Reorganize and document scripts for disabling network features,
enhancing their discoverability and manageability. This commit
categorizes scripts related to disabling insecure network connections,
improves documentation, and makes these scripts more accessible.
- Group scripts under `Disable insecure connections` category.
- Move SMBv1 and NetBios disablement scripts to this new category.
- Improve documentation, highlighting the security improvements
and potential compatibility issues with older systems.
Addresses issues #57, #115, #183, #175, and #185 by simplifying the
process of troubleshooting and reversing changes if necessary.
This commit refines the reversion process for disabled services,
including handling cases where a service is missing, and enhances
documentation related to default service states. It corrects the
startup mode for the `gupdatem` service from 'Automatic' to 'Manual'.
Key changes:
- Add documentation on default service states and startup types.
- Introduce `ignoreMissingOnRevert` to skip errors when reverting
missing services, improving the user experience.
- Standardize script titles for consistency across service
disablement scripts.
- Correct the startup type for `gupdatem` to 'Manual', aligning
it with its actual default state.
Supporting changes:
- Update `DisableService` function to support `ignoreMissingOnRevert`,
allowing more flexibility in handling missing services on revert.
- Change `treatMissingStateAsOk` to `ignoreMissingOnRevert` for
clarity and consistency.
This commit enhances the documentation related to disabling the firewall
services in Windows, with a focus on the `winget` CLI's functionality,
resolving #142.
Changes:
- Expand documentation to include implications on `winget` CLI,
addressing the issue #142.
- Add documentation for disabling `mpsdrv` service.
- Align documentation for disabling `mpssvc` service to match updates
made for `mpsrv` to maintain consistency across documentation.
- Introduce documentation for parent categories affected by scripts
that disable these services.
- Add documentation for parent categories for disabling these firewall
services.
The documentation aims to provide users with a comprehensive
understanding of how these changes affect both system performance and
security posture.
This commit improves the IntelliCode privacy settings for Visual Studio
by adjusting registry entries to prevent data collection without
impacting IntelliCode's functionality.
- Fix registry value setting for `DisableRemoteAnalysis` to prevent
unexpected hangs in Visual Studio.
This resolves issues reported in #267 and #268.
- Change the script recommentation level to 'Standard', and remove
previous warnings about potential hangups, based on the successful
mitigation of these issues.
This reverts 7f7a84e3ba.
- Incorporate feedback from an official Microsoft statement
(MicrosoftDocs/intellicode#510), acknowledging the discontinuation of
certain IntelliCode backend services. This renders the remote analysis
feature obsolete.
- Revise the documentation to make it more accessible and easier to
understand.
- Migrate feature disablement to PowerShell for clarity and robustness.
- Improve log outputs and error handling for missing or default-disabled
features. This fixes false-positive errors by treating the absence of
a targeted feature as a success condition, and treats features
disabled by the OS as non-issues.
- Fix revert logic to align with OS defaults, correcting previous
behavior that indiscriminately enabled features without considering
their default state.
- Fix usage of incorrect feature name for `LDPPrintService`, correcting
attempts to disable a non-existing feature.
- Standardize script recommendations for outdated or missing features
on modern Windows versions by recommending them on 'Standard'
selection, providing clearer guidance for users.
- Rename feature-related scripts for consistency with Windows display
names, improving consistency and script discoverability.
- Expand documentation for all feature-disabling scripts, adding
details such as display names, descriptions, and default states,
thereby informing users about the specifics and rationale of each
script.
- Rename `DisableFeature` function to `DisableWindowsFeature` for
increased descriptiveness and alignment with PowerShell conventions.
- Harmonize the use of the `DisableWindowsFeature` function across
scripts targeting various features, including SMBv1 and PowerShell
2.0 downgrade attacks, enhancing consistency and maintainability.
- Add code comments in the generated disable/enable feature scripts,
improving understandability for users.
- Add the ability to revert to default OS behavior for feature
enablement/disablement to align with OS defaults.
- Consolidate secret key improvement scripts into a single category.
- Simplify script names to improve user understanding.
- Expand and refine documentation, adding cautionary notes for clarity
and helping users make informed decisions (addresses issues #57, #131,
#175, #183).
- Adjust recommendation levels for scripts to 'Standard' to reflect
their adoption in modern Windows and align with security standards:
- Set Diffie-Hellman key exchange minimum to 2048 bits, matching
modern Windows defaults
- Align RSA key size with Microsoft's upcoming deprecation of 1024-bit
keys.
- Improve the revert process by suppressing false error messages using
`2>nul` in `reg delete` commands.
- Introduce a unified approach to adjust key sizes in key exchange
algorithms with `RequireMinimumKeySize` function.
- Modify the Diffie-Hellman key exchange to a 2048-bit minimum instead
of 4096 bits to balance security with broader software compatibility.
This attempts to reduce side-effects on third-party software as
reported in #57, #131, #183).
- Replace hexadecimal values with decimal equivalents in registry edits
to facilitate better maintainability and readability.
This commit improves Windows scripts related to phone apps, extending
documentation, renaming scripts for clarity, removing unnecessary
scripts and adjusting recommendation levels.
Changes:
- Add script to disable the 'Call' system app, identified as missing in
issue #279.
- Update documentation for each phone-related app to include
descriptions and cautionary advice, focusing on privacy and
system performance benefits.
- Rename scripts for better alignment with actual app names and to
correct misconceptions:
- 'Communications - Phone' to 'Microsoft Phone'
- 'Your Phone Companion' to 'Your Phone'
- Remove the script for deleting `Microsoft.Windows.Phone` package,
correcting a community misreport.
- Adjust recommendations to remove Phone-related apps, considering their
limited necessity for OS functionality and common software use.
This commit fixes dead URLs and updates documentation references,
improving accuracy and reliability.
Key changes:
- Fix dead URLs by using archived snapshots when they are detected as
down by tests.
- Update URLs to their new redirected locations.
Other supporting changes:
- Introduce long URLs for `archive.ph` links to retain the original
URLs within the documentation. It simplifies the maintenance by
removing the need to document the original locations along with the
short URLs.
- Improve some of the documentation to use more current sources,
replacing the outdated ones.
This commit addresses a regression from refactoring in #215.
It restores YAML escape mechanism with quoting around 'manual' in the
`powerShellValue` attribute to ensure PowerShell interprets the value
correctly.
This change is documented with a comment to avoid future omissions.
This reverts commit c27172c32e.
This commit improves the safety mechanisms in the script for deleting
OneDrive user data on Windows.
Key changes:
- System Integrity Protection: The script now checks if user shell
folders point to the OneDrive directory. If they do, it halts the
deletion and provides guidance to the user. This ensures system
stability is not compromised.
- Data Loss Prevention: The script will no longer delete files or
non-empty folders. This precaution helps to avoid unintended data
loss.
Other supporting changes:
- This script now covers OneDrive folders for multi-account users.
- Separation of concerns: The 'Remove OneDrive residual files' script is
is divided into two distinct scripts for better maintainability and
documentation clarity:
1. 'Remove OneDrive user data and synced folders'
2. 'Remove OneDrive installation files and cache'
- Fix an issue with the Windows 11 check in the 'Disable automatic
OneDrive installation' revert script.
- Update related documentation with archived URLs for reliability.
- Fix indentation of OneDrive removal scripts.
This commit introduces a more structured approach to starting, stopping,
and managing Windows services. By abstracting service control operations
into dedicated functions (`StopService`, `StartService`, etc.), it
improves code readability and facilitates future maintenance.
The modifications include:
- Creation of files (`%APPDIR%`\privacy.sexy-<serviceName>`) for
managing service restart states. This approach simplifies the process
of determining whether a service was running before the script
executed and should therefore be restarted afterward.
- Using `DeleteFiles` and `ClearDirectoryContents` functions to safely
remove files without affecting service operations. This is enabled by
using shared funtions for service operations.
- Introduce new category for host blocking.
- Add new scripts to block tracking hosts Windows connects to.
- Relocate Dropbox host blocking under new category.
- Update comments in `BlockViaHostsFile` function for clarity.
This commit improves the organization of service disabling scripts by
relocating the "Disable OS services" section. It improves documentation
and script/category titles to enhance clarity and accessibility for the
divers user base of privacy.sexy, including those with non-technical
backgrounds.
Key changes:
- Move "Disable OS services" to "Remove bloatware" to simplify
navigation and prepare for new categories (for #26).
- Rename "Disable OS services" to "Disable non-essential services"
for better understanding.
- Relocate "Disable NetBios for all interfaces" to "Security
improvements" due to its relevance to security rather than bloatware.
- Improve documentation.
- Simplify script names by removing technical jargon, making them more
more accessible.
Introduce scripts across Windows, macOS and Linux to allow privacy.sexy
users to erase their script usage traces, improving privacy protection.
Key changes:
- Add category to clear privacy.sexy data.
- Add scripts for deleting privacy.sexy's script execution history and
activity logs.
Supporting changes:
- Update documentation to highlight the new capability for users to
clear privacy.sexy-generated data.
- Add shared functions for directory cleanup for Linux and macOS.
- Add code annotations to hint unified approach across all supported
operating systems.
This commit implements scripts to disable Windows Copilot (Copilot in
Windows), addressing issues #263 and #266.
Changes include:
- Add category and scripts to disable Windows copilot.
- Incorporate a restart explorer suggestion across all taskbar
modification scripts to ensure consistency in user experience.
- Add disabling bing search suggestions, resolving #117.
- Fix revert codes to align with default OS configurations.
- Implement message for recommended explorer.exe restart.
- Simplify script names for ease of understanding.
- Provide detailed documentation for each script change.
- Correct `BingSearchEnabled` registry path from HKLM to HKCU.
- Improve categorization of search privacy scripts.
This commit adds scripts to secure clipboard by disabling clipboard
synchronization and history. These changes aim to prevent sensitive data
like passwords and credit card details from being inadvertently stored
or shared via the cloud.
This commit adds missing extension apps seen since Windows 11 22H2 and
improves documentation scripts and category of extension app removal.
Addition of new extension apps found since Windows 11 22H2:
- HEVC Video Extensions (`Microsoft.HEVCVideoExtension`)
- Raw Image Extension (`Microsoft.RawImageExtension`)
Documentation improvements:
- Fix links that are not correctly archived.
- Add cautionary notes for all extension app removal scripts.
- Add security implications associated with these extensions.
This commit improves documentation for removal of Windows store apps
along with adding related research.
1. Improve Store app removal documentation:
The documentation for scripts that remove Store apps has been
enhanced. It now includes information on the default preinstallation
status of these apps across various Windows versions. This update
covers Windows 10 (from version 19H2 to 23H2) and Windows 11 (from
version 21H2 to 23H2), enabling users to identify potentially
preinstalled apps that might affect privacy.
2. Add research documentation:
A detailed research documentation on Windows Store apps has been
introduced for Windows 10 (versions 1909 to 22H2) and Windows 11
(versions 21H2 to 23H2). This includes lists of preinstalled Store
apps, complete with package information. This research aids in
understanding which default apps are present in different Windows
versions and their status regarding removal. The documentation also
includes the PowerShell script used for this research, serving as a
resource for future updates and expansion.
This commit addresses the language dependency of the `takeown /d y`
command in non-English Windows versions by using the `choice` utility.
This utility dynamically determines the equivalent of 'yes' in the
current system language, resolving issues encountered in the delete
script.
Other solution options such as enumerating language equivalents,
adjusting script culture settings, using side-effects of the `copy`
command, and parsing `takeown` help documentation proved either
impractical or unreliable.
The `choice` command has been successfully tested in both English and
German environments, ensuring reliable execution across various locales.
This change replaces the previous `takeown` usage in the script,
its reliability across diverse Windows locales.
This commit adds Windows update postponement techniques.
This provides users more control over the update process, aiming to
prevent automatic re-enabling of updates without user consent.
These scripts are tested and validated on Windows 10 (22H2 onwards) and
Windows 11 (22H3 onwards), introducing registry modifications for
sustained pause durations.
This commit improves disabling of Application Experience component by
improving the categorization, documentation, existing scripts and adding
new scripts. It renames the scripts to be more user-friendly but still
technically accurate.
- Rename scripts to make them easier for non-technical users to
understand.
- Improve existing documentation and add more documentation.
- Add new scripts for:
- 'Disable "MareBackup" task'
- 'Disable "SdbinstMergeDbTask" task'
- 'Disable "PcaPatchDbTask" task'
- Improve `CompatTelRunner.exe` disabling to soft-delete the file.
This commit strengthens user control over the Windows Update Medic
Service (`WaaSMedicSvc`) and related components. These changes aim to
provide users with more control over Windows updates and telemetry data
shared with Microsoft, addressing privacy concerns.
Updates include:
- Soft deletion of various Windows Update Medic Service files and
remediation files to prevent automatic re-enabling of Windows updates.
- Termination of `upfc.exe` to stop it from reactivating Windows Update
Medic Service, thereby allowing users to maintain their desired update
settings.
- Improving documentation with cautionary notes to guide users through
poential impacts of these changes on system stability and update
integrity.
- Including rationale behind the exclusion of `sedsvc`.
- Better documentation and output messages of `DisableService` function.
Recommending the script that removes "Xbox Identity Provider" app
(`Microsoft.XboxIdentityProvider`) at the "Standard" level has led to
unforeseen consequences for Windows users using Xbox sign-in.
This commit introduces additional documentation and reduces the
recommendation level to mitigate these issues.
- Change recommendation level from "Standard" to "Strict".
- Improve documentation to outline the impact of uninstalling the "Xbox
Identity Provider" app.
- Update script title to warn users about the breaking behavior.
- Reduce recommendation level from "Standard" to "Strict" due to its
potential breaking behavior.
- Add detailed documentation.
- Simplify script title for broader accessibility while maintaining
technical accuracy.
- Note potential impact on remote system management in the script title.
- Adjust revert code align with recent Windows OS version.
This commit fixes the issue of Windows Security app not being removed in
Windows 11. It addresses the problem by extending the app uninstallation
process to cover the new app package specific to Windows 11. It improves
the overall design of templated functions for store app removal to
implement the fix.
- Improve Windows Security removal script:
- Add support for removing `Microsoft.SecHealthUI` in Windows 11.
- Revise script documentation for clarity and correct typos.
- Redesign uninstallion of Store apps:
- Change `UninstallSystemApp` to `UninstallNonRemovableStoreApp` for
wider usage. This change is due to `Microsoft.SecHealthUI` being
non-removable yet not a system app.
- Refactor app data cleanup into two distinct functions
(`ClearStoreAppDataBeforeUninstallation` and
`ClearStoreAppDataAfterUninstallation`) for better clarity and
maintainability. This also helps in testing by allowing easier
reordering of operations.
- Seperate between simple non-removable app uninstallation and
uninstallation with cleanup in separate functions, highlighting that
the latter is more invasive and should be used cautiously. This
addresses permission issues encountered with `SecHealthUI` app
removal during cleanup on Windows 11.
- Separate uninstalling app and uninstalling app with cleanup to
different functions, document that cleanup should no longer be
prefered as it's invasive and too aggresive. Cleanup logic
introduces permission issues/errors for `SecHealthUI` in Windows 11.
- Extend app soft-deletion to include the default Windows app folder,
this ensures that the cleanup covers any kind of Store apps (not
only system apps).
This commit fixes and improves the process termination functionality in
related functions.
`KillProcessWhenItStarts` shared function:
- Fix registry key values configured by removing unnecessary single
quotes.
- Rename to `TerminateExecutableOnLaunch` for clarity.
- Rename parameter `processName` to `executableNameWithExtension` for
clarity.
- Add code comments.
- Document the function.
- Rename `%windir` to `%WINDIR%` for consistency in environment variable
naming across scripts.
- Integrate `KillProcess` for robustness.
- Suppress errors in revert code to prevent false negatives.
`KillProcess` shared function to be able to support the termination:
- Rename to `TerminateRunningProcess` for clarity.
- Rename parameters for clarity and consistency:
- `processName` to `executableNameWithExtension`.
- `processStartPath` to `revertExecutablePath`.
- `processStartArgs` to `revertExecutableArgs`.
- Make revert logic optional.
- Add code comments.
- Improve the service permissions reset logic:
- Implement more intuitive and user-friendly messages.
- Ensure graceful handling when `tccutil` is unavailable.
- Avoid treating unsupported service IDs as errors.
- Introduce atemplated shared function.
- Rename 'Clear all privacy permissions for applications' to
'Clear application privacy permissions' to enhance clarity.
- Add additional documentation.
- Introduce support for missing service permissions.
- Fix a bug where clearing "contacts" permissions inadvertently affected
"full disk access" permissions.
- Move the option to clear all application permissions to top for
improved accessibility.
- Standardize naming across scripts to maintain consistency and clarity.
- Add more documentation and improve existing documetation.
- Rename 'Clear most recently used (MRU) lists' to 'Clear recent
activity logs' for simplicity.
- Move 'clearing recent activity logs' outside of 'Clear
third-application data' to directy under 'Privacy cleanup' as these
recent activities are not always necessarily from third-party
applications.
- Fix dead link.
Co-authored-by: NerdyGamerB0i <85419060+NerdyGamerB0i@users.noreply.github.com>
This commit addresses incorrect URL rendering within documentation text
by improving auto-linkified URL labels, handling `+` symbols as spaces,
enhancing readability of encoded path segments and manually updating
some of the documetation.
Key improvements:
- Parse `+` as whitespace in URLs for accurate script labeling.
- Interpret multiple whitespaces as single for robustness.
- Decode path segments for clearer links.
- Refactor markdown renderer.
- Expand unit tests for comprehensive coverage.
Documentation has been updated to fix inline URL references and improve
linkification across several scripts, ensuring more readable and
user-friendly content.
Affected files and documentation sections have been adjusted
accordingly, including script and category names for consistency and
clarity.
Some of the script/category documentation changing fixing URL rendering
includes:
- 'Disable sending information to Customer Experience Improvement
Program':
- Fix reference URLs being inlined.
- 'Disable "Secure boot" button in "Windows Security"':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- 'Clear Internet Explorer DOMStore':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- 'Disable "Windows Defender Firewall" service':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- Convert YAML comments to markdown comments visible by users.
- Add breaking behavior to script name, changing script name to.
- 'Disable Microsoft Defender Firewall services and drivers':
- Remove information about breaking behavior to avoid duplication and
be consistent with the documentation of the rest of the collections.
- Use consistent styling for warning texts starting with `Caution:`.
- Rename 'Remove extensions' category to 'Remove extension apps' for
consistency with names of its sibling categories.
Improve the revert process for Firefox settings by extending
modifications to also include `prefs.js`.
- Validate profile directories similarly to execution script.
- Check and warn if Firefox is running during revert to prevent
`prefs.js` from being overriden.
- Clarify output messages for execution and revert scripts.
- Add flowchart diagram for visual documentation.
- Improve documentation for consistency and precision.
- Update `.gitignore` to account for temporary draw.io files.
Styling of codeblocks:
- Uniform margins as other documentation elements.
- Add small margin for inline code-blocks.
- Use different background color for inline code-blocks.
- Introduce `inline-code` and `code-block` mixins for clarity in
styling.
Overflowing of codeblocks:
- Improve flex layout of the tree component to be handle overflowing
content and providing maximum available width. To be able to correctly
provide maximum available width in card content, card expansion layout
is changed so both close button and the content gets their full width.
- Other refactorings to support this:
- Introduce separate Vue component for checkboxes of nodes for better
separation of concerns and improved maintainability.
- Refactor `LeafTreeNode` to make it simpler, separating layout concerns
from other styling.
- `ScriptsTree.vue`: Prefer `<div>`s instead of `<span>`s as they
represent large content.
- Remove unnecessary `<div>`s and use `<template>`s to reduce HTML
complexity.
- Update script documentation to not include unnecessary left padding
on script code blocks.
- Refactor SCSS variable names in `DocumentationText.vue` for clarity.
This commit fixes an issue where removing systems apps could disrupt
Windows Cumulative updates as reported in #287.
The fix involves removing the `EndOfLife` registry key after the app is
removed. Keeping the key at
`HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife`
was identified as the cause for update failures in #287.
This commit also refactors the registry key creation/removal logic to be
owned by separate functions for easier readability and reusability.
This commit fixes issues #267 and #286 where users reported that
disabling IntelliCode data collection causes Visual Studio 2022 to hang
or become unresponsive.
The script has been updated to remove its recommendation status and
include a warning about these issues. As Microsoft did not respond to
inconsistencies with the official documentation in
MicrosoftDocs/intellicode#510, this commit prevents further disruptions
for privacy.sexy users.
This patch improves the existing functionality for disabling Windows
Updates. It ensures that the disabling of automatic updates is more
persistent, addressing previous shortcomings.
This commit introduces the "Disable Windows Update scheduled tasks"
category, enabling users to persistently turn off automatic background
updates.
Supporting changes include:
- Improve `DisableScheduledTask`:
- Add the ability to elevate privileges.
- Add the ability to disable tasks upon script reversion to match the
correct default operating system state.
- Fix warning output not being correctly formatted upon script
reversion.
- Add the ability to disable tasks upon script reversion in
`DisableScheduledTask` to match the correct default operating system
state.
- Add a comment to clarify the rationale behind not disabling certain
Windows services.
- Ensure consistent casing (all uppercase) for Windows environment
variables in documentation.
- Ensure consistent and right casing of Windows folder names in scripts
and their documentation.
- Remove incorrect categories and flatten their children.
- Simplify user interface by removing "installed" and "provisioned" app
categories, listing the apps directly.
- Indent comments to be easily collapse parent category in IDE.
- Improve some of the existing documentation.
This commit:
- Reduces false-positive error messages when disabling scheduled tasks.
E.g., `ERROR: The specified task name ... does not exist in the system.`
- Centralizes and unifies the logic for disabling scheduled tasks.
- Adds additional documentation, including the existence status of tasks
on default installations.
- Updates and improves the scripts that disable scheduled tasks.
- Improves consistency of headers in documentation text by removing the
top margin introduces by headers.
Introduces `DisableScheduledTask` templating function:
- It provides a unified way of disabling scheduled tasks.
- It displays user-friendly messages if a task cannot be found.
- It can now handle multiple tasks found matching a pattern.
- The script now exits with the correct error code.
- It skips enable/disable actions if it's not necessary.
Improve existing scripts:
- 'Disable Google update services':
- Rename to 'Disable Google background automatic updates'.
- Add missing scheduled tasks observed in newer versions of Chrome.
- Change the recommendation for disabling certain tasks to `Strict`,
as they may interfere with Google Credential Provider as
side-effect.
- Separate into more categories/scripts for better granularity and
documentation.
- 'Disable Adobe Acrobat update services':
- Rename to 'Disable Adobe background automatic updates'.
- Separate into more categories/scripts for enhanced granularity and
documentation.
- Remove end-of-life `Adobe Flash Player Updater` scheduled task and
`adobeflashplayerupdatesvc`.
- 'Disable Dropbox automatic update services':
- Rename to 'Disable Dropbox background automatic updates'.
- Seperate into more categories/scripts.
- 'Disable Webcam Telemetry (`devicecensus.exe`)':
- Rename to 'Disable census data collection'.
- Add the disabling of the "Device User" task under it.
- 'Disable `devicecensus.exe` (telemetry) process':
- Rename to 'Disable device and configuration data collection tool'.
- 'Disable Nvidia telemetry services':
- Rename to 'Disable Nvidia telemetry scheduled tasks'.
- Converted into a category for better granularity.
- Improve documentation.
- 'Disable Defender tasks':
- Rename to 'Disable Defender scheduled tasks'.
- 'Disable "Windows Defender ExploitGuard" task':
- Rename to 'Disable "ExploitGuard MDM policy Refresh" task'.
- 'Remove Nvidia telemetry tasks':
- Rename to 'Remove Nvidia telemetry packages', as "tasks" often
refers to scheduled tasks.
- 'Disable Microsoft Office Subscription Heartbeat'
- Rename to 'Disable "Microsoft Office Subscription Heartbeat" task'.
- Remove disabling of the undocumented `Office 16 Subscription
Heartbeat` task.
- 'Disable OneDrive scheduled tasks':
- Improve documentation.
- Add disabling of 'OneDrive Per-Machine Standalone Update' task.
- 'Disable Customer Experience Improvement Program'
- Rename to 'Disable "Customer Experience Improvement Program"
scheduled tasks' for clarity.
This commit applies `strictNullChecks` to the entire codebase to improve
maintainability and type safety. Key changes include:
- Remove some explicit null-checks where unnecessary.
- Add necessary null-checks.
- Refactor static factory functions for a more functional approach.
- Improve some test names and contexts for better debugging.
- Add unit tests for any additional logic introduced.
- Refactor `createPositionFromRegexFullMatch` to its own function as the
logic is reused.
- Prefer `find` prefix on functions that may return `undefined` and
`get` prefix for those that always return a value.
This commit improves the revert script for store apps to handle
scenarios where `Get-AppxPackage` returns multiple packages. Instead of
relying on a single package result, the script now iterates over all
found packages and attempts installation using the `AppxManifest.xml`
for each. This ensures that even if multiple versions or instances of a
package are found, the script will robustly handle and attempt to install
each one until successful.
Other changes:
- Add better message with suggestion if the revert code fails, as
discussed in #270.
- Improve robustness of finding manifest path by using `Join-Path`
instead of basic string concatenation. This resolves wrong paths being
built due to missing `\` in file path.
- Add check for null or empty `InstallLocation` before accessing
manifest path. It prevents errors when accessing `AppxManifest.xml`,
enhancing script robustness and reliability.
- Improve error handling in manifest file existence check with try-catch
block to catch and log exceptions, ensuring uninterrupted script
execution in edge cases such as when the script lacks access to read
the directory.
- Add verification of package installation before attempting to install
the package for increased robustness.
- Add documentation for revertCode.
This commit unifies some of the logic, documentation and naming for
Firefox clean-up with improvements on both Linux and Windows platforms.
Windows:
- 'Clear browsing history and cache':
- Not recommend.
- Align script name and logic with Linux implementation.
- New documentation and not including the script in recommendation
provides safety against unintended data loss as discussed in #273.
- 'Clear Firefox user profiles, settings, and data':
- Rename to 'Clear all Firefox user information and preferences' for
improved clarity.
- Add more documentation.
Linux:
- Replace `DeleteFromFirefoxProfiles` with
`DeleteFilesFromFirefoxProfiles`.
- Migrate implementation to Python:
- Add more user-friendly outputs.
- Exclude removing directory itself for additional safety.
Both Linux and Windows:
- Improve documentation for:
- 'Clear Firefox user profiles, settings, and data'
- 'Clear Firefox history'
This commit changes the system app removal functionality in privacy.sexy
to perform a hard delete, while preserving the soft-delete logic for
handling residual files.
It improves in-code documentation to facilitate a clearer understanding
of the code execution flow, as the logic for removing system apps has
grown in complexity and length.
Transitioning to a hard-delete approach resolves issues related to
residual links to soft-deleted apps:
- Resolves issue with Edge remaining in the installed apps list (#236).
- Resolves issue with Edge remaining in the programs list (#194).
- Resolves issue with Edge shortcuts persisting in the start menu (#73).
Other changes:
- `RunPowerShell`:
- Introduce `codeComment` and `revertCodeComment` parameters for
improved in-code documentation.
- `CommentCode`:
- Simplify naming to `Comment`.
- Rename `comment` to `codeComment` for clarity.
- Add functionality to comment on revert with the `revertCodeComment`
parameter.
This commit unifies the way the files are being deleted by introducing
the `DeleteFiles` function. It refactors existing scripts that are
deleting files to use the new function, to improve their documentation
and increase their safety.
Script changes:
- 'Clear Software Reporter Tool logs':
- Rename to: 'Clear Google's "Software Reporter Tool" logs'
- 'Clear credentials in Windows Credential Manager':
- Migrate code to PowerShell, removing the need to delete files.
- Improve error messages and robustness of the implementation.
- 'Clear Nvidia residual telemetry files':
- Extract to two scripts for more granularity and better
documentation:
1. 'Disable Nvidia telemetry components'
2. 'Disable Nvidia telemetry drivers'
- Change the logic so instead of clearing directory contents and
deleting drivers, it conducts a soft delete for reversibility to
prioritize user safety.
- 'Remove OneDrive residual files':
- Improve documentation
- 'Clear primary Windows telemetry file':
- Rename to 'Clear diagnostics tracking logs'.
- Add missing file paths seen on modern versions of Windows.
- Add more documentation.
- 'Clear Windows Update History (`WUAgent`) system logs':
- Rename to 'Clear Windows update files'.
- Add more documentation.
- 'Clear Cryptographic Services diagnostic traces':
- Rename to 'Clear "Cryptographic Services" diagnostic traces'.
- Add more documentation.
Other changes:
- Improve `DeleteGlob`:
- Add iteration callbacks for its reusability.
- Improve its documentation.
- Make recursion optional.
- Improve sanity check (verification) logic for given glob when
granting permissions.
- Fix granting permissions using wrong variable to find out parent
directory.
- Improve `IterateGlob`:
- Use `Get-Item` to get results. This fixes `DeleteDirectory` not
being able to delete directory itself but just its contents.
- Introduce and use `recurse` parameter to provide optional recursive
search logic (to search in subdirectories) using `Get-ChildItem`.
- Fix wrong PowerShell syntax for `$revert` variable value for
`revertCode`: replace `true` with `$true`.
- Order iterated paths based on their length to process the deepest
item first.
- Improve handling of missing files with correct/informative outputs
when granting permissions.
- Improve `SoftDeleteFiles`:
- Introduce and use `recurse` parameter for explicitness.
- Fix undefined `$backupFilePath` by replacing it with correct
`$originalFilePath`.
- Improve documentation.
- Ensure consistent use of instructive language in code comments.
This commit improves soft file delete logic:
- Unify logic for soft deleting single files and system apps.
- Rename `RenameSystemFile` templating function to `SoftDeleteFiles` so
new name gives clarity to:
- It's not necessarily single file being renamed but can be multiple
files.
- It's not necessarily system files being renamed, but can also work
without granting extra permissions.
- Grant permissions for only files that will be backed up, skipping
unnecessarily granting permissions to folders/other files. Both
`SeRestorePrivilege` and `SeTakeownershipPrivileges` are claimed and
revoked as necessary.
- Make granting permissions optional through `grantPermissions`
parameter. Do not take permissions if not needed.
- Restore permissions to system default after file is renamed. Before
both deletion of system apps and renaming system files did not restore
their original permissions. This might leave user computers
vulnerable, which is fixed in this commit. It ensures that the
system's original security posture is preserved.
- Deleting system apps is now independent of `Get-AppxPackage`,
improving its robustness and enabling their execution once system apps
are hard-deleted (#260)
- Introduce common way to share glob iteration logic of how the
directories are being cleaned up. It reuses most of the logic from
former `DeleteGlob` with some improvements:
- Simplify call to `Get-ChildItem` by avoiding `-Filter` parameter.
- Improve reliability of getting parent directory in `DeleteGlob`
sanity check to use .NET's `[System.IO.Path]` methods.
This commit ensures the script functions as expected, even when invoked
from unexpected environments.
Using `setlocal` initializes a distinct environment for privacy.sexy.
It's strategically placed after the admin privilege check to avoid
unnecessary setup in case of a relaunch. The script concludes with
`endlocal` right before the exit, maintaining a clean environment
throughout its execution and ensuring no unintentional global
environment modifications.
Changes:
- Enhance script's environment robustness.
- Add descriptive comments for script start/end sequences.
This commit addresses the issue of unwanted applications being
reinstalled during a Windows update. By adding a specific registry
entry, this commit ensures that Windows apps, once removed, do not
return with subsequent updates.
This change ensures more control over the applications present on a
Windows system, particularly after an update, enhancing user experience
and systeam cleanliness.
This commit improves the security, reliability, and robustness of
directory cleanup operations on Windows.
The focus is shifted from deleting entire directories to purging their
contents, addressing potential unintended side effects. Previously,
numerous directories were removed, which could destabilize system
behavior.
This improvement has crucial security implications. The prior approach
involved changing ownership and assigning permissions to the directory
itself, leading to an altered and potentially less secure OS security
posture.
Directory removal improvements include:
- Output user-friendly messages.
- Improved ownership and permission handling for file deletion.
- Explicit shared functions for enhanced reliability/security.
- Centralized way to delete glob (wildcard) patterns in Windows.
Notable script improvements:
- 'Clear Steam dumps, logs, and traces':
- Convert the script to a category to provide more granularity.
- Improve cache cleaning, ensuring the entire cache directory is
cleared, not just the log files.
- 'Clear "Temporary Internet Files" (browser cache)':
- Add more documentation.
- Grant necessary permissions to folders, fixing errors due to
lack of permissions before.
- 'Clear Windows Update Medic Service logs':
- Remove redundant permission grants, as they are unnecessary in
recent Windows versions.
- 'Clear Server-initiated Healing Events system logs',
'Clear Windows Update events logs':
- Merge due to identical functionalities.
- Add more documentation.
- 'Clear Defender scan (protection) history':
- Remove the execution with `TrustedInstallerPrivileges`, uniformly
using `grantPermissions` as with other scripts. This addresses the
false-positive alerts from Microsoft Defender, as discussed in #264.
- 'Clear "Temporary Internet Files" (browser cache)':
- Retain `INetCache` and `Temporary Internet Files` directories,
purging only their contents. This approach aims to resolve the issue
mentioned in #145, where the absence of these folders could prevent
Microsoft Office applications from launching.
