Update: there’s a new script to cleanup windows here.

function cleanWindows{
    write-host 'Disabling Windows Media (a vector of attack surface from malware)'
    Disable-WindowsOptionalFeature –FeatureName "WindowsMediaPlayer" -Online

    write-host 'Disabling XPS...'
    Disable-WindowsOptionalFeature -Online -FeatureName "Printing-XPSServices-Features"

    write-host 'Removing Workfolder Client'
    Disable-WindowsOptionalFeature -Online -FeatureName "WorkFolders-Client"

    write-host 'Removing Windows Store'
    Get-AppxPackage -AllUsers | Where-Object {$_.Name -like "Microsoft.WindowsStore*"} | remove-appxpackage

    write-host "Clear Windows Update Cache..."
    Dism.exe /online /Cleanup-Image /StartComponentCleanup

    write-host "Delete files in Temp directory..."
    $null=del C:\Temp\*.* -Recurse -Force

    write-host "Prune Event Logs..."
    $null=wevtutil el | Foreach-Object {wevtutil cl "$_"}

	write-host "Disabling Automatic Startup Repair..."
    $null=cmd.exe /c "bcdedit /set {default} recoveryenabled No"
    $null=cmd.exe /c "bcdedit /set {default} bootstatuspolicy ignoreallfailures"
    
    write-host 'Turning off hibernation'
    $null=powercfg /setactive SCHEME_MIN
    $null=powercfg /hibernate off

    write-host 'Disabling the annoying Windows Update notifications...'
    $system32="$env:windir\System32"
    $annoyingNotifications="$system32\musnotification.exe","$system32\musnotificationux.exe"
    $denyExecute= New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","Execute","Deny")
    $annoyingNotifications|%{
        $acl = Get-ACL $_ 
        $acl.AddAccessRule($denyExecute)
        Set-Acl $_ $acl 
        }

    write-host "Performing Disk Cleanup..."
    (Get-Volume).DriveLetter|ForEach-Object{cleanmgr /d $_ /VeryLowDisk}

    write-host 'Removing bloatware...'
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    $bloatwareRemovalDownload="https://github.com/Sycnex/Windows10Debloater/archive/master.zip"
    $bloatwareRemovalDestination="C:\Temp\Windows10Debloater-master.zip"
    (New-Object System.Net.WebClient).DownloadFile($bloatwareRemovalDownload, $bloatwareRemovalDestination)
    $destination="C:\Temp"
    expand-archive -path $bloatwareRemovalDestination -DestinationPath $destination
    PowerShell.exe -executionpolicy bypass -File C:\Temp\Windows10Debloater-master\Windows10Debloater.ps1 -Confirm:$False   
}

cleanWindows;
Categories: