Remove noise rows, implement powercfg + proxy, clean up Edge docs

01-bloatware: remove 'do not remove RDP/OneDrive' items from header
  (documenting what we don't do is noise)
web/spec step-01: remove two flag-warn rows

03-system-registry: implement powercfg (standby-ac 0, monitor-ac 60,
  standby-dc 30, monitor-dc 15) and proxy auto-detect disable (AutoDetect=0)
web/spec step-03: powercfg + proxy rows flag-todo -> flag-done, badge OK,
  remove old Edge policies note (already implemented)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

scripts/01-bloatware.ps1

@@ -5,16 +5,13 @@
 .DESCRIPTION
     Removes Microsoft-bundled apps and features not needed in a business MSP deployment.
     Removal is done for all users (-AllUsers) and from the provisioning store so new
-    users do not get them either. Calculator is intentionally kept. RDP client and
+    users do not get them either. Calculator is intentionally kept.
-    OneDrive are NOT removed here - they are required for business use.
 
 .ITEMS
     appx-balicky-odstraneni-pro-vsechny-uziv: Uses Remove-AppxPackage -AllUsers and Remove-AppxProvisionedPackage. The provisioned removal prevents apps from reinstalling for new user profiles. Covers ~35 apps including Cortana, Copilot, Teams personal, Xbox, Skype, News, Weather, Maps.
     zachovano-microsoft-windowscalculator: Calculator is explicitly excluded. Lightweight utility frequently used by technicians and end users. Removing it would require manual reinstall from Store.
     windows-capabilities-fax-ie-openssh-wmp-: Removed via Remove-WindowsCapability: Fax & Scan, Internet Explorer mode, OpenSSH client, Windows Media Player (legacy), WordPad, Handwriting recognition, Steps Recorder, Math Input Panel, Quick Assist.
     windows-optional-features-ps-2-0-mediapl: Disabled via Disable-WindowsOptionalFeature: PowerShell 2.0 (security risk - allows unsigned script execution bypass on older hosts), MediaPlayback, Windows Recall (AI screenshot surveillance), Snipping Tool optional component.
-    microsoft-remotedesktopconnection-nesmi-: The RDP client optional feature is explicitly NOT in the removal list. Must remain functional for MSP remote access, TeamViewer alternatives, and client IT management tasks.
-    onedrive-nesmi-byt-odstranovano-tady: OneDrive removal is NOT done here. OneDrive must remain available for Microsoft 365 / SharePoint deployment. Any OneDrive removal lines in this script are incorrect and must be removed.
 #>
 param(
     [object]$Config,

scripts/03-system-registry.ps1

@@ -24,8 +24,8 @@
     edge-policies-tlacitka-skryt: HomeButtonEnabled=0, SplitScreenEnabled=0, EdgeEDropEnabled=0 (Drop), WebCaptureEnabled=0 (Screenshot), ShareAllowed=0.
     edge-policies-obsah-a-telemetrie: NewTabPageContentEnabled=0, ShowRecommendationsEnabled=0, SpotlightExperiencesAndRecommendationsEnabled=0, PersonalizationReportingEnabled=0, EdgeShoppingAssistantEnabled=0, ShowMicrosoftRewards=0, HubsSidebarEnabled=0, SearchSuggestEnabled=0, DiagnosticData=0, FeedbackSurveysEnabled=0, EdgeCollectionsEnabled=0.
     onedrive-uninstall-intentional: Uninstalls the pre-installed OneDrive consumer version via OneDriveSetup.exe /uninstall and removes Start Menu shortcut. Intentional for clean MSP deployment baseline. No DisableFileSyncNGSC policy key is set - M365 installation can reinstall and run OneDrive normally. Only the stock consumer pre-install is removed.
-    powercfg-nastaveni-spotreba-energie: powercfg /change commands: standby-timeout-ac 0 (never sleep on AC/charger), monitor-timeout-ac 60 (screen off after 60 min on AC), standby-timeout-dc 30 (sleep after 30 min on battery), monitor-timeout-dc 15 (screen off after 15 min on battery).
+    powercfg-nastaveni-spotreba-energie: powercfg /change: standby-timeout-ac 0 (never sleep on AC), monitor-timeout-ac 60 (screen off after 60 min on AC), standby-timeout-dc 30 (sleep after 30 min on battery), monitor-timeout-dc 15 (screen off after 15 min on battery). Applied to active power plan.
-    proxy-auto-detect-zakaz-autodetect-0: HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect = 0. Disables WPAD (Web Proxy Auto-Discovery). Eliminates startup delays from WPAD DNS lookup and prevents potential MITM via malicious WPAD responses on untrusted networks.
+    proxy-auto-detect-zakaz-autodetect-0: HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect = 0. Disables WPAD (Web Proxy Auto-Discovery). Eliminates startup delays from WPAD DNS lookup and prevents MITM via rogue WPAD on untrusted networks.
 #>
 param(
     [object]$Config,
@@ -395,4 +395,30 @@ Set-Reg -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" `
 Set-Reg -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" `
         -Name "HideRecommendedSection" -Value 1
 
+# -----------------------------------------------------------------------
+# Power configuration
+# -----------------------------------------------------------------------
+Write-Log "Applying power configuration" -Level INFO
+
+$powercfg = @(
+    @("/change", "standby-timeout-ac",  "0"),    # never sleep on AC
+    @("/change", "monitor-timeout-ac",  "60"),   # screen off after 60 min on AC
+    @("/change", "standby-timeout-dc",  "30"),   # sleep after 30 min on battery
+    @("/change", "monitor-timeout-dc",  "15")    # screen off after 15 min on battery
+)
+foreach ($args in $powercfg) {
+    $result = & powercfg @args 2>&1
+    if ($LASTEXITCODE -eq 0) {
+        Write-Log "  powercfg $($args -join ' ')" -Level OK
+    } else {
+        Write-Log "  powercfg $($args -join ' ') failed: $result" -Level WARN
+    }
+}
+
+# -----------------------------------------------------------------------
+# Proxy auto-detect disable (WPAD)
+# -----------------------------------------------------------------------
+Set-Reg -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" `
+        -Name "AutoDetect" -Value 0
+
 Write-Log "Step 3 complete" -Level OK

web/data/descriptions.json

@@ -13,14 +13,12 @@
   },
   "01-bloatware": {
     "synopsis": "Removes pre-installed bloatware: AppX packages, Capabilities, and Optional Features.",
-    "description": "Removes Microsoft-bundled apps and features not needed in a business MSP deployment.\nRemoval is done for all users (-AllUsers) and from the provisioning store so new\nusers do not get them either. Calculator is intentionally kept. RDP client and\nOneDrive are NOT removed here - they are required for business use.",
+    "description": "Removes Microsoft-bundled apps and features not needed in a business MSP deployment.\nRemoval is done for all users (-AllUsers) and from the provisioning store so new\nusers do not get them either. Calculator is intentionally kept.",
     "items": {
       "appx-balicky-odstraneni-pro-vsechny-uziv": "Uses Remove-AppxPackage -AllUsers and Remove-AppxProvisionedPackage. The provisioned removal prevents apps from reinstalling for new user profiles. Covers ~35 apps including Cortana, Copilot, Teams personal, Xbox, Skype, News, Weather, Maps.",
       "zachovano-microsoft-windowscalculator": "Calculator is explicitly excluded. Lightweight utility frequently used by technicians and end users. Removing it would require manual reinstall from Store.",
       "windows-capabilities-fax-ie-openssh-wmp-": "Removed via Remove-WindowsCapability: Fax & Scan, Internet Explorer mode, OpenSSH client, Windows Media Player (legacy), WordPad, Handwriting recognition, Steps Recorder, Math Input Panel, Quick Assist.",
-      "windows-optional-features-ps-2-0-mediapl": "Disabled via Disable-WindowsOptionalFeature: PowerShell 2.0 (security risk - allows unsigned script execution bypass on older hosts), MediaPlayback, Windows Recall (AI screenshot surveillance), Snipping Tool optional component.",
+      "windows-optional-features-ps-2-0-mediapl": "Disabled via Disable-WindowsOptionalFeature: PowerShell 2.0 (security risk - allows unsigned script execution bypass on older hosts), MediaPlayback, Windows Recall (AI screenshot surveillance), Snipping Tool optional component."
-      "microsoft-remotedesktopconnection-nesmi-": "The RDP client optional feature is explicitly NOT in the removal list. Must remain functional for MSP remote access, TeamViewer alternatives, and client IT management tasks.",
-      "onedrive-nesmi-byt-odstranovano-tady": "OneDrive removal is NOT done here. OneDrive must remain available for Microsoft 365 / SharePoint deployment. Any OneDrive removal lines in this script are incorrect and must be removed."
     }
   },
   "02-software": {
@@ -53,8 +51,8 @@
       "edge-policies-tlacitka-skryt": "HomeButtonEnabled=0, SplitScreenEnabled=0, EdgeEDropEnabled=0 (Drop), WebCaptureEnabled=0 (Screenshot), ShareAllowed=0.",
       "edge-policies-obsah-a-telemetrie": "NewTabPageContentEnabled=0, ShowRecommendationsEnabled=0, SpotlightExperiencesAndRecommendationsEnabled=0, PersonalizationReportingEnabled=0, EdgeShoppingAssistantEnabled=0, ShowMicrosoftRewards=0, HubsSidebarEnabled=0, SearchSuggestEnabled=0, DiagnosticData=0, FeedbackSurveysEnabled=0, EdgeCollectionsEnabled=0.",
       "onedrive-uninstall-intentional": "Uninstalls the pre-installed OneDrive consumer version via OneDriveSetup.exe /uninstall and removes Start Menu shortcut. Intentional for clean MSP deployment baseline. No DisableFileSyncNGSC policy key is set - M365 installation can reinstall and run OneDrive normally. Only the stock consumer pre-install is removed.",
-      "powercfg-nastaveni-spotreba-energie": "powercfg /change commands: standby-timeout-ac 0 (never sleep on AC/charger), monitor-timeout-ac 60 (screen off after 60 min on AC), standby-timeout-dc 30 (sleep after 30 min on battery), monitor-timeout-dc 15 (screen off after 15 min on battery).",
+      "powercfg-nastaveni-spotreba-energie": "powercfg /change: standby-timeout-ac 0 (never sleep on AC), monitor-timeout-ac 60 (screen off after 60 min on AC), standby-timeout-dc 30 (sleep after 30 min on battery), monitor-timeout-dc 15 (screen off after 15 min on battery). Applied to active power plan.",
-      "proxy-auto-detect-zakaz-autodetect-0": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoDetect = 0. Disables WPAD (Web Proxy Auto-Discovery). Eliminates startup delays from WPAD DNS lookup and prevents potential MITM via malicious WPAD responses on untrusted networks."
+      "proxy-auto-detect-zakaz-autodetect-0": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoDetect = 0. Disables WPAD (Web Proxy Auto-Discovery). Eliminates startup delays from WPAD DNS lookup and prevents MITM via rogue WPAD on untrusted networks."
     }
   },
   "04-default-profile": {

web/spec/index.html

@@ -541,8 +541,6 @@
           <tr class="flag-done"><td>Zachovano: Microsoft.WindowsCalculator</td><td>Zamerny vyjimek</td></tr>
           <tr class="flag-done"><td>Windows Capabilities (Fax, IE, OpenSSH, WMP, WordPad, …)</td><td>Remove-WindowsCapability</td></tr>
           <tr class="flag-done"><td>Windows Optional Features (PS 2.0, MediaPlayback, Recall, …)</td><td>Disable-WindowsOptionalFeature</td></tr>
-          <tr class="flag-warn"><td>Microsoft-RemoteDesktopConnection NESMI byt odstranen</td><td>RDP klient musi zustat funkci. Overit ze neni v seznamu.</td></tr>
-          <tr class="flag-warn"><td>OneDrive nesmi byt odstranovano tady</td><td>OneDrive musi zustat instalovatelny pro M365.</td></tr>
         </table>
       </div>
       <div class="step-footer">
@@ -584,7 +582,7 @@
       <div class="step-header">
         <span class="step-num">03</span>
         <span class="step-title">System Registry (HKLM)</span>
-        <span class="badge badge-todo">TODO</span>
+        <span class="badge badge-ok">OK</span>
       </div>
       <div class="step-body">
         <table class="items">
@@ -601,16 +599,9 @@
           <tr class="flag-done"><td>Edge policies &ndash; tlacitka skryt (Home, Kolekce, Split, Drop, Screenshot, Share, Zpetna vazba)</td><td>HomeButtonEnabled=0, SplitScreenEnabled=0, EdgeEDropEnabled=0, WebCaptureEnabled=0, ShareAllowed=0, FeedbackSurveysEnabled=0, EdgeCollectionsEnabled=0</td></tr>
           <tr class="flag-done"><td>Edge policies &ndash; obsah a telemetrie</td><td>NewTabPageContentEnabled=0, ShowRecommendationsEnabled=0, EdgeShoppingAssistantEnabled=0, DiagnosticData=0, &hellip;</td></tr>
           <tr class="flag-done"><td>OneDrive uninstall (intentional)</td><td>OneDriveSetup.exe /uninstall &ndash; odstrani pre-installed verzi. M365 si nainstaluje vlastni.</td></tr>
-          <tr class="flag-todo"><td>Powercfg nastaveni (spotreba energie)</td><td>Pridat: standby-ac 0, monitor-ac 60, standby-dc 30, monitor-dc 15</td></tr>
+          <tr class="flag-done"><td>Powercfg nastaveni (spotreba energie)</td><td>standby-ac 0, monitor-ac 60, standby-dc 30, monitor-dc 15</td></tr>
-          <tr class="flag-todo"><td>Proxy auto-detect zakaz (AutoDetect = 0)</td><td>HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings</td></tr>
+          <tr class="flag-done"><td>Proxy auto-detect zakaz (AutoDetect = 0)</td><td>HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings</td></tr>
         </table>
-        <div class="note">
-          <strong>Powercfg prikazy:</strong><br>
-          <code>powercfg /change standby-timeout-ac 0</code> (neusne na nabijeni)<br>
-          <code>powercfg /change monitor-timeout-ac 60</code> (monitor zhasne po 60 min)<br>
-          <code>powercfg /change standby-timeout-dc 30</code><br>
-          <code>powercfg /change monitor-timeout-dc 15</code>
-        </div>
       </div>
       <div class="step-footer">
         <span class="step-status">Script: <code>03-system-registry.ps1</code></span>