Add reg-helper module.

9 years ago · 4fc197ae4e
parent 7265a45b76
commit 4fc197ae4e
6 changed files with 48 additions and 70 deletions
--- a/lib/reg-helper.psm1
+++ b/lib/reg-helper.psm1
@ -0,0 +1,28 @@
+function Import-Registry($reg) {
+    # add reg file hander
+    $reg = "Windows Registry Editor Version 5.00`r`n`r`n" + $reg
+
+    # store, import and remove reg file
+    $regfile = "$env:windir\Temp\registry.reg"
+    $reg | Out-File $regfile
+    Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
+    rm $regfile
+}
+
+function Takeown-Registry($key) {
+    # TODO works only for LocalMachine for now
+    $key = $key.substring(19)
+
+    # set owner
+    $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows Defender\Spynet", "ReadWriteSubTree", "TakeOwnership")
+    $owner = [Security.Principal.NTAccount]"Administrators"
+    $acl = $key.GetAccessControl()
+    $acl.SetOwner($owner)
+    $key.SetAccessControl($acl)
+
+    # set FullControl
+    $acl = $key.GetAccessControl()
+    $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
+    $acl.SetAccessRule($rule)
+    $key.SetAccessControl($acl)
+}
--- a/scripts/disable-defender.ps1
+++ b/scripts/disable-defender.ps1
@ -1,10 +1,10 @@
 #   Description:
 # This script will disable Windows Defender via Group Policies.

-echo "Disabling Windows Defender"
-$reg = @"
-Windows Registry Editor Version 5.00
+Import-Module $PSScriptRoot\..\lib\reg-helper.psm1

+echo "Disabling Windows Defender"
+Import-Registry(@"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender]
 "DisableAntiSpyware"=dword:00000001
 "DisableRoutinelyTakingAction"=dword:00000001
@ -13,8 +13,4 @@ Windows Registry Editor Version 5.00

 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection]
 "DisableRealtimeMonitoring"=dword:00000001
-"@
-$regfile = "$env:windir\Temp\registry.reg"
-$reg | Out-File $regfile
-Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
-rm $regfile
+"@)
--- a/scripts/disable-telemetry.ps1
+++ b/scripts/disable-telemetry.ps1
@ -2,6 +2,8 @@
 # This script redirects telemetry related domains to your nowhere using the
 # hosts file. Additionally telemetry is disallows via Group Policies.

+Import-Module $PSScriptRoot\..\lib\reg-helper.psm1
+
 echo "Adding telemetry routes to hosts file"
 $hosts = @"
 0.0.0.0 134.170.30.202
@ -56,17 +58,11 @@ $hosts = @"
 0.0.0.0 watson.telemetry.microsoft.com
 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
 0.0.0.0 wes.df.telemetry.microsoft.com
-"@
+"@)
 echo $hosts >> "$env:systemroot\System32\drivers\etc\hosts"

 echo "Disabling telemetry via Group Policies"
-$reg = @"
-Windows Registry Editor Version 5.00
-
+Import-Registry(@"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
 "AllowTelemetry"=dword:00000000
-"@
-$regfile = "$env:windir\Temp\registry.reg"
-$reg | Out-File $regfile
-Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
-rm $regfile
+"@)
--- a/scripts/fix-privacy-settings.ps1
+++ b/scripts/fix-privacy-settings.ps1
@ -2,35 +2,7 @@
 # This script will try to fix many of the privacy settings for the user. This
 # is work in progress!

-
-function Import-Registry($reg) {
-    # add reg file hander
-    $reg = "Windows Registry Editor Version 5.00`r`n`r`n" + $reg
-
-    # store, import and remove reg file
-    $regfile = "$env:windir\Temp\registry.reg"
-    $reg | Out-File $regfile
-    Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
-    rm $regfile
-}
-
-function Takeown-Registry($key) {
-    # TODO works only for LocalMachine for now
-    $key = $key.substring(19)
-
-    # set owner
-    $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows Defender\Spynet", "ReadWriteSubTree", "TakeOwnership")
-    $owner = [Security.Principal.NTAccount]"Administrators"
-    $acl = $key.GetAccessControl()
-    $acl.SetOwner($owner)
-    $key.SetAccessControl($acl)
-
-    # set FullControl
-    $acl = $key.GetAccessControl()
-    $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
-    $acl.SetAccessRule($rule)
-    $key.SetAccessControl($acl)
-}
+Import-Module $PSScriptRoot\..\lib\reg-helper.psm1

 function Enable-Privilege {
    param($Privilege)
--- a/scripts/optimize-windows-update.ps1
+++ b/scripts/optimize-windows-update.ps1
@ -2,29 +2,19 @@
 # This script optimizes Windows updates by disabling automatic download and
 # seeding updates to other computers.

-echo "Disable automatic download and installation of Windows updates"
-$reg = @"
-Windows Registry Editor Version 5.00
+Import-Module $PSScriptRoot\..\lib\reg-helper.psm1

+echo "Disable automatic download and installation of Windows updates"
+Import-Registry(@"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU]
 "NoAutoUpdate"=dword:00000000
 "AUOptions"=dword:00000002
 "ScheduledInstallDay"=dword:00000000
 "ScheduledInstallTime"=dword:00000003
-"@
-$regfile = "$env:windir\Temp\registry.reg"
-$reg | Out-File $regfile
-Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
-rm $regfile
+"@)

 echo "Disable seeding of updates to other computers"
-$reg = @"
-Windows Registry Editor Version 5.00
-
+Import-Registry(@"
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization]
 "SystemSettingsDownloadMode"=dword:00000003
-"@
-$regfile = "$env:windir\Temp\registry.reg"
-$reg | Out-File $regfile
-Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
-rm $regfile
+"@)
--- a/scripts/remove-onedrive.ps1
+++ b/scripts/remove-onedrive.ps1
@ -1,6 +1,8 @@
 #   Description:
 # This script will remove and disable OneDrive integration.

+Import-Module $PSScriptRoot\..\lib\reg-helper.psm1
+
 echo "Kill OneDrive process"
 taskkill.exe /F /IM "OneDrive.exe"
 taskkill.exe /F /IM "explorer.exe"
@ -20,16 +22,10 @@ rm -r -Force "$env:userprofile\OneDrive"
 rm -r -Force "C:\OneDriveTemp"

 echo "Disable OneDrive via Group Policies"
-$reg = @"
-Windows Registry Editor Version 5.00
-
+Import-Registry(@"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive]
 "DisableFileSyncNGSC"=dword:00000001
-"@
-$regfile = "$env:windir\Temp\registry.reg"
-$reg | Out-File $regfile
-Start-Process "regedit.exe" -ArgumentList ("/s", "$regfile") -Wait
-rm $regfile
+"@)

 echo "Removing startmenu entry"
 rm "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"