From e18907ca91e483255b44d14d7d923d7eef92afbd Mon Sep 17 00:00:00 2001 From: undergroundwires Date: Thu, 25 Apr 2024 10:36:33 +0200 Subject: [PATCH] win: improve 'Snipping Tool' removal #343 Due to changes in how Windows handles the Snipping Tool, this commit reclassifies the tool's disablement into its own distinct category. This update introduces alternative methods to disable the tool, enhances documentation, and improves script functionality. Changes include: - Move Snipping Tool removal to a standalone category for clearer navigation. - Expand documentation to better describe the tool's impact on privacy. - Add methods to disable the tool without removing the app. - Implement a shared function to disable specific Windows hotkeys. - Rename Cortana shortcut disablement script for consistency. --- src/application/collections/windows.yaml | 314 ++++++++++++++++++++--- 1 file changed, 285 insertions(+), 29 deletions(-) diff --git a/src/application/collections/windows.yaml b/src/application/collections/windows.yaml index bfdd5401..2d323a35 100644 --- a/src/application/collections/windows.yaml +++ b/src/application/collections/windows.yaml @@ -3585,7 +3585,7 @@ actions: reg delete "HKCU\Software\Microsoft\Speech_OneCore\Preferences" /v "VoiceActivationOn" /f 2>nul reg delete "HKLM\Software\Microsoft\Speech_OneCore\Preferences" /v "VoiceActivationDefaultOn" /f 2>nul - - name: Disable Cortana listening to commands on Windows key + C + name: Disable Cortana keyboard shortcut (**Windows logo key** + **C**) recommend: standard call: - @@ -12736,34 +12736,6 @@ actions: parameters: packageName: Microsoft.Wallet # Get-AppxPackage Microsoft.Wallet publisherId: 8wekyb3d8bbwe - - - name: Remove "Snipping Tool" app - docs: |- - [Microsoft Store Page](https://web.archive.org/web/20231004133447/https://apps.microsoft.com/store/detail/snipping-tool/9MZ95KL8MR0L) - - This app was formerly named as "Snip & Sketch" [1] [2]. - - This app comes pre-installed on certain versions of Windows [1] [2]. - - ### Overview of default preinstallation - - | OS | Version | Existence | - | -- |:-------:|:---------:| - | Windows 10 | 19H2 | ✅ | - | Windows 10 | 20H2 | ✅ | - | Windows 10 | 21H2 | ✅ | - | Windows 10 | 22H2 | ✅ | - | Windows 11 | 21H2 | ✅ | - | Windows 11 | 22H2 | ✅ | - | Windows 11 | 23H2 | ✅ | - - [1]: https://web.archive.org/web/20210727081048/https://docs.microsoft.com/en-us/windows/application-management/apps-in-windows-10 "Windows 10 - Apps - Windows Application Management | Microsoft Docs" - [2]: https://web.archive.org/web/20221101231811/https://learn.microsoft.com/en-us/windows/application-management/provisioned-apps-windows-client-os "Get the provisioned apps on Windows client operating system - Windows Application Management | Microsoft Learn" - call: - function: UninstallStoreApp - parameters: - packageName: Microsoft.ScreenSketch # Get-AppxPackage Microsoft.ScreenSketch - publisherId: 8wekyb3d8bbwe - name: Remove "Print 3D" app docs: |- @@ -17377,6 +17349,159 @@ actions: parameters: serviceName: VSS # Check: (Get-Service -Name 'VSS').StartType defaultStartupMode: Manual # Allowed values: Automatic | Manual + - + category: Remove Snipping Tool + docs: |- + This category addresses privacy risks related to the **Snipping Tool** [1] [2] + (also called **screen capture** [3]) and its earlier forms, **Snip & Sketch** [1] [4] + and **Screen Sketch** [4]. + + The Snipping Tool enables users to capture screenshots [2] [5] and record their screens [2]. + This capability can expose sensitive information displayed on the screen unintentionally. + + Earlier versions had significant privacy vulnerabilities, allowing recovery of cropped + screenshot portions [6] [7]. + For example, bank details edited out of a saved screenshot could still be extracted by + malicious entities [6]. + Although updates have remedied these issues in modern versions [6], the potential for + data exposure remains a concern. + + Disabling this tool enhances privacy by preventing unintentional capture of sensitive + information and protecting against vulnerabilities. + + [1]: https://archive.ph/2024.04.24-100718/https://apps.microsoft.com/detail/9mz95kl8mr0l?hl=en-US&gl=US "Snipping Tool - Microsoft Apps | apps.microsoft.com" + [2]: https://web.archive.org/web/20240424101014/https://www.microsoft.com/en-us/windows/learning-center/how-to-record-screen-windows-11 "How to Record Your Screen on Windows 11 | Microsoft Windows | www.microsoft.com" + [3]: https://web.archive.org/web/20240424100904/https://github.com/undergroundwires/privacy.sexy/issues/343 "[BUG]: Snipping Tool still can be executable via its keyboard shortcut · Issue #343 · undergroundwires/privacy.sexy · GitHub | github.com" + [4]: https://web.archive.org/web/20240424100700/https://blogs.windows.com/windowsexperience/2018/10/02/find-out-whats-new-in-windows-and-office-in-october/ "Find out what’s new in Windows and Office in October | Windows Experience Blog | blogs.windows.com" + [5]: https://web.archive.org/web/20240424101031/https://support.microsoft.com/en-us/windows/open-snipping-tool-and-take-a-screenshot-a35ac9ff-4a58-24c9-3253-f12bac9f9d44 "Open Snipping Tool and take a screenshot - Microsoft Support | support.microsoft.com" + [6]: https://archive.ph/2024.04.24-100742/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303 "CVE-2023-28303 - Security Update Guide - Microsoft - Windows Snipping Tool Information Disclosure Vulnerability | msrc.microsoft.com" + [7]: https://web.archive.org/web/20240424100805/https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/ "Windows 11 Snipping Tool privacy bug exposes cropped image content | www.bleepingcomputer.com" + children: + - + name: Remove outdated "Snipping Tool" app + docs: |- + This script removes the outdated **Snipping Tool** app. + It was previously known as **Snip & Sketch** [1] [2] [3]. + + It allows users to capture, edit, and share screenshots [3]. + + In recent Windows versions, this app is part of the *Windows Feature Experience Pack* + (`MicrosoftWindows.Client.Core`) and is no longer a separate application [4] [5] [6] [7]. + This script disables snipping functionality on older Windows versions. + privacy.sexy does not remove the entire Windows Feature Experience Pack, + as it contains many other essential functions [7]. + + This app comes pre-installed on certain versions of Windows [1] [2]. + + ### Overview of default preinstallation + + | OS | Version | Existence | + | -- |:-------:|:---------:| + | Windows 10 | 19H2 | ✅ | + | Windows 10 | 20H2 | ✅ | + | Windows 10 | 21H2 | ✅ | + | Windows 10 | 22H2 | ✅ | + | Windows 11 | 21H2 | ✅ | + | Windows 11 | 22H2 | ✅ | + | Windows 11 | 23H2 | ✅ | + + [1]: https://web.archive.org/web/20210727081048/https://docs.microsoft.com/en-us/windows/application-management/apps-in-windows-10 "Windows 10 - Apps - Windows Application Management | Microsoft Docs" + [2]: https://web.archive.org/web/20221101231811/https://learn.microsoft.com/en-us/windows/application-management/provisioned-apps-windows-client-os "Get the provisioned apps on Windows client operating system - Windows Application Management | Microsoft Learn" + [3]: https://archive.ph/2024.04.24-100718/https://apps.microsoft.com/detail/9mz95kl8mr0l?hl=en-US&gl=US "Snipping Tool - Microsoft Apps | apps.microsoft.com" + [4]: https://web.archive.org/web/20240320082149/https://blogs.windows.com/windows-insider/2020/11/30/releasing-windows-feature-experience-pack-120-2212-1070-0-to-the-beta-channel/ "Releasing Windows Feature Experience Pack 120.2212.1070.0 to the Beta Channel | Windows Insider Blog | blogs.windows.com" + [5]: https://archive.ph/2024.03.20-082058/https://twitter.com/XenoPanther/status/1504870414702592003 "Xeno on X: \"Parts of https://t.co/w2Ys4Es9T0 have been moved to MicrosoftWindows.Client.Core https://t.co/LQ1k2iDzwz\" / X | twitter.com/XenoPanther" + [6]: https://web.archive.org/web/20240320082048/https://answers.microsoft.com/en-us/insider/forum/all/snipping-tool-issues-with-build-25295/065a6718-70a0-4e3b-ab1b-21f6315c0296 "Snipping Tool issues with Build 25295 - Microsoft Community | answers.microsoft.com" + [7]: https://web.archive.org/web/20240424100904/https://github.com/undergroundwires/privacy.sexy/issues/343 "[BUG]: Snipping Tool still can be executable via its keyboard shortcut · Issue #343 · undergroundwires/privacy.sexy · GitHub | github.com" + call: + function: UninstallStoreApp + parameters: + packageName: Microsoft.ScreenSketch # Get-AppxPackage Microsoft.ScreenSketch + publisherId: 8wekyb3d8bbwe + - + name: Disable outdated Snipping Tool + docs: |- + This script disables the outdated Snipping Tool [1] [2]. + This app is enabled by default [1] [2]. + + The script modifies the `HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool` [1] [2] + registry key, preventing the tool from launching [1] [2] [3] and disabling the print screen + key activation [3]. + + After running this script, any attempt to open the Snipping Tool will show this message [4], + confirming its deactivation (tested on Windows 11 and 10): + + > Windows cannot open this program because it has been prevented by a software restriction policy. + > For more information please contact your system administrator. + + This script does not affect the new Snipping Tool in Windows 11, only the store app version. + + [1]: https://web.archive.org/web/20240424103745/https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.TabletPCShell::DisableSnippingTool_2 "Do not allow Snipping Tool to run | admx.help" + [2]: https://web.archive.org/web/20240424103728/https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-tabletshell#disablesnippingtool_1 "ADMX_TabletShell Policy CSP - Windows Client Management | Microsoft Learn | learn.microsoft.com" + [3]: https://web.archive.org/web/20240424103901/https://www.thewindowsclub.com/disable-snipping-tool-in-windows-10 "How to Disable Snipping Tool or Print Screen in Windows 11/10 | www.thewindowsclub.com" + [4]: https://web.archive.org/web/20240424103809/https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994599(v=ws.11)#windows-cannot-open-a-program "Troubleshoot Software Restriction Policies | Microsoft Learn | learn.microsoft.com" + call: + function: RunInlineCode + parameters: + code: reg add "HKLM\SOFTWARE\Policies\Microsoft\TabletPC" /v "DisableSnippingTool" /t "REG_DWORD" /d "1" /f + # This key does not exist (tested since Windows 10 22H2, and Windows 11 22H3) + revertCode: reg delete "HKLM\SOFTWARE\Policies\Microsoft\TabletPC" /v "DisableSnippingTool" /f 2>nul + - + name: Disable Snipping Tool keyboard shortcut (**Windows logo key** + **Shift** + **S**) + docs: |- + This script disables the **Windows logo key** + **Shift** + **S** keyboard shortcut. + + This keyboard shortcut by default launches the Snipping Tool to capture screenshots [1] [2]. + During the screenshot process, the screen darkens to indicate the selected area [1]. + + By preventing Windows Explorer from recognizing this keyboard shortcut [3], the script enhances privacy by + reducing the risk of unintended data exposure through screenshots. + + This script also disables the **Windows logo key** + **S** keyboard shortcut [4], which by default + activates search functions on Windows [5]. + + > **Caution**: Due to limitation of configuring disabled keys on Windows [6], + > this will also disable the other Windows logo keyboard shortcuts including **S** button. + + [1]: https://web.archive.org/web/20240424101031/https://support.microsoft.com/en-us/windows/open-snipping-tool-and-take-a-screenshot-a35ac9ff-4a58-24c9-3253-f12bac9f9d44 "Open Snipping Tool and take a screenshot - Microsoft Support | support.microsoft.com" + [2]: https://web.archive.org/web/20240424105319/https://support.lenovo.com/us/sv/solutions/ht117622 "How to take a screenshot using the Snipping Tool in Windows 10 and 11 - Lenovo Support US | support.lenovo.com" + [3]: https://web.archive.org/web/20240424100904/https://github.com/undergroundwires/privacy.sexy/issues/343 "[BUG]: Snipping Tool still can be executable via its keyboard shortcut · Issue #343 · undergroundwires/privacy.sexy · GitHub | github.com" + [4]: https://web.archive.org/web/20240424105243/https://github.com/microsoft/PowerToys/issues/18450#issuecomment-1204728155 "[PowerToys Run] Win+S hotkey won't gain focus when Start menu is open · Issue #18450 · microsoft/PowerToys · GitHub | github.com" + [5]: https://web.archive.org/web/20240424105403/https://support.microsoft.com/en-us/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec "Keyboard shortcuts in Windows - Microsoft Support | support.microsoft.com" + [6]: https://web.archive.org/web/20240424104551/https://www.geoffchappell.com/notes/windows/shell/explorer/globalhotkeys.htm "Disable Global Hot Keys | www.geoffchappell.com" + call: + function: DisableWindowsKeyPlusCharacterHotkey + parameters: + characterKeyToDisable: S + - + name: Disable Print Screen keyboard shortcut for Snipping Tool + docs: |- + This script prevents the Print Screen key from launching the Snipping Tool. + + This is the default Windows behavior starting from Windows 11 22H2 [1]. + + The script targets the `HKCU\Control Panel\Keyboard\PrintScreenKeyForSnippingEnabled` registry key. + This key toggles the setting "Use the Print screen button to open screen snipping" in the control panel [1] [2] [3]. + Changing this setting through the user interface also modifies this registry entry [3]. + This key is absent by default in modern Windows versions, confirmed through testing starting with Windows + 10 22H2 and Windows 11 22H3, which indicates that the Print Screen shortcut is enabled. + + Applying these changes requires restarting File Explorer (`explorer.exe`) [3]. + Both `explorer.exe` [4] and `Taskbar.dll` [5] reads this configuration at startup. + + [1]: https://web.archive.org/web/20240424111406/https://blogs.windows.com/windows-insider/2023/04/07/announcing-windows-11-insider-preview-build-22621-1546-and-22624-1546/ "Announcing Windows 11 Insider Preview Build 22621.1546 and 22624.1546 | Windows Insider Blog | blogs.windows.com" + [2]: https://web.archive.org/web/20240424111351/https://www.elevenforum.com/t/enable-or-disable-use-print-screen-key-to-open-screen-snipping-in-windows-11.520/ "Enable or Disable Use Print Screen Key to Open Screen Snipping in Windows 11 Tutorial | Windows 11 Forum | www.elevenforum.com" + [3]: https://web.archive.org/web/20240424100904/https://github.com/undergroundwires/privacy.sexy/issues/343 "[BUG]: Snipping Tool still can be executable via its keyboard shortcut · Issue #343 · undergroundwires/privacy.sexy · GitHub | github.com" + [4]: https://github.com/privacysexy-forks/10_0_22622_601/blob/c598035e1a6627384d646140fe9e4d234b36b11d/C/Windows/System32/Taskbar.dll.strings#L9711 "10_0_22622_601/C/Windows/System32/Taskbar.dll.strings at c598035e1a6627384d646140fe9e4d234b36b11d · WinDLLsExports/10_0_22622_601 · GitHub | github.com" + [5]: https://github.com/privacysexy-forks/10_0_22621_891/blob/fde7af7776698377aceb48a54bcf7bedaadd5c2d/C/Windows/explorer.exe.strings#L7645 "10_0_22621_891/C/Windows/explorer.exe.strings at fde7af7776698377aceb48a54bcf7bedaadd5c2d · WinDLLsExports/10_0_22621_891 · GitHub" + call: + - + function: RunInlineCode + parameters: + code: reg add "HKCU\Control Panel\Keyboard" /v "PrintScreenKeyForSnippingEnabled" /t "REG_DWORD" /d "0" /f + # This key does not exist (tested since Windows 10 22H2, and Windows 11 22H3) + revertCode: reg delete "HKCU\Control Panel\Keyboard" /v "PrintScreenKeyForSnippingEnabled" /f 2>nul + - + function: ShowExplorerRestartSuggestion - category: Advanced settings children: @@ -19906,3 +20031,134 @@ functions: code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\{{ $algorithmName }}" /v "Enabled" /t REG_DWORD /d "0" /f revertCode: >- # Missing subkeys under `Ciphers` since Windows 10 22H2 Pro and Windows 11 23H2 Pro reg delete "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\{{ $algorithmName }}" /v "Enabled" /f 2>nul + - + name: DisableWindowsKeyPlusCharacterHotkey + parameters: + - name: characterKeyToDisable + docs: |- + This function disables specific hotkeys that combine the Windows key with another key. + + Windows Explorer registers nearly two dozen such combinations as global hotkeys, primarily + for taskbar-related functionalities [1]. + Although these settings are not extensively documented [1], they are acknowledged by Microsoft [2]. + + The function modifies the registry key `HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisabledHotkeys` [1] [3] [4]. + The specified alphabetical character must be provided in uppercase for the registry data [1]. + This adjustment requires a restart of the explorer process (`explorer.exe`) [3] [5] or a system restart [4]. + + > **Caution**: + > Disabling a character will block all hotkey combinations that use it [1] [4]. + > For example, disabling "V" affects both `Win-V` and `Win-Shift-V` [1] [4]. + > See the [Microsoft Support page](https://web.archive.org/web/20240424105403/https://support.microsoft.com/en-us/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec) + > on keyboard shortcuts to understand which Windows key combinations will be affected. + + [1]: https://web.archive.org/web/20240424104551/https://www.geoffchappell.com/notes/windows/shell/explorer/globalhotkeys.htm "Disable Global Hot Keys | www.geoffchappell.com" + [2]: https://web.archive.org/web/20240424112600/https://github.com/microsoft/PowerToys/issues/12928#issuecomment-999819246 "Shortcut overlay disregard `DisabledHotkeys` registry setting. · Issue #12928 · microsoft/PowerToys · GitHub" + [3]: https://web.archive.org/web/20240424112650/https://www.nextofwindows.com/how-to-disable-any-specific-win-keyboard-shortcut-in-windows "How To Disable Any Specific Win Keyboard Shortcut in Windows - NEXTOFWINDOWS.COM | www.nextofwindows.com" + [4]: https://web.archive.org/web/20240424113022/https://www.ghacks.net/2015/03/22/how-to-disable-specific-global-hotkeys-in-windows/ "How to disable specific global hotkeys in Windows - gHacks Tech News | www.ghacks.net" + [5]: https://web.archive.org/web/20240424100904/https://github.com/undergroundwires/privacy.sexy/issues/343#issuecomment-2056279298 "[BUG]: Snipping Tool still can be executable via its keyboard shortcut · Issue #343 · undergroundwires/privacy.sexy · GitHub | github.com" + call: + - + function: Comment + parameters: + codeComment: Disable the global Windows hotkey "{{ $characterKeyToDisable }}" to prevent its default action. + revertCodeComment: Restore the global Windows hotkey "{{ $characterKeyToDisable }}" to re-enable its default functionality. + - + function: RunPowerShell + parameters: + code: |- + $keyToDisable='{{ $characterKeyToDisable }}' + $keyToDisableInUppercase = $keyToDisable.ToUpper() + $registryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' + $propertyName = 'DisabledHotkeys' + $disabledKeys = Get-ItemProperty ` + -Path $registryPath ` + -Name $propertyName ` + -ErrorAction SilentlyContinue ` + | Select-Object -ExpandProperty "$propertyName" + if ($disabledKeys) { + if ($disabledKeys.Contains($keyToDisableInUppercase)) { + Write-Host "Skipping: Key `"$keyToDisableInUppercase`" is already disabled. All disabled keys: `"$disabledKeys`". No action needed." + exit 0 + } + $newKeysToDisable = "$($disabledKeys)$($keyToDisableInUppercase)" + Write-Host "Some keys are already disabled: `"$disabledKeys`", but not `"$keyToDisableInUppercase`", disabling it too, new disabled keys: `"$newKeysToDisable`"." + try { + Set-ItemProperty ` + -Path $registryPath ` + -Name $propertyName ` + -Value "$newKeysToDisable" ` + -Force ` + -ErrorAction Stop + Write-Host "Successfully disabled,`"$keyToDisableInUppercase`", all disabled keys: `"$newKeysToDisable`"." + Exit 0 + } catch { + Write-Error "Failed to disable `"$newKeysToDisable`": $_" + Exit 1 + } + } else { + Write-Host "No keys has been disabled before, disabling: `"$keyToDisableInUppercase`"." + try { + Set-ItemProperty ` + -Path $registryPath ` + -Name $propertyName ` + -Value "$keyToDisableInUppercase" ` + -Force ` + -ErrorAction Stop + Write-Host "Successfully disabled `"$keyToDisableInUppercase`"." + Exit 0 + } catch { + Write-Error "Failed to disable `"$keyToDisableInUppercase`": $_" + Exit 1 + } + } + revertCode: |- + $keyToRestore='{{ $characterKeyToDisable }}' + $keyToRestoreInUppercase = $keyToRestore.ToUpper() + $registryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' + $propertyName = 'DisabledHotkeys' + $disabledKeys = Get-ItemProperty ` + -Path $registryPath ` + -Name $propertyName ` + -ErrorAction SilentlyContinue ` + | Select-Object -ExpandProperty "$propertyName" + if (-Not $disabledKeys) { + Write-Host "Skipping: No keys has been disabled before, no need to restore `"$keyToRestoreInUppercase`"." + Exit 0 + } + if (-Not $disabledKeys.Contains($keyToRestoreInUppercase)) { + Write-Host "Skipping: Key `"$keyToRestoreInUppercase`" is not disabled. All disabled keys: `"$disabledKeys`". No action needed." + Exit 0 + } + $newKeysToDisable = $disabledKeys.Replace($keyToRestoreInUppercase, "") + if (-Not $newKeysToDisable) { + Write-Host "Removing all entries from the disabled keys as the last key `"$keyToRestoreInUppercase`" is being restored." + try { + Remove-ItemProperty ` + -Path $registryPath ` + -Name $propertyName ` + -Force ` + -ErrorAction Stop + Write-Host "Successfully removed the `"$propertyName`" property from the registry, no disabled keys remain." + Exit 0 + } catch { + Write-Error "Failed to remove the empty `"$propertyName`" property from the registry: $_" + Exit 1 + } + } + try { + Write-Host "Restoring `"$keyToRestoreInUppercase`", all disabled keys: `"$disabledKeys`", new disabled keys: `"$newKeysToDisable`"." + Set-ItemProperty ` + -Path $registryPath ` + -Name $propertyName ` + -Value "$newKeysToDisable" ` + -Force ` + -ErrorAction Stop + Write-Host "Successfully restored `"$keyToRestoreInUppercase`", disabled keys now: `"$newKeysToDisable`"." + Exit 0 + } catch { + Write-Error "Failed to restore `"$keysToDisable`": $_" + Exit 1 + } + - + function: ShowExplorerRestartSuggestion