307 lines
11 KiB
PowerShell
Executable File
307 lines
11 KiB
PowerShell
Executable File
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
|
|
# remove bloatware
|
|
$apps = @(
|
|
"Microsoft.549981C3F5F10"
|
|
"Microsoft.3DBuilder"
|
|
"Microsoft.Appconnector"
|
|
"Microsoft.BingFinance"
|
|
"Microsoft.BingNews"
|
|
"Microsoft.BingSports"
|
|
"Microsoft.BingTranslator"
|
|
"Microsoft.BingWeather"
|
|
"Microsoft.FreshPaint"
|
|
"Microsoft.GamingServices"
|
|
"Microsoft.Microsoft3DViewer"
|
|
"Microsoft.MicrosoftOfficeHub"
|
|
"Microsoft.MicrosoftPowerBIForWindows"
|
|
"Microsoft.MicrosoftSolitaireCollection"
|
|
"Microsoft.MicrosoftStickyNotes"
|
|
"Microsoft.MinecraftUWP"
|
|
"Microsoft.NetworkSpeedTest"
|
|
"Microsoft.Office.OneNote"
|
|
"Microsoft.People"
|
|
"Microsoft.Print3D"
|
|
"Microsoft.SkypeApp"
|
|
"Microsoft.Wallet"
|
|
"Microsoft.WindowsAlarms"
|
|
"microsoft.windowscommunicationsapps"
|
|
"Microsoft.WindowsMaps"
|
|
"Microsoft.WindowsPhone"
|
|
"Microsoft.WindowsSoundRecorder"
|
|
"Microsoft.WindowsStore"
|
|
"Microsoft.Xbox.TCUI"
|
|
"Microsoft.XboxApp"
|
|
"Microsoft.XboxGameOverlay"
|
|
"Microsoft.XboxGamingOverlay"
|
|
"Microsoft.XboxSpeechToTextOverlay"
|
|
"Microsoft.YourPhone"
|
|
"Microsoft.ZuneMusic"
|
|
"Microsoft.ZuneVideo"
|
|
"Microsoft.CommsPhone"
|
|
"Microsoft.ConnectivityStore"
|
|
"Microsoft.GetHelp"
|
|
"Microsoft.Getstarted"
|
|
"Microsoft.Messaging"
|
|
"Microsoft.Office.Sway"
|
|
"Microsoft.OneConnect"
|
|
"Microsoft.WindowsFeedbackHub"
|
|
"Microsoft.Microsoft3DViewer"
|
|
"Microsoft.MSPaint"
|
|
"Microsoft.BingFoodAndDrink"
|
|
"Microsoft.BingHealthAndFitness"
|
|
"Microsoft.BingTravel"
|
|
"Microsoft.WindowsReadingList"
|
|
"Microsoft.MixedReality.Portal"
|
|
"Microsoft.ScreenSketch"
|
|
"Microsoft.XboxGamingOverlay"
|
|
"Microsoft.YourPhone"
|
|
"Microsoft.WindowsMaps"
|
|
"Microsoft.MixedReality.Portal"
|
|
"Microsoft.WindowsCamera"
|
|
"Microsoft.MicrosoftSolitaireCollection"
|
|
"Microsoft.MicrosoftStickyNotes"
|
|
"Microsoft.SkypeApp"
|
|
"Microsoft.Office.OneNote"
|
|
"Microsoft.WindowsStore"
|
|
"2FE3CB00.PicsArt-PhotoStudio"
|
|
"46928bounde.EclipseManager"
|
|
"4DF9E0F8.Netflix"
|
|
"613EBCEA.PolarrPhotoEditorAcademicEdition"
|
|
"6Wunderkinder.Wunderlist"
|
|
"7EE7776C.LinkedInforWindows"
|
|
"89006A2E.AutodeskSketchBook"
|
|
"9E2F88E3.Twitter"
|
|
"A278AB0D.DisneyMagicKingdoms"
|
|
"A278AB0D.MarchofEmpires"
|
|
"ActiproSoftwareLLC.562882FEEB491"
|
|
"CAF9E577.Plex"
|
|
"ClearChannelRadioDigital.iHeartRadio"
|
|
"D52A8D61.FarmVille2CountryEscape"
|
|
"D5EA27B7.Duolingo-LearnLanguagesforFree"
|
|
"DB6EA5DB.CyberLinkMediaSuiteEssentials"
|
|
"DolbyLaboratories.DolbyAccess"
|
|
"DolbyLaboratories.DolbyAccess"
|
|
"Drawboard.DrawboardPDF"
|
|
"Facebook.Facebook"
|
|
"Fitbit.FitbitCoach"
|
|
"Flipboard.Flipboard"
|
|
"GAMELOFTSA.Asphalt8Airborne"
|
|
"KeeperSecurityInc.Keeper"
|
|
"NORDCURRENT.COOKINGFEVER"
|
|
"PandoraMediaInc.29680B314EFC2"
|
|
"Playtika.CaesarsSlotsFreeCasino"
|
|
"ShazamEntertainmentLtd.Shazam"
|
|
"SlingTVLLC.SlingTV"
|
|
"SpotifyAB.SpotifyMusic"
|
|
"ThumbmunkeysLtd.PhototasticCollage"
|
|
"TuneIn.TuneInRadio"
|
|
"WinZipComputing.WinZipUniversal"
|
|
"XINGAG.XING"
|
|
"flaregamesGmbH.RoyalRevolt2"
|
|
"king.com.*"
|
|
"king.com.BubbleWitch3Saga"
|
|
"king.com.CandyCrushSaga"
|
|
"king.com.CandyCrushSodaSaga"
|
|
"5319275A.WhatsAppDesktop"
|
|
"Microsoft.Advertising.Xaml"
|
|
"Microsoft.549981C3F5F10"
|
|
"Microsoft.3DBuilder"
|
|
"Microsoft.Appconnector"
|
|
"Microsoft.BingFinance"
|
|
"Microsoft.BingNews"
|
|
"Microsoft.BingSports"
|
|
"Microsoft.BingTranslator"
|
|
"Microsoft.BingWeather"
|
|
"Microsoft.FreshPaint"
|
|
"Microsoft.GamingServices"
|
|
"Microsoft.Microsoft3DViewer"
|
|
"Microsoft.MicrosoftOfficeHub"
|
|
"Microsoft.MicrosoftPowerBIForWindows"
|
|
"Microsoft.MicrosoftSolitaireCollection"
|
|
"Microsoft.MicrosoftStickyNotes"
|
|
"Microsoft.MinecraftUWP"
|
|
"Microsoft.NetworkSpeedTest"
|
|
"Microsoft.Office.OneNote"
|
|
"Microsoft.People"
|
|
"Microsoft.Print3D"
|
|
"Microsoft.SkypeApp"
|
|
"Microsoft.Wallet"
|
|
"Microsoft.WindowsAlarms"
|
|
"microsoft.windowscommunicationsapps"
|
|
"Microsoft.WindowsMaps"
|
|
"Microsoft.WindowsPhone"
|
|
"Microsoft.WindowsSoundRecorder"
|
|
"Microsoft.WindowsStore"
|
|
"Microsoft.Xbox.TCUI"
|
|
"Microsoft.XboxApp"
|
|
"Microsoft.XboxGameOverlay"
|
|
"Microsoft.XboxGamingOverlay"
|
|
"Microsoft.XboxSpeechToTextOverlay"
|
|
"Microsoft.YourPhone"
|
|
"Microsoft.ZuneMusic"
|
|
"Microsoft.ZuneVideo"
|
|
"Microsoft.CommsPhone"
|
|
"Microsoft.ConnectivityStore"
|
|
"Microsoft.GetHelp"
|
|
"Microsoft.Getstarted"
|
|
"Microsoft.Messaging"
|
|
"Microsoft.Office.Sway"
|
|
"Microsoft.OneConnect"
|
|
"Microsoft.WindowsFeedbackHub"
|
|
"Microsoft.Microsoft3DViewer"
|
|
"Microsoft.MSPaint"
|
|
"Microsoft.BingFoodAndDrink"
|
|
"Microsoft.BingHealthAndFitness"
|
|
"Microsoft.BingTravel"
|
|
"Microsoft.WindowsReadingList"
|
|
"Microsoft.MixedReality.Portal"
|
|
"Microsoft.ScreenSketch"
|
|
"Microsoft.XboxGamingOverlay"
|
|
"Microsoft.YourPhone"
|
|
"Microsoft.WindowsMaps"
|
|
"Microsoft.MixedReality.Portal"
|
|
"Microsoft.WindowsCamera"
|
|
"Microsoft.MicrosoftSolitaireCollection"
|
|
"Microsoft.MicrosoftStickyNotes"
|
|
"Microsoft.SkypeApp"
|
|
"Microsoft.Office.OneNote"
|
|
"Microsoft.WindowsStore"
|
|
)
|
|
|
|
foreach ($app in $apps) {
|
|
Write-Output "Trying to remove $app"
|
|
# Get the app version
|
|
$appVersion = (Get-AppxPackage -Name $app).Version
|
|
If ($appVersion){
|
|
# If the apps is found, remove it
|
|
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers
|
|
}
|
|
|
|
# Remove the app from the local Windows Image to prevent re-install on new user accounts
|
|
Get-AppXProvisionedPackage -Online | Where-Object DisplayName -EQ $app | Remove-AppxProvisionedPackage -Online
|
|
# Cleanup Local App Data
|
|
$appPath="$Env:LOCALAPPDATA\Packages\$app*"
|
|
Remove-Item $appPath -Recurse -Force -ErrorAction 0
|
|
}
|
|
|
|
# Installing needed apps
|
|
choco install dotnet -y
|
|
choco install vcredist-all -y
|
|
choco install firefox -y
|
|
choco install 7zip -y
|
|
choco install onlyoffice -y
|
|
choco install googleearthpro -y
|
|
choco install adobereader -y
|
|
choco install sublimetext4 -y
|
|
choco install vlc -y
|
|
choco install audacity -y
|
|
choco install arduino -y
|
|
choco install avogadro -y
|
|
|
|
Set-LocalUser -Name "Eleve" -PasswordNeverExpires $true -UserMayChangePassword $false -Password ([securestring]::new())
|
|
$SecurePassword = ConvertTo-SecureString -String "IPRprof2398" -AsPlainText -Force
|
|
Set-LocalUser -Name "Prof" -PasswordNeverExpires $true -UserMayChangePassword $false -Password $SecurePassword
|
|
$SecurePassword = ConvertTo-SecureString -String "Lprsnm4ehk26-" -AsPlainText -Force
|
|
Set-LocalUser -Name "Admin" -PasswordNeverExpires $true -Password $SecurePassword
|
|
|
|
cd D:\Setup\Labo
|
|
cd E:\Setup\Labo
|
|
cd F:\Setup\Labo
|
|
Copy-Item -Path .\Software\* -Destination "C:\Program Files\" -Recurse
|
|
Copy-Item -Path .\Shortcut\* -Destination "C:\Users\Public\Desktop\" -Recurse
|
|
icacls "C:\Users\Public" /grant:r "Eleve:(OI)(CI)(R)"
|
|
|
|
|
|
# Function to load a user's HKU registry hive
|
|
function UserReg {
|
|
param (
|
|
[string] $Username
|
|
)
|
|
|
|
# Get the list of user profiles on the computer
|
|
$UserProfiles = Get-WmiObject Win32_UserProfile | Where-Object { $_.Special -eq $false }
|
|
|
|
# Search for the user profile based on the username
|
|
$UserProfile = $UserProfiles | Where-Object { $_.LocalPath.EndsWith("\$Username") }
|
|
|
|
# Check if the user profile exists
|
|
if ($UserProfile -ne $null) {
|
|
# Construct the path to the user's NTUSER.DAT file (registry hive)
|
|
$UserSID = $UserProfile.SID
|
|
$HivePath = Join-Path -Path $UserProfile.LocalPath -ChildPath "NTUSER.DAT"
|
|
|
|
# Return the user's SID and HKU registry key
|
|
return $UserSID, "Registry::HKEY_USERS\$UserSID"
|
|
} else {
|
|
Write-Host "User profile for $Username not found."
|
|
return $null, $null
|
|
}
|
|
}
|
|
|
|
$TargetUsername = "Eleve"
|
|
$UserSID, $UserHKUPath = UserReg -Username $TargetUsername
|
|
|
|
if ($UserSID -ne $null -and $UserHKUPath -ne $null) {
|
|
# Restrict access to Settings
|
|
$ControlPanelKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
|
|
$ControlPanelValueName = "NoControlPanel"
|
|
if (Test-Path -Path $ControlPanelKeyPath) {
|
|
$RegistryItem = Get-ItemProperty -Path $ControlPanelKeyPath
|
|
if ($RegistryItem.PSObject.Properties.Name -contains $ControlPanelValueName) {
|
|
Set-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1
|
|
} else {
|
|
New-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 -PropertyType DWord
|
|
}
|
|
} else {
|
|
New-Item -Path $ControlPanelKeyPath -Force
|
|
New-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 -PropertyType DWord
|
|
}
|
|
|
|
# Disable access to regedit
|
|
$REGKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\System"
|
|
$REGValueName = "DisableRegistryTools"
|
|
if (Test-Path -Path $REGKeyPath) {
|
|
$RegistryItem = Get-ItemProperty -Path $REGKeyPath
|
|
if ($RegistryItem.PSObject.Properties.Name -contains $REGValueName) {
|
|
Set-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1
|
|
} else {
|
|
New-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 -PropertyType DWord
|
|
}
|
|
} else {
|
|
New-Item -Path $REGKeyPath -Force
|
|
New-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 -PropertyType DWord
|
|
}
|
|
|
|
# Restrict access to Command Prompt
|
|
$CMDKeyPath = "$UserHKUPath\Software\Policies\Microsoft\Windows\System"
|
|
$CMDValueName = "DisableCMD"
|
|
if (Test-Path -Path $CMDKeyPath) {
|
|
$RegistryItem = Get-ItemProperty -Path $CMDKeyPath
|
|
if ($RegistryItem.PSObject.Properties.Name -contains $CMDValueName) {
|
|
Set-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1
|
|
} else {
|
|
New-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 -PropertyType DWord
|
|
}
|
|
} else {
|
|
New-Item -Path $CMDKeyPath -Force
|
|
New-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 -PropertyType DWord
|
|
}
|
|
|
|
# Add entries to DisallowRun for cmd.exe and powershell.exe
|
|
$DisallowRunKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"
|
|
if (Test-Path -Path $DisallowRunKeyPath) {
|
|
Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1
|
|
New-ItemProperty -Path $DisallowRunKeyPath -Name "1" -Value "cmd.exe" -PropertyType String
|
|
New-ItemProperty -Path $DisallowRunKeyPath -Name "2" -Value "powershell.exe" -PropertyType String
|
|
New-ItemProperty -Path $DisallowRunKeyPath -Name "3" -Value "powershell_ise.exe" -PropertyType String
|
|
} else {
|
|
New-Item -Path $DisallowRunKeyPath -Force
|
|
Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1
|
|
New-ItemProperty -Path $DisallowRunKeyPath -Name "1" -Value "cmd.exe" -PropertyType String
|
|
New-ItemProperty -Path $DisallowRunKeyPath -Name "2" -Value "powershell.exe" -PropertyType String
|
|
New-ItemProperty -Path $DisallowRunKeyPath -Name "3" -Value "powershell_ise.exe" -PropertyType String
|
|
}
|
|
} else {
|
|
Write-Host "Unable to get the user's HKU registry."
|
|
}
|