<# .SYNOPSIS Applies registry settings to the Default User profile, current user, and sets visual theme. .DESCRIPTION Loads C:\Users\Default\NTUSER.DAT as a temporary hive (HKU\DefaultProfile), applies all taskbar, Start menu, Explorer, and personalization settings, then unloads it. Every new user account inherits these settings on first logon. The same settings are applied directly to the current user's HKCU. Visual identity: dark taskbar/Start with accent color #223B47 (deep blue-gray), light app mode, no transparency. Wallpaper is set to a solid color matching the accent - BackInfo.exe overwrites it on every logon. .ITEMS taskbar-zarovnat-vlevo-taskbaral-0: TaskbarAl = 0 in Explorer\Advanced. Left alignment matches Windows 10 muscle memory. taskbar-skryt-search-copilot-task-view-w: Hides Search box, Copilot, Task View, Widgets, Chat/Teams buttons. taskbar-zobrazit-vsechny-ikonky-v-tray: EnableAutoTray=0 and TrayNotify icon streams cleared. taskbar-vyprazdnit-pinlist-taskbarlayout: Deploys TaskbarLayoutModification.xml per ProfileType. explorer-zobrazovat-pripony-souboru-hide: HideFileExt = 0. Shows file extensions in Explorer. explorer-otevrit-na-this-pc-launchto-1: LaunchTo = 1. Explorer opens to This PC. explorer-showrecent-0-showfrequent-0: ShowRecent=0, ShowFrequent=0. Hides recent/frequent from Quick Access. explorer-fullpath-1-cabinetstate: FullPath=1 in CabinetState. Full path in Explorer title bar. start-menu-vyprazdnit-piny-win11: ConfigureStartPins = {"pinnedList":[]}. Empty Start menu grid. start-menu-zakaz-bing-vyhledavani: DisableSearchBoxSuggestions = 1. Local search only. copilot-zakaz-turnoffwindowscopilot-1: TurnOffWindowsCopilot = 1. Disables Copilot sidebar. numlock-zapnout-pri-startu: InitialKeyboardIndicators = 2. system-tema-taskbar-start-dark: SystemUsesLightTheme=0. Dark shell, light apps. accent-barva-223b47: AccentColor 0xFF473B22, ColorPrevalence=1, taskbar/Start branded. pruhlednost-vypnuta: EnableTransparency=0. tapeta-jednobarevna-223b47: Solid color #223B47 via SystemParametersInfo. BackInfo overwrites on logon. #> param( [string]$ConfigPath, [string]$LogFile, [ValidateSet("default","admin","user")] [string]$ProfileType = "default" ) . "$PSScriptRoot\common.ps1" $Config = Load-Config $ConfigPath # ----------------------------------------------------------------------- # Helpers - apply registry to both Default hive and current HKCU # ----------------------------------------------------------------------- function Grant-HiveWriteAccess { param([string]$HivePath) try { $acl = Get-Acl -Path $HivePath -ErrorAction Stop $rule = New-Object System.Security.AccessControl.RegistryAccessRule( "BUILTIN\Administrators", [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit", [System.Security.AccessControl.PropagationFlags]::None, [System.Security.AccessControl.AccessControlType]::Allow ) $acl.SetAccessRule($rule) Set-Acl -Path $HivePath -AclObject $acl -ErrorAction Stop } catch { Write-Log " Grant-HiveWriteAccess failed for $HivePath - $_" -Level WARN } } function Set-ProfileReg { param( [string]$SubKey, [string]$Name, $Value, [string]$Type = "DWord" ) # Apply to loaded Default hive $defPath = "Registry::HKU\DefaultProfile\$SubKey" try { if (-not (Test-Path $defPath)) { New-Item -Path $defPath -Force -ErrorAction Stop | Out-Null } Set-ItemProperty -Path $defPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop } catch { try { $parentPath = $defPath -replace '\\[^\\]+$', '' if (Test-Path $parentPath) { Grant-HiveWriteAccess -HivePath $parentPath } if (-not (Test-Path $defPath)) { New-Item -Path $defPath -Force -ErrorAction Stop | Out-Null } Set-ItemProperty -Path $defPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop } catch { Write-Log " DEFAULT HIVE failed $SubKey\$Name - $_" -Level ERROR } } # Apply to current user as well $hkcuPath = "HKCU:\$SubKey" try { if (-not (Test-Path $hkcuPath)) { New-Item -Path $hkcuPath -Force -ErrorAction Stop | Out-Null } Set-ItemProperty -Path $hkcuPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop Write-Log " SET $SubKey\$Name = $Value" -Level OK } catch { Write-Log " HKCU failed $SubKey\$Name - $_" -Level ERROR } } # Accent color #223B47 stored as ABGR DWORD: 0xFF473B22 $AccentColorABGR = 0xFF473B22 # ----------------------------------------------------------------------- # Load Default profile hive # ----------------------------------------------------------------------- $hivePath = "C:\Users\Default\NTUSER.DAT" $hiveKey = "DefaultProfile" Write-Log "Loading Default hive: $hivePath" -Level INFO # Unload first in case previous run left it mounted & reg unload "HKU\$hiveKey" 2>&1 | Out-Null $loadResult = & reg load "HKU\$hiveKey" $hivePath 2>&1 if ($LASTEXITCODE -ne 0) { Write-Log "Failed to load Default hive: $loadResult" -Level ERROR exit 1 } Write-Log "Default hive loaded" -Level OK try { # =================================================================== # TASKBAR TWEAKS # =================================================================== if (Get-Feature $Config "defaultProfile" "taskbarTweaks") { Write-Log "Applying taskbar tweaks" -Level STEP $tbPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" # Win11: align taskbar to left Set-ProfileReg -SubKey $tbPath -Name "TaskbarAl" -Value 0 # Hide Search box - set both Win10 and Win11 locations Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Search" ` -Name "SearchboxTaskbarMode" -Value 0 Set-ProfileReg -SubKey $tbPath -Name "SearchboxTaskbarMode" -Value 0 # Hide Task View, Widgets, Chat/Teams, Copilot buttons Set-ProfileReg -SubKey $tbPath -Name "ShowTaskViewButton" -Value 0 Set-ProfileReg -SubKey $tbPath -Name "TaskbarDa" -Value 0 Set-ProfileReg -SubKey $tbPath -Name "TaskbarMn" -Value 0 Set-ProfileReg -SubKey $tbPath -Name "ShowCopilotButton" -Value 0 # Show all tray icons Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" ` -Name "EnableAutoTray" -Value 0 # Win11: clear cached tray icon streams $trayNotifyKey = "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" if (Test-Path $trayNotifyKey) { Remove-ItemProperty -Path $trayNotifyKey -Name "IconStreams" -Force -ErrorAction SilentlyContinue Remove-ItemProperty -Path $trayNotifyKey -Name "PastIconsStream" -Force -ErrorAction SilentlyContinue Write-Log " Cleared TrayNotify icon streams (Win11 systray workaround)" -Level OK } $defTrayKey = "Registry::HKU\DefaultProfile\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" if (Test-Path $defTrayKey) { Remove-ItemProperty -Path $defTrayKey -Name "IconStreams" -Force -ErrorAction SilentlyContinue Remove-ItemProperty -Path $defTrayKey -Name "PastIconsStream" -Force -ErrorAction SilentlyContinue Write-Log " Cleared TrayNotify icon streams in Default hive" -Level OK } # Desktop icons - show This PC Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" ` -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Value 0 # Taskbar pinned apps layout Write-Log " Writing taskbar layout (ProfileType=$ProfileType)" -Level INFO $wsh = New-Object -ComObject WScript.Shell $defRoaming = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs" $explorerLnkDir = "$defRoaming\System Tools" $explorerLnk = "$explorerLnkDir\File Explorer.lnk" if (-not (Test-Path $explorerLnk)) { if (-not (Test-Path $explorerLnkDir)) { New-Item -ItemType Directory -Path $explorerLnkDir -Force | Out-Null } $sc = $wsh.CreateShortcut($explorerLnk) $sc.TargetPath = "$env:WINDIR\explorer.exe" $sc.Save() Write-Log " Created File Explorer.lnk in Default profile Start Menu" -Level OK } if ($ProfileType -eq "admin") { $psLnkDir = "$defRoaming\Windows PowerShell" $psLnk = "$psLnkDir\Windows PowerShell.lnk" if (-not (Test-Path $psLnk)) { if (-not (Test-Path $psLnkDir)) { New-Item -ItemType Directory -Path $psLnkDir -Force | Out-Null } $sc = $wsh.CreateShortcut($psLnk) $sc.TargetPath = "$env:WINDIR\System32\WindowsPowerShell\v1.0\powershell.exe" $sc.Save() Write-Log " Created Windows PowerShell.lnk in Default profile Start Menu" -Level OK } } $taskbarLayoutDir = "C:\Users\Default\AppData\Local\Microsoft\Windows\Shell" if (-not (Test-Path $taskbarLayoutDir)) { New-Item -ItemType Directory -Path $taskbarLayoutDir -Force | Out-Null } $pinList = switch ($ProfileType) { "admin" { @' '@ } default { @' '@ } } $taskbarLayoutXml = @" $pinList "@ $taskbarLayoutXml | Set-Content -Path "$taskbarLayoutDir\LayoutModification.xml" -Encoding UTF8 -Force Write-Log " Taskbar LayoutModification.xml written (profile: $ProfileType)" -Level OK # NumLock on startup Set-ProfileReg -SubKey "Control Panel\Keyboard" ` -Name "InitialKeyboardIndicators" -Value 2 -Type "String" } else { Write-Log "taskbarTweaks feature disabled - skipping" -Level INFO } # =================================================================== # START MENU TWEAKS # =================================================================== if (Get-Feature $Config "defaultProfile" "startMenuTweaks") { Write-Log "Applying Start menu tweaks" -Level STEP Set-ProfileReg -SubKey "Software\Policies\Microsoft\Windows\Explorer" ` -Name "DisableSearchBoxSuggestions" -Value 1 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Start" ` -Name "ConfigureStartPins" ` -Value '{"pinnedList":[]}' ` -Type "String" Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" ` -Name "Start_TrackProgs" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" ` -Name "Start_TrackDocs" -Value 0 Set-ProfileReg -SubKey "Software\Policies\Microsoft\Windows\WindowsCopilot" ` -Name "TurnOffWindowsCopilot" -Value 1 Set-ProfileReg -SubKey "System\GameConfigStore" ` -Name "GameDVR_Enabled" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\GameDVR" ` -Name "AppCaptureEnabled" -Value 0 } else { Write-Log "startMenuTweaks feature disabled - skipping" -Level INFO } # =================================================================== # EXPLORER TWEAKS # =================================================================== if (Get-Feature $Config "defaultProfile" "explorerTweaks") { Write-Log "Applying Explorer tweaks" -Level STEP $advPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" Set-ProfileReg -SubKey $advPath -Name "HideFileExt" -Value 0 Set-ProfileReg -SubKey $advPath -Name "LaunchTo" -Value 1 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" ` -Name "ShowRecent" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" ` -Name "ShowFrequent" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" ` -Name "FullPath" -Value 1 } else { Write-Log "explorerTweaks feature disabled - skipping" -Level INFO } # =================================================================== # PERSONALIZATION (theme, accent color, wallpaper) # =================================================================== Write-Log "Applying personalization (theme, accent, wallpaper)" -Level STEP # Dark shell (taskbar, Start), light apps Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" ` -Name "SystemUsesLightTheme" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" ` -Name "AppsUseLightTheme" -Value 1 # Accent color on Start and taskbar Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" ` -Name "ColorPrevalence" -Value 1 # Transparency disabled Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" ` -Name "EnableTransparency" -Value 0 # Accent color #223B47 Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" ` -Name "AccentColor" -Value $AccentColorABGR -Type "DWord" Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" ` -Name "ColorizationColor" -Value $AccentColorABGR -Type "DWord" Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" ` -Name "ColorizationAfterglow" -Value $AccentColorABGR -Type "DWord" Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" ` -Name "ColorPrevalence" -Value 1 # Taskbar accent color (Explorer\Accent, not DWM) Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" ` -Name "AccentColorMenu" -Value $AccentColorABGR -Type "DWord" Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" ` -Name "StartColorMenu" -Value $AccentColorABGR -Type "DWord" # Wallpaper - solid color #223B47 (BackInfo overwrites on logon) Set-ProfileReg -SubKey "Control Panel\Colors" ` -Name "Background" -Value "34 59 71" -Type "String" Set-ProfileReg -SubKey "Control Panel\Desktop" ` -Name "Wallpaper" -Value "" -Type "String" Set-ProfileReg -SubKey "Control Panel\Desktop" ` -Name "WallpaperStyle" -Value "0" -Type "String" Set-ProfileReg -SubKey "Control Panel\Desktop" ` -Name "TileWallpaper" -Value "0" -Type "String" } finally { # ----------------------------------------------------------------------- # Unload Default hive - always, even on error # ----------------------------------------------------------------------- Write-Log "Unloading Default hive" -Level INFO [GC]::Collect() [GC]::WaitForPendingFinalizers() Start-Sleep -Milliseconds 500 $unloadResult = & reg unload "HKU\$hiveKey" 2>&1 if ($LASTEXITCODE -eq 0) { Write-Log "Default hive unloaded" -Level OK } else { Write-Log "Failed to unload Default hive: $unloadResult" -Level ERROR } } # ----------------------------------------------------------------------- # Apply wallpaper (solid color) to current desktop session # ----------------------------------------------------------------------- Write-Log "Setting desktop wallpaper to solid color" -Level INFO try { Add-Type -TypeDefinition @" using System; using System.Runtime.InteropServices; public class WallpaperHelper { [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); } "@ -ErrorAction SilentlyContinue [WallpaperHelper]::SystemParametersInfo(20, 0, "", 3) | Out-Null Write-Log " Desktop wallpaper updated" -Level OK } catch { Write-Log " Failed to update wallpaper: $_" -Level WARN } Write-Log "Step 4 complete" -Level OK