Implemet changes in various PRs against origin

pyrrho · pyrrho · commit c58e26ef29b4 · 2025-04-21T18:48:34.000-04:00
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ You can now use it on ANY Windows 11 release (not just a specific build), as wel
 This is made possible thanks to the much-improved scripting capabilities of PowerShell, compared to the older Batch release.
 </br>
 Since it is written in PowerShell, you need to set the execution policy to  `Unrestricted`, so that you could run the script.
-If you haven't done this before, make sure to run `Set-ExecutionPolicy unrestricted` as administrator in PowerShell before running the script, otherwise it would just crash.
+If you haven't done this before, make sure to run `Set-ExecutionPolicy -Scope Process unrestricted` as administrator in PowerShell before running the script, otherwise it would just crash.
 
 
 This is a script created to automate the build of a streamlined Windows 11 image, similar to tiny11.
diff --git a/tiny11maker.ps1 b/tiny11maker.ps1
@@ -1,25 +1,28 @@
 # Enable debugging
-#Set-PSDebug -Trace 1
+# Set-PSDebug -Trace 1
 
 param (
-    [ValidatePattern('^[c-zC-Z]$')]
+    [ValidatePattern('^[c-zC-Z]:$')]
     [string]$ScratchDisk
 )
 
 if (-not $ScratchDisk) {
-    $ScratchDisk = $PSScriptRoot -replace '[\\]+$', ''
+    $ScratchDisk = ((Get-Location).Drive.Name) + ":"
 } else {
     $ScratchDisk = $ScratchDisk + ":"
 }
 
 Write-Output "Scratch disk set to $ScratchDisk"
 
-# Check if PowerShell execution is restricted
-if ((Get-ExecutionPolicy) -eq 'Restricted') {
-    Write-Host "Your current PowerShell Execution Policy is set to Restricted, which prevents scripts from running. Do you want to change it to RemoteSigned? (yes/no)"
+# Check if PowerShell execution is Restricted or AllSigned or Undefined
+$needchange = @("AllSigned", "Restricted", "Undefined")
+$curpolicy = Get-ExecutionPolicy
+if ($curpolicy -in $needchange) {
+    Write-Host "Your current PowerShell Execution Policy is set to $curpolicy, which prevents scripts from running. Do you want to change it to RemoteSigned? (yes/no)"
     $response = Read-Host
     if ($response -eq 'yes') {
         Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Confirm:$false
+        Set-ExecutionPolicy RemoteSigned -Scope Process -Confirm:$false
     } else {
         Write-Host "The script cannot be run without changing the execution policy. Exiting..."
         exit
@@ -32,8 +35,7 @@ $adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount])
 $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
 $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
 $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
-if (! $myWindowsPrincipal.IsInRole($adminRole))
-{
+if (! $myWindowsPrincipal.IsInRole($adminRole)) {
     Write-Host "Restarting Tiny11 image creator as admin in a new window, you can close this one."
     $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
     $newProcess.Arguments = $myInvocation.MyCommand.Definition;
@@ -42,10 +44,8 @@ if (! $myWindowsPrincipal.IsInRole($adminRole))
     exit
 }
 
-
-
 # Start the transcript and prepare the window
-Start-Transcript -Path "$ScratchDisk\tiny11.log" 
+Start-Transcript -Path "$ScratchDisk\tiny11.log"
 
 $Host.UI.RawUI.WindowTitle = "Tiny11 image creator"
 Clear-Host
@@ -87,19 +87,26 @@ Start-Sleep -Seconds 2
 Clear-Host
 Write-Host "Getting image information:"
 Get-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\install.wim
-$index = Read-Host "Please enter the image index"
+
+$index = Read-Host "Please enter the image index : "
+$ImagesIndex = (Get-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\install.wim).ImageIndex
+while ($ImagesIndex -notcontains $index) {
+    $index = Read-Host "Please enter a valide image index : "
+}
+
 Write-Host "Mounting Windows image. This may take a while."
 $wimFilePath = "$ScratchDisk\tiny11\sources\install.wim"
-& takeown "/F" $wimFilePath 
+& takeown "/F" $wimFilePath
 & icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)"
 try {
     Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false -ErrorAction Stop
 } catch {
     # This block will catch the error and suppress it.
 }
 New-Item -ItemType Directory -Force -Path "$ScratchDisk\scratchdir" > $null
-Mount-WindowsImage -ImagePath $ScratchDisk\tiny11\sources\install.wim -Index $index -Path $ScratchDisk\scratchdir
+Mount-WindowsImage -ImagePath $wimFilePath -Index $index -Path $ScratchDisk\scratchdir
 
+# Powershell dism module does not have direct equivalent for /Get-Intl
 $imageIntl = & dism /English /Get-Intl "/Image:$($ScratchDisk)\scratchdir"
 $languageLine = $imageIntl -split '\n' | Where-Object { $_ -match 'Default system UI language : ([a-zA-Z]{2}-[a-zA-Z]{2})' }
 
@@ -110,45 +117,71 @@ if ($languageLine) {
     Write-Host "Default system UI language code not found."
 }
 
-$imageInfo = & 'dism' '/English' '/Get-WimInfo' "/wimFile:$($ScratchDisk)\tiny11\sources\install.wim" "/index:$index"
-$lines = $imageInfo -split '\r?\n'
-
-foreach ($line in $lines) {
-    if ($line -like '*Architecture : *') {
-        $architecture = $line -replace 'Architecture : ',''
-        # If the architecture is x64, replace it with amd64
-        if ($architecture -eq 'x64') {
-            $architecture = 'amd64'
-        }
-        Write-Host "Architecture: $architecture"
-        break
-    }
+# Defined in (Microsoft.Dism.Commands.ImageInfoObject).Architecture formatting script
+# 0 -> x86, 5 -> arm(currently unused), 6 -> ia64(currently unused), 9 -> x64, 12 -> arm64
+switch ((Get-WindowsImage -ImagePath $wimFilePath -Index $index).Architecture)
+{
+    0 { $architecture = "x86" }
+    9 { $architecture = "amd64" }
+    12 { $architecture = "arm64" }
 }
 
 if (-not $architecture) {
+if ($architecture) {
+    Write-Host "Architecture: $architecture"
+} else {
     Write-Host "Architecture information not found."
 }
 
-Write-Host "Mounting complete! Performing removal of applications..."
+Write-Host "Mounting complete! Performing removal of applications...`n"
 
-$packages = & 'dism' '/English' "/image:$($ScratchDisk)\scratchdir" '/Get-ProvisionedAppxPackages' |
+$packages = Get-ProvisionedAppxPackage -Path "$ScratchDisk\scratchdir" |
     ForEach-Object {
-        if ($_ -match 'PackageName : (.*)') {
-            $matches[1]
-        }
+        $_.PackageName
     }
-$packagePrefixes = 'Clipchamp.Clipchamp_', 'Microsoft.BingNews_', 'Microsoft.BingWeather_', 'Microsoft.GamingApp_', 'Microsoft.GetHelp_', 'Microsoft.Getstarted_', 'Microsoft.MicrosoftOfficeHub_', 'Microsoft.MicrosoftSolitaireCollection_', 'Microsoft.People_', 'Microsoft.PowerAutomateDesktop_', 'Microsoft.Todos_', 'Microsoft.WindowsAlarms_', 'microsoft.windowscommunicationsapps_', 'Microsoft.WindowsFeedbackHub_', 'Microsoft.WindowsMaps_', 'Microsoft.WindowsSoundRecorder_', 'Microsoft.Xbox.TCUI_', 'Microsoft.XboxGamingOverlay_', 'Microsoft.XboxGameOverlay_', 'Microsoft.XboxSpeechToTextOverlay_', 'Microsoft.YourPhone_', 'Microsoft.ZuneMusic_', 'Microsoft.ZuneVideo_', 'MicrosoftCorporationII.MicrosoftFamily_', 'MicrosoftCorporationII.QuickAssist_', 'MicrosoftTeams_', 'Microsoft.549981C3F5F10_'
+
+$packagePrefixes =
+    'Clipchamp.Clipchamp_',
+    'Microsoft.BingNews_',
+    'Microsoft.BingSearch_',
+    'Microsoft.BingWeather_',
+    'Microsoft.GamingApp_',
+    'Microsoft.GetHelp_',
+    'Microsoft.Getstarted_',
+    'Microsoft.MicrosoftOfficeHub_',
+    'Microsoft.MicrosoftSolitaireCollection_',
+    'Microsoft.OutlookForWindows_',
+    'Microsoft.People_',
+    'Microsoft.MicrosoftStickyNotes_',
+    'Microsoft.Todos_',
+    'Microsoft.WindowsAlarms_',
+    'microsoft.windowscommunicationsapps_',
+    'Microsoft.WindowsFeedbackHub_',
+    'Microsoft.WindowsMaps_',
+    'Microsoft.WindowsSoundRecorder_',
+    'Microsoft.Xbox.TCUI_',
+    'Microsoft.XboxGameOverlay_',
+    'Microsoft.XboxGamingOverlay_',
+    'Microsoft.XboxSpeechToTextOverlay_',
+    'Microsoft.YourPhone_',
+    'Microsoft.ZuneMusic_',
+    'Microsoft.ZuneVideo_',
+    'MicrosoftCorporationII.MicrosoftFamily_',
+    'MicrosoftCorporationII.QuickAssist_',
+    'MicrosoftTeams_',
+    'Microsoft.549981C3F5F10_',
+    'MSTeams_'
 
 $packagesToRemove = $packages | Where-Object {
     $packageName = $_
     $packagePrefixes -contains ($packagePrefixes | Where-Object { $packageName -like "$_*" })
 }
 foreach ($package in $packagesToRemove) {
-    & 'dism' '/English' "/image:$($ScratchDisk)\scratchdir" '/Remove-ProvisionedAppxPackage' "/PackageName:$package"
+    Write-Host "Removing $package..."
+    Remove-AppxProvisionedPackage -Path "$ScratchDisk\scratchdir" -PackageName "$package" | Out-Null
 }
 
-
-Write-Host "Removing Edge:"
+Write-Host "`nRemoving Edge:"
 Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\Edge" -Recurse -Force | Out-Null
 Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\EdgeUpdate" -Recurse -Force | Out-Null
 Remove-Item -Path "$ScratchDisk\scratchdir\Program Files (x86)\Microsoft\EdgeCore" -Recurse -Force | Out-Null
@@ -258,8 +291,8 @@ Write-Host "Disabling Telemetry:"
 & 'reg' 'add' 'HKLM\zNTUSER\Software\Microsoft\Personalization\Settings' '/v' 'AcceptedPrivacyPolicy' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
 & 'reg' 'add' 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\DataCollection' '/v' 'AllowTelemetry' '/t' 'REG_DWORD' '/d' '0' '/f' | Out-Null
 & 'reg' 'add' 'HKLM\zSYSTEM\ControlSet001\Services\dmwappushservice' '/v' 'Start' '/t' 'REG_DWORD' '/d' '4' '/f' | Out-Null
-## Prevents installation or DevHome and Outlook
-Write-Host "Prevents installation or DevHome and Outlook:"
+## Prevents installation of DevHome and Outlook
+Write-Host "Prevents installation of DevHome and Outlook:"
 & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\OutlookUpdate' '/v' 'workCompleted' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
 & 'reg' 'add' 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\DevHomeUpdate' '/v' 'workCompleted' '/t' 'REG_DWORD' '/d' '1' '/f' | Out-Null
 & 'reg' 'delete' 'HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate' '/f' | Out-Null
@@ -289,13 +322,13 @@ function Enable-Privilege {
  $definition = @'
  using System;
  using System.Runtime.InteropServices;
-  
+
  public class AdjPriv
  {
   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
   internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
-  
+
   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
   internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
   [DllImport("advapi32.dll", SetLastError = true)]
@@ -307,7 +340,7 @@ function Enable-Privilege {
    public long Luid;
    public int Attr;
   }
-  
+
   internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
   internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
   internal const int TOKEN_QUERY = 0x00000008;
@@ -364,7 +397,7 @@ Write-Host 'Deleting Customer Experience Improvement Program'
 reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81}" /f | Out-Null
 reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FAC31FA-4A85-4E64-BFD5-2154FF4594B3}" /f | Out-Null
 reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC931F16-B50A-472E-B061-B6F79A71EF59}" /f | Out-Null
-Write-Host 'Deleting Program Data Updater' 
+Write-Host 'Deleting Program Data Updater'
 reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0671EB05-7D95-4153-A32B-1426B9FE61DB}" /f | Out-Null
 Write-Host 'Deleting autochk proxy'
 reg delete "HKEY_LOCAL_MACHINE\zSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87BF85F4-2CE1-4160-96EA-52F554AA28A2}" /f | Out-Null
@@ -396,7 +429,7 @@ Write-Host "Windows image completed. Continuing with boot.wim."
 Start-Sleep -Seconds 2
 Clear-Host
 Write-Host "Mounting boot image:"
-$wimFilePath = "$ScratchDisk\tiny11\sources\boot.wim" 
+$wimFilePath = "$ScratchDisk\tiny11\sources\boot.wim"
 & takeown "/F" $wimFilePath | Out-Null
 & icacls $wimFilePath "/grant" "$($adminGroup.Value):(F)"
 Set-ItemProperty -Path $wimFilePath -Name IsReadOnly -Value $false
@@ -436,22 +469,31 @@ Write-Host "The tiny11 image is now completed. Proceeding with the making of the
 Write-Host "Copying unattended file for bypassing MS account on OOBE..."
 Copy-Item -Path "$PSScriptRoot\autounattend.xml" -Destination "$ScratchDisk\tiny11\autounattend.xml" -Force | Out-Null
 Write-Host "Creating ISO image..."
-$ADKDepTools = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\$hostarchitecture\Oscdimg"
+# Get Windows ADK path from registry(following Visual Studio's winsdk.bat approach).
+$WinSDKPath = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Kits\Installed Roots", "KitsRoot10", $null)
+if (!$WinSDKPath) {
+    $WinSDKPath = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Kits\Installed Roots", "KitsRoot10", $null)
+}
+if ($WinSDKPath) {
+    # Trim the following backslash for path concatenation.
+    $WinSDKPath = $WinSDKPath.TrimEnd('\')
+    $ADKDepTools = "$WinSDKPath\Assessment and Deployment Kit\Deployment Tools\$hostarchitecture\Oscdimg"
+}
 $localOSCDIMGPath = "$PSScriptRoot\oscdimg.exe"
 
-if ([System.IO.Directory]::Exists($ADKDepTools)) {
+if ($ADKDepTools -and [System.IO.File]::Exists("$ADKDepTools\oscdimg.exe")) {
     Write-Host "Will be using oscdimg.exe from system ADK."
     $OSCDIMG = "$ADKDepTools\oscdimg.exe"
 } else {
-    Write-Host "ADK folder not found. Will be using bundled oscdimg.exe."
-    
+    Write-Host "oscdimg.exe from system ADK not found. Will be using bundled oscdimg.exe."
+
     $url = "https://msdl.microsoft.com/download/symbols/oscdimg.exe/3D44737265000/oscdimg.exe"
 
-    if (-not (Test-Path -Path $localOSCDIMGPath)) {
+    if (![System.IO.File]::Exists($localOSCDIMGPath)) {
         Write-Host "Downloading oscdimg.exe..."
         Invoke-WebRequest -Uri $url -OutFile $localOSCDIMGPath
 
-        if (Test-Path $localOSCDIMGPath) {
+        if ([System.IO.File]::Exists($localOSCDIMGPath)) {
             Write-Host "oscdimg.exe downloaded successfully."
         } else {
             Write-Error "Failed to download oscdimg.exe."
