# Chawn Limited - Citrix Partner - Silver Solution Advisor
# No Liability accepted - Use at your own risk
# Ensure that you validate usage of this script in a pre-prod environment
# Installs IE Tracking Lists, and enables Flash prompting to reduce IE resource consumption

# get LocalAppData
$userpath=$env:localappdata

# set tracking list paths
$strEasyListTPFile=$userpath + "\Microsoft\Internet Explorer\Tracking Protection\{23FD2C8D-41D6-4BE5-A596-E21D5D10C7AB}.tpl"
$strStopGoogleTrackTPFile=$userpath + "\Microsoft\Internet Explorer\Tracking Protection\{7920CE6E-CABC-4F6B-A8D1-9DEEA374E2F4}.tpl"
$strEasyPrivacyTPFile=$userpath + "\Microsoft\Internet Explorer\Tracking Protection\{A165ADA8-718E-4CDC-9B33-9A23CF0A95D1}.tpl"

# create tracking list directories
New-Item -Path $userpath -Name "Microsoft" -ItemType "directory" -ErrorAction SilentlyContinue;
New-Item -Path $userpath"\Microsoft" -Name "Internet Explorer" -ItemType "directory" -ErrorAction SilentlyContinue;
New-Item -Path $userpath"\Microsoft\Internet Explorer" -Name "Tracking Protection" -ItemType "directory" -ErrorAction SilentlyContinue;

#create tracking list parent registry keys
$regpath="HKCU:SOFTWARE\Microsoft\Internet Explorer\Safety"
New-Item -Path $regpath -ErrorAction SilentlyContinue;
$regpath="HKCU:SOFTWARE\Microsoft\Internet Explorer\Safety\PrivacIE"
New-Item -Path $regpath -ErrorAction SilentlyContinue;
$regpath="HKCU:SOFTWARE\Microsoft\Internet Explorer\Safety\PrivacIE\Lists"
New-Item -Path $regpath -ErrorAction SilentlyContinue;

# install EasyList
$regpath="HKCU:SOFTWARE\Microsoft\Internet Explorer\Safety\PrivacIE\Lists\{23FD2C8D-41D6-4BE5-A596-E21D5D10C7AB}"
New-Item -Path $regpath -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Path -PropertyType String -Value $strEasyListTPFile -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Name -PropertyType String -Value "EasyList" -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name URL -PropertyType String -Value "https://www.microsoft.com/cms/api/am/binary/RWidzr" -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Enabled -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name TTL -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name LastUpdateTime -PropertyType DWord -Value 0 -ErrorAction SilentlyContinue;

# install StopGoogleTracking
$regpath="HKCU:SOFTWARE\Microsoft\Internet Explorer\Safety\PrivacIE\Lists\{7920CE6E-CABC-4F6B-A8D1-9DEEA374E2F4}"
New-Item -Path $regpath -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Path -PropertyType String -Value $strStopGoogleTrackTPFile -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Name -PropertyType String -Value "Stop Google Tracking" -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name URL -PropertyType String -Value "https://www.microsoft.com/cms/api/am/binary/RWilsQ" -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Enabled -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name TTL -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name LastUpdateTime -PropertyType DWord -Value 0 -ErrorAction SilentlyContinue;

# install EasyPrivacy
$regpath="HKCU:SOFTWARE\Microsoft\Internet Explorer\Safety\PrivacIE\Lists\{A165ADA8-718E-4CDC-9B33-9A23CF0A95D1}"
New-Item -Path $regpath -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Path -PropertyType String -Value $strEasyPrivacyTPFile -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Name -PropertyType String -Value "EasyPrivacy" -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name URL -PropertyType String -Value "https://www.microsoft.com/cms/api/am/binary/RWiiY6" -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name Enabled -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name TTL -PropertyType DWord -Value 4 -ErrorAction SilentlyContinue;
New-ItemProperty -Path $regpath -Name LastUpdateTime -PropertyType DWord -Value 0 -ErrorAction SilentlyContinue;

# Flash Lockdown
$regpath="HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats"
New-Item -Path $regpath -ErrorAction SilentlyContinue;
$regpath="HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}"
New-Item -Path $regpath -ErrorAction SilentlyContinue;
$regpath="HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore"
New-Item -Path $regpath -ErrorAction SilentlyContinue;
$regpath="HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\AllowedDomains"
# remove any trusted site
Remove-Item -Path $regpath -Recurse -ErrorAction SilentlyContinue;
New-Item -Path $regpath -ErrorAction SilentlyContinue;

#Further tweaks
#Force OffScreen Composition
$regpath="HKCU:SOFTWARE\Microsoft\Internet Explorer\Main"
New-ItemProperty -Path $regpath -Name "Force Offscreen Composition" -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;

#Disable First Run Customisation
New-ItemProperty -Path $regpath -Name "DisableFirstRunCustomize" -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;

#Set the home page - Avoid launch time going to default microsoft page - modify here or override with GPO
New-ItemProperty -Path $regpath -Name "Start Page" -PropertyType String -Value "about:blank" -ErrorAction SilentlyContinue;

#Disable GPU Rendering
New-ItemProperty -Path $regpath -Name "UseSWRender" -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;

#Do Not Track
New-ItemProperty -Path $regpath -Name "DoNotTrack" -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;

#Turn off GeoLocation
$regpath="HKCU:SOFTWARE\Microsoft\Internet Explorer\Geolocation"
New-ItemProperty -Path $regpath -Name "BlockAllWebsites" -PropertyType DWord -Value 1 -ErrorAction SilentlyContinue;