Windows 10 tips
Microsoft Windows get rid of non verified apps
One of these is never trust apps that are not digitaly signed. To do so once you install Windows 10 do this from PowerShell (run PowerShell as Administrator):
Get-AppxPackage *3dbuilder* | Remove-AppxPackage
Get-AppxPackage *windowsalarms* | Remove-AppxPackage
Get-AppxPackage *windowscalculator* | Remove-AppxPackage
Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage`
Get-AppxPackage *windowscamera* | Remove-AppxPackage
Get-AppxPackage *officehub* | Remove-AppxPackage
Get-AppxPackage *skypeapp* | Remove-AppxPackage
Get-AppxPackage *getstarted* | Remove-AppxPackage
Get-AppxPackage *zunemusic* | Remove-AppxPackage
Get-AppxPackage *windowsmaps* | Remove-AppxPackage
Get-AppxPackage *solitairecollection* | Remove-AppxPackage
Get-AppxPackage *bingfinance* | Remove-AppxPackage
Get-AppxPackage *zunevideo* | Remove-AppxPackage
Get-AppxPackage *bingnews* | Remove-AppxPackage
Get-AppxPackage *onenote* | Remove-AppxPackage
Get-AppxPackage *people* | Remove-AppxPackage
Get-AppxPackage *windowsphone* | Remove-AppxPackage
Get-AppxPackage *photos* | Remove-AppxPackage
Get-AppxPackage *windowsstore* | Remove-AppxPackage
Get-AppxPackage *bingsports* | Remove-AppxPackage
Get-AppxPackage *soundrecorder* | Remove-AppxPackage
Get-AppxPackage *bingweather* | Remove-AppxPackage
Get-AppxPackage *xboxapp* | Remove-AppxPackage
For instance if we don’t do this the WinStore.App.exe will be installed as non verified signer.
The rule of thumb is never install apps if not verified signer. For instance never use Skype that is not verified signer.
You can list all packages and application on your sistem like this:
Get-AppxPackage -AllUsers | Select Name, PackageFullName
So you will know what to remove. With Process Explorer you can check there is verfied signer column for all your apps.
Controling the recent items
If you would like to remove recent items on your system you may find them in here:
%AppData%\Microsoft\Windows\Recent Items
%AppData%\Microsoft\Windows\Recent\AutomaticDestinations
%AppData%\Microsoft\Windows\Recent\CustomDestinations
Clearn removal of system apps
This script removes Microsoft-WindowsFeedback but you can try on other apps as well.
function Enable-Privilege {
param($Privilege)
$Definition = @'
using System;
using System.Runtime.InteropServices;
public class AdjPriv {
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host, string name,
ref long pluid);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
internal struct TokPriv1Luid {
public int Count;
public long Luid;
public int Attr;
}
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public static bool EnablePrivilege(long processHandle, string privilege) {
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = new IntPtr(processHandle);
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_ENABLED;
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero,
IntPtr.Zero);
return retVal;
}
}
'@
$ProcessHandle = (Get-Process -id $pid).Handle
$type = Add-Type $definition -PassThru
$type[0]::EnablePrivilege($processHandle, $Privilege)
}
function Take-Over($path) {
$owner = [Security.Principal.NTAccount]'Administrators'
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($path, 'ReadWriteSubTree', 'TakeOwnership')
$acl = $key.GetAccessControl()
$acl.SetOwner($owner)
$key.SetAccessControl($acl)
$acl = $key.getaccesscontrol()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule "Administrators", "FullControl", "ContainerInherit", "None", "Allow"
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
}
do {} until (Enable-Privilege SeTakeOwnershipPrivilege)
function Remove-Package($name) {
$key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\$name"
Take-Over $key
Remove-Item -Path HKLM:"$key\Owners" -Force -Recurse
& C:\Windows\System32\PkgMgr.exe /up:$name /norestart /quiet
}
#Remove Feedback
$packageBase = "Microsoft-WindowsFeedback"
$packageNames = (dir ("HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\" + $packageBase + "*")).name
forEach ($package in $packageNames)
{
Remove-Package $package.substring($package.indexOf($packageBase))
}
To execute the upper script run PowerShell as Administrator and set the policy first to Set-ExecutionPolicy RemoteSigned.
On Windows 10, PowerShell may include:
- Restricted — (Default) Stops any script from running.
- RemoteSigned — Runs scripts created on the device. However, scripts created on another computer won’t run unless they include a signature of a trusted publisher.
- AllSigned — All the scripts will run as long as they’ve been signed by a trusted publisher.
- Unrestricted — Runs any script without any restrictions.
Possible the best way to run script is from Windows PowerShell ISE.
Visit scriptcenter for all kind of Windows scripts you may run.
Uninstall Internet Explorer using PowerShell
Open Start, type PowerShell, right-click the top result, and select the Run as Administrator.
Type the command to disable Internet Explorer 11:
Disable-WindowsOptionalFeature -FeatureName Internet-Explorer-Optional-amd64 –Online
Install OpenSSH client for Windows
Check for the existing OpenSSH software online:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
Then install the client:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Start using it:
Ssh username@servername