WIN10 Privacy script .ps1 (powershell)

1. # https://github.com/MichiMunich/Windows10-Privacy
2. Set-ExecutionPolicy Unrestricted
3. .\Windows10_Privacy.ps1
4.  
5. # Windows 10 privacy settings
6. # Michi Dönselmann
7. # Last change: 28.12.2016
8.  
9. # Execution examples:
10. # Enable privacy protection: powershell.exe -ExecutionPolicy Bypass "& '.\Windows10_Privacy.ps1 ' -enable:$true"
11. # Disable privacy protection: powershell.exe -ExecutionPolicy Bypass "& '.\Windows10_Privacy.ps1 ' -enable:$false"
12.  
13. # define script execution params. Default is false, so spying will stay enabled
14. param
15. (
16.     [bool]$enable = $false
17. )
18.  
19. #----------------------------------------------------------------------------------
20. # global variables. Change values here if needed
21.  
22. # variable for services
23. $services =  "diagtrack","dmwappushservice"
24. # variable for sheduled tasks
25. $tasks =  "Microsoft Compatibility Appraiser","ProgramDataUpdater","Consolidator","KernelCeipTask","UsbCeip"
26.  
27. #----------------------------------------------------------------------------------
28.  
29. # global error handling
30. # only show defined error messages
31. $ErrorActionPreference = "SilentlyContinue";
32. $error.Clear();
33.  
34. function errorhandling($message = $error[0].Exception.Message, $Code)
35. {
36.     # write execution Log to %tempp%
37.     $error | out-file -PSPath $env:temp\PowerShell_Execution_Error.log -Append;
38.     # on error just show content of Exeption.Message
39.     $message = "Error executing section $($code): " + $($message)
40.     write-warning $($message)
41.     # stop script on error
42.     read-host
43.     exit $code;
44. }
45.  
46. #----------------------------------------------------------------------------------
47. # get system architecture if it's needed for further actions
48. $arch = (Get-Process -Id $PID).StartInfo.EnvironmentVariables["PROCESSOR_ARCHITECTURE"];
49. if ($arch -eq "AMD64")
50. {
51.     $arch = "x64"
52. }
53. else
54. {
55.     $arch = "x86"
56. }
57.  
58. #----------------------------------------------------------------------------------
59. # check if script runs in admin context
60. if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
61.     [Security.Principal.WindowsBuiltInRole] "Administrator"))
62. {
63.     Write-Warning "You have to run this Script with elevated privileges"
64.     Write-Host "Press any key to exit the script"
65.     read-host
66.     exit 0;
67. }
68.  
69. #--------------------------------
70. #                               -
71. #   enable privacy protection   -
72. #                               -
73. #--------------------------------
74.  
75. if ($enable -eq "True")
76. {
77.  
78.     #----------------------------------------------------------------------------------
79.     # disable data collecting services
80.     foreach($a in $services)
81.     {
82.         set-service $a -startuptype disabled
83.  
84.         # errorhandling
85.         if ($error.Count -gt 0)
86.         {
87.             errorhandling -code 1;
88.         }  
89.     }
90.  
91.     #----------------------------------------------------------------------------------
92.     # disable telemetry (also possible with GPO)
93.     $path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection"
94.     New-Item -path $path -Force
95.     Set-ItemProperty -path $path -name AllowTelemetry -value "1"
96.        
97.     # errorhandling
98.     if ($error.Count -gt 0)
99.     {
100.         errorhandling -code 2;
101.     }
102.  
103.     #----------------------------------------------------------------------------------
104.     # disable update delivery optimization (also possible with GPO)
105.     $path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config"
106.     Set-ItemProperty -path $path -name DODownloadMode -value "0"
107.        
108.     # errorhandling
109.     if ($error.Count -gt 0)
110.     {
111.         errorhandling -code 3;
112.     }
113.        
114.     #----------------------------------------------------------------------------------
115.     # disable sheduled tasks
116.     foreach($a in $tasks)
117.     {
118.         $task = Get-ScheduledTask $a;
119.         Disable-ScheduledTask $task;
120.        
121.         # errorhandling
122.         if ($error.Count -gt 0)
123.         {
124.             errorhandling -code 4;
125.         }
126.     }
127.  
128.     #----------------------------------------------------------------------------------
129.     # disable OneDrive for file sync (also possible with GPO)
130.     $path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive"
131.     New-Item -path $path -Force
132.     Set-ItemProperty -path $path -name DisableFileSyncNGSC -value "1"
133.        
134.     # errorhandling
135.     if ($error.Count -gt 0)
136.     {
137.         errorhandling -code 5;
138.     }
139. }
140. else
141.  
142. #--------------------------------
143. #                               -
144. #   disable privacy protection  -
145. #                               -
146. #--------------------------------
147.  
148. {
149.     #----------------------------------------------------------------------------------
150.     # enable data collecting services
151.     foreach($a in $services)
152.     {
153.         set-service $a -startuptype automatic
154.  
155.         # errorhandling
156.         if ($error.Count -gt 0)
157.         {
158.             errorhandling -code 1;
159.         }  
160.     }
161.  
162.     #----------------------------------------------------------------------------------
163.     # enable telemetry (also possible with GPO)
164.     $path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection"
165.     Set-ItemProperty -path $path -name AllowTelemetry -value "2"
166.            
167.     # errorhandling
168.     if ($error.Count -gt 0)
169.     {
170.         errorhandling -code 2;
171.     }
172.    
173.     #----------------------------------------------------------------------------------
174.     # enable update delivery optimization (also possible with GPO)
175.     $path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config"
176.     Set-ItemProperty -path $path -name DODownloadMode -value "1"
177.        
178.     # errorhandling
179.     if ($error.Count -gt 0)
180.     {
181.         errorhandling -code 3;
182.     }
183.  
184.     #----------------------------------------------------------------------------------
185.     # enable sheduled tasks
186.     foreach($a in $tasks)
187.     {
188.         $task = Get-ScheduledTask $a;
189.         Enable-ScheduledTask $task;
190.        
191.         # errorhandling
192.         if ($error.Count -gt 0)
193.         {
194.             errorhandling -code 4;
195.         }
196.     }
197.    
198.     #----------------------------------------------------------------------------------
199.     # enable OneDrive for file sync (also possible with GPO)
200.     $path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive"
201.     Set-ItemProperty -path $path -name DisableFileSyncNGSC -value "0"
202.        
203.     # errorhandling
204.     if ($error.Count -gt 0)
205.     {
206.         errorhandling -code 5;
207.     }
208. }