------------- echo --- Remove Extra Printers and Set Print to PDF as Default printer printui.exe /dl /n "Fax" printui.exe /dl /n "Microsoft XPS Document Writer" wmic printer where name="Microsoft Print to PDF" call setdefaultprinter :: ----------------------------------------------------------

:: ---------------------------------------------------------- :: -------------Disable Reserved Storage-------------------- :: ---------------------------------------------------------- echo --- Disable Reserved Storage DISM /online /Set-ReservedStorageState /State:Disabled reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager" /v "MiscPolicyInfo" /t REG_DWORD /d "2" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager" /v "ShippedWithReserves" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager" /v "PassedPolicy" /t REG_DWORD /d "0" /f :: ----------------------------------------------------------

:: ---------------------------------------------------------- :: --Add Extract All for MSI Package and Install Cab Files-- :: ---------------------------------------------------------- echo --- Add Extract All for MSI Package and Install Cab Files reg add "HKCR\Msi.Package\shell\Extract" /v "MUIVerb" /t REG_SZ /d "@shell32.dll,-31382" /f reg add "HKCR\Msi.Package\shell\Extract" /v "Icon" /t REG_SZ /d "shell32.dll,-16817" /f reg add "HKCR\Msi.Package\shell\Extract\Command" /ve /t REG_SZ /d "msiexec.exe /a "%%1" /qb TARGETDIR="%%1 extracted"" /f reg delete "HKCR\CABFolder\Shell\runas" /f reg add "HKCR\CABFolder\Shell\runas" /ve /t REG_SZ /d "Install Package" /f reg add "HKCR\CABFolder\Shell\runas" /v "MUIVerb" /t REG_SZ /d "@shell32.dll,-10210" /f reg add "HKCR\CABFolder\Shell\runas" /v "HasLUAShield" /t REG_SZ /d "" /f reg add "HKCR\CABFolder\Shell\runas" /v "NeverDefault" /t REG_SZ /d "" /f reg add "HKCR\CABFolder\Shell\runas\Command" /ve /t REG_SZ /d "CMD /K Dism /Online /Add-Package /PackagePath:"%%1" /NoRestart & Pause" /f :: ----------------------------------------------------------

Turn Hibernate off for clean install powercfg -h off

Clear Windows product Key from Registry slmgr /cpky

ghost commented 4 years ago

Remove Default Apps Associations : dism /online /Remove-DefaultAppAssociations

:: ---------------------------------------------------------- :: -------- Add This PC and Control Panel to Desktop -------- :: ---------------------------------------------------------- echo --- Add This PC and Control Panel to Desktop reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" /t REG_DWORD /d "0" /f :: ----------------------------------------------------------

:: ---------------------------------------------------------- :: ------------------Remove Capabilities--------------------- :: ---------------------------------------------------------- echo --- Remove Unwanted Capabilities dism /online /Remove-Capability /CapabilityName:App.StepsRecorder~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:App.Support.QuickAssist~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:Browser.InternetExplorer~~~~0.0.11.0 /NoRestart dism /online /Remove-Capability /CapabilityName:Hello.Face.18967~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:Hello.Face.Migration.18967~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:MathRecognizer~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:Media.WindowsMediaPlayer~~~~0.0.12.0 /NoRestart dism /online /Remove-Capability /CapabilityName:Microsoft.Windows.PowerShell.ISE~~~~0.0.1.0 /Norestart dism /online /Remove-Capability /CapabilityName:OneCoreUAP.OneSync~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:OpenSSH.Client~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:Print.Fax.Scan~~~~0.0.1.0 /NoRestart dism /online /Remove-Capability /CapabilityName:Print.Management.Console~~~~0.0.1.0 /NoRestart :: ----------------------------------------------------------

:: ---------------------------------------------------------- :: --------------Disable Extra Services---------------------- :: ---------------------------------------------------------- echo --- Disable Extra Services sc stop "DusmSvc" & sc config "DusmSvc" start=disabled sc stop "DoSvc" & sc config "DoSvc" start=disabled sc stop "lfsvc" & sc config "lfsvc" start=disabled sc stop "MessagingService" & sc config "MessagingService" start=disabled sc stop "MapsBroker" & sc config "MapsBroker" start=disabled sc stop "NetTcpPortSharing" & sc config "NetTcpPortSharing" start=disabled sc stop "OneSyncSvc" & sc config "OneSyncSvc" start=disabled sc stop "PimIndexMaintenanceSvc" & sc config "PimIndexMaintenanceSvc" start=disabled sc stop "PcaSvc" & sc config "PcaSvc" start=disabled sc stop "RemoteAccess" & sc config "RemoteAccess" start=disabled sc stop "RemoteRegistry" & sc config "RemoteRegistry" start=disabled sc stop "RetailDemo" & sc config "RetailDemo" start=disabled sc stop "RasMan" & sc config "RasMan" start=disabled sc stop "SysMain" & sc config "SysMain" start=disabled sc stop "swrpc" & sc config "swprv" start= demand sc stop "SharedAccess" & sc config "SharedAccess" start=disabled sc stop "TrkWks" & sc config "TrkWks" start=disabled sc stop "UnistoreSvc" & sc config "UnistoreSvc" start=disabled sc stop "UserDataSvc" & sc config "UserDataSvc" start=disabled sc stop "VSS" & sc config "VSS" start= demand sc stop "WbioSrvc" & sc config "WbioSrvc" start=disabled sc stop "WpnService" & sc config "WpnService" start=disabled sc stop "XblAuthManager" & sc config "XblAuthManager" start=disabled sc stop "XblGameSave" & sc config "XblGameSave" start=disabled sc stop "XboxNetApiSvc" & sc config "XboxNetApiSvc" start=disabled net stop DPS & del /F /S /Q /A "%windir%\System32\sru*" & net start DPS :: ----------------------------------------------------------

At the end of script i have added somthing more : :: ---------------------------------------------------------- :: ------- Clear Win Event logs and SR Backup ------------- :: ---------------------------------------------------------- echo --- Clear Win Event logs and SR Backup for /f "tokens=*" %%G in ('wevtutil.exe el') DO (wevtutil.exe cl %1 "%%G") vssadmin delete shadows /all /quiet :: ----------------------------------------------------------

echo. echo Your System is about to Restart Kindly save your Unsaved Work within 30 seconds. shutdown /r /f /t 30 :: End ::

Now its a pure private win10 i am working on . Thanks a lot to Nir Sofer for assisting me to use reg from app & many other Awesome utilities he has developed to make our work more n more simpler then before. After all these tweaks i have installed simplewall external firewall & get go to my 100% private win10 2004 build 19041.264 Virtual Machine Guest OS. Used customized privacy script via $OEM$ Method setupcomplete cmd & it worked flawlessly now . user dont have to do even a single setting after using it as everything will be customized by privacy script.

Thanks a lot lot to you brother Undergroundwires for creating such an awesome project .

undergroundwires commented 4 years ago

I also use simplewall. It's a pretty nice GUI for Windows networking rules.

Calling sc stop before sc config is pretty good idea. So I added that all lines with sc config in # a830173 😎 I'm working on adding rest of the stuff you posted here.

I'm happy that you're happy and it helped someone else too πŸ˜ƒ You've been the biggest contributor here after me so thanks, anyone looking at git history will see your name πŸ‘

I'd also want to make this tool more popular. Do you have any idea to how to achieve that? Recommending to friends is always nice.. Many black-boxed closed-source tools (who knows what they do?) are more popular than this. There's no income so no marketing budget, on the contrary it costs me money to keep it public πŸ˜€ I'd really like to hear your opinions on how to publicize.

undergroundwires commented 4 years ago

With 3edc6a8, I renamed "uninstall apps" category to "remove bloatware" & added:

Awesome recommendations, very cool working with you πŸ‘ŒπŸΏ I will deploy everything when all of them are implemented.

I have a question regarding Add Extract All for MSI Package and Install Cab Files. I don't really understand what it does. Would you mind enplaning the lines for me?

ghost commented 4 years ago

brother Add Extract All for MSI Package and Install Cab Files are added to contxt menu so that when somebody have a msi package & he or she dont want to install it rather want to extract its files to a directory then he or she will chhose that msi package right click in it & extract will apper there when he or she will click on extract the msi package will be extracted to a new directory at same path with same name as it is for that msi package name. second install cab is also a context menu tweak to add install for cab packages to context menu as its not there by default in win10. i will be adding more n more tweaks after my requests got added to your project till date. i still have 35 reg file tweaks left in my tweaks directory for win 10 . all batch files in same tweaks directory are already requested to you to look at & add them to your awesome project project.

Brother i think it will be good to create an executable after we both will finish each & every tweak deployed into your project with on off switches like it is in oo software shutup app which i think will be a good idea & then its your decision to create two executables one will be free for publicity purpose & second will be ultimate version which will be paid but you must decide what will be the difference between both so that you will earn expenses for your project maintainance & upgrades plus domain name & hosting charges too. its just a suggestion from my side as i am just a beginner in front of you.

| Disk2019 |

ghost commented 4 years ago

Based on comment in #15

* Do not let apps accesss my name, picture, and other account info

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps access my calendar

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps use camera

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps access my contacts

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{7D7E8402-7C54-4821-A34E-AEEFD62DED93}" /t REG_SZ /v "Value" /d DENY /f`

* **(already exists)** Do not let apps access my location

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps access text/mms

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}" /t REG_SZ /v "Value" /d DENY /f`

* **(already exists)** Do not let apps use microphone

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps share and sync non-explicitly paired wireless devices over uPnP

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" /t REG_SZ /v "Value" /d DENY /f`

* Do not let apps access radios

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /t REG_SZ /v "Value" /d DENY /f`

* Disable Advertising ID

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /t REG_DWORD /v Enabled /d 0 /f`

* **(already exists)** Set feedback frequency to zero

  * `reg add "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /t REG_DWORD /v NumberOfSIUFInPeriod /d 0 /f`
  * https://www.tenforums.com/tutorials/2441-change-feedback-frequency-windows-10-a.html

* **(already exists)** Disable smartscreen

  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /t REG_DWORD /v EnableWebContentEvaluation /d 0 /f`

* Do not send typing info to microsoft

  * **(already exists)** `reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /t REG_DWORD /v Enabled /d 0 /f`
  * **(already exists)** `reg add "HKCU\SOFTWARE\Microsoft\Personalization\Settings" /t REG_DWORD /v AcceptedPrivacyPolicy /d 0 /f`
  * `reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /t REG_DWORD /v Enabled /d 0 /f`
  * **(already exists)**  `reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization" /t REG_DWORD /v RestrictImplicitTextCollection /d 1 /f`
  * **(already exists)**  `reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization" /t REG_DWORD /v RestrictImplicitInkCollection /d 1 /f`
  * **(already exists)**  `reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /t REG_DWORD /v HarvestContacts /d 0 /f`

* Disable Automatic Installation of Microsoft Edge Chromium

  * ` reg add HKLM\SOFTWARE\Microsoft\EdgeUpdate /v DoNotUpdateToEdgeWithChromium /t REG_DWORD /d 1`
  * https://www.tenforums.com/tutorials/146650-disable-installation-microsoft-edge-windows-update-windows-10-a.html

please update typo mistake : reg add HKLM\SOFTWARE\Microsoft\EdgeUpdate /v DoNotUpdateToEdgeWithChromium /t REG_DWORD /d 1 /f

/f must be there in last to force reg tweak be merged into hive or we can say /f Adds the registry entry without prompting for confirmation

undergroundwires commented 4 years ago

/f mistake Fixed it, thank you for reviewing and finding out! Awesome πŸ•ΊπŸΏ

contributor list You appear here, it's based on git history. When we do pull requests etc. your name appear.

I think it's great that you contribute in a open-source project and the department should be happy to have someone with open-source background. There's much to learn when doing that, I'd even bring it up in interviews/CV. I'd be happy to you give credit.

But I respect your choice. I can go in and rewrite the git history to get rid of your name. You now appear as Disk2019 <66840531+Disk2019@users.noreply.github.com> in git history. I can change it to anything we'd like, I just need a username and e-mail address (does not need to be users.noreply.github.com, it can be anything).

Add Extract All for MSI Package and Install Cab Files

Thanks for the explanation πŸ˜€ Now I know exactly what it does.

create an executable after we both will finish each & every tweak

It's actually possible with electron, so we can do both website export and also create an executable from the website using the same code base. I was also thinking about it for a while, would be fun to look at how to do it, never worked with electron before so it'd take some time. I might look at it in the future just to learn and to have fun, I'm open to any contribution to help.

on/off switches

It'd be great. But there are too many scripts. I cannot do a revert script for all of them due to time constraints.

ultimate version

This is actually a great idea. I don't have much time to drive it though. Commercializing, selling, licensing etc. Much simpler to open-source it and pay little bit to help the community πŸ˜€

undergroundwires commented 4 years ago

net stop DPS & del /F /S /Q /A "%windir%\System32\sru*" & net start DPS

This one forces start of DPS service which might be never running (stopped/disabled by the user). So I added check if it's running, and stopping & starting it only if it was running.

@echo off 
setlocal EnableDelayedExpansion 
    SET /A dps_service_running=0
    SC queryex "DPS"|Find "STATE"|Find /v "RUNNING">Nul||(
        SET /A dps_service_running=1
        net stop DPS
    )

    REM del /F /S /Q /A "%windir%\System32\sru*"

    IF !dps_service_running! == 1 (
        echo "Was running"
        net start DPS
    ) ELSE (
        echo "Was not running"
    )
endlocal
undergroundwires commented 4 years ago

I've gone through everything. There are some golden tweaks & gems, thank you a lot again for collecting everything. I'm also learning a lot from you!

Added

Script Category
Clear Windows Product Key from Registry Privacy cleanup
Turn hibernate off to disable sleep for quick start UI for privacy
Disable Reserved Storage Advanced settings
Disable unsafe SMBv1 protocol Security improvements
Disable PowerShell 2.0 against downgrade attacks Security improvements
Clear Win Event logs Privacy cleanup
Clear volume backups (shadow copies) Privacy cleanup
Windows Push Notification Service Disable OS services
Disable Xbox services Disable OS services
Windows Biometric Service Disable OS services
Clear (Reset) Network Data Usage Privacy Cleanup

Not added

undergroundwires commented 4 years ago

I made a new release. So changes are now up in https://privacy.sexy , you can see all of the changes in same place here. I appreciate your feedback when you have time to look at them 🍻

When I was checking active services I also realized that Microsoft started to pop up services with random strings appended to make it harder to configure them. You can see those by checking all services sc query state = all There are services that look line e.g. : WpnUserService_1cff74.

Behavior is explained here, and a way to disable them is brought up here.

Those strings are random for everyone, so we need to a smarter script that'll first recognize those strings and then go to registry and edit them in each run. I don't think that it'll be clean & easy to achieve this with batch, but I guess we need to solve it otherwise we're not really disabling many of the services...

ghost commented 4 years ago

Brother i know about sc query instaed this cmd will be usefull & will save all services state to dektop in a txt format :

sc query state= all>%UserProfile%\Desktop\Services.txt There must not be space after state . Thanks a lot . I am finished requesting all my suggestions .

Regards, [ Disk2019 ] Associate Member @ Anon Ops India.

undergroundwires commented 4 years ago

Thanks for everything @Disk2019 , I played around making the application desktop app and it's much easier than I thought. I will do it as next big step when I have time. Your help was great, and much appreciated, you're more than welcome if you come up with something, just create a new issue when you feel like it. πŸ™πŸΏπŸ»

ghost commented 4 years ago

Current User Policy Reg Tweak. I have seen that script only apply group policy reg tweaks to local machine but not the current user. so i am uploading my own group policy reg tweaks for current user. CurrentUserPolicy.reg.txt

App used to export reg tweak applied to current user group policy is Policy Plus by Fleex255 https://github.com/Fleex255/PolicyPlus

ghost commented 4 years ago

Plus one more request to kindly start 0.6 0.7 0.8 0.9 after 0.5.0 is plublished & final version1 might be as executable with all tweaks integerated till that date. hope it will have all tweaks in form of a on off switch like is in oo software shutup app ,

undergroundwires commented 4 years ago

Executable

Let's do it with next version already. An offline version would be good for better privacy & also I can kill the website and still have the application installable if I get poor πŸ˜€. I created #20 , I will prioritize it & look at it in my free time. Would take for a while.

Current User Policy Reg Tweak.

Thanks! Can you check the ones that does not already exists in application.yml and create a new issue with batch commands as you did here? Or even better if you can do a pull request directly. Then we can work together on it there.

On/off switch

I can implement this functionality on UI, it would be easy but the hardest part is to find commands for doing the opposite of stuff we are doing now. Here I need help from the community, I cannot do it alone.

mikhoul commented 3 years ago

Found this:

Those strings are random for everyone, so we need to a smarter script that'll first recognize those strings and then go to registry and edit them in each run. I don't think that it'll be clean & easy to achieve this with batch, but I guess we need to solve it otherwise we're not really disabling many of the services...

# These services must be disabled through Registry
    $services = @(
        "CDPSvc"                                    # Used during connecting with Bluetooth devices and Printers, scanners, music players, mobile phones, cameras, etc. + related to the time line + Android ,Xbox Live or any other Bluetooth devices 
        "CDPUserSvc"
        "CDPUserSvc_*"
        "DevicesFlowUserSvc_*"                      #  On 2-in-1 devices, Windows 10 will move easily between keyboard and mouse and touch and tablet as it detects the transition and conveniently switches to the new mode
        "EntAppSvc"                                 # Deployement d'apps en entreprise
        "MessagingService_*"                        # Service supporting text messaging and related functionality With Phone App
        "OneSyncSvc"                                # Sync mail, contacts, calendar, MS account, OneDrive and various other user data. Mail and other applications dependent on this functionality
        "OneSyncSvc_*"                              # Sync mail, contacts, calendar, MS account, OneDrive and various other user data. Mail and other applications dependent on this functionality
        "PimIndexMaintenanceSvc"                    # Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
        "PimIndexMaintenanceSvc_*"                  # Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
        #"PrintWorkflowUserSvc_*"                   # À tester pour voir si ça roule toujours en arrière plan
        "UnistoreSvc"                               # Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly
        "UnistoreSvc_*"                             # Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly
        "UserDataSvc"                               # Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly
        "UserDataSvc_*"                             # Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly
        #"WinHttpAutoProxySvc"                      # Pour accΓ©der Γ  Internet avec un proxy
        "WpnUserService"                            # Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
        "WpnUserService_*"                          # Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
    )

    foreach ($service in $services) {
        $exists = Get-Service -Name $service -ErrorAction SilentlyContinue
        if ($exists) {
            $start = Get-ItemPropertyValue -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$service" -Name Start
            if ($start -ne "4") {
                Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$service" -Name Start -Value 4 -ErrorVariable e -ErrorAction SilentlyContinue
                if (!$e) {
                    Write-Verbose -Message "[+] Service ($service) Disabled"
                } else {
                    Write-Verbose -Message "[ ] Service ($service) Not Disabled"
                }
            } else {
                Write-Verbose -Message "[-] Service ($service) Already Disabled"
            }
        } else {
            Write-Warning -Message "[ ] Service ($service) Does Not Exist"
        }
    }

More Information here: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/fde79396c17f3d2d0c922b14e8fef513d8b60d4f/windows/application-management/per-user-services-in-windows.md

Regards :octocat:

undergroundwires commented 3 years ago

Thanks @mikhoul πŸ€—! I can take a look at this after #53 is merged, I don't want to add anything with PowerShell before it.

From now on let's create issues instead of continuing the discussions here so I can track & manage them separately.