Windows 10 default settings
Scripts for Windows 10 default settings without sysprep audit mode. Some sysAdmins think AuditMode, Copy Profile, or Mandatory profiles is the shit; it is not! It is a antiquated, manual, time consuming, and clunky process. For example if you try and use AuditMode to make some of the changes in settings, sysprep will make about 20,000 additional lines in the file: C:\Users\Default\NTUSER.DAT, and increasing its size by 10X. The normal size is 256KB. In addition to that the time it takes to initially log onto the machine is increased due to bloated C:\Users\Default\AppData. This should be as SMALL as possible. for Example on a Fresh Windows 10 installed from an ISO from Microsoft the C:\Users\Default\AppData is only 163KB and 53 files. Administrator profile also adds additional bulk to your image. I have seen as much as 1 GIG in the users folder(s).
Editing the default profile directly
I have found that a lot of sysadmins do not know what this actually means. By editing the default profile directly you target each setting precisely, instead of some obscure unknown process which you really do not know how it works behind the scenes. That is how this method of editing the default profile directly works. Furthermore, you know every setting being applied to the machine, and it is the same every time you create an image with no guessing games on if you missed anything. You have documentation to give to end users, or technical support staff so they know exactly what settings are applied instead some vague, and/or non-existent list of applications, setting you apply, or forgot to apply in many cases during audit mode. Lastly, this method is fast as all machine setting literally only take a few seconds to apply with a script.
How it works
Listed under the :: Per user settings in the settings.cmd script is how this process works.
REG LOAD HKU\DefaultUser %SystemDrive%\Users\Default\NTUSER.DATOpens or loads the default hive, and gives it a name ofDefaultUser. If you open upregedit.exeand expand the keyHKEY_USERSyou will see that reflected. Any changes made under that will take effect for all user next new user login. You must unload it as well. There is nothing wrong with putting all your settings in once big script, just be sure you place all yourHKU\DefaultUsersettings within the load and unload section.
I would recommend to not activate the Administrator account as it could jack up your sysprep process and do not use copy profile setting in your unattend.xml file.
Below is a file list and what they do, which will explain the process a little better.
-
ActivateAdmin.cmd - Scripted to activate the built in Administrator account and an example of how to add an account. Not recommended before sysprep.
-
settings.cmd - Are the settings applied to the machine designed to replace sysprep Audit mode and copy profile mode as a way to effectively target individual settings. The hive modifications will take place upon the next NEW user login. Any preexisting profiles will not be effected. Listed under per user setting is how one edits the default profile directly. IMPORTANT: Line 39 sets Time Zone Information.
-
settings_Current_USER.cmd - An alternate to settings.cmd with a few changes to be run on current user logged in. If this is just a one off machine not being used by multiple people, or you do not want to modify the default hive just yet, this is your script. It is identical to the settings one without the default hive. hint: you can modify the per user settings for the default hive to add to the script to change with the current user as well if that is important. IMPORTANT: LIne 40 is TimeZone information.
-
Tweeks.au3 - AutoIT version that is designed to be compiled to an exe to replace the settings.cmd. This can be run at the end of the sysprep process when a machine is finished imaging. IMPORTANT: Line 116 sets TimeZone Information.
-
RemoveProvisionedApps.cmd - Designed to remove a lot of the bloat ware on the start menu AFTER a user logs in to the machine. This is good for a per user basis. I DO NOT RECCOMEND using this one as a start up script. Use the one below. It shows how to pull this process off as well.
-
ProvisionedApps_Removal.au3 - AUTOIT version that is designed to be compiled and ran as a delayed start up scrip on a per user basis. The timing is set to run 60 seconds after a person logs on to allow the profile to build itself. This compiled script is non-intrusive and will show no signs of running and will automatically exit when done. In its current iteration it will run upon every user login and uses very low resources and will not interfere with the startup or profile creation process.
-
AdditionalSettings.cmd - Mostly app permissions from the location Settings -> Privacy, however there is a performance tweak in that file too. It is very important to understand the
VisualFXSettingandUserPreferencesMasksetting as it controls the settings under:Right click this PC - properties - Advanced system Settings - Performance Settings. Most people might want want to changes these and just let windows manage it, however some want to optimize performance. -
Officetweaks.cmd - I moved these to a dedicated section here: https://gist.github.com/Carm01/0df027dd1ddc57dd3044ca87565a6194
-
I broke the lists into Privacy settings, Annoyances/Tweaks, performance, and most common to use in an area here ( https://gist.github.com/Carm01/3b83d78a0d99cc78ff1d46385ba68a13 ). This will eventually be moved to this to this repository to clean it up a bit. Please note that any tweeks to this main thread will be done there. Only things that are of higher importance will be made here. So please use that gist.github link for updates and tweeks to the code.
References: https://stealthpuppy.com/customize-the-windows-default-profile/#.XEfajs17mUm
https://github.com/Disassembler0/Win10-Initial-Setup-Script/blob/master/Win10.psm1