44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: 44r0n7:disableservices
Branches Tags
44r0n7:master 44r0n7:defender 44r0n7:panel 44r0n7:macosintel 44r0n7:anims 44r0n7:buildx 44r0n7:dead-urls-1 44r0n7:nvidia-308 44r0n7:services 44r0n7:unrec 44r0n7:capability 44r0n7:moremacos 44r0n7:disableservices
44r0n7:0.13.6 44r0n7:0.13.5 44r0n7:0.13.4 44r0n7:0.13.3 44r0n7:0.13.2 44r0n7:0.13.1 44r0n7:0.13.0 44r0n7:0.12.10 44r0n7:0.12.9 44r0n7:0.12.8 44r0n7:0.12.7 44r0n7:0.12.6 44r0n7:0.12.5 44r0n7:0.12.4 44r0n7:0.12.3 44r0n7:0.12.2 44r0n7:0.12.1 44r0n7:0.12.0 44r0n7:0.11.4 44r0n7:0.11.3 44r0n7:0.11.2 44r0n7:0.11.1 44r0n7:0.11.0 44r0n7:0.10.3 44r0n7:0.10.2 44r0n7:0.10.1 44r0n7:0.10.0 44r0n7:0.9.2 44r0n7:0.9.1 44r0n7:0.9.0 44r0n7:0.8.2 44r0n7:0.8.1 44r0n7:0.8.0 44r0n7:0.7.6 44r0n7:0.7.5 44r0n7:0.7.4 44r0n7:0.7.3 44r0n7:0.7.2 44r0n7:0.7.1 44r0n7:0.7.0 44r0n7:0.6.2 44r0n7:0.6.1 44r0n7:0.6.0 44r0n7:0.5.0 44r0n7:0.4.10 44r0n7:0.4.9 44r0n7:0.4.8 44r0n7:0.4.7 44r0n7:0.4.6 44r0n7:0.4.5 44r0n7:0.4.4 44r0n7:0.4.3 44r0n7:0.4.2 44r0n7:0.4.1 44r0n7:0.4.0 44r0n7:0.3.0 44r0n7:0.2.0 44r0n7:0.1.0
..
compare: 44r0n7:0.11.2
Branches Tags
44r0n7:master 44r0n7:defender 44r0n7:panel 44r0n7:macosintel 44r0n7:anims 44r0n7:buildx 44r0n7:dead-urls-1 44r0n7:nvidia-308 44r0n7:services 44r0n7:unrec 44r0n7:capability 44r0n7:moremacos 44r0n7:disableservices
44r0n7:0.13.6 44r0n7:0.13.5 44r0n7:0.13.4 44r0n7:0.13.3 44r0n7:0.13.2 44r0n7:0.13.1 44r0n7:0.13.0 44r0n7:0.12.10 44r0n7:0.12.9 44r0n7:0.12.8 44r0n7:0.12.7 44r0n7:0.12.6 44r0n7:0.12.5 44r0n7:0.12.4 44r0n7:0.12.3 44r0n7:0.12.2 44r0n7:0.12.1 44r0n7:0.12.0 44r0n7:0.11.4 44r0n7:0.11.3 44r0n7:0.11.2 44r0n7:0.11.1 44r0n7:0.11.0 44r0n7:0.10.3 44r0n7:0.10.2 44r0n7:0.10.1 44r0n7:0.10.0 44r0n7:0.9.2 44r0n7:0.9.1 44r0n7:0.9.0 44r0n7:0.8.2 44r0n7:0.8.1 44r0n7:0.8.0 44r0n7:0.7.6 44r0n7:0.7.5 44r0n7:0.7.4 44r0n7:0.7.3 44r0n7:0.7.2 44r0n7:0.7.1 44r0n7:0.7.0 44r0n7:0.6.2 44r0n7:0.6.1 44r0n7:0.6.0 44r0n7:0.5.0 44r0n7:0.4.10 44r0n7:0.4.9 44r0n7:0.4.8 44r0n7:0.4.7 44r0n7:0.4.6 44r0n7:0.4.5 44r0n7:0.4.4 44r0n7:0.4.3 44r0n7:0.4.2 44r0n7:0.4.1 44r0n7:0.4.0 44r0n7:0.3.0 44r0n7:0.2.0 44r0n7:0.1.0

3 Commits
disableser ... 0.11.2

Author SHA1 Message Date
undergroundwires
c65209e6a9 Unrecommend and complete Windows Push Notif. #101 
- Add more script documentation in code and reference URLs.
- Unrecommend as "Standard" recommend as "Strict" due to lack of
  documentation for its privacy intrusive behavior.
- Add mising WpnUserService for disabling it completely.
 2021-12-03 01:08:55 +01:00
undergroundwires
d2518b11a7 Improve Windows defender docs and errors #104 
- Improve error messages with cause of the problem and suggested solution.
- Document:
  * Disabling `WinDefend` breaks `Set-MpPreference` and Microsoft Store
    (as reported in #104).
  * Document services that `netsh advfirewall` depends on.
- Fix some bad whitespace character in documentation.
 2021-11-27 20:22:18 +01:00
undergroundwires
70cdf3865a Improve and unify disabling of Windows services 
Refactor, unify and improve the logic to to start/stop and
enable/disable services, and also add more documentation.

Rework functions:
  - Unify way of disabling Windows services using templating.
  - Capitalize as `startupMode` (where startup is single word) everywhere.
  - Use also text parameters (automatic, manual..) instead of numeric
    values (2,3...) when providing parameters to any service disable
    function.

Improve documentation:
  - Add reference URLs about disabled services.
  - Add more code documentation for querying status and allowed values.

Logic improvements include:
  - Check if service is running before stopping/starting the service.
  - Do not start the service it's not an Automatic service.
  - Check whether service is already disabled.
  - When reverting, start the service if it has Automatic startup. But
    do not start the service it has different startup (e.g. manual).
    Also starts the service even though start up is configured as
    desired (before it quit before doing service start).

Improve outputs (logs):
  - Remove false-positive error messages.
  - When a service cannot be stopped/start; mention in output that the
    service will be started/stopped after reboot.
  - Show success message once service is enabled/disabled.
  - Fix reboot messages when enabling/disabling services,
  - Do not write stderr if service cannot be stopped/started as it's not
    not the main goal of the function.

Add missing revert code for the ones missing them:
  - Disable diagnostics telemetry
  - Disable Windows Media Player Network Sharing Service

> Function: DisableServiceInRegistry
- Fix not exitting if service does not exist when reverting
- Show success message once service is enabled/disabled
- Fix double "Enabled.." messages
- Fix unintended registry addition

> Function: DisablePerUserService
- Change implementation to call DisableServiceInRegistry.
- Fix both services are skipped if one of them fails.
- Fix reverting a service sets wrong startup mode.
 2021-11-25 21:34:15 +01:00
1 changed files with 321 additions and 206 deletions
Expand all files Collapse all files

527
src/application/collections/windows.yaml
View File

@@ -582,8 +582,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: DiagTrack
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: DiagTrack # Check: (Get-Service -Name DiagTrack).StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
name: Disable WAP push message routing service # Device Management Wireless Application Protocol (WAP) Push message Routing Service
recommend: standard
@@ -591,24 +591,24 @@ actions:
call:
function: DisableService
parameters:
serviceName: dmwappushservice
defaultStartUpMode: Manual # Automatic | Manual
serviceName: dmwappushservice # Check: (Get-Service -Name dmwappushservice).StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Disable diagnostics hub standard collector service # Microsoft (R) Diagnostics Hub Standard Collector
docs: http://batcmd.com/windows/10/services/diagnosticshub-standardcollector-service/
call:
function: DisableService
parameters:
serviceName: diagnosticshub.standardcollector.service
defaultStartUpMode: Manual # Automatic | Manual
serviceName: diagnosticshub.standardcollector.service # Check: (Get-Service -Name diagnosticshub.standardcollector.service).StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Disable diagnostic execution service # Diagnostic Execution Service
docs: http://batcmd.com/windows/10/services/diagsvc/
call:
function: DisableService
parameters:
serviceName: diagsvc
defaultStartUpMode: Manual # Automatic | Manual
serviceName: diagsvc # Check: (Get-Service -Name diagsvc).StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Disable Customer Experience Improvement Program
recommend: standard
@@ -734,13 +734,13 @@ actions:
- # Windows Error Reporting Service
function: DisableService
parameters:
serviceName: wersvc
defaultStartUpMode: Manual # Automatic | Manual
serviceName: wersvc # Check: (Get-Service -Name wersvc).StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
- # Problem Reports Control Panel Support
function: DisableService
parameters:
serviceName: wercplsupport
defaultStartUpMode: Manual # Automatic | Manual
serviceName: wercplsupport # Check: (Get-Service -Name wercplsupport).StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
category: Disable automatic driver updates by Windows Update
children:
@@ -1477,8 +1477,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: WbioSrvc
defaultStartUpMode: Manual # Automatic | Manual
serviceName: WbioSrvc # Check: (Get-Service -Name WbioSrvc).StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Disable Wi-Fi sense
recommend: standard
@@ -1546,8 +1546,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: wisvc
defaultStartUpMode: Manual # Automatic | Manual
serviceName: wisvc # Check: (Get-Service -Name wisvc).StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Do not let Microsoft try features on this build
docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DataCollection::EnableExperimentation
@@ -1705,8 +1705,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: VSStandardCollectorService150
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: VSStandardCollectorService150 # (Get-Service -Name VSStandardCollectorService150).StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
name: Disable NET Core CLI telemetry
recommend: standard
@@ -1930,8 +1930,8 @@ actions:
# -
# function: DisableService
# parameters:
# serviceName: ClickToRunSvc
# defaultStartUpMode: Automatic # Automatic | Manual
# serviceName: ClickToRunSvc # Check: (Get-Service -Name ClickToRunSvc).StartType
# defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
name: Disable Subscription Heartbeat
code: |-
@@ -2126,13 +2126,13 @@ actions:
-
function: DisableService
parameters:
serviceName: gupdate
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: gupdate # Check: (Get-Service -Name gupdate).StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
function: DisableService
parameters:
serviceName: gupdatem
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: gupdatem # Check: (Get-Service -Name gupdatem).StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
name: Disable Adobe Acrobat update service
recommend: standard
@@ -2140,18 +2140,18 @@ actions:
-
function: DisableService
parameters:
serviceName: AdobeARMservice
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: AdobeARMservice # Check: (Get-Service -Name AdobeARMservice).StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
function: DisableService
parameters:
serviceName: adobeupdateservice
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: adobeupdateservice # Check: (Get-Service -Name adobeupdateservice).StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
function: DisableService
parameters:
serviceName: adobeflashplayerupdatesvc
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: adobeflashplayerupdatesvc # Check: (Get-Service -Name adobeflashplayerupdatesvc).StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
function: RunInlineCode
parameters:
@@ -2167,16 +2167,16 @@ actions:
call:
function: DisableService
parameters:
serviceName: Razer Game Scanner Service
defaultStartUpMode: Manual # Automatic | Manual
serviceName: Razer Game Scanner Service # Check: (Get-Service -Name 'Razer Game Scanner Service').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Disable Logitech Gaming Registry Service
recommend: standard
call:
function: DisableService
parameters:
serviceName: LogiRegistryService
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: LogiRegistryService # Check: (Get-Service -Name 'LogiRegistryService').StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
name: Disable Dropbox auto update service
recommend: standard
@@ -2184,13 +2184,13 @@ actions:
-
function: DisableService
parameters:
serviceName: dbupdate
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: dbupdate # Check: (Get-Service -Name 'dbupdate').StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
function: DisableService
parameters:
serviceName: dbupdatem
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: dbupdatem # Check: (Get-Service -Name 'dbupdatem').StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
function: RunInlineCode
parameters:
@@ -2222,8 +2222,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: WMPNetworkSvc
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: WMPNetworkSvc # Check: (Get-Service -Name 'WMPNetworkSvc').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Disable CCleaner Monitoring
code: |-
@@ -2655,9 +2655,45 @@ actions:
children:
-
name: Disable Firewall through command-line utility
# ❗️ Following must be enabled and in running state:
# - mpsdrv (Windows Defender Firewall Authorization Driver)
# - bfe (Base Filtering Engine)
# - mpssvc (Windows Defender Firewall)
# If the dependent services are not running, the script fails with:
# "An error occurred while attempting to contact the Windows Defender Firewall service. Make sure that the service is running and try your request again."
# Requires rebooting after reverting privacy.sexy scripts for the services mpsdrv, mpssvc
docs: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
code: netsh advfirewall set allprofiles state off
revertCode: netsh advfirewall set allprofiles state on
call:
function: RunPowerShell
parameters:
code: |-
if(!(Get-Command 'netsh' -ErrorAction Ignore)) {
throw '"netsh" does not exist, is system installed correctly?'
}
$message=netsh advfirewall set allprofiles state off 2>&1
if($?) {
Write-Host "Successfully disabled firewall."
} else {
if($message -like '*Firewall service*') {
Write-Warning 'Cannot use CLI because MpsSvc or MpsDrv is not running. Try to enable them (revert) -> reboot -> re-run this?'
} else {
throw "Cannot disable: $message"
}
}
revertCode: |-
if(!(Get-Command 'netsh' -ErrorAction Ignore)) {
throw '"netsh" does not exist, is system installed correctly?'
}
$message=netsh advfirewall set allprofiles state on 2>&1
if($?) {
Write-Host "Successfully enabled firewall."
} else {
if($message -like '*Firewall service*') {
Write-Warning 'Cannot use CLI because MpsSvc or MpsDrv is not running. Try to enable them (revert) -> reboot -> re-run this?'
} else {
throw "Cannot enable: $message"
}
}
-
name: Disable Firewall through registry # Lower-level, good in case command-line utility is not available/functioning
docs:
@@ -2724,7 +2760,7 @@ actions:
parameters:
property: DisableBlockAtFirstSeen # Status: Get-MpPreference | Select-Object -Property DisableBlockAtFirstSeen
value: $True # Set: Set-MpPreference -Force -DisableBlockAtFirstSeen $True
default: $False # Default: False (Enabled) | Remove-MpPreference -Force -DisableBlockAtFirstSeen | Set-MpPreference -Force -DisableBlockAtFirstSeen $False
default: $False # Default: False (Enabled) | Remove-MpPreference -Force -DisableBlockAtFirstSeen | Set-MpPreference -Force -DisableBlockAtFirstSeen $False
-
function: RunInlineCode
parameters:
@@ -2829,7 +2865,7 @@ actions:
# 0 = 'Disabled' (default), 1 = 'Enabled', 2 = 'AuditMode'
property: PUAProtection # Status: Get-MpPreference | Select-Object -Property PUAProtection
value: "'0'" # Set: Set-MpPreference -Force -PUAProtection 0
default: "'0'" # Default: 0 (Disabled) | Remove-MpPreference -Force -PUAProtection | Set-MpPreference -Force -PUAProtection 0
default: "'0'" # Default: 0 (Disabled) | Remove-MpPreference -Force -PUAProtection | Set-MpPreference -Force -PUAProtection 0
-
function: RunInlineCode
parameters:
@@ -2851,7 +2887,7 @@ actions:
call:
-
function: RunInlineCodeAsTrustedInstaller # Otherwise we get "ERROR: Access is denied." (>= 20H2)
# ❌ Fails with "ERROR: Access is denied." in Windows 11 21H2 | ✅ Works in Windows 10 >= 20H2
# ❌ Fails with "ERROR: Access is denied." in Windows 11 21H2 | ✅ Works in Windows 10 >= 20H2
parameters:
code: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "4" /f
revertCode: reg delete "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /f 2>nul
@@ -2922,7 +2958,7 @@ actions:
property: DisableRealtimeMonitoring # Status: Get-MpPreference | Select-Object -Property DisableRealtimeMonitoring
value: $True # Set: Set-MpPreference -Force -DisableRealtimeMonitoring $True
# ❌ Windows 11: Does not fail but does not set $True value | ✅ Windows 10: Works as expected
default: $False # Default: False (Enabled) | Remove-MpPreference -Force -DisableRealtimeMonitoring | Set-MpPreference -Force -DisableRealtimeMonitoring $False
default: $False # Default: False (Enabled) | Remove-MpPreference -Force -DisableRealtimeMonitoring | Set-MpPreference -Force -DisableRealtimeMonitoring $False
-
function: RunInlineCode
@@ -3452,7 +3488,7 @@ actions:
property: DisableScriptScanning # Status: Get-MpPreference | Select-Object -Property DisableScriptScanning
value: $True # Set: Set-MpPreference -Force -DisableScriptScanning $True
# ❌ Windows 11: Does not fail but does not set $True value | ✅ Windows 10: Works as expected
default: $False # Default: False | Remove-MpPreference -Force -DisableScriptScanning | Set-MpPreference -Force -DisableScriptScanning $False
default: $False # Default: False | Remove-MpPreference -Force -DisableScriptScanning | Set-MpPreference -Force -DisableScriptScanning $False
-
name: Disable reparse point scanning
docs: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Scan_DisableReparsePointScanning
@@ -3578,7 +3614,7 @@ actions:
parameters:
property: ScanScheduleDay # Status: Get-MpPreference | Select-Object -Property ScanScheduleDay
value: "'8'" # Set: Set-MpPreference -Force -ScanScheduleDay '8'
default: "'0'" # Default: 0 (Every Day) | Remove-MpPreference -Force -ScanScheduleDay | Set-MpPreference -Force -ScanScheduleDay '0'
default: "'0'" # Default: 0 (Every Day) | Remove-MpPreference -Force -ScanScheduleDay | Set-MpPreference -Force -ScanScheduleDay '0'
-
name: Disable randomizing scheduled task times
docs:
@@ -3597,7 +3633,7 @@ actions:
parameters:
property: RandomizeScheduleTaskTimes # Status: Get-MpPreference | Select-Object -Property RandomizeScheduleTaskTimes
value: $False # Set: Set-MpPreference -Force -RandomizeScheduleTaskTimes $False
default: $True # Default: True | Remove-MpPreference -Force -RandomizeScheduleTaskTimes | Set-MpPreference -Force -RandomizeScheduleTaskTimes $True
default: $True # Default: True | Remove-MpPreference -Force -RandomizeScheduleTaskTimes | Set-MpPreference -Force -RandomizeScheduleTaskTimes $True
-
name: Disable scheduled full-scans
docs:
@@ -3670,7 +3706,7 @@ actions:
parameters:
property: SignatureUpdateCatchupInterval # Status: Get-MpPreference | Select-Object -Property SignatureUpdateCatchupInterval
value: "'0'" # Set: Set-MpPreference -Force -SignatureUpdateCatchupInterval '0'
default: "'1'" # Default: 1 | Remove-MpPreference -Force -SignatureUpdateCatchupInterval | Set-MpPreference -Force -SignatureUpdateCatchupInterval '1'
default: "'1'" # Default: 1 | Remove-MpPreference -Force -SignatureUpdateCatchupInterval | Set-MpPreference -Force -SignatureUpdateCatchupInterval '1'
-
name: Limit spyware security intelligence (signature) updates # default is one day, recommended is 7 days
# Maximize period when spyware security intelligence (signature) is considered up-to-dates
@@ -3705,7 +3741,7 @@ actions:
parameters:
property: SignatureDisableUpdateOnStartupWithoutEngine # Status: Get-MpPreference | Select-Object -Property SignatureDisableUpdateOnStartupWithoutEngine
value: $True # Set: Set-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine $True
default: $False # Default: False | Remove-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine | Set-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine $False
default: $False # Default: False | Remove-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine | Set-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine $False
-
name: Disable automatically checking security intelligence (signature) updates # Already disabled by default
docs:
@@ -3774,7 +3810,7 @@ actions:
# ❌ Not generally supported on Windows (before 4.18.2106.5 Defender platform)
property: DisableGradualRelease # Status: Get-MpPreference | Select-Object -Property DisableGradualRelease
value: $True # Set: Set-MpPreference -Force -DisableGradualRelease $True
default: $False # Default: False | Remove-MpPreference -Force -DisableGradualRelease
default: $False # Default: False | Remove-MpPreference -Force -DisableGradualRelease
-
name: Limit Defender engine updates to those that complete gradual release cycle
@@ -3805,7 +3841,7 @@ actions:
# Valid values:
# 0 = 'NotConfigured' (default), 'Beta', 'Broad', 'Preview', 'Staged'
# ❌ Windows 11 21H2 supports only 'NotConfigured', 'Beta', 'Preview' but not 'Broad', 'Staged'
default: "'NotConfigured'" # Default: 0 (NotConfigured) | Remove-MpPreference -Force -PlatformUpdatesChannel | Set-MpPreference -Force -PlatformUpdatesChannel "'NotConfigured'"
default: "'NotConfigured'" # Default: 0 (NotConfigured) | Remove-MpPreference -Force -PlatformUpdatesChannel | Set-MpPreference -Force -PlatformUpdatesChannel "'NotConfigured'"
-
name: Limit Defender definition updates to those that complete gradual release cycle
docs:
@@ -3820,7 +3856,7 @@ actions:
value: "'Broad'" # Set: Set-MpPreference -Force -DefinitionUpdatesChannel 'Broad'
# 0 = 'NotConfigured' (default), 'Beta', Preview' 'Broad', 'Staged'
# ❌ Windows 11 21H2 supports only 'NotConfigured', 'Beta', 'Preview' but not 'Broad', 'Staged'
default: "'NotConfigured'" # Default: 0 (NotConfigured) | Remove-MpPreference -Force -DefinitionUpdatesChannel | Set-MpPreference -Force -DefinitionUpdatesChannel "'NotConfigured'"
default: "'NotConfigured'" # Default: 0 (NotConfigured) | Remove-MpPreference -Force -DefinitionUpdatesChannel | Set-MpPreference -Force -DefinitionUpdatesChannel "'NotConfigured'"
-
category: Disable Windows Defender reporting
children:
@@ -4088,20 +4124,48 @@ actions:
# 2. Some cannot be disabled even using DisableServiceInRegistry, must be disabled as TrustedInstaller using RunInlineCodeAsTrustedInstaller
children:
-
name: Disable Windows Defender Firewall service
docs: http://batcmd.com/windows/10/services/mpssvc/
name: Disable Windows Defender Firewall service (breaks Microsoft Store and `netsh advfirewall` CLI)
docs:
- http://batcmd.com/windows/10/services/mpssvc/
- https://en.wikipedia.org/wiki/Windows_Firewall
# More information about MpsSvc:
- https://web.archive.org/web/20110203202612/http://technet.microsoft.com/en-us/library/dd364391(v=WS.10).aspx
# More information about boot time protection and stopping the firewall service:
- https://web.archive.org/web/20110131034058/http://blogs.technet.com:80/b/networking/archive/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy.aspx
# Stopping the service associated with Windows Firewall is not supported by Microsoft:
- https://web.archive.org/web/20121106033255/http://technet.microsoft.com/en-us/library/cc753180.aspx
# ❗️ Breaks Microsoft Store
# Can no longer update nor install apps, they both fail with 0x80073D0A
# Also breaks some of Store apps such as Photos:
# - https://answers.microsoft.com/en-us/windows/forum/all/microsoft-store-windows-defender-windows-firewall/f2f68cd7-64ec-4fe1-ade4-9d12cde057f9
# - https://github.com/undergroundwires/privacy.sexy/issues/104#issuecomment-962651791
# > The MpsSvc service host much more functionality than just windows firewall. For instance, Windows
# Service hardening which is a windows protection of system services. It also host network isolatio
# which is a crucial part of the confidence model for Windows Store based applications. 3rd party firewalls
# know this fact and instead of disabling the firewall service they coordinate through public APIs with Windows
# Firewall so that they can have ownership of the firewall policies of the computer. Hence you do not have to do
# anything special once you install a 3rd party security product.
# Source: https://www.walkernews.net/2012/09/23/how-to-fix-windows-store-app-update-error-code-0x80073d0a/
# ❗️ Breaks: `netsh advfirewall set`
# Disabling and stopping it breaks "netsh advfirewall set" commands such as
# `netsh advfirewall set allprofiles state on`, `netsh advfirewall set allprofiles state off`.
# More about `netsh firewall` context: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
call:
-
function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config
parameters:
serviceName: MpsSvc
defaultStartUpMode: 2 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled
serviceName: MpsSvc # Check: (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\MpsSvc").Start
defaultStartupMode: Automatic # Alowed values: Boot | System | Automatic | Manual
-
function: RenameSystemFile
parameters:
filePath: '%WinDir%\system32\mpssvc.dll'
-
name: Disable Windows Defender Antivirus service
# ❗️ Breaks `Set-MpPreference` PowerShell cmdlet that helps to manage Defender
# E.g. `Set-MpPreference -Force -MAPSReporting 0` throws:
# `Set-MpPreference: Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference.`
# `Target: MAPS_MAPSReporting. FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference`
docs: http://batcmd.com/windows/10/services/windefend/
call:
-
@@ -4117,14 +4181,19 @@ actions:
category: Disable kernel-level Windows Defender drivers
children:
-
name: Disable Windows Defender Firewall Authorization Driver service
docs: http://batcmd.com/windows/10/services/mpsdrv/
name: Disable Windows Defender Firewall Authorization Driver service (breaks `netsh advfirewall` CLI)
docs:
- http://batcmd.com/windows/10/services/mpsdrv/
# ❗️ Breaks: `netsh advfirewall set`
# Disabling and stopping it breaks "netsh advfirewall set" commands such as
# `netsh advfirewall set allprofiles state on`, `netsh advfirewall set allprofiles state off`.
# More about `netsh firewall` context: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
call:
-
function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config
parameters:
serviceName: mpsdrv
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled
serviceName: mpsdrv # Check: (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\mpsdrv").Start
defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
-
function: RenameSystemFile
parameters:
@@ -4206,8 +4275,8 @@ actions:
-
function: DisableServiceInRegistry # We must disable it on registry level, "Access is denied" for sc config
parameters:
serviceName: SenseAutomatic
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled
serviceName: Sense # Check: (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Sense").Start
defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
-
function: RenameSystemFile
parameters:
@@ -4350,8 +4419,8 @@ actions:
-
function: DisableService
parameters:
serviceName: UsoSvc
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: UsoSvc # Check: (Get-Service -Name 'UsoSvc').StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
category: UI for privacy
children:
@@ -4530,8 +4599,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: DoSvc
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: DoSvc # Check: (Get-Service -Name 'DoSvc').StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
name: Microsoft Windows Live ID Service
recommend: standard
@@ -4539,8 +4608,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: wlidsvc
defaultStartUpMode: Manual # Automatic | Manual
serviceName: wlidsvc # Check: (Get-Service -Name 'wlidsvc').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Program Compatibility Assistant Service
recommend: standard
@@ -4548,8 +4617,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: PcaSvc
defaultStartUpMode: Manual # Automatic | Manual
serviceName: PcaSvc # Check: (Get-Service -Name 'PcaSvc').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Downloaded Maps Manager
recommend: standard
@@ -4557,8 +4626,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: MapsBroker
defaultStartUpMode: Automatic # Automatic | Manual
serviceName: MapsBroker # Check: (Get-Service -Name 'MapsBroker').StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
-
name: Microsoft Retail Demo experience
recommend: standard
@@ -4566,57 +4635,89 @@ actions:
call:
function: DisableService
parameters:
serviceName: RetailDemo
defaultStartUpMode: Manual # Automatic | Manual
serviceName: RetailDemo # Check: (Get-Service -Name 'RetailDemo').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
category: Mail, contact, calendar and user data synchronization
children:
-
name: User Data Storage (UnistoreSvc) Service
docs: http://batcmd.com/windows/10/services/unistoresvc/
recommend: strict
call:
function: DisablePerUserService
parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_*").Start
serviceName: UnistoreSvc
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled
defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
-
name: Sync Host (OneSyncSvc) Service Service
docs: http://batcmd.com/windows/10/services/onesyncsvc/
recommend: strict
call:
function: DisablePerUserService
parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*").Start
serviceName: OneSyncSvc
defaultStartUpMode: 2 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled
defaultStartupMode: Automatic # Alowed values: Boot | System | Automatic | Manual
-
name: Contact data indexing
docs: http://batcmd.com/windows/10/services/pimindexmaintenancesvc/
call:
function: DisablePerUserService
parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_*").Start
serviceName: PimIndexMaintenanceSvc
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled
defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
-
name: App user data access
docs: http://batcmd.com/windows/10/services/userdatasvc/
call:
function: DisablePerUserService
parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc_*").Start
serviceName: UserDataSvc
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled
defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
-
name: Text messaging
docs: http://batcmd.com/windows/10/services/messagingservice/
call:
function: DisablePerUserService
parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\MessagingService").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\MessagingService_*").Start
serviceName: MessagingService
defaultStartUpMode: 3 # 0: Boot | 1: System | 2: Automatic | 3: Manual | 4: Disabled
defaultStartupMode: Manual # Alowed values: Boot | System | Automatic | Manual
-
name: Windows Push Notification Service
recommend: standard
docs: https://en.wikipedia.org/w/index.php?title=Windows_Push_Notification_Service&oldid=1012335551#Privacy_Issue
# Hosts Windows notification platform, which provides support for local and push notifications.
# While connected to a VPN that disallows Split Tunneling, the WpnUserService_[unique ID] process bypasses the tunnel
# connecting directly to Microsoft. This behavior will reveal the real IP address of the host. This can be observed with
# the Windows Resource Monitor.
recommend: strict
docs:
- https://en.wikipedia.org/w/index.php?title=Windows_Push_Notification_Service&oldid=1012335551#Privacy_Issue
# System-wide service:
- http://batcmd.com/windows/10/services/wpnservice/
# Per-user service:
- http://batcmd.com/windows/10/services/wpnuserservice/
call:
function: DisableService
parameters:
serviceName: WpnService
defaultStartUpMode: Automatic # Automatic | Manual
- # Windows Push Notifications System Service
function: DisableService
parameters:
serviceName: WpnService # Check: (Get-Service -Name 'WpnService').StartType
defaultStartupMode: Automatic # Allowed values: Automatic | Manual
- # Windows Push Notifications User Service
function: DisablePerUserService
parameters:
# Check (system-wide): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService").Start
# Check (per-user): (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_*").Start
serviceName: WpnUserService
defaultStartupMode: Automatic # Alowed values: Boot | System | Automatic | Manual
-
category: Disable Xbox services
children:
@@ -4626,24 +4727,24 @@ actions:
call:
function: DisableService
parameters:
serviceName: XblAuthManager
defaultStartUpMode: Manual # Automatic | Manual
serviceName: XblAuthManager # Check: (Get-Service -Name 'XblAuthManager').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Xbox Live Game Save
recommend: standard
call:
function: DisableService
parameters:
serviceName: XblGameSave
defaultStartUpMode: Manual # Automatic | Manual
serviceName: XblGameSave # Check: (Get-Service -Name 'XblGameSave').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Xbox Live Networking Service
recommend: standard
call:
function: DisableService
parameters:
serviceName: XboxNetApiSvc
defaultStartUpMode: Manual # Automatic | Manual
serviceName: XboxNetApiSvc # Check: (Get-Service -Name 'XboxNetApiSvc').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Disable Volume Shadow Copy Service (breaks System Restore and Windows Backup) # Also known as • Volume Snapshot Service • VSS • VSC
recommend: strict
@@ -4653,8 +4754,8 @@ actions:
call:
function: DisableService
parameters:
serviceName: VSS
defaultStartUpMode: Manual # Automatic | Manual
serviceName: VSS # Check: (Get-Service -Name 'VSS').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
name: Disable NetBios for all interfaces
docs:
@@ -6337,53 +6438,22 @@ functions:
PowerShell -ExecutionPolicy Unrestricted -Command "{{ . | inlinePowerShell | escapeDoubleQuotes }}"
{{ end }}
-
name: DisablePerUserService # https://docs.microsoft.com/en-us/windows/application-management/per-user-services-in-windows
name: DisablePerUserService
parameters:
- name: serviceName
- name: defaultStartUpMode
- name: defaultStartupMode # Alowed values: Boot | System | Automatic | Manual
# More about per-user services: https://docs.microsoft.com/en-us/windows/application-management/per-user-services-in-windows
call:
function: RunPowerShell
parameters:
code: |-
$serviceQueries = @('{{ $serviceName }}', '{{ $serviceName }}_*')
foreach ($serviceQuery in $serviceQueries) {
$service = Get-Service -Name $serviceQuery -ErrorAction Ignore
if(!$service) {
Write-Host "Service `"$serviceQuery`" is not found, no action is needed"
continue
}
$name = $service.Name
Stop-Service $name -ErrorAction SilentlyContinue
if($?) {
Write-Host "Stopped `"$name`""
} else {
Write-Warning "Could not stop `"$name`""
}
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$name"
if(Test-Path $regKey) {
Set-ItemProperty $regKey -Name Start -Value 4 -Force
Write-Host "Disabled `"$name`""
} else {
Write-Host "Service is not registered at Windows startup, no action is needed."
}
}
revertCode: |-
$serviceQueries = @('{{ $serviceName }}', '{{ $serviceName }}_*')
foreach ($serviceQuery in $serviceQueries) {
$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue
if(!$service) {
Write-Warning "Service `"$serviceQuery`" not found"
continue
}
$name = $service.Name
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$name"
if(Test-Path $regKey) {
Set-ItemProperty $regKey -Name Start -Value 0 -Force
Write-Host "Enabled `"$name`", may require restarting your computer."
} else {
Write-Error "Registry key at `"$regKey`" does not exist"
}
}
- # System-wide variant: every per-user service has also system-wide counterpart with same default startup mode
function: DisableServiceInRegistry
parameters:
serviceName: '{{ $serviceName }}'
defaultStartupMode: '{{ $defaultStartupMode }}'
- # Per-user variant
function: DisableServiceInRegistry
parameters:
serviceName: '{{ $serviceName }}_*'
defaultStartupMode: '{{ $defaultStartupMode }}'
-
name: RunInlineCode
parameters:
@@ -6520,60 +6590,103 @@ functions:
name: DisableServiceInRegistry
parameters:
- name: serviceName
- name: defaultStartUpMode
- name: defaultStartupMode # Allowed values: Boot | System | Automatic | Manual
call:
function: RunPowerShell
parameters:
code: |- # We do registry way because GUI, "sc config" or "Set-Service" won't not work
$serviceName = '{{ $serviceName }}'
$service = Get-Service -Name $serviceName -ErrorAction Ignore
$serviceQuery = '{{ $serviceName }}'
# -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue
if(!$service) {
Write-Host "Service `"$serviceName`" is not found, no action is needed"
exit 0
Write-Host "Service query `"$serviceQuery`" did not yield any results, no need to disable it."
Exit 0
}
$name = $service.Name
Stop-Service $name -Force -ErrorAction SilentlyContinue
if($?) {
Write-Host "Stopped `"$name`""
} else {
Write-Warning "Could not stop `"$name`""
}
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$name"
if(Test-Path $regKey) {
if( $(Get-ItemProperty -Path "$regKey").Start -eq 4) {
Write-Host "Service `"$name`" is already disabled, no action is needed"
} else {
Set-ItemProperty $regKey -Name Start -Value 4 -Force
Write-Host "Disabled `"$name`""
$serviceName = $service.Name
Write-Host "Disabling service: `"$serviceName`"."
# -- 2. Stop if running
if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$serviceName`" is running, trying to stop it."
try {
Stop-Service -Name "$serviceName" -Force -ErrorAction Stop
Write-Host "Stopped `"$serviceName`" successfully."
} catch {
Write-Warning "Could not stop `"$serviceName`", it will be stopped after reboot: $_"
}
} else {
Write-Host "Service is not registered at Windows startup, no action is needed."
Write-Host "`"$serviceName`" is not running, no need to stop."
}
# -- 3. Skip if service info is not found in registry
$registryKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"
if(!(Test-Path $registryKey)) {
Write-Host "`"$registryKey`" is not found in registry, cannot enable it."
Exit 0
}
# -- 4. Skip if already disabled
if( $(Get-ItemProperty -Path "$registryKey").Start -eq 4) {
Write-Host "`"$serviceName`" is already disabled from start, no further action is needed."
Exit 0
}
# -- 5. Disable service
try {
Set-ItemProperty $registryKey -Name Start -Value 4 -Force -ErrorAction Stop
Write-Host "Disabled `"$serviceName`" successfully."
} catch {
Write-Error "Could not disable `"$serviceName`": $_"
}
revertCode: |-
$serviceName = '{{ $serviceName }}'
$defaultStartUpMode = '{{ $defaultStartUpMode }}'
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
$serviceQuery = '{{ $serviceName }}'
$defaultStartupMode = '{{ $defaultStartupMode }}'
# -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue
if(!$service) {
Write-Warning "Service `"$serviceName`" not found"
continue
Write-Warning "Service query `"$serviceQuery`" did not yield and results, cannot enable it."
Exit 1
}
$name = $service.Name
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$name"
if(Test-Path $regKey) {
if( $(Get-ItemProperty -Path "$regKey").Start -eq $defaultStartUpMode) {
Write-Host "Service $serviceName already enabled"
} else {
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName" -Name Start -Value $defaultStartUpMode
Write-Host "Enabled service $serviceName (requires reboot)"
}
Set-ItemProperty $regKey -Name Start -Value 0 -Force
Write-Host "Enabled `"$name`", may require restarting your computer."
$serviceName = $service.Name
Write-Host "Enabling service: `"$serviceName`" with `"$defaultStartupMode`" start."
# -- 2. Skip if service info is not found in registry
$registryKey = "HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"
if(!(Test-Path $registryKey)) {
Write-Warning "`"$registryKey`" is not found in registry, cannot enable it."
Exit 1
}
# -- 3. Enable if not already enabled
$defaultStartupRegValue = `
if ($defaultStartupMode -eq 'Boot') { '0' } `
elseif($defaultStartupMode -eq 'System') { '1' } `
elseif($defaultStartupMode -eq 'Automatic') { '2' } `
elseif($defaultStartupMode -eq 'Manual') { '3' } `
else { throw "Unknown start mode: $defaultStartupMode"}
if( $(Get-ItemProperty -Path "$registryKey").Start -eq $defaultStartupRegValue) {
Write-Host "`"$serviceName`" is already enabled with `"$defaultStartupMode`" start."
} else {
Write-Error "Registry key at `"$regKey`" does not exist"
try {
Set-ItemProperty $registryKey -Name Start -Value $defaultStartupRegValue -Force
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartupMode`" start, may require restarting your computer."
} catch {
Write-Error "Could not enable `"$serviceName`": $_"
Exit 1
}
}
# -- 4. Start if not running (must be enabled first)
if($defaultStartupMode -eq 'Automatic') {
if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$serviceName`" is not running, trying to start it."
try {
Start-Service $serviceName -ErrorAction Stop
Write-Host "Started `"$serviceName`" successfully."
} catch {
Write-Warning "Could not start `"$serviceName`", requires restart, it will be started after reboot.`r`n$_"
}
} else {
Write-Host "`"$serviceName`" is already running, no need to start."
}
}
-
name: SetMpPreference
# Configures preferences for Windows Defender scans and updates.
# ❗️ Requires "WinDefend" service in running state, otherwise fails
parameters:
- name: property
- name: value
@@ -6621,8 +6734,8 @@ functions:
Write-Host "Successfully set `"$propertyName`" to `"$value`"."
exit 0
} catch {
if ($_.FullyQualifiedErrorId -like '*0x800106ba*') {
Write-Warning "Cannot $($command.Name): Defender is not running. Try to enable it (revert) -> reboot -> re-run this?"
if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') {
Write-Warning "Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"
exit 0
} elseif (($_ | Out-String) -like '*Cannot convert*') {
Write-Host "Skipping. Argument `"$value`" for property `"$propertyName`" is not supported for `"$($command.Name)`"."
@@ -6669,7 +6782,7 @@ functions:
exit 0
} catch {
if ($_.FullyQualifiedErrorId -like '*0x800106ba*') {
Write-Warning "Cannot $($command.Name): Defender is not running. Try to enable it (revert) -> reboot -> re-run this?"
Write-Warning "Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"
} else {
Write-Error "Failed to set using $($command.Name): $_"
}
@@ -6692,7 +6805,7 @@ functions:
exit 0
} catch {
if ($_.FullyQualifiedErrorId -like '*0x800106ba*') {
Write-Warning "Cannot $($command.Name): Defender is not running. Try to enable it (revert) -> reboot -> re-run this?"
Write-Warning "Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"
} else {
Write-Error "Failed to set using $($command.Name): $_"
}
@@ -6701,15 +6814,15 @@ functions:
name: DisableService
parameters:
- name: serviceName
- name: defaultStartUpMode # Allowed values: Automatic | Manual
- name: defaultStartupMode # Allowed values: Automatic | Manual
call:
function: RunPowerShell
# Careful with Set-Service cmdlet:
# 1. It exits with positive code even if service is disabled
# 2. It had breaking API change for -StartupMode parameter:
# 2. It had breaking API change for `-StartupMode` parameter:
# Powershell >= 6.0 : Automatic, AutomaticDelayedStart, Disabled, InvalidValue, Manual
# PowerShell <= 5 : Boot, System, Automatic, Manual, Disabled
# "Disabled", "Automatic" and "Manual" are only consistent ones.
# So "Disabled", "Automatic" and "Manual" are only consistent ones.
# Read more:
# https://github.com/PowerShell/PowerShell/blob/v7.2.0/src/Microsoft.PowerShell.Commands.Management/commands/management/Service.cs#L2966-L2978
# https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/set-service?view=powershell-7.1
@@ -6717,15 +6830,15 @@ functions:
code: |-
$serviceName = '{{ $serviceName }}'
Write-Host "Disabling service: `"$serviceName`"."
# -- Skip if service does not exist
# -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
if(!$service) {
Write-Host "Service `"$serviceName`" could not be not found, no need to disable it."
Exit 0
}
# -- Stop if running
# -- 2. Stop if running
if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$servicename`" is running, trying to stop it."
Write-Host "`"$serviceName`" is running, stopping it."
try {
Stop-Service -Name "$serviceName" -Force -ErrorAction Stop
Write-Host "Stopped `"$serviceName`" successfully."
@@ -6735,7 +6848,8 @@ functions:
} else {
Write-Host "`"$serviceName`" is not running, no need to stop."
}
# -- Skip if already disabled
# -- 3. Skip if already disabled
$startupType = $service.StartType # Does not work before .NET 4.6.1
if(!$startupType) {
$startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode
@@ -6746,7 +6860,7 @@ functions:
if($startupType -eq 'Disabled') {
Write-Host "$serviceName is already disabled, no further action is needed"
}
# -- Disable service
# -- 4. Disable service
try {
Set-Service -Name "$serviceName" -StartupType Disabled -Confirm:$false -ErrorAction Stop
Write-Host "Disabled `"$serviceName`" successfully."
@@ -6755,14 +6869,15 @@ functions:
}
revertCode: |-
$serviceName = '{{ $serviceName }}'
$defaultStartUpMode = '{{ $defaultStartUpMode }}'
Write-Host "Enabling service: `"$serviceName`" with `"$defaultStartUpMode`" start."
# -- Skip if service does not exist
$defaultStartupMode = '{{ $defaultStartupMode }}'
Write-Host "Enabling service: `"$serviceName`" with `"$defaultStartupMode`" start."
# -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
if(!$service) {
throw "Service `"$serviceName`" could not be not found, cannot enable it."
Write-Warning "Service `"$serviceName`" could not be not found, cannot enable it."
Exit 1
}
# -- Skip if already enabled
# -- 2. Enable or skip if already enabled
$startupType = $service.StartType # Does not work before .NET 4.6.1
if(!$startupType) {
$startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode
@@ -6770,26 +6885,26 @@ functions:
$startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='$serviceName'" -ErrorAction Ignore).StartMode
}
}
if($startupType -eq "$defaultStartUpMode") {
if($startupType -eq "$defaultStartupMode") {
Write-Host "`"$serviceName`" is already enabled with `"$defaultStartupMode`" start, no further action is needed."
Exit 0
} else {
try {
Set-Service -Name "$serviceName" -StartupType "$defaultStartupMode" -Confirm:$false -ErrorAction Stop
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartupMode`" start, may require restarting your computer."
} catch {
Write-Error "Could not enable `"$serviceName`": $_"
Exit 1
}
}
# -- Enable service
try {
Set-Service -Name "$serviceName" -StartupType "$defaultStartUpMode" -Confirm:$false -ErrorAction Stop
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartUpMode`" start."
} catch {
Write-Error "Could not enable `"$serviceName`": $_"
}
# -- Start if not running (must done after enabling)
if($defaultStartUpMode -eq 'Automatic') {
# -- 4. Start if not running (must be enabled first)
if($defaultStartupMode -eq 'Automatic') {
if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$serviceName`" is not running, trying to start it"
Write-Host "`"$serviceName`" is not running, starting it."
try {
Start-Service $serviceName -ErrorAction Stop
Write-Host "Started `"$serviceName`" successfully."
} catch {
Write-Warning "Could not start `"$serviceName`", it will be stopped after reboot.`r`n$_"
Write-Warning "Could not start `"$serviceName`", requires restart, it will be started after reboot.`r`n$_"
}
} else {
Write-Host "`"$serviceName`" is already running, no need to start."