diff --git a/src/Configuration/atlas/appx.yml b/src/Configuration/atlas/appx.yml
index 9f8e124d3d..4222e08874 100644
--- a/src/Configuration/atlas/appx.yml
+++ b/src/Configuration/atlas/appx.yml
@@ -96,9 +96,9 @@ actions:
- !appx: {name: '*Microsoft.GetHelp*', type: family}
- !appx: {name: '*Microsoft.Getstarted*', type: family}
- !appx: {name: '*Microsoft.Microsoft3DViewer*', type: family}
- - !appx: {name: '*Microsoft.MicrosoftEdge*', type: family}
- - !appx: {name: '*microsoft.microsoftedge.stable*', type: family}
- - !appx: {name: '*Microsoft.MicrosoftEdgeDevToolsClient*', type: family}
+ # - !appx: {name: '*Microsoft.MicrosoftEdge*', type: family}
+ # - !appx: {name: '*microsoft.microsoftedge.stable*', type: family}
+ # - !appx: {name: '*Microsoft.MicrosoftEdgeDevToolsClient*', type: family}
- !appx: {name: '*Microsoft.MicrosoftOfficeHub*', type: family}
- !appx: {name: '*Microsoft.MicrosoftSolitaireCollection*', type: family}
- !appx: {name: '*Microsoft.MicrosoftStickyNotes*', type: family}
diff --git a/src/Configuration/atlas/components.yml b/src/Configuration/atlas/components.yml
index 6cf19dfc73..1df65f6a88 100644
--- a/src/Configuration/atlas/components.yml
+++ b/src/Configuration/atlas/components.yml
@@ -41,115 +41,13 @@ actions:
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', value: 'SecurityHealth', operation: delete}
# ---------- Microsoft Edge
- - !writeStatus: {status: 'Removing Microsoft Edge'}
- - !taskKill: {name: 'MicrosoftEdgeUpdate'}
- - !taskKill: {name: 'msedge'}
- - !taskKill: {name: 'MicrosoftEdge*'}
- - !taskKill: {name: 'setup', pathContains: '\Edge'}
- - !taskKill: {name: 'msedgewebview2'}
- - !service: {name: 'edgeupdate', operation: delete}
- - !service: {name: 'edgeupdatem', operation: delete}
- - !service: {name: 'MicrosoftEdgeElevationService', operation: delete}
-
- - !file: {path: 'C:\Users\Public\Desktop\Microsoft Edge.lnk'}
- - !file: {path: 'C:\ProgramData\Microsoft\EdgeUpdate'}
- - !file: {path: 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk'}
-
- - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced', value: 'TaskbarMigratedBrowserPin', operation: delete}
- - !registryKey: {path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate'}
- - !registryKey: {path: 'HKCR\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}'}
- - !registryKey: {path: 'HKCR\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767}'}
- - !registryKey: {path: 'HKCR\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}'}
- - !registryKey: {path: 'HKCR\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}'}
- - !registryKey: {path: 'HKCR\MSEdgeHTM'}
- - !registryKey: {path: 'HKCR\MSEdgePDF'}
- - !registryKey: {path: 'HKCR\MSEdgeMHT'}
- - !registryKey: {path: 'HKCR\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}'}
- - !registryKey: {path: 'HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge'}
- - !registryValue: {path: 'HKLM\SOFTWARE\RegisteredApplications', value: 'Microsoft Edge', operation: delete}
- - !registryKey: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msedge.exe'}
- - !registryValue: {path: 'HKCR\.htm\OpenWithProgIds', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCR\.html\OpenWithProgIds', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCR\.shtml\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCR\.svg\OpenWithProgIds', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCR\.xht\OpenWithProgIds', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCR\.xhtml\OpenWithProgIds', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCR\.webp\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCR\.xml\OpenWithProgIds', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts', value: 'MSEdgeHTM_microsoft-edge', operation: delete}
- - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode', value: 'MSEdgePath', operation: delete}
- - !registryKey: {path: 'HKCR\AppID\ie_to_edge_bho.dll'}
- - !registryKey: {path: 'HKCR\AppID\{31575964-95F7-414B-85E4-0E9A93699E13}'}
- - !registryKey: {path: 'HKCR\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}'}
- - !registryKey: {path: 'HKCR\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}'}
- - !registryKey: {path: 'HKCR\ie_to_edge_bho.IEToEdgeBHO'}
- - !registryKey: {path: 'HKCR\ie_to_edge_bho.IEToEdgeBHO.1'}
-
- # Internet Explorer
- - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode', value: 'MSEdgePath', operation: delete}
- - !registryKey: {path: 'HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}'}
- - !registryKey: {path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}'}
- - !registryKey: {path: 'HKLM\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge'}
- - !registryKey: {path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge'}
- - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge', value: 'Application', operation: delete}
-
- - !registryKey: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}'}
- - !registryKey: {path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}'}
- - !registryKey: {path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}'}
- - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID', value: '{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}', operation: delete}
- - !registryKey: {path: 'HKLM\SOFTWARE\Microsoft\Edge'}
- - !registryKey: {path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge'}
- - !registryKey: {path: 'HKCR\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}'}
- - !registryKey: {path: 'HKCR\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}'}
- - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers', value: '{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}', operation: delete}
- - !registryValue: {path: 'HKCR\.pdf\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}', value: '(Default)', operation: delete}
- - !registryKey: {path: 'HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}'}
- - !registryKey: {path: 'HKU\S-1-5-21-3476428458-2503407758-626446112-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}'}
- - !registryKey: {path: 'HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Edge'}
- - !registryKey: {path: 'HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\msedge.exe'}
- - !registryKey: {path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update'}
-
- # WebView
- - !registryKey: {path: 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView'}
-
- - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', value: 'Microsoft Edge Update', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\RegisteredApplications', value: 'Microsoft Edge', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\Classes\.htm\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\Classes\.html\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\Classes\.svg\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\Classes\.xht\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\Classes\.webp\OpenWithProgids', value: 'MSEdgeHTM', operation: delete}
- - !registryValue: {path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts', value: 'MSEdgeHTM_microsoft-edge', operation: delete}
- - !registryKey: {path: 'HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}'}
- - !registryKey: {path: 'HKCU\SOFTWARE\Microsoft\Edge'}
-
- # WebView
- - !registryKey: {path: 'HKCU\SOFTWARE\Microsoft\EdgeWebView'}
-
- - !registryValue:
- path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband'
- value: 'FavoritesResolve'
- data: '320300004C0000000114020000000000C0000000000000468300800020000000549E39A5246AD8012B113CA5246AD801A8B6C6DADDACD501970100000000000001000000000000000000000000000000A0013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE1200000056F21270246AD8010F37A185246AD8012B113CA5246AD80114005600310000000000B154E29B11005461736B42617200400009000400EFBEB154C69BB154E29B2E000000F4940100000001000000000000000000000000000000D5BA89005400610073006B00420061007200000016000E01320097010000874F0749200046494C4545587E312E4C4E4B00007C0009000400EFBEB154E29BB154E29B2E00000097900100000002000000000000000000520000000000589C4400460069006C00650020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00220000001E00EFBE02005500730065007200500069006E006E006500640000001C00120000002B00EFBE2B113CA5246AD8011C00420000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F0072006500720000001C0000009B0000001C000000010000001C0000002D000000000000009A0000001100000003000000E4A63B761000000000433A5C55736572735C757365725C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C46696C65204578706C6F7265722E6C6E6B000060000000030000A058000000000000006465736B746F702D62356E36683339006E1A1EE27BFFA94ABB0361D86F25337E500764DB17D6EC11A598000C2907D6A06E1A1EE27BFFA94ABB0361D86F25337E500764DB17D6EC11A598000C2907D6A045000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000CE2181FCD4BF31408F25FF009E4345CA000000000000000000000000'
- type: REG_BINARY
- operation: add
- - !registryValue:
- path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband'
- value: 'Favorites'
- data: '00A40100003A001F80C827341F105C1042AA032EE45287D668260001002600EFBE1200000056F21270246AD8010F37A185246AD8012B113CA5246AD80114005600310000000000B154E29B11005461736B42617200400009000400EFBEB154C69BB154E29B2E000000F4940100000001000000000000000000000000000000D5BA89005400610073006B00420061007200000016001201320097010000874F0749200046494C4545587E312E4C4E4B00007C0009000400EFBEB154E29BB154E29B2E00000097900100000002000000000000000000520000000000589C4400460069006C00650020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00120000002B00EFBE2B113CA5246AD8011C00420000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F0072006500720000001C00260000001E00EFBE0200530079007300740065006D00500069006E006E006500640000001C000000FF'
- type: REG_BINARY
- operation: add
-
- - !run: {exeDir: true, exe: 'EDGE.cmd', weight: 20}
-
- - !file: {path: 'C:\Program Files (x86)\Microsoft\Edge', weight: 10}
- - !file: {path: 'C:\Program Files (x86)\Microsoft\EdgeUpdate', weight: 10}
- - !file: {path: 'C:\Program Files (x86)\Microsoft\EdgeCore', weight: 10}
-
- # WebView
- - !file: {path: 'C:\Program Files (x86)\Microsoft\EdgeWebView', weight: 10}
-
+ - !writeStatus: {status: 'Removing Microsoft Edge', option: 'uninstall-edge'}
+ - !run:
+ exe: 'powershell.exe'
+ args: '-NoP -EP Unrestricted -File "C:\Users\Default\Desktop\Atlas\1. Software\Remove Edge.ps1" -Setup'
+ wait: true
+ option: 'uninstall-edge'
+
# ---------- OneDrive
- !writeStatus: {status: 'Removing OneDrive'}
- !taskKill: {name: 'OneDriveStandaloneUpdater'}
diff --git a/src/Configuration/atlas/packages.yml b/src/Configuration/atlas/packages.yml
index d70c5c4973..065aa1e0b5 100644
--- a/src/Configuration/atlas/packages.yml
+++ b/src/Configuration/atlas/packages.yml
@@ -65,20 +65,6 @@ actions:
# - !systemPackage: {name: 'Microsoft-Windows-EnhancedStorage-EhStorTcgDrv', arch: amd64, language: 'neutral'}
# - !systemPackage: {name: 'Microsoft-Windows-EnhancedStorage-EhStorTcgDrv', arch: wow64, language: 'neutral'}
- ## Microsoft Edge (does not remove Edge Chromium, see EDGE.cmd)
- - !systemPackage: {name: 'Microsoft-Windows-Edge-Angle', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-AXHost', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-EdgeContent', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-EdgeManager', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-MicrosoftEdgeBCHost', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-MicrosoftEdgeCP', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-MicrosoftEdgeDevTools', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-MicrosoftEdgeEnlightenment', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-MicrosoftEdgeEnlightenment', arch: wow64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-Edge-MicrosoftEdgeSH', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-MicrosoftEdgeDevToolsClient.AppxMain', arch: amd64, language: 'neutral'}
- - !systemPackage: {name: 'Microsoft-Windows-MicrosoftEdgeDevToolsClient.AppxSetup', arch: amd64, language: 'neutral'}
-
## Parental Controls
# - !systemPackage: {name: 'Microsoft-Windows-AppModel-FamilySafety-Extension', arch: amd64, language: 'neutral'}
# - !systemPackage: {name: 'Microsoft-Windows-AppModel-FamilySafety-Extension', arch: wow64, language: 'neutral'}
diff --git a/src/Configuration/atlas/services.yml b/src/Configuration/atlas/services.yml
index 27b5903ec1..a8a88ef779 100644
--- a/src/Configuration/atlas/services.yml
+++ b/src/Configuration/atlas/services.yml
@@ -49,11 +49,12 @@ actions:
# ------------------------ Services ------------------------
+ - !run:
+ exe: 'C:\Users\Default\Desktop\Atlas\3. Configuration\1. General Configuration\Bluetooth\Disable Bluetooth (default).cmd'
+ args: '/silent'
+ option: 'disable-bluetooth'
+
- !service: {name: 'AppIDSvc', operation: change, startup: 4}
- - !service: {name: 'BluetoothUserService', operation: change, startup: 4}
- - !service: {name: 'BTAGService', operation: change, startup: 4}
- - !service: {name: 'BthAvctpSvc', operation: change, startup: 4}
- - !service: {name: 'bthserv', operation: change, startup: 4}
- !service: {name: 'CryptSvc', operation: change, startup: 3}
- !service: {name: 'diagnosticshub.standardcollector.service', operation: change, startup: 4}
- !service: {name: 'diagsvc', operation: change, startup: 4}
@@ -136,15 +137,6 @@ actions:
- !service: {name: 'bam', operation: change, startup: 4}
- !service: {name: 'Beep', operation: change, startup: 4}
- !service: {name: 'bindflt', operation: change, startup: 4}
- - !service: {name: 'BthA2dp', operation: change, startup: 4}
- - !service: {name: 'BthEnum', operation: change, startup: 4}
- - !service: {name: 'BthHFEnum', operation: change, startup: 4}
- - !service: {name: 'BthLEEnum', operation: change, startup: 4}
- - !service: {name: 'BthMini', operation: change, startup: 4}
- - !service: {name: 'BTHMODEM', operation: change, startup: 4}
- - !service: {name: 'BthPan', operation: change, startup: 4}
- - !service: {name: 'BTHPORT', operation: change, startup: 4}
- - !service: {name: 'BTHUSB', operation: change, startup: 4}
- !service: {name: 'buttonconverter', operation: change, startup: 4}
- !service: {name: 'CAD', operation: change, startup: 4}
- !service: {name: 'cdfs', operation: change, startup: 4}
@@ -159,9 +151,7 @@ actions:
# FileInfo 4 < breaks installing Microsoft Store applications to different disk (now disabled via store script)
# FileCrypt 4 < Breaks installing Microsoft Store applications to different disk (now disabled via store script)
- !service: {name: 'GpuEnergyDrv', operation: change, startup: 4}
- - !service: {name: 'HidBth', operation: change, startup: 4}
- !service: {name: 'KSecPkg', operation: change, startup: 4}
- - !service: {name: 'Microsoft_Bluetooth_AvrcpTransport', operation: change, startup: 4}
- !service: {name: 'mrxsmb', operation: change, startup: 4}
- !service: {name: 'mrxsmb20', operation: change, startup: 4}
# NdisVirtualBus 4 < breaks network bridges
@@ -169,7 +159,6 @@ actions:
# PEAUTH 4 < breaks UWP streaming applications such as netflix, manual mode does not fix
# Set rdbss to manual instead of disabling (fixes WSL), thanks Phlegm
- !service: {name: 'rdbss', operation: change, startup: 3}
- - !service: {name: 'RFCOMM', operation: change, startup: 4}
- !service: {name: 'sfloppy', operation: change, startup: 4}
- !service: {name: 'SiSRaid2', operation: change, startup: 4}
- !service: {name: 'SiSRaid4', operation: change, startup: 4}
diff --git a/src/Configuration/atlas/start.yml b/src/Configuration/atlas/start.yml
index 77ff595594..ff72cd71b9 100644
--- a/src/Configuration/atlas/start.yml
+++ b/src/Configuration/atlas/start.yml
@@ -107,6 +107,30 @@ actions:
command: '"%ProgramData%\chocolatey\bin\choco.exe" install -y --force --allow-empty-checksums 7zip'
weight: 150
+ - !writeStatus: {status: 'Installing LibreWolf', option: 'browser-librewolf'}
+ - !cmd:
+ command: '"%ProgramData%\chocolatey\bin\choco.exe" install -y --force --allow-empty-checksums librewolf'
+ weight: 150
+ option: 'librewolf-choco'
+ - !run:
+ exe: 'powershell.exe'
+ args: '-NoP -File LIBREWOLF.ps1'
+ exeDir: true
+ wait: true
+ option: 'librewolf-winupdater'
+
+ - !writeStatus: {status: 'Installing Google Chrome', option: 'browser-chrome'}
+ - !cmd:
+ command: '"%ProgramData%\chocolatey\bin\choco.exe" install -y --force --allow-empty-checksums googlechrome'
+ weight: 150
+ option: 'browser-chrome'
+
+ - !writeStatus: {status: 'Installing Brave', option: 'browser-brave'}
+ - !cmd:
+ command: '"%ProgramData%\chocolatey\bin\choco.exe" install -y --force --allow-empty-checksums brave'
+ weight: 150
+ option: 'browser-brave'
+
- !writeStatus: {status: 'Configuring 7-Zip'}
- !registryValue: {path: 'HKCU\SOFTWARE\7-Zip\FM\Columns', value: 'RootFolder', data: '0100000000000000010000000400000001000000A0000000', type: REG_BINARY}
- !registryValue: {path: 'HKCU\SOFTWARE\7-Zip\Options', value: 'ContextMenu', data: '548', type: REG_DWORD}
diff --git a/src/Configuration/custom.yml b/src/Configuration/custom.yml
index 79e9b26d8d..b3f27c9266 100644
--- a/src/Configuration/custom.yml
+++ b/src/Configuration/custom.yml
@@ -4,6 +4,8 @@ description: Runs all of the playbook files
privilege: TrustedInstaller
actions: []
features:
+ # Configure PowerShell first so that other PowerShell scripts work
+ - tweaks\qol\config-powershell.yml
- atlas\start.yml
- atlas\services.yml
- atlas\appx.yml
diff --git a/src/Configuration/tweaks.yml b/src/Configuration/tweaks.yml
index 939ed719c5..116a821861 100644
--- a/src/Configuration/tweaks.yml
+++ b/src/Configuration/tweaks.yml
@@ -15,11 +15,6 @@ features:
# ----------------------- END NOTES ----------------------- #
- # Configure PowerShell first so that other PowerShell scripts work
- - tweaks\qol\config-powershell.yml
- # User prompts - customize the install
- - tweaks\statuses\status-prompts.yml
- - tweaks\scripts\script-prompts.yml
# NGEN - PowerShell optimization
- tweaks\statuses\status-ngen.yml
- tweaks\scripts\script-ngen.yml
@@ -331,7 +326,6 @@ features:
- tweaks\debloat\legacy-photo-viewer.yml
- tweaks\debloat\prevent-edge-update.yml
- tweaks\debloat\scheduled-tasks.yml
- - tweaks\debloat\cleanup-temp-files.yml
# -----------------------------------------------------
# Scripts
@@ -343,7 +337,10 @@ features:
# -----------------------------------------------------
- tweaks\statuses\status-scripts.yml
- tweaks\scripts\script-storage-sense.yml
+ - tweaks\scripts\script-core-isolation.yml
+ - tweaks\scripts\script-mitigations.yml
- tweaks\scripts\script-devices.yml
+ - tweaks\scripts\script-cleanup.yml
- tweaks\scripts\script-startmenu.yml
- tweaks\scripts\script-pfp.yml
- tweaks\scripts\script-wallpaper.yml
diff --git a/src/Configuration/tweaks/debloat/cleanup-temp-files.yml b/src/Configuration/tweaks/debloat/cleanup-temp-files.yml
deleted file mode 100644
index 7df92599ae..0000000000
--- a/src/Configuration/tweaks/debloat/cleanup-temp-files.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-title: Clean Up Temporary Files
-description: Cleans up temporary files created during the playbook process, excluding AME folders
-privilege: TrustedInstaller
-actions:
- # Cleanmgr does not clean these up as AME needs to be prevented from being deleted
- - !cmd:
- command: 'for /f %a in (''dir /b "%TEMP%" /a:-d'') do del /q "%TEMP%\%a"'
- weight: 10
- # Windows Temp folder
- - !cmd:
- command: 'del /f /s /q C:\Windows\Temp\*'
- weight: 10
- # The AME folder has to be excluded here, otherwise it will remove
- # the Playbook logs and cause issues with the AME Wizard
- - !cmd:
- command: 'for /f %a in (''dir /b "%TEMP%" /a:d ^| findstr /v /c:"AME"'') do rmdir /q /s "%TEMP%\%a"'
- weight: 10
diff --git a/src/Configuration/tweaks/scripts/script-cleanup.yml b/src/Configuration/tweaks/scripts/script-cleanup.yml
new file mode 100644
index 0000000000..4b764304f8
--- /dev/null
+++ b/src/Configuration/tweaks/scripts/script-cleanup.yml
@@ -0,0 +1,10 @@
+---
+title: Cleanup Temporary Files
+description: Cleans up temporary files using Disk Cleanup (if no other installs of Windows are found)
+privilege: TrustedInstaller
+actions:
+ - !run:
+ exe: 'powershell.exe'
+ args: '-NoP -File CLEANUP.ps1'
+ exeDir: true
+ wait: true
diff --git a/src/Configuration/tweaks/scripts/script-core-isolation.yml b/src/Configuration/tweaks/scripts/script-core-isolation.yml
new file mode 100644
index 0000000000..11eecb9b9c
--- /dev/null
+++ b/src/Configuration/tweaks/scripts/script-core-isolation.yml
@@ -0,0 +1,11 @@
+---
+title: Disable Core Isolation
+description: Disables Core Isolation (VBS) based on the user's options
+privilege: TrustedInstaller
+actions:
+ - !run:
+ exe: 'powershell.exe'
+ args: '-NoP -File "C:\Users\Default\Desktop\Atlas\3. Configuration\5. Security\Core Isolation (VBS)\Current Configuration.ps1" -DisableAllVBS'
+ exeDir: true
+ wait: true
+ option: 'vbs-disable'
\ No newline at end of file
diff --git a/src/Configuration/tweaks/scripts/script-mitigations.yml b/src/Configuration/tweaks/scripts/script-mitigations.yml
new file mode 100644
index 0000000000..2b01c68694
--- /dev/null
+++ b/src/Configuration/tweaks/scripts/script-mitigations.yml
@@ -0,0 +1,10 @@
+---
+title: Disable Mitigations
+description: Disables mitigations in Windows dependant on the user's options
+privilege: TrustedInstaller
+actions:
+ - !run:
+ exe: 'C:\Users\Default\Desktop\Atlas\3. Configuration\1. General Configuration\Mitigations\Disable All Mitigations.cmd'
+ args: '/silent'
+ wait: true
+ option: 'mitigations-disable'
diff --git a/src/Configuration/tweaks/scripts/script-prompts.yml b/src/Configuration/tweaks/scripts/script-prompts.yml
deleted file mode 100644
index 39d0a71dac..0000000000
--- a/src/Configuration/tweaks/scripts/script-prompts.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-title: Show User Prompts
-description: Shows prompts to the user to toggle certain features like VBS or Defender
-privilege: TrustedInstaller
-actions:
- - !run:
- exe: 'powershell.exe'
- args: '-NoP -File PROMPTS.ps1'
- exeDir: true
- wait: true
diff --git a/src/Configuration/tweaks/statuses/status-prompts.yml b/src/Configuration/tweaks/statuses/status-prompts.yml
deleted file mode 100644
index b04e5f3ed2..0000000000
--- a/src/Configuration/tweaks/statuses/status-prompts.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Status in AME Wizard for PowerShell Prompts
-description: Displays a status in AME Wizard for a specified category
-privilege: TrustedInstaller
-actions:
- - !writeStatus: {status: 'Waiting for user prompts'}
\ No newline at end of file
diff --git a/src/Executables/Atlas/1. Software/Install Software.ps1 b/src/Executables/Atlas/1. Software/Install Software.ps1
index 4eb040541e..9bbd52844c 100644
--- a/src/Executables/Atlas/1. Software/Install Software.ps1
+++ b/src/Executables/Atlas/1. Software/Install Software.ps1
@@ -151,6 +151,9 @@ $Form.Controls.Add((generate_checkbox "Kaspersky Anti-Virus" "kav"))
# https://community.chocolatey.org/packages/microsoft-windows-terminal
$Form.Controls.Add((generate_checkbox "Windows Terminal" "microsoft-windows-terminal"))
+# https://community.chocolatey.org/packages/waterfox
+$Form.Controls.Add((generate_checkbox "Waterfox" "waterfox"))
+
if ($global:column -ne 0) {
$global:lastPos += $separate
}
diff --git a/src/Executables/Atlas/1. Software/Remove Edge.ps1 b/src/Executables/Atlas/1. Software/Remove Edge.ps1
index 56d1610eee..faf68c619c 100644
--- a/src/Executables/Atlas/1. Software/Remove Edge.ps1
+++ b/src/Executables/Atlas/1. Software/Remove Edge.ps1
@@ -10,21 +10,6 @@ function PauseNul ($message = "Press any key to continue... ") {
$Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown') | Out-Null
}
-# removing Edge Chromium & WebView is meant to be compatible with TrustedInstaller for AME Wizard
-# running the uninstaller as TrustedInstaller causes shortcuts and other things not to be removed properly
-function RunAsScheduledTask {
- [CmdletBinding()]
- param (
- [String]$Command
- )
- $user = (Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object -ExpandProperty UserName) -replace ".*\\"
- $action = New-ScheduledTaskAction -Execute "$env:windir\System32\cmd.exe" -Argument "/c $Command"
- $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries
- $title = "RemoveEdge $(Get-Random -minimum 9999999999)"
- Register-ScheduledTask -TaskName $title -Action $action -Settings $settings -User $user -RunLevel Highest -Force | Start-ScheduledTask | Out-Null
- Unregister-ScheduledTask -TaskName $title -Confirm:$false | Out-Null
-}
-
function RemoveEdgeChromium {
[CmdletBinding()]
param (
@@ -120,14 +105,19 @@ function UninstallAll {
}
}
-# AppX is not removed as it's handled by AME Wizard
if ($Setup) {
+ if ((whoami /user) -like "*S-1-5-18*") {
+ $user = (Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object -ExpandProperty UserName) -replace ".*\\"
+ $action = New-ScheduledTaskAction -Execute "$env:windir\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument '-NoP -EP Unrestricted -WindowStyle Hidden -File "C:\Users\Default\Desktop\Atlas\1. Software\Remove Edge.ps1" -Setup'
+ $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries
+ $title = "RemoveEdge $(Get-Random -minimum 9999999999)"
+ Register-ScheduledTask -TaskName $title -Action $action -Settings $settings -User $user -RunLevel Highest -Force | Start-ScheduledTask | Out-Null
+ # Unregister-ScheduledTask -TaskName $title -Confirm:$false | Out-Null
+ exit
+ }
$removeData = $true
- Write-Warning "Uninstalling Edge Chromium..."
- RemoveEdgeChromium -AsTask
- Write-Warning "Uninstalling Edge WebView..."
- RemoveWebView -AsTask
- Write-Warning "The AppX Edge needs to be removed by AME Wizard..."
+ $removeWebView = $true
+ UninstallAll
exit
}
diff --git a/src/Executables/Atlas/3. Configuration/1. General Configuration/Bluetooth/Disable Bluetooth (default).cmd b/src/Executables/Atlas/3. Configuration/1. General Configuration/Bluetooth/Disable Bluetooth (default).cmd
index ff5ae57803..86bff4cba1 100644
--- a/src/Executables/Atlas/3. Configuration/1. General Configuration/Bluetooth/Disable Bluetooth (default).cmd
+++ b/src/Executables/Atlas/3. Configuration/1. General Configuration/Bluetooth/Disable Bluetooth (default).cmd
@@ -1,11 +1,14 @@
@echo off
setlocal EnableDelayedExpansion
+if "%~1"=="/silent" goto main
+
whoami /user | find /i "S-1-5-18" > nul 2>&1 || (
call RunAsTI.cmd "%~f0" "%*"
exit /b
)
+:main
:: Disable Bluetooth drivers and services
call setSvc.cmd BluetoothUserService 4
call setSvc.cmd BTAGService 4
@@ -27,7 +30,10 @@ call setSvc.cmd RFCOMM 4
:: Disable Bluetooth devices
call toggleDev.cmd "*Bluetooth*"
-attrib +h "%APPDATA%\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK"
+for /f "tokens=3 delims==\" %%a in ('wmic computersystem get username /value ^| find "="') do set "loggedinUsername=%%a"
+attrib +h "C:\Users\%loggedinUsername%\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK"
+
+if "%~1"=="/silent" exit
echo Finished, please reboot your device for changes to apply.
pause
diff --git a/src/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Current Configuration.ps1 b/src/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Current Configuration.ps1
index c00c75282a..80c509db41 100644
--- a/src/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Current Configuration.ps1
+++ b/src/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Current Configuration.ps1
@@ -1,5 +1,46 @@
+[CmdletBinding()]
+param (
+ [Parameter()][Switch]$DisableAllVBS,
+ [Parameter()][Switch]$EnableMemoryIntegrity
+)
+
# https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#validate-enabled-vbs-and-memory-integrity-features
+$memIntegrity = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity"
+$kernelShadowStacks = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\KernelShadowStacks"
+$credentialGuard = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard"
+
+if ($DisableAllVBS) {
+ Write-Warning "Disabling VBS features..."
+
+ # Memory Integrity
+ if (Test-Path $memIntegrity) {
+ New-ItemProperty -Path $memIntegrity -Name "Enabled" -Value 0 -PropertyType DWORD -Force
+ Remove-ItemProperty -Path $memIntegrity -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue
+ Remove-ItemProperty -Path $memIntegrity -Name "WasEnabledBy" -ErrorAction SilentlyContinue
+ }
+
+ # Kernel-mode Hardware-enforced Stack Protection (Windows 11 only)
+ if (Test-Path $kernelShadowStacks) {
+ New-ItemProperty -Path $kernelShadowStacks -Name "Enabled" -Value 0 -PropertyType DWORD -Force
+ Remove-ItemProperty -Path $kernelShadowStacks -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue
+ Remove-ItemProperty -Path $kernelShadowStacks -Name "WasEnabledBy" -ErrorAction SilentlyContinue
+ }
+
+ # Credential Guard (Windows 11 only)
+ if (Test-Path $credentialGuard) {
+ New-ItemProperty -Path $credentialGuard -Name "Enabled" -Value 0 -PropertyType DWORD -Force
+ Remove-ItemProperty -Path $credentialGuard -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue
+ Remove-ItemProperty -Path $credentialGuard -Name "WasEnabledBy" -ErrorAction SilentlyContinue
+ }
+ exit
+} elseif ($EnableMemoryIntegrity) {
+ Write-Warning "Enabling memory integrity..."
+ Set-ItemProperty -Path $memIntegrity -Name "Enabled" -Value 1 -Type DWord
+ Set-ItemProperty -Path $memIntegrity -Name "WasEnabledBy" -Value 2 -Type DWord
+ exit
+}
+
$pages = @(
@{
Title = "VBS Features Running"
diff --git a/src/Executables/CLEANUP.ps1 b/src/Executables/CLEANUP.ps1
new file mode 100644
index 0000000000..90d2e106a3
--- /dev/null
+++ b/src/Executables/CLEANUP.ps1
@@ -0,0 +1,62 @@
+# Clearing the user's temporary folder
+Get-ChildItem -Path "$env:TEMP" -File | Remove-Item -Force -EA SilentlyContinue
+
+# Clearing the Windows Temp folder
+Remove-Item -Path 'C:\Windows\Temp\*' -Force -Recurse -EA SilentlyContinue
+
+# Exclude the AME folder while deleting directories in the temporary folder
+Get-ChildItem -Path "$env:TEMP" -Directory | Where-Object { $_.Name -ne 'AME' } | Remove-Item -Force -Recurse -EA SilentlyContinue
+
+# As cleanmgr has multiple processes, there's no point in making the window hidden as it won't apply
+function Invoke-AtlasDiskCleanup {
+ # Kill running cleanmgr instances, as they will prevent new cleanmgr from starting
+ Get-Process -Name cleanmgr -ErrorAction SilentlyContinue | Stop-Process -Force -ErrorAction SilentlyContinue
+ # Disk Cleanup preset
+ # 2 = enabled
+ # 0 = disabled
+ $baseKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches'
+ $regValues = @{
+ "Active Setup Temp Folders" = 2
+ "BranchCache" = 2
+ "D3D Shader Cache" = 0
+ "Delivery Optimization Files" = 2
+ "Diagnostic Data Viewer database files" = 2
+ "Downloaded Program Files" = 2
+ "Internet Cache Files" = 2
+ "Language Pack" = 0
+ "Old ChkDsk Files" = 0
+ "Recycle Bin" = 0
+ "RetailDemo Offline Content" = 2
+ "Setup Log Files" = 2
+ "System error memory dump files" = 2
+ "System error minidump files" = 2
+ "Temporary Files" = 0
+ "Thumbnail Cache" = 2
+ "Update Cleanup" = 2
+ "User file versions" = 2
+ "Windows Error Reporting Files" = 2
+ "Windows Defender" = 2
+ "Temporary Sync Files" = 2
+ "Device Driver Packages" = 2
+ }
+ foreach ($entry in $regValues.GetEnumerator()) {
+ $key = $entry.Key
+ $value = $entry.Value
+ $path = "$baseKey\$key"
+ Set-ItemProperty -Path $path -Name 'StateFlags0064' -Value $value -Type DWORD
+ }
+ # Run preset 64 (0-65535)
+ Start-Process -FilePath "cleanmgr.exe" -ArgumentList "/sagerun:64"
+}
+
+# Check for other installations of Windows
+# If so, don't cleanup as it will also cleanup other drives
+$excludedDrive = "C"
+$drives = Get-PSDrive -PSProvider 'FileSystem' | Where-Object { $_.Name -ne $excludedDrive }
+foreach ($drive in $drives) {
+ if (Test-Path -Path $(Join-Path -Path $drive.Root -ChildPath 'Windows') -PathType Container) {
+ $otherInstalls = $true
+ }
+}
+
+if (!($otherInstalls)) { Invoke-AtlasDiskCleanup }
\ No newline at end of file
diff --git a/src/Executables/DISABLEPNP.ps1 b/src/Executables/DISABLEPNP.ps1
index d76bc3ad17..a88b984467 100644
--- a/src/Executables/DISABLEPNP.ps1
+++ b/src/Executables/DISABLEPNP.ps1
@@ -3,7 +3,6 @@ $devices = @(
"AMD PSP",
"AMD SMBus",
"Base System Device",
- "*Bluetooth*",
"Composite Bus Enumerator",
"Direct memory access controller"
"High precision event timer",
@@ -33,4 +32,4 @@ $devices = @(
)
# No errors as some devices may not have an option to be disabled
-Get-PnpDevice -FriendlyName $devices -ErrorAction Ignore | Disable-PnpDevice -Confirm:$false -ErrorAction Ignore
\ No newline at end of file
+Get-PnpDevice -FriendlyName $devices -ErrorAction Ignore | Disable-PnpDevice -Confirm:$false -ErrorAction Ignore
diff --git a/src/Executables/FINALIZE.cmd b/src/Executables/FINALIZE.cmd
index b55fc491f8..d68166f511 100644
--- a/src/Executables/FINALIZE.cmd
+++ b/src/Executables/FINALIZE.cmd
@@ -150,7 +150,6 @@ for /f "tokens=1" %%a in ('netsh int ip show interfaces ^| findstr [0-9]') do (
for /f "tokens=3 delims==\" %%a in ('wmic computersystem get username /value ^| find "="') do set "loggedinUsername=%%a"
:: Debloat 'Send To' context menu, hidden files do not show up in the 'Send To' context menu
-attrib +h "C:\Users\!loggedinUsername!\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK"
attrib +h "C:\Users\!loggedinUsername!\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail"
attrib +h "C:\Users\!loggedinUsername!\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs"
@@ -221,4 +220,4 @@ if "!diskDrive!" == "SSD" (
:: Prevent mobsync.exe from running
ren "!windir!\System32\mobsync.exe" mobsync.old
-ren "!windir!\SysWOW64\mobsync.exe" mobsync.old
\ No newline at end of file
+ren "!windir!\SysWOW64\mobsync.exe" mobsync.old
diff --git a/src/Executables/LIBREWOLF.ps1 b/src/Executables/LIBREWOLF.ps1
new file mode 100644
index 0000000000..ba64df9a06
--- /dev/null
+++ b/src/Executables/LIBREWOLF.ps1
@@ -0,0 +1,69 @@
+# disable progress bars
+$ProgressPreference = "SilentlyContinue"
+# stop on errors, as each command is vital
+$ErrorActionPreference = "Stop"
+
+$updaterPath = "$env:programfiles\LibreWolf\librewolf-winupdater"
+$librewolfPath = "$env:programfiles\LibreWolf"
+$desktop = [Environment]::GetFolderPath("Desktop")
+$startMenu = "$env:ProgramData\Microsoft\Windows\Start Menu\Programs"
+
+<# if (Test-Path $librewolfPath) {
+ Write-Host "A version of LibreWolf is seemingly already installed."
+ Write-Host "This script will not continue."
+ exit 1
+} #>
+
+Write-Warning "Getting the latest LibreWolf download link"
+$librewolfVersion = Invoke-RestMethod -Uri "https://gitlab.com/api/v4/projects/44042130/releases" | ForEach-Object { $_.name } | Select-Object -First 1
+$librewolfFileName = "librewolf-$librewolfVersion-windows-x86_64-setup.exe"
+$librewolfDownload = "https://gitlab.com/api/v4/projects/44042130/packages/generic/librewolf/$librewolfVersion/$librewolfFileName"
+Write-Warning "Getting the latest LibreWolf-WinUpdater download link"
+$librewolfUpdaterURI = "https://codeberg.org/api/v1/repos/ltguillaume/librewolf-winupdater/releases?draft=false&pre-release=false&page=1&limit=1"
+$librewolfUpdaterDownload = (Invoke-RestMethod -Uri "$librewolfUpdaterURI" -Headers @{ "accept" = "application/json" }).Assets |
+ Where-Object { $_.name -like "*.zip" } |
+ Select-Object -ExpandProperty browser_download_url
+
+# output paths
+$outputLibrewolf = "$env:systemdrive\$librewolfFileName"
+$outputLibrewolfUpdater = "$env:systemdrive\librewolf-winupdater.zip"
+
+Write-Warning "Downloading the latest LibreWolf setup"
+Invoke-WebRequest -Uri $librewolfDownload -OutFile $outputLibrewolf
+Write-Warning "Downloading the latest LibreWolf WinUpdater ZIP"
+Invoke-WebRequest -Uri $librewolfUpdaterDownload -OutFile $outputLibrewolfUpdater
+
+Write-Warning "Installing LibreWolf silently"
+Start-Process -Wait -FilePath $outputLibrewolf -ArgumentList "/S"
+if (!(Test-Path $librewolfPath)) {
+ Write-Host "Installing LibreWolf silently failed."
+ exit 1
+}
+Write-Warning "Installing/extracting Librewolf-WinUpdater"
+Expand-Archive -Path $outputLibrewolfUpdater -DestinationPath "$env:programfiles\LibreWolf\librewolf-winupdater" -Force
+
+Write-Warning "Adding automatic updater task"
+$Title = "LibreWolf WinUpdater"
+$Action = New-ScheduledTaskAction -Execute "$updaterPath\LibreWolf-WinUpdater.exe" -Argument "/Scheduled"
+$Settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -RunOnlyIfNetworkAvailable
+$7Hours = New-ScheduledTaskTrigger -Once -At (Get-Date -Minute 0 -Second 0).AddHours(1) -RepetitionInterval (New-TimeSpan -Hours 7)
+$AtLogon = New-ScheduledTaskTrigger -AtLogOn
+$AtLogon.Delay = 'PT1M'
+$User = (Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object -ExpandProperty UserName) -replace ".*\\"
+Register-ScheduledTask -TaskName "$Title ($User)" -Action $Action -Settings $Settings -Trigger $7Hours,$AtLogon -User $User -RunLevel Highest -Force | Out-Null
+
+Write-Warning "Creating shortcuts"
+function Create-Shortcut {
+ param ( [string]$Source, [string]$Destination, [string]$WorkingDir )
+ $WshShell = New-Object -comObject WScript.Shell
+ $Shortcut = $WshShell.CreateShortcut($Destination)
+ $Shortcut.TargetPath = $Source
+ $Shortcut.WorkingDirectory = $WorkingDir
+ $Shortcut.Save()
+}
+Create-Shortcut -Source "$librewolfPath\librewolf.exe" -Destination "$desktop\LibreWolf.lnk" -WorkingDir $librewolfPath
+Create-Shortcut -Source "$updaterPath\Librewolf-WinUpdater.exe" -Destination "$startMenu\LibreWolf\LibreWolf WinUpdater.lnk" -WorkingDir $librewolfPath
+
+Write-Warning "Removing temporary installer files"
+Remove-Item "$outputLibrewolf" -Force
+Remove-Item "$outputLibrewolfUpdater" -Force
\ No newline at end of file
diff --git a/src/Executables/POWER.cmd b/src/Executables/POWER.cmd
index 7921948b20..9b96f170b8 100644
--- a/src/Executables/POWER.cmd
+++ b/src/Executables/POWER.cmd
@@ -3,7 +3,8 @@ setlocal EnableDelayedExpansion
:: Detect if user uses laptop device or personal computer
for /f "delims=:{}" %%a in ('wmic path Win32_SystemEnclosure get ChassisTypes ^| findstr [0-9]') do set "CHASSIS=%%a"
-for %%a in (8 9 10 11 12 13 14 18 21 30 31 32) do if "!CHASSIS!" == "%%a" (set "DEVICE_TYPE=LAPTOP") else (set "DEVICE_TYPE=PC")
+set "DEVICE_TYPE=PC"
+for %%a in (8 9 10 11 12 13 14 18 21 30 31 32) do if "!CHASSIS!" == "%%a" (set "DEVICE_TYPE=LAPTOP")
:: Disable Hibernation and Fast Startup
:: Disabling makes NTFS accessable outside of Windows
diff --git a/src/Executables/PROMPTS.ps1 b/src/Executables/PROMPTS.ps1
deleted file mode 100644
index f2383f948a..0000000000
--- a/src/Executables/PROMPTS.ps1
+++ /dev/null
@@ -1,169 +0,0 @@
-# https://ss64.com/vb/msgbox.html
-$sh = New-Object -ComObject "Wscript.Shell"
-
-<#
- --------------------------
- Mitigations
- --------------------------
-#>
-
-$WindowTitle = 'Security Mitigations Prompt - Atlas'
-
-$Message = @'
-Would you like to disable security CPU mitigations/fixes for vulnerabilities like Meltdown and Spectre?
-
-This is mostly beneficial on older CPUs, recent CPUs have these fixes implemented in hardware. In some cases (i.e. AMD Zen 4 CPUs), it can be significantly worse for performance to disable mitigations.
-
-However, old CPUs do not have these mitigations/fixes at a hardware level, meaning that mitigations can significantly decrease performance.
-
-You can always change this after you have installed Atlas, and it is recommended to benchmark the effects of this tweak, if you use it.
-
-Realistically, you are unlikely to be attacked due to worse security from disabling CPU mitigations. However, disabling them is significantly worse for security, that's why they exist.
-
-Automatically selecting 'Yes' in 5 minutes...
-'@
-
-# Default option is 'Yes'
-$intButton = '6'
-$intButton = $sh.Popup($Message,300,$WindowTitle,4+48+0)
-
-if ($intButton -eq '6') { # if 'Yes'
- Write-Host Disabling mitigiations...
- $loggedinUsername = (Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty UserName) -replace '^.*\\'
- $mitigationScriptPath = "C:\Users\$loggedInUsername\Desktop\Atlas\3. Configuration\1. General Configuration\Mitigations\Disable All Mitigations.cmd"
- Start-Process -WindowStyle Hidden -FilePath "$mitigationScriptPath" -ArgumentList "/silent"
-}
-
-<#
- --------------------------
- Core Isolation
- --------------------------
-#>
-
-$WindowTitle = 'Core Isolation - Atlas'
-
-$Message = @'
-Would you like to enable Core Isolation (Virtualization Based Security)?
-
-Core Isolation is a feature in Windows that aims to protect very important parts of the operating system. Its main feature is called Memory Integrity.
-
-This prevents attackers, malware or compromised programs from using vulnerabilities within drivers or other important components of Windows to gain access to the operating system.
-
-Although this improves security, it will significantly worsen performance (up to ~10% in some cases), especially on older CPUs like Intel 8th gen or AMD Zen 2, but it is even impactful on recent CPUs.
-
-You can configure this later in Windows Security app.
-
-Automatically selecting 'No' in 5 minutes, which will disable Core Isolation features...
-'@
-
-# Default option is 'No'
-$intButton = '7'
-$intButton = $sh.Popup($Message,300,$WindowTitle,4+48+0)
-
-$memIntegrity = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity"
-$kernelShadowStacks = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\KernelShadowStacks"
-$credentialGuard = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard"
-
-if ($intButton -eq '7') { # if 'No'
- Write-Host Disabling VBS features...
-
- # Memory Integrity
- if (Test-Path $memIntegrity) {
- New-ItemProperty -Path $memIntegrity -Name "Enabled" -Value 0 -PropertyType DWORD -Force
- Remove-ItemProperty -Path $memIntegrity -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue
- Remove-ItemProperty -Path $memIntegrity -Name "WasEnabledBy" -ErrorAction SilentlyContinue
- }
-
- # Kernel-mode Hardware-enforced Stack Protection (Windows 11 only)
- if (Test-Path $kernelShadowStacks) {
- New-ItemProperty -Path $kernelShadowStacks -Name "Enabled" -Value 0 -PropertyType DWORD -Force
- Remove-ItemProperty -Path $kernelShadowStacks -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue
- Remove-ItemProperty -Path $kernelShadowStacks -Name "WasEnabledBy" -ErrorAction SilentlyContinue
- }
-
- # Credential Guard (Windows 11 only)
- if (Test-Path $credentialGuard) {
- New-ItemProperty -Path $credentialGuard -Name "Enabled" -Value 0 -PropertyType DWORD -Force
- Remove-ItemProperty -Path $credentialGuard -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue
- Remove-ItemProperty -Path $credentialGuard -Name "WasEnabledBy" -ErrorAction SilentlyContinue
- }
-} else {
- Set-ItemProperty -Path $memIntegrity -Name "Enabled" -Value 1 -Type DWord
- Set-ItemProperty -Path $memIntegrity -Name "WasEnabledBy" -Value 2 -Type DWord
-}
-
-<#
- --------------------------
- Cleanmgr
- --------------------------
-#>
-
-# As cleanmgr has multiple processes, there's no point in making the window hidden as it won't apply
-function Invoke-AtlasDiskCleanup {
- # Kill running cleanmgr instances, as they will prevent new cleanmgr from starting
- Get-Process -Name cleanmgr | Stop-Process -Force
- # Cleanmgr preset
- # 2 = enabled
- # 0 = disabled
- $baseKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches'
- $regValues = @{
- "Active Setup Temp Folders" = 2
- "BranchCache" = 2
- "D3D Shader Cache" = 2
- "Delivery Optimization Files" = 2
- "Diagnostic Data Viewer database files" = 2
- "Downloaded Program Files" = 2
- "Internet Cache Files" = 2
- "Language Pack" = 0
- "Old ChkDsk Files" = 0
- "Recycle Bin" = 0
- "RetailDemo Offline Content" = 2
- "Setup Log Files" = 2
- "System error memory dump files" = 2
- "System error minidump files" = 2
- "Temporary Files" = 0
- "Thumbnail Cache" = 2
- "Update Cleanup" = 2
- "User file versions" = 2
- "Windows Error Reporting Files" = 2
- }
- foreach ($entry in $regValues.GetEnumerator()) {
- $key = $entry.Key
- $value = $entry.Value
- $path = "$baseKey\$key"
- Set-ItemProperty -Path $path -Name 'StateFlags0064' -Value $value -Type DWORD
- }
- # Run preset 64 (0-65535)
- Start-Process -FilePath "cleanmgr.exe" -ArgumentList "/sagerun:64"
-}
-
-# Check for other installations of Windows
-# If so, show the prompt, if not, run Disk Cleanup without input
-$excludedDrive = "C"
-$drives = Get-PSDrive -PSProvider 'FileSystem' | Where-Object { $_.Name -ne $excludedDrive }
-foreach ($drive in $drives) {
- if (Test-Path -Path $(Join-Path -Path $drive.Root -ChildPath 'Windows') -PathType Container) {
- $otherInstalls = $true
- }
-}
-
-$WindowTitle = 'Disk Cleanup - Atlas'
-
-$Message = @'
-Would you like to run Disk Cleanup (with the Atlas preset)?
-
-Disk Cleanup is a built-in tool in Windows for freeing disk space by removing temporary files, which is good (in this case) to have a clean base installation.
-
-Due to a Disk Cleanup limitation in Windows, you can only clean all drives on a system when using a Disk Cleanup preset, not just the current installation.
-
-Although nothing unexpected should come from using Disk Cleanup, this will modify other installations of Windows on your computer.
-
-Automatically selecting 'No' in 5 minutes...
-'@
-
-if ($otherInstalls) {
- # Default option is 'No'
- $intButton = '7'
- $intButton = $sh.Popup($Message,300,$WindowTitle,4+48+256)
- if ($intButton -eq '6') {Invoke-AtlasDiskCleanup}
-} else {Invoke-AtlasDiskCleanup}
\ No newline at end of file
diff --git a/src/Images/brave.png b/src/Images/brave.png
new file mode 100644
index 0000000000..5aeb70792d
Binary files /dev/null and b/src/Images/brave.png differ
diff --git a/src/Images/chrome.png b/src/Images/chrome.png
new file mode 100644
index 0000000000..587734541a
Binary files /dev/null and b/src/Images/chrome.png differ
diff --git a/src/Images/librewolf.png b/src/Images/librewolf.png
new file mode 100644
index 0000000000..1c6872d4a5
Binary files /dev/null and b/src/Images/librewolf.png differ
diff --git a/src/local-build.cmd b/src/local-build.cmd
index fbb2588295..e921f10ff0 100644
--- a/src/local-build.cmd
+++ b/src/local-build.cmd
@@ -10,7 +10,7 @@ $fileName = "Atlas Test"
$replaceOldPlaybook = $true
# choose not to modify certain aspects from playbook.conf
-$removeRequirements = $true
+$removeRequirements = $false
$removeBuildRequirement = $true
# not recommended to disable as it will show malicious
$removeProductCode = $true
diff --git a/src/playbook.conf b/src/playbook.conf
index 0e03c8d613..0ed53454b7 100644
--- a/src/playbook.conf
+++ b/src/playbook.conf
@@ -18,9 +18,113 @@
NoPendingUpdates
PluggedIn
+ true
64
20
https://github.com/Atlas-OS/Atlas
https://atlasos.net
https://www.buymeacoffee.com/atlasos
+
+
+
+
+
+
+ Default Windows Mitigations (recommended)
+ mitigations-default
+
+
+ Disable All Mitigations
+ mitigations-disable
+
+
+
+
+
+
+
+
+ Disable Core Isolation (recommended)
+ vbs-disable
+
+
+ Windows Default
+ vbs-default
+
+
+
+
+
+
+
+ Remove Microsoft Edge
+ uninstall-edge
+
+
+
+ Disable Bluetooth
+ disable-bluetooth
+
+
+
+
+
+
+
+
+
+ Brave
+ browser-brave
+ brave
+ #131524
+ #3b3e4f
+
+
+ LibreWolf
+ browser-librewolf
+ librewolf
+ #00acff
+ #9CDEFF
+
+
+ Chrome
+ browser-chrome
+ chrome
+ #e33b2e
+ #E38A84
+
+
+
+
+
+
+
+
+ Normal Install with Updater
+ librewolf-winupdater
+
+
+ Install with Chocolatey
+ librewolf-choco
+
+
+
+
+