From abec9def075d82fdaee9663ef8fe1a488911f45b Mon Sep 17 00:00:00 2001 From: undergroundwires Date: Fri, 22 Mar 2024 17:27:15 +0100 Subject: [PATCH] mac, linux, win: fix dead URLs and improve docs This commit fixes dead URLs and updates documentation references, improving accuracy and reliability. Key changes: - Fix dead URLs by using archived snapshots when they are detected as down by tests. - Update URLs to their new redirected locations. Other supporting changes: - Introduce long URLs for `archive.ph` links to retain the original URLs within the documentation. It simplifies the maintenance by removing the need to document the original locations along with the short URLs. - Improve some of the documentation to use more current sources, replacing the outdated ones. --- docs/script-guidelines.md | 4 +- .../Pipes/PipeDefinitions/InlinePowerShell.ts | 2 +- src/application/collections/linux.yaml | 24 +- src/application/collections/macos.yaml | 241 ++++-- src/application/collections/windows.yaml | 691 +++++++++--------- 5 files changed, 529 insertions(+), 433 deletions(-) diff --git a/docs/script-guidelines.md b/docs/script-guidelines.md index 43fb3852..921fca5d 100644 --- a/docs/script-guidelines.md +++ b/docs/script-guidelines.md @@ -35,8 +35,8 @@ Key attributes of a good script: ## Documentation - Use credible and reputable sources for references. -- Use archived links by using [archive.org](https://archive.org) or [archive.today](https://archive.today). - - Format archive.today links fully, for example: `https://archive.today/YYYYMMDDhhmmss/https://privacy.sexy`. +- Use archived links by using [archive.org](https://archive.org) or [archive.ph](https://archive.ph). + - Format archive.today links fully, for example: `https://archive.ph/YYYYMMDDhhmmss/https://privacy.sexy`. - Explain the default behavior if the script is not executed. ## Shared functions diff --git a/src/application/Parser/Script/Compiler/Expressions/Pipes/PipeDefinitions/InlinePowerShell.ts b/src/application/Parser/Script/Compiler/Expressions/Pipes/PipeDefinitions/InlinePowerShell.ts index bf2ce83c..79745677 100644 --- a/src/application/Parser/Script/Compiler/Expressions/Pipes/PipeDefinitions/InlinePowerShell.ts +++ b/src/application/Parser/Script/Compiler/Expressions/Pipes/PipeDefinitions/InlinePowerShell.ts @@ -95,7 +95,7 @@ function getLines(code: string): string[] { /* Merges inline here-strings to a single lined string with Windows line terminator (\r\n) - https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules#here-strings + https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules?view=powershell-7.4#here-strings */ function mergeHereStrings(code: string) { const regex = /@(['"])\s*(?:\r\n|\r|\n)((.|\n|\r)+?)(\r\n|\r|\n)\1@/g; diff --git a/src/application/collections/linux.yaml b/src/application/collections/linux.yaml index b7ae1db9..15ea2eeb 100644 --- a/src/application/collections/linux.yaml +++ b/src/application/collections/linux.yaml @@ -74,7 +74,7 @@ actions: - [tcsh source code](https://web.archive.org/web/20221029212024/https://github.com/tcsh-org/tcsh). [1]: https://web.archive.org/web/20221029134950/https://linux.die.net/man/1/tcsh "tcsh(1) - Linux man page | linux.die.net" - [2]: https://web.archive.org/web/20221029135041/https://books.google.com/books?id=LyDP5b2xzaMC&pg=PA56 "Sams Teach Yourself FreeBSD in 24 Hours - Michael Urban, Brian Tiemann - Google Books | books.google.com" + [2]: https://web.archive.org/web/20221029135007/https://books.google.com/books?id=LyDP5b2xzaMC&pg=PA56#v=onepage&q&f=false "Sams Teach Yourself FreeBSD in 24 Hours - Michael Urban, Brian Tiemann - Google Books | books.google.com" call: function: DeleteFileFromUserAndRootHome parameters: @@ -1733,7 +1733,7 @@ actions: See also: - [Source code for the Ubuntu Report tool | github.com](https://web.archive.org/web/20221029221854/https://github.com/ubuntu/ubuntu-report/) - [Statistics gathered and visualized | ubuntu.com/desktop/statistics](https://web.archive.org/web/20221029221910/https://ubuntu.com/desktop/statistics) - - [ubuntu-devel mailing list thread where ubuntu-report was first proposed, | lists.ubuntu.com ](https://web.archive.org/web/20221029221924/https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040139.html) + - [ubuntu-devel mailing list thread where ubuntu-report was first proposed | lists.ubuntu.com](https://web.archive.org/web/20221029162523/https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040139.html) [1]: https://web.archive.org/web/20221029162505/https://github.com/ubuntu/ubuntu-report/blob/30e902ebc17e4e10d83392d7cd3dc05fc9e35cc4/README.md "ubuntu-report/README.md at master · ubuntu/ubuntu-report | github.com" [2]: https://web.archive.org/web/20221029162538/https://github.com/ubuntu/ubuntu-report/blob/8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d/README.md "More diagnostics data from desktop | lists.ubuntu.com" @@ -1974,10 +1974,10 @@ actions: Read more about Zeitgeist: - - [Official website | zeitgeist.freedesktop.org](https://web.archive.org/web/20221029222739/https://zeitgeist.freedesktop.org/) + - [Official website | zeitgeist.freedesktop.org](https://web.archive.org/web/20221029150843/https://zeitgeist.freedesktop.org/) - [Wikipedia article | en.wikipedia.org](https://web.archive.org/web/20221029222921/https://en.wikipedia.org/wiki/Zeitgeist_%28free_software%29) - [Launchpad project page | launchpad.net](https://web.archive.org/web/20221029223026/https://launchpad.net/zeitgeist/) - - [ArchWiki article | wiki.archlinux.org](https://web.archive.org/web/20221029223033/https://wiki.archlinux.org/title/Zeitgeist) + - [ArchWiki article | wiki.archlinux.org](https://web.archive.org/web/20221029164539/https://wiki.archlinux.org/title/Zeitgeist) [1]: https://web.archive.org/web/20221029163704/https://packages.debian.org/en/sid/libdevel/libzeitgeist-2.0-dev "libzeitgeist-2.0-dev | Debian Packages | packages.debian.org" [2]: https://web.archive.org/web/20221029163817/https://gitlab.gnome.org/crvi/gnome-activity-journal "crvi / GNOME Activity Journal · GitLab | gitlab.gnome.org" @@ -2116,7 +2116,7 @@ actions: [3]: https://web.archive.org/web/20221029170026/https://packages.ubuntu.com/bionic/all/network-manager-config-connectivity-ubuntu/filelist "Ubuntu - File list of package network-manager-config-connectivity-ubuntu/bionic/all | packages.ubuntu.com" [4]: https://web.archive.org/web/20221029170108/https://github.com/pop-os/connectivity/blob/master/debian/20-connectivity-pop.conf "connectivity/20-connectivity-pop.conf at master · pop-os/connectivity | github.com" [5]: https://web.archive.org/web/20221029170202/https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/20-connectivity-fedora.conf "20-connectivity-fedora.conf\rpm\fedora\contrib - NetworkManager/NetworkManager - Network connection manager and user applications | reedesktop.org" - [6]: https://web.archive.org/web/20221029170207/https://fedora.pkgs.org/35/fedora-updates-testing-x86_64/NetworkManager-config-connectivity-fedora-1.32.12-1.fc35.noarch.rpm.html "NetworkManager-config-connectivity-fedora | fedora.pkgs.org" + [6]: https://archive.ph/2023.12.06-185917/https://pkgs.org/download/NetworkManager-config-connectivity-fedora "Networkmanager-config-connectivity-fedora Download (RPM) | pkgs.org" call: function: RunIfCommandExists parameters: @@ -2202,7 +2202,7 @@ actions: - Diagnostic information about your system and usage is sent to Microsoft servers [3]. - Your usage data and data about feature performance [3]. - [1]: https://web.archive.org/web/20221029170818/https://en.wikipedia.org/wiki/Visual_Studio_Code "Visual Studio Code - Wikipedia | en.wikipedia.org" + [1]: https://web.archive.org/web/20221029142001/https://en.wikipedia.org/wiki/Visual_Studio_Code "Visual Studio Code - Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029170840/https://code.visualstudio.com/updates/v1_26#_offline-mode "Visual Studio Code July 2018 | code.visualstudio.com" [3]: https://web.archive.org/web/20221029171138/https://code.visualstudio.com/docs/getstarted/telemetry "Visual Studio Code Telemetry | code.visualstudio.com" children: @@ -2697,7 +2697,7 @@ actions: [2]: https://web.archive.org/web/20231003094154/https://bugzilla.mozilla.org/show_bug.cgi?id=1746646 "1746646 - (tcp-mochitests) [meta] Make mochitests work with TCP enabled (cookieBehavior = 5) | bugzilla.mozilla.org" [3]: https://web.archive.org/web/20230918172155/https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#disable_dynamic_state_partitioning "State Partitioning - Privacy on the web | MDN" [4]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c5 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org" - [5]: https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ "Firefox Rolls Out Total Cookie Protection By Default" + [5]: https://web.archive.org/web/20231207105610/https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ "Firefox Rolls Out Total Cookie Protection By Default" [6]: https://web.archive.org/web/20231003094350/https://bugzilla.mozilla.org/show_bug.cgi?id=1631676#c25 "1631676 - Disable dfpi when privacy.firstparty.isolate=true | bugzilla.mozilla.org" call: function: AddFirefoxPrefs @@ -2887,7 +2887,7 @@ actions: setting [4]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" - [2]: https://web.archive.org/web/20221015102305/https://searchfox.org/mozilla-central/source/modules/libpref/Preferences.cpp#3213 + [2]: https://web.archive.org/web/20221015102338/https://searchfox.org/mozilla-central/source/modules/libpref/Preferences.cpp#3213 [3]: https://web.archive.org/web/20221015102419/https://bugzilla.mozilla.org/show_bug.cgi?id=1422689#c1 [4]: https://web.archive.org/web/20221015102604/https://stigviewer.com/stig/mozilla_firefox/2020-12-10/finding/V-223170 call: @@ -3173,7 +3173,7 @@ actions: portal is in place and blocking traffic, this feature prevents all other connection attempts, possibly revealing your usage habits. - See also: [Captive portal | Wikipedia](https://web.archive.org/web/20221029223534/https://en.wikipedia.org/wiki/Captive_portal). + See also: [Captive portal | Wikipedia](https://web.archive.org/web/20221029163002/https://en.wikipedia.org/wiki/Captive_portal). This script sets `network.captive-portal-service.enabled` to 'false', thereby disabling automatic connections [1]. @@ -3207,7 +3207,7 @@ actions: There have been concerns about the potential for Google Safe Browsing to be used for censorship in the future, although this has not occurred as of yet [3]. - [1]: https://web.archive.org/web/20221025192643/https://wiki.mozilla.org/Security/Safe_Browsing "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" + [1]: https://web.archive.org/web/20221026164502/https://wiki.mozilla.org/Security/Safe_Browsing "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20221025193000/https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_what-information-is-sent-to-mozilla-or-its-partners-when-phishing-and-malware-protection-is-enabled [3]: https://web.archive.org/web/20221025192516/https://www.usnews.com/opinion/articles/2016-06-22/google-is-the-worlds-biggest-censor-and-its-power-must-be-regulated "Google Is the World's Biggest Censor and Its Power Must Be Regulated | usnews.com" children: @@ -3226,7 +3226,7 @@ actions: If this blocking is removed, the user should be knowledgeable about the potential risks and will take precautions. - [1]: https://web.archive.org/web/20221025192643/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" + [1]: https://web.archive.org/web/20221026164502/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20230811024650/https://blog.mozilla.org/addons/2020/08/24/introducing-a-scalable-add-ons-blocklist/ "Introducing a scalable add-ons blocklist | Mozilla Add-ons Community Blog" call: function: AddFirefoxPrefs @@ -3286,7 +3286,7 @@ actions: It is active by default [2]. - [1]: https://web.archive.org/web/20221025192643/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" + [1]: https://web.archive.org/web/20221026164502/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20221029173442/https://github.com/mozilla/policy-templates/blob/master/README.md#preferences "policy-templates/README.md at master · mozilla/policy-templates · GitHub | github.com" call: function: AddFirefoxPrefs diff --git a/src/application/collections/macos.yaml b/src/application/collections/macos.yaml index 4e276771..d1e5ffb7 100644 --- a/src/application/collections/macos.yaml +++ b/src/application/collections/macos.yaml @@ -108,7 +108,7 @@ actions: name: Clear user activity audit logs (login, logout, authentication, etc.) docs: - https://papers.put.as/papers/macosx/2012/Mac_Log_Analysis_Sarah_Edwards_DFIRSummit2012.pdf - - http://macadmins.psu.edu/wp-content/uploads/sites/24696/2016/06/psumac2016-19-osxlogs_macadmins_2016.pdf + - https://web.archive.org/web/20240314054514/https://bpb-us-e1.wpmucdn.com/sites.psu.edu/dist/4/24696/files/2016/06/psumac2016-19-osxlogs_macadmins_2016.pdf code: |- sudo rm -rfv /var/audit/* sudo rm -rfv /private/var/audit/* @@ -171,7 +171,7 @@ actions: - name: Clear Safari last session (open tabs) history docs: - - https://apple.stackexchange.com/a/374116 + - https://web.archive.org/web/20240314061752/https://apple.stackexchange.com/questions/374099/where-does-safari-store-the-open-tabs/374116#374116 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7127 code: rm -f ~/Library/Safari/LastSession.plist - @@ -191,7 +191,7 @@ actions: name: Clear Safari webpage previews (thumbnails) docs: - https://davidkoepi.wordpress.com/2013/04/20/safariforensic/ - - https://www.reddit.com/r/apple/comments/18lp92/your_apple_computer_keeps_a_screen_shot_of_nearly/ + - https://archive.ph/2024.03.14-100910/https://www.reddit.com/r/apple/comments/18lp92/your_apple_computer_keeps_a_screen_shot_of_nearly/?rdt=59921 code: rm -rfv ~/Library/Caches/com.apple.Safari/Webpage\ Previews - name: Clear Safari history copy @@ -204,8 +204,8 @@ actions: - name: Clear Safari cookies docs: - - https://www.toolbox.com/tech/operating-systems/blogs/understanding-the-safari-cookiesbinarycookies-file-format-010712/ - - https://link.springer.com/content/pdf/10.1007/0-387-36891-4_13.pdf + - https://web.archive.org/web/20240314132018/https://community.spiceworks.com/t/understanding-the-safari-cookies-binarycookies-file-format/928827 + - https://web.archive.org/web/20240314060318/https://link.springer.com/content/pdf/10.1007/0-387-36891-4_13.pdf code: |- rm -f ~/Library/Cookies/Cookies.binarycookies # Used before Safari 5.1 @@ -520,7 +520,7 @@ actions: you'll be prompted to grant or deny permission. It's a proactive step to ensure that your sensitive information or system services are accessed only with your current and informed consent. children: - # Main documentation: https://archive.ph/26Hlq (https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services) + # Main documentation: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services - name: Clear **"All"** permissions docs: |- @@ -536,7 +536,7 @@ actions: This script resets permissions for camera access [1]. It ensures no application can access the system camera without explicit user permission, protecting against unauthorized surveillance and data breaches. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -547,7 +547,7 @@ actions: This script resets permissions for microphone access [1]. It revokes all granted access to the microphone, protecting against eavesdropping and unauthorized audio recording by applications. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -558,7 +558,7 @@ actions: This script resets permissions for accessibility features [1]. It revokes application access to accessibility services, preventing misuse and ensuring these features are used only with user consent. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -569,7 +569,7 @@ actions: This script resets permissions for screen capture [1]. It ensures applications cannot capture screen content without user authorization, protecting sensitive information displayed on the screen. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -580,7 +580,7 @@ actions: This script resets permissions for accessing reminders information managed by the Reminders app [1]. It ensures applications cannot access or modify reminders data without explicit user permission, maintaining the privacy of personal reminders. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -591,7 +591,7 @@ actions: This script resets permissions for accessing the pictures managed by the Photos app [1]. It revokes all permissions granted to applications, safeguarding personal photos and media from unauthorized access. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -602,7 +602,7 @@ actions: This script resets permissions for accessing the calendar information managed by the Calendar app [1]. It ensures that applications cannot access calendar data without user consent, protecting personal and sensitive calendar information. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -614,7 +614,7 @@ actions: Full disk access allows the application access to all protected files, including system administration files [1]. It revokes broad file access from applications, significantly reducing the risk of data exposure and enhancing overall system security. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -626,7 +626,7 @@ actions: The contact information managed by the Contacts app [1]. It ensures that applications cannot access the user's contact list without explicit permission, maintaining the confidentiality of personal contacts. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -637,7 +637,7 @@ actions: This script resets permissions for accessing the Desktop folder [1]. It revokes application access to files on the desktop, protecting personal and work-related documents from unauthorized access. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -648,7 +648,7 @@ actions: This script resets permissions for accessing the Documents folder [1]. It prevents applications from accessing files in this folder without user consent, safeguarding important and private documents. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -659,7 +659,7 @@ actions: This script resets permissions for accessing the Downloads folder [1]. It ensures that applications cannot access downloaded files without user authorization, protecting downloaded content from misuse. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -670,7 +670,7 @@ actions: This script resets permissions for Apple Events [1]. It revokes permissions for applications to send restricted Apple Events to other processes [1], enhancing privacy and security. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -681,7 +681,7 @@ actions: This script resets permissions for File Provider Presence [1]. It revokes the ability of File Provider applications to know when the user is accessing their managed files [1], enhancing user privacy. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -692,7 +692,7 @@ actions: This script resets "ListenEvent" permissions [1]. It revokes application access to listen to system events [1], preventing unauthorized monitoring of user interactions with the system. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -703,7 +703,7 @@ actions: This script resets permissions for accessing the Media Library [1]. It ensures that applications cannot access Apple Music, music and video activity, and the media library [1] without user consent. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -714,7 +714,7 @@ actions: This script resets permissions for sending "PostEvent" [1]. It prevents applications from using CoreGraphics APIs to send system events [1], safeguarding against potential misuse. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -726,7 +726,7 @@ actions: This script resets permissions for using Speech Recognition [1]. It revokes application access to the speech recognition facility and sending speech data to Apple [1], protecting user privacy. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -737,7 +737,7 @@ actions: This script resets permissions for modifying other apps [1]. It prevents applications from updating or deleting other apps [1], maintaining system integrity and user control. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -748,7 +748,7 @@ actions: This script resets permissions for accessing application data [1]. It revokes application access to specific application data, enhancing privacy and data security. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -759,7 +759,7 @@ actions: This script resets permissions for accessing files on network volumes [1]. It ensures applications cannot access network files without user authorization. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -770,7 +770,7 @@ actions: This script resets permissions for accessing files on removable volumes [1]. It protects data on external drives from unauthorized application access. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -781,7 +781,7 @@ actions: This script resets permissions for accessing system administration files [1]. It enhances system security by restricting application access to critical system files. - [1]: https://archive.ph/26Hlq "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" + [1]: https://archive.ph/2023.11.24-170934/https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services "PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation | apple.com" call: function: ResetServicePermissions parameters: @@ -877,7 +877,7 @@ actions: There is also `WelcomeScreenPromo.PromoOff` setting that's pre-configured to `1` (`no` as default). It's undocumented but still kept disabled by this script. - [1]: https://web.archive.org/save/https://forum.parallels.com/threads/unable-to-process-the-upgrade-request.345603/ "Unable to process the upgrade request | Parallels Forums | forum.parallels.com" + [1]: https://web.archive.org/web/20240314062932/https://forum.parallels.com/threads/unable-to-process-the-upgrade-request.345603/ "Unable to process the upgrade request | Parallels Forums | forum.parallels.com" [2]: https://web.archive.org/web/20221012151800/https://kb.parallels.com/114422 "How do I turn off notifications in Parallels Desktop and Parallels Access? | Knowledge Base | parallels.com" code: |- defaults write 'com.parallels.Parallels Desktop' 'ProductPromo.ForcePromoOff' -bool yes @@ -988,16 +988,16 @@ actions: recommend: strict docs: - https://github.com/privacysexy-forks/starter/blob/master/system/siri.sh - - https://machippie.github.io/system/ + - https://web.archive.org/web/20201002133713/https://machippie.github.io/system/ code: defaults write com.apple.assistant.backedup 'Use device speaker for TTS' -int 3 revertCode: defaults write com.apple.assistant.backedup 'Use device speaker for TTS' -int 2 - name: Disable Siri services (Siri and assistantd) recommend: strict docs: - - https://apple.stackexchange.com/questions/57514/what-is-assistantd - - https://www.jamf.com/jamf-nation/discussions/22757/kill-siri#responseChild137563 - - https://apple.stackexchange.com/a/370426 + - https://web.archive.org/web/20240314060540/https://apple.stackexchange.com/questions/57514/what-is-assistantd + - https://archive.ph/2024.03.14-055010/https://community.jamf.com/t5/jamf-pro/kill-siri/td-p/171543 + - https://web.archive.org/web/20240314060501/https://apple.stackexchange.com/questions/258816/how-to-completely-disable-siri-on-sierra/370426#370426 # To see status: • `launchctl print-disabled system` • `launchctl print-disabled user/$UID` • `launchctl print-disabled gui/$UID` code: |- launchctl disable "user/$UID/com.apple.assistantd" @@ -1021,10 +1021,20 @@ actions: fi - name: Disable "Do you want to enable Siri?" pop-up - docs: - - https://discussions.apple.com/thread/7694127?answerId=30752577022#30752577022 - - https://windowsreport.com/mac/siri-keeps-popping-up/ - - https://www.jamf.com/jamf-nation/discussions/21783/disable-siri-setup-assistant-in-macos-sierra#responseChild131588 + docs: |- + This script stops the "Enable Siri" pop-up [1] from appearing the first time a user logs into macOS [2]. + + Introduced in macOS version 10.12 [2], this pop-up asks, "Do you want to enable Siri?" [1] + which could lead to Siri being enabled unintentionally. + + This script configures the `com.apple.SetupAssistant!DidSeeSiriSetup` setting to suppress this pop-up [1] [2] [3] [4]. + This command tells the system that the Siri setup is complete, preventing the pop-up in future sessions and + enhancing privacy by avoiding unintended Siri activation. + + [1]: https://archive.ph/2024.03.14-053325/https://discussions.apple.com/thread/7694127?answerId=30752577022&sortBy=best%2330752577022 "macOS keeps nagging me about enabling Siri - Apple Community | discussions.apple.com" + [2]: https://web.archive.org/web/20240314052600/https://derflounder.wordpress.com/2016/09/20/supressing-siri-pop-up-windows-on-macos-sierra/ "Suppressing Siri pop-up windows on macOS Sierra | Der Flounder" + [3]: https://web.archive.org/web/20240314052901/https://windowsreport.com/mac/siri-keeps-popping-up/ "Siri keeps popping up on Mac? Here's how to easily fix that • MacTips | windowsreport.com" + [4]: https://web.archive.org/web/20240314052247/https://community.jamf.com/t5/jamf-pro/disable-siri-setup-assistant-in-macos-sierra/m-p/205836/highlight/true#M194536 "Solved: Re: Disable Siri setup assistant in macOS Sierra - Jamf Nation Community - 205834 | community.jamf.com" code: defaults write com.apple.SetupAssistant 'DidSeeSiriSetup' -bool True revertCode: defaults delete com.apple.SetupAssistant 'DidSeeSiriSetup' - @@ -1084,7 +1094,7 @@ actions: by default. [1]: https://web.archive.org/web/20230731152633/https://www.apple.com/legal/privacy/data/en/apple-advertising/ "Legal - Apple Advertising & Privacy - Apple" - [2]: https://web.archive.org/web/20220805052411/https://support.apple.com/en-sg/guide/mac-help/mh32356/mac: "Change Privacy preferences on Mac - Apple Support (SG)" + [2]: https://web.archive.org/web/20220805052411/https://support.apple.com/en-sg/guide/mac-help/mh32356/mac "Change Privacy preferences on Mac - Apple Support (SG)" [3]: https://web.archive.org/web/20230731155827/https://developer.apple.com/documentation/devicemanagement/restrictions "Restrictions | Apple Developer Documentation" [4]: https://web.archive.org/web/20230731155653/https://paper.bobylive.com/Security/CIS/CIS_Apple_macOS_11_0_Big_Sur_Benchmark_v2_0_0.pdf "CIS Apple macOS 11.0 Big Sur Benchmark" [5]: https://web.archive.org/web/20230731155131/https://developer.apple.com/documentation/adsupport/asidentifiermanager/1614151-advertisingidentifier "advertisingIdentifier | Apple Developer Documentation" @@ -1280,7 +1290,7 @@ actions: # OS tracks downloaded files with help of quarantine-aware applications # (such as Safari, Chrome) adding quarantine extended attributes to files. # then OS warns and asks if you really want to open it - docs: https://support.apple.com/en-gb/HT202491 + docs: https://web.archive.org/web/20210319081714/https://support.apple.com/en-gb/HT202491 children: - category: Clean File Quarantine from downloaded files @@ -1391,7 +1401,7 @@ actions: name: Disable Gatekeeper's automatic reactivation docs: - https://osxdaily.com/2015/11/05/stop-gatekeeper-auto-rearm-mac-os-x/ - - https://www.cnet.com/tech/computing/how-to-disable-gatekeeper-permanently-on-os-x/ + - https://web.archive.org/web/20230327050142/https://www.cnet.com/tech/computing/how-to-disable-gatekeeper-permanently-on-os-x/ code: sudo defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool true revertCode: sudo defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool false - @@ -1450,13 +1460,19 @@ actions: revertCode: sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist 'DisableLibraryValidation' -bool false - category: Disable automatic updates - docs: - - https://developer.apple.com/documentation/devicemanagement/deviceinformationresponse/queryresponses/osupdatesettings - - https://macadminsdoc.readthedocs.io/en/master/Profiles-and-Settings/OS-X-Updates.html + docs: |- + This category contains scripts to disable automatic operating system updates. + + Disabling automatic updates gives users full control over when and which updates are applied to their system. + It improves privacy by preventing unwanted data collection, new vulnerabilities and unapproved changes to system settings. + + > **Caution**: + > Disabling automatic updates can leave your system vulnerable to unpatched exploits. + > Manually check and and apply updates to stay protected. children: - name: Disable automatic checks for updates - docs: https://developer.apple.com/documentation/devicemanagement/softwareupdate + docs: https://archive.ph/2024.03.21-180353/https://developer.apple.com/documentation/devicemanagement/softwareupdate code: |- # For OS X Yosemite and newer (>= 10.10) sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticCheckEnabled' -bool false @@ -1465,7 +1481,7 @@ actions: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticCheckEnabled' -bool true - name: Disable automatic downloads for updates - docs: https://developer.apple.com/documentation/devicemanagement/softwareupdate + docs: https://archive.ph/2024.03.21-180353/https://developer.apple.com/documentation/devicemanagement/softwareupdate code: |- # For OS X Yosemite and newer (>= 10.10) sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticDownload' -bool false @@ -1474,12 +1490,41 @@ actions: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticDownload' -bool true - name: Disable automatic installation of macOS updates - docs: - # References for AutoUpdateRestartRequired - - https://kb.vmware.com/s/article/2960635 - - https://derflounder.wordpress.com/2018/12/28/enabling-automatic-macos-software-updates-for-os-x-yosemite-through-macos-mojave/ - # References for AutomaticallyInstallMacOSUpdates - - https://developer.apple.com/documentation/devicemanagement/softwareupdate + docs: |- + This script stops macOS from automatically installing updates. + + This script improves privacy by reducing unwanted data collection and ensuring updates don't change + settings or data without your approval. + + The Center for Internet Security (CIS) advises against automatic updates in scenarios where changes require + thorough testing and approval processes to avoid operational disruptions [1] [2] [3] [4]. + + This script configures following to stop macOS from installing updates automatically: + + 1. `/Library/Preferences/com.apple.commerce!AutoUpdateRestartRequired`: + This preference stops the system from automatically installing macOS updates [1] [2] [3] [4] [5] [6] [7] [8]. + By doing this, updates will only be installed when you decide, giving you a chance to check them first [1] [2] [3] [4] [5] [6] [7] [8]. + This setting applies to OS X Yosemite through macOS High Sierra [7] [9]. + + 2. `/Library/Preferences/com.apple.commerce!AutomaticallyInstallMacOSUpdates`: + Changing this setting stops macOS from installing updates automatically [3] [5] [9] [10], giving you control over when to update. + If restricts the *Install macOS Updates* option and prevents the user from changing the option [10]. + While this setting enhances privacy, it's generally not advised by NIST due to potential security risks [9]. + This setting applies to macOS Mojave and newer versions [9]. + + > **Caution**: Disabling automatic updates requires you to manually check and apply updates to stay protected against security threats [1] [2] [3] [4]. + + [1]: https://web.archive.org/web/20240321165149/https://www.tenable.com/audits/items/CIS_Apple_macOS_10.12_v1.1.0_Level_1.audit:e02dfdd6bec9556a3ce537f60b91b549 "CIS Apple macOS 10.12 L1 v1.1.0 | 1.5 Enable OS X update installs | Tenable®" + [2]: https://web.archive.org/web/20240321165851/https://paper.bobylive.com/Security/CIS/CIS_Apple_macOS_10_13_Benchmark_v1_1_0---PDF.pdf "CIS Apple macOS 10.13 Benchmark v1.1.0 | paper.bobylive.com" + [3]: https://web.archive.org/web/20240321170400/https://www.tenable.com/audits/items/CIS_Apple_macOS_13.0_Ventura_v1.0.0_L1.audit:fe03c59a39c7c949507ff20d07f89993 "1.4 Ensure Install of macOS Updates Is Enabled | Tenable® | www.tenable.com" + [4]: https://web.archive.org/web/20240321170036/https://paper.bobylive.com/Security/CIS/CIS_Apple_macOS_10_14_Benchmark_v1_4_0_PDF.pdf "CIS Apple macOS 10.14 Benchmark v1.4.0 | paper.bobylive.com" + [5]: https://web.archive.org/web/20240321164917/https://www.ncsc.gov.uk/files/macos_provisioning_script.sh_.txt "macOS provisioning script | UK National Cyber Security Centre | www.ncsc.gov.uk" + [6]: https://web.archive.org/web/20240321165118/https://macadminsdoc.readthedocs.io/en/master/Profiles-and-Settings/OS-X-Updates.html "macOS Updates — MacAdmins Community Documentation documentation | macadminsdoc.readthedocs.io" + [7]: https://web.archive.org/web/20240321165304/https://derflounder.wordpress.com/2014/12/29/managing-automatic-app-store-and-os-x-update-installation-on-yosemite/ "Managing automatic App Store and OS X update installation on Yosemite | Der Flounder | derflounder.wordpress.com" + [8]: https://web.archive.org/web/20240321170034/https://krypted.com/mac-os-x/app-store-preferences-set-server-5-4-macos-high-sierra/ "App Store Preferences To Set In On Server 5.4 for macOS High Sierra – krypted | krypted.com" + [9]: https://web.archive.org/web/20240321170251/https://derflounder.wordpress.com/2018/12/28/enabling-automatic-macos-software-updates-for-os-x-yosemite-through-macos-mojave/ "Enabling automatic macOS software updates for OS X Yosemite through macOS Mojave | Der Flounder | derflounder.wordpress.com" + [10]: https://archive.ph/2024.03.21-180353/https://developer.apple.com/documentation/devicemanagement/softwareupdate "SoftwareUpdate | Apple Developer Documentation | developer.apple.com" + [11]: https://web.archive.org/web/20240321165931/https://csrc.nist.gov/CSRC/media/Projects/national-vulnerability-database/documents/CCE/CCE-macos_monterey.xls "CCE-91129-7 | CCE-macos_monterey.xls | Sheet 1 - NIST Computer Security Resource Center | csrc.nist.gov" code: |- # For OS X Yosemite through macOS High Sierra (>= 10.10 && < 10.14) sudo defaults write /Library/Preferences/com.apple.commerce 'AutoUpdateRestartRequired' -bool false @@ -1492,9 +1537,44 @@ actions: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticallyInstallMacOSUpdates' -bool true - name: Disable automatic app updates from the App Store - docs: - - https://kb.vmware.com/s/article/2960635 - - https://derflounder.wordpress.com/2018/12/28/enabling-automatic-macos-software-updates-for-os-x-yosemite-through-macos-mojave/ + docs: |- + This script disables automatic app updates [1] [2] [3] [4] from the App Store [5] [6] [7] [8] [9] [10] [11] [12] [13]. + It prevents automatic installation of application updates as soon as they become available from Apple [2] [3] [6] [9] [11] [12] [13]. + Thus, applications are updated only when you choose to do so [5]. + + Disabling automatic updates prevents unexpected app behavior or settings changes. + It helps you to maintain your current app configurations and privacy settings. + It also protects against potential zero-day vulnerabilities in your apps. + This gives you the ability to choose which updates to install and when, enabling you to review the details of updates before deciding to proceed. + + The script modifies the following settings: + + 1. `/Library/Preferences/com.apple.commerce!AutoUpdate`: + Disables automated app updates [1] [2] [3] [6] [9] [10] [13] from the App Store [7] [8]. + This setting applies to OS X Yosemite and newer versions [1]. + 2. `/Library/Preferences/com.apple.SoftwareUpdate!AutomaticallyInstallAppUpdates`: + Stops the automatic installation of app updates [1] [4] from App Store [9] [10] [11] [12] [13]. + It deselects the *Install app updates from the App Store* option and prevents the user from changing the option [10]. + While this setting enhances privacy, it's generally not advised by NIST due to potential security risks [4]. + This setting applies to macOS Mojave and newer versions [1]. + + > **Caution**: + > Disabling app updates means you should manually check for and install important security patches for every application + > to protect against vulnerabilities [2] [3] [5] [6] [9] [11] [12] [13]. + + [1]: https://web.archive.org/web/20240321170251/https://derflounder.wordpress.com/2018/12/28/enabling-automatic-macos-software-updates-for-os-x-yosemite-through-macos-mojave/ "Enabling automatic macOS software updates for OS X Yosemite through macOS Mojave | Der Flounder | derflounder.wordpress.com" + [2]: https://web.archive.org/web/20240321190032/https://www.irs.gov/pub/irs-utl/safeguards-scsem-macosx-v6-1-093021.xlsx "SCSEM OSX 10.14 | Internal Revenue Service Office of Safeguards | www.irs.gov" + [3]: https://web.archive.org/web/20240321170036/https://paper.bobylive.com/Security/CIS/CIS_Apple_macOS_10_14_Benchmark_v1_4_0_PDF.pdf "CIS Apple macOS 10.14 Benchmark v1.4.0 | paper.bobylive.com" + [5]: https://web.archive.org/web/20240321190244/https://github-wiki-see.page/m/edamametechnologies/threatmodels/wiki/threatmodel-macOS-EN "threatmodel macOS EN - edamametechnologies/threatmodels GitHub Wiki | github-wiki-see.page" + [6]: https://web.archive.org/web/20240321190315/https://www.tenable.com/audits/items/CIS_Apple_macOS_14.0_Sonoma_v1.0.0_L1.audit:66d3b86318384ba7947a3409e0c6e902 "1.5 Ensure Install Application Updates from the App Store Is E... | Tenable® | www.tenable.com" + [7]: https://web.archive.org/web/20240321165304/https://derflounder.wordpress.com/2014/12/29/managing-automatic-app-store-and-os-x-update-installation-on-yosemite/ "Managing automatic App Store and OS X update installation on Yosemite | Der Flounder | derflounder.wordpress.com" + [8]: https://web.archive.org/web/20240321190410/https://krypted.com/mac-security/app-store-preferences-set-server-5-2-macos-sierra/ "App Store Preferences To Set In On Server 5.2 for macOS Sierra – krypted | krypted.com" + [4]: https://web.archive.org/web/20240321165931/https://csrc.nist.gov/CSRC/media/Projects/national-vulnerability-database/documents/CCE/CCE-macos_monterey.xls "CCE-91129-7 | CCE-macos_monterey.xls | Sheet 1 - NIST Computer Security Resource Center | csrc.nist.gov" + [9]: https://web.archive.org/web/20240321190114/https://www.irs.gov/pub/irs-utl/safeguards-scsem-macosx.xlsx "SCSEM OSX 13.0 | Internal Revenue Service Office of Safeguards | www.irs.gov" + [10]: https://archive.ph/2024.03.21-180353/https://developer.apple.com/documentation/devicemanagement/softwareupdate "SoftwareUpdate | Apple Developer Documentation | developer.apple.com" + [11]: https://web.archive.org/web/20240321190122/https://paper.bobylive.com/Security/CIS/CIS_Apple_macOS_12_0_Monterey_Benchmark_v1_0_0.pdf "CIS Apple macOS 12.0 Monterey | CIS Benchmarks | paper.bobylive.com" + [12]: https://web.archive.org/web/20240321190537/https://www.tenable.com/audits/items/CIS_Apple_macOS_11_v2.0.0_L1.audit:55e8759872dce781b8dbc5a3f42e23b9 "1.4 Ensure Installation of App Update Is Enabled | Tenable® | www.tenable.com" + [13]: https://web.archive.org/web/20240321164917/https://www.ncsc.gov.uk/files/macos_provisioning_script.sh_.txt "macOS provisioning script | UK National Cyber Security Centre | www.ncsc.gov.uk" code: |- # For OS X Yosemite and newer (>= 10.10) sudo defaults write /Library/Preferences/com.apple.commerce 'AutoUpdate' -bool false @@ -1507,7 +1587,7 @@ actions: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticallyInstallAppUpdates' -bool true - name: Disable macOS beta release installation - docs: https://support.apple.com/en-gb/HT203018 + docs: https://web.archive.org/web/20170106103856/https://support.apple.com/en-gb/HT203018 code: |- # For OS X Yosemite and newer (>= 10.10) sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AllowPreReleaseInstallation' -bool false @@ -1516,7 +1596,7 @@ actions: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AllowPreReleaseInstallation' -bool true - name: Disable automatic installation for configuration data (e.g. XProtect, Gatekeeper, MRT) - docs: https://derflounder.wordpress.com/2018/12/28/enabling-automatic-macos-software-updates-for-os-x-yosemite-through-macos-mojave/ + docs: https://web.archive.org/web/20240321170251/https://derflounder.wordpress.com/2018/12/28/enabling-automatic-macos-software-updates-for-os-x-yosemite-through-macos-mojave/ code: |- # For OS X Yosemite and newer (>= 10.10) sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'ConfigDataInstall' -bool false @@ -1525,12 +1605,47 @@ actions: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'ConfigDataInstall' -bool true - name: Disable automatic installation for system data files and security updates - docs: - # References for CriticalUpdateInstall - - https://derflounder.wordpress.com/2014/12/24/managing-os-xs-automatic-security-updates/ - - https://developer.apple.com/documentation/devicemanagement/softwareupdate - # References for softwareupdate --background-critical - - https://managingosx.wordpress.com/2013/04/30/undocumented-options/ + docs: |- + This script stops automatic installations of critical updates [1], + including security [1] [2] [3] [4] [5] [6] [7] and system data file [1] [8] updates. + + It improves privacy by providing: + + - **Control Over Update Timing**: + Users can review updates before installation to ensure they meet privacy standards and do not introduce + unwanted telemetry or changes. + - **Reduced External Communications**: + Reduces how often it connects to update servers, potentially protection user information. + + The script configures the `/Library/Preferences/com.apple.SoftwareUpdate!CriticalUpdateInstall` setting [1] [4] [5] [7] [8]. + This action prevents automatic downloads and installations of updates [1]. + It also prevents users from changing the Install system data files and security updates option manually [1]. + This script is compatible with OS X Yosemite and later versions [6] [8]. + + The revert script triggers `softwareupdate --background-critical` to install any pending critical updates directly [2] [9]. + + > **Caution:** + > Only disable automatic updates if you're committed to manually installing them quickly to maintain your computer's security [4] [5] [8]. + > It's important to install updates soon to protect your computer. [4] [5] [8]. + > + > This script disables: + > + > - Definition updates for **XProtect** and **Gatekeeper** that keep your computer safe from new threats [5]. + > - **Rapid Security Response** [10] [11]. + > **Rapid Security Responses** are software releases providing important security improvements between standard updates [12]. + + [1]: https://archive.ph/2024.03.21-180353/https://developer.apple.com/documentation/devicemanagement/softwareupdate "SoftwareUpdate | Apple Developer Documentation | developer.apple.com" + [2]: https://web.archive.org/web/20240321201417/https://derflounder.wordpress.com/2014/12/24/managing-os-xs-automatic-security-updates/ "Managing OS X’s automatic security updates | Der Flounder | derflounder.wordpress.com" + [3]: https://web.archive.org/web/20240321165118/https://macadminsdoc.readthedocs.io/en/master/Profiles-and-Settings/OS-X-Updates.html "macOS Updates — MacAdmins Community Documentation documentation | macadminsdoc.readthedocs.io" + [4]: https://web.archive.org/web/20240321165931/https://csrc.nist.gov/CSRC/media/Projects/national-vulnerability-database/documents/CCE/CCE-macos_monterey.xls "CCE-91129-7 | CCE-macos_monterey.xls | Sheet 1 - NIST Computer Security Resource Center | csrc.nist.gov" + [5]: https://web.archive.org/web/20240321201450/https://paper.bobylive.com/Security/CIS/CIS_Apple_OSX_10_9_Benchmark_v1_3_0.pdf "CIS Apple OSX 10.9 Benchmark | paper.bobylive.com" + [6]: https://web.archive.org/web/20240321201643/https://derflounder.wordpress.com/2014/12/27/managing-automatic-installation-of-configdata-and-security-software-updates-on-yosemite/ "Managing automatic installation of ConfigData and security software updates on Yosemite | Der Flounder | derflounder.wordpress.com" + [7]: https://web.archive.org/web/20240321201652/https://ss64.com/mac/syntax-defaults.html "System preference settings for macOS - macOS - SS64.com | ss64.com" + [8]: https://web.archive.org/web/20240321201436/https://www.tenable.com/audits/items/CIS_OSX_10.10_v1.2.0_L1.audit:97f36c2eaa06045e85a1beff1a76a088 "1.4 Enable system data files and security update installs - 'C... | Tenable® | www.tenable.com" + [9]: https://web.archive.org/web/20240321201406/https://managingosx.wordpress.com/2013/04/30/undocumented-options/ "Undocumented options – Managing OS X | managingosx.wordpress.com" + [10]: https://web.archive.org/web/20240321201558/https://www.intuneirl.com/rapid-security-response/ "Managing Rapid Security Response on Apple Devices | www.intuneirl.com" + [11]: https://web.archive.org/web/20240321201614/https://onsitegroup.co.za/rapid-security-response/ "Rapid security response - Onsite | onsitegroup.co.za" + [12]: https://web.archive.org/web/20240321201623/https://support.apple.com/en-us/102657 "About Rapid Security Responses for iOS, iPadOS, and macOS - Apple Support | support.apple.com" code: |- # For OS X Yosemite and newer (>= 10.10) sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'CriticalUpdateInstall' -bool false diff --git a/src/application/collections/windows.yaml b/src/application/collections/windows.yaml index 4f802a8f..54745b05 100644 --- a/src/application/collections/windows.yaml +++ b/src/application/collections/windows.yaml @@ -310,8 +310,8 @@ actions: These scripts allow you to delete the local data that might reveal your personally identifiable data about you or the way you use the product. - [1]: https://en.wikipedia.org/wiki/Visual_Studio "Visual Studio | Wikipedia" - [2]: https://learn.microsoft.com/en-us/visualstudio/ide/visual-studio-experience-improvement-program "Visual Studio Customer Experience Improvement Program | Microsoft Learn" + [1]: https://learn.microsoft.com/en-us/visualstudio/get-started/visual-studio-ide?view=vs-2022 "What is the Visual Studio IDE? | Microsoft Learn | learn.microsoft.com" + [2]: https://web.archive.org/web/20240314092010/https://learn.microsoft.com/en-us/visualstudio/ide/visual-studio-experience-improvement-program?view=vs-2022 "Visual Studio Customer Experience Improvement Program | Microsoft Learn | learn.microsoft.com" [3]: https://www.infoworld.com/article/2609774/microsoft-reinvents-visual-studio-as-an-azure-cloud-service.html "Microsoft reinvents Visual Studio as an Azure cloud service | InfoWorld" children: - @@ -325,15 +325,20 @@ actions: name: Clear offline Visual Studio usage telemetry data recommend: standard docs: |- - SQM files are text files that are created and used by Microsoft [1]. - SQM stands for "Service Quality Monitoring" [1]. + This script clears offline telemetry data in Visual Studio. These telemetry data, known as SQM (*Service Quality Monitoring* + or *Software Quality Metrics* [2]) files, contain details about application usage, errors, and performance [1]. - When unable to connect to internet Visual Studio stores SQM files in `%LOCALAPPDATA%\Microsoft\VSCommon\\SQM` [2]. - The number of files grows continuously and it can get to thousands. Cleaning these files speeds up Visual - Studio significantly according to community reports [2]. + SQM files are created and used by Microsoft to gather data for the Microsoft Customer Experience Improvement Program [2]. + When Visual Studio is offline, it stores these SQM files locally in `%LOCALAPPDATA%\Microsoft\VSCommon\\SQM` [3]. - [1]: https://techshift.net/how-to-open-sqm-file/ "What is a .SQM File And How To Open It - Microsoft (Visual Guide) | TechShift.net" - [2]: https://stackoverflow.com/a/38862596 "Process monitor - Slow Visual Studio, related to SQMClient? | Stack Overflow" + Accumulation of these files can significantly slow down Visual Studio. + Removing these files can speed up the Visual Studio, as reported by the user community [3]. + + By clearing these files, this script helps mitigate potential privacy concerns and maintain application efficiency. + + [1]: https://web.archive.org/web/20231206212243/https://file.org/extension/sqm "SQM File: How to open SQM file (and what it is) | file.org" + [2]: https://web.archive.org/web/20231206212102/https://devblogs.microsoft.com/oldnewthing/20100406-00/?p=14393 "Microspeak: SQMmed - The Old New Thing | devblogs.microsoft.com" + [3]: https://web.archive.org/web/20240314062704/https://stackoverflow.com/questions/17643535/slow-visual-studio-related-to-sqmclient/38862596#38862596 "Process monitor - Slow Visual Studio, related to SQMClient? | Stack Overflow | stackoverflow.com" call: - function: ClearDirectoryContents @@ -361,7 +366,7 @@ actions: [1]: https://azuredevopslabs.com/labs/vsts/monitor/ "Monitoring Applications using Application Insights | Azure DevOps Hands-on-Labs" [2]: https://developercommunity.visualstudio.com/t/visual-studio-freezes-randomly/224181#T-N257722-N277241-N407607 "Visual Studio freezes randomly | Visual Studio Feedback" - [3]: https://stackoverflow.com/a/53754481 "Visual Studio 2017 (15.3.1) keeps hanging/freezing | Stack Overflow" + [3]: https://web.archive.org/web/20240314062743/https://stackoverflow.com/questions/45832665/visual-studio-2017-15-3-1-keeps-hanging-freezing/53754481#53754481 "Visual Studio 2017 (15.3.1) keeps hanging/freezing | Stack Overflow | stackoverflow.com" call: - function: ClearDirectoryContents @@ -412,11 +417,11 @@ actions: [1]: https://developercommunity.visualstudio.com/t/visual-studio-installer-crashes-after-updating-to/1356122 "Visual Studio Installer crashes after updating to version 16.9.0 - Visual Studio Feedback | Visual Studio Developer Community" [2]: https://developercommunity.visualstudio.com/t/microsoft-visual-studio-1/588200#T-N588861-N594783 "MSTF help | Visual Studio Developer Community" - [3]: https://github.com/MicrosoftDocs/live-share/issues/3584 "Agent logs in %TEMP%\VSFeedbackVSRTCLogs taking up over 87GB · Issue #3584 · MicrosoftDocs/live-share | GitHub" + [3]: https://github.com/microsoft/live-share/issues/3584 "Agent logs in %TEMP%\VSFeedbackVSRTCLogs taking up over 87GB · Issue #3584 · MicrosoftDocs/live-share | GitHub" [4]: https://developercommunity.visualstudio.com/t/please-keep-my-temp-folder-clean/731637 "Please keep my TEMP folder clean! - Visual Studio Feedback | Visual Studio Developer Community" - [5]: https://stackoverflow.com/q/60974427 "Reduce log and other temporary file creation in Visual Studio 2019 | Stack Overflow" - [6]: https://stackoverflow.com/q/72341126 "Visual Studio 2022 - Telemetry | Stack Overflow" - [7]: https://social.msdn.microsoft.com/Forums/vstudio/en-US/5b2a0baa-748f-40e0-b504-f6dfad9b7b4d/vstelem-folder-24000-files-2064kb?forum=msbuild "VSTELEM folder 24000 files 2064Kb | MSDN Forums" + [5]: https://web.archive.org/web/20240314062744/https://stackoverflow.com/questions/60974427/reduce-log-and-other-temporary-file-creation-in-visual-studio-2019 "Reduce log and other temporary file creation in Visual Studio 2019 | Stack Overflow | stackoverflow.com" + [6]: https://web.archive.org/web/20240314063145/https://stackoverflow.com/questions/72341126/visual-studio-2022-telemetry-related-temp-folders "Visual Studio 2022 - Telemetry related temp folders - Stack Overflow | stackoverflow.com" + [7]: https://web.archive.org/web/20231206212802/https://social.msdn.microsoft.com/Forums/vstudio/en-US/5b2a0baa-748f-40e0-b504-f6dfad9b7b4d/vstelem-folder-24000-files-2064kb "VSTELEM folder 24000 files 2064Kb | MSDN Forums" call: - function: ClearDirectoryContents @@ -457,23 +462,23 @@ actions: Visual Studio is uninstalled [1] which may reveal unnecessary data and not be desired. This key is not only stored for purchased Visual Studio products but also for the free trials. - [1]: https://stackoverflow.com/questions/12465361/how-to-change-visual-studio-2012-2013-or-2015-license-key "How to change Visual Studio 2012,2013 or 2015 License Key? | Stack Overflow" + [1]: https://stackoverflow.com/questions/12465361/how-to-change-visual-studio-2012-2013-or-2015-license-key "How to change Visual Studio 2012,2013 or 2015 License Key? | Stack Overflow | stackoverflow.com" children: - name: Clear Visual Studio 2010 licenses - docs: "[How to change Visual Studio 2012,2013 or 2015 License Key? | Stack Overflow](https://stackoverflow.com/a/14810695)" + docs: "[How to change Visual Studio 2012,2013 or 2015 License Key? | Stack Overflow | stackoverflow.com](https://web.archive.org/web/20240314063218/https://stackoverflow.com/questions/12465361/how-to-change-visual-studio-2012-2013-or-2015-license-key/14810695#14810695)" code: reg delete "HKCR\Licenses\77550D6B-6352-4E77-9DA3-537419DF564B" /va /f - name: Clear Visual Studio 2015 licenses - docs: "[How to change Visual Studio 2012,2013 or 2015 License Key? | Stack Overflow](https://stackoverflow.com/a/32482322)" + docs: "[How to change Visual Studio 2012,2013 or 2015 License Key? | Stack Overflow | stackoverflow.com](https://web.archive.org/web/20240314092348/https://stackoverflow.com/questions/12465361/how-to-change-visual-studio-2012-2013-or-2015-license-key/32482322#32482322)" code: reg delete "HKCR\Licenses\4D8CFBCB-2F6A-4AD2-BABF-10E28F6F2C8F" /va /f - name: Clear Visual Studio 2017 licenses - docs: "[Is Visual Studio Community a 30 day trial? | Stack Overflow](https://stackoverflow.com/a/51570570)" + docs: "[Is Visual Studio Community a 30 day trial? | Stack Overflow | stackoverflow.com](https://web.archive.org/web/20240314092402/https://stackoverflow.com/questions/43390466/is-visual-studio-community-a-30-day-trial/51570570#51570570)" code: reg delete "HKCR\Licenses\5C505A59-E312-4B89-9508-E162F8150517" /va /f - name: Clear Visual Studio 2019 licenses - docs: "[How to change Visual Studio 2017 License Key? | Stack Overflow](https://stackoverflow.com/a/46974337)" + docs: "[How to change Visual Studio 2017 License Key? | Stack Overflow | stackoverflow.com](https://web.archive.org/web/20240314092257/https://stackoverflow.com/questions/46731291/how-to-change-visual-studio-2017-license-key/46974337#46974337)" code: reg delete "HKCR\Licenses\41717607-F34E-432C-A138-A3CFD7E25CDA" /va /f - name: Clear Visual Studio 2022 licenses @@ -483,8 +488,8 @@ actions: other keys of preview versions. This scripts deletes all mentioned keys. [1]: https://github.com/beatcracker/VSCELicense/issues/14 "VS 2022 Key Discussion | beatcracker/VSCELicense | GitHub" - [2]: https://learn.microsoft.com/en-us/answers/questions/673243/how-do-i-remove-a-license-from-visual-studio-2022.html "MSFT Answer | Microsoft Learn" - [3]: https://stackoverflow.com/a/71624750 "How to change Visual Studio 2017 License Key? | Stack Overflow" + [2]: https://web.archive.org/web/20240314093547/https://learn.microsoft.com/en-us/answers/questions/673243/how-do-i-remove-a-license-from-visual-studio-2022 "MSFT Answer | How do i remove a license from visual studio 2022? - Microsoft Q&A | learn.microsoft.com" + [3]: https://web.archive.org/web/20240314093624/https://stackoverflow.com/questions/46731291/how-to-change-visual-studio-2017-license-key/71624750#71624750 "How to change Visual Studio 2017 License Key? | Stack Overflow | stackoverflow.com" code: |- reg delete "HKCR\Licenses\B16F0CF0-8AD1-4A5B-87BC-CB0DBE9C48FC" /va /f reg delete "HKCR\Licenses\10D17DBA-761D-4CD8-A627-984E75A58700" /va /f @@ -507,10 +512,10 @@ actions: recommend: standard docs: # INetCache - - https://support.microsoft.com/en-us/help/260897/how-to-delete-the-contents-of-the-temporary-internet-files-folder - - https://docs.microsoft.com/en-us/troubleshoot/browsers/apps-access-admin-web-cache + - https://web.archive.org/web/20240314131456/https://support.microsoft.com/en-us/topic/how-to-delete-the-contents-of-the-temporary-internet-files-folder-8eb83a8d-43e2-300d-d355-2ee71602ab44 + - https://web.archive.org/web/20240315114443/https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/security-privacy/apps-access-admin-web-cache # WebCache - - https://docs.microsoft.com/en-us/troubleshoot/browsers/apps-access-admin-web-cache + - https://web.archive.org/web/20240315114443/https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/security-privacy/apps-access-admin-web-cache call: - function: ClearDirectoryContents @@ -527,7 +532,7 @@ actions: - https://web.archive.org/web/20160304232740/http://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ - https://web.archive.org/web/20160321221849/http://crucialsecurityblog.harris.com/2011/03/23/typedurls-part-2/ - https://web.archive.org/web/20150601014235/http://randomthoughtsofforensics.blogspot.com/2012/07/trouble-with-typedurlstime.html - - http://sketchymoose.blogspot.com/2014/02/typedurls-registry-key.html + - https://sketchymoose.blogspot.com/2014/02/typedurls-registry-key.html code: |- reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\TypedURLs" /va /f reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\TypedURLsTime" /va /f @@ -568,7 +573,7 @@ actions: - name: Clear Internet Explorer feeds cache recommend: standard - docs: https://kb.digital-detective.net/display/BF/Location+of+Internet+Explorer+11+Data + docs: https://web.archive.org/web/20240314175030/https://kb.digital-detective.net/display/BF/Location+of+Internet+Explorer+11+Data call: function: ClearDirectoryContents parameters: @@ -577,8 +582,8 @@ actions: name: Clear Internet Explorer cookies recommend: strict docs: - - https://docs.microsoft.com/en-us/windows/win32/wininet/managing-cookies - - https://docs.microsoft.com/en-us/internet-explorer/kb-support/ie-edge-faqs + - https://web.archive.org/web/20240314130055/https://learn.microsoft.com/en-us/windows/win32/wininet/managing-cookies + - https://web.archive.org/web/20240314130046/https://learn.microsoft.com/en-us/internet-explorer/kb-support/ie-edge-faqs - https://www.thewindowsclub.com/cookies-folder-location-windows call: - @@ -601,9 +606,9 @@ actions: - name: Clear Internet Explorer usage data docs: - - https://kb.digital-detective.net/display/BF/Location+of+Internet+Explorer+Data - - https://kb.digital-detective.net/display/BF/Location+of+Internet+Explorer+11+Data - - https://www.forensafe.com/blogs/internetexplorer.html + - https://web.archive.org/web/20240314101459/https://kb.digital-detective.net/display/BF/Location+of+Internet+Explorer+Data + - https://web.archive.org/web/20240314175030/https://kb.digital-detective.net/display/BF/Location+of+Internet+Explorer+11+Data + - https://web.archive.org/web/20240314100550/https://forensafe.com/blogs/internetexplorer.html # Includes Internet Explorer cache, tab recovery data, persistance storage (DOMStore, indexed DB etc.) # Folders: CacheStorage\, Tracking Protection\, Tiles\, TabRoaming\, IECompatData\ # DOMStore\, Recovery\ (that includes browser history), DomainSuggestions\, @@ -621,7 +626,7 @@ actions: - name: Clear Chrome crash reports recommend: standard - docs: https://www.chromium.org/developers/crash-reports + docs: https://web.archive.org/web/20240314095801/https://www.chromium.org/developers/crash-reports/ call: - function: ClearDirectoryContents @@ -634,7 +639,7 @@ actions: - name: Clear Google's "Software Reporter Tool" logs recommend: standard - docs: https://support.google.com/chrome/forum/AAAAP1KN0B0T8qnffV5gwM/ + docs: https://web.archive.org/web/20220808110009/https://support.google.com/chrome/forum/AAAAP1KN0B0T8qnffV5gwM/ call: function: DeleteFiles parameters: @@ -772,7 +777,7 @@ actions: - name: Clear Safari cache recommend: standard - docs: https://forensicswiki.xyz/wiki/index.php?title=Apple_Safari + docs: https://web.archive.org/web/20220710222903/https://forensicswiki.xyz/wiki/index.php?title=Apple_Safari call: - # Windows XP function: DeleteFiles @@ -785,7 +790,7 @@ actions: - name: Clear Safari cookies recommend: strict - docs: https://kb.digital-detective.net/display/BF/Location+of+Safari+Data + docs: https://web.archive.org/web/20240314101529/https://kb.digital-detective.net/display/BF/Location+of+Safari+Data call: - # Windows XP function: DeleteFiles @@ -798,9 +803,9 @@ actions: - name: Clear all Safari data (user profiles, settings, and data) docs: - - https://kb.digital-detective.net/display/BF/Location+of+Safari+Data - - https://forensicswiki.xyz/wiki/index.php?title=Apple_Safari - - https://zerosecurity.org/2013/04/safari-forensic-tutorial + - https://web.archive.org/web/20240314101529/https://kb.digital-detective.net/display/BF/Location+of+Safari+Data + - https://web.archive.org/web/20220710222903/https://forensicswiki.xyz/wiki/index.php?title=Apple_Safari + - https://web.archive.org/web/20240314091143/https://zerosecurity.org/2013/04/safari-forensic-tutorial/ call: - # Windows XP function: ClearDirectoryContents @@ -960,7 +965,7 @@ actions: - name: Clear Windows update and SFC scan logs recommend: standard - docs: https://answers.microsoft.com/en-us/windows/forum/all/cwindowslogscbs/fe4e359a-bcb9-4988-954d-563ef83bac1c + docs: https://web.archive.org/web/20231206191838/https://answers.microsoft.com/en-us/windows/forum/all/cwindowslogscbs/fe4e359a-bcb9-4988-954d-563ef83bac1c call: function: ClearDirectoryContents parameters: @@ -968,7 +973,7 @@ actions: - name: Clear Windows Update Medic Service logs recommend: standard - docs: https://answers.microsoft.com/en-us/windows/forum/all/what-is-this-waasmedic-and-why-it-required-to/e5e55a95-d5bb-4bf4-a7ce-4783df371de4 + docs: https://web.archive.org/web/20231206191736/https://answers.microsoft.com/en-us/windows/forum/all/what-is-this-waasmedic-and-why-it-required-to/e5e55a95-d5bb-4bf4-a7ce-4783df371de4 call: function: ClearDirectoryContents parameters: @@ -1108,7 +1113,7 @@ actions: - name: Clear Windows setup logs recommend: standard - docs: https://support.microsoft.com/en-gb/help/927521/windows-vista-windows-7-windows-server-2008-r2-windows-8-1-and-windows + docs: https://web.archive.org/web/20240314130622/https://learn.microsoft.com/en-us/troubleshoot/windows-client/setup-upgrade-and-drivers/windows-setup-log-file-locations call: - function: DeleteFiles @@ -1133,7 +1138,7 @@ actions: - name: Clear "Windows System Assessment Tool (`WinSAT`)" logs recommend: standard - docs: https://docs.microsoft.com/en-us/windows/win32/winsat/windows-system-assessment-tool-portal + docs: https://web.archive.org/web/20240314125941/https://learn.microsoft.com/en-us/windows/win32/winsat/windows-system-assessment-tool-portal call: function: DeleteFiles parameters: @@ -1148,7 +1153,7 @@ actions: - name: Clear user web cache database recommend: standard - docs: https://support.microsoft.com/en-gb/help/4056823/performance-issue-with-custom-default-user-profile + docs: https://web.archive.org/web/20240314130843/https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/performance-issues-custom-default-user-profile call: function: ClearDirectoryContents parameters: @@ -1163,7 +1168,7 @@ actions: - name: Clear DISM (Deployment Image Servicing and Management) system logs recommend: standard - docs: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files + docs: https://web.archive.org/web/20240314125948/https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files?view=windows-11 call: - function: DeleteFiles @@ -1248,8 +1253,8 @@ actions: Erasing these logs can enhance user privacy by removing traces of the cleanup process. These logs are known to be used in forensic analysis [2]. - [1]: https://web.archive.org/web/20230806192546/https://ss64.com/nt/cleanmgr.html "Cleanmgr - Delete Junk and Temp files - Windows CMD - SS64.com" - [2]: https://web.archive.org/web/20230806192800/https://www.hexacorn.com/blog/2018/09/02/beyond-good-ol-run-key-part-86/ "Beyond good ol’ Run key, Part 86 | Hexacorn" + [1]: https://web.archive.org/web/20230806192546/https://ss64.com/nt/cleanmgr.html "Cleanmgr - Delete Junk and Temp files - Windows CMD - SS64.com | ss64.com" + [2]: https://archive.ph/2023.12.06-185637/https://www.hexacorn.com/blog/2018/09/02/beyond-good-ol-run-key-part-86/ "Beyond good ol' Run key, Part 86 | Hexacorn | hexacorn.com" call: function: ClearDirectoryContents parameters: @@ -1453,13 +1458,13 @@ actions: - name: Remove Windows product key from registry # Helps to protect it from being stolen and used for identity theft or identifying you. - docs: https://winaero.com/blog/remove-windows-10-product-key-from-registry-and-protect-it-from-being-stolen/ + docs: https://web.archive.org/web/20240314100853/https://winaero.com/remove-windows-10-product-key-from-registry-and-protect-it-from-being-stolen/ # We use cscript.exe to execute instead of `slmgr` command directly to keep the output but surpress the dialogs. code: cscript.exe //nologo "%SYSTEMROOT%\System32\slmgr.vbs" /cpky - name: Clear volume backups (shadow copies) docs: - - https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/vssadmin-delete-shadows + - https://web.archive.org/web/20240314130354/https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/vssadmin-delete-shadows - https://www.fortinet.com/blog/threat-research/stomping-shadow-copies-a-second-look-into-deletion-methods code: vssadmin delete shadows /all /quiet - @@ -2189,7 +2194,7 @@ actions: children: - name: Disable Customer Experience Improvement Program (CEIP) - docs: https://docs.microsoft.com/en-us/windows/win32/devnotes/ceipenable + docs: https://web.archive.org/web/20240314130037/https://learn.microsoft.com/en-us/windows/win32/devnotes/ceipenable recommend: standard code: reg add "HKLM\Software\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "0" /f revertCode: reg add "HKLM\Software\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "1" /f @@ -2199,7 +2204,7 @@ actions: - name: Disable "Connected User Experiences and Telemetry" (`DiagTrack`) service # Connected User Experiences and Telemetry recommend: standard - docs: http://batcmd.com/windows/10/services/diagtrack/ + docs: https://web.archive.org/web/20240314062548/https://batcmd.com/windows/10/services/diagtrack/ call: function: DisableService parameters: @@ -2208,7 +2213,7 @@ actions: - name: Disable WAP push notification routing service # Device Management Wireless Application Protocol (WAP) Push message Routing Service recommend: standard - docs: http://batcmd.com/windows/10/services/dmwappushservice/ + docs: https://web.archive.org/web/20240314090537/http://batcmd.com/windows/10/services/dmwappushservice/ call: function: DisableService parameters: @@ -2216,7 +2221,7 @@ actions: defaultStartupMode: Manual # Allowed values: Automatic | Manual - name: Disable "Diagnostics Hub Standard Collector" service - docs: http://batcmd.com/windows/10/services/diagnosticshub-standardcollector-service/ + docs: https://web.archive.org/web/20240314090703/https://batcmd.com/windows/10/services/diagnosticshub-standardcollector-service/ call: function: DisableService parameters: @@ -2224,7 +2229,7 @@ actions: defaultStartupMode: Manual # Allowed values: Automatic | Manual - name: Disable "Diagnostic Execution Service" (`diagsvc`) - docs: http://batcmd.com/windows/10/services/diagsvc/ + docs: https://web.archive.org/web/20240314091013/https://batcmd.com/windows/10/services/diagsvc/ call: function: DisableService parameters: @@ -2577,7 +2582,7 @@ actions: If you want to limit how much data is sent to Microsoft, turning off the OneSettings service can help enhance your privacy [1]. For more information about the impact of OneSettings on privacy, visit - [docs.microsoft.com](https://web.archive.org/web/20230803030919/https://learn.microsoft.com/en-us/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809). + [learn.microsoft.com](https://web.archive.org/web/20230803025857/https://learn.microsoft.com/en-us/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809). This script lets you manage your privacy by restricting the automatic configuration updates of Windows components and apps, including telemetry services, from the cloud [3] [1]. @@ -2591,7 +2596,7 @@ actions: [1]: https://web.archive.org/web/20230803030428/https://www.tenable.com/audits/items/CIS_MS_Windows_10_Enterprise_Level_1_Bitlocker_v1.12.0.audit:b3aec171f406cbe87f37e57bc9dd1411 "18.9.17.3 Ensure 'Disable OneSettings Downloads' is set to 'En... | Tenable" [2]: https://web.archive.org/web/20230803024926/https://learn.microsoft.com/en-us/windows/win32/services/service-configuration "Service Configuration - Win32 apps | Microsoft Learn" - [3]: https://web.archive.org/web/20230731230134/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration "Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services - Windows Privacy | Microsoft Learn" + [3]: https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration "Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services - Windows Privacy | Microsoft Learn" code: reg add "HKLM\Software\Policies\Microsoft\Windows\DataCollection" /v "DisableOneSettingsDownloads" /t "REG_DWORD" /d "1" /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows\DataCollection" /v "DisableOneSettingsDownloads" /f - @@ -2709,7 +2714,7 @@ actions: recommend: strict docs: - https://www.stigviewer.com/stig/windows_server_2012_member_server/2014-01-07/finding/V-21964 - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork + - https://web.archive.org/web/20240314125819/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#preventdevicemetadatafromnetwork code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f @@ -2826,7 +2831,7 @@ actions: - name: Disable cloud-based speech recognition recommend: standard - docs: https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech + docs: https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech code: reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t "REG_DWORD" /d 0 /f revertCode: reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t "REG_DWORD" /d 1 /f - @@ -2842,7 +2847,7 @@ actions: - name: Disable Windows feedback collection recommend: standard - docs: https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics + docs: https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-feedback code: |- reg add "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f reg delete "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /f @@ -2869,9 +2874,12 @@ actions: name: Disable app access to location recommend: standard docs: - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation # LetAppsAccessLocation - - https://www.joseespitia.com/2019/07/24/registry-keys-for-windows-10-application-privacy-settings/ # ConsentStore\location - - https://social.technet.microsoft.com/Forums/en-US/63904312-04af-41e5-8b57-1dd446ea45c5/ # lfsvc\Service\Configuration + # LetAppsAccessLocation: + - https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccesslocation + # ConsentStore\location: + - https://www.joseespitia.com/2019/07/24/registry-keys-for-windows-10-application-privacy-settings/ + # lfsvc\Service\Configuration: + - https://web.archive.org/web/20231206211616/https://social.technet.microsoft.com/Forums/en-US/63904312-04af-41e5-8b57-1dd446ea45c5/privacy-settings-reg-keys?forum=win10itprosetup code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /v "Value" /d "Deny" /f :: For older Windows (before 1903) @@ -2893,7 +2901,7 @@ actions: - name: Disable app access to account information, name, and picture recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccessaccountinfo code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" /v "Value" /d "Deny" /f :: For older Windows (before 1903) @@ -2915,7 +2923,7 @@ actions: - name: Disable app access to motion data recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccessmotion code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity" /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) @@ -2933,7 +2941,7 @@ actions: - name: Disable app access to phone recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccessphone code: |- :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone" /t REG_DWORD /d 2 /f @@ -2948,7 +2956,7 @@ actions: reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone_ForceDenyTheseApps" /f - name: Disable app access to trusted devices - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccesstrusteddevices recommend: standard code: |- :: For older Windows (before 1903) @@ -2969,7 +2977,7 @@ actions: - name: Disable app sync with devices (unpaired, beacons, TVs, etc.) recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappssyncwithdevices code: |- :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices" /t REG_DWORD /d 2 /f @@ -2985,8 +2993,8 @@ actions: - name: Disable app access to camera docs: - - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kscategory-video-camera - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscamera + - https://web.archive.org/web/20240314130000/https://learn.microsoft.com/en-us/windows-hardware/drivers/install/kscategory-video-camera + - https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccesscamera code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) @@ -3007,7 +3015,7 @@ actions: reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCamera_ForceDenyTheseApps" /f - name: Disable app access to microphone - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccessmicrophone code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) @@ -3033,7 +3041,7 @@ actions: - name: Disable app access to diagnostic information about other apps recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsgetdiagnosticinfo code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics" /v "Value" /d "Deny" /t REG_SZ /f :: Using GPO (re-activation through GUI is not possible) @@ -3074,7 +3082,7 @@ actions: - name: Disable app access to your contacts recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccesscontacts code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) @@ -3096,7 +3104,7 @@ actions: - name: Disable app access to Notifications recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccessnotifications code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userNotificationListener" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) @@ -3118,7 +3126,7 @@ actions: - name: Disable app access to Calendar recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccesscalendar code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) @@ -3140,7 +3148,7 @@ actions: - name: Disable app access to call history recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccesscallhistory code: |- :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory" /v "Value" /d "Deny" /t REG_SZ /f @@ -3163,7 +3171,7 @@ actions: - name: Disable app access to email recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccessemail code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) @@ -3185,7 +3193,7 @@ actions: - name: Disable app access to tasks recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccesstasks code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks" /v "Value" /d "Deny" /t REG_SZ /f :: Using GPO (re-activation through GUI is not possible) @@ -3203,7 +3211,7 @@ actions: - name: Disable app access to messaging (SMS / MMS) recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccessmessaging code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) @@ -3227,7 +3235,7 @@ actions: - name: Disable app access to radios recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios + docs: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#letappsaccessradios code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) @@ -3363,7 +3371,7 @@ actions: recommend: standard docs: - https://admx.help/?Category=Windows_10_2016&Policy=FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21::AllowCortana - - https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies + - https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-cortana call: - function: RunInlineCode @@ -3382,7 +3390,7 @@ actions: - name: Disable Cortana's access to cloud services such as OneDrive and SharePoint recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch + docs: https://web.archive.org/web/20240120140023/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#allowcloudsearch call: - function: RunInlineCode @@ -3395,7 +3403,7 @@ actions: - name: Disable Cortana speech interaction while the system is locked recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-abovelock + docs: https://web.archive.org/web/20240314125714/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-abovelock call: - function: RunInlineCode @@ -3568,7 +3576,7 @@ actions: - name: Disable indexing of encrypted items recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-allowindexingencryptedstoresoritems + docs: https://web.archive.org/web/20240120140023/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#allowindexingencryptedstoresoritems call: - function: RunInlineCode @@ -3581,7 +3589,7 @@ actions: - name: Disable automatic language detection when indexing recommend: standard - docs: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-alwaysuseautolangdetection + docs: https://web.archive.org/web/20240120140023/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#alwaysuseautolangdetection call: - function: RunInlineCode @@ -4018,7 +4026,7 @@ actions: - name: Disable ad customization with Advertising ID recommend: standard - docs: https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#181-general + docs: https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#181-general code: |- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d "1" /f @@ -4062,14 +4070,14 @@ actions: docs: - https://www.stigviewer.com/stig/windows_10/2018-04-06/finding/V-71771 - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.CloudContent::DisableWindowsConsumerFeatures - - https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics + - https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics code: reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t "REG_DWORD" /d "1" /f revertCode: reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t "REG_DWORD" /d "0" /f - name: Disable suggested content in Settings app recommend: standard docs: - - https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-vdi-recommendations-2004 + - https://web.archive.org/web/20230929130219/https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-vdi-recommendations-2004 - https://www.blogsdna.com/28017/how-to-disable-turn-off-suggested-content-on-windows-10-setting-app.htm code: |- reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /d "0" /t REG_DWORD /f @@ -4098,8 +4106,8 @@ actions: name: Disable Windows Biometric Service recommend: strict docs: - - https://docs.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#windows-biometric-service - - http://batcmd.com/windows/10/services/wbiosrvc/ + - https://web.archive.org/web/20240218231654/https://learn.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#windows-biometric-service + - https://web.archive.org/web/20240314062512/https://batcmd.com/windows/10/services/wbiosrvc/ call: function: DisableService parameters: @@ -4128,7 +4136,7 @@ actions: - name: Disable Website Access of Language List recommend: standard - docs: https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#181-general + docs: https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#181-general code: reg add "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /d 1 /f revertCode: reg add "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /d 0 /f - @@ -4145,7 +4153,7 @@ actions: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t REG_DWORD /d 0 /f - name: Disable internet access for Windows DRM - docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DigitalRights2::DisableOnline + docs: https://web.archive.org/web/20231206191323/https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DigitalRights2::DisableOnline recommend: standard code: reg add "HKLM\SOFTWARE\Policies\Microsoft\WMDRM" /v "DisableOnline" /t REG_DWORD /d 1 /f - @@ -4164,8 +4172,8 @@ actions: - name: Disable Windows Insider Service docs: - - https://docs.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#windows-insider-service - - http://batcmd.com/windows/10/services/wisvc/ + - https://web.archive.org/web/20240218231654/https://learn.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#windows-insider-service + - https://web.archive.org/web/20240314062528/https://batcmd.com/windows/10/services/wisvc/ recommend: standard call: function: DisableService @@ -4197,7 +4205,7 @@ actions: revertCode: reg delete "HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" /v "HideInsiderPage" /f - category: Disable cloud sync - docs: https://support.microsoft.com/en-us/help/4026102/windows-10-about-sync-settings + docs: https://web.archive.org/web/20240314101013/https://support.microsoft.com/en-us/windows/about-windows-backup-and-sync-settings-deebcba2-5bc0-4e63-279a-329926955708 children: - name: Disable all settings synchronization @@ -4286,7 +4294,7 @@ actions: that primarily collected your personal usage and related performance data [2]. For more information about the information collected, processed, or transmitted by the `VSCEIP`, see the - [Microsoft Privacy Statement](https://web.archive.org/web/20231006114659/https://privacy.microsoft.com/en-us/privacystatement). + [Microsoft Privacy Statement](https://web.archive.org/web/20231006103250/https://privacy.microsoft.com/en-US/privacystatement). Visual Studio uses different keys based on CPU architecture of the host operating system (32bit or 64bit) [1]: @@ -4300,7 +4308,7 @@ actions: The default installation sets the key as `1` (opt-in by default) since Visual Studio 2022. - [1]: https://learn.microsoft.com/en-us/visualstudio/ide/visual-studio-experience-improvement-program "Customer Experience Improvement Program - Visual Studio (Windows) | Microsoft Learn" + [1]: https://web.archive.org/web/20240314092010/https://learn.microsoft.com/en-us/visualstudio/ide/visual-studio-experience-improvement-program?view=vs-2022 "Customer Experience Improvement Program - Visual Studio (Windows) | Microsoft Learn | learn.microsoft.com" [2]: https://devblogs.microsoft.com/visualstudio/how-we-use-your-perfwatson-data-to-identify-unresponsive-areas/ "How we use your PerfWatson data to identify Unresponsive areas | Visual Studio Blog" code: |- :: Using OS keys @@ -4341,7 +4349,7 @@ actions: since Visual Studio 2022. [1]: https://developercommunity.visualstudio.com/t/bad-crashes-when-visualstudiotelemetryturnoffswitc/208693 "Bad crashes when VisualStudio\Telemetry\TurnOffSwitch is set to 0 | Visual Studio Feedback" - [2]: https://social.msdn.microsoft.com/Forums/vstudio/en-US/7796f0c5-ec9a-4fc8-9f62-584a663f9016/vs2015-pro-upd-3-quotthe-application-cannot-startquot-exception-in-obtainoptinstatus 'VS2015 (pro + upd 3): "Forum post showing logs for TurnOffSwitch key | MSDN Forums' + [2]: https://web.archive.org/web/20231206212728/https://social.msdn.microsoft.com/Forums/vstudio/en-US/7796f0c5-ec9a-4fc8-9f62-584a663f9016/vs2015-pro-upd-3-quotthe-application-cannot-startquot-exception-in-obtainoptinstatus?forum=vssetup 'VS2015 (pro + upd 3): "Forum post showing logs for TurnOffSwitch key | MSDN Forums' recommend: standard code: reg add "HKCU\Software\Microsoft\VisualStudio\Telemetry" /v "TurnOffSwitch" /t REG_DWORD /d 1 /f revertCode: reg delete "HKCU\Software\Microsoft\VisualStudio\Telemetry" /v "TurnOffSwitch" /f 2>nul @@ -4357,7 +4365,7 @@ actions: By default (after clean installation) the registry keys are not configured/set since Visual Studio 2022. Having these settings no set imply that feedback is enabled. - [1]: https://learn.microsoft.com/en-us/visualstudio/ide/how-to-report-a-problem-with-visual-studio "Report a problem with Visual Studio - Visual Studio (Windows) | Microsoft Learn" + [1]: https://web.archive.org/web/20240314101616/https://learn.microsoft.com/en-us/visualstudio/ide/how-to-report-a-problem-with-visual-studio?view=vs-2022 "Report a problem with Visual Studio - Visual Studio (Windows) | Microsoft Learn | learn.microsoft.com" recommend: standard code: |- reg add "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v "DisableFeedbackDialog" /t REG_DWORD /d 1 /f @@ -4371,7 +4379,7 @@ actions: name: Stop and disable Visual Studio Standard Collector Service docs: |- Visual Studio Standard Collector Service is a service that is part of - [Microsoft Visual Studio and .NET Log Collection Tool](https://www.microsoft.com/en-us/download/details.aspx?id=12493) [1]. + [Microsoft Visual Studio and .NET Log Collection Tool](https://web.archive.org/web/20231207105404/https://www.microsoft.com/en-us/download/details.aspx?id=12493) [1]. This service collects logs for Diagnostics Hub just like Diagnostic Hub Standard Collector [2]. It has been known to be vulnerable to privilege elavation [3]. @@ -4379,7 +4387,7 @@ actions: - Increase the attack surface of your computer, making it open to potential future vulnerabilities. - Use computer resources in favor of collecting more data about you and your behavior. - [1]: https://learn.microsoft.com/en-us/answers/questions/891356/i-can39t-start-vsstandardcollectorservice150.html#answer-929168 "I can't start VSStandardCollectorService150 | Microsoft Q&A" + [1]: https://web.archive.org/web/20240314123619/https://learn.microsoft.com/en-us/answers/questions/891356/i-cant-start-vsstandardcollectorservice150#answer-929168 "I can't start VSStandardCollectorService150 | Microsoft Q&A | learn.microsoft.com" [2]: https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service "CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service | Atredis Partners" [3]: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-0952 "Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability" recommend: standard @@ -4398,7 +4406,7 @@ actions: [1]: https://developercommunity.visualstudio.com/t/cant-disable-diagnostics-hub-in-visual-stuido/1449322#T-N1449680 "Can't disable Diagnostics hub in visual stuido | Visual Studio Feedback" [2]: https://developercommunity.visualstudio.com/t/diagnostic-tool-no-registered-class/1099781#T-N1106849 "diagnostic tool No registered class | Visual Studio Feedback" - [3]: https://stackoverflow.com/a/39380284 "c# - Visual Studio 2015 diagnostic tools no longer working | Stack Overflow" + [3]: https://web.archive.org/web/20240314093647/https://stackoverflow.com/questions/39308334/visual-studio-2015-diagnostic-tools-no-longer-working/39380284#39380284 "c# - Visual Studio 2015 diagnostic tools no longer working | Stack Overflow" [4]: https://developercommunity.visualstudio.com/t/collectionstartfailedhubexception-on-profiler-laun/414212#T-N447791 "CollectionStartFailedHubException on profiler launch | Visual Studio Feedback" [5]: https://developercommunity.visualstudio.com/t/diagnostics-tools-failed-unexpectedly-unable-to-st/437117#T-N447777 "Diagnostics tools failed unexpectedly--unable to start standard collector | Visual Studio Feedback" code: |- @@ -4449,7 +4457,7 @@ actions: - name: Disable PowerShell telemetry recommend: standard - docs: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_telemetry + docs: https://web.archive.org/web/20221011165907/https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_telemetry?view=powershell-7.2 code: setx POWERSHELL_TELEMETRY_OPTOUT 1 revertCode: setx POWERSHELL_TELEMETRY_OPTOUT 0 - @@ -4457,7 +4465,7 @@ actions: docs: - https://github.com/privacysexy-forks/nVidia-modded-Inf - https://github.com/privacysexy-forks/Disable-Nvidia-Telemetry - - https://forum.palemoon.org/viewtopic.php?f=4&t=15686&sid=3d7982d3b9e89c713547f1a581ea44a2&start=20 + - https://web.archive.org/web/20231206190157/https://forum.palemoon.org/viewtopic.php?f=4&t=15686&sid=3d7982d3b9e89c713547f1a581ea44a2&start=20 children: - name: Remove Nvidia telemetry packages @@ -4606,13 +4614,13 @@ actions: taskNamePattern: NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - category: Disable Visual Studio Code data collection - docs: - - https://code.visualstudio.com/updates/v1_26#_offline-mode - - https://code.visualstudio.com/docs/getstarted/settings + docs: |- + - [Visual Studio Code July 2018 | code.visualstudio.com](https://web.archive.org/web/20221029170840/https://code.visualstudio.com/updates/v1_26#_offline-mode) + - [Visual Studio Code User and Workspace Settings | code.visualstudio.com](https://web.archive.org/web/20231206190826/https://code.visualstudio.com/docs/getstarted/settings) children: - name: Disable Visual Studio Code telemetry - docs: https://code.visualstudio.com/docs/getstarted/telemetry + docs: https://web.archive.org/web/20221029171138/https://code.visualstudio.com/docs/getstarted/telemetry recommend: standard call: function: SetVsCodeSetting @@ -4621,7 +4629,7 @@ actions: powerShellValue: $false - name: Disable Visual Studio Code crash reporting - docs: https://code.visualstudio.com/docs/getstarted/telemetry + docs: https://web.archive.org/web/20221029171138/https://code.visualstudio.com/docs/getstarted/telemetry recommend: standard call: function: SetVsCodeSetting @@ -4681,7 +4689,7 @@ actions: powerShellValue: $false - category: Disable Microsoft Office telemetry - docs: https://docs.microsoft.com/en-us/deployoffice/compat/manage-the-privacy-of-data-monitored-by-telemetry-in-office + docs: https://web.archive.org/web/20240314130549/https://learn.microsoft.com/en-us/deployoffice/compat/manage-the-privacy-of-data-monitored-by-telemetry-in-office children: - name: Disable Microsoft Office logging @@ -4793,7 +4801,7 @@ actions: [1]: https://web.archive.org/web/20231022114220/https://learn.microsoft.com/en-us/deployoffice/compat/deploy-telemetry-dashboard "Deploy Office Telemetry Dashboard - Deploy Office | Microsoft Learn" [2]: https://web.archive.org/web/20231022114227/https://learn.microsoft.com/en-us/deployoffice/compat/data-that-the-telemetry-agent-collects-in-office "Data collected by the agent for Office Telemetry Dashboard - Deploy Office | Microsoft Learn" - [3]: https://web.archive.org/web/20231022114234/https://learn.microsoft.com/en-us/deployoffice/compat/manage-the-privacy-of-data-monitored-by-telemetry-in-office "Manage the privacy of data monitored by Office Telemetry Dashboard - Deploy Office | Microsoft Learn" + [3]: https://web.archive.org/web/20240314130549/https://learn.microsoft.com/en-us/deployoffice/compat/manage-the-privacy-of-data-monitored-by-telemetry-in-office "Manage the privacy of data monitored by Office Telemetry Dashboard - Deploy Office | Microsoft Learn" call: - function: DisableScheduledTask @@ -4887,12 +4895,12 @@ actions: name: Disable Edge diagnostic data sending (shows "Your browser is managed") recommend: standard docs: - - http://archive.today/2023.08.26-152941/https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::DiagnosticData - - https://learn.microsoft.com/DeployEdge/microsoft-edge-policies#diagnosticdata - - http://archive.today/2023.08.26-152952/https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::MetricsReportingEnabled - - https://learn.microsoft.com/en-gb/DeployEdge/microsoft-edge-policies#metricsreportingenabled - - http://archive.today/2023.08.26-153019/https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::SendSiteInfoToImproveServices - - https://learn.microsoft.com/DeployEdge/microsoft-edge-policies#sendsiteinfotoimproveservices + - https://archive.ph/2023.08.26-152941/https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::DiagnosticData + - https://web.archive.org/web/20240314103512/https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#diagnosticdata + - https://archive.ph/2023.08.26-152952/https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::MetricsReportingEnabled + - https://web.archive.org/web/20240314103512/https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#metricsreportingenabled + - https://archive.ph/2023.08.26-153019/https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::SendSiteInfoToImproveServices + - https://web.archive.org/web/20240314103512/https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#sendsiteinfotoimproveservices code: |- :: Disabling metrics and site info sending for Edge v88 ≥ reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "MetricsReportingEnabled" /t REG_DWORD /d 0 /f @@ -4914,8 +4922,8 @@ actions: name: Disable Live Tile data collection recommend: standard docs: - - https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/telemetry-management-gp - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection + - https://web.archive.org/web/20240314101034/https://learn.microsoft.com/en-us/previous-versions/windows/edge-legacy/group-policies/telemetry-management-gp + - https://web.archive.org/web/20240314125209/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection code: reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main" /v "PreventLiveTileDataCollection" /t REG_DWORD /d 1 /f revertCode: reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main" /v "PreventLiveTileDataCollection" /t REG_DWORD /d 0 /f - @@ -4939,7 +4947,7 @@ actions: - name: Disable Search Suggestions in Edge docs: - - https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/address-bar-settings-gp + - https://web.archive.org/web/20240314100851/https://learn.microsoft.com/en-us/previous-versions/windows/edge-legacy/group-policies/address-bar-settings-gp - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.MicrosoftEdge::AllowSearchSuggestionsinAddressBar recommend: standard code: reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes" /v "ShowSearchSuggestionsGlobal" /t REG_DWORD /d 0 /f @@ -4999,7 +5007,7 @@ actions: name: Disable sharing scanned software data with Google (shows "Your browser is managed") recommend: standard docs: - - https://www.chromium.org/administrators/policy-list-3#ChromeCleanupReportingEnabled + - https://web.archive.org/web/20200606120247/https://www.chromium.org/administrators/policy-list-3#ChromeCleanupReportingEnabled - https://www.stigviewer.com/stig/google_chrome_current_windows/2018-09-06/finding/V-81593 code: reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ChromeCleanupReportingEnabled" /t REG_DWORD /d 0 /f revertCode: reg delete "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ChromeCleanupReportingEnabled" /f @@ -5007,7 +5015,7 @@ actions: name: Disable Chrome system cleanup scans (shows "Your browser is managed") recommend: standard docs: - - https://www.chromium.org/administrators/policy-list-3#ChromeCleanupEnabled + - https://web.archive.org/web/20200606120247/https://www.chromium.org/administrators/policy-list-3#ChromeCleanupEnabled - https://www.stigviewer.com/stig/google_chrome_current_windows/2018-09-06/finding/V-81591 code: reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ChromeCleanupEnabled" /t REG_DWORD /d 0 /f revertCode: reg delete "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ChromeCleanupEnabled" /f @@ -5115,38 +5123,23 @@ actions: By disabling these services, this script aims to give users more control over their system and mitigate potential privacy and security risks, albeit at the cost of not receiving automatic software updates from Google. - [1]: https://archive.ph/30Mh8 "omaha/omaha/goopdate/omaha3_idl.idl at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" - [2]: https://archive.ph/paJAm "omaha/omaha/common/omaha_customization_unittest.cc at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" - [3]: https://archive.ph/FJbvG "omaha/omaha/internal/grit/goopdateres.grd at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha · GitHub | github.com/google" - [4]: https://archive.ph/ZoVnn "Comment 138 | 137915 - Update failed (error:3) | bugs.chromium.org" - [5]: https://archive.ph/vAWVf "114356 - Loading issue... | bugs.chromium.org" + [1]: https://archive.ph/2023.10.26-231300/https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/goopdate/omaha3_idl.idl%23L178-L186 "omaha/omaha/goopdate/omaha3_idl.idl at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" + [2]: https://archive.ph/2023.10.26-231313/https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/common/omaha_customization_unittest.cc%23L290-L299 "omaha/omaha/common/omaha_customization_unittest.cc at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" + [3]: https://archive.ph/2023.10.26-224813/https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/internal/grit/goopdateres.grd%23L166-L177 "omaha/omaha/internal/grit/goopdateres.grd at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha · GitHub | github.com/google" + [4]: https://archive.ph/2023.10.26-231136/https://bugs.chromium.org/p/chromium/issues/detail?id=137915%23c138 "Comment 138 | 137915 - Update failed (error:3) | bugs.chromium.org" + [5]: https://archive.ph/2023.10.26-231114/https://bugs.chromium.org/p/chromium/issues/detail?id=114356 "114356 - Loading issue... | bugs.chromium.org" [6]: https://web.archive.org/web/20231026231058/http://windows.fyicenter.com/4677_Google_Update_Service_gupdatem_-GoogleUpdate_exe_Service_on_Windows_7.html '"Google Update Service (gupdatem) - GoogleUpdate.exe" Service on Windows 7 | windows.fyicenter.com' [7]: https://web.archive.org/web/20231026231059/http://windows.fyicenter.com/4676_Google_Update_Service_gupdate_-GoogleUpdate_exe_Service_on_Windows_7.html '"Google Update Service (gupdate) - GoogleUpdate.exe" Service on Windows 7 | windows.fyicenter.com' - [8]: https://archive.ph/AvwUm "Comment 9 | 948427 - Update disabled not working in Chrome 73.0.3683.86 | bugs.chromium.org" - [9]: https://archive.ph/Sxvav "1096494 - google update service should never be deleted | bugs.chromium.org" + [8]: https://archive.ph/2023.10.26-231235/https://bugs.chromium.org/p/chromium/issues/detail?id=948427%23c9 "Comment 9 | 948427 - Update disabled not working in Chrome 73.0.3683.86 | bugs.chromium.org" + [9]: https://archive.ph/2023.10.26-231246/https://bugs.chromium.org/p/chromium/issues/detail?id=1096494 "1096494 - google update service should never be deleted | bugs.chromium.org" [10]: https://web.archive.org/web/20231026231341/https://support.google.com/chrome/thread/207230079/high-ghost-data-usage-by-chrome-on-pc-past-midnight?hl=en "High ghost data usage by Chrome on PC past midnight - Google Chrome Community | support.google.com" [11]: https://web.archive.org/web/20231026231335/https://support.google.com/chrome/thread/113993958/why-gupdate-uses-all-my-bandwidth-stopping-my-surfing-completely?hl=en 'Why "gupdate" uses all my bandwidth, stopping my surfing completely? - Google Chrome Community | support.google.com' - [12]: https://archive.ph/WgWli "237227 - Update service spam to Event Log | bugs.chromium.org" - [13]: https://archive.ph/1ufoL 'Comment 5 | 71377 - Random but frequent crashes after downloads, "CSRBthFtpShellExt.dll_unloaded" | bugs.chromium.org' - [14]: https://archive.ph/QKUdt "Comment 2 | 100548 - Please remove Googe Update from the Google Chrome Enterprise installation | bugs.chromium.org" - [15]: https://archive.ph/H6S3z 'Comment 12 | 309362 - "Nearly up-to-date! Relaunch Google Chrome to finish updating." message is not going away | bugs.chromium.org' - [16]: https://archive.ph/VYdgW "Comment 3 | 338776 - CRITICAL REGRESSION: unable to update to new version - relaunch after update does not finish updating - chromium | bugs.chromium.org" - [17]: https://archive.ph/4CeqQ "167737 - Security: Unquoted search path vulnerability in GoogleUpdate.exe | bugs.chromium.org" - # web.archive.org fails with those: - # - https://archive.ph/FJbvG: https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/internal/grit/goopdateres.grd#L166-L177 - # - https://archive.ph/paJAm: https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/common/omaha_customization_unittest.cc#L290-L299 - # - https://archive.ph/30Mh8: https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/goopdate/omaha3_idl.idl#L178-L186 - # - https://archive.ph/Sxvav: https://bugs.chromium.org/p/chromium/issues/detail?id=1096494 - # - https://archive.ph/AvwUm: https://bugs.chromium.org/p/chromium/issues/detail?id=948427#c9 - # - https://archive.ph/VYdgW: https://bugs.chromium.org/p/chromium/issues/detail?id=338776#c3 - # - https://archive.ph/H6S3z: https://bugs.chromium.org/p/chromium/issues/detail?id=309362#c12 - # - https://archive.ph/4CeqQ: https://bugs.chromium.org/p/chromium/issues/detail?id=167737 - # - https://archive.ph/QKUdt: https://bugs.chromium.org/p/chromium/issues/detail?id=100548#c2 - # - https://archive.ph/1ufoL: https://bugs.chromium.org/p/chromium/issues/detail?id=71377#c5 - # - https://archive.ph/ZoVnn: https://bugs.chromium.org/p/chromium/issues/detail?id=137915#c138 - # - https://archive.ph/WgWli: https://bugs.chromium.org/p/chromium/issues/detail?id=237227 - # - https://archive.ph/vAWVf: https://bugs.chromium.org/p/chromium/issues/detail?id=114356 - # - https://archive.ph/FJbvG: https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/internal/grit/goopdateres.grd#L166-L177 + [12]: https://archive.ph/2023.10.26-231121/https://bugs.chromium.org/p/chromium/issues/detail?id=237227 "237227 - Update service spam to Event Log | bugs.chromium.org" + [13]: https://archive.ph/2023.10.26-231148/https://bugs.chromium.org/p/chromium/issues/detail?id=71377%23c5 'Comment 5 | 71377 - Random but frequent crashes after downloads, "CSRBthFtpShellExt.dll_unloaded" | bugs.chromium.org' + [14]: https://archive.ph/2023.10.26-231155/https://bugs.chromium.org/p/chromium/issues/detail?id=100548%23c2 "Comment 2 | 100548 - Please remove Googe Update from the Google Chrome Enterprise installation | bugs.chromium.org" + [15]: https://archive.ph/2023.10.26-231214/https://bugs.chromium.org/p/chromium/issues/detail?id=309362%23c12 'Comment 12 | 309362 - "Nearly up-to-date! Relaunch Google Chrome to finish updating." message is not going away | bugs.chromium.org' + [16]: https://archive.ph/2023.10.26-231222/https://bugs.chromium.org/p/chromium/issues/detail?id=338776%23c3 "Comment 3 | 338776 - CRITICAL REGRESSION: unable to update to new version - relaunch after update does not finish updating - chromium | bugs.chromium.org" + [17]: https://archive.ph/2023.10.26-231205/https://bugs.chromium.org/p/chromium/issues/detail?id=167737 "167737 - Security: Unquoted search path vulnerability in GoogleUpdate.exe | bugs.chromium.org" call: - function: DisableService @@ -5215,14 +5208,14 @@ actions: | Windows 10 22H2 | 🟡 N/A (missing) | | Windows 11 22H2 | 🟡 N/A (missing) | - [1]: https://archive.ph/7GKGm "Comment 2 | 114356 - Google Update Services (gupdate & gupdatem) | bugs.chromium.org" - [2]: https://archive.ph/ZMFsN "Comment 51 | 440549 - Google Chrome Auto-Update Not working consistently / Google Update GPO policy not honored. | bugs.chromium.org" - [3]: https://archive.ph/gLYIf "Comment 52 | 440549 - Google Chrome Auto-Update Not working consistently / Google Update GPO policy not honored. | bugs.chromium.org" - [4]: https://archive.ph/073xQ "omaha/omaha/common/scheduled_task_utils_internal.h at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" - [5]: https://archive.ph/Jxh9G "Comment 55 | 137915 - Update failed (error:3) | bugs.chromium.org" - [6]: https://archive.ph/zQBY5 "Comment 12 | 1394589 - chrome 108 prematurely stopped checking for updates under Windows 7 - chromium" + [1]: https://archive.ph/2023.10.25-184810/https://bugs.chromium.org/p/chromium/issues/detail?id=114356%23c2 "Comment 2 | 114356 - Google Update Services (gupdate & gupdatem) | bugs.chromium.org" + [2]: https://archive.ph/2023.10.25-184936/https://bugs.chromium.org/p/chromium/issues/detail?id=440549%23c51 "Comment 51 | 440549 - Google Chrome Auto-Update Not working consistently / Google Update GPO policy not honored. | bugs.chromium.org" + [3]: https://archive.ph/2023.10.25-185011/https://bugs.chromium.org/p/chromium/issues/detail?id=440549%23c52 "Comment 52 | 440549 - Google Chrome Auto-Update Not working consistently / Google Update GPO policy not honored. | bugs.chromium.org" + [4]: https://archive.ph/2023.10.25-184839/https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/common/scheduled_task_utils_internal.h "omaha/omaha/common/scheduled_task_utils_internal.h at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" + [5]: https://archive.ph/2023.10.25-185032/https://bugs.chromium.org/p/chromium/issues/detail?id=137915%23c55 "Comment 55 | 137915 - Update failed (error:3) | bugs.chromium.org" + [6]: https://archive.ph/2023.10.25-185051/https://bugs.chromium.org/p/chromium/issues/detail?id=1394589%23c12 "Comment 12 | 1394589 - chrome 108 prematurely stopped checking for updates under Windows 7 - chromium" [7]: https://web.archive.org/web/20231025184531/https://strontic.github.io/xcyclopedia/library/GoogleUpdate.exe-6BF197B8C7DE4B004C5D6FA415FC7867.html "GoogleUpdate.exe | Google Installer | STRONTIC | strontic.github.io" - [8]: https://archive.ph/hEosd "omaha/doc/Omaha3Walkthrough.md at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" + [8]: https://archive.ph/2023.10.25-185455/https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/doc/Omaha3Walkthrough.md?plain=1%23L11 "omaha/doc/Omaha3Walkthrough.md at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" [9]: https://web.archive.org/web/20231025184546/https://www.shouldiblockit.com/googleupdate.exe-8f0de4fef8201e306f9938b0905ac96a.aspx "GoogleUpdate.exe - Should I Block It? (MD5 8f0de4fef8201e306f9938b0905ac96a) | shouldiblockit.com" [10]: https://web.archive.org/web/20231025185202/https://raw.githubusercontent.com/google/omaha/8fa5322c5c35d0cede28f4c32454cb0285490b6d/doc/GoogleUpdateOnAScheduleOverview.html "omaha/doc/GoogleUpdateOnAScheduleOverview.html at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha | github.com/google" [11]: https://web.archive.org/web/20231025184142/https://support.google.com/a/answer/9572621?hl=en#zippy=%2Cyour-administrator-doesnt-allow-you-to-sign-in-with-this-account-try-a-different-account "Troubleshoot GCPW - Google Workspace Admin Help | support.google.com" @@ -5230,17 +5223,7 @@ actions: [13]: https://web.archive.org/web/20231025184232/https://support.google.com/a/topic/24642?hl=en "Manage devices for your organization - Google Workspace Admin Help | support.google.com" [14]: https://web.archive.org/web/20231025184204/https://support.google.com/a/answer/9250996?hl=en "Install Google Credential Provider for Windows - Google Workspace Admin Help | support.google.com" [15]: https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/internal/grit/goopdateres.grd#L166-L177 "omaha/omaha/internal/grit/goopdateres.grd at 8fa5322c5c35d0cede28f4c32454cb0285490b6d · google/omaha · GitHub | github.com/google" - [16]: https://archive.ph/2rF9N "1274960 - GoogleUpdateSetup.exe don't check ACL of Schedule task files GoogleUpdateTaskMachineCore and GoogleUpdateTaskMachineUA - chromium | bugs.chromium.org" - # web.archive.org fails with those: - # - https://archive.ph/7GKGm: https://web.archive.org/web/20231025184306/https://bugs.chromium.org/p/chromium/issues/detail?id=114356#c2 - # - https://archive.ph/ZMFsN: https://web.archive.org/web/20231025184413/https://bugs.chromium.org/p/chromium/issues/detail?id=440549#c51 - # - https://archive.ph/gLYIf: https://web.archive.org/web/20231025184413/https://bugs.chromium.org/p/chromium/issues/detail?id=440549#c52 - # - https://archive.ph/Jxh9G: https://web.archive.org/web/20231025184442/https://bugs.chromium.org/p/chromium/issues/detail?id=137915#c55 - # - https://archive.ph/zQBY5: https://web.archive.org/web/20231025184510/https://bugs.chromium.org/p/chromium/issues/detail?id=1394589#c12 - # - https://archive.ph/hEosd : https://web.archive.org/web/20231025185137/https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/doc/Omaha3Walkthrough.md?plain=1#L11 - # - https://archive.ph/2rF9N : https://web.archive.org/web/20231025184337/https://bugs.chromium.org/p/chromium/issues/detail?id=1274960 - # - https://archive.ph/073xQ : https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/common/scheduled_task_utils_internal.h#L170-L173 - # - https://github.com/google/omaha/blob/8fa5322c5c35d0cede28f4c32454cb0285490b6d/omaha/internal/grit/goopdateres.grd#L178-L181 + [16]: https://archive.ph/2023.10.25-185536/https://bugs.chromium.org/p/chromium/issues/detail?id=1274960 "1274960 - GoogleUpdateSetup.exe don't check ACL of Schedule task files GoogleUpdateTaskMachineCore and GoogleUpdateTaskMachineUA - chromium | bugs.chromium.org" call: - function: DisableScheduledTask @@ -5447,9 +5430,7 @@ actions: | Windows 10 22H2 | 🟢 Ready | | Windows 11 22H2 | 🟢 Ready | - [1]: https://archive.ph/pJon7 "DropboxBusinessScripts/QA Installer/Dropbox Enterprise Installer.ps1 at 4f4c32ddd488b29e7fd16a40966761e70a758239 · dropbox/DropboxBusinessScripts | github.com/dropbox" - # web.archive.org fails with those: - # - https://archive.ph/pJon7: https://github.com/dropbox/DropboxBusinessScripts/blob/4f4c32ddd488b29e7fd16a40966761e70a758239/QA%20Installer/Dropbox%20Enterprise%20Installer.ps1#L127-L136 + [1]: https://archive.ph/2023.11.01-153622/https://github.com/dropbox/DropboxBusinessScripts/blob/4f4c32ddd488b29e7fd16a40966761e70a758239/QA%20Installer/Dropbox%20Enterprise%20Installer.ps1%23L127-L136 "DropboxBusinessScripts/QA Installer/Dropbox Enterprise Installer.ps1 at 4f4c32ddd488b29e7fd16a40966761e70a758239 · dropbox/DropboxBusinessScripts | github.com/dropbox" call: - function: DisableScheduledTask @@ -5480,7 +5461,7 @@ actions: reg add "HKLM\SOFTWARE\Policies\Microsoft\WMDRM" /v "DisableOnline" /t REG_DWORD /d 1 /f - name: Disable "Windows Media Player Network Sharing Service" (`WMPNetworkSvc`) - docs: http://batcmd.com/windows/10/services/wmpnetworksvc/ + docs: https://web.archive.org/web/20240314091022/https://batcmd.com/windows/10/services/wmpnetworksvc/ recommend: standard call: function: DisableService @@ -5567,7 +5548,7 @@ actions: > Text or images copied on one device will not be accessible on other devices [3] [4] [5]. > This enhances privacy and security but limits the clipboard's functionality across your Windows devices. - [1]: https://web.archive.org/web/20230731230134/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#30-cloud-clipboard "Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services - Windows Privacy | Microsoft Learn" + [1]: https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#30-cloud-clipboard "Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services - Windows Privacy | Microsoft Learn" [2]: https://web.archive.org/web/20240119150031/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#allowcrossdeviceclipboard "Privacy Policy CSP - Windows Client Management | Microsoft Learn | learn.microsoft.com" [3]: https://web.archive.org/web/20210619004804/https://community.windows.com/en-us/stories/cloud-clipboard-windows-10 "Copy and paste across Windows 10 devices using cloud clipboard | Windows Community | community.windows.com" [4]: https://web.archive.org/web/20240119150040/https://support.microsoft.com/en-us/windows/clipboard-in-windows-c436501e-985d-1c8d-97ea-fe46ddf338c6 "Clipboard in Windows - Microsoft Support | support.microsoft.com" @@ -5620,7 +5601,7 @@ actions: [1]: https://web.archive.org/web/20210619004804/https://community.windows.com/en-us/stories/cloud-clipboard-windows-10 "Copy and paste across Windows 10 devices using cloud clipboard | Windows Community | community.windows.com" [2]: https://web.archive.org/web/20240119153212/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#allowclipboardhistory "Experience Policy CSP - Windows Client Management | Microsoft Learn | learn.microsoft.com" [3]: https://web.archive.org/web/20240119151846/https://ghostvolt.com/blog/Is-the-Windows-Clipboard-Function-History-or-Sync-Secure.html "Is the Windows Clipboard Function, History or Sync Secure | ghostvolt.com" - [4]: https://web.archive.org/web/20231006114659/https://privacy.microsoft.com/en-us/privacystatement "Microsoft Privacy Statement – Microsoft privacy | privacy.microsoft.com" + [4]: https://web.archive.org/web/20231006103250/https://privacy.microsoft.com/en-US/privacystatement "Microsoft Privacy Statement – Microsoft privacy | privacy.microsoft.com" [5]: https://web.archive.org/web/20240119160347/https://github.com/undergroundwires/privacy.sexy/issues/247 "Disable Clipboard History · Issue #247 · undergroundwires/privacy.sexy · GitHub | github.com" [6]: https://web.archive.org/web/20240119153118/https://www.elevenforum.com/t/enable-or-disable-clipboard-history-in-windows-11.973/ "Enable or Disable Clipboard History in Windows 11 Tutorial | Windows 11 Forum | www.elevenforum.com" [7]: https://web.archive.org/web/20240119153113/https://itechbrand.com/how-to-enable-and-use-clipboard-history-on-windows-10/ "How to: Enable and Use Clipboard History on Windows 10 | ITechBrand | itechbrand.com" @@ -5703,7 +5684,7 @@ actions: revertCode: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "AutoShareWks" /f # Key does not exist since Windows 11 22H2 - category: Enable protection against Meltdown and Spectre - docs: https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot + docs: https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e children: - name: Mitigate Spectre Variant 2 and Meltdown in host operating system @@ -5792,7 +5773,7 @@ actions: recommend: standard docs: - https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63801 - - https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level + - https://web.archive.org/web/20240315114408/https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LmCompatibilityLevel" /t REG_DWORD /d 5 /f revertCode: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LmCompatibilityLevel" /t REG_DWORD /d 3 /f - @@ -5876,7 +5857,7 @@ actions: name: Disable "Windows Connect Now" wizard recommend: standard docs: - - https://docs.microsoft.com/en-us/windows/win32/wcn/about-windows-connect-now + - https://web.archive.org/web/20240314130322/https://learn.microsoft.com/en-us/windows/win32/wcn/about-windows-connect-now - https://www.stigviewer.com/stig/windows_server_20122012_r2_domain_controller/2019-01-16/finding/V-15698 code: |- reg add "HKLM\Software\Policies\Microsoft\Windows\WCN\UI" /v "DisableWcnUi" /t REG_DWORD /d 1 /f @@ -6026,7 +6007,7 @@ actions: reg delete "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.3\Client" /v "DisabledByDefault" /f - name: Disable TLS 1.0 - docs: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls # After disabling TLS 1.0 must be (will be) activated SchUseStrongCrypto for .NET apps + docs: https://web.archive.org/web/20240314125059/https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls # After disabling TLS 1.0 must be (will be) activated SchUseStrongCrypto for .NET apps code: |- reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /f /v Enabled /t REG_DWORD /d 0x00000000 reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /f /v DisabledByDefault /t REG_DWORD /d 0x00000001 @@ -6087,7 +6068,7 @@ actions: reg delete "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v "DisabledByDefault" /f - name: Enable strong authentication for .NET applications using TLS 1.2 - docs: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enabling-strong-authentication-for-net-applications + docs: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enabling-strong-authentication-for-net-applications code: |- reg add "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" /f /v SchUseStrongCrypto /t REG_DWORD /d 0x00000001 reg add "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 0x00000001 @@ -6938,11 +6919,11 @@ actions: - name: Disable "Windows Defender Firewall Authorization Driver" service docs: - - http://batcmd.com/windows/10/services/mpsdrv/ + - https://web.archive.org/web/20240314091039/https://batcmd.com/windows/10/services/mpsdrv/ # ❗️ Breaks: `netsh advfirewall set` # Disabling and stopping it breaks "netsh advfirewall set" commands such as # `netsh advfirewall set allprofiles state on`, `netsh advfirewall set allprofiles state off`. - # More about `netsh firewall` context: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior + # More about `netsh firewall` context: https://web.archive.org/web/20240314125017/https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior # ! Breaks: Windows Store # The Windows Defender Firewall service depends on this service. # Disabling this will also disable the Windows Defender Firewall service, breaking Microsoft Store. @@ -6982,13 +6963,13 @@ actions: > It affects not only the firewall's protective capabilities but also the functionality of other Windows components like the Store [5] [6] and command-line utilities. > Users should be aware of these considerable trade-offs when considering this script for privacy enhancement. - [1]: https://web.archive.org/web/20110203202612/http://technet.microsoft.com/en-us/library/dd364391(v=WS.10).aspx "Windows Firewall Service | technet.microsoft.com" + [1]: https://web.archive.org/web/20231206185904/https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd349801%28v=ws.10%29 "Windows Firewall Service | learn.microsoft.com" [2]: https://web.archive.org/web/20110131034058/http://blogs.technet.com:80/b/networking/archive/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy.aspx "Stopping the Windows Authenticating Firewall Service and the boot time policy - Microsoft Enterprise Networking Team - Site Home - TechNet Blogs | blogs.technet.com" [3]: https://web.archive.org/web/20231122132143/https://batcmd.com/windows/10/services/mpssvc/ "Windows Defender Firewall - Windows 10 Service - batcmd.com | batcmd.com" [4]: https://en.wikipedia.org/w/index.php?title=Windows_Firewall&oldid=1183396285 "Windows Firewall - Wikipedia | wikipedia.org" [5]: https://github.com/undergroundwires/privacy.sexy/issues/104#issuecomment-962651791 "[BUG][help wanted]: Cannot enable Windows Defender · Issue #104 · undergroundwires/privacy.sexy | github.com/undergroundwires/privacy.sexy" [6]: https://web.archive.org/web/20200620033533/https://www.walkernews.net/2012/09/23/how-to-fix-windows-store-app-update-error-code-0x80073d0a/ "How To Fix Windows Store App Update Error Code 0x80073D0A? – Walker News | www.walkernews.net" - [7]: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior "Use netsh advfirewall firewall context - Windows Server | Microsoft Learn | learn.microsoft.com" + [7]: https://web.archive.org/web/20240314125017/https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior "Use netsh advfirewall firewall context - Windows Server | Microsoft Learn | learn.microsoft.com" [8]: https://web.archive.org/web/20231122132150/https://strontic.github.io/xcyclopedia/library/MPSSVC.dll-AA441F7C99AAACBA2538E90D7693637A.html "MPSSVC.dll | Microsoft Protection Service | STRONTIC | strontic.github.io" [9]: https://web.archive.org/web/20121106033255/http://technet.microsoft.com/en-us/library/cc753180.aspx "Basic Firewall Policy Design | technet.microsoft.com" call: @@ -7011,7 +6992,7 @@ actions: # If the dependent services are not running, the script fails with: # "An error occurred while attempting to contact the "Windows Defender Firewall" service. Make sure that the service is running and try your request again." # Requires rebooting after reverting privacy.sexy scripts for the services mpsdrv, mpssvc - docs: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior + docs: https://web.archive.org/web/20240314125017/https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior call: function: RunPowerShell parameters: @@ -7046,7 +7027,7 @@ actions: - name: Disable Firewall via registry # Lower-level, good in case command-line utility is not available/functioning docs: - - https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpfas/2100c552-7f37-4a7f-9fa0-2a864ab87212 + - https://web.archive.org/web/20240314124804/https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpfas/2100c552-7f37-4a7f-9fa0-2a864ab87212 - https://www.stigviewer.com/stig/windows_firewall_with_advanced_security/2016-05-12/finding/V-17415 - https://www.stigviewer.com/stig/windows_firewall_with_advanced_security/2016-05-12/finding/V-17416 - https://www.stigviewer.com/stig/windows_firewall_with_advanced_security/2018-02-21/finding/V-17417 @@ -7098,7 +7079,7 @@ actions: - name: Disable Microsoft Defender Antivirus # Deprecated since Windows 10 version 1903 docs: - - https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware + - https://web.archive.org/web/20240314125156/https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::DisableAntiSpywareDefender code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f revertCode: reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /f 2>nul @@ -7108,7 +7089,7 @@ actions: children: - category: Disable Defender Antivirus cloud protection service - docs: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus + docs: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide # Also known as Microsoft MAPS (Microsoft Active Protection Service) or Microsoft SpyNet children: - @@ -7118,9 +7099,9 @@ actions: name: Disable block at first sight docs: # What is block at first sight? How does it work? How to turn on/off? - - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus + - https://web.archive.org/web/20240314123430/https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-worldwide # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps call: - function: SetMpPreference @@ -7136,14 +7117,14 @@ actions: - name: Maximize time for extended cloud check timeout # Requires "Block at First Sight", "Join Microsoft MAPS", "Send file samples when further analysis is required" docs: - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-cloudextendedtimeout + - https://web.archive.org/web/20240314122554/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#cloudextendedtimeout - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::MpEngine_MpBafsExtendedTimeout code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d 50 /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /f 2>nul - name: Minimize cloud protection level # Requires "Join Microsoft MAPS" docs: - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-cloudblocklevel + - https://web.archive.org/web/20240314122554/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#cloudblocklevel - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::MpEngine_MpCloudBlockLevel code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpCloudBlockLevel" /t REG_DWORD /d 0 /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpCloudBlockLevel" /f 2>nul @@ -7163,10 +7144,10 @@ actions: # Manage with registry policy - https://admx.help/?Category=Windows_7_2008R2&Policy=Microsoft.Policies.WindowsDefender::SpyNetReporting # Managing with MDM policy - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection + - https://web.archive.org/web/20240314122554/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#allowcloudprotection # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#mapsreporting + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#mapsreporting call: # 0: Disabled, 1: Basic, 2: Advanced (default) - @@ -7184,11 +7165,11 @@ actions: name: Disable sending file samples for further analysis recommend: strict docs: - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent + - https://web.archive.org/web/20240314122554/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#submitsamplesconsent - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::SubmitSamplesConsent # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#submitsamplesconsent + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#submitsamplesconsent call: # 0 = 'Always Prompt', 1 = 'Send safe samples automatically' (default), 2 = 'Never send', 3 = 'Send all samples automatically' - @@ -7223,19 +7204,19 @@ actions: - name: Disable uploading files for threat analysis in real-time # Requires "Join Microsoft MAPS" recommend: strict - docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::SignatureUpdate_RealtimeSignatureDelivery + docs: https://web.archive.org/web/20231206191442/https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::SignatureUpdate_RealtimeSignatureDelivery code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates" /v "RealtimeSignatureDelivery" /t REG_DWORD /d 0 /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates" /v "RealtimeSignatureDelivery" /f 2>nul - name: Disable Potentially Unwanted Application (PUA) feature # Already disabled as default docs: - https://www.stigviewer.com/stig/ms_windows_defender_antivirus/2018-03-29/finding/V-75147 - - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus - - https://blogs.technet.microsoft.com/mmpc/2015/11/25/shields-up-on-potentially-unwanted-applications-in-your-enterprise/ + - https://web.archive.org/web/20240314124740/https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide + - https://web.archive.org/web/20160410000519/https://blogs.technet.microsoft.com/mmpc/2015/11/25/shields-up-on-potentially-unwanted-applications-in-your-enterprise/ - https://admx.help/?Category=security-compliance-toolkit&Policy=Microsoft.Policies.SecGuide::Pol_SecGuide_0101_WDPUA - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Root_PUAProtection # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps call: - function: SetMpPreference @@ -7261,7 +7242,7 @@ actions: name: Disable tamper protection # Added in Windows 10, version 1903 docs: - https://www.thewindowsclub.com/how-to-enable-tamper-protection-in-windows-10 - - https://docs.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configuration-tamperprotection + - https://web.archive.org/web/20240314124546/https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configurationtamperprotection call: - function: RunInlineCodeAsTrustedInstaller # Otherwise we get "ERROR: Access is denied." (>= 20H2) @@ -7277,14 +7258,14 @@ actions: - name: Disable file hash computation feature # Added in Windows 10, version 2004 docs: - - https://docs.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configuration-enablefilehashcomputation + - https://web.archive.org/web/20240314124546/https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configuration-enablefilehashcomputation - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::MpEngine_EnableFileHashComputation - https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-windows-10-and-windows-server-version/ba-p/1543631 code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "EnableFileHashComputation" /t REG_DWORD /d "0" /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "EnableFileHashComputation" /f 2>nul - category: Disable "Windows Defender Exploit Guard" - docs: https://www.microsoft.com/security/blog/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/ + docs: https://web.archive.org/web/20231020130741/https://www.microsoft.com/en-us/security/blog/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/ children: - name: Disable prevention of users and apps from accessing dangerous websites @@ -7295,7 +7276,7 @@ actions: name: Disable controlled folder access docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess - - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders + - https://web.archive.org/web/20240314124339/https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-worldwide code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /t REG_DWORD /d "0" /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /f 2>nul - @@ -7327,8 +7308,8 @@ actions: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::DisableRealtimeMonitoring - https://www.stigviewer.com/stig/ms_windows_defender_antivirus/2018-03-29/finding/V-75227 # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablerealtimemonitoring + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablerealtimemonitoring call: # Enabled by default (DisableRealtimeMonitoring is false) - function: SetMpPreference @@ -7348,8 +7329,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::RealtimeProtection_DisableIntrusionPreventionSystem # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableintrusionpreventionsystem + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableintrusionpreventionsystem call: - function: SetMpPreference @@ -7366,7 +7347,7 @@ actions: revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIntrusionPreventionSystem" /f 2>nul - name: Disable Information Protection Control (IPC) - docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::RealtimeProtection_DisableInformationProtectionControl + docs: https://web.archive.org/web/20231207105520/https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::RealtimeProtection_DisableInformationProtectionControl code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableInformationProtectionControl" /t REG_DWORD /d "1" /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableInformationProtectionControl" /f 2>nul - @@ -7377,8 +7358,8 @@ actions: docs: - https://www.stigviewer.com/stig/windows_defender_antivirus/2017-12-27/finding/V-75229 # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablebehaviormonitoring + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablebehaviormonitoring call: - function: SetMpPreference @@ -7405,8 +7386,8 @@ actions: docs: - https://www.stigviewer.com/stig/ms_windows_defender_antivirus/2018-03-29/finding/V-75225 # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableioavprotection + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableioavprotection call: - function: SetMpPreference @@ -7440,8 +7421,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::RealtimeProtection_RealtimeScanDirection # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#realtimescandirection + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#realtimescandirection call: # 0='Both': bi-directional (full on-access, default) # 1='Incoming': scan only incoming (disable on-open) @@ -7470,7 +7451,7 @@ actions: - name: Disable routine remediation docs: - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus#admx-microsoftdefenderantivirus-disableroutinelytakingaction + - https://web.archive.org/web/20240314124159/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus#disableroutinelytakingaction - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::DisableRoutinelyTakingAction code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /f 2>nul @@ -7479,8 +7460,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Remediation_Scan_ScheduleDay # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#remediationscheduleday + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#remediationscheduleday call: # 0: 'Every Day' (default), 1: 'Sunday'..., 7: 'Saturday', 8: 'Never' - @@ -7497,15 +7478,15 @@ actions: - name: Disable remediation actions docs: - - https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-threatseveritydefaultaction + - https://web.archive.org/web/20240314124221/https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-threatseveritydefaultaction - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Threats_ThreatSeverityDefaultAction # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps # None = 0 (default), Clean = 1, Quarantine = 2, Remove = 3, Allow = 6, UserDefined = 8, NoAction = 9, Block = 10 call: # Not using ThreatIdDefaultAction as it requires known threat IDs - function: SetMpPreference - # https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#unknownthreatdefaultaction + # https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#unknownthreatdefaultaction parameters: property: UnknownThreatDefaultAction # Status: Get-MpPreference | Select-Object -Property UnknownThreatDefaultAction # Setting or removing `UnknownThreatDefaultAction` has same affect for (sets also same value): @@ -7539,8 +7520,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Quarantine_PurgeItemsAfterDelay # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#quarantinepurgeitemsafterdelay + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#quarantinepurgeitemsafterdelay call: # Values: # Default: 90 on both Windows 10 21H1 and Windows 11 21H2 @@ -7637,12 +7618,12 @@ actions: - name: Disable auto-exclusions docs: - - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus + - https://web.archive.org/web/20231027190409/https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-worldwide - https://www.stigviewer.com/stig/windows_defender_antivirus/2017-12-27/finding/V-75159 - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::DisableAutoExclusions # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableautoexclusions + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableautoexclusions call: - function: SetMpPreference @@ -7667,8 +7648,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::CheckForSignaturesBeforeRunningScan # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#checkforsignaturesbeforerunningscan + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#checkforsignaturesbeforerunningscan call: - function: SetMpPreference @@ -7686,8 +7667,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableRestorePoint # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablerestorepoint + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablerestorepoint call: - function: SetMpPreference @@ -7705,8 +7686,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_PurgeItemsAfterDelay # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanpurgeitemsafterdelay + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanpurgeitemsafterdelay call: # Default is 15, minimum is 0 which means never removing items - function: SetMpPreference @@ -7733,8 +7714,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableCatchupFullScan # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablecatchupfullscan + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablecatchupfullscan call: - function: SetMpPreference @@ -7752,8 +7733,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableCatchupQuickScan # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablecatchupquickscan + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablecatchupquickscan call: - function: SetMpPreference @@ -7782,8 +7763,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_AvgCPULoadFactor # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanavgcpuloadfactor + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanavgcpuloadfactor call: # Default: 50, minimum 1 - @@ -7801,7 +7782,7 @@ actions: name: Minimize CPU usage during idle scans docs: # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps call: - function: SetMpPreference @@ -7817,10 +7798,10 @@ actions: - name: Disable scanning when not idle # Default OS setting docs: - - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_ScanOnlyIfIdle + - https://web.archive.org/web/20231206191436/https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_ScanOnlyIfIdle # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanonlyifidleenabled + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanonlyifidleenabled call: - function: SetMpPreference @@ -7855,8 +7836,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableEmailScanning # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableemailscanning + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableemailscanning call: - function: SetMpPreference @@ -7873,8 +7854,8 @@ actions: name: Disable script scanning docs: # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablescriptscanning + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablescriptscanning call: function: SetMpPreference parameters: @@ -7892,8 +7873,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableScanningMappedNetworkDrivesForFullScan # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablescanningmappednetworkdrivesforfullscan + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablescanningmappednetworkdrivesforfullscan call: - function: RunInlineCode @@ -7911,8 +7892,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableScanningNetworkFiles # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablescanningnetworkfiles + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablescanningnetworkfiles call: - function: RunInlineCode @@ -7938,8 +7919,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableArchiveScanning # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablearchivescanning + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablearchivescanning call: - function: RunInlineCode @@ -7968,8 +7949,8 @@ actions: # Disabled by default - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableRemovableDriveScanning # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablearchivescanningDisableRemovableDriveScanning + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disablearchivescanningDisableRemovableDriveScanning call: - function: RunInlineCode @@ -7989,10 +7970,10 @@ actions: name: Disable scheduled scans docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_ScheduleDay - - https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-scan-scheduleday + - https://web.archive.org/web/20240314122526/https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-scan-scheduleday # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanscheduleday + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanscheduleday call: # Options are: # 0 = 'Every Day' (default), 1 = 'Sunday', 2 = 'Monday', 3 = 'Tuesday', 4 = 'Wednesday', @@ -8013,8 +7994,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::RandomizeScheduleTaskTimes # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#randomizescheduletasktimes + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#randomizescheduletasktimes call: - function: RunInlineCode @@ -8030,11 +8011,11 @@ actions: - name: Disable scheduled full-scans docs: - - https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-scan-scanparameters + - https://web.archive.org/web/20240314122452/https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-scan-scanparameters - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_ScanParameters # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanparameters + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#scanparameters call: # Options: 1 = 'Quick Scan' (default), 2 = 'Full Scan' - @@ -8085,8 +8066,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::SignatureUpdate_SignatureUpdateCatchupInterval # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#signatureupdatecatchupinterval + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#signatureupdatecatchupinterval call: # Options: 0 = no catch-up; 1 = 1 day; 2 = 2 days, etc - @@ -8121,8 +8102,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::SignatureUpdate_DisableUpdateOnStartupWithoutEngine # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#signaturedisableupdateonstartupwithoutengine + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#signaturedisableupdateonstartupwithoutengine call: - function: RunInlineCode @@ -8140,8 +8121,8 @@ actions: docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::SignatureUpdate_ScheduleDay # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#signaturescheduleday + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#signaturescheduleday call: # Options: # 0 = 'Every Day', 1 = 'Sunday', 2 = 'Monday', 3 = 'Tuesday', 4 = 'Wednesday' @@ -8160,11 +8141,11 @@ actions: - name: Minimize checks for security intelligence (signature) updates docs: - - https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-signatureupdateinterval + - https://web.archive.org/web/20240314122335/https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-signatureupdateinterval - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::SignatureUpdate_SignatureUpdateInterval # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#signatureupdateinterval + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#signatureupdateinterval call: # Valid values range from 1 (every hour) to 24 (once per day). # If not specified (0), parameter, Microsoft Defender checks at the default interval @@ -8196,7 +8177,7 @@ actions: name: Minimize Defender updates to completed gradual release cycles docs: # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps call: function: SetMpPreference parameters: @@ -8209,7 +8190,7 @@ actions: name: Minimize Defender engine updates to completed release cycles docs: # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps call: function: SetMpPreference parameters: @@ -8224,7 +8205,7 @@ actions: name: Minimize Defender platform updates to completed release cycles docs: # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps call: function: SetMpPreference parameters: @@ -8239,7 +8220,7 @@ actions: name: Minimize Defender definition updates to completed gradual release cycles docs: # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps call: # ❌ Not generally supported on Windows (before 4.18.2106.5 Defender platform) function: SetMpPreference @@ -8265,7 +8246,7 @@ actions: name: Disable Microsoft Defender ETW provider (Windows Event Logs) docs: - https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/ - - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/event-views + - https://web.archive.org/web/20240314124054/https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational" /v "Enabled" /t Reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC" /v "Enabled" /t Reg_DWORD /d 0 /f @@ -8281,7 +8262,7 @@ actions: - name: Minimize Windows software trace preprocessor (WPP Software Tracing) docs: - - https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/wpp-software-tracing + - https://web.archive.org/web/20240314123926/https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/wpp-software-tracing - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Reporting_WppTracingLevel code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingLevel" /t REG_DWORD /d 1 /f revertCode: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingLevel" /f 2>nul @@ -8289,7 +8270,7 @@ actions: name: Disable auditing events in Microsoft Defender Application Guard docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.AppHVSI::AppHVSI_AuditApplicationGuardConfig - - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview + - https://web.archive.org/web/20240314123716/https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview code: reg add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AuditApplicationGuard" /t REG_DWORD /d 0 /f revertCode: reg delete "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AuditApplicationGuard" /f 2>nul - @@ -8305,7 +8286,7 @@ actions: name: Remove "Scan with Microsoft Defender" from context menu docs: - https://windowsreport.com/remove-right-click-windows-defender-scan-windows-10/ - - https://twigstechtips.blogspot.com/2010/06/windows-remove-with-microsoft-security.html + - https://web.archive.org/web/20240314174846/https://twigstechtips.blogspot.com/2010/06/windows-remove-with-microsoft-security.html code: |- reg delete "HKLM\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" /va /f 2>nul reg delete "HKCR\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}" /v "InprocServer32" /f 2>nul @@ -8369,8 +8350,8 @@ actions: name: Minimize threat history access to administrators docs: # Managing with MpPreference module: - - https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference - - https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableprivacymode + - https://web.archive.org/web/20240314124716/https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps + - https://web.archive.org/web/20231207105608/https://powershell.one/wmi/root/microsoft/windows/defender/msft_mppreference#disableprivacymode call: - function: SetMpPreference @@ -8476,12 +8457,12 @@ actions: children: - category: Disable Windows Security notifications - docs: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications + docs: https://web.archive.org/web/20240314130605/https://learn.microsoft.com/en-us/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications children: - name: Disable all Defender notifications docs: - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter#windowsdefendersecuritycenter-disablenotifications + - https://web.archive.org/web/20240314122250/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter#disableenhancednotifications - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefenderSecurityCenter::Notifications_DisableNotifications code: |- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f @@ -8492,7 +8473,7 @@ actions: - name: Disable non-critical Defender notifications docs: - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter#windowsdefendersecuritycenter-disableenhancednotifications + - http://web.archive.org/web/20240314122250/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter#disableenhancednotifications - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefenderSecurityCenter::Notifications_DisableEnhancedNotifications - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Reporting_DisableEnhancedNotifications code: |- @@ -8704,7 +8685,7 @@ actions: # E.g. `Set-MpPreference -Force -MAPSReporting 0` throws: # `Set-MpPreference: Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference.` # `Target: MAPS_MAPSReporting. FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference` - docs: http://batcmd.com/windows/10/services/windefend/ + docs: https://web.archive.org/web/20240314091238/https://batcmd.com/windows/10/services/windefend/ call: - function: RunInlineCodeAsTrustedInstaller @@ -8722,7 +8703,7 @@ actions: # - Skipping wdnsfltr ("Windows Defender Network Stream Filter Driver") as it's Windows 1709 only - name: Disable "Microsoft Defender Antivirus Network Inspection System Driver" service - docs: http://batcmd.com/windows/10/services/wdnisdrv/ + docs: https://web.archive.org/web/20240314062056/https://batcmd.com/windows/10/services/wdnisdrv/ call: # Excluding: # - `%SYSTEMROOT%\System32\drivers\wd\WdNisDrv.sys`: Missing on Windows since Windows 10 22H2 and Windows 11 22H2 @@ -8740,8 +8721,8 @@ actions: - name: Disable "Microsoft Defender Antivirus Mini-Filter Driver" service docs: - - https://www.n4r1b.com/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/ - - http://batcmd.com/windows/10/services/wdfilter/ + - https://web.archive.org/web/20240314091638/https://n4r1b.com/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/ + - https://web.archive.org/web/20240314062047/https://batcmd.com/windows/10/services/wdfilter/ call: # Excluding: # - `%SYSTEMROOT%\System32\drivers\wd\WdFilter.sys`: Missing on Windows since Windows 10 22H2 and Windows 11 22H2 @@ -8757,7 +8738,7 @@ actions: grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 22H2 - name: Disable "Microsoft Defender Antivirus Boot Driver" service - docs: http://batcmd.com/windows/10/services/wdboot/ + docs: https://web.archive.org/web/20240314062057/https://batcmd.com/windows/10/services/wdboot/ call: # Excluding: # - `%SYSTEMROOT%\System32\drivers\wd\WdBoot.sys`: Missing on Windows since Windows 10 22H2 and Windows 11 22H2 @@ -8774,7 +8755,7 @@ actions: - name: Disable "Microsoft Defender Antivirus Network Inspection" service docs: - - http://batcmd.com/windows/10/services/wdnissvc/ + - https://web.archive.org/web/20240314091310/https://batcmd.com/windows/10/services/wdnissvc/ - https://www.howtogeek.com/357184/what-is-microsoft-network-realtime-inspection-service-nissrv.exe-and-why-is-it-running-on-my-pc/ call: - @@ -8789,7 +8770,7 @@ actions: # grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 22H2 - name: Disable "Windows Defender Advanced Threat Protection Service" service - docs: http://batcmd.com/windows/10/services/sense/ + docs: https://web.archive.org/web/20240314091443/https://batcmd.com/windows/10/services/sense/ call: - function: RunInlineCodeAsTrustedInstaller # We must disable it on registry level, "Access is denied" for sc config @@ -8840,7 +8821,7 @@ actions: category: Disable SmartScreen docs: - https://en.wikipedia.org/wiki/Microsoft_SmartScreen - - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview + - https://web.archive.org/web/20240314131452/https://learn.microsoft.com/en-us/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/ children: - category: Disable SmartScreen for apps and files @@ -8882,10 +8863,10 @@ actions: name: Disable Edge SmartScreen docs: - https://www.bleepingcomputer.com/news/microsoft/windows-10-smartscreen-sends-urls-and-app-names-to-microsoft/ # Privacy concerns - - https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-smartscreen - - https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreen-settings + - https://web.archive.org/web/20240314103356/https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-smartscreen + - https://web.archive.org/web/20240314103512/https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreen-settings - https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63713 - - https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::SmartScreenEnabled + - https://web.archive.org/web/20231206191447/https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::SmartScreenEnabled code: |- reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d "0" /f @@ -8914,8 +8895,8 @@ actions: name: Disable SmartScreen's "App Install Control" feature docs: - https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.SmartScreen::ConfigureAppInstallControl - - https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen - - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen + - https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen + - https://web.archive.org/web/20240314103348/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen code: |- reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t "REG_DWORD" /d "0" /f @@ -8924,7 +8905,7 @@ actions: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /f 2>nul - name: Disable SmartScreen's web content (URLs) checking for apps - docs: https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services + docs: https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#181-general code: |- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f @@ -10489,7 +10470,7 @@ actions: The Attachment Manager feature warns users when opening or executing files which are marked as being from an untrusted source, unless/until the file's zone information has been removed via the "Unblock" button on the file's properties or via a separate tool such as - [Microsoft Sysinternals Streams](https://docs.microsoft.com/en-us/sysinternals/downloads/streams) [4]. + [Microsoft Sysinternals Streams](https://web.archive.org/web/20240314125039/https://learn.microsoft.com/en-us/sysinternals/downloads/streams) [4]. It is configured using `SaveZoneInformation` value in `\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\` registry subkey [1] [2] [3] [4]. @@ -10560,7 +10541,7 @@ actions: - **Decreased notifications and alerts**: Reduces the number of notifications that may expose sensitive information. - **User choice in security tools**: Offers freedom to choose alternative privacy-focused security measures. - **Increased anonymity**: By uninstalling the app, users reduce the amount of data shared under the terms of - [Microsoft's privacy policy](https://web.archive.org/web/20231006114659/https://privacy.microsoft.com/en-us/privacystatement), + [Microsoft's privacy policy](https://web.archive.org/web/20231006103250/https://privacy.microsoft.com/en-US/privacystatement), which allows Microsoft to collect and share data with external entities when the app is in use. This app comes pre-installed on certain versions of Windows [7] [8]. @@ -10677,7 +10658,7 @@ actions: - name: Disable history of recently opened documents recommend: strict - docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.StartMenu::NoRecentDocsHistory + docs: https://web.archive.org/web/20231207105611/https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.StartMenu::NoRecentDocsHistory code: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoRecentDocsHistory" /t REG_DWORD /d 1 /f revertCode: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoRecentDocsHistory" /t REG_DWORD /d 0 /f - @@ -10705,8 +10686,8 @@ actions: recommend: strict docs: - https://matthewhill.uk/windows/group-policy-disable-recent-files-frequent-folder-explorer/ # ShowRecent - - https://www.howto-connect.com/delete-recent-frequent-from-file-explorer-on-windows-10/ # 3134ef9c-6b18-4996-ad04-ed5912e00eb5 - - https://docs.microsoft.com/en-us/windows/win32/sysinfo/32-bit-and-64-bit-application-data-in-the-registry # Wow6432Node + - https://web.archive.org/web/20231206191753/https://www.howto-connect.com/delete-recent-frequent-from-file-explorer-on-windows-10/ # 3134ef9c-6b18-4996-ad04-ed5912e00eb5 + - https://web.archive.org/web/20240314130140/https://learn.microsoft.com/en-us/windows/win32/sysinfo/32-bit-and-64-bit-application-data-in-the-registry # Wow6432Node code: |- reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowRecent" /d 0 /t "REG_DWORD" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HomeFolderDesktop\NameSpace\DelegateFolders\{3134ef9c-6b18-4996-ad04-ed5912e00eb5}" /f @@ -10751,9 +10732,9 @@ actions: - name: Enable camera on/off OSD notifications docs: - - https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-coremmres-nophysicalcameraled - - https://www.reddit.com/r/Surface/comments/88nyln/the_webcamled_took_anyone_it_apart/dwm64p5 - - https://answers.microsoft.com/en-us/windows/forum/all/enable-osd-notification-for-webcam/caf1fff4-78d3-4b93-905b-ef657097a44e + - https://web.archive.org/web/20240314130237/https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-coremmres-nophysicalcameraled + - https://archive.ph/2024.03.14-100859/https://www.reddit.com/r/Surface/comments/88nyln/the_webcamled_took_anyone_it_apart/dwm64p5/?rdt=41039 + - https://web.archive.org/web/20231206191715/https://answers.microsoft.com/en-us/windows/forum/all/enable-osd-notification-for-webcam/caf1fff4-78d3-4b93-905b-ef657097a44e code: reg add "HKLM\SOFTWARE\Microsoft\OEM\Device\Capture" /v "NoPhysicalCameraLED" /d 1 /t REG_DWORD /f revertCode: reg delete "HKLM\Software\Microsoft\OEM\Device\Capture" /v "NoPhysicalCameraLED" /f - @@ -10848,7 +10829,7 @@ actions: [4]: https://github.com/undergroundwires/privacy.sexy/issues/200 "[BUG]: Microsoft Advertising app removal failure · Issue #200 · undergroundwires/privacy.sexy" children: # 💡 Good information for development: - # - Find out package name from store ID: https://archive.today/2023.10.20-135401/https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn + # - Find out package name from store ID: https://archive.ph/2023.10.20-135401/https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn # ❗ Excluded apps with justifications: # - `Microsoft.Windows.ShellExperienceHost`: "Start app", required for different setting windows such as WiFi and battery panes in action bar. # - `Windows.immersivecontrolpanel` : "Settings app", required for settings view. @@ -11448,7 +11429,7 @@ actions: This script uninstalls the "Raw Image Extension" app. This app enables viewing support for raw file formats from digital cameras directly in Windows File - Explorer and the Photos app [1]. It utilizes the [libraw](http://www.libraw.org) open source project for this functionality [1]. + Explorer and the Photos app [1]. It utilizes the [libraw](https://www.libraw.org/) open source project for this functionality [1]. This app contains critical severity vulnerabilities in certain versions [2]. A critical vulnerability is a serious security risk that could allow attackers to gain full control of your system. @@ -11547,7 +11528,7 @@ actions: name: Remove "Microsoft 365 (Office)" app recommend: standard docs: |- - [Microsoft Store Page](https://archive.ph/ZXfCl) + [Microsoft Store Page](https://archive.ph/2023.10.07-113623/https://apps.microsoft.com/detail/microsoft-365-(office)/9WZDNCRD29V9?hl=en-us&gl=SE) It's formerly known as just "Office" app [1] [2]. @@ -11980,7 +11961,7 @@ actions: - name: Remove "Print 3D" app docs: |- - [Microsoft Store Page](https://web.archive.org/web/20220430015415/https://www.microsoft.com/en-us/p/print-3d/9pbpch085s3s?activetab=pivot:overviewtab) + [Microsoft Store Page](https://web.archive.org/web/20211207041221/https://www.microsoft.com/en-us/p/print-3d/9pbpch085s3s?activetab=pivot:overviewtab) This app comes pre-installed on certain versions of Windows [1] [2] [3]. @@ -12408,7 +12389,7 @@ actions: - name: Remove "Windows Calculator" app docs: |- - [Microsoft Store Page](https://archive.ph/64EWx) + [Microsoft Store Page](https://archive.ph/2023.10.06-182013/https://apps.microsoft.com/detail/windows-calculator/9WZDNCRFHVN5?hl=en-us&gl=JP) It's also known as just "Calculator" [1]. @@ -12438,7 +12419,7 @@ actions: - name: Remove "Microsoft Photos" app docs: |- - [Microsoft Store Page](https://archive.ph/rBoCX) + [Microsoft Store Page](https://archive.ph/2023.10.06-182550/https://apps.microsoft.com/detail/microsoft-photos/9WZDNCRFJBH4?hl=en-us&gl=CZ) It's also known as just "Photos" apps [1]. @@ -12468,7 +12449,7 @@ actions: - name: Remove "Skype" app docs: |- - [Microsoft Store Page](https://archive.ph/vL2FJ) + [Microsoft Store Page](https://archive.ph/2023.10.06-182613/https://apps.microsoft.com/detail/9WZDNCRFJ364?hl=en-us&gl=US) This app comes pre-installed on certain versions of Windows [1] [2] [3] [4]. @@ -12496,7 +12477,7 @@ actions: - name: Remove "GroupMe" app docs: |- - [Microsoft Store Page](https://archive.ph/ggBiX) + [Microsoft Store Page](https://archive.ph/2023.10.06-182707/https://apps.microsoft.com/detail/groupme/9NBLGGH5Z4F2?hl=en-us&gl=SE) ### Overview of default preinstallation @@ -12517,7 +12498,7 @@ actions: - name: Remove "Windows Sound Recorder" app docs: |- - [Microsoft Store Page](https://archive.ph/8Fe9K) + [Microsoft Store Page](https://archive.ph/2023.10.06-182722/https://apps.microsoft.com/detail/windows-sound-recorder/9WZDNCRFHWKN?hl=en-us&gl=SE) This app is also known as "Voice recorder" [1] or "Windows Voice Recorder" [2] [3]. @@ -12572,7 +12553,7 @@ actions: | Windows 11 | 23H2 | ❌ | [1]: https://web.archive.org/web/20231006204400/https://support.microsoft.com/en-us/topic/introducing-microsoft-phone-link-and-link-to-windows-2e4bb4c0-f99a-4464-92a8-5264c7c39734 "Introducing Microsoft Phone Link and Link to Windows - Microsoft Support" - [2]: https://archive.ph/TfLf1#june-10-2020 "windows-insider/wip/apps/your-phone.md at public · MicrosoftDocs/windows-insider | github.com" + [2]: https://archive.ph/2023.10.09-121535/https://github.com/microsoftdocs/windows-insider/blob/public/wip/apps/your-phone.md%23june-10-2020#june-10-2020 "windows-insider/wip/apps/your-phone.md at public · MicrosoftDocs/windows-insider | github.com" call: - function: UninstallStoreApp @@ -12612,7 +12593,7 @@ actions: - name: Remove "Phone Link" app docs: |- - [Microsoft Store Page](https://archive.ph/Z4q70) + [Microsoft Store Page](https://archive.ph/2023.10.06-204308/https://apps.microsoft.com/detail/phone-link/9NMPJ99VJBWV?hl=en-us&gl=us) It was initially released as "Your Phone" app in October 2018 [1]. @@ -12641,7 +12622,7 @@ actions: - name: Remove "Microsoft Remote Desktop" app docs: |- - [Microsoft Store Page](https://archive.ph/jGZBm) + [Microsoft Store Page](https://archive.ph/2024.03.14-131853/https://apps.microsoft.com/detail/9wzdncrfj3ps?hl=en-us&gl=US) It's also known as just "Remote Desktop" [1]. @@ -12669,7 +12650,7 @@ actions: name: Remove "Network Speed Test" app recommend: standard docs: |- - [Microsoft Store Page](https://archive.ph/EpJ1B) + [Microsoft Store Page](https://archive.ph/2023.10.06-205006/https://apps.microsoft.com/detail/9WZDNCRFHX52?hl=en-us&gl=US) This app comes pre-installed on certain versions of Windows [1]. @@ -12694,7 +12675,7 @@ actions: - name: 'Remove "Microsoft To Do: Lists, Tasks & Reminders" app' docs: |- - [Microsoft Store Page](https://archive.ph/tOSDW) + [Microsoft Store Page](https://archive.ph/2023.10.06-205208/https://apps.microsoft.com/detail/9NBLGGH5R558?hl=en-us&gl=US) This app comes pre-installed on certain versions of Windows [1]. @@ -12710,7 +12691,7 @@ actions: | Windows 11 | 22H2 | ✅ | | Windows 11 | 23H2 | ✅ | - [1]: https://archive.ph/wt3sJ "Surface Duo 2 - Dual-Screen Mobile Productivity - Microsoft Surface | microsoft.com" + [1]: https://archive.ph/2021.10.23-200225/https://www.microsoft.com/en-us/d/surface-duo-2/9408kgxp4xjl?activetab=pivot:overviewtab "Surface Duo 2 - Dual-Screen Mobile Productivity - Microsoft Surface | microsoft.com" call: function: UninstallStoreApp parameters: @@ -12725,7 +12706,7 @@ actions: - name: Remove "Shazam" app docs: |- - [Microsoft Store Page](https://archive.ph/zjVBQ) + [Microsoft Store Page](https://archive.ph/2023.10.07-013930/https://apps.microsoft.com/detail/9WZDNCRFJ0QQ?hl=en-us&gl=US) Shazam Windows app was officially declared end-of-life on February 7, 2017 and is discontinued as Windows app [1]. @@ -12798,7 +12779,7 @@ actions: - name: Remove "Flipboard" app docs: |- - [Microsoft Store Page](https://archive.ph/yEn8l) + [Microsoft Store Page](https://archive.ph/2023.10.07-111934/https://apps.microsoft.com/detail/9WZDNCRFJ32Q?hl=en-us&gl=US) ### Overview of default preinstallation @@ -12819,7 +12800,7 @@ actions: - name: Remove "Twitter" app docs: |- - [Microsoft Store Page](https://archive.ph/4xGBR) + [Microsoft Store Page](https://archive.ph/2023.10.07-111953/https://apps.microsoft.com/detail/9WZDNCRFJ140?hl=en-us&gl=US) ### Overview of default preinstallation @@ -12840,7 +12821,7 @@ actions: - name: 'Remove "iHeart: Radio, Music, Podcasts" app' docs: |- - [Microsoft Store Page](https://archive.ph/qKiUM) + [Microsoft Store Page](https://archive.ph/2023.10.07-112020/https://apps.microsoft.com/detail/9WZDNCRFJ223?hl=en-us&gl=US) ### Overview of default preinstallation @@ -12861,7 +12842,7 @@ actions: - name: 'Remove "Duolingo - Language Lessons" app' docs: |- - [Microsoft Store Page](https://archive.ph/AgJOE) + [Microsoft Store Page](https://archive.ph/2023.10.07-112229/https://apps.microsoft.com/detail/9WZDNCRCV5XN?hl=en-us&gl=US) This app comes pre-installed on certain versions of Windows [1]. @@ -12886,7 +12867,7 @@ actions: - name: Remove "Adobe Photoshop Express" app docs: |- - [Microsoft Store Page](https://archive.ph/213f5) + [Microsoft Store Page](https://archive.ph/2023.10.07-112247/https://apps.microsoft.com/detail/9WZDNCRFJ27N?hl=en-us&gl=US) This apps is also known as just "Photoshop Express" [1]. @@ -12914,7 +12895,7 @@ actions: - name: Remove "Pandora" app docs: |- - [Microsoft Store Page](https://archive.ph/uKHGP) + [Microsoft Store Page](https://archive.ph/2023.10.07-112259/https://apps.microsoft.com/detail/9WZDNCRFJ46V?hl=en-us&gl=US) This app comes pre-installed on certain versions of Windows [1]. @@ -12939,7 +12920,7 @@ actions: - name: Remove "Eclipse Manager" app docs: |- - [Microsoft Store Page](https://archive.ph/bnllD) + [Microsoft Store Page](https://archive.ph/2023.10.07-112311/https://apps.microsoft.com/detail/9WZDNCRDJMH1?hl=en-us&gl=US) This app comes pre-installed on certain versions of Windows [1]. @@ -12964,7 +12945,7 @@ actions: - name: Remove "Code Writer" app docs: |- - [Microsoft Store Page](https://archive.ph/RZY0r) + [Microsoft Store Page](https://archive.ph/2023.10.07-112330/https://apps.microsoft.com/detail/9WZDNCRFHZDT?hl=en-us&gl=US) This app comes pre-installed on certain versions of Windows [1]. @@ -12989,7 +12970,7 @@ actions: - name: 'Remove "Spotify - Music and Podcasts" app' docs: |- - [Microsoft Store Page](https://archive.ph/r3VwJ) + [Microsoft Store Page](https://archive.ph/2023.10.07-112359/https://apps.microsoft.com/detail/9NCBCSZSJRSB?hl=en-us&gl=US) ### Overview of default preinstallation @@ -13945,7 +13926,7 @@ actions: [1]: https://web.archive.org/web/20210727081048/https://docs.microsoft.com/en-us/windows/application-management/apps-in-windows-10 "Windows 10 - Apps - Windows Application Management | Microsoft Docs" [2]: https://web.archive.org/web/20221101233445/https://learn.microsoft.com/en-us/windows/application-management/system-apps-windows-client-os "Get the system apps on Windows client operating system - Windows Application Management | Microsoft Learn" [3]: https://web.archive.org/web/20231009112816/https://blogs.windows.com/windowsexperience/2016/10/26/empowering-a-new-wave-of-creativity-with-the-windows-10-creators-update-and-surface-studio/ "Empowering a new wave of creativity with the Windows 10 Creators Update and Surface Studio | Windows Experience Blog" - [4]: https://web.archive.org/web/20231009111644/https://strontic.github.io/xcyclopedia/library/PeopleExperienceHost.exe-4DB57408AA06543E575368FEDC280B4A. "PeopleExperienceHost.exe | Windows My People | STRONTIC" + [4]: https://web.archive.org/web/20231205170517/https://strontic.github.io/xcyclopedia/library/PeopleExperienceHost.exe-4DB57408AA06543E575368FEDC280B4A "PeopleExperienceHost.exe | Windows My People | STRONTIC" call: function: UninstallNonRemovableStoreAppWithCleanup parameters: @@ -14041,7 +14022,7 @@ actions: [1]: https://web.archive.org/web/20210727081048/https://docs.microsoft.com/en-us/windows/application-management/apps-in-windows-10 "Windows 10 - Apps - Windows Application Management | Microsoft Docs" [2]: https://web.archive.org/web/20221101233445/https://learn.microsoft.com/en-us/windows/application-management/system-apps-windows-client-os "Get the system apps on Windows client operating system - Windows Application Management | Microsoft Learn" - [3]: https://web.archive.org/web/20231008122256/https://strontic.github.io/xcyclopedia/library/SecureAssessmentBrowser.exe-9997A632135DFB0C53479401E17A7367.html.html "SecureAssessmentBrowser.exe | Take a Test | STRONTIC" + [3]: https://web.archive.org/web/20231008122256/https://strontic.github.io/xcyclopedia/library/SecureAssessmentBrowser.exe-9997A632135DFB0C53479401E17A7367.html "SecureAssessmentBrowser.exe | Take a Test | STRONTIC" [4]: https://web.archive.org/web/20231008122321/https://learn.microsoft.com/en-us/education/windows/take-tests-in-windows "Take tests and assessments in Windows - Windows Education | Microsoft Learn" [5]: https://web.archive.org/web/20231008122328/https://learn.microsoft.com/en-us/windows/client-management/mdm/secureassessment-csp "SecureAssessment CSP - Windows Client Management | Microsoft Learn" call: @@ -14235,10 +14216,10 @@ actions: It stops the execution of OneDrive. Main OneDrive process is `OneDrive.exe` and it is installed in `\Microsoft\OneDrive\OneDrive.exe` [1] [2] [3] [4]. - [1]: https://answers.microsoft.com/en-us/windows/forum/all/onedrive-wont-sync-and-wont-uninstall-so-i-can-re/6182d0a5-e7ea-46bb-a058-c0a4fd5e299a "Onedrive wont sync and wont uninstall so I can re-install the latest - Microsoft Community | answers.microsoft.com" - [2]: https://social.technet.microsoft.com/Forums/scriptcenter/en-US/9bd33f03-62dd-4c4f-9d29-970c1016f2f9/better-onedrive-detection-method?forum=configmanagerapps "Better OneDrive detection method | social.technet.microsoft.com" - [3]: https://social.msdn.microsoft.com/Forums/en-US/072e3577-d0ff-4950-9e0b-40b037853881/starting-and-stopping-sharepoint-library-sync-with-onedrive?forum=sharepointdevelopmentprevious "Starting and stopping SharePoint library sync with OneDrive | social.msdn.microsoft.com" - [4]: https://learn.microsoft.com/en-us/answers/questions/473995/onedrive-was-previously-disabled-and-now-i-can39t.html "OneDrive was previously disabled and now I can't enable it with GPO - Microsoft Q&A | learn.microsoft.com" + [1]: https://web.archive.org/web/20231206192439/https://answers.microsoft.com/en-us/windows/forum/all/onedrive-wont-sync-and-wont-uninstall-so-i-can-re/6182d0a5-e7ea-46bb-a058-c0a4fd5e299a "Onedrive wont sync and wont uninstall so I can re-install the latest - Microsoft Community | answers.microsoft.com" + [2]: https://web.archive.org/web/20231206211723/https://social.technet.microsoft.com/Forums/scriptcenter/en-US/9bd33f03-62dd-4c4f-9d29-970c1016f2f9/better-onedrive-detection-method?forum=configmanagerapps "Better OneDrive detection method | social.technet.microsoft.com" + [3]: https://web.archive.org/web/20231206212821/https://social.msdn.microsoft.com/Forums/en-US/072e3577-d0ff-4950-9e0b-40b037853881/starting-and-stopping-sharepoint-library-sync-with-onedrive "Starting and stopping SharePoint library sync with OneDrive | social.msdn.microsoft.com" + [4]: https://web.archive.org/web/20240314124031/https://learn.microsoft.com/en-us/answers/questions/473995/onedrive-was-previously-disabled-and-now-i-cant-en "OneDrive was previously disabled and now I can't enable it with GPO - Microsoft Q&A | learn.microsoft.com" call: function: TerminateRunningProcess parameters: @@ -14271,7 +14252,7 @@ actions: [1]: https://support.microsoft.com/en-us/office/turn-off-disable-or-uninstall-onedrive-f32a17ce-3336-40fe-9c38-6efb09f944b0 "Turn off, disable, or uninstall OneDrive | support.microsoft.com" [2]: https://web.archive.org/web/20231002162805/https://learn.microsoft.com/en-us/sharepoint/troubleshoot/installation-and-setup/how-to-block-onedrive-from-being-advertised-after-install-office-2016#method-2-uninstall-onedriveexe "How to block OneDrive.exe from being advertised after you install Office 2016 - SharePoint | Microsoft Learn" [3]: https://learn.microsoft.com/en-us/sharepoint/troubleshoot/lists-and-libraries/cannot-open-onedrive-on-images-using-sysprep#how-to-correctly-deploy-onedrive-via-sysprep "Can't open OneDrive on images using Sysprep - SharePoint | Microsoft Learn" - [4]: https://answers.microsoft.com/en-us/windows/forum/all/onedrive-on-windows-11-does-not-appear-in-file/250c679b-9d02-410f-8c8f-41cca112ccfa "OneDrive on Windows 11 - Does Not Appear in File Explorer - Microsoft Community | answers.microsoft.com" + [4]: https://web.archive.org/web/20231206192414/https://answers.microsoft.com/en-us/windows/forum/all/onedrive-on-windows-11-does-not-appear-in-file/250c679b-9d02-410f-8c8f-41cca112ccfa "OneDrive on Windows 11 - Does Not Appear in File Explorer - Microsoft Community | answers.microsoft.com" [5]: https://web.archive.org/web/20231002162808/https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds_vdi-recommendations-1909#remove-onedrive-components "Optimizing Windows 10, version 1909, for a Virtual Desktop Infrastructure (VDI) role | Microsoft Learn" recommend: strict code: |- @@ -14426,15 +14407,15 @@ actions: docs: |- This script removes OneDrive installation directories, application data, temporary files, and cache. - - `C:\OneDriveCache`: A location for temporary cache files [1]. - - `C:\ProgramData\Microsoft OneDrive`: Stores data used in setting up OneDrive [2] [3]. - - `C:\Users\\AppData\Local\Microsoft\OneDrive`: OneDrive installation directory [4]. + Identified by the community and confirmed through testing, these folders include: - Identified by the community [1] and confirmed through testing, these folders include: + - `C:\OneDriveTemp`: A location for temporary cache files [1] [3]. + - `C:\ProgramData\Microsoft OneDrive` [2]: Stores data used in setting up OneDrive [2] [3]. + - `C:\Users\\AppData\Local\Microsoft\OneDrive`: OneDrive installation directory [2] [3] [4]. | Directory | Windows 11 (since 22H2) | Windows 10 (since 22H2) | | --------- |:-----------------------:|:-----------------------:| - | `%SYSTEMDRIVE%\OneDriveCache` | ❌ Missing | ❌ Missing | + | `%SYSTEMDRIVE%\OneDriveTemp` | ❌ Missing | ❌ Missing | | `%PROGRAMDATA%\Microsoft OneDrive` | ✅ Exists | ✅ Exists | | `%LOCALAPPDATA%\Microsoft\OneDrive` | ✅ Exists | ✅ Exists | @@ -14576,7 +14557,7 @@ actions: This CLSID includes `System.IsPinnedToNameSpaceTree` as value as `1` after clean installation in both Windows 10 and Windows 11. [1]: https://web.archive.org/web/20231025220530/https://support.microsoft.com/en-us/office/sync-files-with-onedrive-in-windows-615391c4-2bd3-4aae-a42a-858262e42a49 "Sync files with OneDrive in Windows | support.microsoft.com" - [2]: https://answers.microsoft.com/en-us/windows/forum/all/remove-onedrive-from-file-explorer-navigation-pane/38ac7524-2b35-4ffc-baab-40ad61dc5d79 "Remove OneDrive from File Explorer navigation pane - Microsoft Community | answers.microsoft.com" + [2]: https://web.archive.org/web/20240322101857/https://answers.microsoft.com/en-us/windows/forum/all/remove-onedrive-from-file-explorer-navigation-pane/38ac7524-2b35-4ffc-baab-40ad61dc5d79 "Remove OneDrive from File Explorer navigation pane - Microsoft Community | answers.microsoft.com" code: |- reg add "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v "System.IsPinnedToNameSpaceTree" /d "0" /t REG_DWORD /f reg add "HKCR\Wow6432Node\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v "System.IsPinnedToNameSpaceTree" /d "0" /t REG_DWORD /f @@ -14683,7 +14664,7 @@ actions: `OneDrive` key at `HKCU\Environment` is found on both Windows 10 and Windows 11. - [1]: https://superuser.com/a/1397495 "Determine OneDrive synchronisation folders - Super User | superuser.com" + [1]: https://web.archive.org/web/20240314091504/https://superuser.com/questions/1336521/determine-onedrive-synchronisation-folders/1397495#1397495 "Determine OneDrive synchronisation folders - Super User | superuser.com" [2]: https://stackoverflow.com/questions/46744840/export-registry-value-to-file-and-then-set-a-variable-in-batch "Export registry value to file and then set a variable in Batch - Stack Overflow | stackoverflow.com" code: reg delete "HKCU\Environment" /v "OneDrive" /f 2>nul - @@ -14927,21 +14908,21 @@ actions: featureName: Microsoft-Hyper-V-Management-PowerShell - name: Disable "Telnet Client" feature - docs: https://social.technet.microsoft.com/wiki/contents/articles/38433.windows-10-enabling-telnet-client.aspx + docs: https://web.archive.org/web/20231207105605/https://social.technet.microsoft.com/wiki/contents/articles/38433.windows-10-enabling-telnet-client.aspx call: function: DisableFeature parameters: featureName: TelnetClient - name: Disable "Net.TCP Port Sharing" feature - docs: https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/net-tcp-port-sharing + docs: https://web.archive.org/web/20240314102452/https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/net-tcp-port-sharing call: function: DisableFeature parameters: featureName: WCF-TCP-PortSharing45 - name: Disable "SMB Direct" feature - docs: https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-direct + docs: https://web.archive.org/web/20240314102437/https://learn.microsoft.com/en-us/windows-server/storage/file-server/smb-direct?tabs=disable call: function: DisableFeature parameters: @@ -14990,7 +14971,7 @@ actions: featureName: Printing-Foundation-Features - name: Disable "Work Folders Client" feature - docs: https://docs.microsoft.com/en-us/windows-server/storage/work-folders/work-folders-overview + docs: https://web.archive.org/web/20240314102358/https://learn.microsoft.com/en-us/windows-server/storage/work-folders/work-folders-overview call: function: DisableFeature parameters: @@ -15042,7 +15023,7 @@ actions: featureName: SearchEngine-Client-Package - category: Remove on-demand capabilities and features - docs: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod#fods-that-are-not-preinstalled-but-may-need-to-be-preinstalled + docs: https://web.archive.org/web/20240314062310/https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod?view=windows-11#fods-that-are-not-preinstalled-but-may-need-to-be-preinstalled children: - category: Remove preinstalled features on demand @@ -15068,7 +15049,7 @@ actions: - name: Remove "OneSync" capability (breaks Mail, People, and Calendar) recommend: strict - docs: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod#onesync + docs: https://web.archive.org/web/20240314062310/https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod?view=windows-11#onesync call: function: UninstallCapability parameters: @@ -15396,7 +15377,7 @@ actions: It has privacy implications as it collects data about your usage of the computer such as diagnostics data [3]. - [1]: https://en.wikipedia.org/wiki/Features_new_to_Windows_11#Windows_shell "Features new to Windows 11 | Wikipedia" + [1]: https://web.archive.org/web/20240314091958/https://en.wikipedia.org/wiki/Features_new_to_Windows_11#Windows_shell "Features new to Windows 11 | Wikipedia" [2]: https://www.bleepingcomputer.com/news/microsoft/windows-10-news-and-interests-enabled-for-everyone-in-latest-update/ "Windows 10 News and Interests enabled for everyone in latest update | Bleeping Computer" [3]: https://support.microsoft.com/en-us/windows/stay-up-to-date-with-widgets-7ba79aaa-dac6-4687-b460-ad16a06be6e4 "What data does Microsoft collect? | Widgets | Microsoft" children: @@ -15412,7 +15393,7 @@ actions: This registry key does not exist in Windows 11 installations by default. - [1]: https://www.elevenforum.com/t/add-or-remove-widgets-button-on-taskbar-in-windows-11.32/ " Add or Remove Widgets Button on Taskbar in Windows 11 | Windows Eleven Forum" + [1]: https://web.archive.org/web/20231206213443/https://www.elevenforum.com/t/add-or-remove-widgets-button-on-taskbar-in-windows-11.32/ " Add or Remove Widgets Button on Taskbar in Windows 11 | Windows Eleven Forum" [2]: https://www.bleepingcomputer.com/news/microsoft/new-windows-11-registry-hacks-to-customize-your-device/ "New Windows 11 registry hacks to customize your device | Bleeping Computer" call: - @@ -15438,7 +15419,7 @@ actions: By removing this app, you also detach yourself from the necessity to agree to Microsoft's general privacy terms [3]. This agreement allows Microsoft to collect your personal data [3]. - You can view these terms at the [privacy agreement](http://go.microsoft.com/fwlink/?LinkID=521839). + You can view these terms at the [Microsoft Privacy Statement](https://web.archive.org/web/20231006103250/https://privacy.microsoft.com/en-US/privacystatement). The app is not needed and not known to break other OS functionality if you do not wish to use Widgets feature. @@ -15685,7 +15666,7 @@ actions: [1]: https://web.archive.org/web/20240218231654/https://learn.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#microsoft-account-sign-in-assistant "Security guidelines for system services in Windows Server 2016 | Microsoft Learn | learn.microsoft.com" [2]: https://web.archive.org/web/20240218232041/https://batcmd.com/windows/10/services/wlidsvc/ "Microsoft Account Sign-in Assistant - Windows 10 Service - batcmd.com | batcmd.com" - [3]: https://web.archive.org/web/20230731230134/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account "Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services - Windows Privacy | Microsoft Learn" + [3]: https://web.archive.org/web/20230911110911/https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account "Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services - Windows Privacy | Microsoft Learn" [4]: https://web.archive.org/web/20240219000506/https://www.howtogeek.com/30348/what-are-wlidsvc.exe-and-wlidsvcm.exe-and-why-are-they-running/ "What Are WLIDSVC.EXE and WLIDSVCM.EXE and Why Are They Running? | howtogeek.com" [5]: https://web.archive.org/web/20240218232515/https://learn.microsoft.com/en-us/entra/fundamentals/new-name "New name for Azure Active Directory - Microsoft Entra | Microsoft Learn | learn.microsoft.com" [6]: https://web.archive.org/web/20240120200946/https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10#search "Device restriction settings for Windows 10/11 in Microsoft Intune | Microsoft Learn | learn.microsoft.com" @@ -15995,7 +15976,7 @@ actions: children: - name: Set NTP (time) server to `pool.ntp.org` - docs: https://www.pool.ntp.org/en/use.html + docs: https://www.ntppool.org/en/use.html recommend: strict # `sc queryex` output is same in every OS language # Marked: refactor-with-revert-call, refactor-with-variables