This program sets the default applications, sets the taskbar layout, and disables a few of the more decorative elements on the taskbar.
The script can be broken down into two parts - The functions which make changes to the HKLM and the functions which make changes to the HKCU. The latter functions perform the same registry actions as a few GPOs located in the Computer Configuration tab. The functions which make changes to the HKCU are bundled into a seperate script and run at first login.
The taskbar layout dictates the shortcuts which are pinned to the taskbar and this layout is defined by XML file. Within this program, the function responsible for creating the XML file is called create_taskbar_layout. It takes one argument, $taskbar_path which is the file location that the final XML file will be saved to. The function starts by generating the default StartLayout.xml which is the layout found in the Start window. This is accomplished by running
Export-StartLayout -UseDesktopApplicationID -Path $taskbar_path
After this file is generated, the function goes on to create, format, and append the neccesary XML nodes corresponding to the applications to be pinned.
The function responsible for making the required registry changes is called set_taskbar_layout that takes one argument $taskbar_path, which is the file path to the Taskbar layout XML file generated by create_taskbar_layout. The registry changes this function performs is:
- Create key
HKLM:\Software\Policies\Microsoft\Windows\Explorer - Create value in above key
LockedStartLayoutwith data DWORD 1 - Create value in above key
StartLayoutFilewith data ExpandString [$taskbar_path]
The GPO which this function is simulating is
- Computer Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout
Similar to the taskbar layout, the default applications can be defined in an XML file. Specifically, this file defines an association between file extension and the application to open files with that extension. Like the previous funtion, we first generate a default XML template with the following command
dism /online /Export-DefaultAppAssociations:$appassocs_path | Out-Null
This produces the current default application association file. The rest of the function serves only to edit the nodes using the applications defined in the global array $dalps, which contains the Desktop Application link paths for the desired default applications.
Unsimilar to the taskbar layout, automating default applications is far less trivial. Since Windows 8, when a user manually sets a default application, this creates a few values in the registry. At
HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\<extension>\UserChoice
there are the following registry values
- Hash: (REG_SZ) salted hash of the application created by propietary Microsoft hash algorithm
- ProgId: (REG_SZ) ID of application
The Hash value is what prevents users from being able to automate the task of setting their default applications. Used in the calculation of this hash is information which indicates whether the value was set manually by a user (through the Windows GUI) or by a script, and the values will be ignored if it was not set manually by a user.
The way around this is to use the following GPO:
Computer Configuration\Administrator Templates\Windows Components\File Explorer\Set a default associations configuration file
Within this GPO, an administrator supplies a path to the default application association XML file. There are two important conditions which must be met for this GPO to apply
- It applies only to a new user's first login.
- It applies only to users who login to a domain joined device.
Yet another snag is the fact that GPOs are not simply enabled and configured through PowerShell. However, GPOs ultimately are just APIs which control registry values. Microsoft has provided a document which lists all available GPOs and the registry values that underpin them. This presents an opening to how we can automate the default application. The registry key for the GPO is:
HKLM:\Software\Policies\Microsoft\Windows\System
and the key created is
DefaultAssociationsConfiguration
which is of type string and holds the file path to the application association xml file. Note: When the GPO is not configured or is disabled, the System folder does not exist.
The function responsible for making the necessary changes in the registry is called set_default_appassoc(). It takes one argument, appassoc_path, which is the file location the XML is saved to. The function creates the nessary keys and values in the HKLM and sets those values.
There are two other functions which make changes in the HKLM. disable_cortana and disable_search_highlights. The two following functions perform the same actions as the two following GPOs
- Computer Configuration > Administrative Templates > Windows Componenets > Search > Allow Cortana
- Computer Configuration > Administrative Templates > Windows Componenets > Search > Allow Search Highlights
The part of this program which makes a change to the CurrentUser Hive is done by dropping a script and having that script be run at first login. The function drop_taskbar_cleanup_script stores the actual script (which disables the Taskview button, News and events, Cortana Button, and Taskbar animations) in a string, then saves that string to a .ps1 file located at $script_path.
The remaining actions we must take on the Taskbar do not have GPOs in the Computer Configuration section in the same way that the previous changes did. The remaining actions can only be applied on the user level. For this applicaiton, we want the changes to apply to new users by the time they login.
In order to make it so this program need only be run once by an administrator, it performs the following steps:
- Drop the taskbar cleanup script in the Win32 folder.
- Load Defaul User Registry Hive
- Create String value containing path to the Taskbar cleanup script and add it to
HKU:\NEW_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
When a new user is created and logs in for the first time, this script should run and the changes it makes will be applied the next time the user logs in.
Both the main code and dropped script contain lines at their end which forces them to delete themselves after execution.