473 lines
32 KiB
PowerShell
473 lines
32 KiB
PowerShell
# Enable debugging
|
|
#Set-PSDebug -Trace 1
|
|
|
|
param (
|
|
[ValidatePattern('^[c-zC-Z]:?$|^[a-zA-Z]:\\.*$')]
|
|
[string]$ScratchDisk,
|
|
[string]$imageindex,
|
|
[switch]$UseSetupTemplate
|
|
)
|
|
|
|
$needchange = @("AllSigned", "Restricted", "Undefined")
|
|
$curpolicy = Get-ExecutionPolicy
|
|
if ($curpolicy -in $needchange) {
|
|
Write-Host "Your current PowerShell Execution Policy is set to $curpolicy, which prevents scripts from running. Do you want to change it to RemoteSigned? (yes/no)"
|
|
$response = Read-Host
|
|
if ($response -eq 'yes') {
|
|
Set-ExecutionPolicy RemoteSigned -Scope Process -Confirm:$false
|
|
} else {
|
|
Write-Host "The script cannot be run without changing the execution policy. Exiting..."
|
|
exit
|
|
}
|
|
}
|
|
|
|
# Check and run the script as admin if required
|
|
$adminSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
|
|
$adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount])
|
|
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
|
|
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
|
|
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
|
|
if (! $myWindowsPrincipal.IsInRole($adminRole))
|
|
{
|
|
Write-Host "Restarting Tiny10 Core image creator as admin in a new window, you can close this one."
|
|
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
|
|
$argString = "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`""
|
|
if ($ScratchDisk) { $argString += " -ScratchDisk `"$ScratchDisk`"" }
|
|
if ($imageindex) { $argString += " -imageindex `"$imageindex`"" }
|
|
if ($UseSetupTemplate) { $argString += " -UseSetupTemplate" }
|
|
$newProcess.Arguments = $argString;
|
|
$newProcess.Verb = "runas";
|
|
[System.Diagnostics.Process]::Start($newProcess);
|
|
exit
|
|
}
|
|
Start-Transcript -Path "$PSScriptRoot\tiny10core.log"
|
|
# Ask the user for input
|
|
Write-Host "Welcome to tiny10 core builder! BETA 07-16-25"
|
|
Write-Host "This script generates a significantly reduced Windows 10 image. However, it's not suitable for regular use due to its lack of serviceability - you can't add languages, updates, or features post-creation. tiny10 Core is not a full Windows 10 substitute but a rapid testing or development tool, potentially useful for VM environments."
|
|
Write-Host "Do you want to continue? (y/n)"
|
|
$userInput = Read-Host
|
|
|
|
if ($userInput -eq 'y') {
|
|
Write-Host "Off we go..."
|
|
Start-Sleep -Seconds 3
|
|
Clear-Host
|
|
|
|
if (-not $ScratchDisk) {
|
|
$ScratchDisk = Join-Path $PSScriptRoot 'working'
|
|
} else {
|
|
if ($ScratchDisk -match '^[a-zA-Z]:?$') {
|
|
$ScratchDisk = $ScratchDisk[0] + ':'
|
|
}
|
|
}
|
|
Write-Output "Scratch disk set to $ScratchDisk"
|
|
$setupMediaTemplatePath = "$PSScriptRoot\setup-media-template"
|
|
New-Item -ItemType Directory -Force -Path "$ScratchDisk\tiny10\sources" >null
|
|
$DriveLetter = Read-Host "Please enter the drive letter for the Windows 10 image"
|
|
$DriveLetter = $DriveLetter + ":"
|
|
|
|
if ((-not $UseSetupTemplate -and (Test-Path "$DriveLetter\sources\boot.wim") -eq $false) -or (Test-Path "$DriveLetter\sources\install.wim") -eq $false) {
|
|
if ((Test-Path "$DriveLetter\sources\install.esd") -eq $true) {
|
|
Write-Host "The Windows 10 image is in ESD format. Converting to WIM..."
|
|
$esdIndex = if ($imageindex) { $imageindex } else { '6' }
|
|
& 'dism' '/English' '/export-image' "/sourceimagefile:$DriveLetter\sources\install.esd" "/sourceindex:$esdIndex" "/destinationimagefile:$DriveLetter\sources\install.wim" '/compress:lzx' '/checkintegrity'
|
|
Write-Host "Conversion complete!"
|
|
Write-Host "Deleting ESD file..."
|
|
Remove-Item "$DriveLetter\sources\install.esd"
|
|
Write-Host "ESD file deleted."
|
|
} else {
|
|
Write-Host "Can't find Windows 10 installation files in the specified Drive Letter.."
|
|
Write-Host "Please enter the correct drive letter."
|
|
exit
|
|
}
|
|
}
|
|
|
|
Write-Host "Mounting Windows 10 image. This may take a while."
|
|
$wimFilePath = "$DriveLetter\sources\install.wim"
|
|
& 'dism' '/English' '/mount-image' "/imagefile:$wimFilePath" '/index:1' "/mountdir:$ScratchDisk\scratchdir"
|
|
|
|
if ($LASTEXITCODE -eq 87) {
|
|
Write-Host "Invalid index. Trying with index 6..."
|
|
& 'dism' '/English' '/mount-image' "/imagefile:$wimFilePath" '/index:6' "/mountdir:$ScratchDisk\scratchdir"
|
|
}
|
|
|
|
$imageInfo = & 'dism' '/English' '/get-imageinfo' "/imagefile:$wimFilePath"
|
|
$indexNumber = ($imageInfo | Select-String "Index : 1" -Context 0, 10 | ForEach-Object { $_.Context.PostContext[2] }) -replace "Name : ", ""
|
|
|
|
if ([string]::IsNullOrEmpty($indexNumber)) {
|
|
Write-Host "Please enter the image index manually"
|
|
$indexNumber = Read-Host "Image Index Number"
|
|
& 'dism' '/English' '/mount-image' "/imagefile:$wimFilePath" "/index:$indexNumber" "/mountdir:$ScratchDisk\scratchdir"
|
|
}
|
|
|
|
Write-Host "Mounting complete! Performing removal of applications..."
|
|
|
|
$packages = & 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/get-packages' | findstr "Package Identity"
|
|
$packageNames = $packages -replace "Package Identity : ", ""
|
|
|
|
Write-Host "Removing Edge:"
|
|
$packageNames | Where-Object {$_ -like "*MicrosoftEdge*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Internet Explorer:"
|
|
$packageNames | Where-Object {$_ -like "*Internet-Explorer*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Media Player:"
|
|
$packageNames | Where-Object {$_ -like "*Media.WindowsMediaPlayer*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Tablet PC Math:"
|
|
$packageNames | Where-Object {$_ -like "*TabletPCMath*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Wallpapers:"
|
|
$packageNames | Where-Object {$_ -like "*Wallpaper*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Accessibility Support:"
|
|
$packageNames | Where-Object {$_ -like "*Accessibility*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Language Resources:"
|
|
$packageNames | Where-Object {$_ -like "*Language*" -and $_ -notlike "*en-US*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Speech:"
|
|
$packageNames | Where-Object {$_ -like "*Speech*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing TTS:"
|
|
$packageNames | Where-Object {$_ -like "*TTS*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Printing-XPSServices:"
|
|
$packageNames | Where-Object {$_ -like "*Printing-XPSServices*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing MSRDC-Infrastructure:"
|
|
$packageNames | Where-Object {$_ -like "*MSRDC-Infrastructure*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing Defender features:"
|
|
$packageNames | Where-Object {$_ -like "*Windows-Defender*"} | ForEach-Object {
|
|
$packageName = $_
|
|
Write-Host "Removing package: $packageName"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/remove-package' "/packagename:$packageName" '/quiet'
|
|
}
|
|
|
|
Write-Host "Removing App Runtime:"
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/disable-feature' '/featurename:NetFx4-AdvSrvs' '/quiet'
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/disable-feature' '/featurename:Printing-Foundation-Features' '/quiet'
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/disable-feature' '/featurename:Printing-PrintToPDFServices-Features' '/quiet'
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/disable-feature' '/featurename:Printing-XPSServices-Features' '/quiet'
|
|
|
|
Write-Host "Removing OneDrive:"
|
|
Remove-Item -Path "$ScratchDisk\scratchdir\Windows\System32\OneDriveSetup.exe" -Force -ErrorAction SilentlyContinue
|
|
Remove-Item -Path "$ScratchDisk\scratchdir\Windows\SysWOW64\OneDriveSetup.exe" -Force -ErrorAction SilentlyContinue
|
|
|
|
Write-Host "Removing scheduled tasks:"
|
|
Get-ChildItem "$ScratchDisk\scratchdir\Windows\System32\Tasks\" -Recurse -ErrorAction SilentlyContinue | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue
|
|
|
|
Write-Host "Optimizing image..."
|
|
& 'dism' '/English' "/image:$ScratchDisk\scratchdir" '/cleanup-image' '/startcomponentcleanup' '/resetbase'
|
|
|
|
if (Test-Path "$ScratchDisk\scratchdir\Windows\WinSxS\") {
|
|
Write-Host "Moving WinSxS folder to reduce image size..."
|
|
Move-Item -Path "$ScratchDisk\scratchdir\Windows\WinSxS" -Destination "$ScratchDisk\scratchdir\Windows\WinSxS_backup" -Force
|
|
New-Item -ItemType Directory -Path "$ScratchDisk\scratchdir\Windows\WinSxS" -Force | Out-Null
|
|
}
|
|
|
|
Write-Host "Loading registry..."
|
|
reg load HKLM\zCOMPONENTS $ScratchDisk\scratchdir\Windows\System32\config\COMPONENTS >null
|
|
reg load HKLM\zDEFAULT $ScratchDisk\scratchdir\Windows\System32\config\default >null
|
|
reg load HKLM\zNTUSER $ScratchDisk\scratchdir\Users\Default\ntuser.dat >null
|
|
reg load HKLM\zSOFTWARE $ScratchDisk\scratchdir\Windows\System32\config\SOFTWARE >null
|
|
reg load HKLM\zSYSTEM $ScratchDisk\scratchdir\Windows\System32\config\SYSTEM >null
|
|
|
|
# Set-RegistryValue function for robust registry operations with automatic key creation
|
|
function Set-RegistryValue {
|
|
param(
|
|
[string]$KeyPath,
|
|
[string]$ValueName,
|
|
[string]$ValueType,
|
|
[string]$ValueData,
|
|
[string]$Description = ""
|
|
)
|
|
|
|
try {
|
|
# Use reg add with /f flag to force creation of keys and overwrite existing values
|
|
$result = & 'reg' 'add' $KeyPath '/v' $ValueName '/t' $ValueType '/d' $ValueData '/f' 2>&1
|
|
|
|
if ($LASTEXITCODE -ne 0) {
|
|
$errorMsg = if ($Description) { "Failed to set registry value for $Description" } else { "Failed to set registry value $ValueName in $KeyPath" }
|
|
Write-Warning "$errorMsg. Error: $result"
|
|
}
|
|
}
|
|
catch {
|
|
$errorMsg = if ($Description) { "Exception setting registry value for $Description" } else { "Exception setting registry value $ValueName in $KeyPath" }
|
|
Write-Warning "$errorMsg. Exception: $($_.Exception.Message)"
|
|
}
|
|
}
|
|
|
|
Write-Host "Bypassing system requirements(on the system image):"
|
|
Set-RegistryValue -KeyPath 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' -ValueName 'SV1' -ValueType 'REG_DWORD' -ValueData '0' -Description "Unsupported hardware notification SV1"
|
|
Set-RegistryValue -KeyPath 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' -ValueName 'SV2' -ValueType 'REG_DWORD' -ValueData '0' -Description "Unsupported hardware notification SV2"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' -ValueName 'SV1' -ValueType 'REG_DWORD' -ValueData '0' -Description "User unsupported hardware notification SV1"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' -ValueName 'SV2' -ValueType 'REG_DWORD' -ValueData '0' -Description "User unsupported hardware notification SV2"
|
|
|
|
Write-Host "Disabling Sponsored Apps:"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'OemPreInstalledAppsEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "OEM pre-installed apps"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'PreInstalledAppsEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Pre-installed apps"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SilentInstalledAppsEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Silent installed apps"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' -ValueName 'DisableWindowsConsumerFeatures' -ValueType 'REG_DWORD' -ValueData '1' -Description "Windows consumer features"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'ContentDeliveryAllowed' -ValueType 'REG_DWORD' -ValueData '0' -Description "Content delivery allowed"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'FeatureManagementEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Feature management"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'PreInstalledAppsEverEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Pre-installed apps ever enabled"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SoftLandingEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Soft landing enabled"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SubscribedContentEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Subscribed content"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SubscribedContent-310093Enabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Subscribed content 310093"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SubscribedContent-338388Enabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Subscribed content 338388"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SubscribedContent-338389Enabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Subscribed content 338389"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SubscribedContent-338393Enabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Subscribed content 338393"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SubscribedContent-353694Enabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Subscribed content 353694"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SubscribedContent-353696Enabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Subscribed content 353696"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -ValueName 'SystemPaneSuggestionsEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "System pane suggestions"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\PushToInstall' -ValueName 'DisablePushToInstall' -ValueType 'REG_DWORD' -ValueData '1' -Description "Push to install feature"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\MRT' -ValueName 'DontOfferThroughWUAU' -ValueType 'REG_DWORD' -ValueData '1' -Description "Malicious software removal tool through Windows Update"
|
|
& 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions' '/f' >null
|
|
& 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\SuggestedApps' '/f' >null
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' -ValueName 'DisableConsumerAccountStateContent' -ValueType 'REG_DWORD' -ValueData '1' -Description "Consumer account state content"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' -ValueName 'DisableCloudOptimizedContent' -ValueType 'REG_DWORD' -ValueData '1' -Description "Cloud optimized content"
|
|
|
|
Write-Host "Enabling Local Accounts on OOBE:"
|
|
Copy-Item -Path "$PSScriptRoot\includes\autounattend-win10.xml" -Destination "$ScratchDisk\scratchdir\Windows\System32\Sysprep\autounattend.xml" -Force -ErrorAction SilentlyContinue
|
|
|
|
Write-Host "Disabling Reserved Storage:"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' -ValueName 'ShippedWithReserves' -ValueType 'REG_DWORD' -ValueData '0' -Description "Reserved storage feature"
|
|
|
|
Write-Host "Disabling OneDrive folder backup"
|
|
Set-RegistryValue -KeyPath "HKLM\zSOFTWARE\Policies\Microsoft\Windows\OneDrive" -ValueName 'DisableFileSyncNGSC' -ValueType 'REG_DWORD' -ValueData '1' -Description "OneDrive file sync"
|
|
|
|
Write-Host "Removing Edge related registries"
|
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /f 2>$null
|
|
reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update" /f 2>$null
|
|
|
|
Write-Host "Disabling Telemetry:"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo' -ValueName 'Enabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Advertising info collection"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy' -ValueName 'TailoredExperiencesWithDiagnosticDataEnabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Tailored experiences with diagnostic data"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy' -ValueName 'HasAccepted' -ValueType 'REG_DWORD' -ValueData '0' -Description "Online speech privacy"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Input\TIPC' -ValueName 'Enabled' -ValueType 'REG_DWORD' -ValueData '0' -Description "Text input personalization"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' -ValueName 'RestrictImplicitInkCollection' -ValueType 'REG_DWORD' -ValueData '1' -Description "Implicit ink collection restriction"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' -ValueName 'RestrictImplicitTextCollection' -ValueType 'REG_DWORD' -ValueData '1' -Description "Implicit text collection restriction"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization\TrainedDataStore' -ValueName 'HarvestContacts' -ValueType 'REG_DWORD' -ValueData '0' -Description "Contact harvesting for input personalization"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' -ValueName 'AcceptedPrivacyPolicy' -ValueType 'REG_DWORD' -ValueData '0' -Description "Personalization privacy policy"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' -ValueName 'AllowTelemetry' -ValueType 'REG_DWORD' -ValueData '0' -Description "Telemetry data collection"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' -ValueName 'Start' -ValueType 'REG_DWORD' -ValueData '4' -Description "Device management WAP push service"
|
|
|
|
Write-Host "Disabling Windows Update..."
|
|
Set-RegistryValue -KeyPath "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" -ValueName 'StopWUPostOOBE1' -ValueType 'REG_SZ' -ValueData 'net stop wuauserv' -Description "Stop Windows Update service post-OOBE (method 1)"
|
|
Set-RegistryValue -KeyPath "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" -ValueName 'StopWUPostOOBE2' -ValueType 'REG_SZ' -ValueData 'sc stop wuauserv' -Description "Stop Windows Update service post-OOBE (method 2)"
|
|
Set-RegistryValue -KeyPath "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" -ValueName 'StopWUPostOOBE3' -ValueType 'REG_SZ' -ValueData 'sc config wuauserv start= disabled' -Description "Disable Windows Update service post-OOBE"
|
|
Set-RegistryValue -KeyPath "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" -ValueName 'DisbaleWUPostOOBE1' -ValueType 'REG_SZ' -ValueData 'reg add HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Start /t REG_DWORD /d 4 /f' -Description "Disable Windows Update service via registry (CurrentControlSet)"
|
|
Set-RegistryValue -KeyPath "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" -ValueName 'DisbaleWUPostOOBE2' -ValueType 'REG_SZ' -ValueData 'reg add HKLM\SYSTEM\ControlSet001\Services\wuauserv /v Start /t REG_DWORD /d 4 /f' -Description "Disable Windows Update service via registry (ControlSet001)"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -ValueName 'DoNotConnectToWindowsUpdateInternetLocations' -ValueType 'REG_DWORD' -ValueData '1' -Description "Do not connect to Windows Update internet locations"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -ValueName 'DisableWindowsUpdateAccess' -ValueType 'REG_DWORD' -ValueData '1' -Description "Disable Windows Update access"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -ValueName 'WUServer' -ValueType 'REG_SZ' -ValueData 'localhost' -Description "Windows Update server URL"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -ValueName 'WUStatusServer' -ValueType 'REG_SZ' -ValueData 'localhost' -Description "Windows Update status server URL"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -ValueName 'UpdateServiceUrlAlternate' -ValueType 'REG_SZ' -ValueData 'localhost' -Description "Alternative update service URL"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' -ValueName 'UseWUServer' -ValueType 'REG_DWORD' -ValueData '1' -Description "Use Windows Update server"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' -ValueName 'NoAutoUpdate' -ValueType 'REG_DWORD' -ValueData '1' -Description "Disable automatic updates"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' -ValueName 'DisableOnline' -ValueType 'REG_DWORD' -ValueData '1' -Description "Disable online OOBE"
|
|
Set-RegistryValue -KeyPath 'HKLM\zSYSTEM\ControlSet001\Services\wuauserv' -ValueName 'Start' -ValueType 'REG_DWORD' -ValueData '4' -Description "Windows Update service start type"
|
|
|
|
Write-Host "Disabling Windows Defender"
|
|
# Set registry values for Windows Defender services
|
|
$servicePaths = @(
|
|
"WinDefend",
|
|
"WdNisSvc",
|
|
"WdNisDrv",
|
|
"WdFilter",
|
|
"Sense"
|
|
)
|
|
|
|
foreach ($path in $servicePaths) {
|
|
try {
|
|
Set-RegistryValue -KeyPath "HKLM\zSYSTEM\ControlSet001\Services\$path" -ValueName 'Start' -ValueType 'REG_DWORD' -ValueData '4' -Description "Windows Defender service $path"
|
|
}
|
|
catch {
|
|
Write-Host "Warning: Could not modify service $path - $($_.Exception.Message)"
|
|
}
|
|
}
|
|
|
|
Set-RegistryValue -KeyPath 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -ValueName 'SettingsPageVisibility' -ValueType 'REG_SZ' -ValueData 'hide:virus;windowsupdate;mobile-devices;gaming;cortana;search;maps;yourinfo;workplace;easeofaccess;recovery;troubleshoot;backup;sync;findmydevice;developers;activation;deviceencryption' -Description "Hide rarely used Settings pages, showing only basic functionality"
|
|
|
|
Write-Host "Tweaking complete!"
|
|
Write-Host "Unmounting Registry..."
|
|
reg unload HKLM\zCOMPONENTS >null
|
|
reg unload HKLM\zDEFAULT >null
|
|
reg unload HKLM\zNTUSER >null
|
|
reg unload HKLM\zSOFTWARE >null
|
|
reg unload HKLM\zSYSTEM >null
|
|
$replaceBranding = $true # Set to $false to skip branding replacement
|
|
if ($replaceBranding) {
|
|
Write-Host "Replacing system files for OEM branding..."
|
|
& 'takeown' '/f' "$ScratchDisk\scratchdir\Windows\Branding\Basebrd\basebrd.dll" | Out-Null
|
|
& 'icacls' "$ScratchDisk\scratchdir\Windows\Branding\Basebrd\basebrd.dll" '/grant' "$($adminGroup.Value):(F)" '/C' | Out-Null
|
|
& 'takeown' '/f' "$ScratchDisk\scratchdir\Windows\Branding\Basebrd\en-US\basebrd.dll.mui" | Out-Null
|
|
& 'icacls' "$ScratchDisk\scratchdir\Windows\Branding\Basebrd\en-US\basebrd.dll.mui" '/grant' "$($adminGroup.Value):(F)" '/C' | Out-Null
|
|
& 'takeown' '/f' "$ScratchDisk\scratchdir\Windows\Branding\shellbrd\shellbrd.dll" | Out-Null
|
|
& 'icacls' "$ScratchDisk\scratchdir\Windows\Branding\shellbrd\shellbrd.dll" '/grant' "$($adminGroup.Value):(F)" '/C' | Out-Null
|
|
Copy-Item -Path "$PSScriptRoot\includes\branding-resources\system\basebrd.dll" -Destination "$ScratchDisk\scratchdir\Windows\Branding\Basebrd\basebrd.dll" -Force | Out-Null
|
|
Copy-Item -Path "$PSScriptRoot\includes\branding-resources\system\basebrd.dll.mui" -Destination "$ScratchDisk\scratchdir\Windows\Branding\Basebrd\en-US\basebrd.dll.mui" -Force | Out-Null
|
|
Copy-Item -Path "$PSScriptRoot\includes\branding-resources\system\shellbrd.dll" -Destination "$ScratchDisk\scratchdir\Windows\Branding\shellbrd\shellbrd.dll" -Force | Out-Null
|
|
$brandingBootRes = "$PSScriptRoot\includes\branding-resources\system\bootres.dll"
|
|
if (Test-Path $brandingBootRes) {
|
|
Write-Host "Copying bootres.dll..."
|
|
foreach ($bootresPath in @(
|
|
"$ScratchDisk\scratchdir\Windows\Boot\EFI\bootres.dll",
|
|
"$ScratchDisk\scratchdir\Windows\Boot\PCAT\bootres.dll"
|
|
)) {
|
|
if (Test-Path $bootresPath) {
|
|
& 'takeown' '/f' $bootresPath | Out-Null
|
|
& 'icacls' $bootresPath '/grant' "$($adminGroup.Value):(F)" '/C' | Out-Null
|
|
Copy-Item -Path $brandingBootRes -Destination $bootresPath -Force | Out-Null
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
# Restore WinSxS if it was moved
|
|
if (Test-Path "$ScratchDisk\scratchdir\Windows\WinSxS_backup") {
|
|
Write-Host "Restoring WinSxS folder..."
|
|
Remove-Item -Path "$ScratchDisk\scratchdir\Windows\WinSxS" -Force -Recurse -ErrorAction SilentlyContinue
|
|
Move-Item -Path "$ScratchDisk\scratchdir\Windows\WinSxS_backup" -Destination "$ScratchDisk\scratchdir\Windows\WinSxS" -Force
|
|
}
|
|
|
|
Write-Host "Unmounting image..."
|
|
& 'dism' '/English' '/unmount-image' "/mountdir:$ScratchDisk\scratchdir" '/commit'
|
|
|
|
Write-Host "Exporting image..."
|
|
& 'dism' '/English' '/export-image' "/sourceimagefile:$wimFilePath" '/sourceindex:1' "/destinationimagefile:$ScratchDisk\tiny10\sources\install.wim" '/compress:lzx' '/checkintegrity'
|
|
|
|
if ($UseSetupTemplate) {
|
|
if (-not (Test-Path "$setupMediaTemplatePath")) {
|
|
Write-Error "setup-media-template folder not found: $setupMediaTemplatePath"
|
|
exit 1
|
|
}
|
|
Write-Host "Copying setup media template..."
|
|
Copy-Item -Path "$setupMediaTemplatePath\*" -Destination "$ScratchDisk\tiny10" -Recurse -Force | Out-Null
|
|
Write-Host "Template copy complete."
|
|
} else {
|
|
Write-Host "Copying remaining files..."
|
|
robocopy "$DriveLetter" "$ScratchDisk\tiny10" /E /XD "$DriveLetter\sources" /XF "$DriveLetter\sources\install.wim" /NDL /NFL /NJH /NJS /nc /ns /np
|
|
|
|
Write-Host "Copying boot.wim..."
|
|
Copy-Item -Path "$DriveLetter\sources\boot.wim" -Destination "$ScratchDisk\tiny10\sources\" -Force
|
|
}
|
|
|
|
Write-Host "Loading boot.wim..."
|
|
& 'dism' '/English' '/mount-image' "/imagefile:$ScratchDisk\tiny10\sources\boot.wim" '/index:2' "/mountdir:$ScratchDisk\scratchdir"
|
|
|
|
Write-Host "Loading registry..."
|
|
reg load HKLM\zCOMPONENTS $ScratchDisk\scratchdir\Windows\System32\config\COMPONENTS >null
|
|
reg load HKLM\zDEFAULT $ScratchDisk\scratchdir\Windows\System32\config\default >null
|
|
reg load HKLM\zNTUSER $ScratchDisk\scratchdir\Users\Default\ntuser.dat >null
|
|
reg load HKLM\zSOFTWARE $ScratchDisk\scratchdir\Windows\System32\config\SOFTWARE >null
|
|
reg load HKLM\zSYSTEM $ScratchDisk\scratchdir\Windows\System32\config\SYSTEM >null
|
|
|
|
Write-Host "Bypassing system requirements(on the setup image):"
|
|
Set-RegistryValue -KeyPath 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' -ValueName 'SV1' -ValueType 'REG_DWORD' -ValueData '0' -Description "Setup image unsupported hardware notification SV1"
|
|
Set-RegistryValue -KeyPath 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' -ValueName 'SV2' -ValueType 'REG_DWORD' -ValueData '0' -Description "Setup image unsupported hardware notification SV2"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' -ValueName 'SV1' -ValueType 'REG_DWORD' -ValueData '0' -Description "Setup image user unsupported hardware notification SV1"
|
|
Set-RegistryValue -KeyPath 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' -ValueName 'SV2' -ValueType 'REG_DWORD' -ValueData '0' -Description "Setup image user unsupported hardware notification SV2"
|
|
Set-RegistryValue -KeyPath 'HKEY_LOCAL_MACHINE\zSYSTEM\Setup' -ValueName 'CmdLine' -ValueType 'REG_SZ' -ValueData 'X:\sources\setup.exe' -Description "Setup command line"
|
|
|
|
Write-Host "Tweaking complete!"
|
|
Write-Host "Unmounting Registry..."
|
|
reg unload HKLM\zCOMPONENTS >null
|
|
reg unload HKLM\zDEFAULT >null
|
|
reg unload HKLM\zNTUSER >null
|
|
reg unload HKLM\zSOFTWARE >null
|
|
reg unload HKLM\zSYSTEM >null
|
|
if ($replaceBranding -and (Test-Path $brandingBootRes)) {
|
|
Write-Host "Copying bootres.dll to boot image..."
|
|
foreach ($bootresPath in @(
|
|
"$ScratchDisk\scratchdir\Windows\Boot\EFI\bootres.dll",
|
|
"$ScratchDisk\scratchdir\Windows\Boot\PCAT\bootres.dll",
|
|
"$ScratchDisk\scratchdir\Windows\Boot\Resources\bootres.dll"
|
|
)) {
|
|
if (Test-Path $bootresPath) {
|
|
& 'takeown' '/f' $bootresPath | Out-Null
|
|
& 'icacls' $bootresPath '/grant' "$($adminGroup.Value):(F)" '/C' | Out-Null
|
|
Copy-Item -Path $brandingBootRes -Destination $bootresPath -Force | Out-Null
|
|
}
|
|
}
|
|
}
|
|
|
|
Write-Host "Unmounting image..."
|
|
& 'dism' '/English' '/unmount-image' "/mountdir:$ScratchDisk\scratchdir" '/commit'
|
|
|
|
Write-Host "Converting install.wim to install.esd..."
|
|
& dism /English /Export-Image "/SourceImageFile:$ScratchDisk\tiny10\sources\install.wim" /SourceIndex:1 "/DestinationImageFile:$ScratchDisk\tiny10\sources\install.esd" /Compress:recovery /CheckIntegrity
|
|
Remove-Item -Path "$ScratchDisk\tiny10\sources\install.wim" -Force | Out-Null
|
|
Write-Host "Install.wim converted to install.esd."
|
|
|
|
Write-Host "The tiny10 Core image is now complete. Proceeding with the boot.wim."
|
|
Write-Host "Tiny10 Core image completed successfully! You can find it in $ScratchDisk\tiny10\"
|
|
Write-Host "Would you like to create an ISO? (y/n)"
|
|
$iso = Read-Host
|
|
|
|
if ($iso -eq 'y') {
|
|
if (Test-Path "$env:ProgramFiles(x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe") {
|
|
Write-Host "Creating ISO..."
|
|
& "$env:ProgramFiles(x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe" '-m' '-o' '-u2' '-udfver102' "-bootdata:2#p0,e,b$ScratchDisk\tiny10\boot\etfsboot.com#pEF,e,b$ScratchDisk\tiny10\efi\microsoft\boot\efisys.bin" "$ScratchDisk\tiny10" "$PSScriptRoot\tiny10core.iso"
|
|
Write-Host "ISO created successfully!"
|
|
} else {
|
|
Write-Host "Windows ADK is not installed. Cannot create ISO."
|
|
}
|
|
}
|
|
|
|
Write-Host "Performing Cleanup..."
|
|
Remove-Item -Path "$ScratchDisk\tiny10" -Recurse -Force | Out-Null
|
|
Remove-Item -Path "$ScratchDisk\scratchdir" -Recurse -Force | Out-Null
|
|
Write-Host "Creation completed! Press any key to exit..."
|
|
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
|
|
exit
|
|
} else {
|
|
Write-Host "Exiting..."
|
|
exit
|
|
}
|