From 19120d4f9761c67d99ed1ce3da6084b83f5a49c9 Mon Sep 17 00:00:00 2001 From: srdusr Date: Sat, 30 Aug 2025 19:22:59 +0200 Subject: Linux-specific dotfiles --- linux/home/.config/powershell/bloatware.ps1 | 335 ++++++++++++++++++++++++++++ 1 file changed, 335 insertions(+) create mode 100644 linux/home/.config/powershell/bloatware.ps1 (limited to 'linux/home/.config/powershell/bloatware.ps1') diff --git a/linux/home/.config/powershell/bloatware.ps1 b/linux/home/.config/powershell/bloatware.ps1 new file mode 100644 index 0000000..2c8dacb --- /dev/null +++ b/linux/home/.config/powershell/bloatware.ps1 @@ -0,0 +1,335 @@ +# bloatware.ps1 + +# Check if the powershell-yaml module is installed, if not, install it +if (-not (Get-Module powershell-yaml -ListAvailable)) { + $policy = Get-PSRepository -Name 'PSGallery' | Select-Object -ExpandProperty InstallationPolicy + Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted + Install-Module powershell-yaml + Set-PSRepository -Name 'PSGallery' -InstallationPolicy $policy +} + +Import-Module powershell-yaml + +# Define the path to the YAML file +$yamlFilePath = "$HOME\packages.yml" + +# Parse the YAML file +$packages = ConvertFrom-Yaml -Path $yamlFilePath +$bloatware = $packages.bloatware +$defaultApps = $packages.defaultApps + +# Check if Registry key exists +function Check-RegistryKeyExists { + param( + [Parameter(Mandatory = $true)] + [string]$KeyPath + ) + + if (Test-Path $KeyPath) { + Write-Host "Registry key exists: $KeyPath" + return $true + } else { + Write-Host "Registry key does not exist: $KeyPath" + return $false + } +} + +# Helper functions ------------------------ +function force-mkdir($path) { + if (!(Test-Path $path)) { + Write-Host "-- Creating full path to: " $path -ForegroundColor White -BackgroundColor DarkGreen + New-Item -ItemType Directory -Force -Path $path + } +} + +function Takeown-Registry($key) { + # TODO does not work for all root keys yet + switch ($key.split('\')[0]) { + "HKEY_CLASSES_ROOT" { + $reg = [Microsoft.Win32.Registry]::ClassesRoot + $key = $key.substring(18) + } + "HKEY_CURRENT_USER" { + $reg = [Microsoft.Win32.Registry]::CurrentUser + $key = $key.substring(18) + } + "HKEY_LOCAL_MACHINE" { + $reg = [Microsoft.Win32.Registry]::LocalMachine + $key = $key.substring(19) + } + } + + # get administrator group + $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") + $admins = $admins.Translate([System.Security.Principal.NTAccount]) + + # set owner + $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership") + $acl = $key.GetAccessControl() + $acl.SetOwner($admins) + $key.SetAccessControl($acl) + + # set FullControl + $acl = $key.GetAccessControl() + $rule = New-Object System.Security.AccessControl.RegistryAccessRule($admins, "FullControl", "Allow") + $acl.SetAccessRule($rule) + $key.SetAccessControl($acl) +} + +# Function to take ownership of registry keys +function Takeown-Registry($keyPath) { + $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($keyPath, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership) + $acl = $regKey.GetAccessControl() + $acl.SetOwner([System.Security.Principal.NTAccount]"Administrators") + $regKey.SetAccessControl($acl) + $regKey.Close() +} + +# Remove Features +function Takeown-File($path) { + takeown.exe /A /F $path + $acl = Get-Acl $path + + # get administrator group + $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") + $admins = $admins.Translate([System.Security.Principal.NTAccount]) + + # add NT Authority\SYSTEM + $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", "None", "None", "Allow") + $acl.AddAccessRule($rule) + + Set-Acl -Path $path -AclObject $acl +} + +function Takeown-Folder($path) { + Takeown-File $path + foreach ($item in Get-ChildItem $path) { + if (Test-Path $item -PathType Container) { + Takeown-Folder $item.FullName + } + else { + Takeown-File $item.FullName + } + } +} + +function Elevate-Privileges { + param($Privilege) + $Definition = @" + using System; + using System.Runtime.InteropServices; + + public class AdjPriv { + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele); + + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); + + [DllImport("advapi32.dll", SetLastError = true)] + internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); + + [StructLayout(LayoutKind.Sequential, Pack = 1)] + internal struct TokPriv1Luid { + public int Count; + public long Luid; + public int Attr; + } + + internal const int SE_PRIVILEGE_ENABLED = 0x00000002; + internal const int TOKEN_QUERY = 0x00000008; + internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; + + public static bool EnablePrivilege(long processHandle, string privilege) { + bool retVal; + TokPriv1Luid tp; + IntPtr hproc = new IntPtr(processHandle); + IntPtr htok = IntPtr.Zero; + retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); + tp.Count = 1; + tp.Luid = 0; + tp.Attr = SE_PRIVILEGE_ENABLED; + retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); + retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); + return retVal; + } + } +"@ + $ProcessHandle = (Get-Process -id $pid).Handle + $type = Add-Type $definition -PassThru + $type[0]::EnablePrivilege($processHandle, $Privilege) +} + +# Remove Features ------------------------ +foreach ($bloat in $bloatware) { + Write-Output "Removing packages containing $bloat" + $pkgs = Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" | Where-Object Name -Like "*$bloat*" + + foreach ($pkg in $pkgs) { + $pkgname = $pkg.Name.Split('\')[-1] + Takeown-Registry $pkg.Name + Takeown-Registry ($pkg.Name + "\Owners") + Set-ItemProperty -Path ("HKLM:" + $pkg.Name.Substring(18)) -Name Visibility -Value 1 + New-ItemProperty -Path ("HKLM:" + $pkg.Name.Substring(18)) -Name DefVis -PropertyType DWord -Value 2 + Remove-Item -Path ("HKLM:" + $pkg.Name.Substring(18) + "\Owners") + dism.exe /Online /Remove-Package /PackageName:$pkgname /NoRestart + } +} + +# Remove default apps and bloat +Write-Output "Uninstalling default apps" +foreach ($app in $defaultApps) { + Write-Output "Trying to remove $app" + Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers + Get-AppXProvisionedPackage -Online | Where-Object DisplayName -EQ $app | Remove-AppxProvisionedPackage -Online +} + +# Disable Microsoft Edge sidebar +$RegistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Edge' +$Name = 'HubsSidebarEnabled' +$Value = '00000000' +# Create the key if it does not exist +If (-NOT (Test-Path $RegistryPath)) { + New-Item -Path $RegistryPath -Force | Out-Null +} +New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType DWORD -Force + +# Disable Microsoft Edge first-run Welcome screen +$RegistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Edge' +$Name = 'HideFirstRunExperience' +$Value = '00000001' +# Create the key if it does not exist +If (-NOT (Test-Path $RegistryPath)) { + New-Item -Path $RegistryPath -Force | Out-Null +} +New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType DWORD -Force + +# Remove Microsoft Edge ------------------------ +$ErrorActionPreference = "Stop" +$regView = [Microsoft.Win32.RegistryView]::Registry32 +$microsoft = [Microsoft.Win32.RegistryKey]::OpenBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $regView). +OpenSubKey('SOFTWARE\Microsoft', $true) +$edgeUWP = "$env:SystemRoot\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe" +$uninstallRegKey = $microsoft.OpenSubKey('Windows\CurrentVersion\Uninstall\Microsoft Edge') +$uninstallString = $uninstallRegKey.GetValue('UninstallString') + ' --force-uninstall' +Write-Host "Removed Microsoft Edge" + +$edgeClient = $microsoft.OpenSubKey('EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}', $true) +if ($null -ne $edgeClient.GetValue('experiment_control_labels')) { + $edgeClient.DeleteValue('experiment_control_labels') +} +$microsoft.CreateSubKey('EdgeUpdateDev').SetValue('AllowUninstall', '') +[void](New-Item $edgeUWP -ItemType Directory -ErrorVariable fail -ErrorAction SilentlyContinue) +[void](New-Item "$edgeUWP\MicrosoftEdge.exe" -ErrorAction Continue) +Start-Process cmd.exe "/c $uninstallString" -WindowStyle Hidden -Wait +[void](Remove-Item "$edgeUWP\MicrosoftEdge.exe" -ErrorAction Continue) + +if (-not $fail) { + [void](Remove-Item "$edgeUWP") +} + +Write-Output "Edge should now be uninstalled!" + +# Kill OneDrive with fire ------------------------ +Write-Output "Kill OneDrive process" +taskkill.exe /F /IM "OneDrive.exe" +taskkill.exe /F /IM "explorer.exe" +Write-Output "Remove OneDrive" +if (Test-Path "$env:systemroot\System32\OneDriveSetup.exe") { + & "$env:systemroot\System32\OneDriveSetup.exe" /uninstall +} +if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") { + & "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall +} + +Write-Output "Removing OneDrive leftovers" +Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive" +Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive" +Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:systemdrive\OneDriveTemp" +# check if directory is empty before removing: +If ((Get-ChildItem "$env:userprofile\OneDrive" -Recurse | Measure-Object).Count -eq 0) { + Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:userprofile\OneDrive" +} + +Write-Output "Disable OneDrive via Group Policies" +force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive" +Set-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive" "DisableFileSyncNGSC" 1 + +Write-Output "Remove Onedrive from explorer sidebar" +New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR" +force-mkdir "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" +Set-ItemProperty "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0 +force-mkdir "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" +Set-ItemProperty "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0 +Remove-PSDrive "HKCR" + +# Thank you Matthew Israelsson +Write-Output "Removing run hook for new users" +reg load "hku\Default" "C:\Users\Default\NTUSER.DAT" +reg delete "HKEY_USERS\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f +reg unload "hku\Default" + +Write-Output "Removing startmenu entry" +Remove-Item -Force -ErrorAction SilentlyContinue "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk" + +Write-Output "Removing scheduled task" +$scheduledTasks = Get-ScheduledTask -TaskPath '\' -TaskName 'OneDrive*' -ErrorAction SilentlyContinue +if ($scheduledTasks) { + try { + $scheduledTasks | Unregister-ScheduledTask -Confirm:$false + Write-Output "OneDrive scheduled tasks removed." + } catch { + Write-Warning "Failed to unregister scheduled tasks: $_" + } +} else { + Write-Output "No OneDrive scheduled tasks found." +} + +Write-Output "Restarting explorer" +Start-Process "explorer.exe" + +Write-Output "Waiting for explorer to complete loading" +Start-Sleep 10 + +Write-Output "Removing additional OneDrive leftovers" +foreach ($item in (Get-ChildItem "$env:WinDir\WinSxS\*onedrive*")) { + Takeown-Folder $item.FullName + try { + Remove-Item -Recurse -Force -ErrorAction Continue -ErrorVariable RemoveError $item.FullName + if ($RemoveError) { + Write-Warning "Failed to remove $($item.FullName): $($RemoveError.Exception.Message)" + } else { + Write-Output "Successfully removed: $($item.FullName)" + } + } catch { + Write-Warning "Failed to remove $($item.FullName): $_" + } +} + +# As a last step, disable UAC ------------------------ +New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force + +# Remove OneDrive directory if it exists +Write-Host "Removing OneDrive directory" + +# Change directory to user's home directory +Set-Location $HOME + +# Check if OneDrive directory exists +$OneDrivePath = Join-Path $HOME "OneDrive" +if (Test-Path -Path $OneDrivePath -PathType Container) { + # Remove OneDrive directory recursively and forcefully + Remove-Item -Path $OneDrivePath -Recurse -Force -ErrorAction Continue + if ($?) { + Write-Output "OneDrive directory removed successfully." + } else { + Write-Warning "Failed to remove OneDrive directory." + } +} else { + Write-Output "OneDrive directory not found." +} + +# Prevents "Suggested Applications" returning +if (Check-RegistryKeyExists -KeyPath "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content") { + Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" "DisableWindowsConsumerFeatures" 1 +} -- cgit v1.2.3