From 35dfd847ab081b4092cdc1cf7d36745eb34d5299 Mon Sep 17 00:00:00 2001
From: Chris Titus Tech <dfm.titus@gmail.com>
Date: Tue, 13 Aug 2024 12:04:09 -0500
Subject: [PATCH] MicroWin Cleanup

---
 .../private/Invoke-WinUtilMicroWin-Helper.ps1 | 100 ++++--------------
 functions/public/Invoke-WPFMicrowin.ps1       |  54 +---------
 xaml/inputXML.xaml                            |  13 +--
 3 files changed, 25 insertions(+), 142 deletions(-)

diff --git a/functions/private/Invoke-WinUtilMicroWin-Helper.ps1 b/functions/private/Invoke-WinUtilMicroWin-Helper.ps1
index 329a686a..79c1f00b 100644
--- a/functions/private/Invoke-WinUtilMicroWin-Helper.ps1
+++ b/functions/private/Invoke-WinUtilMicroWin-Helper.ps1
@@ -25,25 +25,22 @@ function Test-CompatibleImage() {
     }
 }
 
-function Remove-Features([switch]$dumpFeatures = $false, [switch]$keepDefender = $false) {
+function Remove-Features() {
     <#
         .SYNOPSIS
             Removes certain features from ISO image
 
         .PARAMETER Name
-            dumpFeatures - Dumps all features found in the ISO into a file called allfeaturesdump.txt. This file can be examined and used to decide what to remove.
-            keepDefender - Should Defender be removed from the ISO?
+            No Params
 
         .EXAMPLE
-            Remove-Features -keepDefender:$false
+            Remove-Features
     #>
     try {
         $featlist = (Get-WindowsOptionalFeature -Path $scratchDir).FeatureName
-        if ($dumpFeatures) {
-            $featlist > allfeaturesdump.txt
-        }
 
         $featlist = $featlist | Where-Object {
+            $_ -NotLike "*Defender*" -AND
             $_ -NotLike "*Printing*" -AND
             $_ -NotLike "*TelnetClient*" -AND
             $_ -NotLike "*PowerShell*" -AND
@@ -52,8 +49,6 @@ function Remove-Features([switch]$dumpFeatures = $false, [switch]$keepDefender =
             $_ -NotLike "*NFS*"
         }
 
-        if ($keepDefender) { $featlist = $featlist | Where-Object { $_ -NotLike "*Defender*" }}
-
         foreach($feature in $featlist) {
             $status = "Removing feature $feature"
             Write-Progress -Activity "Removing features" -Status $status -PercentComplete ($counter++/$featlist.Count*100)
@@ -126,16 +121,16 @@ function Remove-Packages {
     }
 }
 
-function Remove-ProvisionedPackages([switch]$keepSecurity = $false) {
+function Remove-ProvisionedPackages() {
     <#
         .SYNOPSIS
         Removes AppX packages from a Windows image during MicroWin processing
 
         .PARAMETER Name
-        keepSecurity - Boolean that determines whether to keep "Microsoft.SecHealthUI" (Windows Security) in the Windows image
+        No Params
 
         .EXAMPLE
-        Remove-ProvisionedPackages -keepSecurity:$false
+        Remove-ProvisionedPackages
     #>
     $appxProvisionedPackages = Get-AppxProvisionedPackage -Path "$($scratchDir)" | Where-Object    {
             $_.PackageName -NotLike "*AppInstaller*" -AND
@@ -151,22 +146,19 @@ function Remove-ProvisionedPackages([switch]$keepSecurity = $false) {
         }
 
     if ($?) {
-    if ($keepSecurity) { $appxProvisionedPackages = $appxProvisionedPackages | Where-Object { $_.PackageName -NotLike "*SecHealthUI*" }}
-        $counter = 0
-        foreach ($appx in $appxProvisionedPackages) {
-            $status = "Removing Provisioned $($appx.PackageName)"
-            Write-Progress -Activity "Removing Provisioned Apps" -Status $status -PercentComplete ($counter++/$appxProvisionedPackages.Count*100)
-            try {
-                Remove-AppxProvisionedPackage -Path "$scratchDir" -PackageName $appx.PackageName -ErrorAction SilentlyContinue
-            } catch {
-                Write-Host "Application $($appx.PackageName) could not be removed"
-                continue
-            }
+    $appxProvisionedPackages = $appxProvisionedPackages | Where-Object { $_.PackageName -NotLike "*SecHealthUI*" }
+    $counter = 0
+    foreach ($appx in $appxProvisionedPackages) {
+        $status = "Removing Provisioned $($appx.PackageName)"
+        Write-Progress -Activity "Removing Provisioned Apps" -Status $status -PercentComplete ($counter++/$appxProvisionedPackages.Count*100)
+        try {
+            Remove-AppxProvisionedPackage -Path "$scratchDir" -PackageName $appx.PackageName -ErrorAction SilentlyContinue
+        } catch {
+            Write-Host "Application $($appx.PackageName) could not be removed"
+            continue
         }
-        Write-Progress -Activity "Removing Provisioned Apps" -Status "Ready" -Completed
-    } else {
-    Write-Host "Could not get Provisioned App information. Skipping process..."
     }
+    Write-Progress -Activity "Removing Provisioned Apps" -Status "Ready" -Completed
 }
 
 function Copy-ToUSB([string]$fileToCopy) {
@@ -200,22 +192,6 @@ function Remove-FileOrDirectory([string]$pathToDelete, [string]$mask = "", [swit
     $yesNo = Get-LocalizedYesNo
     Write-Host "[INFO] In Your local takeown expects '$($yesNo[0])' as a Yes answer."
 
-    # Specify the path to the directory
-    # $directoryPath = "$($scratchDir)\Windows\System32\LogFiles\WMI\RtBackup"
-    # takeown /a /r /d $yesNo[0] /f "$($directoryPath)" > $null
-    # icacls "$($directoryPath)" /q /c /t /reset > $null
-    # icacls $directoryPath /setowner "*S-1-5-32-544"
-    # icacls $directoryPath /grant "*S-1-5-32-544:(OI)(CI)F" /t /c /q
-    # Remove-Item -Path $directoryPath -Recurse -Force
-
-    # # Grant full control to BUILTIN\Administrators using icacls
-    # $directoryPath = "$($scratchDir)\Windows\System32\WebThreatDefSvc"
-    # takeown /a /r /d $yesNo[0] /f "$($directoryPath)" > $null
-    # icacls "$($directoryPath)" /q /c /t /reset > $null
-    # icacls $directoryPath /setowner "*S-1-5-32-544"
-    # icacls $directoryPath /grant "*S-1-5-32-544:(OI)(CI)F" /t /c /q
-    # Remove-Item -Path $directoryPath -Recurse -Force
-
     $itemsToDelete = [System.Collections.ArrayList]::new()
 
     if ($mask -eq "") {
@@ -254,46 +230,6 @@ function Remove-FileOrDirectory([string]$pathToDelete, [string]$mask = "", [swit
 
 function New-Unattend {
 
-    # later if we wont to remove even more bloat EU requires MS to remove everything from English(world)
-    # Below is an example how to do it we probably should create a drop down with common locals
-    #     <settings pass="specialize">
-    #     <!-- Specify English (World) locale -->
-    #     <component name="Microsoft-Windows-International-Core" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-    #       <SetupUILanguage>
-    #     <UILanguage>en-US</UILanguage>
-    #       </SetupUILanguage>
-    #       <InputLocale>en-US</InputLocale>
-    #       <SystemLocale>en-US</SystemLocale>
-    #       <UILanguage>en-US</UILanguage>
-    #       <UserLocale>en-US</UserLocale>
-    #     </component>
-    #   </settings>
-
-    #   <settings pass="oobeSystem">
-    #     <!-- Specify English (World) locale -->
-    #     <component name="Microsoft-Windows-International-Core" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-    #       <InputLocale>en-US</InputLocale>
-    #       <SystemLocale>en-US</SystemLocale>
-    #       <UILanguage>en-US</UILanguage>
-    #       <UserLocale>en-US</UserLocale>
-    #     </component>
-    #   </settings>
-    # using here string to embedd unattend
-    #     <RunSynchronousCommand wcm:action="add">
-    #     <Order>1</Order>
-    #     <Path>net user administrator /active:yes</Path>
-    # </RunSynchronousCommand>
-
-    # this section doesn't work in win10/????
-#     <settings pass="specialize">
-#     <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-#         <CEIPEnabled>0</CEIPEnabled>
-#     </component>
-#     <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-#         <ConfigureChatAutoInstall>false</ConfigureChatAutoInstall>
-#     </component>
-# </settings>
-
     $unattend = @'
     <?xml version="1.0" encoding="utf-8"?>
     <unattend xmlns="urn:schemas-microsoft-com:unattend"
diff --git a/functions/public/Invoke-WPFMicrowin.ps1 b/functions/public/Invoke-WPFMicrowin.ps1
index 5f547608..15a9e001 100644
--- a/functions/public/Invoke-WPFMicrowin.ps1
+++ b/functions/public/Invoke-WPFMicrowin.ps1
@@ -151,37 +151,15 @@ public class PowerManagement {
         }
 
         Write-Host "Remove Features from the image"
-        Remove-Features -keepDefender:$keepDefender
+        Remove-Features
         Write-Host "Removing features complete!"
+        Write-Host "Removing OS packages"
+        Remove-Packages
+        Write-Host "Removing Appx Bloat"
+        Remove-ProvisionedPackages
 
-        if (!$keepPackages) {
-            Write-Host "Removing OS packages"
-            Remove-Packages
-        }
-        if (!$keepProvisionedPackages) {
-            Write-Host "Removing Appx Bloat"
-            Remove-ProvisionedPackages -keepSecurity:$keepDefender
-        }
-
-        # special code, for some reason when you try to delete some inbox apps
-        # we have to get and delete log files directory.
         Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Windows\System32\LogFiles\WMI\RtBackup" -Directory
         Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Windows\System32\WebThreatDefSvc" -Directory
-
-        # Defender is hidden in 2 places we removed a feature above now need to remove it from the disk
-        if (!$keepDefender) {
-            Write-Host "Removing Defender"
-            Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Program Files\Windows Defender" -Directory
-            Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Program Files (x86)\Windows Defender"
-        }
-        # if (!$keepEdge) {
-        #     # this is destructive and might result in touching SystemApps is not recommended unless you going complete rogue on trimming edge and telemetry
-        #     Write-Host "Removing Edge"
-        #     Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Program Files (x86)\Microsoft" -mask "*edge*" -Directory
-        #     Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Program Files\Microsoft" -mask "*edge*" -Directory
-        #     Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Windows\SystemApps" -mask "*edge*" -Directory
-        # }
-
         Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Windows\DiagTrack" -Directory
         Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Windows\InboxApps" -Directory
         Remove-FileOrDirectory -pathToDelete "$($scratchDir)\Windows\System32\SecurityHealthSystray.exe"
@@ -226,28 +204,6 @@ public class PowerManagement {
         New-Item -ItemType Directory -Force -Path "$desktopDir"
         dism /English /image:$($scratchDir) /set-profilepath:"$($scratchDir)\Windows\Users\Default"
 
-        # $command = "powershell.exe -NoProfile -ExecutionPolicy Bypass -Command 'irm https://christitus.com/win | iex'"
-        # $shortcutPath = "$desktopDir\WinUtil.lnk"
-        # $shell = New-Object -ComObject WScript.Shell
-        # $shortcut = $shell.CreateShortcut($shortcutPath)
-
-        # if (Test-Path -Path "$env:TEMP\cttlogo.png")
-        # {
-        #     $pngPath = "$env:TEMP\cttlogo.png"
-        #     $icoPath = "$env:TEMP\cttlogo.ico"
-        #     ConvertTo-Icon -bitmapPath $pngPath -iconPath $icoPath
-        #     Write-Host "ICO file created at: $icoPath"
-        #     Copy-Item "$env:TEMP\cttlogo.png" "$($scratchDir)\Windows\cttlogo.png" -force
-        #     Copy-Item "$env:TEMP\cttlogo.ico" "$($scratchDir)\Windows\cttlogo.ico" -force
-        #     $shortcut.IconLocation = "c:\Windows\cttlogo.ico"
-        # }
-
-        # $shortcut.TargetPath = "powershell.exe"
-        # $shortcut.Arguments = "-NoProfile -ExecutionPolicy Bypass -Command `"$command`""
-        # $shortcut.Save()
-        # Write-Host "Shortcut to winutil created at: $shortcutPath"
-        # *************************** Automation black ***************************
-
         Write-Host "Copy checkinstall.cmd into the ISO"
         New-CheckInstall
         Copy-Item "$env:temp\checkinstall.cmd" "$($scratchDir)\Windows\checkinstall.cmd" -force
diff --git a/xaml/inputXML.xaml b/xaml/inputXML.xaml
index 2ba9d635..7441cc1f 100644
--- a/xaml/inputXML.xaml
+++ b/xaml/inputXML.xaml
@@ -904,11 +904,6 @@
                         <StackPanel Name="MicrowinOptionsPanel" HorizontalAlignment="Left" SnapsToDevicePixels="True" Margin="1" Visibility="Hidden">
                             <TextBlock Margin="6" Padding="1" TextWrapping="Wrap">Choose Windows SKU</TextBlock>
                             <ComboBox x:Name = "MicrowinWindowsFlavors" Margin="1" />
-                            <TextBlock Margin="6" Padding="1" TextWrapping="Wrap">Choose Windows features you want to remove from the ISO</TextBlock>
-                            <CheckBox Name="WPFMicrowinKeepProvisionedPackages" Content="Keep Provisioned Packages" Margin="-10,5,0,0" ToolTip="Do not remove Microsoft Provisioned packages from the ISO."/>
-                            <CheckBox Name="WPFMicrowinKeepAppxPackages" Content="Keep Appx Packages" Margin="-10,5,0,0" ToolTip="Do not remove Microsoft Appx packages from the ISO."/>
-                            <CheckBox Name="WPFMicrowinKeepDefender" Content="Keep Defender" Margin="-10,5,0,0" IsChecked="True" ToolTip="Do not remove Microsoft Antivirus from the ISO."/>
-                            <CheckBox Name="WPFMicrowinKeepEdge" Content="Keep Edge" Margin="-10,5,0,0" IsChecked="True" ToolTip="Do not remove Microsoft Edge from the ISO."/>
                             <Rectangle Fill="{MainForegroundColor}" Height="2" HorizontalAlignment="Stretch" Margin="0,10,0,10"/>
                             <CheckBox Name="MicrowinInjectDrivers" Content="Inject drivers (I KNOW WHAT I'M DOING)" Margin="-10,5,0,0" IsChecked="False" ToolTip="Path to unpacked drivers all sys and inf files for devices that need drivers"/>
                             <TextBox Name="MicrowinDriverLocation" Background="Transparent" BorderThickness="1" BorderBrush="{MainForegroundColor}"
@@ -970,11 +965,8 @@
                                 Foreground="{ComboBoxForegroundColor}">
                                 <Bold>MicroWin features:</Bold><LineBreak/>
                                 - Remove Telemetry and Tracking <LineBreak/>
-                                - Add ability to use local accounts <LineBreak/>
-                                - Remove Wifi requirement to finish install <LineBreak/>
-                                - Ability to remove Edge <LineBreak/>
-                                - Ability to remove Defender <LineBreak/>
-                                - Remove Teams <LineBreak/>
+                                - Fast Install using "User" local account <LineBreak/>
+                                - No internet requirement for install <LineBreak/>
                                 - Apps debloat <LineBreak/>
                                 <LineBreak/>
                                 <LineBreak/>
@@ -988,7 +980,6 @@
                                 - Click on the "Select Windows ISO" button and wait for WinUtil to process the image <LineBreak/>
                                 It will be processed and unpacked which may take some time <LineBreak/>
                                 - Once complete, choose which Windows flavor you want to base your image on <LineBreak/>
-                                - Choose which features you want to keep <LineBreak/>
                                 - Click the "Start Process" button <LineBreak/>
                                 The process of creating the Windows image may take some time, please check the console and wait for it to say "Done" <LineBreak/>
                                 - Once complete, the target ISO file will be in the directory you have specified <LineBreak/>