System Configurations

This document provides a collection of PowerShell scripts for various system configurations.

PowerShell Execution Policy Change

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Remote Desktop Enablement

# Check if Remote Desktop is enabled
$rdStatus = Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections"

if ($rdStatus.fDenyTSConnections -eq 1) {
    # Enable Remote Desktop
    Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0
    Write-Output "Remote Desktop is now enabled."
} else {
    Write-Output "Remote Desktop is already enabled."
}

# Check if the "Remote Desktop" firewall rule is enabled
$firewallRule = Get-NetFirewallRule -DisplayGroup "Remote Desktop" | Get-NetFirewallProfile

if ($firewallRule.Enabled -eq "False") {
    # Enable the "Remote Desktop" firewall rule
    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
    Write-Output "The 'Remote Desktop' firewall rule is now enabled."
} else {
    Write-Output "The 'Remote Desktop' firewall rule is already enabled."
}

Enable Windows Features

This block of code is used to enable the Math Recognizer feature.

# Enable a Windows Feature
Dism /Online /Add-Capability /CapabilityName:MathRecognizer~~~~0.0.1.0

Remember to run the script with administrative privileges.

.NET Environment Variables Setup

This block of code is used to set .NET environment variables to disable telemetry and the first run experience.

# https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-environment-variables
# Check if DOTNET_CLI_TELEMETRY_OPTOUT is not set
if (-not (Get-Item Env:DOTNET_CLI_TELEMETRY_OPTOUT)) {
    # Opt-out of telemetry
    setx /M DOTNET_CLI_TELEMETRY_OPTOUT 1
}

# Check if DOTNET_NOLOGO is not set
if (-not (Get-Item Env:DOTNET_NOLOGO)) {
    # Disable the first run experience
    setx /M DOTNET_NOLOGO 1
}

Clipboard History Enablement

# Enable clipboard history
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Clipboard" -Name "EnableClipboardHistory" -Value 1

Widgets Uninstallation

# Define the package ID
$packageId = "MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy"

# Check if the package is installed
$package = winget list -e --id $packageId | Out-String
$wasInstalled = $false

if ($package -match $packageId) {
    $wasInstalled = $true
}

while ($package -match $packageId) {
    # Uninstall the package
    winget uninstall -e --id $packageId

    # Check again if the package is installed
    $package = winget list -e --id $packageId | Out-String
}

if ($wasInstalled) {
    # Ask the user if they want to restart explorer
    $userInput = Read-Host -Prompt "Do you want to restart explorer? (y/n)"

    if ($userInput -eq "y") {
        # Restart explorer
        Stop-Process -Name explorer -Force
        Start-Process explorer
    }
} else {
    Write-Host "$packageId was not installed."
}

Windows Defender Real-Time Protection Management

The following PowerShell script is used to manage the real-time protection feature of Windows Defender. It first checks the current status of real-time protection. If it's disabled, it prompts the user with an option to enable it. Conversely, if it's enabled, it gives the user an option to disable it.

# Check if the script is running as an administrator
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Output "This script must be run as an Administrator. Please re-run this script as an Administrator."
    return
}

# Check if DisableRealtimeMonitoring is set
$realTimeProtectionStatus = Get-MpPreference | Select-Object -ExpandProperty DisableRealtimeMonitoring

if ($realTimeProtectionStatus -eq $true) {
    Write-Output "Real-time protection is currently disabled."

    # Ask the user if they want to enable real-time protection
    $userInput = Read-Host -Prompt "Do you want to enable real-time protection? (yes/no)"

    if ($userInput -eq "yes") {
        # Enable real-time protection
        Set-MpPreference -DisableRealtimeMonitoring $false
        Write-Output "Real-time protection is now enabled."
    } else {
        Write-Output "Real-time protection remains disabled."
    }
} else {
    Write-Output "Real-time protection is currently enabled."

    # Ask the user if they want to disable real-time protection
    $userInput = Read-Host -Prompt "Do you want to disable real-time protection? (yes/no)"

    if ($userInput -eq "yes") {
        # Disable real-time protection
        Set-MpPreference -DisableRealtimeMonitoring $true
        Write-Output "Real-time protection is now disabled."
    } else {
        Write-Output "Real-time protection remains enabled."
    }
}

DNS Servers Setup

Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses ("10.10.10.10", "8.8.8.8", "2001:4860:4860::8888", "2001:4860:4860::8844")

Winget Issue Fix for Windows Version 23H2

This section provides a solution for a known issue in Windows Version 23H2 where the winget command may not work as expected. The solution involves using a winget-install script from PSGallery. Run the following commands in Powershell as Administrator:

# https://github.com/microsoft/winget-cli/issues/3832#issuecomment-1995927550
# Install the NuGet package provider
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force

# Set the PSGallery repository as trusted
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted

# Install the winget-install script
Install-Script -Name winget-install -Force

# Run the winget-install script
winget-install.ps1 -Force

This solution is useful if you prefer to use only Powershell to fix the issue.