This repository has been archived by the owner on Sep 18, 2024. It is now read-only.
forked from Atlas-OS/Atlas
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
256 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| --- | ||
| title: Configure Autologgers | ||
| description: Configures and disables unnecessary autologgers for the optimal performance and privacy | ||
| privilege: TrustedInstaller | ||
| actions: | ||
| # The main purpose and reason of disabling these autologgers is to prevent unncecessary logging | ||
| # and tracking of different applications/components in Windows and prevent them from running at startup | ||
| # as well as in the background. We only disable Windows-related autologgers, not needed for any | ||
| # external applications for logging (such as xperf). They can be viewed in Performance Monitor. | ||
|
|
||
| # https://docs.microsoft.com/en-us/windows/win32/etw/configuring-and-starting-an-autologger-session | ||
|
|
||
| ##################################################################################################### | ||
|
|
||
| - !registryValue: | ||
| path: 'HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Diaglog' | ||
| value: 'Start' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Diagtrack-Listener' | ||
| value: 'Start' | ||
| data: '0' | ||
| type: REG_DWORD |
80 changes: 80 additions & 0 deletions
80
src/playbook/Configuration/tweaks/debloat/config-content-delivery.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| --- | ||
| title: Configure Content Delivery Manager | ||
| description: Configures Content Delivery Manager not to download any applications such as Disney+ and disables suggested content (tips/tricks/facts/suggestions/ads) for QoL and privacy | ||
| privilege: TrustedInstaller | ||
| actions: | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'ContentDeliveryAllowed' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'OemPreInstalledAppsEnabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'PreInstalledAppsEnabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'PreInstalledAppsEverEnabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SilentInstalledAppsEnabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SubscribedContent-310093Enabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SubscribedContent-338393Enabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SubscribedContent-353694Enabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SubscribedContent-353696Enabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SubscribedContent-338387Enabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'RotatingLockScreenOverlayEnabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SubscribedContent-338388Enabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SystemPaneSuggestionsEnabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SubscribedContent-338389Enabled' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' | ||
| value: 'SoftLandingEnabled' | ||
| data: '0' | ||
| type: REG_DWORD |
28 changes: 28 additions & 0 deletions
28
src/playbook/Configuration/tweaks/debloat/config-storage-sense.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| --- | ||
| title: Configure Storage Sense | ||
| description: Configures Storage Sense to automatically cleanup temporary files every month | ||
| privilege: TrustedInstaller | ||
| actions: | ||
| # Reference: https://gist.github.com/he3als/3d9dcf6e796aa920c24a98130165fb17 | ||
|
|
||
| # Enable Storage Sense | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '01', type: REG_DWORD, data: '1'} | ||
| # Run Storage Sense | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '1024', type: REG_DWORD, data: '1'} | ||
| # Run Storage Sense every month | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '2048', type: REG_DWORD, data: '30'} | ||
| # Enable cleaning temporary files | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '04', type: REG_DWORD, data: '1'} | ||
| # Disable the 'Downloads' from being cleared | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '32', type: REG_DWORD, data: '0'} | ||
| # Disable OneDrive cleanup | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '02', type: REG_DWORD, data: '0'} | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '128', type: REG_DWORD, data: '0'} | ||
| # Clean Recycle Bin every month | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '08', type: REG_DWORD, data: '1'} | ||
| - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '256', type: REG_DWORD, data: '30'} | ||
|
|
||
| # Enable cleaning temp files | ||
| - !scheduledTask: {path: '\Microsoft\Windows\DiskCleanup\SilentCleanup', operation: enable} | ||
|
|
||
| # There's also subkeys for OneDrive cleanup, but as OneDrive is uninstalled, they probably aren't relevant |
20 changes: 20 additions & 0 deletions
20
src/playbook/Configuration/tweaks/debloat/disable-reserved-storage.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| --- | ||
| title: Disable Reserved Storage for Windows Updates | ||
| description: Disables reserved storage for Windows Updates to have more storage space | ||
| privilege: TrustedInstaller | ||
| actions: | ||
| - !registryValue: | ||
| path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' | ||
| value: 'MiscPolicyInfo' | ||
| data: '2' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' | ||
| value: 'PassedPolicy' | ||
| data: '0' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' | ||
| value: 'ShippedWithReserves' | ||
| data: '0' | ||
| type: REG_DWORD |
21 changes: 21 additions & 0 deletions
21
src/playbook/Configuration/tweaks/debloat/hide-unused-security-pages.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| --- | ||
| title: Hide Unused Windows Security Pages | ||
| description: Hides Windows Security pages that are not commonly needed/used to have a more clean UI | ||
| privilege: TrustedInstaller | ||
| actions: | ||
| # Remove bloat pages | ||
| - !registryValue: | ||
| path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options' | ||
| value: 'UILockdown' | ||
| data: '1' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health' | ||
| value: 'UILockdown' | ||
| data: '1' | ||
| type: REG_DWORD | ||
| - !registryValue: | ||
| path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Account protection' | ||
| value: 'UILockdown' | ||
| data: '1' | ||
| type: REG_DWORD |
29 changes: 29 additions & 0 deletions
29
src/playbook/Configuration/tweaks/debloat/legacy-photo-viewer.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| --- | ||
| title: Enable Windows Photo Viewer | ||
| description: Enables and configures the legacy Windows Photo Viewer to be the default for a more familar and lightweight photo viewing experience | ||
| privilege: TrustedInstaller | ||
| actions: | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.tif', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.tiff', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.bmp', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.dib', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.gif', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.jfif', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.jpe', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.jpeg', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.jpg', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.jxr', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations', value: '.png', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
|
|
||
| - !registryKey: {path: 'HKCR\PhotoViewer.FileAssoc.Tiff', operation: add} | ||
| - !registryValue: {path: 'HKCR\.tif', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.tiff', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.bmp', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.dib', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.gif', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.jfif', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.jpe', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.jpeg', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.jpg', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.jxr', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} | ||
| - !registryValue: {path: 'HKCR\.png', value: '', data: 'PhotoViewer.FileAssoc.Tiff', type: REG_SZ} |
54 changes: 54 additions & 0 deletions
54
src/playbook/Configuration/tweaks/debloat/scheduled-tasks.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| --- | ||
| title: Configure Scheduled Tasks | ||
| description: Configures scheduled tasks to prevent automatic tasks from running at startup, consuming resources and collecting user data | ||
| privilege: TrustedInstaller | ||
| actions: | ||
| # https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/schtasks | ||
|
|
||
| - !scheduledTask: | ||
| path: '\Microsoft\Windows\Location' | ||
| operation: deleteFolder | ||
|
|
||
| - !scheduledTask: {path: '\Microsoft\Windows\Application Experience\PcaPatchDbTask'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\Application Experience\StartupAppTask'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\ApplicationData\DsSvcCleanup'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\CloudExperienceHost\CreateObjectTask'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\Diagnosis\Scheduled'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\DiskFootprint\Diagnostics'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\InstallService\ScanForUpdates'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\InstallService\ScanForUpdatesAsUser'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\PI\Sqm-Tasks'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\Registry\RegIdleBackup'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\Shell\FamilySafetyMonitor'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\Shell\FamilySafetyRefresh'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\Shell\IndexerAutomaticMaintenance'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\StateRepository\MaintenanceTasks'} | ||
| - !scheduledTask: {path: '\Microsoft\Windows\WindowsUpdate\Scheduled Start'} | ||
|
|
||
| # Here are the scheduled tasks that are currently commented as they're under review. | ||
| # This list should be somewhat minimal in the tasks it deletes, as a lot of the tasks below won't run by default ever anyways, unless needed. | ||
| # Telemetry, Windows Error Reporting and CEIP/SQM is stripped by default anyways, so don't worry about that. | ||
|
|
||
| # - !scheduledTask: | ||
| # path: '\Microsoft\Windows\DeviceDirectoryClient' | ||
| # operation: deleteFolder | ||
|
|
||
| # - !scheduledTask: {path: '\Microsoft\Windows\AppID\EDP Policy Manager'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\ApplicationData\appuriverifierdaily'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\ApplicationData\appuriverifierinstall'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\Defrag\ScheduledDefrag'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\Device Setup\Metadata Refresh'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\InstallService\SmartRetry'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\Maintenance\WinSAT'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\Management\Provisioning\Cellular'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\Printing\EduPrintProv'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\PushToInstall\LoginCheck'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\Ras\MobilityManager'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\UPnP\UPnPHostConfig'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\WaaSMedic\PerformRemediation'} | ||
| # - !scheduledTask: {path: '\Microsoft\Windows\Windows Media Sharing\UpdateLibrary'} |