This repository has been archived by the owner on Sep 18, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprivacy.ps1
163 lines (141 loc) · 7.58 KB
/
privacy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
<#
.SYNOPSIS
Disables most telemetry for Windows
.NOTES
Sourced from https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services
#>
$ErrorActionPreference = "Stop"
function Add-RegKey {
param (
[String]$Path,
[String]$Name,
[Microsoft.Win32.RegistryValueKind]$Type,
[System.Object]$Value
)
Write-Verbose -Message "Adding registry key $Path\$Name"
if (-not(Test-Path -Path $Path)) {
Write-Verbose -Message "Creating registry path $Path"
New-Item -Path $Path -Force
}
New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $Type -Force
}
function Disable-Cortana {
Write-Host -Message "Disabling Cortana"
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name AllowCortana -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name AllowSearchToUseLocation -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name DisableWebSearch -Value 1 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name ConnectedSearchUseWeb -Value 0 -Type DWord
}
function Disable-DeviceMetadataRetrieval {
Write-Host -Message "Disabling device metadata retrieval"
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name PreventDeviceMetadataFromNetwork -Value 1 -Type DWord
}
function Disable-FindMyDevice {
Write-Host -Message "Disabling find my device"
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\FindMyDevice" -Name AllowFindMyDevice -Value 0 -Type DWord
}
function Disable-InsiderBuilds {
Write-Host -Message "Disabling Windows Insider builds"
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -Name AllowBuildPreview -Value 0 -Type DWord
}
function Disable-MailSynchronization {
Write-Host -Message "Disabling mail synchronization"
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Mail" -Name ManualLaunchAllowed -Value 0 -Type DWord
}
function Disable-OfflineMaps {
Write-Host -Message "Disabling offline maps"
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Maps" -Name AutoDownloadAndUpdateMapData -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Maps" -Name AllowUntriggeredNetworkTrafficOnSettingsPage -Value 0 -Type DWord
}
function Disable-OneDrive {
Write-Host -Message "Disabling OneDrive"
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name DisableFileSyncNGSC -Value 1 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Microsoft\OneDrive" -Name PreventNetworkTrafficPreUserSignIn -Value 1 -Type DWord
}
function Harden-PrivacySettings {
Write-Host -Message "Hardening privacy settings"
Add-RegKey -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name Enabled -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" -Name DisabledByGroupPolicy -Value 1 -Type DWord
Add-RegKey -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_TrackProgs -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\LocationAndSensors" -Name DisableLocation -Value 1 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" -Name NoCloudApplicationNotification -Value 1 -Type DWord
Add-RegKey -Path "HKCU:\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" -Name HasAccepted -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Speech" -Name AllowSpeechModelUpdate -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\Messaging" -Name AllowMessageSync -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name DoNotShowFeedbackNotifications -Value 1 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\DataCollection" -Name AllowTelemetry -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name DisableWindowsConsumerFeatures -Value 1 -Type DWord
Add-RegKey -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name DisableTailoredExperiencesWithDiagnosticData -Value 1 -Type DWord
Add-RegKey -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name RestrictImplicitTextCollection -Value 1 -Type DWord
Add-RegKey -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name RestrictImplicitInkCollection -Value 1 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name EnableActivityFeed -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name PublishUserActivities -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\System" -Name UploadUserActivities -Value 0 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Name EnableFeeds -Value 0 -Type DWord
$permissions = @(
"LetAppsAccessLocation"
# You might want these
# "LetAppsAccessCamera"
# "LetAppsAccessMicrophone"
# "LetAppsAccessNotifications"
# "LetAppsAccessAccountInfo"
"LetAppsAccessContacts"
"LetAppsAccessCalendar"
"LetAppsAccessCallHistory"
"LetAppsAccessEmail"
"LetAppsAccessMessaging"
"LetAppsAccessPhone"
"LetAppsAccessRadios"
"LetAppsSyncWithDevices"
"LetAppsAccessTrustedDevices"
# Ditto
# "LetAppsRunInBackground"
"LetAppsAccessMotion"
"LetAppsAccessTasks"
"LetAppsGetDiagnosticInfo"
# Ditto
# "LetAppsActivateWithVoice"
# "LetAppsActivateWithVoiceAboveLock"
)
foreach ($permission in $permissions) {
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\AppPrivacy" -Name $permission -Value 2 -Type DWord
}
}
function Disable-SettingsSync {
Write-Host -Message "Disabling settings sync"
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\SettingSync" -Name DisableSettingSync -Value 2 -Type DWord
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows\SettingSync" -Name DisableSettingSyncUserOverride -Value 1 -Type DWord
Add-RegKey -Path "HKCU:\SOFTWARE\Microsoft\Messaging" -Name CloudServiceSyncEnabled -Value 0 -Type DWord
}
function Disable-AutomaticSampleSubmission {
Write-Host -Message "Disabling Windows Defender automatic sample submission"
Add-RegKey -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet" -Name SubmitSamplesConsent -Value 2 -Type DWord
}
function Disable-PersonalizedExperiences {
Write-Host -Message "Disabling Personalized Experiences"
Add-RegKey -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name DisableWindowsSpotlightFeatures -Value 1 -Type DWord
Add-RegKey -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name DisableCloudOptimizedContent -Value 1 -Type DWord
}
function Disable-MicrosoftStore {
Write-Host -Message "Disabling Microsoft Store apps"
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" -Name DisableStoreApps -Value 1 -Type DWord
Add-RegKey -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" -Name AutoDownload -Value 2 -Type DWord
}
function Disable-Copilot {
Write-Host -Message "Disabling Copilot"
Add-RegKey -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" -Name "TurnOffWindowsCopilot" -Value 1 -Type DWord
}
Disable-Cortana
Disable-DeviceMetadataRetrieval
# Disable-FindMyDevice
# Disable-InsiderBuilds
Disable-MailSynchronization
Disable-OfflineMaps
Disable-OneDrive
Harden-PrivacySettings
Disable-SettingsSync
Disable-AutomaticSampleSubmission
Disable-PersonalizedExperiences
# Disable-MicrosoftStore
Disable-Copilot
Write-Host -Message "Done!"