From f7a93bd878a4f8ebfc6a2b3abe165186577d9912 Mon Sep 17 00:00:00 2001 From: lucas-timeworkstudio Date: Wed, 24 Sep 2025 21:00:28 -0400 Subject: [PATCH 1/2] 0.9 updates audit logging, script update checking, interg checker --- README.md | 18 ++----- run.bat | 20 +++++--- windowstelementryblocker.ps1 | 95 +++++++++++++++++++++++++++++++++++- 3 files changed, 110 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 7ea0d5b..cb733f8 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,9 @@ A lightweight, open-source toolkit to disable Windows telemetry and improve priv - ⏪ Rollback support for most modules - 💾 System restore point creation - 🖥️ Interactive and batch modes +- 📊 Audit logging to Windows Event Log +- 🔄 Script update checker +- 🛡️ Integrity checking for modules (file size and modification time) ## 🚀 Quick Start @@ -40,21 +43,6 @@ A lightweight, open-source toolkit to disable Windows telemetry and improve priv .\run.bat ``` -### Command Line Options -```powershell -# Run all modules -.\windows-telemetry-blocker.ps1 -all - -# Run specific modules -.\windows-telemetry-blocker.ps1 -modules telemetry,services - -# Interactive mode -.\windows-telemetry-blocker.ps1 -interactive - -# Advanced options -powershell -ExecutionPolicy Bypass -File windows-telemetry-blocker.ps1 -all -dryrun -verbose -rollbackOnFailure -``` - ## 🧩 Modules | Module | Description | diff --git a/run.bat b/run.bat index b93e982..bf8e473 100644 --- a/run.bat +++ b/run.bat @@ -89,22 +89,30 @@ echo Please select an option: echo 1. Run Interactive Script (Recommended) echo 2. Restore via builtin rollback system echo 3. Restore via System Restore Point -echo 4. Exit -set /p MENUOPT=Enter your choice [1-4]: +echo 4. Update Script (Recommended after multiple runs) +echo 5. Exit +set /p MENUOPT=Enter your choice [1-5]: set "PS_ARGS=" set "PS_TARGET=%PS_SCRIPT%" if "%MENUOPT%"=="1" ( echo [INFO] Launching interactive script in a new PowerShell window... - start "TelemetryBlocker-Interactive" %PS_EXE% -NoProfile -ExecutionPolicy Bypass -File "%PS_SCRIPT%" -Interactive + start "TelemetryBlocker-Interactive" %PS_EXE% -NoProfile -ExecutionPolicy Bypass -File "%PS_SCRIPT%" -Interactive -EnableAuditLog exit /b ) if "%MENUOPT%"=="2" set "PS_ARGS=-Rollback" if "%MENUOPT%"=="3" set "PS_ARGS=-RestorePoint" -if "%MENUOPT%"=="4" goto end +if "%MENUOPT%"=="4" ( + echo [INFO] Launching script update check... + %PS_EXE% -NoProfile -ExecutionPolicy Bypass -File "%PS_SCRIPT%" -Update + echo. + pause + goto menu +) +if "%MENUOPT%"=="5" goto end -:: Only check for invalid selection for options other than 1-4 -if not "%MENUOPT%"=="1" if not "%MENUOPT%"=="2" if not "%MENUOPT%"=="3" if not "%MENUOPT%"=="4" ( +:: Only check for invalid selection for options other than 1-5 +if not "%MENUOPT%"=="1" if not "%MENUOPT%"=="2" if not "%MENUOPT%"=="3" if not "%MENUOPT%"=="4" if not "%MENUOPT%"=="5" ( echo Invalid selection. Please try again. echo. goto menu diff --git a/windowstelementryblocker.ps1 b/windowstelementryblocker.ps1 index 717b557..ffc0ed5 100644 --- a/windowstelementryblocker.ps1 +++ b/windowstelementryblocker.ps1 @@ -1,6 +1,6 @@ # =============================== # Windows Telemetry Blocker -# Script Version: nextgen-0.8 (pending review) +# Script Version: nextgen-0.9 (pending) # =============================== @@ -13,7 +13,10 @@ param( [switch]$WhatIf, [switch]$RollbackOnFailure, [switch]$Rollback, - [switch]$RestorePoint + [switch]$RestorePoint, + + [switch]$Update, + [switch]$EnableAuditLog ) # --- Special parameter handling (outside param block) --- @@ -81,6 +84,14 @@ Write-Host "===============================" -ForegroundColor Cyan Write-Host (" Windows Telemetry Blocker v{0}" -f $ScriptVersion) -ForegroundColor Cyan Write-Host "===============================" -ForegroundColor Cyan +# Check for updates if requested +if ($Update) { + Write-Host "Update requested. Checking for updates..." -ForegroundColor Yellow + Update-Script + Write-Host "Update check complete." -ForegroundColor Green + Write-AuditLog "Script update check performed" +} + # Fail fast for unhandled errors in scripts we call; we'll handle expected errors with try/catch $ErrorActionPreference = 'Stop' $VerbosePreference = 'Continue' @@ -95,6 +106,7 @@ $errorLogFile = Join-Path $PSScriptRoot "telemetry-blocker-errors.log" $executionStatsFile = Join-Path $PSScriptRoot "telemetry-blocker-stats.log" $reportFile = Join-Path $PSScriptRoot "telemetry-blocker-report.md" $modulesDir = Join-Path $PSScriptRoot "modules" +$GitHubRepo = "https://github.com/N0tHorizon/WindowsTelemetryBlocker" # ==== Logging helpers (single authoritative definitions) ==== function Write-Log { @@ -122,6 +134,66 @@ function Write-Stats { } } +# ==== New Feature Functions ==== +function Update-Script { + Write-Host "Fetching latest version from GitHub..." -ForegroundColor Yellow + try { + # Download the main script + $mainUrl = "$GitHubRepo/raw/main/windowstelementryblocker.ps1" + $tempMain = Join-Path $PSScriptRoot "temp_main.ps1" + Invoke-WebRequest -Uri $mainUrl -OutFile $tempMain -ErrorAction Stop + + # Download modules + $apiUrl = "$GitHubRepo/contents/modules" + $response = Invoke-WebRequest -Uri $apiUrl -Headers @{ "Accept" = "application/vnd.github.v3+json" } -ErrorAction Stop + $files = $response.Content | ConvertFrom-Json + + foreach ($file in $files) { + if ($file.name -like "*.ps1") { + $fileUrl = $file.download_url + $tempFile = Join-Path $PSScriptRoot ("temp_{0}" -f $file.name) + Invoke-WebRequest -Uri $fileUrl -OutFile $tempFile -ErrorAction Stop + } + } + + # Confirm + $confirm = Read-Host "Downloaded updates. Overwrite files? (Y/N)" + if ($confirm -eq 'Y') { + # Overwrite + Move-Item $tempMain (Join-Path $PSScriptRoot "windowstelementryblocker.ps1") -Force -ErrorAction Stop + foreach ($file in $files) { + if ($file.name -like "*.ps1") { + $tempFile = Join-Path $PSScriptRoot ("temp_{0}" -f $file.name) + $dest = Join-Path $modulesDir $file.name + Move-Item $tempFile $dest -Force -ErrorAction Stop + } + } + Write-Host "Update complete." -ForegroundColor Green + } else { + Write-Host "Update cancelled." -ForegroundColor Yellow + # Clean temp + Remove-Item (Join-Path $PSScriptRoot "temp_*") -Force -ErrorAction SilentlyContinue + } + } catch { + Write-Host ("[ERROR] Update failed: {0}" -f $_.Exception.Message) -ForegroundColor Red + # Clean temp + Remove-Item (Join-Path $PSScriptRoot "temp_*") -Force -ErrorAction SilentlyContinue + } +} + +function Write-AuditLog { + param([string]$Message, [string]$EventType = "Information") + if (-not $EnableAuditLog) { return } + try { + if (-not (Get-EventLog -LogName Application -Source "TelemetryBlocker" -ErrorAction SilentlyContinue)) { + New-EventLog -LogName Application -Source "TelemetryBlocker" -ErrorAction Stop + } + Write-EventLog -LogName Application -Source "TelemetryBlocker" -EventId 1000 -EntryType $EventType -Message $Message -ErrorAction Stop + } catch { + Write-Log ("Failed to write audit log: {0}" -f $_.Exception.Message) -Error + } +} + # ==== Registry backup/export before changes ==== function Export-RegistryBackup { try { @@ -169,6 +241,7 @@ Write-Log "=== Script started ===" Write-Log ("Windows Version: {0}" -f $winVersion) Write-Log ("Windows Build: {0}" -f $winBuild) Write-Log ("Script Version: {0}" -f $ScriptVersion) +Write-AuditLog ("Script started - Version {0}, Windows {1} Build {2}" -f $ScriptVersion, $winVersion, $winBuild) # ==== Ensure modules directory exists ==== if (-not (Test-Path $modulesDir)) { @@ -184,6 +257,14 @@ if (-not (Test-Path $modulesDir)) { } } +# ==== Rollback coverage scan ==== +$rollbackCoverage = @{} +foreach ($mod in $moduleList) { + $rollbackPath = Join-Path $modulesDir ("{0}-rollback.ps1" -f $mod) + $rollbackCoverage[$mod] = Test-Path $rollbackPath +} +Write-Log ("Rollback coverage: {0}" -f (($rollbackCoverage.GetEnumerator() | ForEach-Object { "$($_.Key):$($_.Value)" }) -join ', ')) + # ==== System helpers ==== function New-SystemRestorePoint { try { @@ -402,6 +483,8 @@ function Resolve-ModuleDependencies { return $resolved } + + # ==== Module execution loop ==== Write-Host "`n=== Starting Module Execution ===" -ForegroundColor Cyan $summary = @() @@ -414,6 +497,7 @@ $toRunResolved = Resolve-ModuleDependencies -mods $toRun foreach ($mod in $toRunResolved) { Write-Host ("`nRunning module: {0}" -f $mod) -ForegroundColor Yellow + Write-AuditLog ("Starting module execution: {0}" -f $mod) $moduleStart = Get-Date try { $modulePath = Join-Path $modulesDir ("{0}.ps1" -f $mod) @@ -431,10 +515,12 @@ foreach ($mod in $toRunResolved) { if ($result -eq $false) { Write-Host ("[ERROR] Module {0} reported failure" -f $mod) -ForegroundColor Red Write-Log ("Module {0} reported failure" -f $mod) -Error + Write-AuditLog ("Module {0} execution failed" -f $mod) "Warning" $summary += ("Module {0} reported failure" -f $mod) $moduleResults[$mod] = @{ Status='Failure'; Start=$moduleStart; End=(Get-Date) } } else { Write-Log ("Module {0} completed" -f $mod) + Write-AuditLog ("Module {0} execution completed successfully" -f $mod) $summary += ("Module {0} completed" -f $mod) $moduleResults[$mod] = @{ Status='Success'; Start=$moduleStart; End=(Get-Date) } } @@ -450,6 +536,7 @@ foreach ($mod in $toRunResolved) { if ($RollbackOnFailure) { Write-Host "Rolling back changes for executed modules..." -ForegroundColor Red Write-Log ("Rollback initiated due to failure in module {0}" -f $mod) + Write-AuditLog ("Rollback initiated due to failure in module {0}" -f $mod) "Warning" # clone and reverse executedModules safely $executedClone = @() @@ -463,20 +550,24 @@ foreach ($mod in $toRunResolved) { Write-Host ("Running rollback for {0}..." -f $rmod) -ForegroundColor Yellow . $rollbackPath Write-Log ("Rollback for {0} completed" -f $rmod) + Write-AuditLog ("Rollback for {0} completed" -f $rmod) $rollbackModules += $rmod } catch { $rbErr = if ($_.Exception) { $_.Exception.Message } else { $_.ToString() } Write-Host ("[ERROR] Rollback failed for {0}: {1}" -f $rmod, $rbErr) -ForegroundColor Red Write-Log ("Rollback failed for {0}: {1}" -f $rmod, $rbErr) -Error + Write-AuditLog ("Rollback failed for {0}: {1}" -f $rmod, $rbErr) "Error" } } else { Write-Host ("No rollback script for {0}" -f $rmod) -ForegroundColor DarkYellow Write-Log ("No rollback script for {0}" -f $rmod) + Write-AuditLog ("No rollback script for {0}" -f $rmod) "Warning" } } Write-Host "Rollback complete. Exiting." -ForegroundColor Red Write-Log "Rollback complete. Exiting." + Write-AuditLog "Rollback complete. Exiting." break } else { $response = Read-Host "Do you want to continue with remaining modules? (Y/N)" From 32e8e896d83ce0ca6d8a6542c8215d9a62c4f6bb Mon Sep 17 00:00:00 2001 From: lucas-timeworkstudio Date: Wed, 24 Sep 2025 21:25:44 -0400 Subject: [PATCH 2/2] Update windowstelementryblocker.ps1 --- windowstelementryblocker.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/windowstelementryblocker.ps1 b/windowstelementryblocker.ps1 index ffc0ed5..84b3da9 100644 --- a/windowstelementryblocker.ps1 +++ b/windowstelementryblocker.ps1 @@ -14,7 +14,6 @@ param( [switch]$RollbackOnFailure, [switch]$Rollback, [switch]$RestorePoint, - [switch]$Update, [switch]$EnableAuditLog )