Comments (7)
undergroundwires
commented on September 24, 2024
1
Update: Some of the new apps are added in 0.12.10. I'll slowly add all of the remaining apps. I do comprehensive research and add documentation before adding them that takes some time.
from privacy.sexy.
undergroundwires
commented on September 24, 2024
Hi, thank you for report. I will add both.
Missing apps in privacy.sexy
I did some comprehensive research and revisited all apps after you flag this. I see that we're missing disabling of these apps:
| Name | Type | Windows 10 (19H2) | Windows 10 (20H2) | Windows 10 (21H2) | Windows 10 (22H2) | Windows 11 (21H2) | Windows 11 (22H2) | Windows 11 (23H2) |
|---|---|---|---|---|---|---|---|---|
Microsoft.Windows.ShellExperienceHost |
System | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Windows.immersivecontrolpanel |
System | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Microsoft.Windows.CallingShellApp |
System | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
NcsiUwpApp |
System | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Microsoft.Windows.NarratorQuickStart |
System | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Microsoft.Windows.StartMenuExperienceHost |
System | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Microsoft.Windows.XGpuEjectDialog |
System | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
MicrosoftWindows.Client.CBS |
System | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
MicrosoftWindows.Client.Core |
System | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
MicrosoftWindows.UndockedDevKit |
System | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Clipchamp.Clipchamp |
User | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Microsoft.GamingApp |
User | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
Microsoft.HEVCVideoExtension |
User | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Microsoft.OneDriveSync |
User | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
Microsoft.Paint |
User | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
Microsoft.PowerAutomateDesktop |
User | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
Microsoft.RawImageExtension |
User | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Microsoft.SecHealthUI |
User | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
Microsoft.Windows.PrintQueueActionCenter |
System | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Microsoft.WindowsNotepad |
User | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
Microsoft.WindowsTerminal |
User | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
MicrosoftCorporationII.QuickAssist |
User | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
MicrosoftWindows.Client.FileExp |
System | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
What should we exclude?
I guess these are the apps that we should not add to privacy sexy to provide more safety to end-user:
Microsoft.Windows.ShellExperienceHost: "Start app", required for different setting windows such as WiFi and battery panes in action bar.Windows.immersivecontrolpanel: "Settings app", required for settings view.
Is there any more apps here that we should exclude from privacy.sexy?
P.S: Renaming the issue to be more generic to cover our discussion.
from privacy.sexy.
ScribbleGhost
commented on September 24, 2024
Well done 👍
The only things I see missing are:
Microsoft.549981C3F5F10
Microsoft.BingWeather
Microsoft.WindowsSoundRecorder
MicrosoftTeams
That last one (Teams) is a strange one. Even if I try to deprovision it in the registry with: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\MicrosoftTeams_8wekyb3d8bbwe, when making a new user it sometimes appears. That is; it appears as a provisioned package. But I have not been able to consistently reproduce it. Something is at play here, but I don't know what.
from privacy.sexy.
undergroundwires
commented on September 24, 2024
Request for information -A More data about teams installation
Another great recommendation. I worked on Teams before but did not make it to a release. But we can have it as part 0.13.0. I don't have Teams preinstalled on VMs I run. Could you run these on cmd provide me some info to understand what the OS defaults to?
@echo off
echo Appx info
Powershell -Command "Get-AppxPackage MicrosoftTeams"
echo Provisioned info
Powershell -Command "Get-AppxProvisionedPackage -Online | where {$_.PackageName -like '*Teams*'}"
echo LOCALAPPDATA\Microsoft\Teams
dir %LOCALAPPDATA%\Microsoft\Teams\
echo LOCALAPPDATA\Microsoft\Teams\Current
dir %LOCALAPPDATA%\Microsoft\Teams\Current\
echo Taskbar
reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
echo Teams temp dir
dir %LocalAppData%\SquirrelTemp
echo Teams app data
dir %AppData%\Microsoft\Teams
echo Teams temp dir
dir %LocalAppData%\SquirrelTemp
echo Office keys
reg query HKCU\Software\Microsoft\Office
echo Office/Addins keys
reg query HKCU\Software\Microsoft\Office\Outlook\Addins
echo Teams app store installation dir
dir "%SYSTEMDRIVE%\Program Files\WindowsApps\MicrosoftTeams*"
echo Teams app user-specific data dir
dir "%LOCALAPPDATA%\Packages\MicrosoftTeams*"
echo Teams app package metadata
dir "%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\MicrosoftTeams*"Getting rid of provisioned packages
Yea, "provisioned package" is what Microsoft installs on each user per default. I can add soft deleting for these app), making it unreachable to system until reverted by privacy.sexy. This is what we do for system apps. It will complicate the generated code a bit but it will be more robust. Something like this:
Soft-delete teams package data:
:: Soft delete files matching pattern : "%SYSTEMDRIVE%\Program Files\WindowsApps\MicrosoftTeams_*_8wekyb3d8bbwe\*"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMDRIVE%\Program Files\WindowsApps\MicrosoftTeams_*_8wekyb3d8bbwe\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }"
:: Soft delete files matching pattern : "%LOCALAPPDATA%\Packages\MicrosoftTeams_8wekyb3d8bbwe\*"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Packages\MicrosoftTeams_8wekyb3d8bbwe\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }"
:: Soft delete files matching pattern (with additional permissions) : "%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\MicrosoftTeams_*_8wekyb3d8bbwe\*"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\MicrosoftTeams_*_8wekyb3d8bbwe\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n internal struct TokPriv1Luid {`r`n public int Count;`r`n public long Luid;`r`n public int Attr;`r`n }`r`n internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n internal const int TOKEN_QUERY = 0x00000008;`r`n internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n public static bool AddPrivilege(string privilege) {`r`n try {`r`n bool retVal;`r`n TokPriv1Luid tp;`r`n IntPtr hproc = GetCurrentProcess();`r`n IntPtr htok = IntPtr.Zero;`r`n retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n tp.Count = 1;`r`n tp.Luid = 0;`r`n tp.Attr = SE_PRIVILEGE_ENABLED;`r`n retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n return retVal;`r`n } catch (Exception ex) {`r`n throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n }`r`n }`r`n public static bool RemovePrivilege(string privilege) {`r`n try {`r`n bool retVal;`r`n TokPriv1Luid tp;`r`n IntPtr hproc = GetCurrentProcess();`r`n IntPtr htok = IntPtr.Zero;`r`n retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n tp.Count = 1;`r`n tp.Luid = 0;`r`n tp.Attr = 0; // This line is changed to revoke the privilege`r`n retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n return retVal;`r`n } catch (Exception ex) {`r`n throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n }`r`n }`r`n [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try {; $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch {; Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) {; try {; Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch {; Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) {; try {; Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch {; Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"If you want to restore this later, this it the revert code for teams package data:
:: Restore files matching pattern : "%SYSTEMDRIVE%\Program Files\WindowsApps\MicrosoftTeams_*_8wekyb3d8bbwe\*"
PowerShell -ExecutionPolicy Unrestricted -Command "$revert = $true; $pathGlobPattern = "^""%SYSTEMDRIVE%\Program Files\WindowsApps\MicrosoftTeams_*_8wekyb3d8bbwe\*.OLD"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }"
:: Restore files matching pattern : "%LOCALAPPDATA%\Packages\MicrosoftTeams_8wekyb3d8bbwe\*"
PowerShell -ExecutionPolicy Unrestricted -Command "$revert = $true; $pathGlobPattern = "^""%LOCALAPPDATA%\Packages\MicrosoftTeams_8wekyb3d8bbwe\*.OLD"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }"
:: Restore files matching pattern (with additional permissions) : "%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\MicrosoftTeams_*_8wekyb3d8bbwe\*"
PowerShell -ExecutionPolicy Unrestricted -Command "$revert = $true; $pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\MicrosoftTeams_*_8wekyb3d8bbwe\*.OLD"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n internal struct TokPriv1Luid {`r`n public int Count;`r`n public long Luid;`r`n public int Attr;`r`n }`r`n internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n internal const int TOKEN_QUERY = 0x00000008;`r`n internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n public static bool AddPrivilege(string privilege) {`r`n try {`r`n bool retVal;`r`n TokPriv1Luid tp;`r`n IntPtr hproc = GetCurrentProcess();`r`n IntPtr htok = IntPtr.Zero;`r`n retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n tp.Count = 1;`r`n tp.Luid = 0;`r`n tp.Attr = SE_PRIVILEGE_ENABLED;`r`n retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n return retVal;`r`n } catch (Exception ex) {`r`n throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n }`r`n }`r`n public static bool RemovePrivilege(string privilege) {`r`n try {`r`n bool retVal;`r`n TokPriv1Luid tp;`r`n IntPtr hproc = GetCurrentProcess();`r`n IntPtr htok = IntPtr.Zero;`r`n retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n tp.Count = 1;`r`n tp.Luid = 0;`r`n tp.Attr = 0; // This line is changed to revoke the privilege`r`n retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n return retVal;`r`n } catch (Exception ex) {`r`n throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n }`r`n }`r`n [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try {; $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch {; Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) {; try {; Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch {; Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) {; try {; Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch {; Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"from privacy.sexy.
ScribbleGhost
commented on September 24, 2024
Sure here is what I gathered:
(some of the commands would not run.."The system cannot find the file specified.", "File Not Found", "ERROR: The system was unable to find the specified registry key or value.")
Appx info
Name : MicrosoftTeams
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture : X64
ResourceId :
Version : 23258.704.2395.9691
PackageFullName : MicrosoftTeams_23258.704.2395.9691_x64__8wekyb3d8bbwe
InstallLocation : C:\Program Files\WindowsApps\MicrosoftTeams_23258.704.2395.9691_x64__8wekyb3d8bbwe
IsFramework : False
PackageFamilyName : MicrosoftTeams_8wekyb3d8bbwe
PublisherId : 8wekyb3d8bbwe
IsResourcePackage : False
IsBundle : False
IsDevelopmentMode : False
NonRemovable : False
IsPartiallyStaged : False
SignatureKind : Developer
Status : Ok
Provisioned info
DisplayName : MicrosoftTeams
Version : 23258.704.2395.9691
Architecture : x64
ResourceId :
PackageName : MicrosoftTeams_23258.704.2395.9691_x64__8wekyb3d8bbwe
Regions : all
LOCALAPPDATA\Microsoft\Teams
LOCALAPPDATA\Microsoft\Teams\Current
Taskbar
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Start_SearchFiles REG_DWORD 0x2
ServerAdminUI REG_DWORD 0x0
Hidden REG_DWORD 0x2
ShowCompColor REG_DWORD 0x1
HideFileExt REG_DWORD 0x1
DontPrettyPath REG_DWORD 0x0
ShowInfoTip REG_DWORD 0x1
HideIcons REG_DWORD 0x0
MapNetDrvBtn REG_DWORD 0x0
WebView REG_DWORD 0x1
Filter REG_DWORD 0x0
ShowSuperHidden REG_DWORD 0x0
SeparateProcess REG_DWORD 0x0
AutoCheckSelect REG_DWORD 0x0
IconsOnly REG_DWORD 0x0
ShowTypeOverlay REG_DWORD 0x1
ShowStatusBar REG_DWORD 0x1
ListviewAlphaSelect REG_DWORD 0x1
ListviewShadow REG_DWORD 0x1
TaskbarAnimations REG_DWORD 0x1
TaskbarSizeMove REG_DWORD 0x0
DisablePreviewDesktop REG_DWORD 0x1
TaskbarSmallIcons REG_DWORD 0x0
TaskbarGlomLevel REG_DWORD 0x0
MMTaskbarGlomLevel REG_DWORD 0x0
TaskbarAutoHideInTabletMode REG_DWORD 0x0
ShellMigrationLevel REG_DWORD 0x3
TaskbarMn REG_DWORD 0x1
StartMigratedBrowserPin REG_DWORD 0x1
ReindexedProfile REG_DWORD 0x1
StartMenuInit REG_DWORD 0xd
TaskbarStateLastRun REG_BINARY 356B4C6500000000
WinXMigrationLevel REG_DWORD 0x1
StartShownOnUpgrade REG_DWORD 0x1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMode
Teams temp dir
Volume in drive C has no label.
Volume Serial Number is 946C-CE23
Directory of C:\Users\user\AppData\Local
Teams app data
Volume in drive C has no label.
Volume Serial Number is 946C-CE23
Directory of C:\Users\user\AppData\Roaming\Microsoft
Teams temp dir
Volume in drive C has no label.
Volume Serial Number is 946C-CE23
Directory of C:\Users\user\AppData\Local
Office keys
Office/Addins keys
Teams app store installation dir
Volume in drive C has no label.
Volume Serial Number is 946C-CE23
Directory of C:\Program Files\WindowsApps
11/09/2023 04:22 PM <DIR> MicrosoftTeams_23258.704.2395.9691_x64__8wekyb3d8bbwe
0 File(s) 0 bytes
1 Dir(s) 44,305,883,136 bytes free
Teams app user-specific data dir
Volume in drive C has no label.
Volume Serial Number is 946C-CE23
Directory of C:\Users\user\AppData\Local\Packages
11/09/2023 04:22 PM <DIR> MicrosoftTeams_8wekyb3d8bbwe
0 File(s) 0 bytes
1 Dir(s) 44,305,883,136 bytes free
Teams app package metadata
Volume in drive C has no label.
Volume Serial Number is 946C-CE23
Directory of C:\ProgramData\Microsoft\Windows\AppRepository\Packages
11/09/2023 04:22 PM <DIR> MicrosoftTeams_23258.704.2395.9691_x64__8wekyb3d8bbwe
0 File(s) 0 bytes
1 Dir(s) 44,305,883,136 bytes free
Judging by the Event Viewer I can see that Teams was installed (by itself) 4:22 PM hours after I started the computer and probably after waking from sleep. As you can tell it's kind of random when this is installed.
from privacy.sexy.
plantindesk
commented on September 24, 2024
Update: Some of the new apps are added in 0.12.10. I'll slowly add all of the remaining apps. I do comprehensive research and add documentation before adding them that takes some time.
For Windows 10 ( all versions)
MSPaint exists in System32 And SysWOW64
Script:
$systemDirectories = @("C:\Windows\System32", "C:\Windows\SysWOW64")
foreach ($directory in $systemDirectories) {
if (Test-Path -Path "$directory\mspaint.exe") {
Write-Host "Microsoft Paint found, starting uninstallation..."
$registryKeyPath = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7BA8E1F5-E0DF-4B7D-BADA-9BE0CD9DCDBA}"
if (Test-Path -Path $registryKeyPath) {
Remove-Item -Path $registryKeyPath -Recurse
Write-Host "MSPaint registry key deleted."
Get-ChildItem -Path $directory -Filter mspaint.exe -Recurse | ForEach-Object {
Remove-Item -Path $_.FullName -Force
Write-Host ("{0} deleted." -f $_.FullName)
}
Write-Host "Microsoft Paint has been successfully uninstalled!"
} else {
Write-Warning "Registry key not found! Cannot proceed with uninstallation."
}
break
}
}
if (-not($systemDirectories | Where-Object { Test-Path -Path "$_\\mspaint.exe" })) {
Write-Host "Microsoft Paint was not found on this system."
}from privacy.sexy.
undergroundwires
commented on September 24, 2024
Paint, Wordpad and Notepad was deliberately excluded from privacy.sexy, see #26 (comment). Is there any reason to disable it?
P.S: This issue is getting to big covering "all missing apps" and it's hard to discuss them and track the work in the same thread. It would be much easier to manage the work when we create new issues for each missing app in future, I would appreciate it.
from privacy.sexy.
Related Issues (20)
- The Application is lacking SEO
- Some scripts that can be used to customize Firefox for better privacy. HOT 3
- [BUG]: Ran the standard protection and now my Windows does not display notifications to apps like Instagram and Whatsapp HOT 4
- Add search options to include/exclude fields HOT 6
- Disable Telemetry for Microsoft's Accessibility Insights for Windows HOT 1
- Implement distinctive visual cues to warn of scripts that are known to break something. HOT 19
- [BUG]: Snipping Tool still can be executable via its keyboard shortcut HOT 9
- [BUG]: Remove Windows Apps doesn't fully remove Xbox Apps HOT 2
- [Feature] The search string as query parameters in the URL HOT 8
- [BUG]: When trying to copy a screenshot by sketching a fragment of the screen (ctrl+shift+s), copying does not happen automatically, an error occurs when trying to copy manually. HOT 6
- Disable Copilot keyboard shortcut (Windows key + C) HOT 5
- Apple silicon processor support HOT 11
- [BUG]: After applying Standard selection Phone Link is broken HOT 9
- [BUG]: Error Running Script HOT 3
- [BUG]: Something in standard script selection breaks "Forgot my password" on the lock screen
- [Feature] Overall Preview Report Of Privacy HOT 10
- Cannot Login & Windows Event Log service HOT 2
- [BUG]: Cannot Login and Windows Event Log service HOT 5
- Reduce display/screen fingerprinting HOT 1
- [BUG]: Search is still broken even after restore HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privacy.sexy.