diff --git a/21H1-22H2_PB/Configuration/custom.yml b/21H1-22H2_PB/Configuration/custom.yml index 8a2dda0..d4431f1 100644 --- a/21H1-22H2_PB/Configuration/custom.yml +++ b/21H1-22H2_PB/Configuration/custom.yml @@ -4,6 +4,7 @@ description: Custom AME configuration privilege: Admin actions: [] features: +- features\base\regedits.yml - features\base\base.yml - features\base\components.yml - features\base\services.yml diff --git a/21H1-22H2_PB/Configuration/features/base/admin.yml b/21H1-22H2_PB/Configuration/features/base/admin.yml index 3f99d16..a949d08 100644 --- a/21H1-22H2_PB/Configuration/features/base/admin.yml +++ b/21H1-22H2_PB/Configuration/features/base/admin.yml @@ -3,7 +3,7 @@ title: Admin description: Remove user from admin group, enable administrator account privilege: Admin actions: - - !run: + - !RunAction: exeDir: true exe: "ADMIN.bat" weight: 10 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/base.yml b/21H1-22H2_PB/Configuration/features/base/base.yml index eca1da4..024ef43 100644 --- a/21H1-22H2_PB/Configuration/features/base/base.yml +++ b/21H1-22H2_PB/Configuration/features/base/base.yml @@ -3,19 +3,15 @@ title: Base description: Base AME configuration privilege: Admin actions: - - !run: + - !RunAction: exeDir: true exe: "DNET.bat" weight: 60 - - !run: - exeDir: true - exe: "REGI.bat" - weight: 30 - - !run: + - !RunAction: exeDir: true exe: "SFCDEPLOY.bat" weight: 5 - - !run: + - !RunAction: exeDir: true exe: "TILE.bat" weight: 15 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/choco.yml b/21H1-22H2_PB/Configuration/features/base/choco.yml index bbb2f8f..0f88f0b 100644 --- a/21H1-22H2_PB/Configuration/features/base/choco.yml +++ b/21H1-22H2_PB/Configuration/features/base/choco.yml @@ -3,15 +3,15 @@ title: Chocolatey description: Chocolatey configuration privilege: Admin actions: - - !run: + - !RunAction: exeDir: true exe: "CHOC.bat" weight: 250 - - !run: + - !RunAction: exeDir: true exe: "FIREFOXCONF.bat" weight: 20 - - !run: + - !RunAction: exeDir: true exe: "FILEASSOC.bat" weight: 50 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/components.yml b/21H1-22H2_PB/Configuration/features/base/components.yml index 5cea629..879d9da 100644 --- a/21H1-22H2_PB/Configuration/features/base/components.yml +++ b/21H1-22H2_PB/Configuration/features/base/components.yml @@ -2,58 +2,58 @@ title: Components description: Remove certain windows components privilege: TrustedInstaller actions: - - !taskkill: + - !TaskKillAction: name: "MicrosoftEdgeUpdate" - - !taskkill: + - !TaskKillAction: name: "msedge" - - !taskkill: + - !TaskKillAction: name: "MicrosoftEdge*" - - !taskkill: + - !TaskKillAction: name: "setup" pathContains: "\\Edge" - - !taskkill: + - !TaskKillAction: name: "msedgewebview2" - - !service: + - !ServiceAction: name: "edgeupdate" operation: delete - - !service: + - !ServiceAction: name: "edgeupdatem" operation: delete - - !service: + - !ServiceAction: name: "MicrosoftEdgeElevationService" operation: delete - - !run: + - !RunAction: exeDir: true exe: "EDGE.bat" weight: 20 - - !run: + - !RunAction: exeDir: true exe: "EDGEX.bat" weight: 10 - - !taskkill: + - !TaskKillAction: name: "OneDriveStandaloneUpdater" - - !taskkill: + - !TaskKillAction: name: "OneDriveSetup" - - !taskkill: + - !TaskKillAction: name: "OneDrive*" - - !service: + - !ServiceAction: name: "OneSyncSvc*" operation: delete - - !taskkill: + - !TaskKillAction: name: "explorer" - - !run: + - !RunAction: exeDir: true exe: "ONED.bat" weight: 20 - - !run: + - !RunAction: exeDir: true exe: "UPDHEALTH.bat" weight: 20 - - !run: + - !RunAction: exeDir: true exe: "APPX.bat" weight: 120 - - !run: + - !RunAction: exeDir: true exe: "CONVERT.bat" weight: 10 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/files.yml b/21H1-22H2_PB/Configuration/features/base/files.yml index a36bb21..b73b902 100644 --- a/21H1-22H2_PB/Configuration/features/base/files.yml +++ b/21H1-22H2_PB/Configuration/features/base/files.yml @@ -2,769 +2,769 @@ title: Files description: delete files privilege: TrustedInstaller actions: -# - !run: +# - !RunAction: # exeDir: true # exe: "SERV.bat" - - !taskkill: + - !TaskKillAction: name: "explorer" - - !taskkill: + - !TaskKillAction: name: "msedge" - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Application Experience\\Microsoft Compatibility Appraiser" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Application Experience\\StartupAppTask" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Clip\\License Validation" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\HelloFace\\FODCleanupTask" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Maps\\MapsToastTask" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Maps\\MapsUpdateTask" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Scan" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Scan Static Task" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\UpdateOrchestrator\\UpdateModelTask" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\UpdateOrchestrator\\USO_UxBroker" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Cache Maintenance" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Cleanup" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Scheduled Scan" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Verification" operation: delete - - !task: + - !ScheduledTaskAction: path: "\\Microsoft\\Windows\\WindowsUpdate\\Scheduled Start" operation: delete - - !taskkill: + - !TaskKillAction: name: "NisSrv" - - !taskkill: + - !TaskKillAction: name: "SecurityHealthHost" - - !taskkill: + - !TaskKillAction: name: "SecurityHealthService" - - !taskkill: + - !TaskKillAction: name: "SecurityHealthSystray" - - !taskkill: + - !TaskKillAction: name: "SkypeBackgroundHost" - - !taskkill: + - !TaskKillAction: name: "OneDrive" - - !taskkill: + - !TaskKillAction: name: "MsMpEng" - - !taskkill: + - !TaskKillAction: name: "msiexec" - - !file: + - !FileAction: path: "%windir%\\System32\\smartscreen.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthSystray.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthService.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthAgent.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthHost.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthSSO.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\smartscreenps.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\wlidsvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\WpcDesktopMonSvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\flightsettings.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\drivers\\cldflt.sys" - - !file: + - !FileAction: path: "%windir%\\System32\\WebThreatDefSvc" - - !file: + - !FileAction: path: "%windir%\\System32\\webthreatdefsvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\webthreatdefsvc.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\webthreatdefusersvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\webthreatdefusersvc.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\AgentService.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\InstallService.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\cloudidsvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\devicecensus.exe" - - !file: + - !FileAction: path: "%ProgramFiles(x86)%\\Windows Media Player" - - !file: + - !FileAction: path: "%ProgramW6432%\\Windows Media Player" - - !file: + - !FileAction: path: "%ProgramFiles(x86)%\\Windows Mail" - - !file: + - !FileAction: path: "%ProgramW6432%\\Windows Mail" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthSystray.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthService.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthHost.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthAgent.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthCore.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthProxyStub.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\SecurityHealthUdk.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\wscsvc.dll" - - !file: + - !FileAction: path: "%ProgramW6432%\\Windows Defender" weight: 10 - - !file: + - !FileAction: path: "%ProgramData%\\Microsoft\\Windows Defender" weight: 10 - - !file: + - !FileAction: path: "%ProgramFiles(x86)%\\Windows Defender" weight: 10 - - !file: + - !FileAction: path: "%windir%\\System32\\drivers\\WdNisDrv.sys" - - !file: + - !FileAction: path: "%ProgramData%\\Microsoft OneDrive" - - !file: + - !FileAction: path: "%ProgramW6432%\\Microsoft Update Health Tools" - - !file: + - !FileAction: path: "%ProgramFiles(x86)%\\Internet Explorer" - - !file: + - !FileAction: path: "%ProgramW6432%\\Internet Explorer" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\Apps" - - !file: + - !FileAction: path: "%windir%\\SystemApps\\Microsoft.XboxIdentityProvider*" - - !file: + - !FileAction: path: "%windir%\\SystemApps\\Microsoft.XboxGameCallableUI*" - - !file: + - !FileAction: path: "%windir%\\SystemApps\\Microsoft.Windows.Cortana*" - - !file: + - !FileAction: path: "%windir%\\SystemApps\\Microsoft.MicrosoftEdge*" - - !file: + - !FileAction: path: "%windir%\\SystemApps\\*ContentDeliveryManager*" - - !file: + - !FileAction: path: "%windir%\\SystemApps\\*CloudExperienceHost*" - - !file: + - !FileAction: path: "%ProgramW6432%\\PCHealthCheck" - - !file: + - !FileAction: path: "%ProgramW6432%\\Windows Defender Advanced Threat Protection" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection" - - !file: + - !FileAction: path: "%windir%\\System32\\MoNotificationUx.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\MoNotificationUxStub.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\MusNotifyIcon.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\MusNotificationUx.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\MoNotifyIconHandler.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\MusUpdateHandlers.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\MusDialogHandlers.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\MusUxToastHandler.dll" - - !file: + - !FileAction: path: "%windir%\\UUS" - - !service: + - !ServiceAction: name: "bits" operation: stop - - !service: + - !ServiceAction: name: "appidsvc" operation: stop - - !service: + - !ServiceAction: name: "cryptsvc" operation: stop - - !file: + - !FileAction: path: "%windir%\\SoftwareDistribution" - - !file: + - !FileAction: path: "%windir%\\System32\\OOBE" -# - !file: +# - !FileAction: # path: "%windir%\\System32\\SgrmBroker.exe" -# - !file: +# - !FileAction: # path: "%windir%\\System32\\SgrmEnclave.dll" -# - !file: +# - !FileAction: # path: "%windir%\\System32\\SgrmEnclave_secure.dll" -# - !file: +# - !FileAction: # path: "%windir%\\System32\\SgrmLpac.exe" - - !file: + - !FileAction: path: "%ProgramW6432%\\Windows Security" - - !file: + - !FileAction: path: "%windir%\\System32\\wuapi.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\wuapihost.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\wuauclt.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\wuaueng.dll" - - !file: + - !FileAction: path: "%ProgramFiles(x86)%\\Microsoft" weight: 30 - - !file: + - !FileAction: path: "%windir%\\System32\\AppLockerCSP.dll" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\AppLockerCSP.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\drivers\\applockerfltr.sys" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\applockercsp.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.cdxml" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.cdxml" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.format.ps1xml" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.format.ps1xml" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\Provisioning\\provautologger_add.reg" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\Provisioning\\provautologger_del.reg" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Provisioning\\provautologger_add.reg" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Provisioning\\provautologger_del.reg" - - !file: + - !FileAction: path: "%windir%\\System32\\OneDriveSetup.exe" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\OneDriveSetup.exe" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\OneDriveSettingSyncProvider.dll" - - !file: + - !FileAction: path: "%SystemDrive%\\OneDriveTemp" - - !file: + - !FileAction: path: "%windir%\\System32\\IESettingSync.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\gamepanel.exe" - #- !file: + #- !FileAction: # path: "%windir%\\System32\\ClipSVC.dll" - #- !file: + #- !FileAction: # path: "%windir%\\System32\\en-US\\clipsvc.dll.mui" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\ClipSVC\\tokens.dat" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\ClipSVC" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\ClipSVC" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC" - - !file: + - !FileAction: path: "%windir%\\System32\\ClipUp.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\DeliveryOptimizationMIProv.mof" - - !file: + - !FileAction: path: "%windir%\\PolicyDefinitions\\DeliveryOptimization.admx" - - !file: + - !FileAction: path: "%windir%\\System32\\DeliveryOptimizationMIProvUninstall.mof" - - !file: + - !FileAction: path: "%windir%\\PolicyDefinitions\\en-US\\DeliveryOptimization.adml" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\DeliveryOptimization\\DeliveryOptimization.psd1" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\DeliveryOptimization\\DeliveryOptimization.psd1" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\DeliveryOptimization\\DeliveryOptimizationStatus.psm1" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\DeliveryOptimization\\DeliveryOptimizationStatus.psm1" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\DeliveryOptimization\\DeliveryOptimizationVerboseLogs.psm1" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\DeliveryOptimization\\DeliveryOptimizationVerboseLogs.psm1" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\State\\migration.dat" - - !taskkill: + - !TaskKillAction: name: "LogonUI" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\State\\dosvcState.dat" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\State\\migration.dat.LOG1" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\State\\migration.dat.LOG2" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\State\\dosvcState.dat.LOG1" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\State\\dosvcState.dat.LOG2" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\DeliveryOptimization\\Microsoft.Windows.DeliveryOptimization.AdminCommands.dll" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\DeliveryOptimization\\Microsoft.Windows.DeliveryOptimization.AdminCommands.dll" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20201119_074736_959.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210317_230544_126.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210331_194932_086.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210401_010837_018.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210401_011649_049.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210401_014000_025.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210401_021554_184.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210401_023127_689.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210424_231742_182.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\dosvc.20210424_232559_356.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20210317_230400_085.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20210401_011537_705.etl" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization\\Logs\\domgmt.20210424_232442_384.etl" - - !file: + - !FileAction: path: "%windir%\\System32\\DeviceCensus.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\diagtrack.dll" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\utc.allow.diffbase" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\analyticsevents.dat" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\utc.privacy.diffbase" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\Settings\\utc.app.json" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\diagtrack.dll.mui" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\Settings\\utc.tracing.json" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\RunExeActionAllowedList.dat" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\GetFileActionAllowedList.dat" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\GetFileInfoActionAllowedList.dat" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\Scenarios\\windows.uif_ondemand.xml" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\Settings\\windows.uif_ondemand.json" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\RemoteAggregatorTriggerCriteria.dat" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\Scenarios\\windows.diag_ondemand.xml" - - !file: + - !FileAction: path: "%windir%\\System32\\LogFiles\\WMI\\Diagtrack-Listener.etl.004" - - !file: + - !FileAction: path: "%windir%\\DiagTrack\\Settings\\telemetry.ASM-WindowsDefault.json" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - - !file: + - !FileAction: path: "%windir%\\System32\\dmclient.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\DDFs\\DMClient_DDF.xml" - - !file: + - !FileAction: path: "%windir%\\System32\\Tasks\\Microsoft\\Windows\\Feedback\\Siuf\\DmClient" - - !file: + - !FileAction: path: "%windir%\\System32\\Tasks\\Microsoft\\Windows\\Feedback\\Siuf\\DmClientOnScenarioDownload" - - !file: + - !FileAction: path: "%windir%\\System32\\omadmclient.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\dosvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\dosvc.dll.mui" - - !file: + - !FileAction: path: "%windir%\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Windows\\DeliveryOptimization" - - !file: + - !FileAction: path: "%windir%\\PolicyDefinitions\\EnhancedStorage.admx" - - !file: + - !FileAction: path: "%windir%\\PolicyDefinitions\\en-US\\EnhancedStorage.adml" - - !file: + - !FileAction: path: "%windir%\\PolicyDefinitions\\hotspotauth.admx" - - !file: + - !FileAction: path: "%windir%\\PolicyDefinitions\\en-US\\hotspotauth.adml" - - !file: + - !FileAction: path: "%windir%\\schemas\\Provisioning\\hotspotprofile_v1.xsd" - - !file: + - !FileAction: path: "%windir%\\System32\\Windows.Networking.NetworkOperators.HotspotAuthentication.dll" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\Windows.Networking.NetworkOperators.HotspotAuthentication.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\invagent.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\msra.exe" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\msra.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\msrahc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\MsraLegacy.tlb" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\MsraLegacy.tlb" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\msra.exe.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\msrahc.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\SIHClient.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\sihclient.exe.mui" - - !file: + - !FileAction: path: "%windir%\\Prefetch\\SIHCLIENT.EXE-A872A8BF.pf" - - !file: + - !FileAction: path: "%windir%\\System32\\slui.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\slui.exe.mui" - - !file: + - !FileAction: path: "%windir%\\Prefetch\\SLUI.EXE-724E99D9.pf" - - !file: + - !FileAction: path: "%windir%\\System32\\Startupscan.dll" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\Startupscan.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\Startupscan.dll.mui" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\en-US\\Startupscan.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\StorSvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\StorSvc.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\usoapi.dll" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\usoapi.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\UsoClient.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\usocoreps.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\usocoreworker.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\MoUsoCoreWorker.exe" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - - !file: + - !FileAction: path: "%windir%\\Prefetch\\MOUSOCOREWORKER.EXE-681A8FEE.pf" - - !file: + - !FileAction: path: "%windir%\\System32\\usocoreworker.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\MoUsoCoreWorker.exe" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - - !file: + - !FileAction: path: "%windir%\\Prefetch\\MOUSOCOREWORKER.EXE-681A8FEE.pf" - - !file: + - !FileAction: path: "%windir%\\System32\\usosvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\usosvc.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\WaaSMedicPS.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\WaaSMedicSvc.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\WaaSAssessment.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\WaaSMedicAgent.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\WaaSMedicCapsule.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\WaaSMedicSvc.dll.mui" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RC_WaaSMedic.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RS_WaaSMedic.ps1" - - !file: + - !FileAction: path: "%windir%\\WaaS\\tasks\\17499b8d805e9480903b0df0326a3d231841049e.xml" - - !file: + - !FileAction: path: "%windir%\\WaaS\\tasks\\5ffea6126f02e78b9099eb4614d2d339f03ca5a8.xml" - - !file: + - !FileAction: path: "%windir%\\WaaS\\services\\14a3f9e824793931d34f7f786a538bbc9ef1f0d6.xml" - - !file: + - !FileAction: path: "%windir%\\WaaS\\services\\20bbcadaff3e0543ef358ba4dd8b74bfe8e747c8.xml" - - !file: + - !FileAction: path: "%windir%\\WaaS\\services\\2213703c9c64cc61ba900531652e23c84728d2a2.xml" - - !file: + - !FileAction: path: "%windir%\\WaaS\\services\\315818c03ccc2b10070df2d4ebd09eb6c4c66e58.xml" - - !file: + - !FileAction: path: "%windir%\\WaaS\\services\\43ee7b2a373632f9a701249fd96d0edec2ff1279.xml" - - !file: + - !FileAction: path: "%windir%\\WaaS\\services\\ceb497ee0184aaa4681d2fb2ef242a5b8551eea8.xml" - - !file: + - !FileAction: path: "%windir%\\System32\\Tasks\\Microsoft\\Windows\\WaaSMedic\\PerformRemediation" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" - - !file: + - !FileAction: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\\resources.pri" - - !file: + - !FileAction: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\\AppxBlockMap.xml" - - !file: + - !FileAction: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\\AppxManifest.xml" - - !file: + - !FileAction: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\\AppxSignature.p7x" - - !file: + - !FileAction: path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" - - !file: + - !FileAction: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps*" - - !file: + - !FileAction: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe" - - !file: + - !FileAction: path: "%windir%\\WindowsUpdate.log" - - !file: + - !FileAction: path: "%windir%\\PolicyDefinitions\\WindowsUpdate.admx" - - !file: + - !FileAction: path: "%windir%\\System32\\@WindowsUpdateToastIcon.png" - - !file: + - !FileAction: path: "%windir%\\PolicyDefinitions\\en-US\\WindowsUpdate.adml" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsUpdateElevatedInstaller.exe" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\TS_Main.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\index\\WindowsUpdateDiagnostic.xml" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\cl_Service.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\CL_Utility.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RC_appdata.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RS_AppData.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\CL_SetupEnv.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\DiagPackage.dll" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RC_DateTime.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RS_DateTime.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RC_DataStore.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RC_WaaSMedic.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RS_DataStore.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RS_WaaSMedic.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\VF_DataStore.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\rc_genwuerror.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RS_GENWUError.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\VF_GenWUError.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\DiagPackage.diagpkg" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\cl_windowsupdate.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\cl_windowsversion.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RC_Pendingrestart.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RC_Pendingupdates.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RS_Pendingrestart.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\RS_Pendingupdates.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\VF_Pendingupdates.ps1" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\en-US\\DiagPackage.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\Tasks\\Microsoft\\Windows\\WindowsUpdate\\Scheduled Start" - - !file: + - !FileAction: path: "%windir%\\diagnostics\\system\\WindowsUpdate\\en-US\\CL_LocalizationData.psd1" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1" - - !file: + - !FileAction: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdateLog.psm1" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdateLog.psm1" - - !file: + - !FileAction: path: "%SystemDrive%\\Users\\Public\\Desktop\\Microsoft Edge.lnk" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk" - - !file: + - !FileAction: path: "%APPDATA%\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk" - - !file: + - !FileAction: path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\PC Health Check.lnk" - - !file: + - !FileAction: path: "%windir%\\System32\\wsqmcons.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\wsqmcons.exe.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\wuapi.dll" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\wuapi.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\wuauclt.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\wuapihost.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\wuapi.dll.mui" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\en-US\\wuapi.dll.mui" - - !file: + - !FileAction: path: "%windir%\\SystemResources\\wuapi.dll.mun" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\wuaueng.dll.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\storewuauth.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\wusa.exe" - - !file: + - !FileAction: path: "%windir%\\SysWOW64\\wusa.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\en-US\\wusa.exe.mui" - - !file: + - !FileAction: path: "%windir%\\System32\\wups.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\wups2.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\wuaueng.dll" - - !file: + - !FileAction: path: "%windir%\\System32\\MRT.exe" - - !file: + - !FileAction: path: "%windir%\\System32\\calc.exe" \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/login.yml b/21H1-22H2_PB/Configuration/features/base/login.yml index dc402a1..73c4ecd 100644 --- a/21H1-22H2_PB/Configuration/features/base/login.yml +++ b/21H1-22H2_PB/Configuration/features/base/login.yml @@ -3,6 +3,6 @@ title: Login description: Modifies login screen privilege: TrustedInstaller actions: - - !run: + - !RunAction: exeDir: true exe: "LOGIN.bat" \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/permission.yml b/21H1-22H2_PB/Configuration/features/base/permission.yml index 7220192..628770b 100644 --- a/21H1-22H2_PB/Configuration/features/base/permission.yml +++ b/21H1-22H2_PB/Configuration/features/base/permission.yml @@ -3,7 +3,7 @@ title: Permission description: Sets UAC level and user permissions privilege: Admin actions: - - !run: + - !RunAction: exeDir: true exe: "PERM.bat" weight: 10 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/regedits.yml b/21H1-22H2_PB/Configuration/features/base/regedits.yml new file mode 100644 index 0000000..1a6bbe4 --- /dev/null +++ b/21H1-22H2_PB/Configuration/features/base/regedits.yml @@ -0,0 +1,9 @@ +--- +title: Registry Edits +description: Base AME Registry Edits +privilege: Admin +actions: + - !RunAction: + exeDir: true + exe: "REGI.bat" + weight: 30 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/services.yml b/21H1-22H2_PB/Configuration/features/base/services.yml index 32f1477..311d3ed 100644 --- a/21H1-22H2_PB/Configuration/features/base/services.yml +++ b/21H1-22H2_PB/Configuration/features/base/services.yml @@ -2,153 +2,149 @@ title: services description: services privilege: TrustedInstaller actions: - - !registry: + - !RegistryKeyAction: path: "HKLM\\System\\CurrentControlSet\\Services\\WdNisDrv" - operation: delete - - !registry: + - !RegistryKeyAction: path: "HKLM\\System\\CurrentControlSet001\\Services\\WdNisDrv" - operation: delete - - !registry: + - !RegistryKeyAction: path: "HKLM\\System\\CurrentControlSet\\Services\\WdNisSvc" - operation: delete - - !registry: + - !RegistryKeyAction: path: "HKLM\\System\\CurrentControlSet001\\Services\\WdNisSvc" - operation: delete - - !taskkill: + - !TaskKillAction: name: "devicecensus" - - !taskkill: + - !TaskKillAction: name: "UsoClient" - - !taskkill: + - !TaskKillAction: name: "devicecensus" - - !taskkill: + - !TaskKillAction: name: "MoUsoCoreWorker" - - !taskkill: + - !TaskKillAction: name: "wuauclt" - - !service: + - !ServiceAction: name: "UsoSvc" operation: delete - - !service: + - !ServiceAction: name: "WaaSMedicSvc" operation: delete - - !service: + - !ServiceAction: name: "wuauserv" operation: delete - - !service: + - !ServiceAction: name: "WpcMonSvc" operation: delete - - !service: + - !ServiceAction: name: "WMPNetworkSvc" operation: delete - - !service: + - !ServiceAction: name: "StorSvc" operation: delete - - !service: + - !ServiceAction: name: "wisvc" operation: delete - - !service: + - !ServiceAction: name: "CldFlt" operation: delete device: true - - !service: + - !ServiceAction: name: "Sense" operation: delete - - !service: + - !ServiceAction: name: "webthreatdefusersvc*" operation: delete - - !service: + - !ServiceAction: name: "webthreatdefsvc" operation: delete - - !service: + - !ServiceAction: name: "UevAgentService" operation: delete - - !service: + - !ServiceAction: name: "cloudidsvc" operation: delete - - !taskkill: + - !TaskKillAction: name: "SecurityHealthSystray" - - !taskkill: + - !TaskKillAction: name: "SecurityHealthService" - - !service: + - !ServiceAction: name: "SecurityHealthService" operation: delete - - !service: + - !ServiceAction: name: "wscsvc" operation: delete - - !service: + - !ServiceAction: name: "UsoSvc" operation: delete - - !service: + - !ServiceAction: name: "BITS" operation: stop - - !service: + - !ServiceAction: name: "DoSvc" operation: delete - - !service: + - !ServiceAction: name: "iphlpsvc" operation: stop - - !service: + - !ServiceAction: name: "Winmgmt" operation: stop - - !service: + - !ServiceAction: name: "ClipSVC" operation: stop - - !service: + - !ServiceAction: name: "DiagTrack" operation: delete - - !service: + - !ServiceAction: name: "RetailDemo" operation: stop - - !service: + - !ServiceAction: name: "diagnosticshub.standardcollector.service" operation: stop - - !service: + - !ServiceAction: name: "dmwappushservice" operation: stop - - !service: + - !ServiceAction: name: "InstallService" operation: delete - - !service: + - !ServiceAction: name: "LicenseManager" operation: stop - - !service: + - !ServiceAction: name: "lfsvc" operation: stop - - !service: + - !ServiceAction: name: "MapsBroker" operation: stop - - !service: + - !ServiceAction: name: "NetTcpPortSharing" operation: stop - - !service: + - !ServiceAction: name: "RemoteAccess" operation: stop - - !service: + - !ServiceAction: name: "RemoteRegistry" operation: stop - - !service: + - !ServiceAction: name: "SharedAccess" operation: stop - - !service: + - !ServiceAction: name: "StorSvc" operation: delete - - !service: + - !ServiceAction: name: "TrkWks" operation: stop - - !service: + - !ServiceAction: name: "WbioSrvc" operation: stop - - !service: + - !ServiceAction: name: "WMPNetworkSvc" operation: delete - - !service: + - !ServiceAction: name: "XblAuthManager" operation: stop - - !service: + - !ServiceAction: name: "XblGameSave" operation: stop - - !service: + - !ServiceAction: name: "XboxNetApiSvc" operation: stop - - !service: + - !ServiceAction: name: "wlidsvc" operation: delete \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/servicesOld.yml b/21H1-22H2_PB/Configuration/features/base/servicesOld.yml index 6cdda38..15f0bce 100644 --- a/21H1-22H2_PB/Configuration/features/base/servicesOld.yml +++ b/21H1-22H2_PB/Configuration/features/base/servicesOld.yml @@ -2,78 +2,78 @@ title: services description: services privilege: Admin actions: - - !service: + - !ServiceAction: name: "DoSvc" operation: stop - - !service: + - !ServiceAction: name: "iphlpsvc" operation: stop - - !service: + - !ServiceAction: name: "Winmgmt" operation: stop - - !service: + - !ServiceAction: name: "ClipSVC" operation: stop - - !service: + - !ServiceAction: name: "DiagTrack" operation: stop - - !service: + - !ServiceAction: name: "RetailDemo" operation: stop - - !service: + - !ServiceAction: name: "diagnosticshub.standardcollector.service" operation: stop - - !service: + - !ServiceAction: name: "dmwappushservice" operation: stop - - !service: + - !ServiceAction: name: "InstallService" operation: stop - - !service: + - !ServiceAction: name: "LicenseManager" operation: stop - - !service: + - !ServiceAction: name: "lfsvc" operation: stop - - !service: + - !ServiceAction: name: "MapsBroker" operation: stop - - !service: + - !ServiceAction: name: "NetTcpPortSharing" operation: stop - - !service: + - !ServiceAction: name: "RemoteAccess" operation: stop - - !service: + - !ServiceAction: name: "RemoteRegistry" operation: stop - - !service: + - !ServiceAction: name: "SharedAccess" operation: stop - - !service: + - !ServiceAction: name: "StorSvc" operation: stop - - !service: + - !ServiceAction: name: "TrkWks" operation: stop - - !service: + - !ServiceAction: name: "UsoSvc" operation: stop - - !service: + - !ServiceAction: name: "WbioSrvc" operation: stop - - !service: + - !ServiceAction: name: "WMPNetworkSvc" operation: stop - - !service: + - !ServiceAction: name: "XblAuthManager" operation: stop - - !service: + - !ServiceAction: name: "XblGameSave" operation: stop - - !service: + - !ServiceAction: name: "XboxNetApiSvc" operation: stop - - !service: + - !ServiceAction: name: "wlidsvc" operation: stop \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/shortcuts.yml b/21H1-22H2_PB/Configuration/features/base/shortcuts.yml index 4abc0a1..292e44b 100644 --- a/21H1-22H2_PB/Configuration/features/base/shortcuts.yml +++ b/21H1-22H2_PB/Configuration/features/base/shortcuts.yml @@ -3,7 +3,7 @@ title: Shortcuts description: Remove and add shortcuts privilege: Admin actions: - - !run: + - !RunAction: exeDir: true exe: "SHRT.bat" weight: 5 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/silent.yml b/21H1-22H2_PB/Configuration/features/base/silent.yml index 4895441..99fa92f 100644 --- a/21H1-22H2_PB/Configuration/features/base/silent.yml +++ b/21H1-22H2_PB/Configuration/features/base/silent.yml @@ -3,11 +3,11 @@ title: Silent Installers description: Silent Installers for Windows 7 Calculator privilege: Admin actions: - - !run: + - !RunAction: exeDir: true exe: "UI.bat" weight: 70 - - !run: + - !RunAction: exeDir: true exe: "SLNT.bat" weight: 50 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/wallpaper.yml b/21H1-22H2_PB/Configuration/features/base/wallpaper.yml index cf02cb1..9de8a5a 100644 --- a/21H1-22H2_PB/Configuration/features/base/wallpaper.yml +++ b/21H1-22H2_PB/Configuration/features/base/wallpaper.yml @@ -3,7 +3,7 @@ title: Malte Wallpapers description: Installs Malte Wallpapers privilege: Admin actions: - - !run: + - !RunAction: exeDir: true exe: "WALLPAPER.bat" weight: 20 \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/windowsterminal.yml b/21H1-22H2_PB/Configuration/features/base/windowsterminal.yml index 127cf37..81d6ec9 100644 --- a/21H1-22H2_PB/Configuration/features/base/windowsterminal.yml +++ b/21H1-22H2_PB/Configuration/features/base/windowsterminal.yml @@ -3,7 +3,7 @@ title: Windows Terminal description: Installs Windows Terminal privilege: Admin actions: - - !run: + - !RunAction: exeDir: true exe: "WINTERM.bat" weight: 120 \ No newline at end of file