Hacker News new | ask | show | jobs
by oridecon 3401 days ago
> whereas Microsoft lets me to do whatever I want with my computers and my software.

Not in my experience. My Windows 10 automation/unscrew-up script alone is like 5 kloc. And I bet 70% of that script could be replaced if I had real control of the system, like dropping a .config file in some folder instead of having to find hidden settings with nonsensical names deep down the regedit hole. Another example, you have to use some stupid hacks to make sure there are no Flash DLLs in your pc. No matter what you do they always come back in some security update.
2 comments
snuxoll 3401 days ago
> And I bet 70% of that script could be replaced if I had real control of the system, like dropping a .config file in some folder instead of having to find hidden settings with nonsensical names deep down the regedit hole.

You should see my ansible playbooks for our Windows Server systems, I don't mind PowerShell per-se but it takes a lot more effort to get anything done compared to my CentOS systems where I can template a config file and be done with it.

I really hope our vendors start supporting .Net Core soon, the SDK for our ECM software is the only reason we're still stuck on the full framework and having to manage a bunch of Windows VM's for our integration software...

link
chadgeidel 3400 days ago
5000 lines for a fresh install? That's... a lot. Is that on github somewhere?
link
oridecon 3400 days ago
It's based on several scripts from Github. A lot of lines are just regex and lists (apps, services, tasks) of things to disable or remove.

I recommend you do your own script by choosing what you want from each type of script. I would release my script if I was sure it wouldn't break random people's computers, because IT WILL. I'm also running Windows 10 enterprise because I want as little telemetry and things shoved up my ass as possible.

Some Windows updates can change registry keys or disable certain policies. I monitor the commit log of other repos to know what I need to update, but they don't always cover everything. Feels like a lot of work but it's actually not.

Here's how I structured it:

- admin.ps1

--- admin-config.ps1 (policies, tweaks)

--- disable-services.ps1

--- remove-flash.ps1

--- ...

- user.ps1 calls

--- user-config.ps1

--- disable-gamedrv.ps1

--- disable-services.ps1

--- ...

Because if you're using a regular user account (like you should) you need to run 3 things:

- admin.ps1 as admin

- user.ps1 as admin

- user.ps1 as your regular user

I gave up on using runAs or any of the things recommended on stackoverflow, something always go wrong so it's easier to do it this way.

For a fresh install, I recommend that the first thing you do is update everything and let Windows install the 200 apps you don't want. Run the 3 things like I mentioned, reboot, run it again, reboot.

https://github.com/cluberti/VDI/blob/master/ConfigAsVDI.ps1 https://github.com/W4RH4WK/Debloat-Windows-10/ https://github.com/dfkt/win10-unfuck https://gist.github.com/sven212/5febf372aaa6e4cc1fda71ad9637...

My installation is months old and it runs like new even after heavy usage, hardware changes, tons of apps and games installed/uninstalled (this kills Windows 7). Just be careful what you remove, don't ever install ccleaner or any shit. All you need is sysinternals tools.

I'm too lazy to proof-read/make this shorter, hope it helps somebody.

link
chadgeidel 3400 days ago
Thank you for taking time to share this!
link