-
-
Notifications
You must be signed in to change notification settings - Fork 521
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #884 from Atlas-OS/dev
Automatic PR: Merging dev into main (4180ff9)
- Loading branch information
Showing
81 changed files
with
1,368 additions
and
2,012 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"yaml.customTags": [ | ||
"!run: mapping", | ||
"!registryKey: mapping", | ||
"!registryValue: mapping", | ||
"!appx: mapping", | ||
"!file: mapping", | ||
"!service: mapping", | ||
"!scheduledTask: mapping", | ||
"!taskKill: mapping", | ||
"!systemPackage: mapping", | ||
"!cmd: mapping", | ||
"!powerShell: mapping", | ||
"!writeStatus: mapping" | ||
], | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
title: Kill & Disable KProcessHacker2 | ||
description: Kills, removes and disables ProcessHacker using its kernel mode driver to prevent conflicts with Memory Integrity and the Microsoft Vulnerable Driver Blocklist | ||
privilege: TrustedInstaller | ||
actions: | ||
- !run: | ||
exe: 'powershell.exe' | ||
args: '-NoP -Ex Unrestricted -File KILLKPH.ps1' | ||
exeDir: true | ||
wait: true |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
src/playbook/Configuration/tweaks/debloat/config-storage-sense.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
title: Configure Storage Sense | ||
description: Configures Storage Sense to automatically cleanup temporary files every month | ||
privilege: TrustedInstaller | ||
actions: | ||
# Reference: https://gist.github.com/he3als/3d9dcf6e796aa920c24a98130165fb17 | ||
|
||
# Enable Storage Sense | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '01', type: REG_DWORD, data: '1'} | ||
# Run Storage Sense | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '1024', type: REG_DWORD, data: '1'} | ||
# Run Storage Sense every month | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '2048', type: REG_DWORD, data: '30'} | ||
# Enable cleaning temporary files | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '04', type: REG_DWORD, data: '1'} | ||
# Disable the 'Downloads' from being cleared | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '32', type: REG_DWORD, data: '0'} | ||
# Disable OneDrive cleanup | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '02', type: REG_DWORD, data: '0'} | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '128', type: REG_DWORD, data: '0'} | ||
# Clean Recycle Bin every month | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '08', type: REG_DWORD, data: '1'} | ||
- !registryValue: {path: 'HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy', value: '256', type: REG_DWORD, data: '30'} | ||
|
||
# Enable cleaning temp files | ||
- !run: | ||
exe: 'schtasks.exe' | ||
args: '/change /tn "Microsoft\Windows\DiskCleanup\SilentCleanup" /enable' | ||
wait: true | ||
|
||
# There's also subkeys for OneDrive cleanup, but as OneDrive is uninstalled, they probably aren't relevant |
21 changes: 21 additions & 0 deletions
21
src/playbook/Configuration/tweaks/debloat/hide-unused-security-pages.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
title: Hide Unused Windows Security Pages | ||
description: Hides Windows Security pages that are not commonly needed/used to have a more clean UI | ||
privilege: TrustedInstaller | ||
actions: | ||
# Remove bloat pages | ||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options' | ||
value: 'UILockdown' | ||
data: '1' | ||
type: REG_DWORD | ||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health' | ||
value: 'UILockdown' | ||
data: '1' | ||
type: REG_DWORD | ||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Account protection' | ||
value: 'UILockdown' | ||
data: '1' | ||
type: REG_DWORD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
title: Delete Temporary NSudo | ||
description: Deletes the temporary NSudo used for de-elevation in AME Wizard | ||
privilege: TrustedInstaller | ||
actions: | ||
- !file: {path: 'C:\Windows\AtlasModules\Tools\NSudoLG.exe'} |
17 changes: 17 additions & 0 deletions
17
src/playbook/Configuration/tweaks/performance/disable-fth.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
--- | ||
title: Disable Fault Tolerant Heap (FTH) | ||
description: FTH is a feature in Windows 7+ that applies mitigations (non-CPU related) to applications that repeatedly crash to prevent further crashes, but when the FTH is active for a certain application, there's a performance hit. | ||
privilege: TrustedInstaller | ||
actions: | ||
# https://devblogs.microsoft.com/oldnewthing/20120125-00/?p=8463 | ||
# Document listed as only affected in Windows 7, is also in 7+ | ||
# https://docs.microsoft.com/en-us/windows/win32/win7appqual/fault-tolerant-heap | ||
# https://www.3dcadworld.com/windows-7-fault-tolerant-heap-prevents-crashing/ | ||
|
||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Microsoft\FTH' | ||
value: 'Enabled' | ||
data: '0' | ||
type: REG_DWORD | ||
# Reset FTH entries | ||
- !run: {exe: 'rundll32.exe', args: 'fthsvc.dll,FthSysprepSpecialize'} |
2 changes: 1 addition & 1 deletion
2
src/playbook/Configuration/tweaks/privacy/disable-location-tracking.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
2 changes: 1 addition & 1 deletion
2
src/playbook/Configuration/tweaks/privacy/telemetry/disable-dotnet-cli-telemetry.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.