diff --git a/21H1-22H2_PB/Configuration/custom.yml b/21H1-22H2_PB/Configuration/custom.yml index 2dc1dbe..8a2dda0 100644 --- a/21H1-22H2_PB/Configuration/custom.yml +++ b/21H1-22H2_PB/Configuration/custom.yml @@ -4,14 +4,15 @@ description: Custom AME configuration privilege: Admin actions: [] features: -- features/base/base.yml -- features/base/components.yml -- features/base/files.yml -- features/base/login.yml -- features/base/shortcuts.yml -- features/base/silent.yml -- features/base/wallpaper.yml -- features/base/permission.yml -- features/base/admin.yml -- features/base/windowsterminal.yml -- features/base/choco.yml \ No newline at end of file +- features\base\base.yml +- features\base\components.yml +- features\base\services.yml +- features\base\files.yml +- features\base\login.yml +- features\base\shortcuts.yml +- features\base\silent.yml +- features\base\permission.yml +- features\base\admin.yml +- features\base\windowsterminal.yml +- features\base\choco.yml +- features\base\wallpaper.yml \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/components.yml b/21H1-22H2_PB/Configuration/features/base/components.yml index 696c42f..5cea629 100644 --- a/21H1-22H2_PB/Configuration/features/base/components.yml +++ b/21H1-22H2_PB/Configuration/features/base/components.yml @@ -2,6 +2,26 @@ title: Components description: Remove certain windows components privilege: TrustedInstaller actions: + - !taskkill: + name: "MicrosoftEdgeUpdate" + - !taskkill: + name: "msedge" + - !taskkill: + name: "MicrosoftEdge*" + - !taskkill: + name: "setup" + pathContains: "\\Edge" + - !taskkill: + name: "msedgewebview2" + - !service: + name: "edgeupdate" + operation: delete + - !service: + name: "edgeupdatem" + operation: delete + - !service: + name: "MicrosoftEdgeElevationService" + operation: delete - !run: exeDir: true exe: "EDGE.bat" @@ -10,6 +30,17 @@ actions: exeDir: true exe: "EDGEX.bat" weight: 10 + - !taskkill: + name: "OneDriveStandaloneUpdater" + - !taskkill: + name: "OneDriveSetup" + - !taskkill: + name: "OneDrive*" + - !service: + name: "OneSyncSvc*" + operation: delete + - !taskkill: + name: "explorer" - !run: exeDir: true exe: "ONED.bat" diff --git a/21H1-22H2_PB/Configuration/features/base/files.yml b/21H1-22H2_PB/Configuration/features/base/files.yml index 6e1ad4e..a36bb21 100644 --- a/21H1-22H2_PB/Configuration/features/base/files.yml +++ b/21H1-22H2_PB/Configuration/features/base/files.yml @@ -2,77 +2,77 @@ title: Files description: delete files privilege: TrustedInstaller actions: - - !run: - exeDir: true - exe: "SERV.bat" - - !cmd: - command: "taskkill /f /im explorer.exe" - - !cmd: - command: "taskkill /f /im msedge.exe" +# - !run: +# exeDir: true +# exe: "SERV.bat" + - !taskkill: + name: "explorer" + - !taskkill: + name: "msedge" - !task: path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Application Experience\\Microsoft Compatibility Appraiser" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Application Experience\\StartupAppTask" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Clip\\License Validation" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\HelloFace\\FODCleanupTask" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Maps\\MapsToastTask" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Maps\\MapsUpdateTask" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Scan" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Scan Static Task" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\UpdateOrchestrator\\UpdateModelTask" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\UpdateOrchestrator\\USO_UxBroker" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Cache Maintenance" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Cleanup" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Scheduled Scan" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Verification" - state: absent + operation: delete - !task: path: "\\Microsoft\\Windows\\WindowsUpdate\\Scheduled Start" - state: absent + operation: delete - !taskkill: name: "NisSrv" - !taskkill: - name: "MicrosoftEdgeUpdate" + name: "SecurityHealthHost" - !taskkill: name: "SecurityHealthService" - !taskkill: @@ -99,6 +99,32 @@ actions: path: "%windir%\\System32\\SecurityHealthSSO.dll" - !file: path: "%windir%\\System32\\smartscreenps.dll" + - !file: + path: "%windir%\\System32\\wlidsvc.dll" + - !file: + path: "%windir%\\System32\\WpcDesktopMonSvc.dll" + - !file: + path: "%windir%\\System32\\flightsettings.dll" + - !file: + path: "%windir%\\System32\\drivers\\cldflt.sys" + - !file: + path: "%windir%\\System32\\WebThreatDefSvc" + - !file: + path: "%windir%\\System32\\webthreatdefsvc.dll" + - !file: + path: "%windir%\\System32\\en-US\\webthreatdefsvc.dll.mui" + - !file: + path: "%windir%\\System32\\webthreatdefusersvc.dll" + - !file: + path: "%windir%\\System32\\en-US\\webthreatdefusersvc.dll.mui" + - !file: + path: "%windir%\\System32\\AgentService.exe" + - !file: + path: "%windir%\\System32\\InstallService.dll" + - !file: + path: "%windir%\\System32\\cloudidsvc.dll" + - !file: + path: "%windir%\\System32\\devicecensus.exe" - !file: path: "%ProgramFiles(x86)%\\Windows Media Player" - !file: @@ -115,6 +141,12 @@ actions: path: "%windir%\\System32\\SecurityHealthHost.exe" - !file: path: "%windir%\\System32\\SecurityHealthAgent.dll" + - !file: + path: "%windir%\\System32\\SecurityHealthCore.dll" + - !file: + path: "%windir%\\System32\\SecurityHealthProxyStub.dll" + - !file: + path: "%windir%\\System32\\SecurityHealthUdk.dll" - !file: path: "%windir%\\System32\\wscsvc.dll" - !file: @@ -126,6 +158,8 @@ actions: - !file: path: "%ProgramFiles(x86)%\\Windows Defender" weight: 10 + - !file: + path: "%windir%\\System32\\drivers\\WdNisDrv.sys" - !file: path: "%ProgramData%\\Microsoft OneDrive" - !file: @@ -155,9 +189,11 @@ actions: - !file: path: "%ProgramW6432%\\Windows Defender Advanced Threat Protection" - !file: - path: "C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection" - !file: path: "%windir%\\System32\\MoNotificationUx.exe" + - !file: + path: "%windir%\\System32\\MoNotificationUxStub.exe" - !file: path: "%windir%\\System32\\MusNotifyIcon.exe" - !file: @@ -172,8 +208,17 @@ actions: path: "%windir%\\System32\\MusUxToastHandler.dll" - !file: path: "%windir%\\UUS" -# - !file: -# path: "%windir%\\SoftwareDistribution" + - !service: + name: "bits" + operation: stop + - !service: + name: "appidsvc" + operation: stop + - !service: + name: "cryptsvc" + operation: stop + - !file: + path: "%windir%\\SoftwareDistribution" - !file: path: "%windir%\\System32\\OOBE" # - !file: @@ -210,15 +255,15 @@ actions: - !file: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" - !file: - path: "C:\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - !file: - path: "C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" + path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - !file: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.cdxml" - !file: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.cdxml" - !file: - path: "C:\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - !file: path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.format.ps1xml" - !file: @@ -231,26 +276,34 @@ actions: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Provisioning\\provautologger_add.reg" - !file: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Provisioning\\provautologger_del.reg" + - !file: + path: "%windir%\\System32\\OneDriveSetup.exe" - !file: path: "%windir%\\SysWOW64\\OneDriveSetup.exe" - !file: path: "%windir%\\SysWOW64\\OneDriveSettingSyncProvider.dll" + - !file: + path: "%SystemDrive%\\OneDriveTemp" + - !file: + path: "%windir%\\System32\\IESettingSync.exe" + - !file: + path: "%windir%\\System32\\gamepanel.exe" #- !file: # path: "%windir%\\System32\\ClipSVC.dll" #- !file: # path: "%windir%\\System32\\en-US\\clipsvc.dll.mui" - !file: - path: "C:\\ProgramData\\Microsoft\\Windows\\ClipSVC\\tokens.dat" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\ClipSVC\\tokens.dat" - !file: - path: "C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat" + path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat" - !file: - path: "C:\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat" + path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat" - !file: - path: "C:\\ProgramData\\Microsoft\\Windows\\ClipSVC" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\ClipSVC" - !file: - path: "C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC" + path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\ClipSVC" - !file: - path: "C:\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC" + path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC" - !file: path: "%windir%\\System32\\ClipUp.exe" - !file: @@ -352,17 +405,17 @@ actions: - !file: path: "%windir%\\DiagTrack\\Settings\\telemetry.ASM-WindowsDefault.json" - !file: - path: "C:\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" - !file: - path: "C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" + path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" - !file: - path: "C:\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - !file: - path: "C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" + path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl" - !file: path: "%windir%\\System32\\dmclient.exe" - !file: @@ -446,47 +499,47 @@ actions: - !file: path: "%windir%\\System32\\MoUsoCoreWorker.exe" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - !file: path: "%windir%\\Prefetch\\MOUSOCOREWORKER.EXE-681A8FEE.pf" - !file: @@ -494,47 +547,47 @@ actions: - !file: path: "%windir%\\System32\\MoUsoCoreWorker.exe" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - !file: - path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" + path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - !file: - path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" + path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl" - !file: - path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" + path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl" - !file: path: "%windir%\\Prefetch\\MOUSOCOREWORKER.EXE-681A8FEE.pf" - !file: @@ -576,9 +629,9 @@ actions: - !file: path: "%windir%\\System32\\Tasks\\Microsoft\\Windows\\WaaSMedic\\PerformRemediation" - !file: - path: "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" - !file: - path: "C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" + path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" - !file: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\\resources.pri" - !file: @@ -588,7 +641,7 @@ actions: - !file: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\\AppxSignature.p7x" - !file: - path: "C:\\Documents and Settings\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" + path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" - !file: path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps*" - !file: @@ -670,13 +723,13 @@ actions: - !file: path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdateLog.psm1" - !file: - path: "C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk" + path: "%SystemDrive%\\Users\\Public\\Desktop\\Microsoft Edge.lnk" - !file: - path: "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk" - !file: path: "%APPDATA%\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk" - !file: - path: "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\PC Health Check.lnk" + path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\PC Health Check.lnk" - !file: path: "%windir%\\System32\\wsqmcons.exe" - !file: @@ -711,5 +764,7 @@ actions: path: "%windir%\\System32\\wups2.dll" - !file: path: "%windir%\\System32\\wuaueng.dll" + - !file: + path: "%windir%\\System32\\MRT.exe" - !file: path: "%windir%\\System32\\calc.exe" \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/services.yml b/21H1-22H2_PB/Configuration/features/base/services.yml index 0dbc75a..32f1477 100644 --- a/21H1-22H2_PB/Configuration/features/base/services.yml +++ b/21H1-22H2_PB/Configuration/features/base/services.yml @@ -1,79 +1,154 @@ title: services description: services -privilege: Admin +privilege: TrustedInstaller actions: + - !registry: + path: "HKLM\\System\\CurrentControlSet\\Services\\WdNisDrv" + operation: delete + - !registry: + path: "HKLM\\System\\CurrentControlSet001\\Services\\WdNisDrv" + operation: delete + - !registry: + path: "HKLM\\System\\CurrentControlSet\\Services\\WdNisSvc" + operation: delete + - !registry: + path: "HKLM\\System\\CurrentControlSet001\\Services\\WdNisSvc" + operation: delete + - !taskkill: + name: "devicecensus" + - !taskkill: + name: "UsoClient" + - !taskkill: + name: "devicecensus" + - !taskkill: + name: "MoUsoCoreWorker" + - !taskkill: + name: "wuauclt" + - !service: + name: "UsoSvc" + operation: delete + - !service: + name: "WaaSMedicSvc" + operation: delete + - !service: + name: "wuauserv" + operation: delete + - !service: + name: "WpcMonSvc" + operation: delete + - !service: + name: "WMPNetworkSvc" + operation: delete + - !service: + name: "StorSvc" + operation: delete + - !service: + name: "wisvc" + operation: delete + - !service: + name: "CldFlt" + operation: delete + device: true + - !service: + name: "Sense" + operation: delete + - !service: + name: "webthreatdefusersvc*" + operation: delete + - !service: + name: "webthreatdefsvc" + operation: delete + - !service: + name: "UevAgentService" + operation: delete + - !service: + name: "cloudidsvc" + operation: delete + - !taskkill: + name: "SecurityHealthSystray" + - !taskkill: + name: "SecurityHealthService" + - !service: + name: "SecurityHealthService" + operation: delete + - !service: + name: "wscsvc" + operation: delete + - !service: + name: "UsoSvc" + operation: delete + - !service: + name: "BITS" + operation: stop - !service: name: "DoSvc" - state: stop + operation: delete - !service: name: "iphlpsvc" - state: stop + operation: stop - !service: name: "Winmgmt" - state: stop + operation: stop - !service: name: "ClipSVC" - state: stop + operation: stop - !service: name: "DiagTrack" - state: stop + operation: delete - !service: name: "RetailDemo" - state: stop + operation: stop - !service: name: "diagnosticshub.standardcollector.service" - state: stop + operation: stop - !service: name: "dmwappushservice" - state: stop + operation: stop - !service: name: "InstallService" - state: stop + operation: delete - !service: name: "LicenseManager" - state: stop + operation: stop - !service: name: "lfsvc" - state: stop + operation: stop - !service: name: "MapsBroker" - state: stop + operation: stop - !service: name: "NetTcpPortSharing" - state: stop + operation: stop - !service: name: "RemoteAccess" - state: stop + operation: stop - !service: name: "RemoteRegistry" - state: stop + operation: stop - !service: name: "SharedAccess" - state: stop + operation: stop - !service: name: "StorSvc" - state: stop + operation: delete - !service: name: "TrkWks" - state: stop - - !service: - name: "UsoSvc" - state: stop + operation: stop - !service: name: "WbioSrvc" - state: stop + operation: stop - !service: name: "WMPNetworkSvc" - state: stop + operation: delete - !service: name: "XblAuthManager" - state: stop + operation: stop - !service: name: "XblGameSave" - state: stop + operation: stop - !service: name: "XboxNetApiSvc" - state: stop + operation: stop - !service: name: "wlidsvc" - state: stop \ No newline at end of file + operation: delete \ No newline at end of file diff --git a/21H1-22H2_PB/Configuration/features/base/servicesOld.yml b/21H1-22H2_PB/Configuration/features/base/servicesOld.yml new file mode 100644 index 0000000..6cdda38 --- /dev/null +++ b/21H1-22H2_PB/Configuration/features/base/servicesOld.yml @@ -0,0 +1,79 @@ +title: services +description: services +privilege: Admin +actions: + - !service: + name: "DoSvc" + operation: stop + - !service: + name: "iphlpsvc" + operation: stop + - !service: + name: "Winmgmt" + operation: stop + - !service: + name: "ClipSVC" + operation: stop + - !service: + name: "DiagTrack" + operation: stop + - !service: + name: "RetailDemo" + operation: stop + - !service: + name: "diagnosticshub.standardcollector.service" + operation: stop + - !service: + name: "dmwappushservice" + operation: stop + - !service: + name: "InstallService" + operation: stop + - !service: + name: "LicenseManager" + operation: stop + - !service: + name: "lfsvc" + operation: stop + - !service: + name: "MapsBroker" + operation: stop + - !service: + name: "NetTcpPortSharing" + operation: stop + - !service: + name: "RemoteAccess" + operation: stop + - !service: + name: "RemoteRegistry" + operation: stop + - !service: + name: "SharedAccess" + operation: stop + - !service: + name: "StorSvc" + operation: stop + - !service: + name: "TrkWks" + operation: stop + - !service: + name: "UsoSvc" + operation: stop + - !service: + name: "WbioSrvc" + operation: stop + - !service: + name: "WMPNetworkSvc" + operation: stop + - !service: + name: "XblAuthManager" + operation: stop + - !service: + name: "XblGameSave" + operation: stop + - !service: + name: "XboxNetApiSvc" + operation: stop + - !service: + name: "wlidsvc" + operation: stop \ No newline at end of file diff --git a/21H1-22H2_PB/Executables/APPX.bat b/21H1-22H2_PB/Executables/APPX.bat index 287de2c..07cb794 100644 --- a/21H1-22H2_PB/Executables/APPX.bat +++ b/21H1-22H2_PB/Executables/APPX.bat @@ -21,7 +21,7 @@ ame-assassin -Family *Microsoft.WindowsStore* ame-assassin -Family *StorePurchaseApp* ame-assassin -Family *MicrosoftOfficeHub* -ame-assassin -Family *Paint* +::ame-assassin -Family *Paint* ame-assassin -Family *wallet* ame-assassin -Family *OneNote* ame-assassin -Family *Microsoft.People* diff --git a/21H1-22H2_PB/Executables/CHOC.bat b/21H1-22H2_PB/Executables/CHOC.bat index c282035..797e3fc 100644 --- a/21H1-22H2_PB/Executables/CHOC.bat +++ b/21H1-22H2_PB/Executables/CHOC.bat @@ -2,8 +2,8 @@ cd Executables reg query "HKLM\SOFTWARE\Clients\StartMenuInternet" /k /f "Firefox-" > "%TEMP%\Firefox-Reg-Output.txt" -@PowerShell -NoP -ExecutionPolicy Bypass -C "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && set "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin" -@PowerShell -NoP -ExecutionPolicy Bypass -C "choco install -y --force --allow-empty-checksums firefox thunderbird vlc 7zip jpegview vcredist-all directx onlyoffice cascadiamono" +set "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin" +choco install -y --force --allow-empty-checksums firefox thunderbird vlc 7zip jpegview vcredist-all directx onlyoffice cascadiamono :: Load Open-Shell menu PowerShell -NoP -C "(New-Object -ComObject wscript.shell).SendKeys('^{ESCAPE}')" diff --git a/21H1-22H2_PB/Executables/DNET.bat b/21H1-22H2_PB/Executables/DNET.bat index f266beb..a0db52e 100644 --- a/21H1-22H2_PB/Executables/DNET.bat +++ b/21H1-22H2_PB/Executables/DNET.bat @@ -1 +1,2 @@ -dism /online /enable-feature /featurename:NetFX3 /All /Source:Executables /LimitAccess \ No newline at end of file +@PowerShell -NoP -ExecutionPolicy Bypass -C "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && set "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin" +::choco install -y --allow-empty-checksums dotnet3.5 \ No newline at end of file diff --git a/21H1-22H2_PB/Executables/FIREFOXCONF.bat b/21H1-22H2_PB/Executables/FIREFOXCONF.bat index 0ca911e..e3ef7cd 100644 --- a/21H1-22H2_PB/Executables/FIREFOXCONF.bat +++ b/21H1-22H2_PB/Executables/FIREFOXCONF.bat @@ -103,7 +103,9 @@ echo. & echo Injecting profile... :: This could also be set manually in the profiles.ini file mkdir "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%" -robocopy "%~dp0\AME-Firefox-Injection" "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%" /E > NUL +robocopy "%~dp0\AME-Firefox-Injection" "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%" /E /xf "3647222921wleabcEoxlt-eengsairo.sqlite" > NUL +mkdir "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%\storage\default\moz-extension+++41087662-660a-4251-8c0c-38aa4da5b325^userContextId=4294967295\idb" +copy /y "%~dp0\AME-Firefox-Injection\3647222921wleabcEoxlt-eengsairo.sqlite" "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%\storage\default\moz-extension+++41087662-660a-4251-8c0c-38aa4da5b325^userContextId=4294967295\idb" :: Sets profile as the default echo [Install%NewCode%]>> "%~1\Mozilla\Firefox\profiles.ini" diff --git a/21H1-22H2_PB/Executables/REGI.bat b/21H1-22H2_PB/Executables/REGI.bat index 133e614..49e7c22 100644 --- a/21H1-22H2_PB/Executables/REGI.bat +++ b/21H1-22H2_PB/Executables/REGI.bat @@ -1,3 +1,4 @@ +cd Executables @echo OFF for /f "usebackq delims=" %%A in (`dir /b /a:d "%SYSTEMDRIVE%\Users" ^| findstr /V /I /X /c:"Public" /c:"Default User" /c:"All Users"`) do ( @@ -87,7 +88,7 @@ reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreen reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /f :: New Control Panel cleanup - List of commands: https://winaero.com/ms-settings-commands-in-windows-10/ -reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /t REG_SZ /d "showonly:display;nightlight;sound;notifications;quiethours;powersleep;batterysaver;tabletmode;multitasking;clipboard;remote-desktop;about;bluetooth;connecteddevices;printers;mousetouchpad;devices-touchpad;typing;pen;autoplay;usb;network-status;network-cellular;network-wifi;network-wificalling;network-wifisettings;network-ethernet;network-dialup;network-vpn;network-airplanemode;network-mobilehotspot;datausage;network-proxy;personalization-background;personalization-start;fonts;colors;lockscreen;themes;taskbar;defaultapps;videoplayback;startupapps;dateandtime;regionformatting;gaming;gamemode;easeofaccess-display;easeofaccess-colorfilter;easeofaccess-audio;easeofaccess-easeofaccess-narrator;easeofaccess-magnifier;easeofaccess-highcontrast;easeofaccess-closedcaptioning;easeofaccess-speechrecognition;easeofaccess-eyecontrol;easeofaccess-keyboard;easeofaccess-mouse" /f +reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /t REG_SZ /d "showonly:display;nightlight;sound;notifications;quiethours;powersleep;batterysaver;tabletmode;multitasking;clipboard;remote-desktop;about;bluetooth;connecteddevices;printers;mousetouchpad;devices-touchpad;typing;pen;autoplay;usb;network-status;network-cellular;network-wifi;network-wificalling;network-wifisettings;network-ethernet;network-dialup;network-vpn;network-airplanemode;network-mobilehotspot;datausage;network-proxy;personalization-background;personalization-start;fonts;personalization-colors;colors;lockscreen;themes;taskbar;defaultapps;videoplayback;startupapps;dateandtime;regionformatting;gaming;gamemode;easeofaccess-display;easeofaccess-colorfilter;easeofaccess-audio;easeofaccess-easeofaccess-narrator;easeofaccess-magnifier;easeofaccess-highcontrast;easeofaccess-closedcaptioning;easeofaccess-speechrecognition;easeofaccess-eyecontrol;easeofaccess-keyboard;easeofaccess-mouse" /f :: Decrease shutdown time reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v WaitToKillServiceTimeout /t REG_SZ /d 2000 /f @@ -195,6 +196,8 @@ reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v Enab reg delete "HKCR\certificate_wab_auto_file" /f reg delete "HKCR\wab_auto_file" /f NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\contact_wab_auto_file" /f +NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\group_wab_auto_file" /f +NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\vcard_wab_auto_file" /f NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\WAB.AssocProtocol.LDAP" /f NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\TIFImage.Document" /f @@ -202,6 +205,15 @@ NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "H :: Remove Windows Media Player from default apps list NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait CMD /c "for /f "usebackq delims=" %%A in (`reg query "HKCR" /f "WMP11*" ^| findstr /c:"WMP11"`) do reg delete "%%A" /f" +@echo off +for /f "usebackq delims=" %%A in (`reg query "HKCR" /k /f "AppX" ^| findstr /c:"AppX"`) do ( + reg query "%%A" /v "" | findstr /c:"DesktopStickerEditorCentennial" /c:"LogonWebHost" > NUL + if not errorlevel 1 ( + echo reg delete "%%A" /f + reg delete "%%A" /f + ) +) +@echo on :: Make Ti explorer nicer reg add "HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f @@ -210,9 +222,9 @@ reg add "HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advance reg add "HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowTaskViewButton /t REG_DWORD /d 0 /f :: Disable News and Interests -reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests" /v AllowNewsAndInterests /t REG_DWORD /d 0 -reg add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 -reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" /v EnableFeeds /t REG_DWORD /d 0 +reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f +reg add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f +reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" /v EnableFeeds /t REG_DWORD /d 0 /f :: Removes MpOAV.dll link ::NSudoLC -U:T -P:E -M:S -Priority:RealTime -Wait reg delete "HKCR\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32" /f @@ -379,7 +391,7 @@ reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "Searchbox reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d 0 /f reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaConsent" /t REG_DWORD /d 0 /f reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaInAmbientMode" /t REG_DWORD /d 0 /f -reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "HistoryViewEnabled" /t REG_DWORD 0 /f +reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "HistoryViewEnabled" /t REG_DWORD /d 0 /f reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "HasAboveLockTips" /t REG_DWORD /d 0 /f reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d 0 /f reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" /v "SafeSearchMode" /t REG_DWORD /d 0 /f @@ -417,6 +429,9 @@ reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Setting :: Disable "Let's Finish Setting Up Your Device" OOBE screen reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f +:: Disable item checkboxes +reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "AutoCheckSelect" /t REG_DWORD /d 0 /f + @echo OFF if "%~1"=="AME_UserHive_Default" ( echo copy /y "UsrClass.dat" "%SYSTEMDRIVE%\Users\Default\AppData\Local\Microsoft\Windows" diff --git a/21H1-22H2_PB/Executables/SHRT.bat b/21H1-22H2_PB/Executables/SHRT.bat index 047e992..0e1e7f9 100644 --- a/21H1-22H2_PB/Executables/SHRT.bat +++ b/21H1-22H2_PB/Executables/SHRT.bat @@ -18,6 +18,7 @@ for /f "usebackq delims=" %%A in (`dir /b /a:d "%SYSTEMDRIVE%\Users" ^| findstr ) @echo ON +del /q /f "%SYSTEMDRIVE%\Users\Public\Desktop\Microsoft Edge.lnk" del /q /f "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk" for /f "usebackq tokens=2 delims=\" %%A in (`reg query "HKEY_USERS" ^| findstr /c:"S-" /c:"AME_UserHive_"`) do ( diff --git a/21H1-22H2_PB/Executables/SLNT.bat b/21H1-22H2_PB/Executables/SLNT.bat index a3dde7c..9404e41 100644 --- a/21H1-22H2_PB/Executables/SLNT.bat +++ b/21H1-22H2_PB/Executables/SLNT.bat @@ -18,7 +18,7 @@ for /f "usebackq tokens=2 delims=\" %%A in (`reg query "HKEY_USERS" ^| findstr / OpenShellSetup_4_4_170.exe /qn /quiet ADDLOCAL=StartMenu copy /y Fluent-Metro.skin "%PROGRAMFILES%\Open-Shell\Skins" -copy /y Fluent-Metro.skin7 "%PROGRAMFILES%\Open-Shell\Skins" +copy /y Fluent-AME.skin7 "%PROGRAMFILES%\Open-Shell\Skins" @@ -60,10 +60,10 @@ reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "StartScreenShortcut" reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SearchInternet" /t REG_DWORD /d 0 /f reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "GlassOverride" /t REG_DWORD /d 1 /f reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "GlassColor" /t REG_DWORD /d 0 /f -reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinW7" /t REG_SZ /d "Fluent-Metro" /f +reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinW7" /t REG_SZ /d "Fluent-AME" /f reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinVariationW7" /t REG_SZ /f reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "ShiftWin" /t REG_SZ /d "Nothing" /f -reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinOptionsW7" /t REG_MULTI_SZ /d "DARK_MAIN=0\0METRO_MAIN=0\0LIGHT_MAIN=0\0AUTOMODE_MAIN=1\0DARK_SUBMENU=0\0METRO_SUBMENU=\0LIGHT_SUBMENU=0\0AUTOMODE_SUBMENU=1\0SUBMENU_SEPARATORS=1\0DARK_SEARCH=0\0METRO_SEARCH=\0LIGHT_SEARCH=0\0AUTOMODE_SEARCH=1\0SEARCH_FRAME=1\0SEARCH_COLOR=0\0SMALL_SEARCH=0\0MOERN_SEARCH=1\0SEARCH_ITALICS=0\0NONE=0\0SEPARATOR=0\0TWO_TONE=1\0CLASSIC_SELECTOR=1\0HAF_SELECTOR=0\0CURVED_MENUSEL=1\0CURVED_SUBMENU=0\0SELECTOR_REVEAL=1\0TRANSPARENT=0\0OPAQU_SUBMENU=1\0OPAQUE_MENU=0\0OPAQUE=0\0STANDARD=0\0SMALL_MAIN2=1\0SMALL_ICONS=0\0COMPACT_UBMENU=0\0PRESERVE_MAIN2=0\0LESS_PADDING=0\0EXTRA_PADDING=1\024_PADDING=0\0LARGE_PROGRAMS0\0TRANSPARENT_SHUTDOWN=0\0OUTLINE_SHUTDOWN=0\0BUTTON_SHUTDOWN=1\0EXPERIMENTAL_SHUTDOWN=0\LARGE_FONT=0\0CONNECTED_BORDER=0\0FLOATING_BORDER=1\0LARGE_SUBMENU=0\0LARGE_LISTS=0\0THI_MAIN2=0\0EXPERIMENTAL_MAIN2=1\0USER_IMAGE=1\0USER_OUTSIDE=0\0SCALING_USER=1\056=0\064=\0TRANSPARENT_USER=0\0UWP_SCROLLBAR=0\0MODERN_SCROLLBAR=1\0SMALL_ARROWS=0\0ARROW_BACKGROUD=1\0ICON_FRAME=0\0SEARCH_SEPARATOR=0\0NO_PROGRAMS_BUTTON=0" /f +::reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinOptionsW7" /t REG_MULTI_SZ /d "DARK_MAIN=0\0METRO_MAIN=0\0LIGHT_MAIN=0\0AUTOMODE_MAIN=1\0DARK_SUBMENU=0\0METRO_SUBMENU=\0LIGHT_SUBMENU=0\0AUTOMODE_SUBMENU=1\0SUBMENU_SEPARATORS=1\0DARK_SEARCH=0\0METRO_SEARCH=\0LIGHT_SEARCH=0\0AUTOMODE_SEARCH=1\0SEARCH_FRAME=1\0SEARCH_COLOR=0\0SMALL_SEARCH=0\0MOERN_SEARCH=1\0SEARCH_ITALICS=0\0NONE=0\0SEPARATOR=0\0TWO_TONE=1\0CLASSIC_SELECTOR=1\0HAF_SELECTOR=0\0CURVED_MENUSEL=1\0CURVED_SUBMENU=0\0SELECTOR_REVEAL=1\0TRANSPARENT=0\0OPAQU_SUBMENU=1\0OPAQUE_MENU=0\0OPAQUE=0\0STANDARD=0\0SMALL_MAIN2=1\0SMALL_ICONS=0\0COMPACT_UBMENU=0\0PRESERVE_MAIN2=0\0LESS_PADDING=0\0EXTRA_PADDING=1\024_PADDING=0\0LARGE_PROGRAMS0\0TRANSPARENT_SHUTDOWN=0\0OUTLINE_SHUTDOWN=0\0BUTTON_SHUTDOWN=1\0EXPERIMENTAL_SHUTDOWN=0\LARGE_FONT=0\0CONNECTED_BORDER=0\0FLOATING_BORDER=1\0LARGE_SUBMENU=0\0LARGE_LISTS=0\0THI_MAIN2=0\0EXPERIMENTAL_MAIN2=1\0USER_IMAGE=1\0USER_OUTSIDE=0\0SCALING_USER=1\056=0\064=\0TRANSPARENT_USER=0\0UWP_SCROLLBAR=0\0MODERN_SCROLLBAR=1\0SMALL_ARROWS=0\0ARROW_BACKGROUD=1\0ICON_FRAME=0\0SEARCH_SEPARATOR=0\0NO_PROGRAMS_BUTTON=0" /f reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkipMetro" /t REG_DWORD /d 1 /f reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "MenuItems7" /t REG_MULTI_SZ /d "Item1.Command=user_files\0Item1.Settings=NOEXPAND\0Item2.Command=user_documents\0Item2.Settings=NOEXPAND\0Item3.Command=user_pictures\0Item3.Settings=NOEXPAND\0Item4.Command=user_music\0Item4.Settings=NOEXPAND\0Item5.Command=user_videos\0Item5.Settings=NOEXPAND\0Item6.Command=downloads\0Item6.Settings=NOEXPAND\0Item7.Command=homegroup\0Item7.Settings=ITEM_DISABLED\0Item8.Command=separator\0Item9.Command=games\0Item9.Settings=TRACK_RECENT|NOEXPAND|ITEM_DISABLED\0Item10.Command=favorites\0Item10.Settings=ITEM_DISABLED\0Item11.Command=recent_documents\0Item12.Command=computer\0Item12.Settings=NOEXPAND\0Item13.Command=network\0Item13.Settings=ITEM_DISABLED\0Item14.Command=network_connections\0Item14.Settings=ITEM_DISABLED\0Item15.Command=separator\0Item16.Command=control_panel\0Item16.Settings=TRACK_RECENT\0Item17.Command=pc_settings\0Item17.Settings=TRACK_RECENT\0Item18.Command=admin\0Item18.Settings=TRACK_RECENT|ITEM_DISABLED\0Item19.Command=devices\0Item19.Settings=ITEM_DISABLED\0Item20.Command=defaults\0Item20.Settings=ITEM_DISABLED\0Item21.Command=help\0Item21.Settings=ITEM_DISABLED\0Item22.Command=run\0Item23.Command=apps\0Item23.Settings=ITEM_DISABLED\0Item24.Command=windows_security\0Item24.Settings=ITEM_DISABLED\0" /f @@ -71,6 +71,13 @@ reg add "HKU\%~1\SOFTWARE\OpenShell\OpenShell\Settings" /v "Update" /d 0 /t REG_ reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "CheckWinUpdates" /t REG_DWORD /d 0 /f reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "HighlightNew" /t REG_DWORD /d 0 /f +reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "MaxRecentPrograms" /t REG_DWORD /d 5 /f + +reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "EnableGlass" /t REG_DWORD /d 0 /f +reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "MenuShadow" /t REG_DWORD /d 0 /f + +::reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "MainMenuAnimationSpeed" /t REG_DWORD /d 150 /f + reg add "HKU\%~1\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser" /v "ITBar7Layout" /t REG_BINARY /d 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 /f @echo OFF diff --git a/21H1-22H2_PB/Executables/UI.bat b/21H1-22H2_PB/Executables/UI.bat index 8ffb7b4..2006bd3 100644 --- a/21H1-22H2_PB/Executables/UI.bat +++ b/21H1-22H2_PB/Executables/UI.bat @@ -60,7 +60,7 @@ reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "OrbStyle" /t REG_DWORD /D 1 /f reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "FileExplorerCommandUI" /t REG_DWORD /D 2 /f reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "StartUI_EnableRoundedCorners" /t REG_DWORD /D 1 /f -reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\ExplorerExplorerPatcher" /v "StartUI_EnableRoundedCorners" /t REG_DWORD /D 2 /f +reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ExplorerPatcher" /v "StartUI_EnableRoundedCorners" /t REG_DWORD /D 1 /f reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "ClockFlyoutOnWinC" /t REG_DWORD /D 1 /f reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "DisableOfficeHotkeys" /t REG_DWORD /D 1 /f reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "DisableWinFHotkey" /t REG_DWORD /D 1 /f diff --git a/21H1-22H2_PB/Executables/UsrClass.dat b/21H1-22H2_PB/Executables/UsrClass.dat index 01a2aac..ff98b40 100644 Binary files a/21H1-22H2_PB/Executables/UsrClass.dat and b/21H1-22H2_PB/Executables/UsrClass.dat differ diff --git a/21H1-22H2_PB/Executables/WALLPAPER.bat b/21H1-22H2_PB/Executables/WALLPAPER.bat index 57b5d06..efe890b 100644 --- a/21H1-22H2_PB/Executables/WALLPAPER.bat +++ b/21H1-22H2_PB/Executables/WALLPAPER.bat @@ -1,7 +1,7 @@ cd Executables NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait icacls "%WINDIR%\Resources\Themes\aero.theme" /reset /t -PowerShell -NoP -C "(Get-Content '%WINDIR%\Resources\Themes\aero.theme') -replace 'Wallpaper=%%SystemRoot%%.*', 'Wallpaper=%%SystemRoot%%\web\wallpaper\Windows\ame_wallpaper_1440.bmp' | Set-Content '%WINDIR%\Resources\Themes\aero.theme'" +PowerShell -NoP -C "$Content = (Get-Content '%WINDIR%\Resources\Themes\aero.theme'); $Content = $Content -replace 'Wallpaper=%%SystemRoot%%.*', 'Wallpaper=%%SystemRoot%%\web\wallpaper\Windows\ame_wallpaper_1440.bmp'; $Content = $Content -replace 'SystemMode=.*', 'SystemMode=Dark'; $Content -replace 'AppMode=.*', 'AppMode=Light' | Set-Content '%WINDIR%\Resources\Themes\aero.theme'" @echo OFF diff --git a/Shared_PB/Executables/AME-Firefox-Injection/3647222921wleabcEoxlt-eengsairo.sqlite b/Shared_PB/Executables/AME-Firefox-Injection/3647222921wleabcEoxlt-eengsairo.sqlite new file mode 100644 index 0000000..091a158 Binary files /dev/null and b/Shared_PB/Executables/AME-Firefox-Injection/3647222921wleabcEoxlt-eengsairo.sqlite differ diff --git a/Shared_PB/Executables/Fluent-Metro.skin7 b/Shared_PB/Executables/Fluent-AME.skin7 similarity index 83% rename from Shared_PB/Executables/Fluent-Metro.skin7 rename to Shared_PB/Executables/Fluent-AME.skin7 index 201dc38..52222fc 100644 Binary files a/Shared_PB/Executables/Fluent-Metro.skin7 and b/Shared_PB/Executables/Fluent-AME.skin7 differ diff --git a/Shared_PB/Executables/ame-assassin/ame-assassin.exe b/Shared_PB/Executables/ame-assassin/ame-assassin.exe index 8c5412a..ad4a6cc 100644 Binary files a/Shared_PB/Executables/ame-assassin/ame-assassin.exe and b/Shared_PB/Executables/ame-assassin/ame-assassin.exe differ diff --git a/Shared_PB/Executables/microsoft-windows-netfx3-ondemand-package~31bf3856ad364e35~amd64~~.cab b/Shared_PB/Executables/microsoft-windows-netfx3-ondemand-package~31bf3856ad364e35~amd64~~.cab deleted file mode 100644 index 4122431..0000000 Binary files a/Shared_PB/Executables/microsoft-windows-netfx3-ondemand-package~31bf3856ad364e35~amd64~~.cab and /dev/null differ