win-backup's People
Contributors
Stargazers
Watchers
win-backup's Issues
Find registry entries for gpo, explorer & metro-settings
settings metro activate developer options
Set via powershell or regidit?
Show-WindowsDeveloperLicenseRegistration
cleanup apps (AppxPackage, AppPackage, ProvisiondPackage)
Remove-ProvisionedApppackage (& FOR NEW USERS)
Remove-AppxPackage (-All Users?)
Remove-AppPackage -AllUsers
- cortana
- Microsoft.BingWeather
- Microsoft.GetHelp
- Microsoft.Microsoft3DViewer
- Microsoft.XboxApp
- Microsoft.Photos
- Microsoft.WindowsFeedbackHub
- Microsoft.ScreenSketch
- Microsoft.Office.OneNote
- Microsoft.Getstarted
- Microsoft.MicrosoftOfficeHub
- Microsoft.MicrosoftSolitaireCollection
- Microsoft.MicrosoftStickyNotes
internet explorer configuration for -BasicHtmlParsing
powershell does need ie to be configured to use BasicHtmlParsing
ignore user folder and create "eigene dateien"
settings timezone if system is english
warning powershell has errors if we chance date to dot while system language is on english.
powershell hasn't properly implemented localization! So do probably better to not apply date with dot!
time zone:
- list seperator: ;
- date with dot
- apply system wide
backup context menu screenshot (and new file tree)
show image at end of script (manual check)
office configuration
per office app ?
- disable background (circles & icons...)
- backstage disable
- std. save to PC
- std. save place to "Eigene Dateien"
- std. personal templates "Eigene Dateien"
- disable adobe plugin
- disable settings cloud save
adobe configuration
- cleanup bat file
- exclude in defender auto task renew activation?
- disable adobe plugin office
- acrobat
- fit page
- centimeter
- single page
backup environment varaibles filtered
check folder for new progs and configs
- APPDATA
- LOCALAPPDATA
- USERPROFILE
- C:\tools
- C:\term
- C:\vm
- C:\Programs
- C:\Programs x86
settings folder option view
open explorer folder options
- this pc (quick access)
- view: hidden files
- view: show extentions
for each root folder in c:
- first set details view
- right click customize: set type common
for each user folder (after c: still needed?)
check grouping in download folder after c:
XML icon
add custom icon for xml
see .txt and textfile (filetype) as reference
also check registry for specific user entry (don't open xml with np++ as default or else icon will be overwritten)
user icon configuration
chance user icons for
- user folder?
- login icon
settings metro defender antivirus options
- disable cloud delivery
- disable automatic sample submission
- reputaion based protection?
dismiss yellow icon regedit ?
7ZIP replace LNK in start menu after icon change
audio configuration
- dgx default communication (already default?)
- autostart one of the audio programs
SOUND (LAG ?)
cleanup onedrive
ONE_DRIVE
- ProgramData?
- c:\windows onedrivesetup.exe
- autostart (& tskschd?)
hint: check registry for onedrivesetup.exe & tskshd
function force-mkdir($path) {
if (!(Test-Path $path)) {
#Write-Host "-- Creating full path to: " $path -ForegroundColor White -BackgroundColor DarkGreen
New-Item -ItemType Directory -Force -Path $path
}}
function Takeown-Registry($key) {
# TODO does not work for all root keys yet
switch ($key.split('\')[0]) {
"HKEY_CLASSES_ROOT" {
$reg = [Microsoft.Win32.Registry]::ClassesRoot
$key = $key.substring(18)
}
"HKEY_CURRENT_USER" {
$reg = [Microsoft.Win32.Registry]::CurrentUser
$key = $key.substring(18)
}
"HKEY_LOCAL_MACHINE" {
$reg = [Microsoft.Win32.Registry]::LocalMachine
$key = $key.substring(19)
}
}
# get administraor group
$admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
$admins = $admins.Translate([System.Security.Principal.NTAccount])
# set owner
$key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
$acl = $key.GetAccessControl()
$acl.SetOwner($admins)
$key.SetAccessControl($acl)
# set FullControl
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($admins, "FullControl", "Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
}
function Takeown-File($path) {
takeown.exe /A /F $path
$acl = Get-Acl $path
# get administraor group
$admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
$admins = $admins.Translate([System.Security.Principal.NTAccount])
# add NT Authority\SYSTEM
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", "None", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl -Path $path -AclObject $acl
}
function Takeown-Folder($path) {
Takeown-File $path
foreach ($item in Get-ChildItem $path -Recurse) {
if (Test-Path $item -PathType Container) {
Takeown-Folder $item.FullName
} else {
Takeown-File $item.FullName
}
}
}
function Elevate-Privileges {
param($Privilege)
$Definition = @"
using System;
using System.Runtime.InteropServices;
public class AdjPriv {
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
internal struct TokPriv1Luid {
public int Count;
public long Luid;
public int Attr;
}
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public static bool EnablePrivilege(long processHandle, string privilege) {
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = new IntPtr(processHandle);
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_ENABLED;
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
return retVal;
}
}
"@
$ProcessHandle = (Get-Process -id $pid).Handle
$type = Add-Type $definition -PassThru
$type[0]::EnablePrivilege($processHandle, $Privilege)
}
echo "73 OneDrive process and explorer"
taskkill.exe /F /IM "OneDrive.exe"
taskkill.exe /F /IM "explorer.exe"
echo "Remove OneDrive"
if (Test-Path "$env:systemroot\System32\OneDriveSetup.exe") {
& "$env:systemroot\System32\OneDriveSetup.exe" /uninstall
}
if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") {
& "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall
}
echo "Disable OneDrive via Group Policies"
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive"
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive" "DisableFileSyncNGSC" 1
echo "Removing OneDrive leftovers trash"
rm -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive"
rm -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive"
rm -Recurse -Force -ErrorAction SilentlyContinue "C:\OneDriveTemp"
echo "Remove Onedrive from explorer sidebar"
New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR"
mkdir -Force "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
sp "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
mkdir -Force "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
sp "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
Remove-PSDrive "HKCR"
echo "Removing run option for new users"
reg load "hku\Default" "C:\Users\Default\NTUSER.DAT"
reg delete "HKEY_USERS\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f
reg unload "hku\Default"
echo "Removing startmenu junk entry"
rm -Force -ErrorAction SilentlyContinue "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"
echo "Restarting explorer..."
start "explorer.exe"
echo "Wait for EX reload.."
sleep 15
echo "Removing additional OneDrive leftovers"
foreach ($item in (ls "$env:WinDir\WinSxS\*onedrive*")) {
Takeown-Folder $item.FullName
rm -Recurse -Force $item.FullName
}settings disable timeline (win+tab)
settings power options disable fast startup?
has this some speed up improvement for ssd on startup?
hyper-v configuration
- default vm place
- default config place to c:\vm, c:\vm configs
- disable autostart vm
cleanup metro features
clean folders manual before backup export
open folder automatically and clean them manual (show hint gui or console) before backup export
- C:\term
- C:\bin
- C:\tools
- C:\scripts
- C:\code
microsoft edge configuration
- disable startup boost & background in system & performance
- data protection delete on close enable all
- disable cookies & preloading
- Startpage & search & new tab
- do not track
settings mouse speed (middle) & disable acceleration
settings metro options overview
open UWP cli:
- https://learn.microsoft.com/en-us/windows/uwp/launch-resume/launch-settings-app
- https://4sysops.com/wiki/list-of-ms-settings-uri-commands-to-open-specific-settings-in-windows-10/
ignore: devices, phone, network & internet, time & language, ease of access
Permission & History
xbox game bar
sign in option: never (win+l works); ms-settings:signinoptions
focus assist: alarms only
multitasking: alt+tab (open windows only)
Update & Security:
- disable delivery optimization
- Developer Settings
System:
- notifications
Search:
- SafeSearch off
- cloud content search all off
Personalization:
- color
- lock screen disable pic
- start menu
- disable recently
- disable jump lists
- show only settings
- taskbar
- remove search & etc
- replace powershell
- hide badges
- taskbar notification area
- show defender
- disable input indicator
- disable action center
settings explorer set default view
set view to details and go to explorer options. view & apply default settings
use this on every folder type:
documents
images
music
...
cli not possible to start in specific folder type/path
%windir%\system32\rundll32.exe shell32.dll,Options_RunDLL 7
clean startup entries
clean startup entries in:
- msconfig
- autostart & common autostart?
- autoruns?
- schdtsk
backup gpo microsoft/windows defender antivirus
microsoft/windows defender antivirus/exclusions
- Exclusions_Extensions
- Exclusions_Paths
- Exclusions_Processes
maven / gradle / android studio + projects? / intellij projects
find more exclusions over time
command lines configurations
- Design & Font
- powershell & cmd for different *.LNK's
- cmd clink (history + search)
- evtl. posh?
cleanup windows system folders
- c:\windows\servicing\LCU
- c:\windows\SoftwareDistribution
settings network sharing
- set network to private
- sharing center -> disable auto add network devices
- disable media streaming
- network name?
backup program keys
export (import)? keys for programs:
-
office
-
windows (slmgr /dli, nirsoft "produckey.exe")
bios (empty if no bios entry)
wmic path softwarelicensingservice get OA3xOriginalProductKey
(Get-WmiObject -query ’select * from SoftwareLicensingService‘).OA3xOriginalProductKey
clean drive with dism
DISM
- drive properties cleanup
- drive properties as admin
see @knowledge
settings remote desktop
start C:\Windows\System32\sysdm.cpl -ArgumentList ",5"
disable remote assistant
enable + net login
cleanup epic
disable driver installation (gpo & system gui)
environment variables configuration
- JD2_HOME: C:\Users\eno\AppData\Local\JDownloader 2.0
- PIPENV_VENV_IN_PROJECT: 1
- PATH: c:\term;c:\bin;c:\tools;
- PATHEXT: .LNK
Icon for MD Markdown
See Icon XML for more infos
settings pc name & workgroup
jdownloader cli installation
JDownloader2Setup_windows-x64_jre17.exe -varfile response.varfile -q -splash "Installiere JDownloader" -dir %localappdata%\JDownloader
jdownloader.varfile
# install4j response file for JDownloader 2.0
createDesktopLinkAction$Boolean=false
createQuicklaunchIconAction$Boolean=false
executeLauncherAction$Boolean=false
sys.adminRights$Boolean=false
sys.fileAssociation.extensions$StringArray="dlc","jdc","ccf","rsdf","metalink","meta4","nzb"
sys.fileAssociation.launchers$StringArray="5977","5977","5977","5977","5977","5977","5977"
# sys.installationDir=C\:\\Users\\eno\\AppData\\Local\\JDownloader
sys.languageId=en
backup internet explorer settings for -UseBasicParsing
cannot use -UseBasicParsing in powershell without first configuration of internet explorer
backup gpo MaxGPOScriptWaitPolicy for faster startup script execution
MaxGPOScriptWaitPolicy: Maximale Wartezeit für Gruppenrichtlinienskripts angeben
Scripts.adml
nvidea configuration 144hz & switch default audio device
filter policydefinitions by inactive rules to find new possible gpo settings
copy policydefinitions and remove every entrie already in use to get an filtered list and then check for new gpo settings which might be usefull to add into backup *.pol for export in new installtion.
use xml functionality from powershell for easy filtering.
use gpresult.exe /X xmlfile to find active gpo rules
cleanup context menu entries
cleanup context menu entries & new submenu
hint: check shell & shellex nirsoft for cli option (add to win-backup)
backup gpo search index
gpo DefaultIndexedPaths instead of below reg entries ?
DefaultExcludedPaths
add .pol file search index entries for exporting at Export-WBBackup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CurrentPolicies\DefaultIndexedPaths]
"C:\\projects\\"="C:\\projects\\"
"C:\\tools\\"="C:\\tools\\"
"C:\\term\\"="C:\\term\\"
"C:\\bin\\"="C:\\bin\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths]
"C:\\projects\\"="C:\\projects\\"
"C:\\tools\\"="C:\\tools\\"
"C:\\term\\"="C:\\term\\"
"C:\\bin\\"="C:\\bin\\"
EXCLUDES
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CurrentPolicies\DefaultExcludedPaths]
"C:\\tools\\*\\**"="C:\\tools\\*\\**"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths]
"C:\\tools\\*\\**"="C:\\tools\\*\\**"
- try adding *.git as exlude
backup gpo setting HideRecentlyAddedApps in start menu
HideRecentlyAddedApps: Liste "Zuletzt hinzugefügt" aus Startmenü entfernen
notepad++ configuration
- n&np shortcuts for cmd (:ENVS)
- XML plugin toolbar icons
- Markdown plugin (hide sections) ?
backup gpo Pol_EnableInsecureGuestLogons
Guest over network connections.
Has nothing todo with local guest account on login.
LanmanWorkstation.adml
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.