ivanskodje · March 26, 2024 17:23
diff --git a/choco-install-windows.ps1 b/choco-install-windows.ps1
 # How to Run in PowerShell / WindowsTerminal as Administrator: 
 # Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://gist.githubusercontent.com/ivanskodje/19a5975d4517de159c2531417ee89d23/raw/b00f172bd468b891ec6d5bda9623955137284435/choco-install-windows.ps1'))

 function main {
    InstallChocolatey
    Essentials
    ConfigureWindows
    Development
    DevOps
    Productivity
    RecreationalAndCommunication
    PrivacyFixes
 }

 function InstallChocolatey {
    Write-Host "Checking to see if Chocolatey is already installed..."
    try {
        if(Get-Command choco){
            Write-Host "Chocolatey already installed"
        }
    } Catch {
        Write-Host "Chocolatey not found, installing it now"
        Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
    }
 }

 function Essentials {
    Write-Host "Installing essentials..."

    choco install -y googlechrome
    choco install -y 7zip.install
    choco install -y vlc --params "'/Language:en'"
    choco install -y libreoffice-fresh
    choco install -y greenshot
    choco install -y notepadplusplus.install
    choco install -y keepass
    choco install -y nordvpn 
    choco install -y veracrypt
 }

 function ConfigureWindows {
    Write-Host "Configuring Windows..."

    choco install -y taskbar-winconfig --params "'/USEPOWERSHELL:yes /LOCATION:left /SIZE:small /COMBINED:yes /AUTOTRAY:no /LOCKED:no /CORTANA:no /PEOPLE:no /STORE:no /TASKVIEW:no /KEYBOARD:no /INK:no'"
    choco uninstall -y taskbar-winconfig

    choco install -y desktopicons-winconfig --params "'/Desktop:yes /RecycleBin:yes /OneDrive:no /Computer:no /UserFiles:no /Network:no /ControlPanel:no'"
    choco uninstall -y desktopicons-winconfig

    choco install -y explorer-winconfig --params "'/SHOWEXTENSIONS:yes /SHOWFULLPATH:yes /SHOWHIDDEN:yes /SHOWENCRYPTED:yes /SHOWCHECKBOXES:no /USESHARINGWIZARD:no /USEVIEW:details /SHOWDETAILSPANE:no'"
    choco uninstall -y explorer-winconfig

    choco install -y homepages-winconfig --params "'/ALL:YES /URL:duckduckgo.com'"
    choco uninstall homepages-winconfig

    # To list features you want to enable: 'Dism /online /Get-Features'
    choco install Microsoft-Hyper-V -y -source windowsfeatures
    choco install Microsoft-Windows-Subsystem-Linux -y -source windowsfeatures
    choco install VirtualMachinePlatform -y -source windowsfeatures
    choco install Containers -y -source windowsfeatures
 }

 function Development {
    Write-Host "Installing development tools..."

    choco install -y git
    choco install -y maven
    choco install -y nodejs.install
    choco install -y jetbrainstoolbox
    choco install -y vscode.install
    choco install -y openjdk
    choco install -y docker-desktop
    choco install -y postman
    choco install -y golang
    
    
    Write-Host "************ ZLIB FIX: Download MINGW bin from https://github.com/go-vgo/Mingw, dont use the other crap installers!"
    # choco install -y mingw

    ## npm Does not work, since the terminal needs to be reopened :(
    # npm install -g yo
    # npm install -g npx
    # npm install -g yarn
 }

 function DevOps {
    Write-Host "Installing DevOps tools..."

    choco install -y microsoft-windows-terminal
    choco install -y sysinternals
    choco install -y ilspy
    choco install -y windirstat
    # Disabled: Requires manual interaction
    # choco install -y nmap
    choco install -y curl
    choco install -y filezilla
 }

 function Productivity {
    Write-Host "Installing productivity tools..."

    choco install -y notion
    choco install -y powertoys
 }

 function RecreationalAndCommunication {
    Write-Host "Installing recreational and communication tools..."

    choco install -y steam
    choco install -y slack
    choco install -y discord
    choco install -y krita
    choco install -y audacity
    choco install -y audacity-ffmpeg --version=2.2.2.20181007
    choco install -y audacity-lame
    choco install -y spotify 
    choco install -y obs-studio
    Write-Host "Download these OBS Studio Plugins:" 
    Write-Host "- Advanced scene switcher: https://obsproject.com/forum/resources/advanced-scene-switcher.395" 
    Write-Host "- Virtualcam: https://obsproject.com/forum/resources/obs-virtualcam.949" 
    Write-Host "- Closed Captioning: https://obsproject.com/forum/resources/closed-captioning-via-google-speech-recognition.833" 
    Write-Host "- StreamFX: https://obsproject.com/forum/resources/streamfx-for-obs%C2%AE-studio.578" 
    Write-Host "- Get FREE VST Plugins here: https://www.tokyodawn.net/tokyo-dawn-labs (Get TDR Nova, TDR VOS SlickEQ, and TDR Kotelnikov)"
    Write-Host "- Get FREE Wider VST Plugin here: https://polyversemusic.com/products/wider"
 }

 function PrivacyFixes {
    # Based on https://gist.github.com/JonnyTech/bc09d1281d6c48c21023e51a2c267e1c
    RemoveBloatware
    DisableScheduledTasks
    DisableStartupServices
    OtherFixes
    BlockDataCollectors
 }

 function RemoveBloatware {
    Write-Host "Privacy Fix: Removing a lot of bloatware..."
    (get-process OneDrive -ErrorAction SilentlyContinue)|%{
 		$_.Kill()|out-null
    }


    if(Test-Path ($ENV:SYSTEMROOT+"\SysWOW64\OneDriveSetup.exe")) {
 	    Write-Host "Uninstalling Onedrive (64bit)..."
 	     & ($ENV:SYSTEMROOT+"\SysWOW64\OneDriveSetup.exe") /uninstall
    }

    if(Test-Path ($ENV:SYSTEMROOT+"\System32\OneDriveSetup.exe")) {
 	    Write-Host "Uninstalling Onedrive (32bit)..."
 	    & ($ENV:SYSTEMROOT+"\System32\OneDriveSetup.exe") /uninstall
    }

    $aRemoveBuiltinApps=@(
    "Microsoft.3DBuilder",
    "Microsoft.Microsoft3DViewer",
    "Microsoft.SkypeApp",
    "Microsoft.Getstarted",
    "Microsoft.GetHelp",
    "Microsoft.MicrosoftOfficeHub",
    "Microsoft.WindowsMaps",
    "Microsoft.MicrosoftSolitaireCollection",
    "Microsoft.BingWeather",
    "Microsoft.WindowsCamera",
    "Microsoft.WindowsSoundRecorder",
    "Microsoft.WindowsPhone",
    "Microsoft.BingSports",
    "Microsoft.BingFinance",
    "Microsoft.BingNews",
    "Microsoft.Bing*",
    "Microsoft.Windows.Photos",
    "Microsoft.People",
    "Microsoft.Office.OneNote",
    "Microsoft.Xbox*",
    "Microsoft.ZuneVideo",
    "Microsoft.ZuneMusic")

    $aRemoveBuiltinApps|%{
        Get-AppxPackage -AllUser $_| Remove-AppxPackage -ErrorAction SilentlyContinue |out-null
    }
 }

 function DisableScheduledTasks {
    Write-Host "Privacy Fix: Disabling Scheduled Tasks..."
    $aDisableScheduleTasks=@("Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask",

    # The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft.
    # The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft.
    "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip",
    "Microsoft\Windows\Customer Experience Improvement Program\Uploader",
    "Microsoft\Windows\Customer Experience Improvement Program\BthSQM",

    # If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.
    "Microsoft\Windows\Customer Experience Improvement Program\Consolidator",
    "Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem",

    # Initializes Family Safety monitoring and enforcement.
    "Microsoft\Windows\Shell\FamilySafetyMonitor",

    # Synchronizes the latest settings with the Microsoft family features service.
    "Microsoft\Windows\Shell\FamilySafetyMonitorToastTask",
    
    # Synchronizes the latest settings with the Microsoft family features service.
    "Microsoft\Windows\Shell\FamilySafetyRefreshTask",
    
    # Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.
    "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser",
    "Microsoft\Windows\Application Experience\AitAgent",
   
    # Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program
    "Microsoft\Windows\Application Experience\ProgramDataUpdater",
    "Microsoft\Windows\Application Experience\Uploader",
    
    # This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program.
    "Microsoft\Windows\Autochk\Proxy",
    
    # The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.
    "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector",
   
    # "Microsoft\Windows\Maintenance\WinSAT",
    "Microsoft\Office\OfficeTelemetryAgentFallBack2016",
    "Microsoft\Office\OfficeTelemetryAgentLogOn2016",
    "Microsoft\Office\Office ClickToRun Service Monitor",
    "Microsoft\Office\OfficeTelemetry\AgentFallBack2016",
    "Microsoft\Office\OfficeTelemetry\OfficeTelemetryAgentLogOn2016",
    "Microsoft\Windows\Media Center\ActivateWindowsSearch",
    "Microsoft\Windows\Media Center\ConfigureInternetTimeService",
    "Microsoft\Windows\Media Center\DispatchRecoveryTasks",
    "Microsoft\Windows\Media Center\ehDRMInit",
    "Microsoft\Windows\Media Center\InstallPlayReady",
    "Microsoft\Windows\Media Center\mcupdate",
    "Microsoft\Windows\Media Center\MediaCenterRecoveryTask",
    "Microsoft\Windows\Media Center\ObjectStoreRecoveryTask",
    "Microsoft\Windows\Media Center\OCURActivate",
    "Microsoft\Windows\Media Center\OCURDiscovery",
    "Microsoft\Windows\Media Center\PBDADiscovery",
    "Microsoft\Windows\Media Center\PBDADiscoveryW1",
    "Microsoft\Windows\Media Center\PBDADiscoveryW2",
    "Microsoft\Windows\Media Center\PvrRecoveryTask",
    "Microsoft\Windows\Media Center\PvrScheduleTask",
    "Microsoft\Windows\Media Center\RegisterSearch",
    "Microsoft\Windows\Media Center\ReindexSearchRoot",
    "Microsoft\Windows\Media Center\SqlLiteRecoveryTask",
    "Microsoft\Windows\Media Center\UpdateRecordPath")
    $aDisableScheduleTasks|%{Disable-ScheduledTask $_  -ErrorAction SilentlyContinue}
 }

 function DisableStartupServices {
    Write-Host "Privacy Fix: Disabling Startup Services..."

    # Connected User Experiences and Telemetry
    Set-Service -Name diagtrack  -StartupType disabled

    # Set-Service -Name dmwappushservice -StartupType disabled
    # Retail Demo Service
    Set-Service -Name RetailDemo -StartupType disabled
    
    # BranchCache
    Set-Service -Name PeerDistSvc -StartupType Disabled
    
    # Problem Reports and Solutions Control Panel Support
    Set-Service -Name wercplsupport -StartupType Disabled
    
    # Telephony
    Set-Service -Name TapiSrv -StartupType Disabled
    
    # Windows Biometric Service
    Set-Service -Name WbioSrvc -StartupType Disabled
    
    # Windows Connect Now - Config Registrar
    Set-Service -Name wcncsvc -StartupType Disabled
    
    # Windows Remote Management (WS-Management)
    Set-Service -Name winrm -StartupType Disabled
    
    # Xbox Live Auth Manager
    Set-Service -Name XblAuthManager -StartupType Disabled
    
    # Xbox Live Game Save
    Set-Service -Name XblGameSave -StartupType Disabled
    
    # Xbox Live Networking Service
    Set-Service -Name XboxNetApiSvc -StartupType Disabled
 }

 function OtherFixes {
    Write-Host "Removing OneDrive from Explorer"
    New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
    Remove-Item "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Force -Confirm:$false -ErrorAction SilentlyContinue|out-null
    Remove-Item "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Force -Confirm:$false  -ErrorAction SilentlyContinue|out-null

 }

 function BlockDataCollectors {
    Write-Host "Blocking hosts known for collecting data"
    
    $aDisableHosts=@(
    "a-0001.a-msedge.net",
    "a-0002.a-msedge.net",
    "a-0003.a-msedge.net",
    "a-0004.a-msedge.net",
    "a-0005.a-msedge.net",
    "a-0006.a-msedge.net",
    "a-0007.a-msedge.net",
    "a-0008.a-msedge.net",
    "a-0009.a-msedge.net",
    "a-msedge.net",
    "a.ads1.msn.com",
    "a.ads2.msads.net",
    "a.ads2.msn.com",
    "a.rad.msn.com",
    "ac3.msn.com",
    "ad.doubleclick.net",
    "adnexus.net",
    "adnxs.com",
    "ads.msn.com",
    "ads1.msads.net",
    "ads1.msn.com",
    "aidps.atdmt.com",
    "aka-cdn-ns.adtech.de",
    "az361816.vo.msecnd.net",
    "az512334.vo.msecnd.net",
    "b.ads1.msn.com",
    "b.ads2.msads.net",
    "b.rad.msn.com",
    "bs.serving-sys.com",
    "c.atdmt.com",
    "c.msn.com",
    "ca.telemetry.microsoft.com",
    "cache.datamart.windows.com",
    "cdn.atdmt.com",
    "cds26.ams9.msecn.net",
    "choice.microsoft.com",
    "choice.microsoft.com.nsatc.net",
    "compatexchange.cloudapp.net",
    "corp.sts.microsoft.com",
    "corpext.msitadfs.glbdns2.microsoft.com",
    "cs1.wpc.v0cdn.net",
    "db3aqu.atdmt.com",
    "df.telemetry.microsoft.com",
    "diagnostics.support.microsoft.com",
    "ec.atdmt.com",
    "fe2.update.microsoft.com.akadns.net",
    "fe3.delivery.dsp.mp.microsoft.com.nsatc.net",
    "feedback.microsoft-hohm.com",
    "feedback.search.microsoft.com",
    "feedback.windows.com",
    "flex.msn.com",
    "g.msn.com",
    "h1.msn.com",
    "i1.services.social.microsoft.com",
    "i1.services.social.microsoft.com.nsatc.net",
    "lb1.www.ms.akadns.net",
    "live.rads.msn.com",
    "m.adnxs.com",
    "msedge.net",
    "msftncsi.com",
    "msnbot-65-55-108-23.search.msn.com",
    "msntest.serving-sys.com",
    "oca.telemetry.microsoft.com",
    "oca.telemetry.microsoft.com.nsatc.net",
    "pre.footprintpredict.com",
    "preview.msn.com",
    "rad.live.com",
    "rad.msn.com",
    "redir.metaservices.microsoft.com",
    "reports.wes.df.telemetry.microsoft.com",
    "schemas.microsoft.akadns.net",
    "secure.adnxs.com",
    "secure.flashtalking.com",
    "services.wes.df.telemetry.microsoft.com",
    "settings-sandbox.data.microsoft.com",
    "settings-win.data.microsoft.com",
    "sls.update.microsoft.com.akadns.net",
    "spynet2.microsoft.com",
    "spynetalt.microsoft.com",
    "sqm.df.telemetry.microsoft.com",
    "sqm.telemetry.microsoft.com",
    "sqm.telemetry.microsoft.com.nsatc.net",
    "ssw.live.com",
    "static.2mdn.net",
    "statsfe1.ws.microsoft.com",
    "statsfe2.update.microsoft.com.akadns.net",
    "statsfe2.ws.microsoft.com",
    "survey.watson.microsoft.com",
    "telecommand.telemetry.microsoft.com",
    "telecommand.telemetry.microsoft.com.nsatc.net",
    "telemetry.appex.bing.net",
    "telemetry.microsoft.com",
    "telemetry.urs.microsoft.com",
    "vortex-bn2.metron.live.com.nsatc.net",
    "vortex-cy2.metron.live.com.nsatc.net",
    "vortex-sandbox.data.microsoft.com",
    "vortex-win.data.microsoft.com",
    "vortex.data.microsoft.com",
    "watson.live.com",
    "watson.microsoft.com",
    "watson.ppe.telemetry.microsoft.com",
    "watson.telemetry.microsoft.com",
    "watson.telemetry.microsoft.com.nsatc.net",
    "wes.df.telemetry.microsoft.com",
    "www.msftncsi.com")

    $aHostsFile = get-content $ENV:SystemRoot\System32\drivers\etc\hosts

    if(!($aHostsFile -match "Disable by privacy script")) {
        Add-Content $ENV:SystemRoot\System32\drivers\etc\hosts "`r`n# Disable by privacy script"
    }

    $aDisableHosts|%{
 	    if(!($aHostsFile -match "0\.0\.0\.0[\s\t]+$_")) {
 		    Add-Content $ENV:SystemRoot\System32\drivers\etc\hosts ([String]::Format("0.0.0.0      {0}",$_))
 	    }
    }
 }

 main
	# How to Run in PowerShell / WindowsTerminal as Administrator:
	# Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://gist.githubusercontent.com/ivanskodje/19a5975d4517de159c2531417ee89d23/raw/b00f172bd468b891ec6d5bda9623955137284435/choco-install-windows.ps1'))

	function main {
	InstallChocolatey
	Essentials
	ConfigureWindows
	Development
	DevOps
	Productivity
	RecreationalAndCommunication
	PrivacyFixes
	}

	function InstallChocolatey {
	Write-Host "Checking to see if Chocolatey is already installed..."
	try {
	if(Get-Command choco){
	Write-Host "Chocolatey already installed"
	}
	} Catch {
	Write-Host "Chocolatey not found, installing it now"
	Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
	}
	}

	function Essentials {
	Write-Host "Installing essentials..."

	choco install -y googlechrome
	choco install -y 7zip.install
	choco install -y vlc --params "'/Language:en'"
	choco install -y libreoffice-fresh
	choco install -y greenshot
	choco install -y notepadplusplus.install
	choco install -y keepass
	choco install -y nordvpn
	choco install -y veracrypt
	}

	function ConfigureWindows {
	Write-Host "Configuring Windows..."

	choco install -y taskbar-winconfig --params "'/USEPOWERSHELL:yes /LOCATION:left /SIZE:small /COMBINED:yes /AUTOTRAY:no /LOCKED:no /CORTANA:no /PEOPLE:no /STORE:no /TASKVIEW:no /KEYBOARD:no /INK:no'"
	choco uninstall -y taskbar-winconfig

	choco install -y desktopicons-winconfig --params "'/Desktop:yes /RecycleBin:yes /OneDrive:no /Computer:no /UserFiles:no /Network:no /ControlPanel:no'"
	choco uninstall -y desktopicons-winconfig

	choco install -y explorer-winconfig --params "'/SHOWEXTENSIONS:yes /SHOWFULLPATH:yes /SHOWHIDDEN:yes /SHOWENCRYPTED:yes /SHOWCHECKBOXES:no /USESHARINGWIZARD:no /USEVIEW:details /SHOWDETAILSPANE:no'"
	choco uninstall -y explorer-winconfig

	choco install -y homepages-winconfig --params "'/ALL:YES /URL:duckduckgo.com'"
	choco uninstall homepages-winconfig

	# To list features you want to enable: 'Dism /online /Get-Features'
	choco install Microsoft-Hyper-V -y -source windowsfeatures
	choco install Microsoft-Windows-Subsystem-Linux -y -source windowsfeatures
	choco install VirtualMachinePlatform -y -source windowsfeatures
	choco install Containers -y -source windowsfeatures
	}

	function Development {
	Write-Host "Installing development tools..."

	choco install -y git
	choco install -y maven
	choco install -y nodejs.install
	choco install -y jetbrainstoolbox
	choco install -y vscode.install
	choco install -y openjdk
	choco install -y docker-desktop
	choco install -y postman
	choco install -y golang


	Write-Host "************ ZLIB FIX: Download MINGW bin from https://github.com/go-vgo/Mingw, dont use the other crap installers!"
	# choco install -y mingw

	## npm Does not work, since the terminal needs to be reopened :(
	# npm install -g yo
	# npm install -g npx
	# npm install -g yarn
	}

	function DevOps {
	Write-Host "Installing DevOps tools..."

	choco install -y microsoft-windows-terminal
	choco install -y sysinternals
	choco install -y ilspy
	choco install -y windirstat
	# Disabled: Requires manual interaction
	# choco install -y nmap
	choco install -y curl
	choco install -y filezilla
	}

	function Productivity {
	Write-Host "Installing productivity tools..."

	choco install -y notion
	choco install -y powertoys
	}

	function RecreationalAndCommunication {
	Write-Host "Installing recreational and communication tools..."

	choco install -y steam
	choco install -y slack
	choco install -y discord
	choco install -y krita
	choco install -y audacity
	choco install -y audacity-ffmpeg --version=2.2.2.20181007
	choco install -y audacity-lame
	choco install -y spotify
	choco install -y obs-studio
	Write-Host "Download these OBS Studio Plugins:"
	Write-Host "- Advanced scene switcher: https://obsproject.com/forum/resources/advanced-scene-switcher.395"
	Write-Host "- Virtualcam: https://obsproject.com/forum/resources/obs-virtualcam.949"
	Write-Host "- Closed Captioning: https://obsproject.com/forum/resources/closed-captioning-via-google-speech-recognition.833"
	Write-Host "- StreamFX: https://obsproject.com/forum/resources/streamfx-for-obs%C2%AE-studio.578"
	Write-Host "- Get FREE VST Plugins here: https://www.tokyodawn.net/tokyo-dawn-labs (Get TDR Nova, TDR VOS SlickEQ, and TDR Kotelnikov)"
	Write-Host "- Get FREE Wider VST Plugin here: https://polyversemusic.com/products/wider"
	}

	function PrivacyFixes {
	# Based on https://gist.github.com/JonnyTech/bc09d1281d6c48c21023e51a2c267e1c
	RemoveBloatware
	DisableScheduledTasks
	DisableStartupServices
	OtherFixes
	BlockDataCollectors
	}

	function RemoveBloatware {
	Write-Host "Privacy Fix: Removing a lot of bloatware..."
	(get-process OneDrive -ErrorAction SilentlyContinue)\|%{
	$_.Kill()\|out-null
	}


	if(Test-Path ($ENV:SYSTEMROOT+"\SysWOW64\OneDriveSetup.exe")) {
	Write-Host "Uninstalling Onedrive (64bit)..."
	& ($ENV:SYSTEMROOT+"\SysWOW64\OneDriveSetup.exe") /uninstall
	}

	if(Test-Path ($ENV:SYSTEMROOT+"\System32\OneDriveSetup.exe")) {
	Write-Host "Uninstalling Onedrive (32bit)..."
	& ($ENV:SYSTEMROOT+"\System32\OneDriveSetup.exe") /uninstall
	}

	$aRemoveBuiltinApps=@(
	"Microsoft.3DBuilder",
	"Microsoft.Microsoft3DViewer",
	"Microsoft.SkypeApp",
	"Microsoft.Getstarted",
	"Microsoft.GetHelp",
	"Microsoft.MicrosoftOfficeHub",
	"Microsoft.WindowsMaps",
	"Microsoft.MicrosoftSolitaireCollection",
	"Microsoft.BingWeather",
	"Microsoft.WindowsCamera",
	"Microsoft.WindowsSoundRecorder",
	"Microsoft.WindowsPhone",
	"Microsoft.BingSports",
	"Microsoft.BingFinance",
	"Microsoft.BingNews",
	"Microsoft.Bing*",
	"Microsoft.Windows.Photos",
	"Microsoft.People",
	"Microsoft.Office.OneNote",
	"Microsoft.Xbox*",
	"Microsoft.ZuneVideo",
	"Microsoft.ZuneMusic")

	$aRemoveBuiltinApps\|%{
	Get-AppxPackage -AllUser $_\| Remove-AppxPackage -ErrorAction SilentlyContinue \|out-null
	}
	}

	function DisableScheduledTasks {
	Write-Host "Privacy Fix: Disabling Scheduled Tasks..."
	$aDisableScheduleTasks=@("Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask",

	# The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft.
	# The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft.
	"Microsoft\Windows\Customer Experience Improvement Program\UsbCeip",
	"Microsoft\Windows\Customer Experience Improvement Program\Uploader",
	"Microsoft\Windows\Customer Experience Improvement Program\BthSQM",

	# If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.
	"Microsoft\Windows\Customer Experience Improvement Program\Consolidator",
	"Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem",

	# Initializes Family Safety monitoring and enforcement.
	"Microsoft\Windows\Shell\FamilySafetyMonitor",

	# Synchronizes the latest settings with the Microsoft family features service.
	"Microsoft\Windows\Shell\FamilySafetyMonitorToastTask",

	# Synchronizes the latest settings with the Microsoft family features service.
	"Microsoft\Windows\Shell\FamilySafetyRefreshTask",

	# Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.
	"Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser",
	"Microsoft\Windows\Application Experience\AitAgent",

	# Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program
	"Microsoft\Windows\Application Experience\ProgramDataUpdater",
	"Microsoft\Windows\Application Experience\Uploader",

	# This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program.
	"Microsoft\Windows\Autochk\Proxy",

	# The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.
	"Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector",

	# "Microsoft\Windows\Maintenance\WinSAT",
	"Microsoft\Office\OfficeTelemetryAgentFallBack2016",
	"Microsoft\Office\OfficeTelemetryAgentLogOn2016",
	"Microsoft\Office\Office ClickToRun Service Monitor",
	"Microsoft\Office\OfficeTelemetry\AgentFallBack2016",
	"Microsoft\Office\OfficeTelemetry\OfficeTelemetryAgentLogOn2016",
	"Microsoft\Windows\Media Center\ActivateWindowsSearch",
	"Microsoft\Windows\Media Center\ConfigureInternetTimeService",
	"Microsoft\Windows\Media Center\DispatchRecoveryTasks",
	"Microsoft\Windows\Media Center\ehDRMInit",
	"Microsoft\Windows\Media Center\InstallPlayReady",
	"Microsoft\Windows\Media Center\mcupdate",
	"Microsoft\Windows\Media Center\MediaCenterRecoveryTask",
	"Microsoft\Windows\Media Center\ObjectStoreRecoveryTask",
	"Microsoft\Windows\Media Center\OCURActivate",
	"Microsoft\Windows\Media Center\OCURDiscovery",
	"Microsoft\Windows\Media Center\PBDADiscovery",
	"Microsoft\Windows\Media Center\PBDADiscoveryW1",
	"Microsoft\Windows\Media Center\PBDADiscoveryW2",
	"Microsoft\Windows\Media Center\PvrRecoveryTask",
	"Microsoft\Windows\Media Center\PvrScheduleTask",
	"Microsoft\Windows\Media Center\RegisterSearch",
	"Microsoft\Windows\Media Center\ReindexSearchRoot",
	"Microsoft\Windows\Media Center\SqlLiteRecoveryTask",
	"Microsoft\Windows\Media Center\UpdateRecordPath")
	$aDisableScheduleTasks\|%{Disable-ScheduledTask $_ -ErrorAction SilentlyContinue}
	}

	function DisableStartupServices {
	Write-Host "Privacy Fix: Disabling Startup Services..."

	# Connected User Experiences and Telemetry
	Set-Service -Name diagtrack -StartupType disabled

	# Set-Service -Name dmwappushservice -StartupType disabled
	# Retail Demo Service
	Set-Service -Name RetailDemo -StartupType disabled

	# BranchCache
	Set-Service -Name PeerDistSvc -StartupType Disabled

	# Problem Reports and Solutions Control Panel Support
	Set-Service -Name wercplsupport -StartupType Disabled

	# Telephony
	Set-Service -Name TapiSrv -StartupType Disabled

	# Windows Biometric Service
	Set-Service -Name WbioSrvc -StartupType Disabled

	# Windows Connect Now - Config Registrar
	Set-Service -Name wcncsvc -StartupType Disabled

	# Windows Remote Management (WS-Management)
	Set-Service -Name winrm -StartupType Disabled

	# Xbox Live Auth Manager
	Set-Service -Name XblAuthManager -StartupType Disabled

	# Xbox Live Game Save
	Set-Service -Name XblGameSave -StartupType Disabled

	# Xbox Live Networking Service
	Set-Service -Name XboxNetApiSvc -StartupType Disabled
	}

	function OtherFixes {
	Write-Host "Removing OneDrive from Explorer"
	New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
	Remove-Item "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Force -Confirm:$false -ErrorAction SilentlyContinue\|out-null
	Remove-Item "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Force -Confirm:$false -ErrorAction SilentlyContinue\|out-null

	}

	function BlockDataCollectors {
	Write-Host "Blocking hosts known for collecting data"

	$aDisableHosts=@(
	"a-0001.a-msedge.net",
	"a-0002.a-msedge.net",
	"a-0003.a-msedge.net",
	"a-0004.a-msedge.net",
	"a-0005.a-msedge.net",
	"a-0006.a-msedge.net",
	"a-0007.a-msedge.net",
	"a-0008.a-msedge.net",
	"a-0009.a-msedge.net",
	"a-msedge.net",
	"a.ads1.msn.com",
	"a.ads2.msads.net",
	"a.ads2.msn.com",
	"a.rad.msn.com",
	"ac3.msn.com",
	"ad.doubleclick.net",
	"adnexus.net",
	"adnxs.com",
	"ads.msn.com",
	"ads1.msads.net",
	"ads1.msn.com",
	"aidps.atdmt.com",
	"aka-cdn-ns.adtech.de",
	"az361816.vo.msecnd.net",
	"az512334.vo.msecnd.net",
	"b.ads1.msn.com",
	"b.ads2.msads.net",
	"b.rad.msn.com",
	"bs.serving-sys.com",
	"c.atdmt.com",
	"c.msn.com",
	"ca.telemetry.microsoft.com",
	"cache.datamart.windows.com",
	"cdn.atdmt.com",
	"cds26.ams9.msecn.net",
	"choice.microsoft.com",
	"choice.microsoft.com.nsatc.net",
	"compatexchange.cloudapp.net",
	"corp.sts.microsoft.com",
	"corpext.msitadfs.glbdns2.microsoft.com",
	"cs1.wpc.v0cdn.net",
	"db3aqu.atdmt.com",
	"df.telemetry.microsoft.com",
	"diagnostics.support.microsoft.com",
	"ec.atdmt.com",
	"fe2.update.microsoft.com.akadns.net",
	"fe3.delivery.dsp.mp.microsoft.com.nsatc.net",
	"feedback.microsoft-hohm.com",
	"feedback.search.microsoft.com",
	"feedback.windows.com",
	"flex.msn.com",
	"g.msn.com",
	"h1.msn.com",
	"i1.services.social.microsoft.com",
	"i1.services.social.microsoft.com.nsatc.net",
	"lb1.www.ms.akadns.net",
	"live.rads.msn.com",
	"m.adnxs.com",
	"msedge.net",
	"msftncsi.com",
	"msnbot-65-55-108-23.search.msn.com",
	"msntest.serving-sys.com",
	"oca.telemetry.microsoft.com",
	"oca.telemetry.microsoft.com.nsatc.net",
	"pre.footprintpredict.com",
	"preview.msn.com",
	"rad.live.com",
	"rad.msn.com",
	"redir.metaservices.microsoft.com",
	"reports.wes.df.telemetry.microsoft.com",
	"schemas.microsoft.akadns.net",
	"secure.adnxs.com",
	"secure.flashtalking.com",
	"services.wes.df.telemetry.microsoft.com",
	"settings-sandbox.data.microsoft.com",
	"settings-win.data.microsoft.com",
	"sls.update.microsoft.com.akadns.net",
	"spynet2.microsoft.com",
	"spynetalt.microsoft.com",
	"sqm.df.telemetry.microsoft.com",
	"sqm.telemetry.microsoft.com",
	"sqm.telemetry.microsoft.com.nsatc.net",
	"ssw.live.com",
	"static.2mdn.net",
	"statsfe1.ws.microsoft.com",
	"statsfe2.update.microsoft.com.akadns.net",
	"statsfe2.ws.microsoft.com",
	"survey.watson.microsoft.com",
	"telecommand.telemetry.microsoft.com",
	"telecommand.telemetry.microsoft.com.nsatc.net",
	"telemetry.appex.bing.net",
	"telemetry.microsoft.com",
	"telemetry.urs.microsoft.com",
	"vortex-bn2.metron.live.com.nsatc.net",
	"vortex-cy2.metron.live.com.nsatc.net",
	"vortex-sandbox.data.microsoft.com",
	"vortex-win.data.microsoft.com",
	"vortex.data.microsoft.com",
	"watson.live.com",
	"watson.microsoft.com",
	"watson.ppe.telemetry.microsoft.com",
	"watson.telemetry.microsoft.com",
	"watson.telemetry.microsoft.com.nsatc.net",
	"wes.df.telemetry.microsoft.com",
	"www.msftncsi.com")

	$aHostsFile = get-content $ENV:SystemRoot\System32\drivers\etc\hosts

	if(!($aHostsFile -match "Disable by privacy script")) {
	Add-Content $ENV:SystemRoot\System32\drivers\etc\hosts "`r`n# Disable by privacy script"
	}

	$aDisableHosts\|%{
	if(!($aHostsFile -match "0\.0\.0\.0[\s\t]+$_")) {
	Add-Content $ENV:SystemRoot\System32\drivers\etc\hosts ([String]::Format("0.0.0.0 {0}",$_))
	}
	}
	}

	main