mirror of
https://github.com/NexusOne23/noid-privacy.git
synced 2026-03-06 00:50:33 +01:00
815a7e39d0
Some checks are pending
CI - PowerShell Quality Checks / PSScriptAnalyzer (push) Waiting to run
CI - PowerShell Quality Checks / Test on PowerShell 5.1 (push) Waiting to run
CI - PowerShell Quality Checks / Test on PowerShell 7.4 (push) Waiting to run
CI - PowerShell Quality Checks / Validate Project Structure (push) Waiting to run
Pester Tests / test (push) Waiting to run
Bumps remaining 13 files that still referenced v2.2.2:
- 3 AdvancedSecurity config JSONs (AdminShares, Credentials, RDP)
- 4 AdvancedSecurity PS1 headers (Block-FingerProtocol, Set-SRPRules,
Set-WindowsUpdate, Invoke-AdvancedSecurity)
- 2 AntiAI PS1 headers (Disable-CopilotAdvanced, Test-AntiAICompliance)
- 1 Privacy runtime output (Invoke-PrivacyHardening)
- CONTRIBUTING.md templates + FEATURES.md docs
- bug_report.md issue template
Historical annotations in Backup-PrivacySettings.ps1 ("added in v2.2.2")
intentionally preserved as they document feature introduction dates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
110 lines
4.9 KiB
PowerShell
110 lines
4.9 KiB
PowerShell
function Set-WindowsUpdate {
|
|
<#
|
|
.SYNOPSIS
|
|
Configures Windows Update using simple GUI-equivalent settings
|
|
|
|
.DESCRIPTION
|
|
Applies 3 simple Windows Update settings that align with the Windows Settings GUI:
|
|
1. Get the latest updates as soon as they're available (ON, enforced via policy)
|
|
2. Receive updates for other Microsoft products (ON, user-toggleable)
|
|
3. Delivery Optimization - Downloads from other devices (OFF, enforced via policy)
|
|
|
|
NO forced schedules and NO auto-reboot policies are configured.
|
|
Installation timing remains user-controlled via the Windows Update GUI; where
|
|
policies are used, Windows clearly indicates that "Some settings are managed
|
|
by your organization".
|
|
|
|
.PARAMETER DryRun
|
|
Preview changes without applying them
|
|
|
|
.EXAMPLE
|
|
Set-WindowsUpdate
|
|
|
|
.NOTES
|
|
Author: NexusOne23
|
|
Version: 2.2.3
|
|
Requires: Administrator privileges
|
|
Based on: Windows Settings > Windows Update > Advanced options
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
param(
|
|
[Parameter(Mandatory = $false)]
|
|
[switch]$DryRun
|
|
)
|
|
|
|
try {
|
|
$configPath = Join-Path $PSScriptRoot "..\Config\WindowsUpdate.json"
|
|
|
|
if (-not (Test-Path $configPath)) {
|
|
Write-Log -Level ERROR -Message "WindowsUpdate.json not found: $configPath" -Module "AdvancedSecurity"
|
|
return $false
|
|
}
|
|
|
|
$config = Get-Content $configPath -Raw | ConvertFrom-Json
|
|
|
|
Write-Log -Level INFO -Message "Configuring Windows Update (3 simple GUI settings)..." -Module "AdvancedSecurity"
|
|
|
|
if ($DryRun) {
|
|
Write-Log -Level INFO -Message "[DRYRUN] Would configure 3 Windows Update settings" -Module "AdvancedSecurity"
|
|
return $true
|
|
}
|
|
|
|
$settingsApplied = 0
|
|
|
|
# Loop through all 3 settings from config
|
|
foreach ($settingKey in $config.Settings.PSObject.Properties.Name) {
|
|
$setting = $config.Settings.$settingKey
|
|
$regPath = $setting.RegistryPath
|
|
|
|
# Ensure registry path exists
|
|
if (-not (Test-Path $regPath)) {
|
|
Write-Log -Level DEBUG -Message "Creating registry path: $regPath" -Module "AdvancedSecurity"
|
|
New-Item -Path $regPath -Force | Out-Null
|
|
}
|
|
|
|
# Apply each value in this setting
|
|
foreach ($valueName in $setting.Values.PSObject.Properties.Name) {
|
|
$valueData = $setting.Values.$valueName
|
|
|
|
# Always use New-ItemProperty with -Force to ensure correct type and value
|
|
# -Force will overwrite existing keys
|
|
New-ItemProperty -Path $regPath -Name $valueName -Value $valueData.Value -PropertyType DWord -Force | Out-Null
|
|
|
|
Write-Log -Level SUCCESS -Message "$($setting.Name): $valueName = $($valueData.Value)" -Module "AdvancedSecurity"
|
|
$settingsApplied++
|
|
}
|
|
}
|
|
|
|
Write-Log -Level SUCCESS -Message "Windows Update configured: $settingsApplied registry keys set" -Module "AdvancedSecurity"
|
|
|
|
# Restart Windows Update service to apply changes immediately
|
|
Write-Log -Level INFO -Message "Restarting Windows Update service to apply changes..." -Module "AdvancedSecurity"
|
|
try {
|
|
Restart-Service -Name wuauserv -Force -ErrorAction Stop | Out-Null
|
|
Write-Log -Level SUCCESS -Message "Windows Update service restarted successfully" -Module "AdvancedSecurity"
|
|
}
|
|
catch {
|
|
Write-Log -Level WARNING -Message "Could not restart Windows Update service: $($_.Exception.Message)" -Module "AdvancedSecurity"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "================================================" -ForegroundColor Green
|
|
Write-Host " Windows Update Configured (3 Settings)" -ForegroundColor Green
|
|
Write-Host "================================================" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "[1] Get latest updates immediately: ON (Policy)" -ForegroundColor Gray
|
|
Write-Host "[2] Microsoft Update (Office, etc.): ON (User can toggle)" -ForegroundColor Gray
|
|
Write-Host "[3] P2P Delivery Optimization: OFF (Policy)" -ForegroundColor Gray
|
|
Write-Host ""
|
|
Write-Host "Installation timing remains user-controlled (no forced schedules, no auto-reboot policies)." -ForegroundColor White
|
|
Write-Host "Windows will indicate where settings are managed by policy in the GUI." -ForegroundColor White
|
|
Write-Host ""
|
|
|
|
return $true
|
|
}
|
|
catch {
|
|
Write-Log -Level ERROR -Message "Failed to configure Windows Update: $_" -Module "AdvancedSecurity" -Exception $_.Exception
|
|
return $false
|
|
}
|
|
}
|