Disable High Contrast Mode Windows 10

This is a script we use to disable High Contrast Theme during logon/logoff.
The problem was that some students set High contrast theme, either by choice or by accident and then the settings applied to the lock screen after they logged off, and then the next user got the setting and so on. UEV helped to spread this like a virus in our student computer rooms.

This is the solution!

In your logon and logoff script, run this:

::=== SCRIPT BEGINS ===
:: Set default Theme if High contrast mode is enabled
FOR /f "skip=2 tokens=3 delims= " %%A IN ('REG QUERY "HKEY_CURRENT_USER\Control Panel\Accessibility\HighContrast" /v Flags') do (
SET "reg_value=%%A"
)

IF "%reg_value%" EQU "127" (
C:\Windows\resources\Themes\aero.theme
taskkill /F /IM systemsettings.exe
)
::=== SCRIPT ENDS ===


You can also run this in powershell as a scheduled task running as the logged on user during logon/logoff. But for some reason it did not work every time for me, so I had to go for the logon-script version.


#=== SCRIPT BEGINS ===
# Set this to 1 for visual outputs of variables
$DEBUG = 0
# Set this to SilentlyContinue for no debug, or Continue for debug output
IF ($DEBUG -eq 1) {
    $DebugPreference = "Continue"
} else {
    $DebugPreference = "SilentlyContinue"
    #$DebugPreference = "Continue" # This one is used for debuging debug mode ;)
}

$HighContrastFlags = (Get-ItemProperty 'HKCU:\Control Panel\Accessibility\HighContrast' -Name "Flags").Flags
Write-Debug "`$HighContrastFlags is $HighContrastFlags"

# 127 is High contrast theme, 126 is not high contrast. 
IF ($DEBUG -eq 1) {
    $CheckValue = 126
} Else {
    $CheckValue = 127
}
IF ($HighContrastFlags -eq $CheckValue) {
    Write-Debug "`$HighContrastFlags equals `$CheckValue"
    & $ENV:SYSTEMROOT\resources\Themes\aero.theme
    # Loop ultil file exist or counter is tripped
    $loopCounter = 0
    while (!(Get-Process -ProcessName SystemSettings -ErrorAction Ignore) -and $loopCounter -lt 30) { 
        $loopCounter++
        Start-Sleep 2
        Write-Debug "Loopcounter is $loopCounter"
    }
    Stop-Process -ProcessName SystemSettings -Force
} Else {
    Write-Debug "`$HighContrastFlags does not equal `$CheckValue, script should not run"
}

#=== SCRIPT ENDS ===

Autoit script to install new BIOS firmware and configuration on HP

I made this autoit script to deploy new BIOS firmware and configuration. You need to download the tools from HP and generate password and configuration files.
You might want to change the registry keys in the end to suit your company better.

There are some debug-lines you can "uncomment" to read the computer model, or you can use "wmic computersystem get model" or msinfo32.exe.

;=== Script begins ===
AutoItSetOption ( "ExpandEnvStrings", 1 )

Local $ComputerModel = "HP Z240 Tower Workstation"
Local $BIOSSettingsFile = "HPZ240TWR-BIOS.conf"
Local $BIOSFirmwareFile = "N51_0167.BIN"
Local $BIOSPasswordFile = "HPZ240TWR-PWD.bin"
Local $BIOSCheckVersion = "2018.3.1.0938"
Local $SMBIOSVersion = "N51 Ver. 01.67"

; You should not need to change anything below this line except for the fake program registry keys in the end.


$extraVariables = ""
If $CMDLINE[0] = 1 Then
   $extraVariables = $CMDLINE[1]
EndIf
Local $aReturn = 0
Local $bReturn = 0

; Get Computer model
$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = "localhost"
$model=""

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem", "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems) then
   For $objItem In $colItems
       $model=$objItem.Model
   Next
Else
   Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_ComputerSystem" )
Endif

;Use this to get Model when updating template
;Msgbox(0,"WMI Computer Model","Computer model: '" & $model & "'")

If $model = $ComputerModel Then
RunWait('BiosConfigUtility64.exe /npwdfile:"' & $BIOSPasswordFile & '"')
$aReturn = RunWait('BiosConfigUtility64.exe /set:"' & $BIOSSettingsFile & '" /cpwdfile:"' & $BIOSPasswordFile & '"')
$bReturn = RunWait('HPBIOSUPDREC64.exe -s -f"' & $BIOSFirmwareFile & '" -p"' & $BIOSPasswordFile & '" -r')
; Debug mode
;Msgbox(0,"DEBUG","aReturn: " & $aReturn & " bReturn: " & $bReturn )
EndIf

Local $SystemBIOSVer = RegRead("HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS", "BIOSVersion")
; Debug mode
;Msgbox(0,"DEBUG","aReturn: " & $aReturn & " bReturn: " & $bReturn )
;Msgbox(0,"DEBUG","SystemBiosVer: " & $SystemBIOSVer & " $SMBIOSVersion: " & $SMBIOSVersion )
If $SystemBIOSVer = $SMBIOSVersion And $aReturn = 0 Then
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BIOS-Settings", "DisplayVersion", "REG_SZ", $BIOSCheckVersion)
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BIOS-Settings", "DisplayName", "REG_SZ", "BIOS Settings " & $ComputerModel)
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BIOS-Settings", "Publisher", "REG_SZ", "Changeme")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BIOS-Settings", "DisplayIcon", "REG_SZ", "C:\Windows\System32\wbem\WMIC.exe")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BIOS-Settings", "UninstallString", "REG_SZ", "noremove")
EndIf

Exit ($aReturn)
;=== Script ends ===

Remove Unwanted Windows 10 apps powershell script

Windows 10 have too many apps etc in the ENT/EDU editions so I made this script to clean them out. Some "modern apps" in Windows 10 is very sticky and refused to be properly removed. That is why some of them are still there after this script has run.

Instead of making a custom image I use a scheduled task that will run this script on startup if the registry key (added last in the script) does not exist. You might want to change the key name to suit your company better.


=== SCRIPT BEGIN HERE ===
<#
.SYNOPSIS
Removes unwanted Windows 10 modern apps
.DESCRIPTION
Use "Get-AppxProvisionedPackage -Online" to get installed apps and then att the base name to the AppList
Make sure you strip away the version information and just use the base name for the apps.
The script will search for the currently installed full name.
.NOTES
davpe67 2017-02-14 First version
2017-11-07 Added build support and added 1709
.PARAMETER AppList
Enter one or more apps to the list
For example: "Microsoft.Office.Onenote","Microsoft.BingFinance","Microsoft.BingNews","Microsoft.XboxApp","Microsoft.WindowsStore"
.PARAMETER ProcessList
Enter one or more process to kill before uninstall begins.
For example: "Skypehost","Skypeapp"
.PARAMETER FoldersToRename
Some apps hide in C:\Windows\SystemApps even after you remove them. Specify the base name of the folder you want to remove.
For example: "ContactSupport"
.PARAMETER FolderParent
Use for testing before you ruin your own Windows installation ;)
For example: "C:\gurka\systemapps"
.PARAMETER DISMFeature
Windows Feature to disable with DISMFeature
For example: "FaxServicesClientPackage"
.PARAMETER Printers
Define name of printers to remove
For example: "Fax"

#>
#Requires -Version 4.0
#Requires -RunAsAdministrator

# Manuell cleanup command lines
#
# (Get-AppxPackage "<insert name here>").PackageFullName | Remove-AppxPackage


[CmdletBinding(SupportsShouldProcess=$True)]
Param(
        [string[]]$AppList,
        [string[]]$ProcessList,
        [string[]]$FoldersToRename,
        [string[]]$FolderParent,
[string[]]$DISMFeature,
[string[]]$Printers
    )

Begin{
    # Get Windows Build version
    # 14393 = 1607
    # 15063 = 1703
# 16299 = 1709
    $WinBuild = ([System.Environment]::OSVersion.Version).Build
IF (!$AppList) { 
IF ($WinBuild.Equals(14393)) { 
$AppsList = "Microsoft.BingFinance","Microsoft.BingNews","Microsoft.BingSports","Microsoft.BingWeather","Microsoft.MicrosoftSolitaireCollection","Microsoft.Office.Onenote","Microsoft.People","Microsoft.MicrosoftOfficeHub","Microsoft.WindowsMaps","microsoft.windowscommunicationsapps","Microsoft.Getstarted","Microsoft.3DBuilder","Microsoft.DesktopAppInstaller","Microsoft.WindowsCamera","Microsoft.WindowsFeedbackHub","Microsoft.XboxIdentityProvider","Microsoft.WindowsAlarms","Microsoft.WindowsSoundRecorder","Microsoft.Messaging","Microsoft.OneConnect","Microsoft.SkypeApp","Microsoft.Windows.Photos","Microsoft.XboxApp","Microsoft.ZuneMusic","Microsoft.ZuneVideo"
} # End of IF
        IF ($WinBuild.Equals(15063)) { 
$AppsList = "Microsoft.3DBuilder","Microsoft.BingWeather","Microsoft.DesktopAppInstaller","Microsoft.Getstarted","Microsoft.MSPaint","Microsoft.Messaging","Microsoft.Microsoft3DViewer","Microsoft.MicrosoftOfficeHub","Microsoft.MicrosoftSolitaireCollection","Microsoft.MicrosoftStickyNotes","Microsoft.Office.OneNote","Microsoft.OneConnect","Microsoft.People","Microsoft.SkypeApp","Microsoft.Wallet","Microsoft.Windows.Photos","Microsoft.WindowsAlarms","Microsoft.WindowsCamera","Microsoft.WindowsFeedbackHub","Microsoft.WindowsMaps","Microsoft.WindowsSoundRecorder","Microsoft.XboxApp","Microsoft.XboxGameOverlay","Microsoft.XboxIdentityProvider","Microsoft.XboxSpeechToTextOverlay","Microsoft.ZuneMusic","Microsoft.ZuneVideo","microsoft.windowscommunicationsapps" #,"Microsoft.StorePurchaseApp"
} # End of IF
IF ($WinBuild.Equals(16299)) { 
$AppsList = "Microsoft.BingWeather","Microsoft.DesktopAppInstaller","Microsoft.GetHelp","Microsoft.Getstarted","Microsoft.Windows.HolographicFirstRun","Microsoft.Messaging","Microsoft.Microsoft3DViewer","Microsoft.MicrosoftOfficeHub","Microsoft.MicrosoftSolitaireCollection","Microsoft.MicrosoftStickyNotes","Microsoft.MSPaint","Microsoft.Office.OneNote","Microsoft.OneConnect","Microsoft.People","Microsoft.SkypeApp","Microsoft.Wallet","Microsoft.Windows.Photos","Microsoft.WindowsAlarms","Microsoft.WindowsCamera","Microsoft.WindowsFeedbackHub","Microsoft.WindowsMaps","Microsoft.WindowsSoundRecorder","Microsoft.Xbox.TCUI","Microsoft.XboxApp","Microsoft.XboxGameOverlay","Microsoft.XboxIdentityProvider","Microsoft.XboxSpeechToTextOverlay","Microsoft.ZuneMusic","Microsoft.ZuneVideo","microsoft.windowscommunicationsapps" #,"Microsoft.StorePurchaseApp"
} # End of IF
} # End of IF
IF (!$ProcessList) { 
IF ($WinBuild.Equals(14393)) {
$ProcessList = "Skypehost","Skypeapp"
} # End of IF
IF ($WinBuild.Equals(15063)) {
$ProcessList = "Skypehost","Skypeapp"
} # End of IF
IF ($WinBuild.Equals(16299)) {
$ProcessList = "Skypehost","Skypeapp"
} # End of IF
} # End of IF
IF (!$DISMFeature) {
IF ($WinBuild.Equals(14393)) {
$DISMFeature = "FaxServicesClientPackage"
} # End of IF
        IF ($WinBuild.Equals(15063)) {
$DISMFeature = "FaxServicesClientPackage"
} # End of IF
IF ($WinBuild.Equals(16299)) {
$DISMFeature = "FaxServicesClientPackage"
} # End of IF
} # End of IF
IF (!$DISMCapability) {
IF ($WinBuild.Equals(14393)) {
$DISMCapability = ""
} # End of IF
        IF ($WinBuild.Equals(15063)) {
$DISMCapability = "" #"App.Support.ContactSupport~~~~0.0.1.0","App.Support.QuickAssist~~~~0.0.1.0"
} # End of IF
IF ($WinBuild.Equals(16299)) {
$DISMCapability = ""
} # End of IF
} # End of IF
IF (!$WindowsOptionalFeatures) {
IF ($WinBuild.Equals(14393)) {
$WindowsOptionalFeatures = ""
} # End of IF
        IF ($WinBuild.Equals(15063)) {
$WindowsOptionalFeatures = "SMB1Protocol"
} # End of IF
IF ($WinBuild.Equals(16299)) {
$WindowsOptionalFeatures = "SMB1Protocol"
} # End of IF
} # End of IF
IF (!$FoldersToRename) {
IF ($WinBuild.Equals(14393)) {
$FoldersToRename = "ContactSupport","Microsoft.PPIProjection"
} # End of IF
        IF ($WinBuild.Equals(15063)) {
#$FoldersToRename = "Microsoft.PPIProjection","Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy"
} # End of IF
IF ($WinBuild.Equals(16299)) {
$FoldersToRename = ""
} # End of IF
} # End of IF
IF (!$FolderParent) { 
IF ($WinBuild.Equals(14393)) {
$FolderParent="$ENV:SYSTEMROOT\SystemApps"
} # End of IF
        IF ($WinBuild.Equals(15063)) {
$FolderParent="$ENV:SYSTEMROOT\SystemApps"
} # End of IF
IF ($WinBuild.Equals(16299)) {
$FolderParent="$ENV:SYSTEMROOT\SystemApps"
} # End of IF
} # End of IF
IF (!$Printers) {
IF ($WinBuild.Equals(14393)) {
$Printers="Fax"
} # End of IF
        IF ($WinBuild.Equals(15063)) {
$Printers="Fax"
} # End of IF
IF ($WinBuild.Equals(16299)) {
$Printers="Fax"
} # End of IF
} # End of IF
} # End of BEGIN

Process{
ForEach ($Process in $ProcessList) {
Stop-Process -Name $Process -Force -ErrorAction SilentlyContinue
}
ForEach ($App in $AppsList) {
$PackageFullName = (Get-AppxPackage $App).PackageFullName
$ProPackageFullName = (Get-AppxProvisionedPackage -online | where {$_.Displayname -eq $App}).PackageName
Write-Verbose "$PackageFullName"
Write-Verbose "$ProPackageFullName"
if ($PackageFullName)
{
Write-Verbose "Removing Package: $App"
remove-AppxPackage -package $PackageFullName
} else {
Write-Verbose "Unable to find package: $App"
}
if ($ProPackageFullName) {
Write-Verbose "Removing Provisioned Package: $ProPackageFullName"
Remove-AppxProvisionedPackage -online -packagename $ProPackageFullName -ErrorAction SilentlyContinue
} else {
Write-Verbose "Unable to find provisioned package: $App"
}
}

foreach ($FolderAlias in $FoldersToRename) {
$FolderPath=Get-ChildItem "$FolderParent\$FolderAlias*" -ErrorAction SilentlyContinue
IF ($FolderPath) {
IF (Test-Path $FolderPath -ErrorAction SilentlyContinue) {
$FolderLeaf=Split-Path $FolderPath -Leaf
Write-Verbose "Moving $FolderParent\$FolderLeaf ==> $FolderParent\_DISABLED_$FolderLeaf"
Move-Item "$FolderParent\$FolderLeaf" "$FolderParent\_DISABLED_$FolderLeaf"
} # End of IF
} # End of IF
} # End of foreach

# Disable Windows features
IF ($DISMFeature) {
foreach ($Feature in $DISMFeature) {
Write-Verbose "dism /online /disable-feature /featurename:$Feature /quiet /norestart"
dism /online /disable-feature /featurename:$Feature /quiet /norestart
} # End of ForEach
} # End of IF

# Disable Windows Capabilities
IF ($DISMCapability) {
foreach ($Capability in $DISMCapability) {
Write-Verbose "DISM /Online /Remove-Capability /CapabilityName:$Capability /quiet /norestart"
DISM /Online /Remove-Capability /CapabilityName:$Capability /quiet /norestart
} # End of ForEach
} # End of IF

# Disable Windows Capabilities
IF ($WindowsOptionalFeatures ) {
foreach ($OptionalFeature in $WindowsOptionalFeatures ) {
Write-Verbose "Disable-WindowsOptionalFeature -Online -FeatureName $OptionalFeature -norestart"
Disable-WindowsOptionalFeature -Online -FeatureName $OptionalFeature -norestart
} # End of ForEach
} # End of IF

# Remove unwanted printers
IF ($Printers) {
foreach ($Printer in $Printers) {
Write-Verbose "Remove-Printer $Printer"
Remove-Printer $Printer -ErrorAction SilentlyContinue
} # End of ForEach
} # End of IF

} #End of Process

End{
#Add something to check to see if it has run
#$year=(Get-Date).Year
#$month=(Get-Date).Month
#$day=(Get-Date).Day
#$date="$year.$month.$day"
#$hour=(get-date).Hour
#$minute=(get-date).Minute
#$time=get-date -Format T
#$displayversion="$date.$hour$minute"
#$regversion="$date.$hour$minute"
$regversion="2017.11.14.1427" #Update this when things have changed in the script, also update the GPO item level targeting

if( -not (Test-Path -Path "hklm:\SOFTWARE\LiU" -PathType Container) )
{
New-Item -Path "hklm:\SOFTWARE" -Name "LiU" | Out-Null
}

New-ItemProperty -Path "hklm:\SOFTWARE\LiU" -Name "RemovedUnwantedApps" -Type String -Value $regversion -Force | Out-Null
}# End of End
=== SCRIPT ENDS HERE ===