<# .SYNOPSIS Applies registry settings to the Default User profile, current user, and sets visual theme. .DESCRIPTION Loads C:\Users\Default\NTUSER.DAT as a temporary hive (HKU\DefaultProfile), applies all taskbar, Start menu, Explorer, and personalization settings, then unloads it. Every new user account inherits these settings on first logon. The same settings are applied directly to the current user's HKCU. Visual identity: dark taskbar/Start with accent color #223B47 (deep blue-gray), light app mode, no transparency. Wallpaper is set to a solid color matching the accent - BackInfo.exe overwrites it on every logon. .ITEMS taskbar-zarovnat-vlevo-taskbaral-0: TaskbarAl = 0 in Explorer\Advanced. Left alignment matches Windows 10 muscle memory. taskbar-skryt-search-copilot-task-view-w: Hides Search box, Copilot, Task View, Widgets, Chat/Teams buttons. taskbar-zobrazit-vsechny-ikonky-v-tray: EnableAutoTray=0 and TrayNotify icon streams cleared. taskbar-vyprazdnit-pinlist-taskbarlayout: Deploys TaskbarLayoutModification.xml per ProfileType. explorer-zobrazovat-pripony-souboru-hide: HideFileExt = 0. Shows file extensions in Explorer. explorer-otevrit-na-this-pc-launchto-1: LaunchTo = 1. Explorer opens to This PC. explorer-showrecent-0-showfrequent-0: ShowRecent=0, ShowFrequent=0. Hides recent/frequent from Quick Access. explorer-fullpath-1-cabinetstate: FullPath=1 in CabinetState. Full path in Explorer title bar. start-menu-vyprazdnit-piny-win11: ConfigureStartPins = {"pinnedList":[]}. Empty Start menu grid. start-menu-zakaz-bing-vyhledavani: DisableSearchBoxSuggestions = 1. Local search only. copilot-zakaz-turnoffwindowscopilot-1: TurnOffWindowsCopilot = 1. Disables Copilot sidebar. numlock-zapnout-pri-startu: InitialKeyboardIndicators = 2. system-tema-taskbar-start-dark: SystemUsesLightTheme=0. Dark shell, light apps. accent-barva-223b47: AccentColor 0xFF473B22, ColorPrevalence=1, taskbar/Start branded. pruhlednost-vypnuta: EnableTransparency=0. tapeta-jednobarevna-223b47: Solid color #223B47 via SystemParametersInfo. BackInfo overwrites on logon. #> param( [string]$ConfigPath, [string]$LogFile, [ValidateSet("default","admin","user")] [string]$ProfileType = "default" ) . "$PSScriptRoot\common.ps1" $Config = Load-Config $ConfigPath # ----------------------------------------------------------------------- # Helpers - apply registry to both Default hive and current HKCU # ----------------------------------------------------------------------- function Grant-HiveWriteAccess { param([string]$HivePath) try { $acl = Get-Acl -Path $HivePath -ErrorAction Stop $rule = New-Object System.Security.AccessControl.RegistryAccessRule( "BUILTIN\Administrators", [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit", [System.Security.AccessControl.PropagationFlags]::None, [System.Security.AccessControl.AccessControlType]::Allow ) $acl.SetAccessRule($rule) Set-Acl -Path $HivePath -AclObject $acl -ErrorAction Stop } catch { Write-Log " Grant-HiveWriteAccess failed for $HivePath - $_" -Level WARN } } function Set-ProfileReg { param( [string]$SubKey, [string]$Name, $Value, [string]$Type = "DWord" ) # Apply to loaded Default hive $defPath = "Registry::HKU\DefaultProfile\$SubKey" try { if (-not (Test-Path $defPath)) { New-Item -Path $defPath -Force -ErrorAction Stop | Out-Null } Set-ItemProperty -Path $defPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop } catch { try { $parentPath = $defPath -replace '\\[^\\]+$', '' if (Test-Path $parentPath) { Grant-HiveWriteAccess -HivePath $parentPath } if (-not (Test-Path $defPath)) { New-Item -Path $defPath -Force -ErrorAction Stop | Out-Null } Set-ItemProperty -Path $defPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop } catch { Write-Log " DEFAULT HIVE failed $SubKey\$Name - $_" -Level ERROR } } # Apply to current user as well $hkcuPath = "HKCU:\$SubKey" try { if (-not (Test-Path $hkcuPath)) { New-Item -Path $hkcuPath -Force -ErrorAction Stop | Out-Null } Set-ItemProperty -Path $hkcuPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop Write-Log " SET $SubKey\$Name = $Value" -Level OK } catch { Write-Log " HKCU failed $SubKey\$Name - $_" -Level ERROR } } # Accent color #223B47 stored as ABGR DWORD: 0xFF473B22 $AccentColorABGR = 0xFF473B22 # ----------------------------------------------------------------------- # Load Default profile hive # ----------------------------------------------------------------------- $hivePath = "C:\Users\Default\NTUSER.DAT" $hiveKey = "DefaultProfile" Write-Log "Loading Default hive: $hivePath" -Level INFO # Unload first in case previous run left it mounted & reg unload "HKU\$hiveKey" 2>&1 | Out-Null $loadResult = & reg load "HKU\$hiveKey" $hivePath 2>&1 if ($LASTEXITCODE -ne 0) { Write-Log "Failed to load Default hive: $loadResult" -Level ERROR exit 1 } Write-Log "Default hive loaded" -Level OK try { # =================================================================== # TASKBAR TWEAKS # =================================================================== if (Get-Feature $Config "defaultProfile" "taskbarTweaks") { Write-Log "Applying taskbar tweaks" -Level STEP $tbPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" # Win11: align taskbar to left Set-ProfileReg -SubKey $tbPath -Name "TaskbarAl" -Value 0 # Hide Search box - set both Win10 and Win11 locations Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Search" ` -Name "SearchboxTaskbarMode" -Value 0 Set-ProfileReg -SubKey $tbPath -Name "SearchboxTaskbarMode" -Value 0 # Hide Task View, Widgets, Chat/Teams, Copilot buttons Set-ProfileReg -SubKey $tbPath -Name "ShowTaskViewButton" -Value 0 Set-ProfileReg -SubKey $tbPath -Name "TaskbarDa" -Value 0 Set-ProfileReg -SubKey $tbPath -Name "TaskbarMn" -Value 0 Set-ProfileReg -SubKey $tbPath -Name "ShowCopilotButton" -Value 0 # Show all tray icons Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" ` -Name "EnableAutoTray" -Value 0 # Win11: clear cached tray icon streams $trayNotifyKey = "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" if (Test-Path $trayNotifyKey) { Remove-ItemProperty -Path $trayNotifyKey -Name "IconStreams" -Force -ErrorAction SilentlyContinue Remove-ItemProperty -Path $trayNotifyKey -Name "PastIconsStream" -Force -ErrorAction SilentlyContinue Write-Log " Cleared TrayNotify icon streams (Win11 systray workaround)" -Level OK } $defTrayKey = "Registry::HKU\DefaultProfile\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" if (Test-Path $defTrayKey) { Remove-ItemProperty -Path $defTrayKey -Name "IconStreams" -Force -ErrorAction SilentlyContinue Remove-ItemProperty -Path $defTrayKey -Name "PastIconsStream" -Force -ErrorAction SilentlyContinue Write-Log " Cleared TrayNotify icon streams in Default hive" -Level OK } # Desktop icons - show This PC Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" ` -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Value 0 # Taskbar pinned apps layout Write-Log " Writing taskbar layout (ProfileType=$ProfileType)" -Level INFO $wsh = New-Object -ComObject WScript.Shell $defRoaming = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs" $explorerLnkDir = "$defRoaming\System Tools" $explorerLnk = "$explorerLnkDir\File Explorer.lnk" if (-not (Test-Path $explorerLnk)) { if (-not (Test-Path $explorerLnkDir)) { New-Item -ItemType Directory -Path $explorerLnkDir -Force | Out-Null } $sc = $wsh.CreateShortcut($explorerLnk) $sc.TargetPath = "$env:WINDIR\explorer.exe" $sc.Save() Write-Log " Created File Explorer.lnk in Default profile Start Menu" -Level OK } if ($ProfileType -eq "admin") { $psLnkDir = "$defRoaming\Windows PowerShell" $psLnk = "$psLnkDir\Windows PowerShell.lnk" if (-not (Test-Path $psLnk)) { if (-not (Test-Path $psLnkDir)) { New-Item -ItemType Directory -Path $psLnkDir -Force | Out-Null } $sc = $wsh.CreateShortcut($psLnk) $sc.TargetPath = "$env:WINDIR\System32\WindowsPowerShell\v1.0\powershell.exe" $sc.Save() Write-Log " Created Windows PowerShell.lnk in Default profile Start Menu" -Level OK } } $taskbarLayoutDir = "C:\Users\Default\AppData\Local\Microsoft\Windows\Shell" if (-not (Test-Path $taskbarLayoutDir)) { New-Item -ItemType Directory -Path $taskbarLayoutDir -Force | Out-Null } $pinList = switch ($ProfileType) { "admin" { @' '@ } default { @' '@ } } $taskbarLayoutXml = @" $pinList "@ $utf8NoBom = New-Object System.Text.UTF8Encoding $false [System.IO.File]::WriteAllText("$taskbarLayoutDir\LayoutModification.xml", $taskbarLayoutXml, $utf8NoBom) Write-Log " Taskbar LayoutModification.xml written (profile: $ProfileType)" -Level OK # NumLock on startup Set-ProfileReg -SubKey "Control Panel\Keyboard" ` -Name "InitialKeyboardIndicators" -Value 2 -Type "String" } else { Write-Log "taskbarTweaks feature disabled - skipping" -Level INFO } # =================================================================== # START MENU TWEAKS # =================================================================== if (Get-Feature $Config "defaultProfile" "startMenuTweaks") { Write-Log "Applying Start menu tweaks" -Level STEP Set-ProfileReg -SubKey "Software\Policies\Microsoft\Windows\Explorer" ` -Name "DisableSearchBoxSuggestions" -Value 1 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Start" ` -Name "ConfigureStartPins" ` -Value '{"pinnedList":[]}' ` -Type "String" Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" ` -Name "Start_TrackProgs" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" ` -Name "Start_TrackDocs" -Value 0 Set-ProfileReg -SubKey "Software\Policies\Microsoft\Windows\WindowsCopilot" ` -Name "TurnOffWindowsCopilot" -Value 1 Set-ProfileReg -SubKey "System\GameConfigStore" ` -Name "GameDVR_Enabled" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\GameDVR" ` -Name "AppCaptureEnabled" -Value 0 } else { Write-Log "startMenuTweaks feature disabled - skipping" -Level INFO } # =================================================================== # EXPLORER TWEAKS # =================================================================== if (Get-Feature $Config "defaultProfile" "explorerTweaks") { Write-Log "Applying Explorer tweaks" -Level STEP $advPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" Set-ProfileReg -SubKey $advPath -Name "HideFileExt" -Value 0 Set-ProfileReg -SubKey $advPath -Name "LaunchTo" -Value 1 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" ` -Name "ShowRecent" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" ` -Name "ShowFrequent" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" ` -Name "FullPath" -Value 1 } else { Write-Log "explorerTweaks feature disabled - skipping" -Level INFO } # =================================================================== # PERSONALIZATION (theme, accent color, wallpaper) # =================================================================== Write-Log "Applying personalization (theme, accent, wallpaper)" -Level STEP # Dark shell (taskbar, Start), light apps Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" ` -Name "SystemUsesLightTheme" -Value 0 Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" ` -Name "AppsUseLightTheme" -Value 1 # Accent color on Start and taskbar Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" ` -Name "ColorPrevalence" -Value 1 # Transparency disabled Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" ` -Name "EnableTransparency" -Value 0 # Accent color #223B47 Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" ` -Name "AccentColor" -Value $AccentColorABGR -Type "DWord" Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" ` -Name "ColorizationColor" -Value $AccentColorABGR -Type "DWord" Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" ` -Name "ColorizationAfterglow" -Value $AccentColorABGR -Type "DWord" Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" ` -Name "ColorPrevalence" -Value 1 # Taskbar accent color (Explorer\Accent, not DWM) Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" ` -Name "AccentColorMenu" -Value $AccentColorABGR -Type "DWord" Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" ` -Name "StartColorMenu" -Value $AccentColorABGR -Type "DWord" # Wallpaper - solid color #223B47 (BackInfo overwrites on logon) Set-ProfileReg -SubKey "Control Panel\Colors" ` -Name "Background" -Value "34 59 71" -Type "String" Set-ProfileReg -SubKey "Control Panel\Desktop" ` -Name "Wallpaper" -Value "" -Type "String" Set-ProfileReg -SubKey "Control Panel\Desktop" ` -Name "WallpaperStyle" -Value "0" -Type "String" Set-ProfileReg -SubKey "Control Panel\Desktop" ` -Name "TileWallpaper" -Value "0" -Type "String" # =================================================================== # KEYBOARD LAYOUTS - Czech primary, US secondary # =================================================================== # CZ stays the primary input language; US English is added as a harmless # secondary so programmer/special chars are reachable. Applied in three # places so every account type gets it: # - current user (adminx9) via Set-WinUserLanguageList # - Default profile hive -> every newly created user inherits it # - HKU\.DEFAULT -> welcome screen and system/service accounts # KLIDs: 00000405 = Czech, 00000409 = US English. Write-Log "Configuring keyboard layouts (CZ primary, US secondary)" -Level STEP function Set-PreloadLayouts { param([string]$KeyPath) # full Registry:: path to the "...\Keyboard Layout\Preload" key try { if (-not (Test-Path $KeyPath)) { New-Item -Path $KeyPath -Force -ErrorAction Stop | Out-Null } Set-ItemProperty -Path $KeyPath -Name "1" -Value "00000405" -Type String -Force -ErrorAction Stop Set-ItemProperty -Path $KeyPath -Name "2" -Value "00000409" -Type String -Force -ErrorAction Stop Write-Log " Preload set (1=CZ, 2=US): $KeyPath" -Level OK } catch { Write-Log " Failed to set Preload at $KeyPath - $_" -Level WARN } } # Current user: use the language-list API so the secondary layout shows up # in the language bar, not just the raw Preload key. try { $langs = New-WinUserLanguageList -Language "cs-CZ" $langs.Add("en-US") Set-WinUserLanguageList -LanguageList $langs -Force -ErrorAction Stop Write-Log " Current user language list set (cs-CZ + en-US)" -Level OK } catch { Write-Log " Set-WinUserLanguageList failed - $_" -Level WARN } # New users (Default profile hive) and welcome screen / system accounts (.DEFAULT) Set-PreloadLayouts -KeyPath "Registry::HKU\DefaultProfile\Keyboard Layout\Preload" Set-PreloadLayouts -KeyPath "Registry::HKU\.DEFAULT\Keyboard Layout\Preload" } finally { # ----------------------------------------------------------------------- # Unload Default hive - always, even on error. Retry because GC and # other processes (antivirus) may hold handles briefly. # ----------------------------------------------------------------------- Write-Log "Unloading Default hive" -Level INFO $unloaded = $false for ($attempt = 1; $attempt -le 5; $attempt++) { [GC]::Collect() [GC]::WaitForPendingFinalizers() Start-Sleep -Milliseconds ($attempt * 500) $unloadResult = & reg unload "HKU\$hiveKey" 2>&1 if ($LASTEXITCODE -eq 0) { Write-Log "Default hive unloaded (attempt $attempt)" -Level OK $unloaded = $true break } } if (-not $unloaded) { Write-Log "Failed to unload Default hive after 5 attempts: $unloadResult" -Level ERROR Write-Log " New user profiles may not inherit all settings until next reboot" -Level WARN } } # ----------------------------------------------------------------------- # Apply wallpaper (solid color) to current desktop session # ----------------------------------------------------------------------- Write-Log "Setting desktop wallpaper to solid color" -Level INFO try { Add-Type -TypeDefinition @" using System; using System.Runtime.InteropServices; public class WallpaperHelper { [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); } "@ -ErrorAction SilentlyContinue [WallpaperHelper]::SystemParametersInfo(20, 0, "", 3) | Out-Null Write-Log " Desktop wallpaper updated" -Level OK } catch { Write-Log " Failed to update wallpaper: $_" -Level WARN } Write-Log "Step 4 complete" -Level OK