af41dde33c
Root cause fix: runner.go passed config as unevaluated PS expression via -File mode - scripts received a literal string instead of parsed object. Changed to -ConfigPath; scripts load JSON themselves via shared common.ps1 (Write-Log, Get-Feature, Load-Config). GUI now regenerates runtime config before run so user selections actually reach the scripts. Merged 04-default-profile + 05-personalization into single script (one hive load/unload, no Explorer restart, no hive contention). Deleted Deploy-Windows.ps1 (xetup.exe is sole entry point), 06-scheduled-tasks.ps1 (tasks caused more harm than good), 07-desktop-info.ps1 (replaced by BackInfo long ago). Step ordering: activation moved early, pcIdentity before WU (exit 9 on rename only when rename actually happened). Edge policies split into mandatory (telemetry, first-run) vs recommended (UI preferences user can override). Atera install uses Start-Process -Wait instead of fragile sleep. Updated config.json, tests, DefaultConfig to match current state. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
384 lines
18 KiB
PowerShell
384 lines
18 KiB
PowerShell
<#
|
|
.SYNOPSIS
|
|
Applies registry settings to the Default User profile, current user, and sets visual theme.
|
|
|
|
.DESCRIPTION
|
|
Loads C:\Users\Default\NTUSER.DAT as a temporary hive (HKU\DefaultProfile), applies
|
|
all taskbar, Start menu, Explorer, and personalization settings, then unloads it.
|
|
Every new user account inherits these settings on first logon. The same settings are
|
|
applied directly to the current user's HKCU. Visual identity: dark taskbar/Start with
|
|
accent color #223B47 (deep blue-gray), light app mode, no transparency. Wallpaper is
|
|
set to a solid color matching the accent - BackInfo.exe overwrites it on every logon.
|
|
|
|
.ITEMS
|
|
taskbar-zarovnat-vlevo-taskbaral-0: TaskbarAl = 0 in Explorer\Advanced. Left alignment matches Windows 10 muscle memory.
|
|
taskbar-skryt-search-copilot-task-view-w: Hides Search box, Copilot, Task View, Widgets, Chat/Teams buttons.
|
|
taskbar-zobrazit-vsechny-ikonky-v-tray: EnableAutoTray=0 and TrayNotify icon streams cleared.
|
|
taskbar-vyprazdnit-pinlist-taskbarlayout: Deploys TaskbarLayoutModification.xml per ProfileType.
|
|
explorer-zobrazovat-pripony-souboru-hide: HideFileExt = 0. Shows file extensions in Explorer.
|
|
explorer-otevrit-na-this-pc-launchto-1: LaunchTo = 1. Explorer opens to This PC.
|
|
explorer-showrecent-0-showfrequent-0: ShowRecent=0, ShowFrequent=0. Hides recent/frequent from Quick Access.
|
|
explorer-fullpath-1-cabinetstate: FullPath=1 in CabinetState. Full path in Explorer title bar.
|
|
start-menu-vyprazdnit-piny-win11: ConfigureStartPins = {"pinnedList":[]}. Empty Start menu grid.
|
|
start-menu-zakaz-bing-vyhledavani: DisableSearchBoxSuggestions = 1. Local search only.
|
|
copilot-zakaz-turnoffwindowscopilot-1: TurnOffWindowsCopilot = 1. Disables Copilot sidebar.
|
|
numlock-zapnout-pri-startu: InitialKeyboardIndicators = 2.
|
|
system-tema-taskbar-start-dark: SystemUsesLightTheme=0. Dark shell, light apps.
|
|
accent-barva-223b47: AccentColor 0xFF473B22, ColorPrevalence=1, taskbar/Start branded.
|
|
pruhlednost-vypnuta: EnableTransparency=0.
|
|
tapeta-jednobarevna-223b47: Solid color #223B47 via SystemParametersInfo. BackInfo overwrites on logon.
|
|
#>
|
|
param(
|
|
[string]$ConfigPath,
|
|
[string]$LogFile,
|
|
[ValidateSet("default","admin","user")]
|
|
[string]$ProfileType = "default"
|
|
)
|
|
|
|
. "$PSScriptRoot\common.ps1"
|
|
$Config = Load-Config $ConfigPath
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Helpers - apply registry to both Default hive and current HKCU
|
|
# -----------------------------------------------------------------------
|
|
function Grant-HiveWriteAccess {
|
|
param([string]$HivePath)
|
|
try {
|
|
$acl = Get-Acl -Path $HivePath -ErrorAction Stop
|
|
$rule = New-Object System.Security.AccessControl.RegistryAccessRule(
|
|
"BUILTIN\Administrators",
|
|
[System.Security.AccessControl.RegistryRights]::FullControl,
|
|
[System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit",
|
|
[System.Security.AccessControl.PropagationFlags]::None,
|
|
[System.Security.AccessControl.AccessControlType]::Allow
|
|
)
|
|
$acl.SetAccessRule($rule)
|
|
Set-Acl -Path $HivePath -AclObject $acl -ErrorAction Stop
|
|
}
|
|
catch {
|
|
Write-Log " Grant-HiveWriteAccess failed for $HivePath - $_" -Level WARN
|
|
}
|
|
}
|
|
|
|
function Set-ProfileReg {
|
|
param(
|
|
[string]$SubKey,
|
|
[string]$Name,
|
|
$Value,
|
|
[string]$Type = "DWord"
|
|
)
|
|
|
|
# Apply to loaded Default hive
|
|
$defPath = "Registry::HKU\DefaultProfile\$SubKey"
|
|
try {
|
|
if (-not (Test-Path $defPath)) {
|
|
New-Item -Path $defPath -Force -ErrorAction Stop | Out-Null
|
|
}
|
|
Set-ItemProperty -Path $defPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop
|
|
}
|
|
catch {
|
|
try {
|
|
$parentPath = $defPath -replace '\\[^\\]+$', ''
|
|
if (Test-Path $parentPath) { Grant-HiveWriteAccess -HivePath $parentPath }
|
|
if (-not (Test-Path $defPath)) {
|
|
New-Item -Path $defPath -Force -ErrorAction Stop | Out-Null
|
|
}
|
|
Set-ItemProperty -Path $defPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop
|
|
}
|
|
catch {
|
|
Write-Log " DEFAULT HIVE failed $SubKey\$Name - $_" -Level ERROR
|
|
}
|
|
}
|
|
|
|
# Apply to current user as well
|
|
$hkcuPath = "HKCU:\$SubKey"
|
|
try {
|
|
if (-not (Test-Path $hkcuPath)) {
|
|
New-Item -Path $hkcuPath -Force -ErrorAction Stop | Out-Null
|
|
}
|
|
Set-ItemProperty -Path $hkcuPath -Name $Name -Value $Value -Type $Type -Force -ErrorAction Stop
|
|
Write-Log " SET $SubKey\$Name = $Value" -Level OK
|
|
}
|
|
catch {
|
|
Write-Log " HKCU failed $SubKey\$Name - $_" -Level ERROR
|
|
}
|
|
}
|
|
|
|
# Accent color #223B47 stored as ABGR DWORD: 0xFF473B22
|
|
$AccentColorABGR = 0xFF473B22
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Load Default profile hive
|
|
# -----------------------------------------------------------------------
|
|
$hivePath = "C:\Users\Default\NTUSER.DAT"
|
|
$hiveKey = "DefaultProfile"
|
|
|
|
Write-Log "Loading Default hive: $hivePath" -Level INFO
|
|
|
|
# Unload first in case previous run left it mounted
|
|
& reg unload "HKU\$hiveKey" 2>&1 | Out-Null
|
|
|
|
$loadResult = & reg load "HKU\$hiveKey" $hivePath 2>&1
|
|
if ($LASTEXITCODE -ne 0) {
|
|
Write-Log "Failed to load Default hive: $loadResult" -Level ERROR
|
|
exit 1
|
|
}
|
|
Write-Log "Default hive loaded" -Level OK
|
|
|
|
try {
|
|
# ===================================================================
|
|
# TASKBAR TWEAKS
|
|
# ===================================================================
|
|
if (Get-Feature $Config "defaultProfile" "taskbarTweaks") {
|
|
Write-Log "Applying taskbar tweaks" -Level STEP
|
|
|
|
$tbPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
|
|
|
|
# Win11: align taskbar to left
|
|
Set-ProfileReg -SubKey $tbPath -Name "TaskbarAl" -Value 0
|
|
|
|
# Hide Search box - set both Win10 and Win11 locations
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Search" `
|
|
-Name "SearchboxTaskbarMode" -Value 0
|
|
Set-ProfileReg -SubKey $tbPath -Name "SearchboxTaskbarMode" -Value 0
|
|
|
|
# Hide Task View, Widgets, Chat/Teams, Copilot buttons
|
|
Set-ProfileReg -SubKey $tbPath -Name "ShowTaskViewButton" -Value 0
|
|
Set-ProfileReg -SubKey $tbPath -Name "TaskbarDa" -Value 0
|
|
Set-ProfileReg -SubKey $tbPath -Name "TaskbarMn" -Value 0
|
|
Set-ProfileReg -SubKey $tbPath -Name "ShowCopilotButton" -Value 0
|
|
|
|
# Show all tray icons
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" `
|
|
-Name "EnableAutoTray" -Value 0
|
|
|
|
# Win11: clear cached tray icon streams
|
|
$trayNotifyKey = "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify"
|
|
if (Test-Path $trayNotifyKey) {
|
|
Remove-ItemProperty -Path $trayNotifyKey -Name "IconStreams" -Force -ErrorAction SilentlyContinue
|
|
Remove-ItemProperty -Path $trayNotifyKey -Name "PastIconsStream" -Force -ErrorAction SilentlyContinue
|
|
Write-Log " Cleared TrayNotify icon streams (Win11 systray workaround)" -Level OK
|
|
}
|
|
$defTrayKey = "Registry::HKU\DefaultProfile\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify"
|
|
if (Test-Path $defTrayKey) {
|
|
Remove-ItemProperty -Path $defTrayKey -Name "IconStreams" -Force -ErrorAction SilentlyContinue
|
|
Remove-ItemProperty -Path $defTrayKey -Name "PastIconsStream" -Force -ErrorAction SilentlyContinue
|
|
Write-Log " Cleared TrayNotify icon streams in Default hive" -Level OK
|
|
}
|
|
|
|
# Desktop icons - show This PC
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" `
|
|
-Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Value 0
|
|
|
|
# Taskbar pinned apps layout
|
|
Write-Log " Writing taskbar layout (ProfileType=$ProfileType)" -Level INFO
|
|
|
|
$wsh = New-Object -ComObject WScript.Shell
|
|
$defRoaming = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
|
|
|
|
$explorerLnkDir = "$defRoaming\System Tools"
|
|
$explorerLnk = "$explorerLnkDir\File Explorer.lnk"
|
|
if (-not (Test-Path $explorerLnk)) {
|
|
if (-not (Test-Path $explorerLnkDir)) { New-Item -ItemType Directory -Path $explorerLnkDir -Force | Out-Null }
|
|
$sc = $wsh.CreateShortcut($explorerLnk)
|
|
$sc.TargetPath = "$env:WINDIR\explorer.exe"
|
|
$sc.Save()
|
|
Write-Log " Created File Explorer.lnk in Default profile Start Menu" -Level OK
|
|
}
|
|
|
|
if ($ProfileType -eq "admin") {
|
|
$psLnkDir = "$defRoaming\Windows PowerShell"
|
|
$psLnk = "$psLnkDir\Windows PowerShell.lnk"
|
|
if (-not (Test-Path $psLnk)) {
|
|
if (-not (Test-Path $psLnkDir)) { New-Item -ItemType Directory -Path $psLnkDir -Force | Out-Null }
|
|
$sc = $wsh.CreateShortcut($psLnk)
|
|
$sc.TargetPath = "$env:WINDIR\System32\WindowsPowerShell\v1.0\powershell.exe"
|
|
$sc.Save()
|
|
Write-Log " Created Windows PowerShell.lnk in Default profile Start Menu" -Level OK
|
|
}
|
|
}
|
|
|
|
$taskbarLayoutDir = "C:\Users\Default\AppData\Local\Microsoft\Windows\Shell"
|
|
if (-not (Test-Path $taskbarLayoutDir)) {
|
|
New-Item -ItemType Directory -Path $taskbarLayoutDir -Force | Out-Null
|
|
}
|
|
|
|
$pinList = switch ($ProfileType) {
|
|
"admin" {
|
|
@'
|
|
<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk"/>
|
|
<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk"/>
|
|
<taskbar:DesktopApp DesktopApplicationLinkPath="%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk"/>
|
|
'@
|
|
}
|
|
default {
|
|
@'
|
|
<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk"/>
|
|
<taskbar:DesktopApp DesktopApplicationLinkPath="%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk"/>
|
|
'@
|
|
}
|
|
}
|
|
|
|
$taskbarLayoutXml = @"
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
<LayoutModificationTemplate
|
|
xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
|
|
xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
|
|
xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
|
|
xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
|
|
Version="1">
|
|
<CustomTaskbarLayoutCollection PinListPlacement="Replace">
|
|
<defaultlayout:TaskbarLayout>
|
|
<taskbar:TaskbarPinList>
|
|
$pinList
|
|
</taskbar:TaskbarPinList>
|
|
</defaultlayout:TaskbarLayout>
|
|
</CustomTaskbarLayoutCollection>
|
|
</LayoutModificationTemplate>
|
|
"@
|
|
$taskbarLayoutXml | Set-Content -Path "$taskbarLayoutDir\LayoutModification.xml" -Encoding UTF8 -Force
|
|
Write-Log " Taskbar LayoutModification.xml written (profile: $ProfileType)" -Level OK
|
|
|
|
# NumLock on startup
|
|
Set-ProfileReg -SubKey "Control Panel\Keyboard" `
|
|
-Name "InitialKeyboardIndicators" -Value 2 -Type "String"
|
|
} else {
|
|
Write-Log "taskbarTweaks feature disabled - skipping" -Level INFO
|
|
}
|
|
|
|
# ===================================================================
|
|
# START MENU TWEAKS
|
|
# ===================================================================
|
|
if (Get-Feature $Config "defaultProfile" "startMenuTweaks") {
|
|
Write-Log "Applying Start menu tweaks" -Level STEP
|
|
|
|
Set-ProfileReg -SubKey "Software\Policies\Microsoft\Windows\Explorer" `
|
|
-Name "DisableSearchBoxSuggestions" -Value 1
|
|
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Start" `
|
|
-Name "ConfigureStartPins" `
|
|
-Value '{"pinnedList":[]}' `
|
|
-Type "String"
|
|
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" `
|
|
-Name "Start_TrackProgs" -Value 0
|
|
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" `
|
|
-Name "Start_TrackDocs" -Value 0
|
|
|
|
Set-ProfileReg -SubKey "Software\Policies\Microsoft\Windows\WindowsCopilot" `
|
|
-Name "TurnOffWindowsCopilot" -Value 1
|
|
|
|
Set-ProfileReg -SubKey "System\GameConfigStore" `
|
|
-Name "GameDVR_Enabled" -Value 0
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\GameDVR" `
|
|
-Name "AppCaptureEnabled" -Value 0
|
|
} else {
|
|
Write-Log "startMenuTweaks feature disabled - skipping" -Level INFO
|
|
}
|
|
|
|
# ===================================================================
|
|
# EXPLORER TWEAKS
|
|
# ===================================================================
|
|
if (Get-Feature $Config "defaultProfile" "explorerTweaks") {
|
|
Write-Log "Applying Explorer tweaks" -Level STEP
|
|
|
|
$advPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
|
|
|
|
Set-ProfileReg -SubKey $advPath -Name "HideFileExt" -Value 0
|
|
Set-ProfileReg -SubKey $advPath -Name "LaunchTo" -Value 1
|
|
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" `
|
|
-Name "ShowRecent" -Value 0
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer" `
|
|
-Name "ShowFrequent" -Value 0
|
|
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" `
|
|
-Name "FullPath" -Value 1
|
|
} else {
|
|
Write-Log "explorerTweaks feature disabled - skipping" -Level INFO
|
|
}
|
|
|
|
# ===================================================================
|
|
# PERSONALIZATION (theme, accent color, wallpaper)
|
|
# ===================================================================
|
|
Write-Log "Applying personalization (theme, accent, wallpaper)" -Level STEP
|
|
|
|
# Dark shell (taskbar, Start), light apps
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" `
|
|
-Name "SystemUsesLightTheme" -Value 0
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" `
|
|
-Name "AppsUseLightTheme" -Value 1
|
|
|
|
# Accent color on Start and taskbar
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" `
|
|
-Name "ColorPrevalence" -Value 1
|
|
|
|
# Transparency disabled
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" `
|
|
-Name "EnableTransparency" -Value 0
|
|
|
|
# Accent color #223B47
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" `
|
|
-Name "AccentColor" -Value $AccentColorABGR -Type "DWord"
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" `
|
|
-Name "ColorizationColor" -Value $AccentColorABGR -Type "DWord"
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" `
|
|
-Name "ColorizationAfterglow" -Value $AccentColorABGR -Type "DWord"
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\DWM" `
|
|
-Name "ColorPrevalence" -Value 1
|
|
|
|
# Taskbar accent color (Explorer\Accent, not DWM)
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" `
|
|
-Name "AccentColorMenu" -Value $AccentColorABGR -Type "DWord"
|
|
Set-ProfileReg -SubKey "Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" `
|
|
-Name "StartColorMenu" -Value $AccentColorABGR -Type "DWord"
|
|
|
|
# Wallpaper - solid color #223B47 (BackInfo overwrites on logon)
|
|
Set-ProfileReg -SubKey "Control Panel\Colors" `
|
|
-Name "Background" -Value "34 59 71" -Type "String"
|
|
Set-ProfileReg -SubKey "Control Panel\Desktop" `
|
|
-Name "Wallpaper" -Value "" -Type "String"
|
|
Set-ProfileReg -SubKey "Control Panel\Desktop" `
|
|
-Name "WallpaperStyle" -Value "0" -Type "String"
|
|
Set-ProfileReg -SubKey "Control Panel\Desktop" `
|
|
-Name "TileWallpaper" -Value "0" -Type "String"
|
|
}
|
|
finally {
|
|
# -----------------------------------------------------------------------
|
|
# Unload Default hive - always, even on error
|
|
# -----------------------------------------------------------------------
|
|
Write-Log "Unloading Default hive" -Level INFO
|
|
[GC]::Collect()
|
|
[GC]::WaitForPendingFinalizers()
|
|
Start-Sleep -Milliseconds 500
|
|
|
|
$unloadResult = & reg unload "HKU\$hiveKey" 2>&1
|
|
if ($LASTEXITCODE -eq 0) {
|
|
Write-Log "Default hive unloaded" -Level OK
|
|
} else {
|
|
Write-Log "Failed to unload Default hive: $unloadResult" -Level ERROR
|
|
}
|
|
}
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Apply wallpaper (solid color) to current desktop session
|
|
# -----------------------------------------------------------------------
|
|
Write-Log "Setting desktop wallpaper to solid color" -Level INFO
|
|
try {
|
|
Add-Type -TypeDefinition @"
|
|
using System;
|
|
using System.Runtime.InteropServices;
|
|
public class WallpaperHelper {
|
|
[DllImport("user32.dll", CharSet=CharSet.Auto)]
|
|
public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);
|
|
}
|
|
"@ -ErrorAction SilentlyContinue
|
|
[WallpaperHelper]::SystemParametersInfo(20, 0, "", 3) | Out-Null
|
|
Write-Log " Desktop wallpaper updated" -Level OK
|
|
}
|
|
catch {
|
|
Write-Log " Failed to update wallpaper: $_" -Level WARN
|
|
}
|
|
|
|
Write-Log "Step 4 complete" -Level OK
|