This commit enhances application security against potential attacks by
isolating dependencies that access the host system (like file
operations) from the renderer process. It narrows the exposed
functionality to script execution only, adding an extra security layer.
The changes allow secure and scalable API exposure, preparing for future
functionalities such as desktop notifications for script errors (#264),
improved script execution handling (#296), and creating restore points
(#50) in a secure and repeatable way.
Changes include:
- Inject `CodeRunner` into Vue components via dependency injection.
- Move `CodeRunner` to the application layer as an abstraction for
better domain-driven design alignment.
- Refactor `SystemOperations` and related interfaces, removing the `I`
prefix.
- Update architecture documentation for clarity.
- Update return types in `NodeSystemOperations` to match the Node APIs.
- Improve `WindowVariablesProvider` integration tests for better error
context.
- Centralize type checks with common functions like `isArray` and
`isNumber`.
- Change `CodeRunner` to use `os` parameter, ensuring correct window
variable injection.
- Streamline API exposure to the renderer process:
- Automatically bind function contexts to prevent loss of original
context.
- Implement a way to create facades (wrapper/proxy objects) for
increased security.
This commit adds Windows update postponement techniques.
This provides users more control over the update process, aiming to
prevent automatic re-enabling of updates without user consent.
These scripts are tested and validated on Windows 10 (22H2 onwards) and
Windows 11 (22H3 onwards), introducing registry modifications for
sustained pause durations.
This commit improves disabling of Application Experience component by
improving the categorization, documentation, existing scripts and adding
new scripts. It renames the scripts to be more user-friendly but still
technically accurate.
- Rename scripts to make them easier for non-technical users to
understand.
- Improve existing documentation and add more documentation.
- Add new scripts for:
- 'Disable "MareBackup" task'
- 'Disable "SdbinstMergeDbTask" task'
- 'Disable "PcaPatchDbTask" task'
- Improve `CompatTelRunner.exe` disabling to soft-delete the file.
This commit strengthens user control over the Windows Update Medic
Service (`WaaSMedicSvc`) and related components. These changes aim to
provide users with more control over Windows updates and telemetry data
shared with Microsoft, addressing privacy concerns.
Updates include:
- Soft deletion of various Windows Update Medic Service files and
remediation files to prevent automatic re-enabling of Windows updates.
- Termination of `upfc.exe` to stop it from reactivating Windows Update
Medic Service, thereby allowing users to maintain their desired update
settings.
- Improving documentation with cautionary notes to guide users through
poential impacts of these changes on system stability and update
integrity.
- Including rationale behind the exclusion of `sedsvc`.
- Better documentation and output messages of `DisableService` function.
Recommending the script that removes "Xbox Identity Provider" app
(`Microsoft.XboxIdentityProvider`) at the "Standard" level has led to
unforeseen consequences for Windows users using Xbox sign-in.
This commit introduces additional documentation and reduces the
recommendation level to mitigate these issues.
- Change recommendation level from "Standard" to "Strict".
- Improve documentation to outline the impact of uninstalling the "Xbox
Identity Provider" app.
- Update script title to warn users about the breaking behavior.
- Reduce recommendation level from "Standard" to "Strict" due to its
potential breaking behavior.
- Add detailed documentation.
- Simplify script title for broader accessibility while maintaining
technical accuracy.
- Note potential impact on remote system management in the script title.
- Adjust revert code align with recent Windows OS version.
This commit fixes the issue of Windows Security app not being removed in
Windows 11. It addresses the problem by extending the app uninstallation
process to cover the new app package specific to Windows 11. It improves
the overall design of templated functions for store app removal to
implement the fix.
- Improve Windows Security removal script:
- Add support for removing `Microsoft.SecHealthUI` in Windows 11.
- Revise script documentation for clarity and correct typos.
- Redesign uninstallion of Store apps:
- Change `UninstallSystemApp` to `UninstallNonRemovableStoreApp` for
wider usage. This change is due to `Microsoft.SecHealthUI` being
non-removable yet not a system app.
- Refactor app data cleanup into two distinct functions
(`ClearStoreAppDataBeforeUninstallation` and
`ClearStoreAppDataAfterUninstallation`) for better clarity and
maintainability. This also helps in testing by allowing easier
reordering of operations.
- Seperate between simple non-removable app uninstallation and
uninstallation with cleanup in separate functions, highlighting that
the latter is more invasive and should be used cautiously. This
addresses permission issues encountered with `SecHealthUI` app
removal during cleanup on Windows 11.
- Separate uninstalling app and uninstalling app with cleanup to
different functions, document that cleanup should no longer be
prefered as it's invasive and too aggresive. Cleanup logic
introduces permission issues/errors for `SecHealthUI` in Windows 11.
- Extend app soft-deletion to include the default Windows app folder,
this ensures that the cleanup covers any kind of Store apps (not
only system apps).
- Migrate to `electron-log` v5.X.X, centralizing log files to adhere to
best-practices.
- Add critical event logging in the log file.
- Replace `ElectronLog` type with `LogFunctions` for better abstraction.
- Unify log handling in `desktop-runtime-error` by removing
`renderer.log` due to `electron-log` v5 changes.
- Update and extend logger interfaces, removing 'I' prefix and adding
common log levels to abstract `electron-log` completely.
- Move logger interfaces to the application layer as it's cross-cutting
concern, meanwhile keeping the implementations in the infrastructure
layer.
- Introduce `useLogger` hook for easier logging in Vue components.
- Simplify `WindowVariables` by removing nullable properties.
- Improve documentation to clearly differentiate between desktop and web
versions, outlining specific features of each.
This commit fixes and improves the process termination functionality in
related functions.
`KillProcessWhenItStarts` shared function:
- Fix registry key values configured by removing unnecessary single
quotes.
- Rename to `TerminateExecutableOnLaunch` for clarity.
- Rename parameter `processName` to `executableNameWithExtension` for
clarity.
- Add code comments.
- Document the function.
- Rename `%windir` to `%WINDIR%` for consistency in environment variable
naming across scripts.
- Integrate `KillProcess` for robustness.
- Suppress errors in revert code to prevent false negatives.
`KillProcess` shared function to be able to support the termination:
- Rename to `TerminateRunningProcess` for clarity.
- Rename parameters for clarity and consistency:
- `processName` to `executableNameWithExtension`.
- `processStartPath` to `revertExecutablePath`.
- `processStartArgs` to `revertExecutableArgs`.
- Make revert logic optional.
- Add code comments.
- Improve the service permissions reset logic:
- Implement more intuitive and user-friendly messages.
- Ensure graceful handling when `tccutil` is unavailable.
- Avoid treating unsupported service IDs as errors.
- Introduce atemplated shared function.
- Rename 'Clear all privacy permissions for applications' to
'Clear application privacy permissions' to enhance clarity.
- Add additional documentation.
- Introduce support for missing service permissions.
- Fix a bug where clearing "contacts" permissions inadvertently affected
"full disk access" permissions.
- Move the option to clear all application permissions to top for
improved accessibility.
- Standardize naming across scripts to maintain consistency and clarity.
- Add more documentation and improve existing documetation.
- Rename 'Clear most recently used (MRU) lists' to 'Clear recent
activity logs' for simplicity.
- Move 'clearing recent activity logs' outside of 'Clear
third-application data' to directy under 'Privacy cleanup' as these
recent activities are not always necessarily from third-party
applications.
- Fix dead link.
Co-authored-by: NerdyGamerB0i <85419060+NerdyGamerB0i@users.noreply.github.com>
This commit addresses incorrect URL rendering within documentation text
by improving auto-linkified URL labels, handling `+` symbols as spaces,
enhancing readability of encoded path segments and manually updating
some of the documetation.
Key improvements:
- Parse `+` as whitespace in URLs for accurate script labeling.
- Interpret multiple whitespaces as single for robustness.
- Decode path segments for clearer links.
- Refactor markdown renderer.
- Expand unit tests for comprehensive coverage.
Documentation has been updated to fix inline URL references and improve
linkification across several scripts, ensuring more readable and
user-friendly content.
Affected files and documentation sections have been adjusted
accordingly, including script and category names for consistency and
clarity.
Some of the script/category documentation changing fixing URL rendering
includes:
- 'Disable sending information to Customer Experience Improvement
Program':
- Fix reference URLs being inlined.
- 'Disable "Secure boot" button in "Windows Security"':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- 'Clear Internet Explorer DOMStore':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- 'Disable "Windows Defender Firewall" service':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- Convert YAML comments to markdown comments visible by users.
- Add breaking behavior to script name, changing script name to.
- 'Disable Microsoft Defender Firewall services and drivers':
- Remove information about breaking behavior to avoid duplication and
be consistent with the documentation of the rest of the collections.
- Use consistent styling for warning texts starting with `Caution:`.
- Rename 'Remove extensions' category to 'Remove extension apps' for
consistency with names of its sibling categories.
Improve the revert process for Firefox settings by extending
modifications to also include `prefs.js`.
- Validate profile directories similarly to execution script.
- Check and warn if Firefox is running during revert to prevent
`prefs.js` from being overriden.
- Clarify output messages for execution and revert scripts.
- Add flowchart diagram for visual documentation.
- Improve documentation for consistency and precision.
- Update `.gitignore` to account for temporary draw.io files.
Styling of codeblocks:
- Uniform margins as other documentation elements.
- Add small margin for inline code-blocks.
- Use different background color for inline code-blocks.
- Introduce `inline-code` and `code-block` mixins for clarity in
styling.
Overflowing of codeblocks:
- Improve flex layout of the tree component to be handle overflowing
content and providing maximum available width. To be able to correctly
provide maximum available width in card content, card expansion layout
is changed so both close button and the content gets their full width.
- Other refactorings to support this:
- Introduce separate Vue component for checkboxes of nodes for better
separation of concerns and improved maintainability.
- Refactor `LeafTreeNode` to make it simpler, separating layout concerns
from other styling.
- `ScriptsTree.vue`: Prefer `<div>`s instead of `<span>`s as they
represent large content.
- Remove unnecessary `<div>`s and use `<template>`s to reduce HTML
complexity.
- Update script documentation to not include unnecessary left padding
on script code blocks.
- Refactor SCSS variable names in `DocumentationText.vue` for clarity.
This commit fixes an issue where removing systems apps could disrupt
Windows Cumulative updates as reported in #287.
The fix involves removing the `EndOfLife` registry key after the app is
removed. Keeping the key at
`HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife`
was identified as the cause for update failures in #287.
This commit also refactors the registry key creation/removal logic to be
owned by separate functions for easier readability and reusability.
This commit fixes issues #267 and #286 where users reported that
disabling IntelliCode data collection causes Visual Studio 2022 to hang
or become unresponsive.
The script has been updated to remove its recommendation status and
include a warning about these issues. As Microsoft did not respond to
inconsistencies with the official documentation in
MicrosoftDocs/intellicode#510, this commit prevents further disruptions
for privacy.sexy users.
This patch improves the existing functionality for disabling Windows
Updates. It ensures that the disabling of automatic updates is more
persistent, addressing previous shortcomings.
This commit introduces the "Disable Windows Update scheduled tasks"
category, enabling users to persistently turn off automatic background
updates.
Supporting changes include:
- Improve `DisableScheduledTask`:
- Add the ability to elevate privileges.
- Add the ability to disable tasks upon script reversion to match the
correct default operating system state.
- Fix warning output not being correctly formatted upon script
reversion.
- Add the ability to disable tasks upon script reversion in
`DisableScheduledTask` to match the correct default operating system
state.
- Add a comment to clarify the rationale behind not disabling certain
Windows services.
- Ensure consistent casing (all uppercase) for Windows environment
variables in documentation.
- Ensure consistent and right casing of Windows folder names in scripts
and their documentation.
- Remove incorrect categories and flatten their children.
- Simplify user interface by removing "installed" and "provisioned" app
categories, listing the apps directly.
- Indent comments to be easily collapse parent category in IDE.
- Improve some of the existing documentation.
This commit introduces a batched debounce mechanism for managing user
selection state changes. It effectively reduces unnecessary processing
during rapid script checking, preventing multiple triggers for code
compilation and UI rendering.
Key improvements include:
- Enhanced performance, especially noticeable when selecting large
categories. This update resolves minor UI freezes experienced when
selecting categories with numerous scripts.
- Correction of a bug where the code area only highlighted the last
selected script when multiple scripts were chosen.
Other changes include:
- Timing functions:
- Create a `Timing` folder for `throttle` and the new
`batchedDebounce` functions.
- Move these functions to the application layer from the presentation
layer, reflecting their application-wide use.
- Refactor existing code for improved clarity, naming consistency, and
adherence to new naming conventions.
- Add missing unit tests.
- `UserSelection`:
- State modifications in `UserSelection` now utilize a singular object
inspired by the CQRS pattern, enabling batch updates and flexible
change configurations, thereby simplifying change management.
- Remove the `I` prefix from related interfaces to align with new coding
standards.
- Refactor related code for better testability in isolation with
dependency injection.
- Repository:
- Move repository abstractions to the application layer.
- Improve repository abstraction to combine `ReadonlyRepository` and
`MutableRepository` interfaces.
- E2E testing:
- Introduce E2E tests to validate the correct batch selection
behavior.
- Add a specialized data attribute in `TheCodeArea.vue` for improved
testability.
- Reorganize shared Cypress functions for a more idiomatic Cypress
approach.
- Improve test documentation with related information.
- `SelectedScript`:
- Create an abstraction for simplified testability.
- Introduce `SelectedScriptStub` in tests as a substitute for the
actual object.
This commit:
- Reduces false-positive error messages when disabling scheduled tasks.
E.g., `ERROR: The specified task name ... does not exist in the system.`
- Centralizes and unifies the logic for disabling scheduled tasks.
- Adds additional documentation, including the existence status of tasks
on default installations.
- Updates and improves the scripts that disable scheduled tasks.
- Improves consistency of headers in documentation text by removing the
top margin introduces by headers.
Introduces `DisableScheduledTask` templating function:
- It provides a unified way of disabling scheduled tasks.
- It displays user-friendly messages if a task cannot be found.
- It can now handle multiple tasks found matching a pattern.
- The script now exits with the correct error code.
- It skips enable/disable actions if it's not necessary.
Improve existing scripts:
- 'Disable Google update services':
- Rename to 'Disable Google background automatic updates'.
- Add missing scheduled tasks observed in newer versions of Chrome.
- Change the recommendation for disabling certain tasks to `Strict`,
as they may interfere with Google Credential Provider as
side-effect.
- Separate into more categories/scripts for better granularity and
documentation.
- 'Disable Adobe Acrobat update services':
- Rename to 'Disable Adobe background automatic updates'.
- Separate into more categories/scripts for enhanced granularity and
documentation.
- Remove end-of-life `Adobe Flash Player Updater` scheduled task and
`adobeflashplayerupdatesvc`.
- 'Disable Dropbox automatic update services':
- Rename to 'Disable Dropbox background automatic updates'.
- Seperate into more categories/scripts.
- 'Disable Webcam Telemetry (`devicecensus.exe`)':
- Rename to 'Disable census data collection'.
- Add the disabling of the "Device User" task under it.
- 'Disable `devicecensus.exe` (telemetry) process':
- Rename to 'Disable device and configuration data collection tool'.
- 'Disable Nvidia telemetry services':
- Rename to 'Disable Nvidia telemetry scheduled tasks'.
- Converted into a category for better granularity.
- Improve documentation.
- 'Disable Defender tasks':
- Rename to 'Disable Defender scheduled tasks'.
- 'Disable "Windows Defender ExploitGuard" task':
- Rename to 'Disable "ExploitGuard MDM policy Refresh" task'.
- 'Remove Nvidia telemetry tasks':
- Rename to 'Remove Nvidia telemetry packages', as "tasks" often
refers to scheduled tasks.
- 'Disable Microsoft Office Subscription Heartbeat'
- Rename to 'Disable "Microsoft Office Subscription Heartbeat" task'.
- Remove disabling of the undocumented `Office 16 Subscription
Heartbeat` task.
- 'Disable OneDrive scheduled tasks':
- Improve documentation.
- Add disabling of 'OneDrive Per-Machine Standalone Update' task.
- 'Disable Customer Experience Improvement Program'
- Rename to 'Disable "Customer Experience Improvement Program"
scheduled tasks' for clarity.
This commit applies `strictNullChecks` to the entire codebase to improve
maintainability and type safety. Key changes include:
- Remove some explicit null-checks where unnecessary.
- Add necessary null-checks.
- Refactor static factory functions for a more functional approach.
- Improve some test names and contexts for better debugging.
- Add unit tests for any additional logic introduced.
- Refactor `createPositionFromRegexFullMatch` to its own function as the
logic is reused.
- Prefer `find` prefix on functions that may return `undefined` and
`get` prefix for those that always return a value.
This commit improves the revert script for store apps to handle
scenarios where `Get-AppxPackage` returns multiple packages. Instead of
relying on a single package result, the script now iterates over all
found packages and attempts installation using the `AppxManifest.xml`
for each. This ensures that even if multiple versions or instances of a
package are found, the script will robustly handle and attempt to install
each one until successful.
Other changes:
- Add better message with suggestion if the revert code fails, as
discussed in #270.
- Improve robustness of finding manifest path by using `Join-Path`
instead of basic string concatenation. This resolves wrong paths being
built due to missing `\` in file path.
- Add check for null or empty `InstallLocation` before accessing
manifest path. It prevents errors when accessing `AppxManifest.xml`,
enhancing script robustness and reliability.
- Improve error handling in manifest file existence check with try-catch
block to catch and log exceptions, ensuring uninterrupted script
execution in edge cases such as when the script lacks access to read
the directory.
- Add verification of package installation before attempting to install
the package for increased robustness.
- Add documentation for revertCode.
This commit unifies some of the logic, documentation and naming for
Firefox clean-up with improvements on both Linux and Windows platforms.
Windows:
- 'Clear browsing history and cache':
- Not recommend.
- Align script name and logic with Linux implementation.
- New documentation and not including the script in recommendation
provides safety against unintended data loss as discussed in #273.
- 'Clear Firefox user profiles, settings, and data':
- Rename to 'Clear all Firefox user information and preferences' for
improved clarity.
- Add more documentation.
Linux:
- Replace `DeleteFromFirefoxProfiles` with
`DeleteFilesFromFirefoxProfiles`.
- Migrate implementation to Python:
- Add more user-friendly outputs.
- Exclude removing directory itself for additional safety.
Both Linux and Windows:
- Improve documentation for:
- 'Clear Firefox user profiles, settings, and data'
- 'Clear Firefox history'
This commit changes the system app removal functionality in privacy.sexy
to perform a hard delete, while preserving the soft-delete logic for
handling residual files.
It improves in-code documentation to facilitate a clearer understanding
of the code execution flow, as the logic for removing system apps has
grown in complexity and length.
Transitioning to a hard-delete approach resolves issues related to
residual links to soft-deleted apps:
- Resolves issue with Edge remaining in the installed apps list (#236).
- Resolves issue with Edge remaining in the programs list (#194).
- Resolves issue with Edge shortcuts persisting in the start menu (#73).
Other changes:
- `RunPowerShell`:
- Introduce `codeComment` and `revertCodeComment` parameters for
improved in-code documentation.
- `CommentCode`:
- Simplify naming to `Comment`.
- Rename `comment` to `codeComment` for clarity.
- Add functionality to comment on revert with the `revertCodeComment`
parameter.
This commit unifies the way the files are being deleted by introducing
the `DeleteFiles` function. It refactors existing scripts that are
deleting files to use the new function, to improve their documentation
and increase their safety.
Script changes:
- 'Clear Software Reporter Tool logs':
- Rename to: 'Clear Google's "Software Reporter Tool" logs'
- 'Clear credentials in Windows Credential Manager':
- Migrate code to PowerShell, removing the need to delete files.
- Improve error messages and robustness of the implementation.
- 'Clear Nvidia residual telemetry files':
- Extract to two scripts for more granularity and better
documentation:
1. 'Disable Nvidia telemetry components'
2. 'Disable Nvidia telemetry drivers'
- Change the logic so instead of clearing directory contents and
deleting drivers, it conducts a soft delete for reversibility to
prioritize user safety.
- 'Remove OneDrive residual files':
- Improve documentation
- 'Clear primary Windows telemetry file':
- Rename to 'Clear diagnostics tracking logs'.
- Add missing file paths seen on modern versions of Windows.
- Add more documentation.
- 'Clear Windows Update History (`WUAgent`) system logs':
- Rename to 'Clear Windows update files'.
- Add more documentation.
- 'Clear Cryptographic Services diagnostic traces':
- Rename to 'Clear "Cryptographic Services" diagnostic traces'.
- Add more documentation.
Other changes:
- Improve `DeleteGlob`:
- Add iteration callbacks for its reusability.
- Improve its documentation.
- Make recursion optional.
- Improve sanity check (verification) logic for given glob when
granting permissions.
- Fix granting permissions using wrong variable to find out parent
directory.
- Improve `IterateGlob`:
- Use `Get-Item` to get results. This fixes `DeleteDirectory` not
being able to delete directory itself but just its contents.
- Introduce and use `recurse` parameter to provide optional recursive
search logic (to search in subdirectories) using `Get-ChildItem`.
- Fix wrong PowerShell syntax for `$revert` variable value for
`revertCode`: replace `true` with `$true`.
- Order iterated paths based on their length to process the deepest
item first.
- Improve handling of missing files with correct/informative outputs
when granting permissions.
- Improve `SoftDeleteFiles`:
- Introduce and use `recurse` parameter for explicitness.
- Fix undefined `$backupFilePath` by replacing it with correct
`$originalFilePath`.
- Improve documentation.
- Ensure consistent use of instructive language in code comments.
This commit improves soft file delete logic:
- Unify logic for soft deleting single files and system apps.
- Rename `RenameSystemFile` templating function to `SoftDeleteFiles` so
new name gives clarity to:
- It's not necessarily single file being renamed but can be multiple
files.
- It's not necessarily system files being renamed, but can also work
without granting extra permissions.
- Grant permissions for only files that will be backed up, skipping
unnecessarily granting permissions to folders/other files. Both
`SeRestorePrivilege` and `SeTakeownershipPrivileges` are claimed and
revoked as necessary.
- Make granting permissions optional through `grantPermissions`
parameter. Do not take permissions if not needed.
- Restore permissions to system default after file is renamed. Before
both deletion of system apps and renaming system files did not restore
their original permissions. This might leave user computers
vulnerable, which is fixed in this commit. It ensures that the
system's original security posture is preserved.
- Deleting system apps is now independent of `Get-AppxPackage`,
improving its robustness and enabling their execution once system apps
are hard-deleted (#260)
- Introduce common way to share glob iteration logic of how the
directories are being cleaned up. It reuses most of the logic from
former `DeleteGlob` with some improvements:
- Simplify call to `Get-ChildItem` by avoiding `-Filter` parameter.
- Improve reliability of getting parent directory in `DeleteGlob`
sanity check to use .NET's `[System.IO.Path]` methods.
The previous implementation of `WithParser` used regex, which struggles
with parsing nested structures correctly. This commit improves
`WithParser` to track and parse all nested `with` expressions.
Other improvements:
- Throw meaningful errors when syntax is wrong. Replacing the prior
behavior of silently ignoring such issues.
- Remove `I` prefix from related interfaces to align with newer code
conventions.
- Add more unit tests for `with` expression.
- Improve documentation for templating.
- `ExpressionRegexBuilder`:
- Use words `capture` and `match` correctly.
- Fix minor issues revealed by new and improved tests:
- Change regex for matching anything except surrounding
whitespaces. The new regex ensures that it works even without
having any preceeding text.
- Change regex for capturing pipelines. The old regex was only
matching (non-greedy) first character of the pipeline in tests,
new regex matches the full pipeline.
- `ExpressionRegexBuilder.spec.ts`:
- Ensure consistent way to define `describe` and `it` blocks.
- Replace `expectRegex` tests, regex expectations test internal
behavior of the class, not the external.
- Simplified tests by eliminating the need for UUID suffixes/prefixes.
This commit ensures the script functions as expected, even when invoked
from unexpected environments.
Using `setlocal` initializes a distinct environment for privacy.sexy.
It's strategically placed after the admin privilege check to avoid
unnecessary setup in case of a relaunch. The script concludes with
`endlocal` right before the exit, maintaining a clean environment
throughout its execution and ensuring no unintentional global
environment modifications.
Changes:
- Enhance script's environment robustness.
- Add descriptive comments for script start/end sequences.
This commit addresses the issue of unwanted applications being
reinstalled during a Windows update. By adding a specific registry
entry, this commit ensures that Windows apps, once removed, do not
return with subsequent updates.
This change ensures more control over the applications present on a
Windows system, particularly after an update, enhancing user experience
and systeam cleanliness.
This commit improves the security, reliability, and robustness of
directory cleanup operations on Windows.
The focus is shifted from deleting entire directories to purging their
contents, addressing potential unintended side effects. Previously,
numerous directories were removed, which could destabilize system
behavior.
This improvement has crucial security implications. The prior approach
involved changing ownership and assigning permissions to the directory
itself, leading to an altered and potentially less secure OS security
posture.
Directory removal improvements include:
- Output user-friendly messages.
- Improved ownership and permission handling for file deletion.
- Explicit shared functions for enhanced reliability/security.
- Centralized way to delete glob (wildcard) patterns in Windows.
Notable script improvements:
- 'Clear Steam dumps, logs, and traces':
- Convert the script to a category to provide more granularity.
- Improve cache cleaning, ensuring the entire cache directory is
cleared, not just the log files.
- 'Clear "Temporary Internet Files" (browser cache)':
- Add more documentation.
- Grant necessary permissions to folders, fixing errors due to
lack of permissions before.
- 'Clear Windows Update Medic Service logs':
- Remove redundant permission grants, as they are unnecessary in
recent Windows versions.
- 'Clear Server-initiated Healing Events system logs',
'Clear Windows Update events logs':
- Merge due to identical functionalities.
- Add more documentation.
- 'Clear Defender scan (protection) history':
- Remove the execution with `TrustedInstallerPrivileges`, uniformly
using `grantPermissions` as with other scripts. This addresses the
false-positive alerts from Microsoft Defender, as discussed in #264.
- 'Clear "Temporary Internet Files" (browser cache)':
- Retain `INetCache` and `Temporary Internet Files` directories,
purging only their contents. This approach aims to resolve the issue
mentioned in #145, where the absence of these folders could prevent
Microsoft Office applications from launching.
This commit fixes the issue where the Microsoft Advertising app fails to
be removed using the standard script. The problem is due to Microsoft
Advertising SDK (`Microsoft.Advertising.Xaml`) acting as a framework
package. Such packages are automatically installed when a specific
application requires them, and they cannot be individually removed if
there are applications that depend on them. The only way to effectively
remove this library is by uninstalling the dependent applications.
Key findings:
- On Windows 11 22H2, the issue does not arise as the package does not
exist.
- On Windows 10 22H2, the user is prompted to delete dependent
applications, like MSN Weather and Mail And Calendar apps. Once these
apps are removed, the Microsoft Advertising app is automatically
removed.
Given the nuances and potential for confusion, this script is removed.
This means that the app will no longer be removed directly but will be
handled as part of the removal of its dependencies.
This commit improves soft deletion of system apps. Before if the package
was missing, it failed to recover or delete system apps. Now, it works
even though if `Get-AppxPackage` returns null (i.e. package is
non-existing), so it can be executed even after a hard delete. This
allows safely introducing hard-delete of system apps (as discussed in
#260) with still keeping a robust soft-delete as complement.
Before, the script was dependent on `Get-AppxPackage.InstallLocation`,
however a system app can only be located in one of these folders:
- C:\Windows\SystemApps\{PackageFamilyName}
- C:\Windows\{ShortAppName}
To ensure resilience, this commit adjust the script to rename the files
within these directories if Get-AppxPackage fails, this provides a
fallback.
- Add documentation about folders.
- Add more user-friendly logging.
- Continue uninstallation if single folder fails (remove throw).
- Continue uninstallation if renaming single file fails.
- Add handling of `Metadata` folder as suggested in #73.
- Use instruction format such as "do this, do that" to provide clear,
direct instructions. This format minimize confusion and is easy to
follow. They are specific and leave no room for interpretation,
stating precisely what needs to be done without ambiguity.
- Fix typos and grammar issues.
- Improve consistency in script and category names.
- Revise sentences for more natural English language flow.
- Change brand name casing to match official branding.
- Change title case (all words start capitalized) to sentence case.
- Prioritize consistency over variations.
- Add minor documentation to explain scripts where the names are not
clear.
- Add naming guidelines.
This commit prepares for #260, aiming for a hard delete of system apps,
and necessitating a more reliable app reversion method.
- Improve documentation:
- Add existence status for latest OS versions.
- Add command for quick future testing.
- Use archive links.
- Document categories.
- Add documentation to list of default apps to give context about why
the package is here.
- Fix wrong store URL for Cortana app.
- Unify documentation of excluded apps.
- Fix categorization:
- Categorize uninstallation of Windows store apps.
- Remove "Zune" category (flatten children apps) to be able to align
with latest branding.
- Categorize uninstallation of Candy Crush apps.
- Categorize uninstallation of OOBE apps.
- Rename:
- "Uninstall Windows store apps" to "Uninstall Windows apps" as these
apps are not necessarily store apps.
- "Xbox Game Bar Plugin appcache" to "Xbox Game Bar Plugin".
- "Groove Music" to "Windows Media Player".
- "Movies and TV" to "Movies & TV".
- "Your Phone" to "Phone Link".
- "Cred Dialog Host" to "Credentials Dialog Host".
- "Windows Voice Recorder" to "Windows Sound Recorder".
- "Remote Desktop" to "Microsoft Remote Desktop"
- "Microsoft To Do" to "Microsoft To Do: Lists, Tasks & Reminders".
- "People Hub app (People Experience Host)" to "People Hub app".
- "My Office" to "Microsoft 365 (Office)".
- "iHeartRadio" to "iHeart: Radio, Music, Podcasts".
- "Duolingo" to "Duolingo - Language Lessons".
- "Photoshop Express" to "Adobe Photoshop Express".
- "Spotify" to "Spotify - Music and Podcasts".
- "Windows Alarms and Clock" to "Windows Clock".
- "OOBE Network Captive Port" to "OOBE Network Captive Portal".
- "Secure Assessment Browser app (breaks Microsoft Intune/Graph)" to
"Take a Test app".
- "Windows 10 Family Safety / Parental Controls" > "Microsoft Family
Safety / Parental control".
- "People / People Bar App on taskbar (People Experience Host)" > "My
People"
- "MSN News" > "Microsoft News"
- "Minecraft for Windows 10" > "Minecraft for Windows"
- "Snip & Sketch" > "Snipping Tool"
- "Bio enrollment" > "Hello setup UI"
- Fix package names for:
- `AdobeSystemIncorporated.AdobePhotoshop` >
`AdobeSystemsIncorporated.AdobePhotoshopExpress`
Fix `Clear (Reset) Network Data Usage` trying to delete other files from
Windows system directory.
Changes:
- Precisely target the deletion of `C:\System32\sru\SRUDB.dat`.
- Improve documentation.
- Handle explicitly and better if `DPS` service is missing.
- Rename script from `Clear (Reset) Network Data Usage` to `Clear System
Resource Usage Monitor (SRUM) data` for clearer representation.
- Migrate script from batchfile to PowerShell for better
maintainability and readability.
- Add user-friendly output messages.
- Improve script logic to avoid unnecessary service start/stop when the
file doesn't exist.
- Move removal of `SecHealthUI` app to "Privacy over security" category.
- Emphasize disruptive behavior in the script name.
- Add comprehensive documentation
- Add script to remove Edge shortcuts upon uninstallation.
- Unify OneDrive shortcut removal logic with Edge's, introducing revert
feature to the OneDrive removal script.
- Add more extensive documentation.
- Rename "Delete OneDrive shortcuts" to "Remove OneDrive shortcuts" to
have consistent naming.
This commit introduces scripts for cleaning up file and URL associations
related to Microsoft Edge, enhancing the uninstallation process. The
changes adress the issues detailed in #64, improving system reliability,
integrity and security by preventing lingering associations.
Changes include:
- Introduce scripts to clear Edge browser file and URL associations.
- Provide extensive documentation for related scripts.
- Ensure thorough cleanup of URL, file, OpenWith menu, and toast
associations.
- Recommend removing Microsoft Edge (Legacy) Dev Tools Client app on
Strict to align with other Edge legacy removal recommendations.
- Replace obsolete "Firefox First party isolation" with "Firefox state
partitioning".
- Add comprehensive documentation for the new scripts.
- Introduce enabling dynamic First-Party Isolation (dFPI)
- Disable deprecated First-Party Isolation (FPI) to avoid conflicts with
dFPI.
- Add script to enable Firefox network partitioning to cover
functionality of older FPI script.
This commit enhances the robustness of setting VSCode configurations,
ensuring consistent and reliable operation even in edge cases, such as
when the settings file is empty. This commit also uniforms behavior of
Linux and Windows modification of VSCode settings.
On Windows:
- Move parameters to on top of scripts to be able to easily test the
scripts using PowerShell without compiling.
- Add a check to exit the script with an error message if the attempt to
parse the JSON content fails.
- Omit the `OutString` cmdlet from the pipeline in the script for
converting JSON file content to a PowerShell object. `Out-String` is
unnecessary in this context because `Get-Content` already outputs the
file content as a string array, which `ConvertFrom-Json` effectively.
Additionally, using `Out-String` could potentially introduce issues by
concatenating file content into a single string, causing
`ConvertFrom-Json` to fail when processing pretty-printed JSON. By
removing `Out-String`, the script is streamlined and potential errors
are avoided.
- Add logic to handle empty settings file. Add an additional check for
empty settings file, if the file is empty, the script writes a default
empty JSON object (`{}`) to the file. The operation is logged to
ensure transparency, notifying the user of the action taken. This
change removes fails due to empty setting files.
- When reverting, do not fail if the setting file is missing because it
means that default settings are already in-place.
- When reverting, show informative message if the key does not exist or
does not have the value set by privacy.sexy and do not take any
further action.
- If the desired value is already set, show a message for it and skip
updating the setting file.
On Linux:
- Handles empty `settings.json` similarly to Windows.
- Add more user friendly error if JSON file cannot be parsed.
This commit improve cleanup of temporary directories on Windows,
addressing issues #176 and #89.
Changes include:
- Fix side-effects caused by this script by clearing the contents of
directories rather than deleting the directories themselves.
- Add the removal of Prefetch directory contents, which stores temporary
files and can enhance privacy and free up disk space when cleared.
- Remove the command `del /f /q %localappdata%\Temp\*` due to its
redundancy.
- Improve the granularity and documentation of cleanup scripts, and
moving the `Clear temporary Windows files` category up in the hierarchy
for better structure and clarity.
Co-authored-by: iam-py-test <84232764+iam-py-test@users.noreply.github.com>
- Modify script to run as `TrustedInstaller`, resolving access right
problems discussed in #246.
- Change script name for better alignment with its functionality.
- Improve script description for clarity and detailed documentation.
- Add non-intrusive way to disable delivery optimization. This new
script do not introduce side-effects caused by disabling Delivery
Optimization service.
- Recomend delivery optimization service (`DoSvc`) only on Strict
mode, removing it from Standard recommendation.
- Categorize delivery optimization disabling under one category.
- Move disabling delivery optimization to "Disable OS collection" >
"Disable Windows Update data collection".
- Add more documentation.
- Fix script failing when multiple installations of Edge is found.
- Fix Edge not being able to be uninstalled due in newer Edge versions.
- Add documentation
- Add missing revert script
This commit fixes compiler bug where it fails when optional values are
compiled into absent values in nested calls.
- Throw exception with more context for easier future debugging.
- Add better validation of argument values for nested calls.
- Refactor `FunctionCallCompiler` for better clarity and modularize it
to make it more maintainable and testable.
- Refactor related interface to not have `I` prefix, and
function/variable names for better clarity.
Context:
Discovered this issue while attempting to call
`RunInlineCodeAsTrustedInstaller` which in turn invokes `RunPowerShell`
for issue #246. This led to the realization that despite parameters
flagged as optional, the nested argument compilation didn't support
them.
