Removing Bloatware from Windows 10 & 11 via script

Updated May 2023 – The script is now multi-language so can be deployed to an OS in any Windows supported language and should work the same

Update – The script is now code signed for extra security

One complaint I often hear about using straight OOBE autopilot is around the bloatware, either manufacturer installed (McAfee trials anyone?) or the Microsoft stuff, after all, who needs Xbox Gaming bar on an enterprise machine?

One option is to take the machine and drop on a fresh ISO, add the autopilot hash (or inject the JSON) and then remove the Microsoft apps via Store for Business and uninstall assignments. This of course works well, but it’s effort and also means you can’t ship straight from the manufacturer unless you also send a USB stick with something like the excellent OSD Cloud from David Segura (which I would strongly recommend for “it’s dead, Jim,” rebuilds.

I, personally, prefer to embrace the future and go all out Autopilot, ship straight to your users and let Intune sort the rest which obviously pushes me down the scripting route. There are plenty of scripts out there, but none quite ticked all of the boxes, I wanted something that would remove all MS apps without me having to mess with the store, manufacturer bloat and anything else which might have crept on.

I then saw this post from Ben Whitmore and decided I wanted it to be self-updating too.

So, here is my BloatWare removal script:

https://github.com/andrew-s-taylor/public/tree/main/De-Bloat

In this folder you will find the script to remove the bloat, the script to deploy it and also a script if you want to deploy as an application (as well as the IntuneWin file)

De-Bloat Script

Let’s start with the script itself, it will:

  • Remove AppX Packages (listed)
  • Remove associated reg keys
  • Disable Windows Feedback
  • Removes Cortana from Search
  • Removes Web Results from search
  • Disables Wi-Fi Sense
  • Disables Live Tiles
  • Removes unwanted scheduled tasks (Xbox Live etc.)
  • Removes Windows 11 specific apps (Teams Chat for example)
  • Clears start menu
  • Disables the hidden surfing game in Edge
  • Removes Dell, HP and Lenovo specific bloat (by detecting manufacturer and deploying appropriately)
  • Removes McAfee (if detected)
  • Removes any Win32 apps which aren’t Intune, Windows Update or MS Edge
  • Removes Chrome
  • Removes Windows Copilot
  • Removes Windows Backup (win10 only)

I know some of you may be looking at the last two options and worrying about the current estate if you deploy site-wide, but I have you covered. The Win32 app removal part will only run if NO apps have been deployed via Intune. If it detects any installations, it will just skip that bit.

The full script will report back to a log file here:

C:\ProgramData\Debloat\Debloat.log

Intune Script Deployment

My suggestion is to deploy as a device script in Intune, that way it will run prior to any apps installing and you will have the full experience. This is where the secondary script comes in. This will grab the latest copy of the de-bloat script, copy it to the machine and run locally. It’s quicker and means you can always be sure devices are running the latest version without constantly replacing scripts:

NOTE: Run in the 64-bit context

$DebloatFolder = "C:\ProgramData\Debloat"
If (Test-Path $DebloatFolder) {
    Write-Output "$DebloatFolder exists. Skipping."
}
Else {
    Write-Output "The folder '$DebloatFolder' doesn't exist. This folder will be used for storing logs created after the script runs. Creating now."
    Start-Sleep 1
    New-Item -Path "$DebloatFolder" -ItemType Directory
    Write-Output "The folder $DebloatFolder was successfully created."
}

$templateFilePath = "C:\ProgramData\Debloat\removebloat.ps1"

Invoke-WebRequest `
-Uri "https://raw.githubusercontent.com/andrew-s-taylor/public/main/De-Bloat/RemoveBloat.ps1" `
-OutFile $templateFilePath `
-UseBasicParsing `
-Headers @{"Cache-Control"="no-cache"}

invoke-expression -Command $templateFilePath

Intune Application Deployment

If you would prefer to deploy as an application, you can either grab the Intunewin file and use the following commands:

Install:

powershell -executionpolicy bypass -file debloat-intune-script.ps1

Uninstall (obviously not an option, so a dead command)

cmd.exe /c

Detection:

C:\ProgramData\Debloat\Debloat.log

OR

If you want to be extra lazy, run this script:

Deploy-DeBloat-Application.ps1

Which will download the file and setup the application for you

Happy de-bloating!

212 thoughts on “Removing Bloatware from Windows 10 & 11 via script”

  1. Greate post!

    When i use the Deploy-DeBloat-Application.ps1 script i get some error messages that the create New-DetectionRule is not recognized.

    Is this due missing modules you are using, if so which modules do you use ?

    Reply
  2. I am having trouble getting this to work. It has ran on my test PC, looking at the logs it says its removed HP Bloat but its still there, and several other things that I have checked. The surf game is listed above but no mention of this on the log file.
    The HP bloat that is present is HP audio control, hp pc hardware diag, hp power manager, hp privacy settings, hp quickdrop, hp support assistant, hp system information and myhp
    This script would be perfect for our needs if we can get these bits sorted, many thanks.

    Reply
      • That’s sounds like it hasn’t deployed properly. Is the script in the ProgramData\DeBloat folder?
        Did it run in the System context as a device targeted script?

        Feel free to drop me an email if it’s easier

        Reply
        • Hi Andrew, cheers for the reply.
          Yes its in the programdata\debloat folder and the log says its run as system.
          I have looked for your email but cant find it directly, do you mean just the contact link on your about page?

          Reply
        • Hi Andrew,
          Thanks for your reply.
          Yes its running as system and in programdata\debloat
          it looks to have done lots of removal and disabling but not the HP bloat and Surf. I am just going to run it again on fresh autopilot.
          What is your email? i cant see it on the site or do you mean from the about page?
          Many thanks

          Reply
  3. Hi Andrew, thanks for this. I have a question. I want to keep Chrome on the device so I’ve commented out the sections on your script however how do I deploy the two scripts exactly. I’ve added the RemoveBloat script on intune however no luck.

    Reply
    • Hi Jess, you have two options for this. Firstly you could just deploy the removebloat script directly in Intune and target your devices, but keep in mind that you’ll need to keep updating it as and when we find more bits to remove.
      The other option is you fork or host the removebloat script in your own storage (and Azure blob would work fine) and then change the Uri in the debloat-intune-script to wherever you are hosting the bloat script itself.
      Feel free to drop me an email on the contact page if you need any help deploying them

      Reply
  4. Andrew this script is amazing. It’s almost 1:30 am and i should be in bed but i’m too excited. I’m watching this thing uninstall everything. lol.

    You have literally saved me hundreds of hours.

    Reply
  5. Hi Andrew,
    First off, thanks for all the work.

    I downloaded all 3 scripts. Which one do I call when creating the devices script? Deploy or Remove, or debloat?

    Thanks again!
    -Frank

    Reply
    • Hi Frank, the remove script is the one that does the actual removal. The Deploy script is if you want to use my version and have the machines always grab the latest copy. It’s entirely up to you which to use between the two.

      Hope this helps

      Reply
  6. It must be a name change because it is unistalling Windows Notepad. My work around is to have inTune reinstall notepad from the appstore after your script has run by using it as a dependency. Anyway….amazing script. THX for sharing.

    Reply
  7. Hi Andrew,

    First and foremost, thank you for your efforts – the script works perfectly except for removing Dell Bloatware – none of the Dell crap was removed, – I tested this on a Windows 11 machine.

    Reply
    • Hi, I have just released a new version which I think should fix the issue. I don’t have a Dell device to hand for testing so the names might need adjusting slightly of the apps. I’ll see if I can find a Dell ISO somewhere to spin up a VM

      Reply
  8. Hi Andy,

    This does not seem to remove the following Dell junk bloatware

    1)Dell Optimzer service
    2) Dell update – support assist update plugin

    Also nothing being removed on HP.
    Could you please release an update

    many thanks.

    Sithum

    Reply
  9. Hi,

    The script also removes firmware update and Waves.
    Attempting to remove Appx package: [WavesAudio.MaxxAudioProforDell2019]…
    Successfully removed Appx package: [WavesAudio.MaxxAudioProforDell2019]
    Attempting to remove Appx package: [WavesAudio.MaxxAudioProforDell2019]…
    Successfully removed Appx package: [WavesAudio.MaxxAudioProforDell2019]
    Attempting to uninstall: [Dell – Extension – 1.8.2.176]…
    Successfully uninstalled: [Dell – Extension – 1.8.2.176]
    Attempting to uninstall: [Dell, Inc. – Firmware – 0.1.7.0]…
    Successfully uninstalled: [Dell, Inc. – Firmware – 0.1.7.0]

    Can you exclude this please?

    Reply
  10. Hello Andrew,
    I ran your script locally on my windows 11 22h2 test machine and it succeeded without any error – well it seemed like. Before running, I did alter some small bits of the script, like commenting and uncommenting things we need/don’t need.

    The start menu didn’t change at all, the bloatware is still there like the spotify link, your phone, office …

    So I took a look in the log file, and it first looked okay, but I was wondering what these logs mean?

    “Trying to remove *app XYZ*
    Path :
    Online : True”

    Regards
    Felix

    Reply
    • Hi Felix,
      On Windows 11, those aren’t actual apps, they are just stubs which install the apps when clicked on.

      The script replaces the start menu on a Windows 10 machine, but Windows 11 works differently so I haven’t added that yet.

      If you are mananging the devices using Intune, the best option is to set the start menu with a config policy

      Reply
  11. Hi Andrew,
    wow – thank you for the quick response. I am right in my assumption that these app removals are applied system-wide and are not user specific? Do you know how windows behaves after bigger updates? Are these apps coming back at some point?

    I’ve tried the updated script, and it works much better now for Windows 11! Looks like Windows Enterprise, love it.

    But there are a few things which are still there:
    – Xbox Game Bar
    – Cortana
    – Microsoft To Do
    – OneDrive

    Would be awesome if you could update your script to delete these too. Maybe even make the “first steps” app as an option for removal?

    Fyi: I want to apply the script within my MDT task sequence. Currently trying to figure out the perfect timing since our domain policy and antivirus program blocks these kinds of scripts, so I have to run it after the installation and before domain join.

    Felix

    Reply
    • Hi Felix,

      The Game Bar is tricky to remove, but I’ve just added an update which will hide the gaming Settings menu.
      Cortana should now be removed as well.

      For To-Do, add this to the blacklisted apps at the top: “Microsoft.Todos”

      OneDrive you would have to look through the registry and call the uninstaller, it’s not something I will be adding to the script though as I feel it’s something everyone should be using anyway.

      The apps shouldn’t return after an update as the appxpackages are removed, but nothing is guaranteed on that front

      Thanks

      Andrew

      Reply
    • did you ever figure out to run via MDT task sequence? It runs for me but not all the bloatware is removed.
      I have it running under state restore after install applications.

      Reply
  12. Hello Andrew,
    thanks for the update, hope you had a good start into the new year.

    I finally put the update on my testing machine. The “Microsoft.Todos” wildcard worked and the Game Bar as well as Cortana are now gone, unfortunately WhatsApp, TikTok, Prime Video, Instagram, Adobe Express and Messenger are still there. I tried to alter the script and added these apps with wildcards to the bloatware list like “*Whatsapp*” etc., but it didn’t work. I think it’s because these icons are just links for installing and not the real apps.

    Best regards
    Felix

    Reply
    • Hi Felix,
      When are you running the script? Those aren’t apps but are just install stubs. If you run the script pre-login, it sets the default start menu for new users.
      If you run it after a user has already logged in though, it won’t update for that user.

      Thanks

      Andrew

      Reply
  13. Would it be possible to include a way to add our own whitelisted apps in a local file or something? That way we can leave the automatic download of your script running and we would only have to change the local file.

    Reply
  14. Hey Andrew, thanks for the great work you’re providing. Could you add Microsoft Family to your script? It is now installed with Windows 11 Pro. Thanks, Mike

    Reply
  15. Hi Andrew,

    Many thanks for this great script, it’s ideal for use when autopiloting devices. I have noticed in the log that Dell – Extension and Dell, Inc. – Firmware is being removed even though they’re whitelisted. Log extract below:

    Attempting to uninstall: [Dell – Extension – 1.8.2.176]…
    Successfully uninstalled: [Dell – Extension – 1.8.2.176]
    Attempting to uninstall: [Dell – Extension – 1.8.2.146]…
    Successfully uninstalled: [Dell – Extension – 1.8.2.146]
    Attempting to uninstall: [Dell, Inc. – Firmware – 0.1.8.3]…
    Successfully uninstalled: [Dell, Inc. – Firmware – 0.1.8.3]
    Attempting to uninstall: [Dell, Inc. – Firmware – 11.20.1.7]…
    Successfully uninstalled: [Dell, Inc. – Firmware – 11.20.1.7]

    We’ve amended only a small section of your script and have wrapped it up as a Win32 app.

    Any ideas why this would be happening?

    Many thanks once again.

    Reply
  16. Sorry Andrew, also seems to be uninstalling Edge and other apps after the Detect McAfee script line:

    Uninstalling Microsoft Edge
    Uninstalling Teams Machine-Wide Installer
    Uninstalling Microsoft Intune Management Extension

    Reply
  17. Thanks for coming back so quickly Andrew. Sure, it’s after the Detecting Manufacturer then Dell detected section.

    Reply
  18. Hi Andrew, great script. I’m running this against a new HP laptop, but it’s not removing HP Connection Optimizer, HP Documentation, HP Security Update Service, HP Sure Run Module and HP Wolf Security – Console. Any ideas?

    Detecting Manufacturer
    HP detected
    Attempting to uninstall: [HP Security Update Service]…
    WARNING: Failed to uninstall: []
    Removed HP bloat

    Reply
        • Seems to be working, thank you! I did notice, even on a clean install of Win11 Azure join autopilot, the Teams Chat icon is still in the taskbar. I can hide this with a config policy, but any idea why the script isn’t hiding that? I ran it manually in a elevated PS windows, and it doesn’t hide/disable it. It’s in the script:

          #Remove Teams Chat
          $MSTeams = “MicrosoftTeams”

          $WinPackage = Get-AppxPackage -allusers | Where-Object {$_.Name -eq $MSTeams}
          $ProvisionedPackage = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $WinPackage }
          If ($null -ne $WinPackage)
          {
          Remove-AppxPackage -Package $WinPackage.PackageFullName
          }

          If ($null -ne $ProvisionedPackage)
          {
          Remove-AppxProvisionedPackage -online -Packagename $ProvisionedPackage.Packagename
          }
          write-host “Removed Teams Chat”

          Reply
  19. One thing to keep in mind is that the location service is required if you want to use the locate device function from Intune. This is particularly useful when a device is lost or accidentally left at an airport (speaking from experience).

    We had a user walk away from their laptop bag and board an airplane. We were able to find the device location and contacted the airport to retrieve the laptop at a later date.

    Reply
  20. Getting a TerminatingError(Set-ACL): “The argument cannot be bound to the “AclObject” parameter because it is NULL.”

    SettingsPageVisibility : hide:gaming-gamebar;gaming-gamedvr;gaming-broadcasting;gaming-gamemode;gaming-xboxnetworking
    PSPath                 : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
    PSParentPath           : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
    PSChildName            : Explorer
    PSDrive                : HKLM
    PSProvider             : Microsoft.PowerShell.Core\Registry

    System info:
    Windows: 10.0.22621.0
    PSVersion: 5.1.22621.963
    PSEdition: Desktop
    PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.22621.963
    BuildVersion: 10.0.22621.963
    CLRVersion: 4.0.30319.42000
    WSManStackVersion: 3.0
    PSRemotingProtocolVersion: 2.3
    SerializationVersion: 1.1.0.1

    Reply
  21. When running the Dell software removal the variables are coming back as empty arrays even though Dell software is installed on the computer. If you only run the matching for $UninstallPrograms or -like “*Dell*”, it fills the array and returns a valid list. I believe the issue is when checking the items matching the $WhitelistedApps.

    The script should be written like this instead:

    $InstalledPackages = Get-AppxPackage -AllUsers | Where-Object {(($_.Name -in $UninstallPrograms) -or ($_.Name -like “*Dell*”)) -and ($_.Name -NotMatch $WhitelistedApps)}

    $ProvisionedPackages = Get-AppxProvisionedPackage -Online | Where-Object {(($_.Name -in $UninstallPrograms) -or ($_.Name -like “*Dell*”)) -and ($_.Name -NotMatch $WhitelistedApps)}

    $InstalledPrograms = Get-Package | Where-Object {(($_.Name -in $UninstallPrograms) -or ($_.Name -like “*Dell*”)) -and ($_.Name -NotMatch $WhitelistedApps)}

    I haven’t used any portion of the other manufacturers so I can’t speak to the validity of code there as I removed it from the script, but it will likely cause the same issue if you are using the same syntax.

    Reply
    • I’ve updated it now with that new query. Dell was the more tricky one to sort, plus I don’t have any Dell machines here to test on.
      Let me know how you get on with the new one

      Thanks

      Reply
  22. Hello,
    When i run the PS script from intune for Pre-Provisioning in Windows 11 22H2 it seems to work great but all the apps that were uninstalled that live in the start menu don’t get unpinned/Uninstalled and since the apps are uninstalled you can’t unpin them from PS. Was not sure if that is normal or just a new bug for windows 11? The apps that stay are
    M365 (Office), Mail and Calendar, Xbox, Solitaire Kindel, Spotify, WhatsApp, TikTok, ESPN, Instagram, Prime Video, Windows Clock, Movies & TV, and Microsoft Tips.

    Reply
    • Hi Patrick,
      Those apps aren’t apps, but stubs which install the apps when clicked on. The script should replace the start menu layout, I’ll see what happens on a W11 22H2 box.
      If you are using Intune, I would suggest pushing out a custom start menu anyway which will fix it for all users (I’ve covered it here)

      Reply
  23. OS – WINDOWS 11 22H2

    i try to run your script and got the following error, any idea to resolved?

    PS C:\ProgramData\DeBloat> .\Deploy-DeBloat-Application.ps1
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:209 char:17
    + Sign up
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks (“&”) to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:214 char:209
    + … k Button–medium Button d-lg-none color-fg-inherit p-1″> <span cla …
    + ~
    The '<' operator is reserved for future use.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:432 char:13
    + CI/CD & Automation
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1378 char:96
    + … ="" data-disable-with="" data-dropdown-tracking="{"type":&q …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1378 char:103
    + … a-disable-with="" data-dropdown-tracking="{"type":"blo …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1378 char:146
    + … "type":"blob_edit_dropdown.more_options_click",&q …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1378 char:153
    + … type":"blob_edit_dropdown.more_options_click","co …
    + ~
    Missing expression after unary operator ','.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1378 char:153
    + … ype":"blob_edit_dropdown.more_options_click","con …
    + ~
    Unexpected token '&' in expression or statement.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1378 char:166
    + … ot;blob_edit_dropdown.more_options_click","context":{& …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1378 char:193
    + … options_click","context":{"repository_id":37 …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    Not all parse errors were reported. Correct the reported errors and try again.
    + CategoryInfo : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : AmpersandNotAllowed

    Reply
  24. Hi,

    Downloaded your script.
    Seem to be same issue as well.

    PS C:\ProgramData\DeBloat> .\Deploy-DeBloat-Application.ps1
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:210 char:17
    + Sign up
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks (“&”) to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:215 char:209
    + … k Button–medium Button d-lg-none color-fg-inherit p-1″> <span cla …
    + ~
    The '<' operator is reserved for future use.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:433 char:13
    + CI/CD & Automation
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1379 char:96
    + … ="" data-disable-with="" data-dropdown-tracking="{"type":&q …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1379 char:103
    + … a-disable-with="" data-dropdown-tracking="{"type":"blo …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1379 char:146
    + … "type":"blob_edit_dropdown.more_options_click",&q …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1379 char:153
    + … type":"blob_edit_dropdown.more_options_click","co …
    + ~
    Missing expression after unary operator ','.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1379 char:153
    + … ype":"blob_edit_dropdown.more_options_click","con …
    + ~
    Unexpected token '&' in expression or statement.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1379 char:166
    + … ot;blob_edit_dropdown.more_options_click","context":{& …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    At C:\ProgramData\DeBloat\Deploy-DeBloat-Application.ps1:1379 char:193
    + … options_click","context":{"repository_id":37 …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks ("&") to pass it as part of a string.
    Not all parse errors were reported. Correct the reported errors and try again.
    + CategoryInfo : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : AmpersandNotAllowed

    Reply
    • Is the Graph connection working ok? It seems to be trying to sign you up for something
      What happens if you run this:
      Select-MgProfile -Name Beta
      Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, Group.ReadWrite.All, GroupMember.ReadWrite.All, openid, profile, email, offline_access

      Reply
  25. Ignore please. Thats a blunder from my side.
    I save the link which brought unnecessary HTML codes.
    once i’ve click and open your code into raw then I copy your code and its working fine now 🙂

    Reply
  26. Hi Andrew,

    Is there a way not to remove dell software (we like to use them for firmware upgrades etc).
    And still continue to use your automatic running the debloat from github?
    I like the way you maintain it 🙂

    Reply
    • Possibly, if I offloaded the whitelist or check for a text file first.
      What if I added a parameter for a whitelist text file path, if it exists, use that, if not use the defaults.
      Would something like that work?
      Which apps do you use which are being removed? The other option would be a parameter for those particular apps

      Reply
  27. I am testing out the remove bloat script and all of the HKCU pieces are not getting applied since the script is running as the system. Do I need to just separate those registry entries and run them as a separate script or am I not deploying the script correctly? I am deploying as a 64bit script and its set to use system instead of users credentials.

    I am fine with creating a separate script for the HKCU portions but thought I pose the question first.

    Reply
  28. Further note, this is on existing devices where its being run after the fact, not during the OOBE process. But it will also be set to run on devices as they autopilot going forward.

    Reply
  29. Didn’t know if anything could be added to remove the Microsoft feed part in the task bar. Thank you a million times for having this available!!

    Reply
  30. Thanks for the effort. The script works perfectly. It is exactly what we were looking for to remove the Windows bloatware, but also Dell’s. 🙂

    Reply
  31. Hi Andrew.
    This is extremely interesting. I stumbled upon your site and have read through almost all the messages.
    I was actually after a bloatfree version of Windows as I purchased a mini pc with windows 10 image loaded.
    It just has so much rubbish pre-installed. I quite obviously am not running in a corporate network so Intune is not an option and group policy is not applicable.
    The idea was to just get rid of unwanted apps and junk as the mini is used for streaming and wanting to optimize it for best performance.
    Nice work.

    Reply
  32. This script is awesome, although I’m noticing it’s removing some Win32 apps that are being installed by Intune. I’ve deployed as a device script to a test group and it reports as failed but it has run. When going through the logs I noticed that it uninstalled the ScreenConnect Client that I deployed as a Win32 app as well as some Win32 apps that were deployed using Chocolatey. Is this an issue with the script or how I’m deploying?

    Reply
    • If it finds anything in here, it should abort any win32 uninstalls, can you check if anything shows?
      HKLM:\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps

      Deploying as a device script during ESP/OOBE is the best way to deploy it so it sounds like yours is setup correctly

      Reply
  33. Hi there,
    I wanted to give you a heads up that there might be an Issue with removing Dell Bloatware around line 1040. It doesn’t seem to check if an app is whitelisted properly. I noticed this when I tried to add SupportAssist to the white list and it was still removed. I’m pretty sure this is because you are checking if the name of each program matches the $WhitelistedApps as a variable rather than checking if the name matches any one of the Strings within $WhitelistedApps. I’m not sure if anyone else has had an issue with this but I was able to fix it by changing it to loop through $Whitelisted apps and check against each element.
    Thank you!

    Reply
  34. Hi there,
    Unfortunately the script doesn’t work microsoft surface pro. I have an old microsoft surface pro 4 and after running the script nothing was uninstalled.

    Reply
  35. Hi Andrew,

    Just deployed it yesterday, works well, removed most bloatware, except some staff came to us this morning and complained that OneNote for Windows 10 has been removed from their laptops. Can you kindly remove this line 314 “Microsoft.Office.OneNote” on RemoveBloat.ps1 ? Thank you very much.

    Reply
    • Hi,
      You may want to create your own fork and remove it that way. Most people use OneNote that comes with the M365 apps so want the Windows one removed. If enough people request me to remove this, I will do, but it’s used by a lot of people so I need to be careful with the changes.

      Reply
  36. Sorry, please also remove Minecraft from the script, as we are educational institutions, some students are actually using Minecraft. Thanks very much.

    Reply
  37. I’m not sure if i understand.. We got 50 new Notebooks and want to debloat them while the autopilot-process is running (or after that) I need to deploy the script and after that, there is another script which needs to be running, too? I don’t understand why there are so many scripts/files at github.. intunewim is clear, but i don’t understand the difference between “Deploy-DeBloat-Application.ps1”, “RemoveBloat.ps1” and “debloat-intune-script.ps1”. I thought I need to run the debloat-intune-script.ps1, but it is over 1 year old..

    Maybe you are able to give some information.. Best regards and have a nice weekend!

    Reply
    • It can be confusing, I’ll run through what each one does:
      Deploy-DeBloat-Application – This deploys the script as an intunewin package
      RemoveBloat.ps1 – This is the one that does all of the work
      debloat-intune-script – If you deploy this one, it will download the latest debloat script to the device and then run it. It’s a way to save having to replace the RemoveBloat script every time it is updated

      Hope this helps 🙂

      Reply
  38. Hi.

    Trying the script mainly to get rid off McAfee during Autopilot, however it seems to work in part, but the process mfemms.exe is still running. And in Services I can still see lots of McAfee services with error messages and one is running. Checked the debloat log, and the cleanup tool has been run. Any suggestions? anyone else with this issue?

    Otherwise, great script, thanks.

    Reply
  39. Hi Andrew,

    Deploying the script via Intune to as a required Win32 app, as part of the autopilot setup. We currently have our machines sent directly to users from Dell and the even though the script is marked as ‘installed’ in Intune, I still see teams home edition installed on the machine.

    Any ideas? I know the issue is quite specific.

    Great script btw! The majority of devices have had the script applied and working as should, made my life a lot easier! Thanks 🙂

    Reply
  40. Hi.

    Yes, Im running the intune script version, that gathers everything from internet. Its OOBE / Autopilot.

    Most of it is gone, but I still get a popup saying McAfee subscription has ended when it enters Windows for the first time, its a Lenovo laptop. But it looks like a Windows popup. The McAfee toast notification is not showing.

    /Simon

    Reply
  41. Its a Lenovo E14 (21E30057MX), preinstalled with Windows 11, if you can find an ISO with the McAfee junk on, please let me know where to find it!

    Thanks!

    Reply
  42. Hey Andrew!

    Thank you for this script, it’s absolutely excellent.

    I am having some issues with the start menu layout. According to the log, it clears the start menu:
    Clearing Start Menu
    Windows 10 Detected
    Removing Current Layout
    Creating Default Layout

    I am pushing a customised layout for start menu and taskbar from Intune with an XML file. Which does push successfully. However, I can see 2 start menu tiles not added by me, a group called ‘Productivity’ with the photos tile in it and ‘Explore’ with the Microsoft store tile in it.

    The debloat script is pushed to the autopilot device group and script is ran in 64 bit PowerShell Host. I am not entirely sure where the 2 random groups are coming from and I was under the assumption that when your script runs, it would clear it? I am pre-provisioning the laptops before signing in with a user.

    Thank you,
    Jazzy

    Reply
    • Hi,
      In your custom layout you are pushing, are you replacing what is there, or adding to it?
      The de-bloat clears to Microsoft standard layout which I think comes with those two groups by standard.

      Check you have this in your XML:

      Thanks

      Reply
  43. Hey Andrew!

    Thank you for such a quick reply. I cannot see any content after your XML: comment

    This is my current custom layout:

    Thank you,
    Jazzy.

    Reply
  44. And if I take out LayoutCustomizationRestrictionType=”OnlySpecifiedGroups”, it’ll replace it but users can’t edit the start menu layout anymore? I was hoping your script would clear it so that I can use ‘add’ to a blank layout rather than have to replace it and that other users can’t alter it anymore.

    Reply
    • I’ve just tested it on a Win 10 machine and with a custom layout (which users can customise), I don’t get those two groups.
      Is your custom layout applying ok onto the device?

      Reply
  45. Yep! I can see the other taskbar icons that I pinned along with the start menu group I created. So profile definitely applying and according to the debloat logs, it’s deleting the default layout and applying the blank layout, so not sure where the other default groups are coming from.

    Reply
  46. Hey, Andrew!

    Thank you for the amazing script. We’ve been banging our heads against the wall for weeks trying to get rid of McAfee for our OOBE/Intune installs.

    I’m sure this has already been addressed, but I didn’t see it anywhere on this page or in the comments.

    We currently have the RemoveBloat.ps1 script running as a PowerShell Script in Intune. You mention the second script in the blog, debloat-intune-script.ps1. Do we run that in addition to the RemoveBloat.ps1, or should it replace it and be the only script we run from Intune under the PowerShell Scripts?

    Thank you again!

    Reply
    • Hi
      Great that you are finding it useful!
      Both ultimately do the same thing, the debloat-intune-script simply downloads the latest version to the host machine and then runs it.
      This gives you the advantage that your machines are always running the latest version without any effort from your side.

      Deploying removebloat directly will work fine, but if you want the latest version you will need to update in Intune which will re-run on all devices (it won’t do any damage, but just worth keeping in mind)

      Hope this helps

      Reply
  47. I am going to give this a go, but wanted to check before i do. I want to run this in autopilot only as a required win32app but I am not sure how to do it to new autopilot devices only. If I create a new app and make it required, logic says that t will deploy to all machines. If i add to the autopilot profile without the required setting, surely it it won’t execute. Any ideas

    Reply
    • Hi, there isn’t an easy way to target just new devices unless you set a requirements rule that something doesn’t exist (an app in your core apps maybe).
      There shouldn’t be any harm in deploying to existing devices though as it is just removing apps you wouldn’t want on them anyway.

      I tend to deploy as a script rather than an app as that runs earlier in the process and can remove any installed bloat apps like McAfee (it detects if any Win32 apps have been deployed, if it finds one, it skips the removal of installed/non-store apps)

      Reply
  48. I am running the script on a Panasonic Toughbook and it is disabling the GPS function. I have commented out all lines pertaining to location but I seem to be missing some, any idea’s?

    Reply
    • It could possibly be diagnostics tracking?
      Line 721:
      Write-Host “Stopping and disabling Diagnostics Tracking Service”
      #Disabling the Diagnostics Tracking Service
      Stop-Service “DiagTrack”
      Set-Service “DiagTrack” -StartupType Disabled

      Nothing else in there which should stop GPS though unless it uses a store app?

      Reply
  49. Adding a local whitelist file would be very useful.

    We use ClipChamp to create videos for training, and need to keep reinstalling after the script runs.

    Reply
  50. Hey first off thank you for this! This is exactly what we need to roll out a bunch of new laptops for our student body! Hoping to understand more how this works. I’ve uploaded the debloat-intune-script.ps1 to InTune. This has created the DeBloat directory in %programdata%, however, as I understand it, it should copy removeBloat.ps1, then start running it to actually remove the bloat. This is not happening in my instance so the rest of the script is failing with the following error basically saying it cannot find the path of the removeBloat.ps1 script. Any assistance would be greatly appreciate! Thanks again!!

    Reply
    • Hi,
      Yes, that is how it should work.
      Do you have any web filtering in place? If you look inside the script it has the location it downloads from so you could try that on a machine to see if there are any errors.
      There are a few other downloads from the repo in the main script as well so if it is filtering or a firewall, it might be worth exempting the whole de-bloat folder in the repo

      Reply
  51. Hi Andrew!

    Should this be considered a one time needed script? I’m curious whether I could run this script when we receive the device from the supplier and then rebuilding with our corporate image. Or do we have to rebuild first and then run the script?

    Normally when we receive laptops from suppliers, the bloatware used to go away after rebuild but we are facing a number of devices on which this doesn’t happen after the rebuild so I’m looking into trying out your script for this situation!

    Reply
    • Hi Georgiana,
      Either way will work fine, the only difference is if you run it pre-rebuild, the Windows apps will re-appear. I usually run it during OOBE when building or rebuilding a machine.
      Hope this helps 🙂

      Reply
  52. Hello, thank you for your awesome script, I really appreciate it.

    I ran this script on a Lenovo Thinkbook 13s with W11 and could not factory reset the computer (via Windows Settings, local reset) afterwards.

    It got fixed after I went to Lenovo’s website and installed some software for Lenovo diagnostics. After a firmware upgrade that was installed by Lenovo System Update, I could once again factory restore.

    Just thought I’d share what I learned, as the ability to factory restore a computer from the Windows Settings might be something that’s worth keeping.

    Reply
  53. Hi Andrew,

    Thank you for creating this script, sharing it and helping everyone!

    I’m running into issues with HP laptops with “HP Client Security Manager” installed.

    The script stops or is stuck in a loop when attempting to uninstall HP Client Security Manager.

    In the Debloat.log file we don’t have much:
    Detecting Manufacturer
    HP detected
    Attempting to uninstall: [HP Client Security Manager]…
    Successfully uninstalled: [HP Client Security Manager]
    Attempting to uninstall: [HP Client Security Manager]…

    However, when we run it manually in Powershell, we get the following:

    Detecting Manufacturer

    HP detected

    Attempting to uninstall: [HP Client Security Manager]…

    Successfully uninstalled: [HP Client Security Manager]

    Attempting to uninstall: [HP Client Security Manager]…

    WARNING: Failed to uninstall: []

    Attempting to uninstall: [HP Notifications]…

    WARNING: Failed to uninstall: []

    Attempting to uninstall: [HP Sure Recover]…

    WARNING: Failed to uninstall: []

    Attempting to uninstall: [HP System Default Settings]…

    WARNING: Failed to uninstall: []

    Attempting to uninstall: [HP Client Security Manager]…

    __GENUS : 2

    __CLASS : __PARAMETERS

    __SUPERCLASS :

    __DYNASTY : __PARAMETERS

    __RELPATH :

    __PROPERTY_COUNT : 1

    __DERIVATION : {}

    __SERVER :

    __NAMESPACE :

    __PATH :

    ReturnValue : 1618

    PSComputerName :

    Successfully uninstalled: [HP Client Security Manager]

    Attempting to uninstall: [HP Client Security Manager]…

    When we try to uninstall it manually it’s asking to preserve user data and then reboot the PC “The setup must update files or services that cannot be updated while the system is running. If you choose to continue, a reboot will be required to complete the setup.”

    Please let me know if there could be a way to fully uninstall this one with you script.

    Thanks!

    Reply
    • Hi Martin,
      Would you be able to check if there are any additional parameters that can be sent to the application to force an uninstall without a reboot? I can then remove that from the main array and add it as a separate uninstall command (unfortunately I don’t have an HP laptop for testing)

      Reply
  54. I noticed that with the Diagnostic Tracking service disabled you will lose telemetry data into Intune like Endpoint Analytics, Startup Performance, and Application Reliability.

    I setup another script to re-enable the service versus using a one-off version of your great script.

    Reply
  55. Andrew, love your github and time you have taken to share this with everyone. Thank you for that.
    I’m trying to cleanup an existing environment that was not managed very well for many years and I’m not one of the cool kids with intune. Is it possible to deploy this to existing workstations with active users using SCCM or is this strictly for intune?

    Reply
  56. Remove-Item ‘HKLM:\SOFTWARE\Policies\Lenovo\Commercial Vantage’ -Recurse -ErrorAction SilentlyContinue

    This one can you also add so the software to this get uninstalled, it doesnt get removed in the current version.

    All elles Vantage software is removed. By i still have Commercial Vantage installed after running it.

    Reply
  57. Andrew, Strong work here. Going to do some testing with this when I get time to read through all the code. Probably go for the removal script VS the auto update as I like seeing what changes between versions. Thanks for sharing.

    Reply
  58. But that registry is already in there, but it doesnt seem to remove the Commercial Vantage from the add/remove programs list, still a under 1mb app left that can be uninstalled.

    Reply
  59. Hello Andrews, thank you for the script. I’ve added Dell Command Update to the whitelist, but it still gets uninstalled. I removed the part of the script that updates the script, but my script changes don’t seem to take effect. Do you have any ideas on how to fix this?

    Reply
  60. ############################################################################################################
    # Initial Setup #
    # #
    ############################################################################################################

    ##Elevate if needed

    If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]’Administrator’)) {
    Write-Host “You didn’t run this script as an Administrator. This script will self elevate to run as an Administrator and continue.”
    Start-Sleep 1
    Write-Host ” 3″
    Start-Sleep 1
    Write-Host ” 2″
    Start-Sleep 1
    Write-Host ” 1″
    Start-Sleep 1
    Start-Process powershell.exe -ArgumentList (“-NoProfile -ExecutionPolicy Bypass -File `”{0}`”” -f $PSCommandPath) -Verb RunAs
    Exit
    }

    #no errors throughout
    $ErrorActionPreference = ‘silentlycontinue’

    #Function Get-ScriptVersion(){

    #[cmdletbinding()]
    #
    #param
    #(
    # $liveuri
    # )
    #$contentheaderraw = (Invoke-WebRequest -Uri $liveuri -Method Get)
    #$contentheader = $contentheaderraw.Content.Split([Environment]::NewLine)
    #$liveversion = (($contentheader | Select-String ‘Version:’) -replace ‘[^0-9.]’,”) | Select-Object -First 1
    #$currentversion = ((Get-Content -Path $PSCommandPath | Select-String -Pattern “Version: *”) -replace ‘[^0-9.]’,”) | Select-Object -First 1
    #if ($liveversion -ne $currentversion) {
    #write-host “Script has been updated, please download the latest version from $liveuri” -ForegroundColor Red
    #}
    #}
    #Get-ScriptVersion -liveuri “https://raw.githubusercontent.com/andrew-s-taylor/public/main/De-Bloat/RemoveBloat.ps1”

    #Create Folder
    $DebloatFolder = “C:\ProgramData\Debloat”
    If (Test-Path $DebloatFolder) {
    Write-Output “$DebloatFolder exists. Skipping.”
    }
    Else {
    Write-Output “The folder ‘$DebloatFolder’ doesn’t exist. This folder will be used for storing logs created after the script runs. Creating now.”
    Start-Sleep 1
    New-Item -Path “$DebloatFolder” -ItemType Directory
    Write-Output “The folder $DebloatFolder was successfully created.”
    }

    Start-Transcript -Path “C:\ProgramData\Debloat\Debloat.log”

    $locale = Get-WinSystemLocale | Select-Object -expandproperty Name

    ##Switch on locale to set variables
    ## Switch on locale to set variables
    switch ($locale) {
    “ar-SA” {
    $everyone = “الجميع”
    $builtin = “مدمج”
    }
    “bg-BG” {
    $everyone = “Всички”
    $builtin = “Вграден”
    }
    “cs-CZ” {
    $everyone = “Všichni”
    $builtin = “Vestavěný”
    }
    “da-DK” {
    $everyone = “Alle”
    $builtin = “Indbygget”
    }
    “de-DE” {
    $everyone = “Jeder”
    $builtin = “Integriert”
    }
    “el-GR” {
    $everyone = “Όλοι”
    $builtin = “Ενσωματωμένο”
    }
    “en-US” {
    $everyone = “Everyone”
    $builtin = “Builtin”
    }
    “en-GB” {
    $everyone = “Everyone”
    $builtin = “Builtin”
    }
    “es-ES” {
    $everyone = “Todos”
    $builtin = “Incorporado”
    }
    “et-EE” {
    $everyone = “Kõik”
    $builtin = “Sisseehitatud”
    }
    “fi-FI” {
    $everyone = “Kaikki”
    $builtin = “Sisäänrakennettu”
    }
    “fr-FR” {
    $everyone = “Tout le monde”
    $builtin = “Intégré”
    }
    “he-IL” {
    $everyone = “כולם”
    $builtin = “מובנה”
    }
    “hr-HR” {
    $everyone = “Svi”
    $builtin = “Ugrađeni”
    }
    “hu-HU” {
    $everyone = “Mindenki”
    $builtin = “Beépített”
    }
    “it-IT” {
    $everyone = “Tutti”
    $builtin = “Incorporato”
    }
    “ja-JP” {
    $everyone = “すべてのユーザー”
    $builtin = “ビルトイン”
    }
    “ko-KR” {
    $everyone = “모든 사용자”
    $builtin = “기본 제공”
    }
    “lt-LT” {
    $everyone = “Visi”
    $builtin = “Įmontuotas”
    }
    “lv-LV” {
    $everyone = “Visi”
    $builtin = “Iebūvēts”
    }
    “nb-NO” {
    $everyone = “Alle”
    $builtin = “Innebygd”
    }
    “nl-NL” {
    $everyone = “Iedereen”
    $builtin = “Ingebouwd”
    }
    “pl-PL” {
    $everyone = “Wszyscy”
    $builtin = “Wbudowany”
    }
    “pt-BR” {
    $everyone = “Todos”
    $builtin = “Integrado”
    }
    “pt-PT” {
    $everyone = “Todos”
    $builtin = “Incorporado”
    }
    “ro-RO” {
    $everyone = “Toată lumea”
    $builtin = “Incorporat”
    }
    “ru-RU” {
    $everyone = “Все пользователи”
    $builtin = “Встроенный”
    }
    “sk-SK” {
    $everyone = “Všetci”
    $builtin = “Vstavaný”
    }
    “sl-SI” {
    $everyone = “Vsi”
    $builtin = “Vgrajen”
    }
    “sr-Latn-RS” {
    $everyone = “Svi”
    $builtin = “Ugrađeni”
    }
    “sv-SE” {
    $everyone = “Alla”
    $builtin = “Inbyggd”
    }
    “th-TH” {
    $everyone = “ทุกคน”
    $builtin = “ภายในเครื่อง”
    }
    “tr-TR” {
    $everyone = “Herkes”
    $builtin = “Yerleşik”
    }
    “uk-UA” {
    $everyone = “Всі”
    $builtin = “Вбудований”
    }
    “zh-CN” {
    $everyone = “所有人”
    $builtin = “内置”
    }
    “zh-TW” {
    $everyone = “所有人”
    $builtin = “內建”
    }
    default {
    $everyone = “Everyone”
    $builtin = “Builtin”
    }
    }

    ############################################################################################################
    # Remove AppX Packages #
    # #
    ############################################################################################################

    #Removes AppxPackages
    $WhitelistedApps = ‘Microsoft.WindowsNotepad|Microsoft.CompanyPortal|Microsoft.ScreenSketch|Microsoft.Paint3D|Microsoft.WindowsCalculator|Microsoft.WindowsStore|Microsoft.Windows.Photos|CanonicalGroupLimited.UbuntuonWindows|`
    |Microsoft.MicrosoftStickyNotes|Microsoft.MSPaint|Microsoft.WindowsCamera|.NET|Framework|Microsoft.MicrosoftSolitaireCollection|Microsoft.Whiteboard|Microsoft.WindowsAlarms|Microsoft.WindowsCamera|Microsoft.Office.Lens|Microsoft.Print3D|Microsoft.RemoteDesktop|`
    Microsoft.HEIFImageExtension|Microsoft.ScreenSketch|Microsoft.StorePurchaseApp|Microsoft.VP9VideoExtensions|Microsoft.WebMediaExtensions|Microsoft.WebpImageExtension|Microsoft.DesktopAppInstaller|WindSynthBerry|MIDIBerry|Slack’
    #NonRemovable Apps that where getting attempted and the system would reject the uninstall, speeds up debloat and prevents ‘initalizing’ overlay when removing apps
    $NonRemovable = ‘1527c705-839a-4832-9118-54d4Bd6a0c89|c5e2524a-ea46-4f67-841f-6a9465d9d515|E2A4F912-2574-4A75-9BB0-0D023378592B|F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE|InputApp|Microsoft.AAD.BrokerPlugin|Microsoft.AccountsControl|`
    Microsoft.BioEnrollment|Microsoft.CredDialogHost|Microsoft.ECApp|Microsoft.LockApp|Microsoft.MicrosoftEdgeDevToolsClient|Microsoft.MicrosoftEdge|Microsoft.PPIProjection|Microsoft.Win32WebViewHost|Microsoft.Windows.Apprep.ChxApp|`
    Microsoft.Windows.AssignedAccessLockApp|Microsoft.Windows.CapturePicker|Microsoft.Windows.CloudExperienceHost|Microsoft.Windows.ContentDeliveryManager|Microsoft.Windows.Cortana|Microsoft.Windows.NarratorQuickStart|`
    Microsoft.Windows.ParentalControls|Microsoft.Windows.PeopleExperienceHost|Microsoft.Windows.PinningConfirmationDialog|Microsoft.Windows.SecHealthUI|Microsoft.Windows.SecureAssessmentBrowser|Microsoft.Windows.ShellExperienceHost|`
    Microsoft.Windows.XGpuEjectDialog|Microsoft.XboxGameCallableUI|Windows.CBSPreview|windows.immersivecontrolpanel|Windows.PrintDialog|Microsoft.XboxGameCallableUI|Microsoft.VCLibs.140.00|Microsoft.Services.Store.Engagement|Microsoft.UI.Xaml.2.0|*Nvidia*’
    Get-AppxPackage -AllUsers | Where-Object {$_.Name -NotMatch $WhitelistedApps -and $_.Name -NotMatch $NonRemovable} | Remove-AppxPackage
    Get-AppxPackage -allusers | Where-Object {$_.Name -NotMatch $WhitelistedApps -and $_.Name -NotMatch $NonRemovable} | Remove-AppxPackage
    Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -NotMatch $WhitelistedApps -and $_.PackageName -NotMatch $NonRemovable} | Remove-AppxProvisionedPackage -Online

    ##Remove bloat
    $Bloatware = @(

    #Unnecessary Windows 10/11 AppX Apps
    “Microsoft.BingNews”
    “Microsoft.GetHelp”
    “Microsoft.Getstarted”
    “Microsoft.Messaging”
    “Microsoft.Microsoft3DViewer”
    “Microsoft.MicrosoftOfficeHub”
    “Microsoft.NetworkSpeedTest”
    “Microsoft.MixedReality.Portal”
    “Microsoft.News”
    “Microsoft.Office.OneNote”
    “Microsoft.Office.Sway”
    “Microsoft.OneConnect”
    “Microsoft.People”
    “Microsoft.SkypeApp”
    “Microsoft.StorePurchaseApp”
    “Microsoft.Office.Todo.List”
    “microsoft.windowscommunicationsapps”
    “Microsoft.WindowsFeedbackHub”
    “Microsoft.WindowsMaps”
    “Microsoft.WindowsSoundRecorder”
    “Microsoft.Xbox.TCUI”
    “Microsoft.XboxApp”
    “Microsoft.XboxGameOverlay”
    “Microsoft.XboxIdentityProvider”
    “Microsoft.XboxSpeechToTextOverlay”
    “Microsoft.ZuneMusic”
    “Microsoft.ZuneVideo”
    “MicrosoftTeams”
    “Microsoft.YourPhone”
    “Microsoft.XboxGamingOverlay_5.721.10202.0_neutral_~_8wekyb3d8bbwe”
    “Microsoft.GamingApp”
    “SpotifyAB.SpotifyMusic”
    “Disney.37853FC22B2CE”
    “*EclipseManager*”
    “*ActiproSoftwareLLC*”
    “*AdobeSystemsIncorporated.AdobePhotoshopExpress*”
    “*Duolingo-LearnLanguagesforFree*”
    “*PandoraMediaInc*”
    “*CandyCrush*”
    “*BubbleWitch3Saga*”
    “*Wunderlist*”
    “*Flipboard*”
    “*Twitter*”
    “*Facebook*”
    “*Spotify*”
    “*Minecraft*”
    “*Royal Revolt*”
    “*Sway*”
    “*Speed Test*”
    “*Dolby*”
    “*Office*”
    “*Disney*”
    “clipchamp.clipchamp”
    “*gaming*”
    “MicrosoftCorporationII.MicrosoftFamily”
    #Optional: Typically not removed but you can if you need to for some reason
    #”*Microsoft.Advertising.Xaml_10.1712.5.0_x64__8wekyb3d8bbwe*”
    #”*Microsoft.Advertising.Xaml_10.1712.5.0_x86__8wekyb3d8bbwe*”
    #”*Microsoft.BingWeather*”
    #”*Microsoft.MSPaint*”
    #”*Microsoft.MicrosoftStickyNotes*”
    #”*Microsoft.Windows.Photos*”
    #”*Microsoft.WindowsCalculator*”
    #”*Microsoft.WindowsStore*”
    #”Microsoft.MicrosoftSolitaireCollection”
    #”Microsoft.Whiteboard”
    #”Microsoft.WindowsAlarms”
    #”Microsoft.WindowsCamera”
    #”Microsoft.Office.Lens”
    #”Microsoft.Print3D”
    #”Microsoft.RemoteDesktop”

    )
    foreach ($Bloat in $Bloatware) {

    Get-AppxPackage -allusers -Name $Bloat| Remove-AppxPackage -AllUsers
    Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $Bloat | Remove-AppxProvisionedPackage -Online
    Write-Host “Trying to remove $Bloat.”
    }

    ############################################################################################################
    # Remove Registry Keys #
    # #
    ############################################################################################################

    ##We need to grab all SIDs to remove at user level
    $UserSIDs = Get-ChildItem “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList” | Select-Object -ExpandProperty PSChildName

    #These are the registry keys that it will delete.

    $Keys = @(

    #Remove Background Tasks
    “HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\46928bounde.EclipseManager_2.2.4.51_neutral__a5h4egax66k6y”
    “HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0”
    “HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe”
    “HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy”
    “HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy”
    “HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy”

    #Windows File
    “HKCR:\Extensions\ContractId\Windows.File\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0”

    #Registry keys to delete if they aren’t uninstalled by RemoveAppXPackage/RemoveAppXProvisionedPackage
    “HKCR:\Extensions\ContractId\Windows.Launch\PackageId\46928bounde.EclipseManager_2.2.4.51_neutral__a5h4egax66k6y”
    “HKCR:\Extensions\ContractId\Windows.Launch\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0”
    “HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy”
    “HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy”
    “HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy”

    #Scheduled Tasks to delete
    “HKCR:\Extensions\ContractId\Windows.PreInstalledConfigTask\PackageId\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe”

    #Windows Protocol Keys
    “HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0”
    “HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy”
    “HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy”
    “HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy”

    #Windows Share Target
    “HKCR:\Extensions\ContractId\Windows.ShareTarget\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0”
    )

    #This writes the output of each key it is removing and also removes the keys listed above.
    ForEach ($Key in $Keys) {
    Write-Host “Removing $Key from registry”
    Remove-Item $Key -Recurse
    }

    #Disables Windows Feedback Experience
    Write-Host “Disabling Windows Feedback Experience program”
    $Advertising = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo”
    If (!(Test-Path $Advertising)) {
    New-Item $Advertising
    }
    If (Test-Path $Advertising) {
    Set-ItemProperty $Advertising Enabled -Value 0
    }

    #Stops Cortana from being used as part of your Windows Search Function
    Write-Host “Stopping Cortana from being used as part of your Windows Search Function”
    $Search = “HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search”
    If (!(Test-Path $Search)) {
    New-Item $Search
    }
    If (Test-Path $Search) {
    Set-ItemProperty $Search AllowCortana -Value 0
    }

    #Disables Web Search in Start Menu
    Write-Host “Disabling Bing Search in Start Menu”
    $WebSearch = “HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search”
    If (!(Test-Path $WebSearch)) {
    New-Item $WebSearch
    }
    Set-ItemProperty $WebSearch DisableWebSearch -Value 1
    ##Loop through all user SIDs in the registry and disable Bing Search
    foreach ($sid in $UserSIDs) {
    $WebSearch = “HKU:\$sid\SOFTWARE\Microsoft\Windows\CurrentVersion\Search”
    If (!(Test-Path $WebSearch)) {
    New-Item $WebSearch
    }
    Set-ItemProperty $WebSearch BingSearchEnabled -Value 0
    }

    Set-ItemProperty “HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search” BingSearchEnabled -Value 0

    #Stops the Windows Feedback Experience from sending anonymous data
    Write-Host “Stopping the Windows Feedback Experience program”
    $Period = “HKCU:\Software\Microsoft\Siuf\Rules”
    If (!(Test-Path $Period)) {
    New-Item $Period
    }
    Set-ItemProperty $Period PeriodInNanoSeconds -Value 0

    ##Loop and do the same
    foreach ($sid in $UserSIDs) {
    $Period = “HKU:\$sid\Software\Microsoft\Siuf\Rules”
    If (!(Test-Path $Period)) {
    New-Item $Period
    }
    Set-ItemProperty $Period PeriodInNanoSeconds -Value 0
    }

    #Prevents bloatware applications from returning and removes Start Menu suggestions
    Write-Host “Adding Registry key to prevent bloatware apps from returning”
    $registryPath = “HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent”
    $registryOEM = “HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager”
    If (!(Test-Path $registryPath)) {
    New-Item $registryPath
    }
    Set-ItemProperty $registryPath DisableWindowsConsumerFeatures -Value 1

    If (!(Test-Path $registryOEM)) {
    New-Item $registryOEM
    }
    Set-ItemProperty $registryOEM ContentDeliveryAllowed -Value 0
    Set-ItemProperty $registryOEM OemPreInstalledAppsEnabled -Value 0
    Set-ItemProperty $registryOEM PreInstalledAppsEnabled -Value 0
    Set-ItemProperty $registryOEM PreInstalledAppsEverEnabled -Value 0
    Set-ItemProperty $registryOEM SilentInstalledAppsEnabled -Value 0
    Set-ItemProperty $registryOEM SystemPaneSuggestionsEnabled -Value 0

    ##Loop through users and do the same
    foreach ($sid in $UserSIDs) {
    $registryOEM = “HKU:\$sid\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager”
    If (!(Test-Path $registryOEM)) {
    New-Item $registryOEM
    }
    Set-ItemProperty $registryOEM ContentDeliveryAllowed -Value 0
    Set-ItemProperty $registryOEM OemPreInstalledAppsEnabled -Value 0
    Set-ItemProperty $registryOEM PreInstalledAppsEnabled -Value 0
    Set-ItemProperty $registryOEM PreInstalledAppsEverEnabled -Value 0
    Set-ItemProperty $registryOEM SilentInstalledAppsEnabled -Value 0
    Set-ItemProperty $registryOEM SystemPaneSuggestionsEnabled -Value 0
    }

    #Preping mixed Reality Portal for removal
    #Write-Host “Setting Mixed Reality Portal value to 0 so that you can uninstall it in Settings”
    #$Holo = “HKCU:\Software\Microsoft\Windows\CurrentVersion\Holographic”
    #If (Test-Path $Holo) {
    # Set-ItemProperty $Holo FirstRunSucceeded -Value 0
    # }

    ##Loop through users and do the same
    # foreach ($sid in $UserSIDs) {
    # $Holo = “HKU:\$sid\Software\Microsoft\Windows\CurrentVersion\Holographic”
    # If (Test-Path $Holo) {
    # Set-ItemProperty $Holo FirstRunSucceeded -Value 0
    # }
    # }

    #Disables Wi-fi Sense
    Write-Host “Disabling Wi-Fi Sense”
    $WifiSense1 = “HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting”
    $WifiSense2 = “HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots”
    $WifiSense3 = “HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config”
    If (!(Test-Path $WifiSense1)) {
    New-Item $WifiSense1
    }
    Set-ItemProperty $WifiSense1 Value -Value 0
    If (!(Test-Path $WifiSense2)) {
    New-Item $WifiSense2
    }
    Set-ItemProperty $WifiSense2 Value -Value 0
    Set-ItemProperty $WifiSense3 AutoConnectAllowedOEM -Value 0

    #Disables live tiles
    Write-Host “Disabling live tiles”
    $Live = “HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications”
    If (!(Test-Path $Live)) {
    New-Item $Live
    }
    Set-ItemProperty $Live NoTileApplicationNotification -Value 1

    ##Loop through users and do the same
    foreach ($sid in $UserSIDs) {
    $Live = “HKU:\$sid\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications”
    If (!(Test-Path $Live)) {
    New-Item $Live
    }
    Set-ItemProperty $Live NoTileApplicationNotification -Value 1
    }

    #Turns off Data Collection via the AllowTelemtry key by changing it to 0
    # This is needed for Intune reporting to work, uncomment if using via other method
    #Write-Host “Turning off Data Collection”
    #$DataCollection1 = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection”
    #$DataCollection2 = “HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection”
    #$DataCollection3 = “HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection”
    #If (Test-Path $DataCollection1) {
    # Set-ItemProperty $DataCollection1 AllowTelemetry -Value 0
    #}
    #If (Test-Path $DataCollection2) {
    # Set-ItemProperty $DataCollection2 AllowTelemetry -Value 0
    #}
    #If (Test-Path $DataCollection3) {
    # Set-ItemProperty $DataCollection3 AllowTelemetry -Value 0
    #}

    ###Enable location tracking for “find my device”, uncomment if you don’t need it

    #Disabling Location Tracking
    #Write-Host “Disabling Location Tracking”
    #$SensorState = “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}”
    #$LocationConfig = “HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration”
    #If (!(Test-Path $SensorState)) {
    # New-Item $SensorState
    #}
    #Set-ItemProperty $SensorState SensorPermissionState -Value 0
    #If (!(Test-Path $LocationConfig)) {
    # New-Item $LocationConfig
    #}
    #Set-ItemProperty $LocationConfig Status -Value 0

    #Disables People icon on Taskbar
    Write-Host “Disabling People icon on Taskbar”
    $People = ‘HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People’
    If (Test-Path $People) {
    Set-ItemProperty $People -Name PeopleBand -Value 0
    }

    ##Loop through users and do the same
    foreach ($sid in $UserSIDs) {
    $People = “HKU:\$sid\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People”
    If (Test-Path $People) {
    Set-ItemProperty $People -Name PeopleBand -Value 0
    }
    }

    Write-Host “Disabling Cortana”
    $Cortana1 = “HKCU:\SOFTWARE\Microsoft\Personalization\Settings”
    $Cortana2 = “HKCU:\SOFTWARE\Microsoft\InputPersonalization”
    $Cortana3 = “HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore”
    If (!(Test-Path $Cortana1)) {
    New-Item $Cortana1
    }
    Set-ItemProperty $Cortana1 AcceptedPrivacyPolicy -Value 0
    If (!(Test-Path $Cortana2)) {
    New-Item $Cortana2
    }
    Set-ItemProperty $Cortana2 RestrictImplicitTextCollection -Value 1
    Set-ItemProperty $Cortana2 RestrictImplicitInkCollection -Value 1
    If (!(Test-Path $Cortana3)) {
    New-Item $Cortana3
    }
    Set-ItemProperty $Cortana3 HarvestContacts -Value 0

    ##Loop through users and do the same
    foreach ($sid in $UserSIDs) {
    $Cortana1 = “HKU:\$sid\SOFTWARE\Microsoft\Personalization\Settings”
    $Cortana2 = “HKU:\$sid\SOFTWARE\Microsoft\InputPersonalization”
    $Cortana3 = “HKU:\$sid\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore”
    If (!(Test-Path $Cortana1)) {
    New-Item $Cortana1
    }
    Set-ItemProperty $Cortana1 AcceptedPrivacyPolicy -Value 0
    If (!(Test-Path $Cortana2)) {
    New-Item $Cortana2
    }
    Set-ItemProperty $Cortana2 RestrictImplicitTextCollection -Value 1
    Set-ItemProperty $Cortana2 RestrictImplicitInkCollection -Value 1
    If (!(Test-Path $Cortana3)) {
    New-Item $Cortana3
    }
    Set-ItemProperty $Cortana3 HarvestContacts -Value 0
    }

    #Removes 3D Objects from the ‘My Computer’ submenu in explorer
    Write-Host “Removing 3D Objects from explorer ‘My Computer’ submenu”
    $Objects32 = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}”
    $Objects64 = “HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}”
    If (Test-Path $Objects32) {
    Remove-Item $Objects32 -Recurse
    }
    If (Test-Path $Objects64) {
    Remove-Item $Objects64 -Recurse
    }

    ##Removes the Microsoft Feeds from displaying
    $registryPath = “HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds”
    $Name = “EnableFeeds”
    $value = “0”

    if (!(Test-Path $registryPath)) {
    New-Item -Path $registryPath -Force | Out-Null
    New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
    }

    else {
    New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
    }

    ############################################################################################################
    # Remove Scheduled Tasks #
    # #
    ############################################################################################################

    #Disables scheduled tasks that are considered unnecessary
    Write-Host “Disabling scheduled tasks”
    $task1 = Get-ScheduledTask -TaskName XblGameSaveTaskLogon -ErrorAction SilentlyContinue
    if ($null -ne $task1) {
    Get-ScheduledTask XblGameSaveTaskLogon | Disable-ScheduledTask -ErrorAction SilentlyContinue
    }
    $task2 = Get-ScheduledTask -TaskName XblGameSaveTask -ErrorAction SilentlyContinue
    if ($null -ne $task2) {
    Get-ScheduledTask XblGameSaveTask | Disable-ScheduledTask -ErrorAction SilentlyContinue
    }
    $task3 = Get-ScheduledTask -TaskName Consolidator -ErrorAction SilentlyContinue
    if ($null -ne $task3) {
    Get-ScheduledTask Consolidator | Disable-ScheduledTask -ErrorAction SilentlyContinue
    }
    $task4 = Get-ScheduledTask -TaskName UsbCeip -ErrorAction SilentlyContinue
    if ($null -ne $task4) {
    Get-ScheduledTask UsbCeip | Disable-ScheduledTask -ErrorAction SilentlyContinue
    }
    $task5 = Get-ScheduledTask -TaskName DmClient -ErrorAction SilentlyContinue
    if ($null -ne $task5) {
    Get-ScheduledTask DmClient | Disable-ScheduledTask -ErrorAction SilentlyContinue
    }
    $task6 = Get-ScheduledTask -TaskName DmClientOnScenarioDownload -ErrorAction SilentlyContinue
    if ($null -ne $task6) {
    Get-ScheduledTask DmClientOnScenarioDownload | Disable-ScheduledTask -ErrorAction SilentlyContinue
    }

    ############################################################################################################
    # Disable Services #
    # #
    ############################################################################################################
    ##Write-Host “Stopping and disabling Diagnostics Tracking Service”
    #Disabling the Diagnostics Tracking Service
    ##Stop-Service “DiagTrack”
    ##Set-Service “DiagTrack” -StartupType Disabled

    ############################################################################################################
    # Windows 11 Specific #
    # #
    ############################################################################################################
    #Windows 11 Customisations
    write-host “Removing Windows 11 Customisations”
    #Remove XBox Game Bar

    Get-AppxPackage -allusers Microsoft.XboxGamingOverlay | Remove-AppxPackage
    write-host “Removed Xbox Gaming Overlay”
    Get-AppxPackage -allusers Microsoft.XboxGameCallableUI | Remove-AppxPackage
    write-host “Removed Xbox Game Callable UI”

    #Remove Cortana
    Get-AppxPackage -allusers Microsoft.549981C3F5F10 | Remove-AppxPackage
    write-host “Removed Cortana”

    #Remove GetStarted
    Get-AppxPackage -allusers *getstarted* | Remove-AppxPackage
    write-host “Removed Get Started”

    #Remove Parental Controls
    Get-AppxPackage -allusers Microsoft.Windows.ParentalControls | Remove-AppxPackage
    write-host “Removed Parental Controls”

    #Remove Teams Chat
    $MSTeams = “MicrosoftTeams”

    $WinPackage = Get-AppxPackage -allusers | Where-Object {$_.Name -eq $MSTeams}
    $ProvisionedPackage = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $WinPackage }
    If ($null -ne $WinPackage)
    {
    Remove-AppxPackage -Package $WinPackage.PackageFullName
    }

    If ($null -ne $ProvisionedPackage)
    {
    Remove-AppxProvisionedPackage -online -Packagename $ProvisionedPackage.Packagename
    }

    ##Tweak reg permissions
    invoke-webrequest -uri “https://github.com/andrew-s-taylor/public/raw/main/De-Bloat/SetACL.exe” -outfile “C:\Windows\Temp\SetACL.exe”
    C:\Windows\Temp\SetACL.exe -on “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications” -ot reg -actn setowner -ownr “n:$everyone”
    C:\Windows\Temp\SetACL.exe -on “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications” -ot reg -actn ace -ace “n:$everyone;p:full”

    ##Stop it coming back
    $registryPath = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications”
    If (!(Test-Path $registryPath)) {
    New-Item $registryPath
    }
    Set-ItemProperty $registryPath ConfigureChatAutoInstall -Value 0

    ##Unpin it
    $registryPath = “HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Chat”
    If (!(Test-Path $registryPath)) {
    New-Item $registryPath
    }
    Set-ItemProperty $registryPath “ChatIcon” -Value 2
    write-host “Removed Teams Chat”
    ############################################################################################################
    # Windows Backup App #
    # #
    ############################################################################################################
    $version = Get-WMIObject win32_operatingsystem | Select-Object Caption
    if ($version.Caption -like “*Windows 10*”) {
    write-host “Removing Windows Backup”
    $filepath = “C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackup\Assets”
    if (Test-Path $filepath) {
    Remove-WindowsPackage -Online -PackageName “Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.19041.3393”
    }
    write-host “Removed”
    }

    ############################################################################################################
    # Clear Start Menu #
    # #
    ############################################################################################################
    write-host “Clearing Start Menu”
    #Delete layout file if it already exists

    ##Check windows version
    $version = Get-WMIObject win32_operatingsystem | Select-Object Caption
    if ($version.Caption -like “*Windows 10*”) {
    write-host “Windows 10 Detected”
    write-host “Removing Current Layout”
    If(Test-Path C:\Windows\StartLayout.xml)

    {

    Remove-Item C:\Windows\StartLayout.xml

    }
    write-host “Creating Default Layout”
    #Creates the blank layout file

    Write-Output “” >> C:\Windows\StartLayout.xml

    Write-Output ” ” >> C:\Windows\StartLayout.xml

    Write-Output ” ” >> C:\Windows\StartLayout.xml

    Write-Output ” ” >> C:\Windows\StartLayout.xml

    Write-Output ” ” >> C:\Windows\StartLayout.xml

    Write-Output ” ” >> C:\Windows\StartLayout.xml

    Write-Output ” ” >> C:\Windows\StartLayout.xml

    Write-Output “” >> C:\Windows\StartLayout.xml
    }
    if ($version.Caption -like “*Windows 11*”) {
    write-host “Windows 11 Detected”
    write-host “Removing Current Layout”
    If(Test-Path “C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml”)

    {

    Remove-Item “C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml”

    }

    $blankjson = @’
    {
    “pinnedList”: [
    { “desktopAppId”: “MSEdge” },
    { “packagedAppId”: “Microsoft.WindowsStore_8wekyb3d8bbwe!App” },
    { “packagedAppId”: “desktopAppId”:”Microsoft.Windows.Explorer” }
    ]
    }
    ‘@

    $blankjson | Out-File “C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml” -Encoding utf8 -Force
    }

    ############################################################################################################
    # Remove Xbox Gaming #
    # #
    ############################################################################################################

    New-ItemProperty -Path “HKLM:\System\CurrentControlSet\Services\xbgm” -Name “Start” -PropertyType DWORD -Value 4 -Force
    Set-Service -Name XblAuthManager -StartupType Disabled
    Set-Service -Name XblGameSave -StartupType Disabled
    Set-Service -Name XboxGipSvc -StartupType Disabled
    Set-Service -Name XboxNetApiSvc -StartupType Disabled
    $task = Get-ScheduledTask -TaskName “Microsoft\XblGameSave\XblGameSaveTask” -ErrorAction SilentlyContinue
    if ($null -ne $task) {
    Set-ScheduledTask -TaskPath $task.TaskPath -Enabled $false
    }

    ##Check if GamePresenceWriter.exe exists
    if (Test-Path “$env:WinDir\System32\GameBarPresenceWriter.exe”) {
    write-host “GamePresenceWriter.exe exists”
    C:\Windows\Temp\SetACL.exe -on “$env:WinDir\System32\GameBarPresenceWriter.exe” -ot file -actn setowner -ownr “n:$everyone”
    C:\Windows\Temp\SetACL.exe -on “$env:WinDir\System32\GameBarPresenceWriter.exe” -ot file -actn ace -ace “n:$everyone;p:full”

    #Take-Ownership -Path “$env:WinDir\System32\GameBarPresenceWriter.exe”
    $NewAcl = Get-Acl -Path “$env:WinDir\System32\GameBarPresenceWriter.exe”
    # Set properties
    $identity = “$builtin\Administrators”
    $fileSystemRights = “FullControl”
    $type = “Allow”
    # Create new rule
    $fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $type
    $fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
    # Apply new rule
    $NewAcl.SetAccessRule($fileSystemAccessRule)
    Set-Acl -Path “$env:WinDir\System32\GameBarPresenceWriter.exe” -AclObject $NewAcl
    Stop-Process -Name “GameBarPresenceWriter.exe” -Force
    Remove-Item “$env:WinDir\System32\GameBarPresenceWriter.exe” -Force -Confirm:$false

    }
    else {
    write-host “GamePresenceWriter.exe does not exist”
    }

    New-ItemProperty -Path “HKLM:\Software\Policies\Microsoft\Windows\GameDVR” -Name “AllowgameDVR” -PropertyType DWORD -Value 0 -Force
    New-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer” -Name “SettingsPageVisibility” -PropertyType String -Value “hide:gaming-gamebar;gaming-gamedvr;gaming-broadcasting;gaming-gamemode;gaming-xboxnetworking” -Force
    Remove-Item C:\Windows\Temp\SetACL.exe -recurse

    ############################################################################################################
    # Disable Edge Surf Game #
    # #
    ############################################################################################################
    $surf = “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge”
    If (!(Test-Path $surf)) {
    New-Item $surf
    }
    New-ItemProperty -Path $surf -Name ‘AllowSurfGame’ -Value 0 -PropertyType DWord

    ############################################################################################################
    # Remove Manufacturer Bloat #
    # #
    ############################################################################################################
    ##Check Manufacturer
    write-host “Detecting Manufacturer”
    $details = Get-CimInstance -ClassName Win32_ComputerSystem
    $manufacturer = $details.Manufacturer

    if ($manufacturer -like “*HP*”) {
    Write-Host “HP detected”
    #Remove HP bloat

    ##HP Specific
    $UninstallPrograms = @(
    “HP Client Security Manager”
    “HP Notifications”
    “HP Security Update Service”
    “HP System Default Settings”
    “HP Wolf Security”
    “HP Wolf Security Application Support for Sure Sense”
    “HP Wolf Security Application Support for Windows”
    “AD2F1837.HPPCHardwareDiagnosticsWindows”
    “AD2F1837.HPPowerManager”
    “AD2F1837.HPPrivacySettings”
    “AD2F1837.HPQuickDrop”
    “AD2F1837.HPSupportAssistant”
    “AD2F1837.HPSystemInformation”
    “AD2F1837.myHP”
    “RealtekSemiconductorCorp.HPAudioControl”,
    “HP Sure Recover”,
    “HP Sure Run Module”

    )

    $HPidentifier = “AD2F1837”

    $InstalledPackages = Get-AppxPackage -AllUsers | Where-Object {($UninstallPackages -contains $_.Name) -or ($_.Name -match “^$HPidentifier”)}

    $ProvisionedPackages = Get-AppxProvisionedPackage -Online | Where-Object {($UninstallPackages -contains $_.DisplayName) -or ($_.DisplayName -match “^$HPidentifier”)}

    $InstalledPrograms = Get-Package | Where-Object {$UninstallPrograms -contains $_.Name}

    # Remove provisioned packages first
    ForEach ($ProvPackage in $ProvisionedPackages) {

    Write-Host -Object “Attempting to remove provisioned package: [$($ProvPackage.DisplayName)]…”

    Try {
    $Null = Remove-AppxProvisionedPackage -PackageName $ProvPackage.PackageName -Online -ErrorAction Stop
    Write-Host -Object “Successfully removed provisioned package: [$($ProvPackage.DisplayName)]”
    }
    Catch {Write-Warning -Message “Failed to remove provisioned package: [$($ProvPackage.DisplayName)]”}
    }

    # Remove appx packages
    ForEach ($AppxPackage in $InstalledPackages) {

    Write-Host -Object “Attempting to remove Appx package: [$($AppxPackage.Name)]…”

    Try {
    $Null = Remove-AppxPackage -Package $AppxPackage.PackageFullName -AllUsers -ErrorAction Stop
    Write-Host -Object “Successfully removed Appx package: [$($AppxPackage.Name)]”
    }
    Catch {Write-Warning -Message “Failed to remove Appx package: [$($AppxPackage.Name)]”}
    }

    # Remove installed programs
    $InstalledPrograms | ForEach-Object {

    Write-Host -Object “Attempting to uninstall: [$($_.Name)]…”

    Try {
    $Null = $_ | Uninstall-Package -AllVersions -Force -ErrorAction Stop
    Write-Host -Object “Successfully uninstalled: [$($_.Name)]”
    }
    Catch {Write-Warning -Message “Failed to uninstall: [$($_.Name)]”}
    }

    #Remove HP Documentation
    $A = Start-Process -FilePath “C:\Program Files\HP\Documentation\Doc_uninstall.cmd” -Wait -passthru -NoNewWindow;$a.ExitCode

    ##Remove Standard HP apps via msiexec
    $InstalledPrograms | ForEach-Object {
    $appname = $_.Name
    Write-Host -Object “Attempting to uninstall: [$($_.Name)]…”

    Try {
    $Prod = Get-WMIObject -Classname Win32_Product | Where-Object Name -Match $appname
    $Prod.UnInstall()
    Write-Host -Object “Successfully uninstalled: [$($_.Name)]”
    }
    Catch {Write-Warning -Message “Failed to uninstall: [$($_.Name)]”}
    }

    ##Remove HP Connect Optimizer
    invoke-webrequest -uri “https://raw.githubusercontent.com/andrew-s-taylor/public/main/De-Bloat/HPConnOpt.iss” -outfile “C:\Windows\Temp\HPConnOpt.iss”

    &’C:\Program Files (x86)\InstallShield Installation Information\{6468C4A5-E47E-405F-B675-A70A70983EA6}\setup.exe’ @(‘-s’, ‘-f1C:\Windows\Temp\HPConnOpt.iss’)

    Write-Host “Removed HP bloat”
    }

    if ($manufacturer -like “*Dell*”) {
    Write-Host “Dell detected”
    #Remove Dell bloat

    ##Dell

    $UninstallPrograms = @(
    “Dell Optimizer”
    “Dell Power Manager”
    “DellOptimizerUI”
    “Dell SupportAssist”
    “Dell Optimizer Service”
    “DellInc.PartnerPromo”
    “DellInc.DellOptimizer”

    )

    $WhitelistedApps = @(
    “WavesAudio.MaxxAudioProforDell2019”
    “Dell – Extension*”
    “Dell, Inc. – Firmware*”
    “DellInc.DellCommandUpdate”
    “Dell.CommandUpdate”
    “Dell SupportAssist OS Recovery”
    )

    $InstalledPackages = Get-AppxPackage -AllUsers | Where-Object {(($_.Name -in $UninstallPrograms) -or ($_.Name -like “*Dell*”)) -and ($_.Name -NotMatch $WhitelistedApps)}
    Write-Host $UninstallPrograms
    $ProvisionedPackages = Get-AppxProvisionedPackage -Online | Where-Object {(($_.Name -in $UninstallPrograms) -or ($_.Name -like “*Dell*”)) -and ($_.Name -NotMatch $WhitelistedApps)}
    Write-host $ProvisionedPackages
    $InstalledPrograms = Get-Package | Where-Object {(($_.Name -in $UninstallPrograms) -or ($_.Name -like “*Dell*”)) -and ($_.Name -NotMatch $WhitelistedApps)}
    Write-host $InstalledPrograms
    # Remove provisioned packages first
    ForEach ($ProvPackage in $ProvisionedPackages) {

    Write-Host -Object “Attempting to remove provisioned package: [$($ProvPackage.DisplayName)]…”

    Try {
    $Null = Remove-AppxProvisionedPackage -PackageName $ProvPackage.PackageName -Online -ErrorAction Stop
    Write-Host -Object “Successfully removed provisioned package: [$($ProvPackage.DisplayName)]”
    }
    Catch {Write-Warning -Message “Failed to remove provisioned package: [$($ProvPackage.DisplayName)]”}
    }

    # Remove appx packages
    ForEach ($AppxPackage in $InstalledPackages) {

    Write-Host -Object “Attempting to remove Appx package: [$($AppxPackage.Name)]…”

    Try {
    $Null = Remove-AppxPackage -Package $AppxPackage.PackageFullName -AllUsers -ErrorAction Stop
    Write-Host -Object “Successfully removed Appx package: [$($AppxPackage.Name)]”
    }
    Catch {Write-Warning -Message “Failed to remove Appx package: [$($AppxPackage.Name)]”}
    }

    # Remove any bundled packages
    ForEach ($AppxPackage in $InstalledPackages) {

    Write-Host -Object “Attempting to remove Appx package: [$($AppxPackage.Name)]…”

    Try {
    $null = Get-AppxPackage -AllUsers -PackageTypeFilter Main, Bundle, Resource -Name $AppxPackage.Name | Remove-AppxPackage -AllUsers
    Write-Host -Object “Successfully removed Appx package: [$($AppxPackage.Name)]”
    }
    Catch {Write-Warning -Message “Failed to remove Appx package: [$($AppxPackage.Name)]”}
    }

    # Remove installed programs
    $InstalledPrograms | ForEach-Object {

    Write-Host -Object “Attempting to uninstall: [$($_.Name)]…”

    Try {
    $Null = $_ | Uninstall-Package -AllVersions -Force -ErrorAction Stop
    Write-Host -Object “Successfully uninstalled: [$($_.Name)]”
    }
    Catch {Write-Warning -Message “Failed to uninstall: [$($_.Name)]”}
    }

    }

    if ($manufacturer -like “Lenovo”) {
    Write-Host “Lenovo detected”

    #Remove HP bloat

    ##Lenovo Specific
    # Function to uninstall applications with .exe uninstall strings

    function UninstallApp {

    param (
    [string]$appName
    )

    # Get a list of installed applications from Programs and Features
    $installedApps = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*,
    HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
    Where-Object { $_.DisplayName -like “*$appName*” }

    # Loop through the list of installed applications and uninstall them

    foreach ($app in $installedApps) {
    $uninstallString = $app.UninstallString
    $displayName = $app.DisplayName
    Write-Host “Uninstalling: $displayName”
    Start-Process $uninstallString -ArgumentList “/VERYSILENT” -Wait
    Write-Host “Uninstalled: $displayName” -ForegroundColor Green
    }
    }

    ##Stop Running Processes

    $processnames = @(
    “SmartAppearanceSVC.exe”
    “UDClientService.exe”
    “ModuleCoreService.exe”
    “ProtectedModuleHost.exe”
    “*lenovo*”
    “FaceBeautify.exe”
    “McCSPServiceHost.exe”
    “mcapexe.exe”
    “MfeAVSvc.exe”
    “mcshield.exe”
    “Ammbkproc.exe”
    “AIMeetingManager.exe”
    “DADUpdater.exe”
    )

    foreach ($process in $processnames) {
    write-host “Stopping Process $process”
    Get-Process -Name $process | Stop-Process -Force
    write-host “Process $process Stopped”
    }

    $UninstallPrograms = @(
    “E046963F.AIMeetingManager”
    “E0469640.SmartAppearance”
    “MirametrixInc.GlancebyMirametrix”
    “E046963F.LenovoCompanion”
    “E0469640.LenovoUtility”
    )

    $InstalledPackages = Get-AppxPackage -AllUsers | Where-Object {(($_.Name -in $UninstallPrograms))}

    $ProvisionedPackages = Get-AppxProvisionedPackage -Online | Where-Object {(($_.Name -in $UninstallPrograms))}

    $InstalledPrograms = Get-Package | Where-Object {(($_.Name -in $UninstallPrograms))}
    # Remove provisioned packages first
    ForEach ($ProvPackage in $ProvisionedPackages) {

    Write-Host -Object “Attempting to remove provisioned package: [$($ProvPackage.DisplayName)]…”

    Try {
    $Null = Remove-AppxProvisionedPackage -PackageName $ProvPackage.PackageName -Online -ErrorAction Stop
    Write-Host -Object “Successfully removed provisioned package: [$($ProvPackage.DisplayName)]”
    }
    Catch {Write-Warning -Message “Failed to remove provisioned package: [$($ProvPackage.DisplayName)]”}
    }

    # Remove appx packages
    ForEach ($AppxPackage in $InstalledPackages) {

    Write-Host -Object “Attempting to remove Appx package: [$($AppxPackage.Name)]…”

    Try {
    $Null = Remove-AppxPackage -Package $AppxPackage.PackageFullName -AllUsers -ErrorAction Stop
    Write-Host -Object “Successfully removed Appx package: [$($AppxPackage.Name)]”
    }
    Catch {Write-Warning -Message “Failed to remove Appx package: [$($AppxPackage.Name)]”}
    }

    # Remove any bundled packages
    ForEach ($AppxPackage in $InstalledPackages) {

    Write-Host -Object “Attempting to remove Appx package: [$($AppxPackage.Name)]…”

    Try {
    $null = Get-AppxPackage -AllUsers -PackageTypeFilter Main, Bundle, Resource -Name $AppxPackage.Name | Remove-AppxPackage -AllUsers
    Write-Host -Object “Successfully removed Appx package: [$($AppxPackage.Name)]”
    }
    Catch {Write-Warning -Message “Failed to remove Appx package: [$($AppxPackage.Name)]”}
    }

    # Remove installed programs
    $InstalledPrograms | ForEach-Object {

    Write-Host -Object “Attempting to uninstall: [$($_.Name)]…”

    Try {
    $Null = $_ | Uninstall-Package -AllVersions -Force -ErrorAction Stop
    Write-Host -Object “Successfully uninstalled: [$($_.Name)]”
    }
    Catch {Write-Warning -Message “Failed to uninstall: [$($_.Name)]”}
    }

    # Get Lenovo Vantage service uninstall string to uninstall service
    $lvs = Get-ItemProperty “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*”, “HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*” | Where-Object DisplayName -eq “Lenovo Vantage Service”
    if (!([string]::IsNullOrEmpty($lvs.QuietUninstallString))) {
    $uninstall = “cmd /c ” + $lvs.QuietUninstallString
    Write-Host $uninstall
    Invoke-Expression $uninstall
    }

    # Uninstall Lenovo Smart
    UninstallApp -appName “Lenovo Smart”

    # Uninstall Ai Meeting Manager Service
    UninstallApp -appName “Ai Meeting Manager”

    # Uninstall ImController service
    ##Check if exists
    $path = “c:\windows\system32\ImController.InfInstaller.exe”
    if (Test-Path $path) {
    Write-Host “ImController.InfInstaller.exe exists”
    $uninstall = “cmd /c ” + $path + ” -uninstall”
    Write-Host $uninstall
    Invoke-Expression $uninstall
    }
    else {
    Write-Host “ImController.InfInstaller.exe does not exist”
    }
    ##Invoke-Expression -Command ‘cmd.exe /c “c:\windows\system32\ImController.InfInstaller.exe” -uninstall’

    # Remove vantage associated registry keys
    Remove-Item ‘HKLM:\SOFTWARE\Policies\Lenovo\E046963F.LenovoCompanion_k1h2ywk1493x8’ -Recurse -ErrorAction SilentlyContinue
    Remove-Item ‘HKLM:\SOFTWARE\Policies\Lenovo\ImController’ -Recurse -ErrorAction SilentlyContinue
    Remove-Item ‘HKLM:\SOFTWARE\Policies\Lenovo\Lenovo Vantage’ -Recurse -ErrorAction SilentlyContinue
    Remove-Item ‘HKLM:\SOFTWARE\Policies\Lenovo\Commercial Vantage’ -Recurse -ErrorAction SilentlyContinue

    # Uninstall AI Meeting Manager Service
    $path = ‘C:\Program Files\Lenovo\Ai Meeting Manager Service\unins000.exe’
    $params = “/SILENT”

    Start-Process -FilePath $path -ArgumentList $params -Wait

    # Uninstall Lenovo Vantage
    $path = ‘C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\Uninstall.exe’
    $params = ‘/SILENT’
    Start-Process -FilePath $path -ArgumentList $params -Wait

    ##Uninstall Smart Appearance
    $path = ‘C:\Program Files\Lenovo\Lenovo Smart Appearance Components\unins000.exe’
    $params = ‘/SILENT’
    Start-Process -FilePath $path -ArgumentList $params -Wait

    # Remove Lenovo Now
    Set-Location “c:\program files (x86)\lenovo\lenovowelcome\x86”

    # Update $PSScriptRoot with the new working directory
    $PSScriptRoot = (Get-Item -Path “.\”).FullName
    invoke-expression -command .\uninstall.ps1

    Write-Host “All applications and associated Lenovo components have been uninstalled.” -ForegroundColor Green
    }

    ############################################################################################################
    # Remove Any other installed crap #
    # #
    ############################################################################################################

    #McAfee

    write-host “Detecting McAfee”
    $mcafeeinstalled = “false”
    $InstalledSoftware = Get-ChildItem “HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall”
    foreach($obj in $InstalledSoftware){
    $name = $obj.GetValue(‘DisplayName’)
    if ($name -like “*McAfee*”) {
    $mcafeeinstalled = “true”
    }
    }

    $InstalledSoftware32 = Get-ChildItem “HKLM:\Software\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall”
    foreach($obj32 in $InstalledSoftware32){
    $name32 = $obj32.GetValue(‘DisplayName’)
    if ($name32 -like “*McAfee*”) {
    $mcafeeinstalled = “true”
    }
    }

    if ($mcafeeinstalled -eq “true”) {
    Write-Host “McAfee detected”
    #Remove McAfee bloat
    ##McAfee
    ### Download McAfee Consumer Product Removal Tool ###
    write-host “Downloading McAfee Removal Tool”
    # Download Source
    $URL = ‘https://github.com/andrew-s-taylor/public/raw/main/De-Bloat/mcafeeclean.zip’

    # Set Save Directory
    $destination = ‘C:\ProgramData\Debloat\mcafee.zip’

    #Download the file
    Invoke-WebRequest -Uri $URL -OutFile $destination -Method Get

    Expand-Archive $destination -DestinationPath “C:\ProgramData\Debloat” -Force

    write-host “Removing McAfee”
    # Automate Removal and kill services
    start-process “C:\ProgramData\Debloat\Mccleanup.exe” -ArgumentList “-p StopServices,MFSY,PEF,MXD,CSP,Sustainability,MOCP,MFP,APPSTATS,Auth,EMproxy,FWdiver,HW,MAS,MAT,MBK,MCPR,McProxy,McSvcHost,VUL,MHN,MNA,MOBK,MPFP,MPFPCU,MPS,SHRED,MPSCU,MQC,MQCCU,MSAD,MSHR,MSK,MSKCU,MWL,NMC,RedirSvc,VS,REMEDIATION,MSC,YAP,TRUEKEY,LAM,PCB,Symlink,SafeConnect,MGS,WMIRemover,RESIDUE -v -s”
    write-host “McAfee Removal Tool has been run”

    }

    ##Look for anything else

    ##Make sure Intune hasn’t installed anything so we don’t remove installed apps

    $intunepath = “HKLM:\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps”
    $intunecomplete = @(Get-ChildItem $intunepath).count
    if ($intunecomplete -eq 0) {

    ##Apps to ignore – NOTE: Chrome has an unusual uninstall so sort on it’s own
    $whitelistapps = @(
    “Microsoft Update Health Tools”
    “Microsoft Intune Management Extension”
    “Microsoft Edge”
    “Microsoft Edge Update”
    “Microsoft Edge WebView2 Runtime”
    “Google Chrome”
    “Microsoft Teams”
    “Teams Machine-Wide Installer”
    )

    $InstalledSoftware = Get-ChildItem “HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall”
    foreach($obj in $InstalledSoftware){
    $name = $obj.GetValue(‘DisplayName’)
    if (($whitelistapps -notcontains $name) -and ($null -ne $obj.GetValue(‘UninstallString’))) {
    $uninstallcommand = $obj.GetValue(‘UninstallString’)
    write-host “Uninstalling $name”
    if ($uninstallcommand -like “*msiexec*”) {
    $splitcommand = $uninstallcommand.Split(“{“)
    $msicode = $splitcommand[1]
    $uninstallapp = “msiexec.exe /X {$msicode /qn”
    start-process “cmd.exe” -ArgumentList “/c $uninstallapp”
    }
    else {
    $splitcommand = $uninstallcommand.Split(“{“)

    $uninstallapp = “$uninstallcommand /S”
    start-process “cmd.exe” -ArgumentList “/c $uninstallapp”
    }
    }

    }

    $InstalledSoftware32 = Get-ChildItem “HKLM:\Software\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall”
    foreach($obj32 in $InstalledSoftware32){
    $name32 = $obj32.GetValue(‘DisplayName’)
    if (($whitelistapps -notcontains $name32) -and ($null -ne $obj32.GetValue(‘UninstallString’))) {
    $uninstallcommand32 = $obj.GetValue(‘UninstallString’)
    write-host “Uninstalling $name”
    if ($uninstallcommand32 -like “*msiexec*”) {
    $splitcommand = $uninstallcommand32.Split(“{“)
    $msicode = $splitcommand[1]
    $uninstallapp = “msiexec.exe /X {$msicode /qn”
    start-process “cmd.exe” -ArgumentList “/c $uninstallapp”
    }
    else {
    $splitcommand = $uninstallcommand32.Split(“{“)

    $uninstallapp = “$uninstallcommand /S”
    start-process “cmd.exe” -ArgumentList “/c $uninstallapp”
    }
    }
    }

    ##Remove Chrome
    $chrome32path = “HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome”

    if ($null -ne $chrome32path) {

    $versions = (Get-ItemProperty -path ‘HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome’).version
    ForEach ($version in $versions) {
    write-host “Found Chrome version $version”
    $directory = ${env:ProgramFiles(x86)}
    write-host “Removing Chrome”
    Start-Process “$directory\Google\Chrome\Application\$version\Installer\setup.exe” -argumentlist “–uninstall –multi-install –chrome –system-level –force-uninstall”
    }

    }

    $chromepath = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome”

    if ($null -ne $chromepath) {

    $versions = (Get-ItemProperty -path ‘HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome’).version
    ForEach ($version in $versions) {
    write-host “Found Chrome version $version”
    $directory = ${env:ProgramFiles}
    write-host “Removing Chrome”
    Start-Process “$directory\Google\Chrome\Application\$version\Installer\setup.exe” -argumentlist “–uninstall –multi-install –chrome –system-level –force-uninstall”
    }

    }

    }

    write-host “Completed”

    Stop-Transcript

    Reply
  61. Name Version Source ProviderName
    —- ——- —— ————
    Office 16 Click-to-Run Extensibility Component 16.0.16130.20218 msi
    Office 16 Click-to-Run Localization Component 16.0.16130.20218 msi
    Office 16 Click-to-Run Licensing Component 16.0.16327.20264 msi
    Microsoft Visual C++ 2022 X64 Additional Runtime – 14.34.31931 14.34.31931 msi
    Dell SupportAssist 3.14.1.14 C:\Program Files\Dell\SupportAssistAgent\ msi
    Dell Optimizer 4.1.206.0 C:\Program Files\Dell\DellOptimizer\ msi
    Microsoft Intune Management Extension 1.71.111.0 msi
    Dell Digital Delivery Services 5.0.82.0 C:\Program Files (x86)\Dell Digital Delivery Services\ msi
    Dell Command | Update for Windows Universal 4.8.0 C:\Program Files\Dell\CommandUpdate\ msi
    Dell Core Services 1.2.342.3 C:\Program Files\Dell\ msi
    Microsoft .NET Host – 6.0.18 (x64) 48.75.61559 msi
    Microsoft .NET Runtime – 6.0.18 (x64) 48.75.61559 msi
    PaperCut Print Deploy Client 1.7.1670 msi
    Dell SupportAssist OS Recovery Plugin for Dell Update 5.5.7.18775 C:\Program Files\Dell\SARemediation\plugin\ msi
    Dell SupportAssist OS Recovery Plugin for Dell Update 5.5.7.18775 Programs
    Dell SupportAssist Remediation 5.5.7.18775 C:\Program Files\Dell\SARemediation\agent\ msi
    Dell SupportAssist Remediation 5.5.7.18775 Programs
    Microsoft Visual C++ 2022 X64 Minimum Runtime – 14.34.31931 14.34.31931 msi
    DellOptimizerUI 4.1.206.0 C:\Program Files (x86)\Dell\DellOptimizer\ msi
    Dell Trusted Device Agent 5.4.164.0 c:\Program Files\Dell\TrustedDevice\ msi
    Microsoft Windows Desktop Runtime – 6.0.18 (x64) 48.75.61602 msi
    Microsoft Windows Desktop Runtime – 6.0.18 (x64) 6.0.18.32522 Programs
    Microsoft .NET Host FX Resolver – 6.0.18 (x64) 48.75.61559 msi
    Dell Display Manager 2.1 2.1.1.21 Programs
    Dell Peripheral Manager 1.6.7 Programs
    Microsoft 365 – en-us 16.0.16327.20264 Programs
    Microsoft 365 – es-es 16.0.16327.20264 Programs
    Microsoft 365 – fr-fr 16.0.16327.20264 Programs
    Microsoft 365 – pt-br 16.0.16327.20264 Programs
    Microsoft OneNote – en-us 16.0.16327.20264 Programs
    Microsoft OneNote – es-es 16.0.16327.20264 Programs
    Microsoft OneNote – fr-fr 16.0.16327.20264 Programs
    Microsoft OneNote – pt-br 16.0.16327.20264 Programs
    Microsoft OneDrive 23.189.0910.0001 Programs
    Microsoft Edge 117.0.2045.55 Programs
    Microsoft Edge Update 1.3.177.11 Programs
    Microsoft Edge WebView2 Runtime 117.0.2045.55 Programs
    Dell Optimizer Core 4.1.206.0 Programs
    Dell Watchdog Timer 1.2.1.0 Programs
    Microsoft Visual C++ 2015-2022 Redistributable (x64) – 14.34.31931 14.34.31931.0 Programs
    9NBLGGH51CLL-Microsoft.Services.Store.Engagement msu
    9P5VK8KZB5QZ-Microsoft.UI.Xaml.2.7 msu
    2023-09 Mise à jour pour Windows 11 Version 22H2 sur systèmes x64 (KB5031274) msu
    2023-09 Mise à jour pour Windows 11 Version 22H2 sur systèmes x64 (KB5030323) msu

    Reply
  62. Thanks, i’ll try it. Two other questions:

    1- if I want to add Minecraft to the whitelist, how should I write it? In your script, it is written as #”*Minecraft*”.

    2- It seems that when the script is executed on an Intune device, the screensaver or lock screen no longer appears after 15 minutes. I left it open yesterday, and this morning, it wasn’t locked (after 12 hours!) Thank you very much for your help!

    Reply
    • For 1 I would remove that from the bloat list, then run “get-appxpackage -allusers” on an elevated prompt to find the exact name of the one you want to keep (I’m guessing it’s the Edu version), then add that into the whitelist.

      There shouldn’t be anything to block the screensaver in there, could you have an Intune policy in place which is stopping it?

      Reply
  63. Hi,

    Does this remove office 365 that comes preinstalled with w11. We have some issues where our office 2019 std package fails due to it being preinstalled so i would really like for it to get removed.

    Thanks!

    /Jonas

    Reply
  64. Never mind, right click save as before loading into the script pulls it down as 387kb, if go into the file and save it that way, then 57kb. Was jumping the gun :p

    Reply
  65. HI Andrew,

    Many thanks for this wonderful tool. I was running an older version till now and no problems. However, since I’ve tried 3.0.5 and 3.0.6 I’m seeing Dell command update to continue showing. (it was supposed to be deleted) When I look a the logs I can see an error when Command update is being uninstalled. Is there anything I can do to fix this? or maybe you could point me in the right direction.

    Thanks in advance.

    Reply
    • Hi David,
      Can you try 3.0.7 and see if that works any better? It looks like the application has been renamed so it wasn’t picking it up.
      If that still fails, can you email me a copy of the logs and I’ll see what’s happening

      Reply
  66. thank you so much for the new version. While now I’m not getting any errors in the logs, I still see SupportAssit REcovery Assistant. Give me your email address and I’ll send you the logs

    Reply
  67. The script always uninstalls MS Teams for me which is installed in ESP. M365 was configured with XML and created via M365 App in Intune.

    Reply
  68. I’m getting the following in the log when the machine is not connected to VPN or on-Site network, I’m assuming this is the SID lookup.

    “The trust relationship between this workstation and the primary domain failed. (Exception from HRESULT: 0x800706FD)”

    Reply
  69. Andrew, you are awesome.
    If I want to adapt the script to maintain some apps, should I remove this function: Function Get-ScriptVersion()?
    By the way, I’ve tried it in HP devices and RealtekSemiconductorCorp.HPAudioControl wasn’t uninstalled.
    Thanks a lot.

    Reply
    • Hi,
      If you are using the removebloat script, you don’t need to remove anything. That will just alert, but won’t actually do anything.
      Can you send me the uninstall string for that one and I’ll get it fixed.

      Reply
  70. Name : RealtekSemiconductorCorp.HPAudioControl
    Publisher : CN=83564403-0B26-46B8-9D84-040F43691D31
    Architecture : X64
    ResourceId :
    Version : 2.39.280.0
    PackageFullName : RealtekSemiconductorCorp.HPAudioControl_2.39.280.0_x64__dt26b99r8h8gj
    InstallLocation : C:\Program
    Files\WindowsApps\realteksemiconductorcorp.hpaudiocontrol_2.39.280.0_x64__dt26b99r8h8gj
    IsFramework : False
    PackageFamilyName : RealtekSemiconductorCorp.HPAudioControl_dt26b99r8h8gj
    PublisherId : dt26b99r8h8gj

    Reply
  71. Hi, the script works great thanks! We’re removing bloat from our devices now, but we want to keep HP Support Assistant. I deleted HP Support Assistant from the ‘to be removed’ apps, but it’s still deleted after the script ran. Am I missing something here?

    Reply
  72. Hi Andrew,

    Thanks for the fantastic script. Should I run it as an app during the Autopilot process, or after as a device script? I’m curious if it impacts the setup speed during the OOBE process.

    Thanks!

    Reply
    • Hi,
      I normally run as a device script as the last section uninstalls anything detected which is not specifically listed, but only if Intune hasn’t started app deployment yet. As soon as the first app installs, it skips that section (in case it runs on existing devices)
      Depending on the machine, it shouldn’t add more than 2-3 minutes onto OOBE

      Reply
  73. Hey Andrew,
    I ran as a device script on a newly delivered Optiplex Micro w/W11Pro 22H2 in Autopilot and it worked like a champ, especially with all the Dell crap. However, it left a couple things installed that the log shows removed: “Cortana” – I was able to remove it with “Get-AppxPackage – allusers Microsoft.549981C3F5F10 | Remove AppxPackage” (which is the same in the script) and it removed with no errors…so I’m confused why that still showed up. “Get Started” – I do not find in Get-AppxPackage but still showing up on device; I cannot find any way to uninstall it. “Microsoft To Do” – the package name apparently changed to “Microsoft.Todos”; I was able to uninstall using the new name. Lastly, can you add “Microsoft.PowerAutomateDesktop” to the script? That’s a new one showing up.

    Thanks!

    Reply
  74. Great script. Truly the debloat to rule them all. We’re only experiencing one issue

    Even though I see nothing to indicate its removal in the log file, the script appears to remove the win+shift+B “MS-Screenclip” protocol handler for the snipping tool on Windows 10 22h2 devices. Reinstalling snipping tool, snip and sketch, etc, using the Store or add-appxpackage didn’t fix it. If you’d hit win+shift+b nothing would happen. If you opened snip and sketch and then clicked “new”, you’d get a pop-up prompting to find an app for “MS-screenclip” in the store, and we block the public store. After much head banging, we found this restored functionality:

    DISM /Online /Add-Capability /CapabilityName:Windows.Client.ShellComponents~~~~0.0.1.0

    Any ideas?

    Reply
    • It’s probably Windows Backup. To remove it I have to strip out an entire experience pack which probably includes ScreenClip.

      I’ve added your DISM command beneath the windows backup removal which should hopefully fix it (until MS release a proper removal for backup)

      Reply
  75. Hi Andrew.
    I am getting the Remote Desktop (mstsc) program removed. And we use it for connecting to a Microsoft Remotes desktop farm.
    Is it enough to remove “Microsoft.RemoteDesktop” from the “$bloatware” section?

    Reply
  76. Hi Andrew i see a lot of cmd boxes popup when running it locally will there be cmd box popup if ran through Intune as scripts ? can these boxes be suppressed i want to fully run the script silently

    also i see that outlook new and get started are not removed. may need to be added.

    Great work other than that love it.

    thanks

    Reply
    • Hi, you won’t see any popups in Intune, it will all run in the system context.
      Getting Started can’t be removed, it’s used by Intune for Organizational messages.
      Outlook new is a tricky one as it’s a requirement for M365 Copilot so I don’t want to remove that one here

      Reply
  77. Hi Andrew

    Thank you for this great Script!

    Is it possible that this script also sets a setting that apps which should manually (user or system context) are not installing or running?

    for example: Teamviewer QS is not starting when i download and run it… just nothing happens no task visible in Taskmanager.

    Regards

    Reply
  78. Hi,
    Since the last version of the script, we noticed that some services are not starting.
    Also, installing applications gives errors.
    I cannot find anything specific in the log file.

    Any ideas?

    Reply
  79. Hello,
    I’ve been using your script in production for a while now and it’s going very well.
    I used the 4.0.10 script update and added my customizations. Great additions, thanks.

    Suggestion to disable Copilot. Add the TurnOffWindowsCopilot key to the default profile in addition to the users already created, as your script already does.

    I use Windows 11 23H2 media. The script is applied during an SCCM OSD task sequence. The value TurnOffWindowsCopilot is present in HKLM, but Copilot is activated for all new users.

    Also, this strategy is not yet available in Intune’s Profile configuration.

    Reply
  80. I’m having to run this ad-hoc after software is installed and users are logged in as we didn’t remove bloatware during deployment for a while. What section do I need to comment out/delete to keep software installed?

    Reply
  81. Hi,

    so i like the script and running it manually works like a charm. i also tried using it via Intune as a device-Script. What is interesting is, that when the Device-Part of the Autopilot Enrollment is complete (Enrollment Status Page) i get an Admin-Prompt as soon as i enter my Login-Credentials.

    I used the following Settings for the Script:

    PowerShell script
    RemoveBloat.ps1
    Run this script using the logged on credentials: Yes <-Maybe this is wrong?
    Enforce script signature check: No
    Run script in 64 bit PowerShell Host: Yes

    Reply
  82. Hi I’m looking to run this now via Intune but unsure as to how it should run to newly created devices using autopilot and not affect existing devices. Also since you’ve signed the script does that mean on Intune we can select “Yes” on the option “Enforce script signature check
    “?
    Thanks

    Reply
    • Hi,
      It shouldn’t damage existing devices unless your users are using the bloated apps. There is logic to ignore anything win32 if the device has apps deployed. If you want to be extra careful, you could drop some logic at the top to only run if a user profile doesn’t exist for example.
      Yes, you should be able to enforce a signature check now as it is signed and time stamped

      Reply
      • Thanks for the quick reply. Would that remove bloatware from the existing users as well or for any new users only? The script I’ve configured to use is the debloat-intune-script.ps1 so I presume that logic won’t work unless I used the RemoveBloat.ps1 script?

        Reply
        • It would remove for existing users as well as new users, most of the script is at the system level.
          Yes, you would need to add the logic into the script deployed into Intune (and remove the signed bit as the cert won’t be valid).
          Two other options:
          1) Deploy as a Win32 app with a custom requirement
          2) Create a new autopilot profile and a dynamic group based on the profile name and assign the script to that group

          Reply

Leave a Comment