diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e915029 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +################################################################################ +# This .gitignore file was automatically created by Microsoft(R) Visual Studio. +################################################################################ + +/.vs diff --git a/tiny11makerGUI.ps1 b/tiny11makerGUI.ps1 new file mode 100644 index 0000000..670e563 --- /dev/null +++ b/tiny11makerGUI.ps1 @@ -0,0 +1,631 @@ +# Enable debugging +#Set-PSDebug -Trace 1 + +param ( + [ValidatePattern('^[c-zC-Z]$')] + [string]$ScratchDisk +) + +if (-not $ScratchDisk) { + $ScratchDisk = $PSScriptRoot -replace '[\\]+$', '' +} else { + $ScratchDisk = $ScratchDisk + ":" +} + +Write-Output "Scratch disk set to $ScratchDisk" + +# Check if PowerShell execution is restricted +if ((Get-ExecutionPolicy) -eq 'Restricted') { + Add-Log "Your current PowerShell Execution Policy is set to Restricted, which prevents scripts from running. Do you want to change it to RemoteSigned? (yes/no)" + $response = Read-Host + if ($response -eq 'yes') { + Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Confirm:$false + } else { + Add-Log "The script cannot be run without changing the execution policy. Exiting..." + exit + } +} + +# Check and run the script as admin if required +$adminSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") +$adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount]) +$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent() +$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID) +$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator +if (! $myWindowsPrincipal.IsInRole($adminRole)) +{ + Add-Log "Restarting Tiny11 image creator as admin in a new window, you can close this one." + $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell"; + $newProcess.Arguments = $myInvocation.MyCommand.Definition; + $newProcess.Verb = "runas"; + [System.Diagnostics.Process]::Start($newProcess); + exit +} + +Add-Type -assembly System.Windows.Forms +Add-Type -assembly System.Drawing + +# Fonction pour ajouter des logs +function Add-Log { + param ( + [string]$message + ) + $LogsTextBox.Text += "$message`r`n" + $LogsTextBox.SelectionStart = $LogsTextBox.Text.Length + $LogsTextBox.ScrollToCaret() +} + +# Main Form +$main_form = New-Object System.Windows.Forms.Form +$main_form.Text = 'Tiny11makerGUI' +$main_form.Width = 600 +$main_form.Height = 450 +$main_form.StartPosition = 'CenterScreen' + +# Disable Minimize, Maximize, and Resize +$main_form.FormBorderStyle = [System.Windows.Forms.FormBorderStyle]::FixedDialog +$main_form.MaximizeBox = $false +$main_form.MinimizeBox = $false + +# Title Label (Centered) +$TitleLabel = New-Object System.Windows.Forms.Label +$TitleLabel.Text = "Tiny11 image creator" +$TitleLabel.Font = New-Object System.Drawing.Font('Consolas', 20, [System.Drawing.FontStyle]::Bold) +$TitleLabel.AutoSize = $true +$TitleLabel.Location = New-Object System.Drawing.Point( + ($main_form.Width / 2) - 100, # Dynamically center + 10 +) + +# ISO Selection TextBox +$IsoTextBox = New-Object System.Windows.Forms.TextBox +$IsoTextBox.Text = "Select an .iso to mount" +$IsoTextBox.Width = 360 +$IsoTextBox.Location = New-Object System.Drawing.Point(20, 65) +$IsoTextBox.Enabled = $false + +# Choose Button +$ChooseButton = New-Object System.Windows.Forms.Button +$ChooseButton.Text = "Choose" +$ChooseButton.Location = New-Object System.Drawing.Point(400, 60) +$ChooseButton.Size = New-Object System.Drawing.Size(80, 30) +$ChooseButton.Add_Click({ + # Placeholder logic to simulate file selection + $FileDialog = New-Object System.Windows.Forms.OpenFileDialog + $FileDialog.Filter = "ISO Files (*.iso)|*.iso|All Files (*.*)|*.*" + if ($FileDialog.ShowDialog() -eq [System.Windows.Forms.DialogResult]::OK) { + $IsoTextBox.Text = $FileDialog.FileName + $MountButton.Enabled = $true + Add-Log "Selected: $($FileDialog.FileName)" + } +}) + +# Mount Button +$MountButton = New-Object System.Windows.Forms.Button +$MountButton.Text = "Mount" +$MountButton.Location = New-Object System.Drawing.Point(490, 60) +$MountButton.Size = New-Object System.Drawing.Size(80, 30) +$MountButton.Enabled = $false +$MountButton.Add_Click({ + Add-Log "Mounting: $($IsoTextBox.Text)" + + try { + Mount-DiskImage -ImagePath $IsoTextBox.Text + Add-Log "Mounted: $($IsoTextBox.Text)" + + # Retrieve drive letters + $DriveLetters = Get-PSDrive -PSProvider FileSystem + foreach ($Letter in $DriveLetters) { + $DriveComboBox.Items.Add($Letter.Name) + Add-Log "Drive found: $($Letter.Name)" + } + + # Enable related controls + $DriveLabel.Enabled = $true + $DriveComboBox.Enabled = $true + $ImageIndexLabel.Enabled = $true + $ImageIndexComboBox.Enabled = $true + $StartButton.Enabled = $true + } + catch { + Add-Log "Error during mounting: $_" + } +}) + +# Drive Letter Label +$DriveLabel = New-Object System.Windows.Forms.Label +$DriveLabel.Text = "Drive Letter:" +$DriveLabel.Font = New-Object System.Drawing.Font('Consolas', 10) +$DriveLabel.Location = New-Object System.Drawing.Point(20, 110) +$DriveLabel.AutoSize = $true +$DriveLabel.Enabled = $false + +# Drive Letter ComboBox +$DriveComboBox = New-Object System.Windows.Forms.ComboBox +$DriveComboBox.Width = 150 +$DriveComboBox.Location = New-Object System.Drawing.Point(20, 135) +$DriveComboBox.Enabled = $false + +# SKU Index Label +$ImageIndexLabel = New-Object System.Windows.Forms.Label +$ImageIndexLabel.Text = "SKU:" +$ImageIndexLabel.Font = New-Object System.Drawing.Font('Consolas', 10) +$ImageIndexLabel.Location = New-Object System.Drawing.Point(200, 110) +$ImageIndexLabel.AutoSize = $true +$ImageIndexLabel.Enabled = $false + +# SKU Index ComboBox +$ImageIndexComboBox = New-Object System.Windows.Forms.ComboBox +$ImageIndexComboBox.Width = 150 +$ImageIndexComboBox.Location = New-Object System.Drawing.Point(200, 135) +$ImageIndexComboBox.Items.AddRange((1..10)) # Placeholder for indexes +$ImageIndexComboBox.Enabled = $false + +# Start Button +$StartButton = New-Object System.Windows.Forms.Button +$StartButton.Text = "Start" +$StartButton.Location = New-Object System.Drawing.Point(400, 135) +$StartButton.Size = New-Object System.Drawing.Size(170, 30) +$StartButton.Enabled = $false +$StartButton.Add_Click({ + $StartButton.Enabled = $false + Add-Log "Starting..." + Add-Log "Drive: $($DriveComboBox.SelectedItem)" + Add-Log "SKU: $($ImageIndexComboBox.SelectedItem)" + Add-Log "Scratch disk: $ScratchDisk" + + $hostArchitecture = $Env:PROCESSOR_ARCHITECTURE + New-Item -ItemType Directory -Force -Path "$ScratchDisk\tiny11\sources" | Out-Null + do { + if ($DriveComboBox.SelectedItem -match '^[c-zC-Z]$') { + $DriveLetter = $DriveComboBox.SelectedItem + ":" + Add-Log "Drive letter set to $DriveLetter" + } else { + Add-Log "Invalid drive letter. Please enter a letter between C and Z." + } +} while ($DriveLetter -notmatch '^[c-zC-Z]:$') + +if ((Test-Path "$DriveLetter\sources\boot.wim") -eq $false -or (Test-Path "$DriveLetter\sources\install.wim") -eq $false) { + if ((Test-Path "$DriveLetter\sources\install.esd") -eq $true) { + Add-Log "Found install.esd, converting to install.wim..." + $ImageIndexComboBox.Items = Get-WindowsImage -ImagePath $DriveLetter\sources\install.esd + Add-Log "Please select the image index" + Add-Log ' ' + Add-Log 'Converting install.esd to install.wim. This may take a while...' + Export-WindowsImage -SourceImagePath $DriveLetter\sources\install.esd -SourceIndex $index -DestinationImagePath $ScratchDisk\tiny11\sources\install.wim -Compressiontype Maximum -CheckIntegrity + } else { + Add-Log "Can't find Windows OS Installation files in the specified Drive Letter.." + Add-Log "Please enter the correct DVD Drive Letter.." + exit + } +} +Add-Log "Copying Windows image..." +Copy-Item -Path "$DriveLetter\*" -Destination "$ScratchDisk\tiny11" -Recurse -Force | Out-Null +Set-ItemProperty -Path "$ScratchDisk\tiny11\sources\install.esd" -Name IsReadOnly -Value $false > $null 2>&1 +Remove-Item "$ScratchDisk\tiny11\sources\install.esd" > $null 2>&1 +Add-Log "Copy complete!" +Start-Sleep -Seconds 2 +Add-Log "Getting image information:" +Get-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\install.wim +$index = $ImageIndexComboBox.SelectedItem +Add-Log "Mounting Windows image. This may take a while." +$wimFilePath = "$ScratchDisk\tiny11\sources\install.wim" +& takeown "/F" $wimFilePath +& icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)" +try { + Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false -ErrorAction Stop +} catch { + # This block will catch the error and suppress it. +} +New-Item -ItemType Directory -Force -Path "$ScratchDisk\scratchdir" > $null +Mount-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\install.wim -Index $index -Path $ScratchDisk\scratchdir + +$imageIntl = & dism /English /Get-Intl "/Image:$($ScratchDisk)\scratchdir" +$languageLine = $imageIntl -split '\n' | Where-Object { $_ -match 'Default system UI language : ([a-zA-Z]{2}-[a-zA-Z]{2})' } + +if ($languageLine) { + $languageCode = $Matches[1] + Add-Log "Default system UI language code: $languageCode" +} else { + Add-Log "Default system UI language code not found." +} + +$imageInfo = & 'dism' '/English' '/Get-WimInfo' "/wimFile:$($ScratchDisk)\tiny11\sources\install.wim" "/index:$index" +$lines = $imageInfo -split '\r?\n' + +foreach ($line in $lines) { + if ($line -like '*Architecture : *') { + $architecture = $line -replace 'Architecture : ','' + # If the architecture is x64, replace it with amd64 + if ($architecture -eq 'x64') { + $architecture = 'amd64' + } + Add-Log "Architecture: $architecture" + break + } +} + +if (-not $architecture) { + Add-Log "Architecture information not found." +} + +Add-Log "Mounting complete! Performing removal of applications..." + +$packages = & 'dism' '/English' "/image:$($ScratchDisk)\scratchdir" '/Get-ProvisionedAppxPackages' | + ForEach-Object { + if ($_ -match 'PackageName : (.*)') { + $matches[1] + } + } +$packagePrefixes = 'Clipchamp.Clipchamp_', 'Microsoft.BingNews_', 'Microsoft.BingWeather_', 'Microsoft.GamingApp_', 'Microsoft.GetHelp_', 'Microsoft.Getstarted_', 'Microsoft.MicrosoftOfficeHub_', 'Microsoft.MicrosoftSolitaireCollection_', 'Microsoft.People_', 'Microsoft.PowerAutomateDesktop_', 'Microsoft.Todos_', 'Microsoft.WindowsAlarms_', 'microsoft.windowscommunicationsapps_', 'Microsoft.WindowsFeedbackHub_', 'Microsoft.WindowsMaps_', 'Microsoft.WindowsSoundRecorder_', 'Microsoft.Xbox.TCUI_', 'Microsoft.XboxGamingOverlay_', 'Microsoft.XboxGameOverlay_', 'Microsoft.XboxSpeechToTextOverlay_', 'Microsoft.YourPhone_', 'Microsoft.ZuneMusic_', 'Microsoft.ZuneVideo_', 'MicrosoftCorporationII.MicrosoftFamily_', 'MicrosoftCorporationII.QuickAssist_', 'MicrosoftTeams_', 'Microsoft.549981C3F5F10_' + +$packagesToRemove = $packages | Where-Object { + $packageName = $_ + $packagePrefixes -contains ($packagePrefixes | Where-Object { $packageName -like "$_*" }) +} +foreach ($package in $packagesToRemove) { + & 'dism' '/English' "/image:$($ScratchDisk)\scratchdir" '/Remove-ProvisionedAppxPackage' "/PackageName:$package" +} + + +Add-Log "Removing Edge:" +Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\Edge" -Recurse -Force | Out-Null +Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\EdgeUpdate" -Recurse -Force | Out-Null +Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\EdgeCore" -Recurse -Force | Out-Null +if ($architecture -eq 'amd64') { + $folderPath = Get-ChildItem -Path "$ScratchDisk\scratchdir\Windows\WinSxS" -Filter "amd64_microsoft-edge-webview_31bf3856ad364e35*" -Directory | Select-Object -ExpandProperty FullName + + if ($folderPath) { + & 'takeown' '/f' $folderPath '/r' | Out-Null + & icacls $folderPath "/grant" "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null + Remove-Item -Path $folderPath -Recurse -Force | Out-Null + } else { + Add-Log "Folder not found." + } +} elseif ($architecture -eq 'arm64') { + $folderPath = Get-ChildItem -Path "$ScratchDisk\scratchdir\Windows\WinSxS" -Filter "arm64_microsoft-edge-webview_31bf3856ad364e35*" -Directory | Select-Object -ExpandProperty FullName | Out-Null + + if ($folderPath) { + & 'takeown' '/f' $folderPath '/r'| Out-Null + & icacls $folderPath "/grant" "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null + Remove-Item -Path $folderPath -Recurse -Force | Out-Null + } else { + Add-Log "Folder not found." + } +} else { + Add-Log "Unknown architecture: $architecture" +} +& 'takeown' '/f' "$ScratchDisk\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/r' | Out-Null +& 'icacls' "$ScratchDisk\scratchdir\Windows\System32\Microsoft-Edge-Webview" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null +Remove-Item -Path "$ScratchDisk\scratchdir\Windows\System32\Microsoft-Edge-Webview" -Recurse -Force | Out-Null +Add-Log "Removing OneDrive:" +& 'takeown' '/f' "$ScratchDisk\scratchdir\Windows\System32\OneDriveSetup.exe" | Out-Null +& 'icacls' "$ScratchDisk\scratchdir\Windows\System32\OneDriveSetup.exe" '/grant' "$($adminGroup.Value):(F)" '/T' '/C' | Out-Null +Remove-Item -Path "$ScratchDisk\scratchdir\Windows\System32\OneDriveSetup.exe" -Force | Out-Null +Add-Log "Removal complete!" +Start-Sleep -Seconds 2 +Clear-Host +Add-Log "Loading registry..." +reg load HKLM\zCOMPONENTS $ScratchDisk\scratchdir\Windows\System32\config\COMPONENTS | Out-Null +reg load HKLM\zDEFAULT $ScratchDisk\scratchdir\Windows\System32\config\default | Out-Null +reg load HKLM\zNTUSER $ScratchDisk\scratchdir\Users\Default\ntuser.dat | Out-Null +reg load HKLM\zSOFTWARE $ScratchDisk\scratchdir\Windows\System32\config\SOFTWARE | Out-Null +reg load HKLM\zSYSTEM $ScratchDisk\scratchdir\Windows\System32\config\SYSTEM | Out-Null +Add-Log "Bypassing system requirements(on the system image):" +& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +Add-Log "Disabling Sponsored Apps:" +& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableWindowsConsumerFeatures' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\PolicyManager\current\device\Start' '/v' 'ConfigureStartPins' '/t' 'REG_SZ' '/d' '{"pinnedList": [{}]}' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'ContentDeliveryAllowed' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'FeatureManagementEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'OemPreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'PreInstalledAppsEverEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SilentInstalledAppsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SoftLandingEnabled' '/t' 'REG_DWORD' '/d' '0' '/f'| Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-310093Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338388Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338389Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-338393Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353694Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContent-353696Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SubscribedContentEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' '/v' 'SystemPaneSuggestionsEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\PushToInstall' '/v' 'DisablePushToInstall' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\MRT' '/v' 'DontOfferThroughWUAU' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions' '/f' | Out-Null +& 'reg' 'delete' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\SuggestedApps' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableConsumerAccountStateContent' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\CloudContent' '/v' 'DisableCloudOptimizedContent' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +Add-Log "Enabling Local Accounts on OOBE:" +& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' '/v' 'BypassNRO' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +Copy-Item -Path "$PSScriptRoot\autounattend.xml" -Destination "$ScratchDisk\scratchdir\Windows\System32\Sysprep\autounattend.xml" -Force | Out-Null +Add-Log "Disabling Reserved Storage:" +& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager' '/v' 'ShippedWithReserves' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +Add-Log "Disabling BitLocker Device Encryption" +& 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Control\BitLocker' '/v' 'PreventDeviceEncryption' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +Add-Log "Disabling Chat icon:" +& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\Windows Chat' '/v' 'ChatIcon' '/t' 'REG_DWORD' '/d' '3' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' '/v' 'TaskbarMn' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +Add-Log "Removing Edge related registries" +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /f | Out-Null +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update" /f | Out-Null +Add-Log "Disabling OneDrive folder backup" +& 'reg' 'add' "HKLM\zSOFTWARE\Policies\Microsoft\Windows\OneDrive" '/v' 'DisableFileSyncNGSC' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +Add-Log "Disabling Telemetry:" +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy' '/v' 'TailoredExperiencesWithDiagnosticDataEnabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy' '/v' 'HasAccepted' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Input\TIPC' '/v' 'Enabled' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitInkCollection' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization' '/v' 'RestrictImplicitTextCollection' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\InputPersonalization\TrainedDataStore' '/v' 'HarvestContacts' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' '/v' 'AcceptedPrivacyPolicy' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' '/v' 'AllowTelemetry' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f' | Out-Null +## Prevents installation or DevHome and Outlook +Add-Log "Prevents installation or DevHome and Outlook:" +& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\OutlookUpdate' '/v' 'workCompleted' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\DevHomeUpdate' '/v' 'workCompleted' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'delete' 'HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate' '/f' | Out-Null +& 'reg' 'delete' 'HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate' '/f' | Out-Null + +## this function allows PowerShell to take ownership of the Scheduled Tasks registry key from TrustedInstaller. Based on Jose Espitia's script. +function Enable-Privilege { + param( + [ValidateSet( + "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", + "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege", + "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege", + "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege", + "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", + "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege", + "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege", + "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege", + "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", + "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", + "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")] + $Privilege, + ## The process on which to adjust the privilege. Defaults to the current process. + $ProcessId = $pid, + ## Switch to disable the privilege, rather than enable it. + [Switch] $Disable + ) + $definition = @' + using System; + using System.Runtime.InteropServices; + + public class AdjPriv + { + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, + ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); + + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); + [DllImport("advapi32.dll", SetLastError = true)] + internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); + [StructLayout(LayoutKind.Sequential, Pack = 1)] + internal struct TokPriv1Luid + { + public int Count; + public long Luid; + public int Attr; + } + + internal const int SE_PRIVILEGE_ENABLED = 0x00000002; + internal const int SE_PRIVILEGE_DISABLED = 0x00000000; + internal const int TOKEN_QUERY = 0x00000008; + internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; + public static bool EnablePrivilege(long processHandle, string privilege, bool disable) + { + bool retVal; + TokPriv1Luid tp; + IntPtr hproc = new IntPtr(processHandle); + IntPtr htok = IntPtr.Zero; + retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); + tp.Count = 1; + tp.Luid = 0; + if(disable) + { + tp.Attr = SE_PRIVILEGE_DISABLED; + } + else + { + tp.Attr = SE_PRIVILEGE_ENABLED; + } + retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); + retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); + return retVal; + } + } +'@ + + $processHandle = (Get-Process -id $ProcessId).Handle + $type = Add-Type $definition -PassThru + $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable) +} + +Enable-Privilege SeTakeOwnershipPrivilege + +$regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) +$regACL = $regKey.GetAccessControl() +$regACL.SetOwner($adminGroup) +$regKey.SetAccessControl($regACL) +$regKey.Close() +Add-Log "Owner changed to Administrators." +$regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) +$regACL = $regKey.GetAccessControl() +$regRule = New-Object System.Security.AccessControl.RegistryAccessRule ($adminGroup,"FullControl","ContainerInherit","None","Allow") +$regACL.SetAccessRule($regRule) +$regKey.SetAccessControl($regACL) +Add-Log "Permissions modified for Administrators group." +Add-Log "Registry key permissions successfully updated." +$regKey.Close() + +Add-Log 'Deleting Application Compatibility Appraiser' +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0600DD45-FAF2-4131-A006-0B17509B9F78}" /f | Out-Null +Add-Log 'Deleting Customer Experience Improvement Program' +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81}" /f | Out-Null +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FAC31FA-4A85-4E64-BFD5-2154FF4594B3}" /f | Out-Null +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC931F16-B50A-472E-B061-B6F79A71EF59}" /f | Out-Null +Add-Log 'Deleting Program Data Updater' +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0671EB05-7D95-4153-A32B-1426B9FE61DB}" /f | Out-Null +Add-Log 'Deleting autochk proxy' +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87BF85F4-2CE1-4160-96EA-52F554AA28A2}" /f | Out-Null +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A9C643C-3D74-4099-B6BD-9C6D170898B1}" /f | Out-Null +Add-Log 'Deleting QueueReporting' +reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3176A65-4E44-4ED3-AA73-3283660ACB9C}" /f | Out-Null +Add-Log "Tweaking complete!" +Add-Log "Unmounting Registry..." +$regKey.Close() +reg unload HKLM\zCOMPONENTS | Out-Null +reg unload HKLM\zDRIVERS | Out-Null +reg unload HKLM\zDEFAULT | Out-Null +reg unload HKLM\zNTUSER | Out-Null +reg unload HKLM\zSCHEMA | Out-Null +reg unload HKLM\zSOFTWARE +reg unload HKLM\zSYSTEM | Out-Null +Add-Log "Cleaning up image..." +Repair-WindowsImage -Path $ScratchDisk\scratchdir -StartComponentCleanup -ResetBase +Add-Log "Cleanup complete." +Add-Log ' ' +Add-Log "Unmounting image..." +Dismount-WindowsImage -Path $ScratchDisk\scratchdir -Save +Add-Log "Exporting image..." +# Compressiontype Recovery is not supported with PShell https://learn.microsoft.com/en-us/powershell/module/dism/export-windowsimage?view=windowsserver2022-ps#-compressiontype +Export-WindowsImage -SourceImagePath $ScratchDisk\tiny11\sources\install.wim -SourceIndex $index -DestinationImagePath $ScratchDisk\tiny11\sources\install2.wim -CompressionType Fast +Remove-Item -Path "$ScratchDisk\tiny11\sources\install.wim" -Force | Out-Null +Rename-Item -Path "$ScratchDisk\tiny11\sources\install2.wim" -NewName "install.wim" | Out-Null +Add-Log "Windows image completed. Continuing with boot.wim." +Start-Sleep -Seconds 2 +Clear-Host +Add-Log "Mounting boot image:" +$wimFilePath = "$ScratchDisk\tiny11\sources\boot.wim" +& takeown "/F" $wimFilePath | Out-Null +& icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)" +Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false +Mount-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\boot.wim -Index 2 -Path $ScratchDisk\scratchdir +Add-Log "Loading registry..." +reg load HKLM\zCOMPONENTS $ScratchDisk\scratchdir\Windows\System32\config\COMPONENTS +reg load HKLM\zDEFAULT $ScratchDisk\scratchdir\Windows\System32\config\default +reg load HKLM\zNTUSER $ScratchDisk\scratchdir\Users\Default\ntuser.dat +reg load HKLM\zSOFTWARE $ScratchDisk\scratchdir\Windows\System32\config\SOFTWARE +reg load HKLM\zSYSTEM $ScratchDisk\scratchdir\Windows\System32\config\SYSTEM +Add-Log "Bypassing system requirements(on the setup image):" +& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zDEFAULT\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV1' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zNTUSER\Control Panel\UnsupportedHardwareNotificationCache' '/v' 'SV2' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassCPUCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassRAMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassSecureBootCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassStorageCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\LabConfig' '/v' 'BypassTPMCheck' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +& 'reg' 'add' 'HKLM\zSYSTEM\Setup\MoSetup' '/v' 'AllowUpgradesWithUnsupportedTPMOrCPU' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null +Add-Log "Tweaking complete!" +Add-Log "Unmounting Registry..." +$regKey.Close() +reg unload HKLM\zCOMPONENTS | Out-Null +reg unload HKLM\zDRIVERS | Out-Null +reg unload HKLM\zDEFAULT | Out-Null +reg unload HKLM\zNTUSER | Out-Null +reg unload HKLM\zSCHEMA | Out-Null +$regKey.Close() +reg unload HKLM\zSOFTWARE +reg unload HKLM\zSYSTEM | Out-Null +Add-Log "Unmounting image..." +Dismount-WindowsImage -Path $ScratchDisk\scratchdir -Save +Clear-Host +Add-Log "The tiny11 image is now completed. Proceeding with the making of the ISO..." +Add-Log "Copying unattended file for bypassing MS account on OOBE..." +Copy-Item -Path "$PSScriptRoot\autounattend.xml" -Destination "$ScratchDisk\tiny11\autounattend.xml" -Force | Out-Null +Add-Log "Creating ISO image..." +$ADKDepTools = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\$hostarchitecture\Oscdimg" +$localOSCDIMGPath = "$PSScriptRoot\oscdimg.exe" + +if ([System.IO.Directory]::Exists($ADKDepTools)) { + Add-Log "Will be using oscdimg.exe from system ADK." + $OSCDIMG = "$ADKDepTools\oscdimg.exe" +} else { + Add-Log "ADK folder not found. Will be using bundled oscdimg.exe." + + $url = "https://msdl.microsoft.com/download/symbols/oscdimg.exe/3D44737265000/oscdimg.exe" + + if (-not (Test-Path -Path $localOSCDIMGPath)) { + Add-Log "Downloading oscdimg.exe..." + Invoke-WebRequest -Uri $url -OutFile $localOSCDIMGPath + + if (Test-Path $localOSCDIMGPath) { + Add-Log "oscdimg.exe downloaded successfully." + } else { + Write-Error "Failed to download oscdimg.exe." + exit 1 + } + } else { + Add-Log "oscdimg.exe already exists locally." + } + + $OSCDIMG = $localOSCDIMGPath +} + +& "$OSCDIMG" '-m' '-o' '-u2' '-udfver102' "-bootdata:2#p0,e,b$ScratchDisk\tiny11\boot\etfsboot.com#pEF,e,b$ScratchDisk\tiny11\efi\microsoft\boot\efisys.bin" "$ScratchDisk\tiny11" "$PSScriptRoot\tiny11.iso" + +# Finishing up +Add-Log "Creation completed! Press any key to exit the script..." +[System.Windows.Forms.MessageBox]::Show("Process completed successfully.", "Completion", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information) +Add-Log "Performing Cleanup..." +Remove-Item -Path "$ScratchDisk\tiny11" -Recurse -Force | Out-Null +Remove-Item -Path "$ScratchDisk\scratchdir" -Recurse -Force | Out-Null +Add-Log "Cleanup complete!" + +exit +}) + +# Logs Label +$LogsLabel = New-Object System.Windows.Forms.Label +$LogsLabel.Text = "Logs:" +$LogsLabel.Font = New-Object System.Drawing.Font('Consolas', 12) +$LogsLabel.Location = New-Object System.Drawing.Point(20, 180) +$LogsLabel.AutoSize = $true + +# Logs TextBox +$LogsTextBox = New-Object System.Windows.Forms.TextBox +$LogsTextBox.Multiline = $true +$LogsTextBox.ScrollBars = 'Vertical' +$LogsTextBox.Location = New-Object System.Drawing.Point(20, 210) +$LogsTextBox.Width = 550 +$LogsTextBox.Height = 180 +$LogsTextBox.ReadOnly = $true +Add-Log "main_form.Controls loaded..." + +# Adding Controls to Form +$main_form.Controls.Add($TitleLabel) +$main_form.Controls.Add($IsoTextBox) +$main_form.Controls.Add($ChooseButton) +$main_form.Controls.Add($MountButton) +$main_form.Controls.Add($DriveLabel) +$main_form.Controls.Add($DriveComboBox) +$main_form.Controls.Add($ImageIndexLabel) +$main_form.Controls.Add($ImageIndexComboBox) +$main_form.Controls.Add($LogsLabel) +$main_form.Controls.Add($LogsTextBox) +$main_form.Controls.Add($StartButton) + +# Show Form +$main_form.ShowDialog()