Differences

This shows you the differences between two versions of the page.

--- windows_10 [2020/05/03 00:30]
127.0.0.1 external edit
+++ windows_10 [2022/03/16 09:38] (current)
@@ Line 170: / Line 170: @@
 [[https://github.com/SCConfigMgr/ConfigMgr/blob/master/Operating%20System%20Deployment/Invoke-RemoveBuiltinApps.ps1|GitHub]]
-**Odinstalace již nainstalovaných user apps**
- * Spustit jako poslední krok před ''sysprep''em.
+----
-<code powershell>
+===== Deaktivace Defenderu (platné k Win10 2004) =====
-# ***************************************************************************
-#
-# File:      RemoveUserApps.ps1
-#
-# Version:   1.0
-#
-# Author:    Michael Niehaus
-#
-# Purpose:   Removes apps installed for the user but not provisioned for the
-#            device, to avoid sysprep failures.
-#
-# Usage:     This script can be added into any MDT or ConfigMgr task sequence,
-#            and should be placed right before the sysprep step.
-#
-#            For this script to run, script execution must be enabled, e.g.
-#            "Set-ExecutionPolicy Bypass".  This can be done via a separate
-#            task sequence step if needed, see http://blogs.technet.com/mniehaus
-#            for more information.
-#
-# ------------- DISCLAIMER -------------------------------------------------
-# This script code is provided as is with no guarantee or waranty concerning
-# the usability or impact on systems and may be used, distributed, and
-# modified in any way provided the parties agree and acknowledge the
-# Microsoft or Microsoft Partners have neither accountabilty or
-# responsibility for results produced by use of this script.
-#
-# Microsoft will not provide any support through any means.
-# ------------- DISCLAIMER -------------------------------------------------
-#
-# ***************************************************************************
-# ---------------------------------------------------------------------------
+**Nejdříve nutno vypnout Tamper Protection.**
-# Get-LogDir:  Return the location for logs and output files
-# ---------------------------------------------------------------------------
-function Get-LogDir
+<code winbatch>
-{
+rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
-  try
-  {
-    $ts = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
-    if ($ts.Value("LogPath") -ne "")
-    {
-      $logDir = $ts.Value("LogPath")
-    }
-    else
-    {
-      $logDir = $ts.Value("_SMSTSLogPath")
-    }
-  }
-  catch
-  {
-    $logDir = $env:TEMP
-  }
-  return $logDir
-}
+rem Disable Tamper Protection First !!!!!
+rem https://www.tenforums.com/tutorials/123792-turn-off-tamper-protection-windows-defender-antivirus.html
+reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f
-# ---------------------------------------------------------------------------
+rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
-# Main logic
+rem https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290
-# ---------------------------------------------------------------------------
-$logDir = Get-LogDir
+rem Exclusion in WD can be easily set with an elevated cmd, so that makes it super easy to damage any pc.
-Start-Transcript "$logDir\RemoveUserApps.log"
+rem WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="xxxxxx
-# Get the list of provisioned packages
+rem To disable System Guard Runtime Monitor Broker
-$provisioned = Get-AppxProvisionedPackage -online
+rem reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f
-# Check each installed app
+rem To disable Windows Defender Security Center include this
-$count = 0
+rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
-for ($i=1; $i -ile 2; $i++) {
+rem 1 - Disable Real-time protection
-  # Check each app (two loops just in case there are dependencies that can't be removed until the
+reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
-  # main app is removed)
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
-  Get-AppxPackage | ? {$_.SignatureKind -ne 'System'} | ForEach-Object {
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
-    $current = $_
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
-    $found = $provisioned | ? {$_.DisplayName -eq $current.Name -and $_.Version -eq $current.Version}
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
-    if ($found.Count -eq 0)
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
-    {
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
-      Write-Host "$($current.Name) version $($current.Version) is not provisioned, removing."
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
-      Remove-AppxPackage -Package $current.PackageFullName
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
-      $count++
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
-    }
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
-  }
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
-}
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
-Write-Host "Number of apps removed: $count"
+reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
-Stop-Transcript
+rem 0 - Disable Logging
-</code>
+reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
+reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
-----
+rem Disable WD Tasks
+schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
+schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
+schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
+schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
+schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
-===== Metro Apps #2 =====
+rem Disable WD systray icon
+reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
+reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
-Provisioned
+rem Remove WD context menu
-<code powershell>
+reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
-$a = Get-AppXProvisionedPackage -Online | Select PackageName | Select-String -notmatch "Microsoft.DesktopAppInstaller" | Select-String -notmatch "Microsoft.MSPaint" | Select-String -notmatch "Microsoft.StorePurchaseApp" | Select-String -notmatch "Microsoft.Windows.Photos" | Select-String -notmatch "Microsoft.WindowsCalculator" | Select-String -notmatch "Microsoft.WindowsStore"
+reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
+reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
-$b = $a.Line.Replace("@{PackageName=","").Replace("}","")
+rem Disable WD services
+reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
+reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
+reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
+reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
+reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
-foreach($pkg in $b)
+rem Run twice to disable WD services !!!!!
-{
- Remove-AppXProvisionedPackage -online -PackageName $pkg
-}
-</code>
-Už nainstalované
-<code powershell>
-$d = Get-AppxPackage -AllUsers | Select PackageFullName | Select-String -notmatch "Microsoft.DesktopAppInstaller" | Select-String -notmatch "Microsoft.MSPaint" | Select-String -notmatch "Microsoft.StorePurchaseApp" | Select-String -notmatch "Microsoft.Windows.Photos" | Select-String -notmatch "Microsoft.WindowsCalculator" | Select-String -notmatch "Microsoft.WindowsStore" | Select-String -notmatch "Microsoft.BioEnrollment" | Select-String -notmatch "Microsoft.AccountsControl" | Select-String -notmatch "Microsoft.MicrosoftEdge" | Select-String -notmatch "Microsoft.Windows.ShellExperienceHost" | Select-String -notmatch "windows.immersivecontrolpanel" | Select-String -notmatch "Microsoft.LanguageExperiencePack"
-$e = $d.Line.Replace("@{PackageFullName=","").Replace("}","")
-foreach($pkg in $e)
+pause
-{
- Remove-AppxPackage -AllUsers $pkg
-}
 </code>
@@ Line 304: / Line 256: @@
   * Přidat Úplné řízení.
   * Upravit Attributes, změnit hodnotu 20040000 na 700100120.
+Vytažení zástupce na Poslední složky do Průzkumníka:
+  Start > Spustit > shell:::{22877a6d-37a1-461a-91b0-dbda5aaebc99}
+  A pak vytáhnout myší složku do "Rychlý přístup" vlevo
 ----

WereDoku

User Tools

Site Tools

Differences

Page Tools