44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: 44r0n7:disableservices
Branches Tags
44r0n7:master 44r0n7:defender 44r0n7:panel 44r0n7:macosintel 44r0n7:anims 44r0n7:buildx 44r0n7:dead-urls-1 44r0n7:nvidia-308 44r0n7:services 44r0n7:unrec 44r0n7:capability 44r0n7:moremacos 44r0n7:disableservices
44r0n7:0.13.6 44r0n7:0.13.5 44r0n7:0.13.4 44r0n7:0.13.3 44r0n7:0.13.2 44r0n7:0.13.1 44r0n7:0.13.0 44r0n7:0.12.10 44r0n7:0.12.9 44r0n7:0.12.8 44r0n7:0.12.7 44r0n7:0.12.6 44r0n7:0.12.5 44r0n7:0.12.4 44r0n7:0.12.3 44r0n7:0.12.2 44r0n7:0.12.1 44r0n7:0.12.0 44r0n7:0.11.4 44r0n7:0.11.3 44r0n7:0.11.2 44r0n7:0.11.1 44r0n7:0.11.0 44r0n7:0.10.3 44r0n7:0.10.2 44r0n7:0.10.1 44r0n7:0.10.0 44r0n7:0.9.2 44r0n7:0.9.1 44r0n7:0.9.0 44r0n7:0.8.2 44r0n7:0.8.1 44r0n7:0.8.0 44r0n7:0.7.6 44r0n7:0.7.5 44r0n7:0.7.4 44r0n7:0.7.3 44r0n7:0.7.2 44r0n7:0.7.1 44r0n7:0.7.0 44r0n7:0.6.2 44r0n7:0.6.1 44r0n7:0.6.0 44r0n7:0.5.0 44r0n7:0.4.10 44r0n7:0.4.9 44r0n7:0.4.8 44r0n7:0.4.7 44r0n7:0.4.6 44r0n7:0.4.5 44r0n7:0.4.4 44r0n7:0.4.3 44r0n7:0.4.2 44r0n7:0.4.1 44r0n7:0.4.0 44r0n7:0.3.0 44r0n7:0.2.0 44r0n7:0.1.0
..
compare: 44r0n7:0.11.2
Branches Tags
44r0n7:master 44r0n7:defender 44r0n7:panel 44r0n7:macosintel 44r0n7:anims 44r0n7:buildx 44r0n7:dead-urls-1 44r0n7:nvidia-308 44r0n7:services 44r0n7:unrec 44r0n7:capability 44r0n7:moremacos 44r0n7:disableservices
44r0n7:0.13.6 44r0n7:0.13.5 44r0n7:0.13.4 44r0n7:0.13.3 44r0n7:0.13.2 44r0n7:0.13.1 44r0n7:0.13.0 44r0n7:0.12.10 44r0n7:0.12.9 44r0n7:0.12.8 44r0n7:0.12.7 44r0n7:0.12.6 44r0n7:0.12.5 44r0n7:0.12.4 44r0n7:0.12.3 44r0n7:0.12.2 44r0n7:0.12.1 44r0n7:0.12.0 44r0n7:0.11.4 44r0n7:0.11.3 44r0n7:0.11.2 44r0n7:0.11.1 44r0n7:0.11.0 44r0n7:0.10.3 44r0n7:0.10.2 44r0n7:0.10.1 44r0n7:0.10.0 44r0n7:0.9.2 44r0n7:0.9.1 44r0n7:0.9.0 44r0n7:0.8.2 44r0n7:0.8.1 44r0n7:0.8.0 44r0n7:0.7.6 44r0n7:0.7.5 44r0n7:0.7.4 44r0n7:0.7.3 44r0n7:0.7.2 44r0n7:0.7.1 44r0n7:0.7.0 44r0n7:0.6.2 44r0n7:0.6.1 44r0n7:0.6.0 44r0n7:0.5.0 44r0n7:0.4.10 44r0n7:0.4.9 44r0n7:0.4.8 44r0n7:0.4.7 44r0n7:0.4.6 44r0n7:0.4.5 44r0n7:0.4.4 44r0n7:0.4.3 44r0n7:0.4.2 44r0n7:0.4.1 44r0n7:0.4.0 44r0n7:0.3.0 44r0n7:0.2.0 44r0n7:0.1.0

3 Commits
disableser ... 0.11.2

Author SHA1 Message Date
undergroundwires
c65209e6a9 Unrecommend and complete Windows Push Notif. #101 
- Add more script documentation in code and reference URLs.
- Unrecommend as "Standard" recommend as "Strict" due to lack of
  documentation for its privacy intrusive behavior.
- Add mising WpnUserService for disabling it completely.
 2021-12-03 01:08:55 +01:00
undergroundwires
d2518b11a7 Improve Windows defender docs and errors #104 
- Improve error messages with cause of the problem and suggested solution.
- Document:
  * Disabling `WinDefend` breaks `Set-MpPreference` and Microsoft Store
    (as reported in #104).
  * Document services that `netsh advfirewall` depends on.
- Fix some bad whitespace character in documentation.
 2021-11-27 20:22:18 +01:00
undergroundwires
70cdf3865a Improve and unify disabling of Windows services 
Refactor, unify and improve the logic to to start/stop and
enable/disable services, and also add more documentation.

Rework functions:
  - Unify way of disabling Windows services using templating.
  - Capitalize as `startupMode` (where startup is single word) everywhere.
  - Use also text parameters (automatic, manual..) instead of numeric
    values (2,3...) when providing parameters to any service disable
    function.

Improve documentation:
  - Add reference URLs about disabled services.
  - Add more code documentation for querying status and allowed values.

Logic improvements include:
  - Check if service is running before stopping/starting the service.
  - Do not start the service it's not an Automatic service.
  - Check whether service is already disabled.
  - When reverting, start the service if it has Automatic startup. But
    do not start the service it has different startup (e.g. manual).
    Also starts the service even though start up is configured as
    desired (before it quit before doing service start).

Improve outputs (logs):
  - Remove false-positive error messages.
  - When a service cannot be stopped/start; mention in output that the
    service will be started/stopped after reboot.
  - Show success message once service is enabled/disabled.
  - Fix reboot messages when enabling/disabling services,
  - Do not write stderr if service cannot be stopped/started as it's not
    not the main goal of the function.

Add missing revert code for the ones missing them:
  - Disable diagnostics telemetry
  - Disable Windows Media Player Network Sharing Service

> Function: DisableServiceInRegistry
- Fix not exitting if service does not exist when reverting
- Show success message once service is enabled/disabled
- Fix double "Enabled.." messages
- Fix unintended registry addition

> Function: DisablePerUserService
- Change implementation to call DisableServiceInRegistry.
- Fix both services are skipped if one of them fails.
- Fix reverting a service sets wrong startup mode.
 2021-11-25 21:34:15 +01:00
1 changed files with 321 additions and 206 deletions
Expand all files Collapse all files

527
src/application/collections/windows.yaml
View File

@@ -582,8 +582,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: DiagTrack serviceName: DiagTrack # Check: (Get-Service -Name DiagTrack).StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
name: Disable WAP push message routing service # Device Management Wireless Application Protocol (WAP) Push message Routing Service name: Disable WAP push message routing service # Device Management Wireless Application Protocol (WAP) Push message Routing Service
recommend: standard recommend: standard
@@ -591,24 +591,24 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: dmwappushservice serviceName: dmwappushservice # Check: (Get-Service -Name dmwappushservice).StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Disable diagnostics hub standard collector service # Microsoft (R) Diagnostics Hub Standard Collector name: Disable diagnostics hub standard collector service # Microsoft (R) Diagnostics Hub Standard Collector
docs: http://batcmd.com/windows/10/services/diagnosticshub-standardcollector-service/ docs: http://batcmd.com/windows/10/services/diagnosticshub-standardcollector-service/
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: diagnosticshub.standardcollector.service serviceName: diagnosticshub.standardcollector.service # Check: (Get-Service -Name diagnosticshub.standardcollector.service).StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Disable diagnostic execution service # Diagnostic Execution Service name: Disable diagnostic execution service # Diagnostic Execution Service
docs: http://batcmd.com/windows/10/services/diagsvc/ docs: http://batcmd.com/windows/10/services/diagsvc/
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: diagsvc serviceName: diagsvc # Check: (Get-Service -Name diagsvc).StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Disable Customer Experience Improvement Program name: Disable Customer Experience Improvement Program
recommend: standard recommend: standard
@@ -734,13 +734,13 @@ actions:
- # Windows Error Reporting Service - # Windows Error Reporting Service
function: DisableService function: DisableService
parameters: parameters:
serviceName: wersvc serviceName: wersvc # Check: (Get-Service -Name wersvc).StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- # Problem Reports Control Panel Support - # Problem Reports Control Panel Support
function: DisableService function: DisableService
parameters: parameters:
serviceName: wercplsupport serviceName: wercplsupport # Check: (Get-Service -Name wercplsupport).StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
category: Disable automatic driver updates by Windows Update category: Disable automatic driver updates by Windows Update
children: children:
@@ -1477,8 +1477,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: WbioSrvc serviceName: WbioSrvc # Check: (Get-Service -Name WbioSrvc).StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Disable Wi-Fi sense name: Disable Wi-Fi sense
recommend: standard recommend: standard
@@ -1546,8 +1546,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: wisvc serviceName: wisvc # Check: (Get-Service -Name wisvc).StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Do not let Microsoft try features on this build name: Do not let Microsoft try features on this build
docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DataCollection::EnableExperimentation docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DataCollection::EnableExperimentation
@@ -1705,8 +1705,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: VSStandardCollectorService150 serviceName: VSStandardCollectorService150 # (Get-Service -Name VSStandardCollectorService150).StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
name: Disable NET Core CLI telemetry name: Disable NET Core CLI telemetry
recommend: standard recommend: standard
@@ -1930,8 +1930,8 @@ actions:
# - # -
# function: DisableService # function: DisableService
# parameters: # parameters:
# serviceName: ClickToRunSvc # serviceName: ClickToRunSvc # Check: (Get-Service -Name ClickToRunSvc).StartType
# defaultStartUpMode: Automatic # Automatic | Manual # defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
name: Disable Subscription Heartbeat name: Disable Subscription Heartbeat
code: |- code: |-
@@ -2126,13 +2126,13 @@ actions:
- -
function: DisableService function: DisableService
parameters: parameters:
serviceName: gupdate serviceName: gupdate # Check: (Get-Service -Name gupdate).StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
function: DisableService function: DisableService
parameters: parameters:
serviceName: gupdatem serviceName: gupdatem # Check: (Get-Service -Name gupdatem).StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
name: Disable Adobe Acrobat update service name: Disable Adobe Acrobat update service
recommend: standard recommend: standard
@@ -2140,18 +2140,18 @@ actions:
- -
function: DisableService function: DisableService
parameters: parameters:
serviceName: AdobeARMservice serviceName: AdobeARMservice # Check: (Get-Service -Name AdobeARMservice).StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
function: DisableService function: DisableService
parameters: parameters:
serviceName: adobeupdateservice serviceName: adobeupdateservice # Check: (Get-Service -Name adobeupdateservice).StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
function: DisableService function: DisableService
parameters: parameters:
serviceName: adobeflashplayerupdatesvc serviceName: adobeflashplayerupdatesvc # Check: (Get-Service -Name adobeflashplayerupdatesvc).StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
function: RunInlineCode function: RunInlineCode
parameters: parameters:
@@ -2167,16 +2167,16 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: Razer Game Scanner Service serviceName: Razer Game Scanner Service # Check: (Get-Service -Name 'Razer Game Scanner Service').StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Disable Logitech Gaming Registry Service name: Disable Logitech Gaming Registry Service
recommend: standard recommend: standard
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: LogiRegistryService serviceName: LogiRegistryService # Check: (Get-Service -Name 'LogiRegistryService').StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
name: Disable Dropbox auto update service name: Disable Dropbox auto update service
recommend: standard recommend: standard
@@ -2184,13 +2184,13 @@ actions:
- -
function: DisableService function: DisableService
parameters: parameters:
serviceName: dbupdate serviceName: dbupdate # Check: (Get-Service -Name 'dbupdate').StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
function: DisableService function: DisableService
parameters: parameters:
serviceName: dbupdatem serviceName: dbupdatem # Check: (Get-Service -Name 'dbupdatem').StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
function: RunInlineCode function: RunInlineCode
parameters: parameters:
@@ -2222,8 +2222,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: WMPNetworkSvc serviceName: WMPNetworkSvc # Check: (Get-Service -Name 'WMPNetworkSvc').StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Disable CCleaner Monitoring name: Disable CCleaner Monitoring
code: |- code: |-
@@ -2655,9 +2655,45 @@ actions:
children: children:
- -
name: Disable Firewall through command-line utility name: Disable Firewall through command-line utility
# ❗️ Following must be enabled and in running state:
# - mpsdrv (Windows Defender Firewall Authorization Driver)
# - bfe (Base Filtering Engine)
# - mpssvc (Windows Defender Firewall)
# If the dependent services are not running, the script fails with:
# "An error occurred while attempting to contact the Windows Defender Firewall service. Make sure that the service is running and try your request again."
# Requires rebooting after reverting privacy.sexy scripts for the services mpsdrv, mpssvc
docs: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior docs: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
code: netsh advfirewall set allprofiles state off call:
revertCode: netsh advfirewall set allprofiles state on function: RunPowerShell
parameters:
code: |-
if(!(Get-Command 'netsh' -ErrorAction Ignore)) {
throw '"netsh" does not exist, is system installed correctly?'
}
$message=netsh advfirewall set allprofiles state off 2>&1
if($?) {
Write-Host "Successfully disabled firewall."
} else {
if($message -like '*Firewall service*') {
Write-Warning 'Cannot use CLI because MpsSvc or MpsDrv is not running. Try to enable them (revert) -> reboot -> re-run this?'
} else {
throw "Cannot disable: $message"
}
}
revertCode: |-
if(!(Get-Command 'netsh' -ErrorAction Ignore)) {
throw '"netsh" does not exist, is system installed correctly?'
}
$message=netsh advfirewall set allprofiles state on 2>&1
if($?) {
Write-Host "Successfully enabled firewall."
} else {
if($message -like '*Firewall service*') {
Write-Warning 'Cannot use CLI because MpsSvc or MpsDrv is not running. Try to enable them (revert) -> reboot -> re-run this?'
} else {
throw "Cannot enable: $message"
}
}
- -
name: Disable Firewall through registry # Lower-level, good in case command-line utility is not available/functioning name: Disable Firewall through registry # Lower-level, good in case command-line utility is not available/functioning
docs: docs:
@@ -2724,7 +2760,7 @@ actions:
parameters: parameters:
property: DisableBlockAtFirstSeen # Status: Get-MpPreference | Select-Object -Property DisableBlockAtFirstSeen property: DisableBlockAtFirstSeen # Status: Get-MpPreference | Select-Object -Property DisableBlockAtFirstSeen
value: $True # Set: Set-MpPreference -Force -DisableBlockAtFirstSeen $True value: $True # Set: Set-MpPreference -Force -DisableBlockAtFirstSeen $True
default: $False # Default: False (Enabled) | Remove-MpPreference -Force -DisableBlockAtFirstSeen | Set-MpPreference -Force -DisableBlockAtFirstSeen $False default: $False # Default: False (Enabled) | Remove-MpPreference -Force -DisableBlockAtFirstSeen | Set-MpPreference -Force -DisableBlockAtFirstSeen $False
- -
function: RunInlineCode function: RunInlineCode
parameters: parameters:
@@ -2829,7 +2865,7 @@ actions:
# 0 = 'Disabled' (default), 1 = 'Enabled', 2 = 'AuditMode' # 0 = 'Disabled' (default), 1 = 'Enabled', 2 = 'AuditMode'
property: PUAProtection # Status: Get-MpPreference | Select-Object -Property PUAProtection property: PUAProtection # Status: Get-MpPreference | Select-Object -Property PUAProtection
value: "'0'" # Set: Set-MpPreference -Force -PUAProtection 0 value: "'0'" # Set: Set-MpPreference -Force -PUAProtection 0
default: "'0'" # Default: 0 (Disabled) | Remove-MpPreference -Force -PUAProtection | Set-MpPreference -Force -PUAProtection 0 default: "'0'" # Default: 0 (Disabled) | Remove-MpPreference -Force -PUAProtection | Set-MpPreference -Force -PUAProtection 0
- -
function: RunInlineCode function: RunInlineCode
parameters: parameters:
@@ -2851,7 +2887,7 @@ actions:
call: call:
- -
function: RunInlineCodeAsTrustedInstaller # Otherwise we get "ERROR: Access is denied." (>= 20H2) function: RunInlineCodeAsTrustedInstaller # Otherwise we get "ERROR: Access is denied." (>= 20H2)
# ❌ Fails with "ERROR: Access is denied." in Windows 11 21H2 | ✅ Works in Windows 10 >= 20H2 # ❌ Fails with "ERROR: Access is denied." in Windows 11 21H2 | ✅ Works in Windows 10 >= 20H2
parameters: parameters:
code: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "4" /f code: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "4" /f
revertCode: reg delete "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /f 2>nul revertCode: reg delete "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /f 2>nul
@@ -2922,7 +2958,7 @@ actions:
property: DisableRealtimeMonitoring # Status: Get-MpPreference | Select-Object -Property DisableRealtimeMonitoring property: DisableRealtimeMonitoring # Status: Get-MpPreference | Select-Object -Property DisableRealtimeMonitoring
value: $True # Set: Set-MpPreference -Force -DisableRealtimeMonitoring $True value: $True # Set: Set-MpPreference -Force -DisableRealtimeMonitoring $True
# ❌ Windows 11: Does not fail but does not set $True value | ✅ Windows 10: Works as expected # ❌ Windows 11: Does not fail but does not set $True value | ✅ Windows 10: Works as expected
default: $False # Default: False (Enabled) | Remove-MpPreference -Force -DisableRealtimeMonitoring | Set-MpPreference -Force -DisableRealtimeMonitoring $False default: $False # Default: False (Enabled) | Remove-MpPreference -Force -DisableRealtimeMonitoring | Set-MpPreference -Force -DisableRealtimeMonitoring $False
- -
function: RunInlineCode function: RunInlineCode
@@ -3452,7 +3488,7 @@ actions:
property: DisableScriptScanning # Status: Get-MpPreference | Select-Object -Property DisableScriptScanning property: DisableScriptScanning # Status: Get-MpPreference | Select-Object -Property DisableScriptScanning
value: $True # Set: Set-MpPreference -Force -DisableScriptScanning $True value: $True # Set: Set-MpPreference -Force -DisableScriptScanning $True
# ❌ Windows 11: Does not fail but does not set $True value | ✅ Windows 10: Works as expected # ❌ Windows 11: Does not fail but does not set $True value | ✅ Windows 10: Works as expected
default: $False # Default: False | Remove-MpPreference -Force -DisableScriptScanning | Set-MpPreference -Force -DisableScriptScanning $False default: $False # Default: False | Remove-MpPreference -Force -DisableScriptScanning | Set-MpPreference -Force -DisableScriptScanning $False
- -
name: Disable reparse point scanning name: Disable reparse point scanning
docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableReparsePointScanning docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableReparsePointScanning
@@ -3578,7 +3614,7 @@ actions:
parameters: parameters:
property: ScanScheduleDay # Status: Get-MpPreference | Select-Object -Property ScanScheduleDay property: ScanScheduleDay # Status: Get-MpPreference | Select-Object -Property ScanScheduleDay
value: "'8'" # Set: Set-MpPreference -Force -ScanScheduleDay '8' value: "'8'" # Set: Set-MpPreference -Force -ScanScheduleDay '8'
default: "'0'" # Default: 0 (Every Day) | Remove-MpPreference -Force -ScanScheduleDay | Set-MpPreference -Force -ScanScheduleDay '0' default: "'0'" # Default: 0 (Every Day) | Remove-MpPreference -Force -ScanScheduleDay | Set-MpPreference -Force -ScanScheduleDay '0'
- -
name: Disable randomizing scheduled task times name: Disable randomizing scheduled task times
docs: docs:
@@ -3597,7 +3633,7 @@ actions:
parameters: parameters:
property: RandomizeScheduleTaskTimes # Status: Get-MpPreference | Select-Object -Property RandomizeScheduleTaskTimes property: RandomizeScheduleTaskTimes # Status: Get-MpPreference | Select-Object -Property RandomizeScheduleTaskTimes
value: $False # Set: Set-MpPreference -Force -RandomizeScheduleTaskTimes $False value: $False # Set: Set-MpPreference -Force -RandomizeScheduleTaskTimes $False
default: $True # Default: True | Remove-MpPreference -Force -RandomizeScheduleTaskTimes | Set-MpPreference -Force -RandomizeScheduleTaskTimes $True default: $True # Default: True | Remove-MpPreference -Force -RandomizeScheduleTaskTimes | Set-MpPreference -Force -RandomizeScheduleTaskTimes $True
- -
name: Disable scheduled full-scans name: Disable scheduled full-scans
docs: docs:
@@ -3670,7 +3706,7 @@ actions:
parameters: parameters:
property: SignatureUpdateCatchupInterval # Status: Get-MpPreference | Select-Object -Property SignatureUpdateCatchupInterval property: SignatureUpdateCatchupInterval # Status: Get-MpPreference | Select-Object -Property SignatureUpdateCatchupInterval
value: "'0'" # Set: Set-MpPreference -Force -SignatureUpdateCatchupInterval '0' value: "'0'" # Set: Set-MpPreference -Force -SignatureUpdateCatchupInterval '0'
default: "'1'" # Default: 1 | Remove-MpPreference -Force -SignatureUpdateCatchupInterval | Set-MpPreference -Force -SignatureUpdateCatchupInterval '1' default: "'1'" # Default: 1 | Remove-MpPreference -Force -SignatureUpdateCatchupInterval | Set-MpPreference -Force -SignatureUpdateCatchupInterval '1'
- -
name: Limit spyware security intelligence (signature) updates # default is one day, recommended is 7 days name: Limit spyware security intelligence (signature) updates # default is one day, recommended is 7 days
# Maximize period when spyware security intelligence (signature) is considered up-to-dates # Maximize period when spyware security intelligence (signature) is considered up-to-dates
@@ -3705,7 +3741,7 @@ actions:
parameters: parameters:
property: SignatureDisableUpdateOnStartupWithoutEngine # Status: Get-MpPreference | Select-Object -Property SignatureDisableUpdateOnStartupWithoutEngine property: SignatureDisableUpdateOnStartupWithoutEngine # Status: Get-MpPreference | Select-Object -Property SignatureDisableUpdateOnStartupWithoutEngine
value: $True # Set: Set-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine $True value: $True # Set: Set-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine $True
default: $False # Default: False | Remove-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine | Set-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine $False default: $False # Default: False | Remove-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine | Set-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine $False
- -
name: Disable automatically checking security intelligence (signature) updates # Already disabled by default name: Disable automatically checking security intelligence (signature) updates # Already disabled by default
docs: docs:
@@ -3774,7 +3810,7 @@ actions:
# ❌ Not generally supported on Windows (before 4.18.2106.5 Defender platform) # ❌ Not generally supported on Windows (before 4.18.2106.5 Defender platform)
property: DisableGradualRelease # Status: Get-MpPreference | Select-Object -Property DisableGradualRelease property: DisableGradualRelease # Status: Get-MpPreference | Select-Object -Property DisableGradualRelease
value: $True # Set: Set-MpPreference -Force -DisableGradualRelease $True value: $True # Set: Set-MpPreference -Force -DisableGradualRelease $True
default: $False # Default: False | Remove-MpPreference -Force -DisableGradualRelease default: $False # Default: False | Remove-MpPreference -Force -DisableGradualRelease
- -
name: Limit Defender engine updates to those that complete gradual release cycle name: Limit Defender engine updates to those that complete gradual release cycle
@@ -3805,7 +3841,7 @@ actions:
# Valid values: # Valid values:
# 0 = 'NotConfigured' (default), 'Beta', 'Broad', 'Preview', 'Staged' # 0 = 'NotConfigured' (default), 'Beta', 'Broad', 'Preview', 'Staged'
# ❌ Windows 11 21H2 supports only 'NotConfigured', 'Beta', 'Preview' but not 'Broad', 'Staged' # ❌ Windows 11 21H2 supports only 'NotConfigured', 'Beta', 'Preview' but not 'Broad', 'Staged'
default: "'NotConfigured'" # Default: 0 (NotConfigured) | Remove-MpPreference -Force -PlatformUpdatesChannel | Set-MpPreference -Force -PlatformUpdatesChannel "'NotConfigured'" default: "'NotConfigured'" # Default: 0 (NotConfigured) | Remove-MpPreference -Force -PlatformUpdatesChannel | Set-MpPreference -Force -PlatformUpdatesChannel "'NotConfigured'"
- -
name: Limit Defender definition updates to those that complete gradual release cycle name: Limit Defender definition updates to those that complete gradual release cycle
docs: docs:
@@ -3820,7 +3856,7 @@ actions:
value: "'Broad'" # Set: Set-MpPreference -Force -DefinitionUpdatesChannel 'Broad' value: "'Broad'" # Set: Set-MpPreference -Force -DefinitionUpdatesChannel 'Broad'
# 0 = 'NotConfigured' (default), 'Beta', Preview' 'Broad', 'Staged' # 0 = 'NotConfigured' (default), 'Beta', Preview' 'Broad', 'Staged'
# ❌ Windows 11 21H2 supports only 'NotConfigured', 'Beta', 'Preview' but not 'Broad', 'Staged' # ❌ Windows 11 21H2 supports only 'NotConfigured', 'Beta', 'Preview' but not 'Broad', 'Staged'
default: "'NotConfigured'" # Default: 0 (NotConfigured) | Remove-MpPreference -Force -DefinitionUpdatesChannel | Set-MpPreference -Force -DefinitionUpdatesChannel "'NotConfigured'" default: "'NotConfigured'" # Default: 0 (NotConfigured) | Remove-MpPreference -Force -DefinitionUpdatesChannel | Set-MpPreference -Force -DefinitionUpdatesChannel "'NotConfigured'"
- -
category: Disable Windows Defender reporting category: Disable Windows Defender reporting
children: children:
@@ -4088,20 +4124,48 @@ actions:
# 2. Some cannot be disabled even using DisableServiceInRegistry, must be disabled as TrustedInstaller using RunInlineCodeAsTrustedInstaller # 2. Some cannot be disabled even using DisableServiceInRegistry, must be disabled as TrustedInstaller using RunInlineCodeAsTrustedInstaller
children: children:
- -
name: Disable Windows Defender Firewall service name: Disable Windows Defender Firewall service (breaks Microsoft Store and `netsh advfirewall` CLI)
docs: http://batcmd.com/windows/10/services/mpssvc/ docs:
- http://batcmd.com/windows/10/services/mpssvc/
- https://en.wikipedia.org/wiki/Windows_Firewall
# More information about MpsSvc:
- https://web.archive.org/web/20110203202612/http://technet.microsoft.com/en-us/library/dd364391(v=WS.10).aspx
# More information about boot time protection and stopping the firewall service:
- https://web.archive.org/web/20110131034058/http://blogs.technet.com:80/b/networking/archive/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy.aspx
# Stopping the service associated with Windows Firewall is not supported by Microsoft:
- https://web.archive.org/web/20121106033255/http://technet.microsoft.com/en-us/library/cc753180.aspx
# ❗️ Breaks Microsoft Store
# Can no longer update nor install apps, they both fail with 0x80073D0A
# Also breaks some of Store apps such as Photos:
# - https://answers.microsoft.com/en-us/windows/forum/all/microsoft-store-windows-defender-windows-firewall/f2f68cd7-64ec-4fe1-ade4-9d12cde057f9
# - https://github.com/undergroundwires/privacy.sexy/issues/104#issuecomment-962651791
# > The MpsSvc service host much more functionality than just windows firewall. For instance, Windows
# Service hardening which is a windows protection of system services. It also host network isolatio
# which is a crucial part of the confidence model for Windows Store based applications. 3rd party firewalls
# know this fact and instead of disabling the firewall service they coordinate through public APIs with Windows
# Firewall so that they can have ownership of the firewall policies of the computer. Hence you do not have to do
# anything special once you install a 3rd party security product.
# Source: https://www.walkernews.net/2012/09/23/how-to-fix-windows-store-app-update-error-code-0x80073d0a/
# ❗️ Breaks: `netsh advfirewall set`
# Disabling and stopping it breaks "netsh advfirewall set" commands such as
# `netsh advfirewall set allprofiles state on`, `netsh advfirewall set allprofiles state off`.
# More about `netsh firewall` context: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
call: call:
- -
function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config
parameters: parameters:
serviceName: MpsSvc serviceName: MpsSvc # Check: (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\MpsSvc").Start
defaultStartUpMode: 2 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled defaultStartupMode: Automatic # Alowed values: Boot | System | Automatic | Manual
- -
function: RenameSystemFile function: RenameSystemFile
parameters: parameters:
filePath: '%WinDir%\system32\mpssvc.dll' filePath: '%WinDir%\system32\mpssvc.dll'
- -
name: Disable Windows Defender Antivirus service name: Disable Windows Defender Antivirus service
# ❗️ Breaks `Set-MpPreference` PowerShell cmdlet that helps to manage Defender
# E.g. `Set-MpPreference -Force -MAPSReporting 0` throws:
# `Set-MpPreference: Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference.`
# `Target: MAPS_MAPSReporting. FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference`
docs: http://batcmd.com/windows/10/services/windefend/ docs: http://batcmd.com/windows/10/services/windefend/
call: call:
- -
@@ -4117,14 +4181,19 @@ actions:
category: Disable kernel-level Windows Defender drivers category: Disable kernel-level Windows Defender drivers
children: children:
- -
name: Disable Windows Defender Firewall Authorization Driver service name: Disable Windows Defender Firewall Authorization Driver service (breaks `netsh advfirewall` CLI)
docs: http://batcmd.com/windows/10/services/mpsdrv/ docs:
- http://batcmd.com/windows/10/services/mpsdrv/
# ❗️ Breaks: `netsh advfirewall set`
# Disabling and stopping it breaks "netsh advfirewall set" commands such as
# `netsh advfirewall set allprofiles state on`, `netsh advfirewall set allprofiles state off`.
# More about `netsh firewall` context: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
call: call:
- -
function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config
parameters: parameters:
serviceName: mpsdrv serviceName: mpsdrv # Check: (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\mpsdrv").Start
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
- -
function: RenameSystemFile function: RenameSystemFile
parameters: parameters:
@@ -4206,8 +4275,8 @@ actions:
- -
function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config
parameters: parameters:
serviceName: SenseAutomatic serviceName: Sense # Check: (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Sense").Start
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
- -
function: RenameSystemFile function: RenameSystemFile
parameters: parameters:
@@ -4350,8 +4419,8 @@ actions:
- -
function: DisableService function: DisableService
parameters: parameters:
serviceName: UsoSvc serviceName: UsoSvc # Check: (Get-Service -Name 'UsoSvc').StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
category: UI for privacy category: UI for privacy
children: children:
@@ -4530,8 +4599,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: DoSvc serviceName: DoSvc # Check: (Get-Service -Name 'DoSvc').StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
name: Microsoft Windows Live ID Service name: Microsoft Windows Live ID Service
recommend: standard recommend: standard
@@ -4539,8 +4608,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: wlidsvc serviceName: wlidsvc # Check: (Get-Service -Name 'wlidsvc').StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Program Compatibility Assistant Service name: Program Compatibility Assistant Service
recommend: standard recommend: standard
@@ -4548,8 +4617,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: PcaSvc serviceName: PcaSvc # Check: (Get-Service -Name 'PcaSvc').StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Downloaded Maps Manager name: Downloaded Maps Manager
recommend: standard recommend: standard
@@ -4557,8 +4626,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: MapsBroker serviceName: MapsBroker # Check: (Get-Service -Name 'MapsBroker').StartType
defaultStartUpMode: Automatic # Automatic | Manual defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- -
name: Microsoft Retail Demo experience name: Microsoft Retail Demo experience
recommend: standard recommend: standard
@@ -4566,57 +4635,89 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: RetailDemo serviceName: RetailDemo # Check: (Get-Service -Name 'RetailDemo').StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
category: Mail, contact, calendar and user data synchronization category: Mail, contact, calendar and user data synchronization
children: children:
- -
name: User Data Storage (UnistoreSvc) Service name: User Data Storage (UnistoreSvc) Service
docs: http://batcmd.com/windows/10/services/unistoresvc/
recommend: strict recommend: strict
call: call:
function: DisablePerUserService function: DisablePerUserService
parameters: parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_*").Start
serviceName: UnistoreSvc serviceName: UnistoreSvc
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
- -
name: Sync Host (OneSyncSvc) Service Service name: Sync Host (OneSyncSvc) Service Service
docs: http://batcmd.com/windows/10/services/onesyncsvc/
recommend: strict recommend: strict
call: call:
function: DisablePerUserService function: DisablePerUserService
parameters: parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*").Start
serviceName: OneSyncSvc serviceName: OneSyncSvc
defaultStartUpMode: 2 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled defaultStartupMode: Automatic # Alowed values: Boot | System | Automatic | Manual
- -
name: Contact data indexing name: Contact data indexing
docs: http://batcmd.com/windows/10/services/pimindexmaintenancesvc/
call: call:
function: DisablePerUserService function: DisablePerUserService
parameters: parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_*").Start
serviceName: PimIndexMaintenanceSvc serviceName: PimIndexMaintenanceSvc
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
- -
name: App user data access name: App user data access
docs: http://batcmd.com/windows/10/services/userdatasvc/
call: call:
function: DisablePerUserService function: DisablePerUserService
parameters: parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc_*").Start
serviceName: UserDataSvc serviceName: UserDataSvc
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
- -
name: Text messaging name: Text messaging
docs: http://batcmd.com/windows/10/services/messagingservice/
call: call:
function: DisablePerUserService function: DisablePerUserService
parameters: parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\MessagingService").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\MessagingService_*").Start
serviceName: MessagingService serviceName: MessagingService
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
- -
name: Windows Push Notification Service name: Windows Push Notification Service
recommend: standard # Hosts Windows notification platform, which provides support for local and push notifications.
docs: https://en.wikipedia.org/w/index.php?title=Windows_Push_Notification_Service&oldid=1012335551#Privacy_Issue # While connected to a VPN that disallows Split Tunneling, the WpnUserService_[unique ID] process bypasses the tunnel
# connecting directly to Microsoft. This behavior will reveal the real IP address of the host. This can be observed with
# the Windows Resource Monitor.
recommend: strict
docs:
- https://en.wikipedia.org/w/index.php?title=Windows_Push_Notification_Service&oldid=1012335551#Privacy_Issue
# System-wide service:
- http://batcmd.com/windows/10/services/wpnservice/
# Per-user service:
- http://batcmd.com/windows/10/services/wpnuserservice/
call: call:
function: DisableService - # Windows Push Notifications System Service
parameters: function: DisableService
serviceName: WpnService parameters:
defaultStartUpMode: Automatic # Automatic | Manual serviceName: WpnService # Check: (Get-Service -Name 'WpnService').StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- # Windows Push Notifications User Service
function: DisablePerUserService
parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_*").Start
serviceName: WpnUserService
defaultStartupMode: Automatic # Alowed values: Boot | System | Automatic | Manual
- -
category: Disable Xbox services category: Disable Xbox services
children: children:
@@ -4626,24 +4727,24 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: XblAuthManager serviceName: XblAuthManager # Check: (Get-Service -Name 'XblAuthManager').StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Xbox Live Game Save name: Xbox Live Game Save
recommend: standard recommend: standard
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: XblGameSave serviceName: XblGameSave # Check: (Get-Service -Name 'XblGameSave').StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Xbox Live Networking Service name: Xbox Live Networking Service
recommend: standard recommend: standard
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: XboxNetApiSvc serviceName: XboxNetApiSvc # Check: (Get-Service -Name 'XboxNetApiSvc').StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Disable Volume Shadow Copy Service (breaks System Restore and Windows Backup) # Also known as • Volume Snapshot Service • VSS • VSC name: Disable Volume Shadow Copy Service (breaks System Restore and Windows Backup) # Also known as • Volume Snapshot Service • VSS • VSC
recommend: strict recommend: strict
@@ -4653,8 +4754,8 @@ actions:
call: call:
function: DisableService function: DisableService
parameters: parameters:
serviceName: VSS serviceName: VSS # Check: (Get-Service -Name 'VSS').StartType
defaultStartUpMode: Manual # Automatic | Manual defaultStartupMode: Manual # Allowed values: Automatic | Manual
- -
name: Disable NetBios for all interfaces name: Disable NetBios for all interfaces
docs: docs:
@@ -6337,53 +6438,22 @@ functions:
PowerShell -ExecutionPolicy Unrestricted -Command "{{ . | inlinePowerShell | escapeDoubleQuotes }}" PowerShell -ExecutionPolicy Unrestricted -Command "{{ . | inlinePowerShell | escapeDoubleQuotes }}"
{{ end }} {{ end }}
- -
name: DisablePerUserService # https://docs.microsoft.com/en-us/windows/application-management/per-user-services-in-windows name: DisablePerUserService
parameters: parameters:
- name: serviceName - name: serviceName
- name: defaultStartUpMode - name: defaultStartupMode # Alowed values: Boot | System | Automatic | Manual
# More about per-user services: https://docs.microsoft.com/en-us/windows/application-management/per-user-services-in-windows
call: call:
function: RunPowerShell - # System-wide variant: every per-user service has also system-wide counterpart with same default startup mode
parameters: function: DisableServiceInRegistry
code: |- parameters:
$serviceQueries = @('{{ $serviceName }}', '{{ $serviceName }}_*') serviceName: '{{ $serviceName }}'
foreach ($serviceQuery in $serviceQueries) { defaultStartupMode: '{{ $defaultStartupMode }}'
$service = Get-Service -Name $serviceQuery -ErrorAction Ignore - # Per-user variant
if(!$service) { function: DisableServiceInRegistry
Write-Host "Service `"$serviceQuery`" is not found, no action is needed" parameters:
continue serviceName: '{{ $serviceName }}_*'
} defaultStartupMode: '{{ $defaultStartupMode }}'
$name = $service.Name
Stop-Service $name -ErrorAction SilentlyContinue
if($?) {
Write-Host "Stopped `"$name`""
} else {
Write-Warning "Could not stop `"$name`""
}
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$name"
if(Test-Path $regKey) {
Set-ItemProperty $regKey -Name Start -Value 4 -Force
Write-Host "Disabled `"$name`""
} else {
Write-Host "Service is not registered at Windows startup, no action is needed."
}
}
revertCode: |-
$serviceQueries = @('{{ $serviceName }}', '{{ $serviceName }}_*')
foreach ($serviceQuery in $serviceQueries) {
$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue
if(!$service) {
Write-Warning "Service `"$serviceQuery`" not found"
continue
}
$name = $service.Name
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$name"
if(Test-Path $regKey) {
Set-ItemProperty $regKey -Name Start -Value 0 -Force
Write-Host "Enabled `"$name`", may require restarting your computer."
} else {
Write-Error "Registry key at `"$regKey`" does not exist"
}
}
- -
name: RunInlineCode name: RunInlineCode
parameters: parameters:
@@ -6520,60 +6590,103 @@ functions:
name: DisableServiceInRegistry name: DisableServiceInRegistry
parameters: parameters:
- name: serviceName - name: serviceName
- name: defaultStartUpMode - name: defaultStartupMode # Allowed values: Boot | System | Automatic | Manual
call: call:
function: RunPowerShell function: RunPowerShell
parameters: parameters:
code: |- # We do registry way because GUI, "sc config" or "Set-Service" won't not work code: |- # We do registry way because GUI, "sc config" or "Set-Service" won't not work
$serviceName = '{{ $serviceName }}' $serviceQuery = '{{ $serviceName }}'
$service = Get-Service -Name $serviceName -ErrorAction Ignore # -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue
if(!$service) { if(!$service) {
Write-Host "Service `"$serviceName`" is not found, no action is needed" Write-Host "Service query `"$serviceQuery`" did not yield any results, no need to disable it."
exit 0 Exit 0
} }
$name = $service.Name $serviceName = $service.Name
Stop-Service $name -Force -ErrorAction SilentlyContinue Write-Host "Disabling service: `"$serviceName`"."
if($?) { # -- 2. Stop if running
Write-Host "Stopped `"$name`"" if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {
} else { Write-Host "`"$serviceName`" is running, trying to stop it."
Write-Warning "Could not stop `"$name`"" try {
} Stop-Service -Name "$serviceName" -Force -ErrorAction Stop
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$name" Write-Host "Stopped `"$serviceName`" successfully."
if(Test-Path $regKey) { } catch {
if( $(Get-ItemProperty -Path "$regKey").Start -eq 4) { Write-Warning "Could not stop `"$serviceName`", it will be stopped after reboot: $_"
Write-Host "Service `"$name`" is already disabled, no action is needed"
} else {
Set-ItemProperty $regKey -Name Start -Value 4 -Force
Write-Host "Disabled `"$name`""
} }
} else { } else {
Write-Host "Service is not registered at Windows startup, no action is needed." Write-Host "`"$serviceName`" is not running, no need to stop."
}
# -- 3. Skip if service info is not found in registry
$registryKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"
if(!(Test-Path $registryKey)) {
Write-Host "`"$registryKey`" is not found in registry, cannot enable it."
Exit 0
}
# -- 4. Skip if already disabled
if( $(Get-ItemProperty -Path "$registryKey").Start -eq 4) {
Write-Host "`"$serviceName`" is already disabled from start, no further action is needed."
Exit 0
}
# -- 5. Disable service
try {
Set-ItemProperty $registryKey -Name Start -Value 4 -Force -ErrorAction Stop
Write-Host "Disabled `"$serviceName`" successfully."
} catch {
Write-Error "Could not disable `"$serviceName`": $_"
} }
revertCode: |- revertCode: |-
$serviceName = '{{ $serviceName }}' $serviceQuery = '{{ $serviceName }}'
$defaultStartUpMode = '{{ $defaultStartUpMode }}' $defaultStartupMode = '{{ $defaultStartupMode }}'
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue # -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue
if(!$service) { if(!$service) {
Write-Warning "Service `"$serviceName`" not found" Write-Warning "Service query `"$serviceQuery`" did not yield and results, cannot enable it."
continue Exit 1
} }
$name = $service.Name $serviceName = $service.Name
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$name" Write-Host "Enabling service: `"$serviceName`" with `"$defaultStartupMode`" start."
if(Test-Path $regKey) { # -- 2. Skip if service info is not found in registry
if( $(Get-ItemProperty -Path "$regKey").Start -eq $defaultStartUpMode) { $registryKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"
Write-Host "Service $serviceName already enabled" if(!(Test-Path $registryKey)) {
} else { Write-Warning "`"$registryKey`" is not found in registry, cannot enable it."
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName" -Name Start -Value $defaultStartUpMode Exit 1
Write-Host "Enabled service $serviceName (requires reboot)" }
# -- 3. Enable if not already enabled
$defaultStartupRegValue = `
if ($defaultStartupMode -eq 'Boot') { '0' } `
elseif($defaultStartupMode -eq 'System') { '1' } `
elseif($defaultStartupMode -eq 'Automatic') { '2' } `
elseif($defaultStartupMode -eq 'Manual') { '3' } `
else { throw "Unknown start mode: $defaultStartupMode"}
if( $(Get-ItemProperty -Path "$registryKey").Start -eq $defaultStartupRegValue) {
Write-Host "`"$serviceName`" is already enabled with `"$defaultStartupMode`" start."
} else {
try {
Set-ItemProperty $registryKey -Name Start -Value $defaultStartupRegValue -Force
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartupMode`" start, may require restarting your computer."
} catch {
Write-Error "Could not enable `"$serviceName`": $_"
Exit 1
}
}
# -- 4. Start if not running (must be enabled first)
if($defaultStartupMode -eq 'Automatic') {
if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$serviceName`" is not running, trying to start it."
try {
Start-Service $serviceName -ErrorAction Stop
Write-Host "Started `"$serviceName`" successfully."
} catch {
Write-Warning "Could not start `"$serviceName`", requires restart, it will be started after reboot.`r`n$_"
}
} else {
Write-Host "`"$serviceName`" is already running, no need to start."
} }
Set-ItemProperty $regKey -Name Start -Value 0 -Force
Write-Host "Enabled `"$name`", may require restarting your computer."
} else {
Write-Error "Registry key at `"$regKey`" does not exist"
} }
- -
name: SetMpPreference name: SetMpPreference
# Configures preferences for Windows Defender scans and updates. # Configures preferences for Windows Defender scans and updates.
# ❗️ Requires "WinDefend" service in running state, otherwise fails
parameters: parameters:
- name: property - name: property
- name: value - name: value
@@ -6621,8 +6734,8 @@ functions:
Write-Host "Successfully set `"$propertyName`" to `"$value`"." Write-Host "Successfully set `"$propertyName`" to `"$value`"."
exit 0 exit 0
} catch { } catch {
if ($_.FullyQualifiedErrorId -like '*0x800106ba*') { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') {
Write-Warning "Cannot $($command.Name): Defender is not running. Try to enable it (revert) -> reboot -> re-run this?" Write-Warning "Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"
exit 0 exit 0
} elseif (($_ | Out-String) -like '*Cannot convert*') { } elseif (($_ | Out-String) -like '*Cannot convert*') {
Write-Host "Skipping. Argument `"$value`" for property `"$propertyName`" is not supported for `"$($command.Name)`"." Write-Host "Skipping. Argument `"$value`" for property `"$propertyName`" is not supported for `"$($command.Name)`"."
@@ -6669,7 +6782,7 @@ functions:
exit 0 exit 0
} catch { } catch {
if ($_.FullyQualifiedErrorId -like '*0x800106ba*') { if ($_.FullyQualifiedErrorId -like '*0x800106ba*') {
Write-Warning "Cannot $($command.Name): Defender is not running. Try to enable it (revert) -> reboot -> re-run this?" Write-Warning "Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"
} else { } else {
Write-Error "Failed to set using $($command.Name): $_" Write-Error "Failed to set using $($command.Name): $_"
} }
@@ -6692,7 +6805,7 @@ functions:
exit 0 exit 0
} catch { } catch {
if ($_.FullyQualifiedErrorId -like '*0x800106ba*') { if ($_.FullyQualifiedErrorId -like '*0x800106ba*') {
Write-Warning "Cannot $($command.Name): Defender is not running. Try to enable it (revert) -> reboot -> re-run this?" Write-Warning "Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"
} else { } else {
Write-Error "Failed to set using $($command.Name): $_" Write-Error "Failed to set using $($command.Name): $_"
} }
@@ -6701,15 +6814,15 @@ functions:
name: DisableService name: DisableService
parameters: parameters:
- name: serviceName - name: serviceName
- name: defaultStartUpMode # Allowed values: Automatic | Manual - name: defaultStartupMode # Allowed values: Automatic | Manual
call: call:
function: RunPowerShell function: RunPowerShell
# Careful with Set-Service cmdlet: # Careful with Set-Service cmdlet:
# 1. It exits with positive code even if service is disabled # 1. It exits with positive code even if service is disabled
# 2. It had breaking API change for -StartupMode parameter: # 2. It had breaking API change for `-StartupMode` parameter:
# Powershell >= 6.0 : Automatic, AutomaticDelayedStart, Disabled, InvalidValue, Manual # Powershell >= 6.0 : Automatic, AutomaticDelayedStart, Disabled, InvalidValue, Manual
# PowerShell <= 5 : Boot, System, Automatic, Manual, Disabled # PowerShell <= 5 : Boot, System, Automatic, Manual, Disabled
# "Disabled", "Automatic" and "Manual" are only consistent ones. # So "Disabled", "Automatic" and "Manual" are only consistent ones.
# Read more: # Read more:
# https://github.com/PowerShell/PowerShell/blob/v7.2.0/src/Microsoft.PowerShell.Commands.Management/commands/management/Service.cs#L2966-L2978 # https://github.com/PowerShell/PowerShell/blob/v7.2.0/src/Microsoft.PowerShell.Commands.Management/commands/management/Service.cs#L2966-L2978
# https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/set-service?view=powershell-7.1 # https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/set-service?view=powershell-7.1
@@ -6717,15 +6830,15 @@ functions:
code: |- code: |-
$serviceName = '{{ $serviceName }}' $serviceName = '{{ $serviceName }}'
Write-Host "Disabling service: `"$serviceName`"." Write-Host "Disabling service: `"$serviceName`"."
# -- Skip if service does not exist # -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
if(!$service) { if(!$service) {
Write-Host "Service `"$serviceName`" could not be not found, no need to disable it." Write-Host "Service `"$serviceName`" could not be not found, no need to disable it."
Exit 0 Exit 0
} }
# -- Stop if running # -- 2. Stop if running
if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$servicename`" is running, trying to stop it." Write-Host "`"$serviceName`" is running, stopping it."
try { try {
Stop-Service -Name "$serviceName" -Force -ErrorAction Stop Stop-Service -Name "$serviceName" -Force -ErrorAction Stop
Write-Host "Stopped `"$serviceName`" successfully." Write-Host "Stopped `"$serviceName`" successfully."
@@ -6735,7 +6848,8 @@ functions:
} else { } else {
Write-Host "`"$serviceName`" is not running, no need to stop." Write-Host "`"$serviceName`" is not running, no need to stop."
} }
# -- Skip if already disabled
# -- 3. Skip if already disabled
$startupType = $service.StartType # Does not work before .NET 4.6.1 $startupType = $service.StartType # Does not work before .NET 4.6.1
if(!$startupType) { if(!$startupType) {
$startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode $startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode
@@ -6746,7 +6860,7 @@ functions:
if($startupType -eq 'Disabled') { if($startupType -eq 'Disabled') {
Write-Host "$serviceName is already disabled, no further action is needed" Write-Host "$serviceName is already disabled, no further action is needed"
} }
# -- Disable service # -- 4. Disable service
try { try {
Set-Service -Name "$serviceName" -StartupType Disabled -Confirm:$false -ErrorAction Stop Set-Service -Name "$serviceName" -StartupType Disabled -Confirm:$false -ErrorAction Stop
Write-Host "Disabled `"$serviceName`" successfully." Write-Host "Disabled `"$serviceName`" successfully."
@@ -6755,14 +6869,15 @@ functions:
} }
revertCode: |- revertCode: |-
$serviceName = '{{ $serviceName }}' $serviceName = '{{ $serviceName }}'
$defaultStartUpMode = '{{ $defaultStartUpMode }}' $defaultStartupMode = '{{ $defaultStartupMode }}'
Write-Host "Enabling service: `"$serviceName`" with `"$defaultStartUpMode`" start." Write-Host "Enabling service: `"$serviceName`" with `"$defaultStartupMode`" start."
# -- Skip if service does not exist # -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
if(!$service) { if(!$service) {
throw "Service `"$serviceName`" could not be not found, cannot enable it." Write-Warning "Service `"$serviceName`" could not be not found, cannot enable it."
Exit 1
} }
# -- Skip if already enabled # -- 2. Enable or skip if already enabled
$startupType = $service.StartType # Does not work before .NET 4.6.1 $startupType = $service.StartType # Does not work before .NET 4.6.1
if(!$startupType) { if(!$startupType) {
$startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode $startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode
@@ -6770,26 +6885,26 @@ functions:
$startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='$serviceName'" -ErrorAction Ignore).StartMode $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='$serviceName'" -ErrorAction Ignore).StartMode
} }
} }
if($startupType -eq "$defaultStartUpMode") { if($startupType -eq "$defaultStartupMode") {
Write-Host "`"$serviceName`" is already enabled with `"$defaultStartupMode`" start, no further action is needed." Write-Host "`"$serviceName`" is already enabled with `"$defaultStartupMode`" start, no further action is needed."
Exit 0 } else {
try {
Set-Service -Name "$serviceName" -StartupType "$defaultStartupMode" -Confirm:$false -ErrorAction Stop
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartupMode`" start, may require restarting your computer."
} catch {
Write-Error "Could not enable `"$serviceName`": $_"
Exit 1
}
} }
# -- Enable service # -- 4. Start if not running (must be enabled first)
try { if($defaultStartupMode -eq 'Automatic') {
Set-Service -Name "$serviceName" -StartupType "$defaultStartUpMode" -Confirm:$false -ErrorAction Stop
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartUpMode`" start."
} catch {
Write-Error "Could not enable `"$serviceName`": $_"
}
# -- Start if not running (must done after enabling)
if($defaultStartUpMode -eq 'Automatic') {
if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) { if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$serviceName`" is not running, trying to start it" Write-Host "`"$serviceName`" is not running, starting it."
try { try {
Start-Service $serviceName -ErrorAction Stop Start-Service $serviceName -ErrorAction Stop
Write-Host "Started `"$serviceName`" successfully." Write-Host "Started `"$serviceName`" successfully."
} catch { } catch {
Write-Warning "Could not start `"$serviceName`", it will be stopped after reboot.`r`n$_" Write-Warning "Could not start `"$serviceName`", requires restart, it will be started after reboot.`r`n$_"
} }
} else { } else {
Write-Host "`"$serviceName`" is already running, no need to start." Write-Host "`"$serviceName`" is already running, no need to start."