Add files via upload

src/playbook/Configuration/tweaks/scripts/script-backup2.yml

@@ -0,0 +1,9 @@
+---
+title: Backup Alatas Services and Drivers
+description: Backs up default Alatas services and drivers, after all the tweaks are finished
+privilege: TrustedInstaller
+actions:
+  - !cmd:
+    command: 'powershell -NoP -EP Unrestricted -File "BACKUP.ps1" "%windir%\AlatasModules\Other\winServices.reg"'
+    wait: true
+    exeDir: true

src/playbook/Configuration/tweaks/scripts/script-cleanup.yml

@@ -0,0 +1,9 @@
+---
+title: Cleanup Temporary Files
+description: Cleans up temporary files using Disk Cleanup (if no other installs of Windows are found)
+privilege: TrustedInstaller
+actions:
+  - !run:
+    exe: 'powershell.exe'
+    args: '-NoP -File CLEANUP.ps1'
+    exeDir: true

src/playbook/Configuration/tweaks/scripts/script-core-isolation.yml

@@ -0,0 +1,10 @@
+---
+title: Disable Core Isolation
+description: Disables Core Isolation (VBS) based on the user's options
+privilege: TrustedInstaller
+actions:
+  - !powerShell:
+    command: '& """$env:windir\AlatasDesktop\7. Security\Core Isolation (VBS)\Current Configuration.ps1""" -DisableAllVBS'
+    exeDir: true
+    wait: true
+    option: 'vbs-disable'

src/playbook/Configuration/tweaks/scripts/script-devices.yml

@@ -0,0 +1,10 @@
+---
+title: Disable Devices
+description: Disables devices that users would not typically need to reduce any potential system resources usage in the background
+privilege: TrustedInstaller
+actions:
+  - !powerShell: {command: 'Disable-NetAdapterBinding -Name "*" -ComponentID ms_msclient, ms_server, ms_lldp, ms_lltdio, ms_rspndr'}
+  - !run:
+    exe: 'powershell.exe'
+    args: '-NoP -File DISABLEPNP.ps1'
+    exeDir: true

src/playbook/Configuration/tweaks/scripts/script-file-associations.yml

@@ -0,0 +1,23 @@
+---
+title: Set File Associations
+description: Sets file associations for the user-selected web browser and other apps like the Windows Photo Viewer
+privilege: TrustedInstaller
+actions:
+  - !run:
+    exe: 'FILEASSOC.cmd'
+    exeDir: true
+  - !run:
+    exe: 'FILEASSOC.cmd'
+    args: '"Brave"'
+    option: 'browser-brave'
+    exeDir: true
+  - !run:
+    exe: 'FILEASSOC.cmd'
+    args: '"LibreWolf"'
+    option: 'browser-librewolf'
+    exeDir: true
+  - !run:
+    exe: 'FILEASSOC.cmd'
+    args: '"Google Chrome"'
+    option: 'browser-chrome'
+    exeDir: true

src/playbook/Configuration/tweaks/scripts/script-finalize.yml

@@ -0,0 +1,9 @@
+---
+title: Do Final Tweaks
+description: Does final tweaks that are run from a batch script, as some tweaks cannot be done in playbook YAMLs
+privilege: TrustedInstaller
+actions:
+  - !run:
+    exeDir: true
+    exe: 'FINALIZE.cmd'
+    weight: 100

src/playbook/Configuration/tweaks/scripts/script-mitigations.yml

@@ -0,0 +1,10 @@
+---
+title: Disable Mitigations
+description: Disables mitigations in Windows dependant on the user's options
+privilege: TrustedInstaller
+actions:
+  - !run:
+    exe: 'Disable All Mitigations.cmd'
+    path: '%windir%\AlatasDesktop\7. Security\Mitigations'
+    args: '/silent'
+    option: 'mitigations-disable'

src/playbook/Configuration/tweaks/scripts/script-ngen.yml

@@ -0,0 +1,9 @@
+---
+title: Runs NGEN on PowerShell libraries
+description: Optimizes PowerShell startup time by compiling the .NET libraries
+privilege: TrustedInstaller
+actions:
+  - !run:
+    exe: 'powershell.exe'
+    args: '-NoP -File NGEN.ps1'
+    exeDir: true

src/playbook/Configuration/tweaks/scripts/script-pfp.yml

@@ -0,0 +1,9 @@
+---
+title: Set Profile Pictures
+description: Sets the default Alatas profile pictures
+privilege: TrustedInstaller
+actions:
+  - !run:
+    exe: 'powershell.exe'
+    args: '-NoP -File "PFP.ps1"'
+    exeDir: true

src/playbook/Configuration/tweaks/scripts/script-power.yml

@@ -0,0 +1,20 @@
+---
+title: Configure Power Settings
+description: Executes script to configure power settings for the best performance, especially focusing on the lowest latency e.g. by reducing any potential jitter
+privilege: TrustedInstaller
+actions:
+    # Disable Power Saving features
+  - !run:
+    exe: 'Disable Power Saving.cmd'
+    path: '%windir%\AlatasDesktop\3. Configuration\Power\Power Saving'
+    args: '/setup'
+    weight: 20
+    option: 'disable-power-saving'
+
+    # Disable Hibernation & Fast Startup
+    # Disabling makes NTFS accessible outside of Windows
+  - !run:
+    exe: 'Disable Hibernation (default).cmd'
+    path: '%windir%\AlatasDesktop\3. Configuration\Power\Hibernation'
+    args: '/setup'
+    weight: 20

src/playbook/Configuration/tweaks/scripts/script-win11.yml

@@ -0,0 +1,9 @@
+---
+title: Run Windows 11 Configuration
+description: Configures Windows 11 registry and settings
+privilege: TrustedInstaller
+actions:
+  - !run:
+    exeDir: true
+    exe: 'WIN11.cmd'
+    weight: 20

src/playbook/Configuration/tweaks/security/block-anonymous-enum-sam.yml

@@ -0,0 +1,11 @@
+---
+title: Blocks Anonymous Enumeration of SAM Accounts
+description: Blocks the anonymous enumeration of SAM accounts to prevent the ability to list the potential points of attack to the system
+privilege: TrustedInstaller
+actions:
+   # https://www.stigviewer.com/stig/microsoft_windows_10/2022-04-08/finding/V-220929
+  - !registryValue:
+    path: 'HKLM\SYSTEM\CurrentControlSet\Control\Lsa'
+    value: 'RestrictAnonymousSAM'
+    data: '1'
+    type: REG_DWORD

src/playbook/Configuration/tweaks/security/delete-defaultuser0.yml

@@ -0,0 +1,6 @@
+---
+title: Delete 'defaultuser0' Account Used During OOBE
+description: Deletes the hidden 'defaultuser0' account used during OOBE (Out of Box Experience)
+privilege: TrustedInstaller
+actions:
+  - !run: {exe: 'net', args: 'user defaultuser0 /delete'}

src/playbook/Configuration/tweaks/security/disable-remote-assistance.yml

@@ -0,0 +1,16 @@
+---
+title: Disable Remote Assistance
+description: As Remote Assistance is an unused and a potential vulnerable feature, it is disabled
+privilege: TrustedInstaller
+actions:
+  - !registryValue:
+    path: 'HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance'
+    value: 'fAllowFullControl'
+    data: '0'
+    type: REG_DWORD
+  - !registryValue:
+    path: 'HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance'
+    value: 'fAllowToGetHelp'
+    data: '0'
+    type: REG_DWORD
+  - !run: {exe: 'netsh', args: 'advfirewall firewall set rule group="Remote Assistance" new enable=no'}

src/playbook/Configuration/tweaks/security/strong-dotnet-crypto.yml

@@ -0,0 +1,15 @@
+---
+title: Set Strong Cryptography
+description: Set strong cryptography on AMD64 and x86 .NET Framework (version 4 and above) to fix a Scoop installation issue
+privilege: TrustedInstaller
+actions:
+  - !registryValue:
+    path: 'HKLM\SOFTWARE\Microsoft\.NetFramework\v4.0.30319'
+    value: 'SchUseStrongCrypto'
+    data: '1'
+    type: REG_DWORD
+  - !registryValue:
+    path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'
+    value: 'SchUseStrongCrypto'
+    data: '1'
+    type: REG_DWORD

src/playbook/Configuration/tweaks/statuses/status-cleanup.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for cleaner script
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Cleaning up'}

src/playbook/Configuration/tweaks/statuses/status-debloat.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for the Debloating Category
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running debloating tweaks'}

src/playbook/Configuration/tweaks/statuses/status-misc.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for the Miscellaneous Category
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running miscellaneous tweaks'}

src/playbook/Configuration/tweaks/statuses/status-networking.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for the Networking Category
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running networking tweaks'}

src/playbook/Configuration/tweaks/statuses/status-ngen.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for Running .NET Optimization
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running NGEN'}

src/playbook/Configuration/tweaks/statuses/status-performance.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for the Performance Category
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running performance tweaks'}

src/playbook/Configuration/tweaks/statuses/status-privacy.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for the Privacy Category
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running privacy tweaks'}

src/playbook/Configuration/tweaks/statuses/status-qol.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for the QoL Category
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running QoL tweaks'}

src/playbook/Configuration/tweaks/statuses/status-scripts.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for the Scripts Category
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running scripts'}

src/playbook/Configuration/tweaks/statuses/status-security.yml

@@ -0,0 +1,6 @@
+---
+title: Status in AME Wizard for the Security Category
+description: Displays a status in AME Wizard for a specified category
+privilege: TrustedInstaller
+actions:
+  - !writeStatus: {status: 'Running security tweaks'}