From 79ee9db8fe89f4ce78adfd0f644c99e82bc97ead Mon Sep 17 00:00:00 2001 From: Gabi <182965942+GabiNun@users.noreply.github.com> Date: Thu, 8 Jan 2026 21:04:36 +0200 Subject: [PATCH] Update-Updates-Tab (#3833) * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdefault.ps1 --- functions/public/Invoke-WPFUpdatesdefault.ps1 | 162 ++++-------------- functions/public/Invoke-WPFUpdatesdisable.ps1 | 133 +++----------- .../public/Invoke-WPFUpdatessecurity.ps1 | 64 ++++--- 3 files changed, 88 insertions(+), 271 deletions(-) diff --git a/functions/public/Invoke-WPFUpdatesdefault.ps1 b/functions/public/Invoke-WPFUpdatesdefault.ps1 index 68f99caf..5a8ac069 100644 --- a/functions/public/Invoke-WPFUpdatesdefault.ps1 +++ b/functions/public/Invoke-WPFUpdatesdefault.ps1 @@ -5,149 +5,51 @@ function Invoke-WPFUpdatesdefault { Resets Windows Update settings to default #> + $ErrorActionPreference = 'SilentlyContinue' - Write-Host "Restoring Windows Update registry settings..." -ForegroundColor Yellow + Write-Host "Removing Windows Update policy settings..." -ForegroundColor Green - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -Type DWord -Value 0 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Type DWord -Value 3 - If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config")) { - New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1 + Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Recurse -Force + Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Recurse -Force + Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Recurse -Force + Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Recurse -Force + Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Recurse -Force + Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Recurse -Force - # Reset WaaSMedicSvc registry settings to defaults - Write-Host "Restoring WaaSMedicSvc settings..." -ForegroundColor Yellow - Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "Start" -Type DWord -Value 3 -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "FailureActions" -ErrorAction SilentlyContinue + Write-Host "Reenabling Windows Update Services..." -ForegroundColor Green - # Restore update services to their default state - Write-Host "Restoring update services..." -ForegroundColor Yellow + Write-Host "Restored BITS to Manual" + Set-Service -Name BITS -StartupType Manual - $services = @( - @{Name = "BITS"; StartupType = "Manual"}, - @{Name = "wuauserv"; StartupType = "Manual"}, - @{Name = "UsoSvc"; StartupType = "Automatic"}, - @{Name = "uhssvc"; StartupType = "Disabled"}, - @{Name = "WaaSMedicSvc"; StartupType = "Manual"} - ) + Write-Host "Restored wuauserv to Manual" + Set-Service -Name wuauserv -StartupType Manual - foreach ($service in $services) { - try { - Write-Host "Restoring $($service.Name) to $($service.StartupType)..." - $serviceObj = Get-Service -Name $service.Name -ErrorAction SilentlyContinue - if ($serviceObj) { - Set-Service -Name $service.Name -StartupType $service.StartupType -ErrorAction SilentlyContinue + Write-Host "Restored UsoSvc to Automatic" + Set-Service -Name UsoSvc -StartupType Automatic - # Reset failure actions to default using sc command - Start-Process -FilePath "sc.exe" -ArgumentList "failure `"$($service.Name)`" reset= 86400 actions= restart/60000/restart/60000/restart/60000" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + Write-Host "Restored WaaSMedicSvc to Manual" + Set-Service -Name WaaSMedicSvc -StartupType Manual - # Start the service if it should be running - if ($service.StartupType -eq "Automatic") { - Start-Service -Name $service.Name -ErrorAction SilentlyContinue - } - } - } - catch { - Write-Host "Warning: Could not restore service $($service.Name) - $($_.Exception.Message)" -ForegroundColor Yellow - } - } + Write-Host "Enabling update related scheduled tasks..." -ForegroundColor Green - # Restore renamed DLLs if they exist - Write-Host "Restoring renamed update service DLLs..." -ForegroundColor Yellow - - $dlls = @("WaaSMedicSvc", "wuaueng") - - foreach ($dll in $dlls) { - $dllPath = "C:\Windows\System32\$dll.dll" - $backupPath = "C:\Windows\System32\${dll}_BAK.dll" - - if ((Test-Path $backupPath) -and !(Test-Path $dllPath)) { - try { - # Take ownership of backup file - Start-Process -FilePath "takeown.exe" -ArgumentList "/f `"$backupPath`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - - # Grant full control to everyone - Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /grant *S-1-1-0:F" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - - # Rename back to original - Rename-Item -Path $backupPath -NewName "$dll.dll" -ErrorAction SilentlyContinue - Write-Host "Restored ${dll}_BAK.dll to $dll.dll" - - # Restore ownership to TrustedInstaller - Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /setowner `"NT SERVICE\TrustedInstaller`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /remove *S-1-1-0" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - } - catch { - Write-Host "Warning: Could not restore $dll.dll - $($_.Exception.Message)" -ForegroundColor Yellow - } - } - } - - # Enable update related scheduled tasks - Write-Host "Enabling update related scheduled tasks..." -ForegroundColor Yellow - - $taskPaths = @( - '\Microsoft\Windows\InstallService\*' - '\Microsoft\Windows\UpdateOrchestrator\*' - '\Microsoft\Windows\UpdateAssistant\*' - '\Microsoft\Windows\WaaSMedic\*' - '\Microsoft\Windows\WindowsUpdate\*' + $Tasks = + '\Microsoft\Windows\InstallService\*', + '\Microsoft\Windows\UpdateOrchestrator\*', + '\Microsoft\Windows\UpdateAssistant\*', + '\Microsoft\Windows\WaaSMedic\*', + '\Microsoft\Windows\WindowsUpdate\*', '\Microsoft\WindowsUpdate\*' - ) - foreach ($taskPath in $taskPaths) { - try { - $tasks = Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue - foreach ($task in $tasks) { - Enable-ScheduledTask -TaskName $task.TaskName -TaskPath $task.TaskPath -ErrorAction SilentlyContinue - Write-Host "Enabled task: $($task.TaskName)" - } - } - catch { - Write-Host "Warning: Could not enable tasks in path $taskPath - $($_.Exception.Message)" -ForegroundColor Yellow - } + foreach ($Task in $Tasks) { + Get-ScheduledTask -TaskPath $Task | Enable-ScheduledTask -ErrorAction SilentlyContinue } - Write-Host "Enabling driver offering through Windows Update..." - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -ErrorAction SilentlyContinue - Write-Host "Enabling Windows Update automatic restart..." - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -ErrorAction SilentlyContinue - Write-Host "Enabled driver offering through Windows Update" - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "BranchReadinessLevel" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferFeatureUpdatesPeriodInDays" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferQualityUpdatesPeriodInDays" -ErrorAction SilentlyContinue + Write-Host "Windows Local Policies Reset to Default" + secedit /configure /cfg "$Env:SystemRoot\inf\defltbase.inf" /db defltbase.sdb - Write-Host "===================================================" - Write-Host "--- Windows Update Settings Reset to Default ---" - Write-Host "===================================================" + Write-Host "===================================================" -ForegroundColor Green + Write-Host "--- Windows Update Settings Reset to Default ---" -ForegroundColor Green + Write-Host "===================================================" -ForegroundColor Green - Start-Process -FilePath "secedit" -ArgumentList "/configure /cfg $env:windir\inf\defltbase.inf /db defltbase.sdb /verbose" -Wait - Start-Process -FilePath "cmd.exe" -ArgumentList "/c RD /S /Q $env:WinDir\System32\GroupPolicyUsers" -Wait - Start-Process -FilePath "cmd.exe" -ArgumentList "/c RD /S /Q $env:WinDir\System32\GroupPolicy" -Wait - Start-Process -FilePath "gpupdate" -ArgumentList "/force" -Wait - Remove-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKCU:\Software\Microsoft\WindowsSelfHost" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKCU:\Software\Policies" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKLM:\Software\Microsoft\Policies" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKLM:\Software\Microsoft\WindowsSelfHost" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKLM:\Software\Policies" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Policies" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" -Recurse -Force -ErrorAction SilentlyContinue - - Write-Host "===================================================" - Write-Host "--- Windows Local Policies Reset to Default ---" - Write-Host "===================================================" - - Write-Host "Note: A system restart may be required for all changes to take full effect." -ForegroundColor Yellow + Write-Host "Note: You must restart your system in order for all changes to take effect." -ForegroundColor Yellow } diff --git a/functions/public/Invoke-WPFUpdatesdisable.ps1 b/functions/public/Invoke-WPFUpdatesdisable.ps1 index 83d81586..56633369 100644 --- a/functions/public/Invoke-WPFUpdatesdisable.ps1 +++ b/functions/public/Invoke-WPFUpdatesdisable.ps1 @@ -6,130 +6,51 @@ function Invoke-WPFUpdatesdisable { .NOTES Disabling Windows Update is not recommended. This is only for advanced users who know what they are doing. - This function requires administrator privileges and will attempt to run as SYSTEM for certain operations. #> + $ErrorActionPreference = 'SilentlyContinue' Write-Host "Configuring registry settings..." -ForegroundColor Yellow + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null - } Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -Type DWord -Value 1 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Type DWord -Value 1 - If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config")) { - New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Force | Out-Null - } + New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Force Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 0 - # Additional registry settings - Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "Start" -Type DWord -Value 4 -ErrorAction SilentlyContinue - $failureActions = [byte[]](0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x14,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xc0,0xd4,0x01,0x00,0x00,0x00,0x00,0x00,0xe0,0x93,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) - Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "FailureActions" -Type Binary -Value $failureActions -ErrorAction SilentlyContinue + Write-Host "Disabled BITS Service" + Set-Service -Name BITS -StartupType Disabled - # Disable and stop update related services - Write-Host "Disabling update services..." -ForegroundColor Yellow + Write-Host "Disabled wuauserv Service" + Set-Service -Name wuauserv -StartupType Disabled + + Write-Host "Disabled UsoSvc Service" + Set-Service -Name UsoSvc -StartupType Disabled + + Write-Host "Disabled WaaSMedicSvc Service" + Set-Service -Name WaaSMedicSvc -StartupType Disabled - $services = @( - "BITS" - "wuauserv" - "UsoSvc" - "uhssvc" - "WaaSMedicSvc" - ) + Remove-Item "C:\Windows\SoftwareDistribution\*" -Recurse -Force + Write-Host "Cleared SoftwareDistribution folder" - foreach ($service in $services) { - try { - Write-Host "Stopping and disabling $service..." - $serviceObj = Get-Service -Name $service -ErrorAction SilentlyContinue - if ($serviceObj) { - Stop-Service -Name $service -Force -ErrorAction SilentlyContinue - Set-Service -Name $service -StartupType Disabled -ErrorAction SilentlyContinue - - # Set failure actions to nothing using sc command - Start-Process -FilePath "sc.exe" -ArgumentList "failure `"$service`" reset= 0 actions= `"`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - } - } - catch { - Write-Host "Warning: Could not process service $service - $($_.Exception.Message)" -ForegroundColor Yellow - } - } - - # Rename critical update service DLLs (requires SYSTEM privileges) - Write-Host "Attempting to rename critical update service DLLs..." -ForegroundColor Yellow - - $dlls = @("WaaSMedicSvc", "wuaueng") - - foreach ($dll in $dlls) { - $dllPath = "C:\Windows\System32\$dll.dll" - $backupPath = "C:\Windows\System32\${dll}_BAK.dll" - - if (Test-Path $dllPath) { - try { - # Take ownership - Start-Process -FilePath "takeown.exe" -ArgumentList "/f `"$dllPath`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - - # Grant full control to everyone - Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /grant *S-1-1-0:F" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - - # Rename file - if (!(Test-Path $backupPath)) { - Rename-Item -Path $dllPath -NewName "${dll}_BAK.dll" -ErrorAction SilentlyContinue - Write-Host "Renamed $dll.dll to ${dll}_BAK.dll" - - # Restore ownership to TrustedInstaller - Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /setowner `"NT SERVICE\TrustedInstaller`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /remove *S-1-1-0" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue - } - } - catch { - Write-Host "Warning: Could not rename $dll.dll - $($_.Exception.Message)" -ForegroundColor Yellow - } - } - } - - # Delete downloaded update files - Write-Host "Cleaning up downloaded update files..." -ForegroundColor Yellow - - try { - $softwareDistPath = "C:\Windows\SoftwareDistribution" - if (Test-Path $softwareDistPath) { - Get-ChildItem -Path $softwareDistPath -Recurse -Force | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue - Write-Host "Cleared SoftwareDistribution folder" - } - } - catch { - Write-Host "Warning: Could not fully clear SoftwareDistribution folder - $($_.Exception.Message)" -ForegroundColor Yellow - } - - # Disable update related scheduled tasks Write-Host "Disabling update related scheduled tasks..." -ForegroundColor Yellow - $taskPaths = @( - '\Microsoft\Windows\InstallService\*' - '\Microsoft\Windows\UpdateOrchestrator\*' - '\Microsoft\Windows\UpdateAssistant\*' - '\Microsoft\Windows\WaaSMedic\*' - '\Microsoft\Windows\WindowsUpdate\*' + $Tasks = + '\Microsoft\Windows\InstallService\*', + '\Microsoft\Windows\UpdateOrchestrator\*', + '\Microsoft\Windows\UpdateAssistant\*', + '\Microsoft\Windows\WaaSMedic\*', + '\Microsoft\Windows\WindowsUpdate\*', '\Microsoft\WindowsUpdate\*' - ) - foreach ($taskPath in $taskPaths) { - try { - $tasks = Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue - foreach ($task in $tasks) { - Disable-ScheduledTask -TaskName $task.TaskName -TaskPath $task.TaskPath -ErrorAction SilentlyContinue - Write-Host "Disabled task: $($task.TaskName)" - } - } - catch { - Write-Host "Warning: Could not disable tasks in path $taskPath - $($_.Exception.Message)" -ForegroundColor Yellow - } + foreach ($Task in $Tasks) { + Get-ScheduledTask -TaskPath $Task | Disable-ScheduledTask -ErrorAction SilentlyContinue } Write-Host "=================================" -ForegroundColor Green - Write-Host "--- Updates ARE DISABLED ---" -ForegroundColor Green - Write-Host "===================================" -ForegroundColor Green - Write-Host "Note: Some operations may require a system restart to take full effect." -ForegroundColor Yellow + Write-Host "--- Updates Are Disabled ---" -ForegroundColor Green + Write-Host "=================================" -ForegroundColor Green + + Write-Host "Note: You must restart your system in order for all changes to take effect." -ForegroundColor Yellow } diff --git a/functions/public/Invoke-WPFUpdatessecurity.ps1 b/functions/public/Invoke-WPFUpdatessecurity.ps1 index ed7fe937..63061895 100644 --- a/functions/public/Invoke-WPFUpdatessecurity.ps1 +++ b/functions/public/Invoke-WPFUpdatessecurity.ps1 @@ -12,42 +12,36 @@ function Invoke-WPFUpdatessecurity { 5. Defers quality updates for 4 days #> + Write-Host "Disabling driver offering through Windows Update..." - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -Type DWord -Value 1 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -Type DWord -Value 1 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -Type DWord -Value 1 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -Type DWord -Value 0 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -Type DWord -Value 1 - Write-Host "Disabling Windows Update automatic restart..." - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -Type DWord -Value 1 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -Type DWord -Value 0 - Write-Host "Disabled driver offering through Windows Update" - If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings")) { - New-Item -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "BranchReadinessLevel" -Type DWord -Value 20 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferFeatureUpdatesPeriodInDays" -Type DWord -Value 365 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferQualityUpdatesPeriodInDays" -Type DWord -Value 4 - $ButtonType = [System.Windows.MessageBoxButton]::OK - $MessageboxTitle = "Set Security Updates" - $Messageboxbody = ("Recommended Update settings loaded") - $MessageIcon = [System.Windows.MessageBoxImage]::Information + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Force + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -Type DWord -Value 1 - [System.Windows.MessageBox]::Show($Messageboxbody, $MessageboxTitle, $ButtonType, $MessageIcon) - Write-Host "=================================" - Write-Host "-- Updates Set to Recommended ---" - Write-Host "=================================" + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Force + + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -Type DWord -Value 1 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -Type DWord -Value 1 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -Type DWord -Value 0 + + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Force + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -Type DWord -Value 1 + + Write-Host "Setting cumulative updates back by 1 year and security updates by 4 days" + + New-Item -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Force + + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "BranchReadinessLevel" -Type DWord -Value 20 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferFeatureUpdatesPeriodInDays" -Type DWord -Value 365 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferQualityUpdatesPeriodInDays" -Type DWord -Value 4 + + Write-Host "Disabling Windows Update automatic restart..." + + New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -Type DWord -Value 1 + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -Type DWord -Value 0 + + Write-Host "=================================" + Write-Host "-- Updates Set to Recommended ---" + Write-Host "=================================" }