Skip to content

cyclonite69/Aegis-Scripts

BranchesTags

Repository files navigation

Aegis Scripts: Windows Hardening & Debloating Suite

Windows 11 PowerShell License

    ___    ___________ ___________ 
   /   |  / ____/ ___//  _/ ___/ 
  / /| | / __/  \__ \ / / \__ \  
 / ___ |/ /___ ___/ // / ___/ /  
/_/  |_/_____//____/___//____/   
                                 
      WINDOWS HARDENING SUITE

Aegis is a modular, repeatable PowerShell suite for hardening, debloating, and optimizing Windows 11 systems. It transforms a stock Windows installation into a private, secure, and high-performance workstation.

🚀 Quick Start

Download and run the GUI Controller:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/YOUR_USERNAME/Aegis-Scripts/main/Aegis-Controller.ps1'))

(Replace YOUR_USERNAME with your actual GitHub username)

📂 Repository Structure

Script Description
Aegis-Controller.ps1 GUI Dashboard: Run this to select and execute modules easily.
Utils.ps1 Core Library: Shared helper functions for logging, registry, and service management.
Remove-BloatWin.ps1 Removes Appx/Provisioned packages. Supports -Aggressive and OEM cleanup modes.
Firewall-Hardening.ps1 Backs up and tightens Windows Firewall. Blocks mDNS and unnecessary inbound traffic.
Disable-UnneededServices.ps1 Optimizes Windows Services (Disable Telemetry, Fax, RetailDemo, etc.).
Optimize-Privacy.ps1 Enforces privacy registry keys, DNS hardening (DoH), and performance tweaks.
Invoke-NetworkDiag.ps1 Collects network configurations and logs them to a zip file for analysis.

🛠️ Manual Usage

Prerequisites

  • Administrator Privileges: All scripts must be run as Administrator.
  • Execution Policy: 
    Set-ExecutionPolicy Bypass -Scope Process -Force

1. Debloat Windows

Remove common bloatware. Use -DryRun to preview changes first.

.\Remove-BloatWin.ps1 -DryRun
.\Remove-BloatWin.ps1 -Aggressive

2. Harden Security

Apply firewall rules and disable unneeded services.

.\Firewall-Hardening.ps1
.\Disable-UnneededServices.ps1

3. Maximize Privacy

Apply registry tweaks and DNS hardening.

.\Optimize-Privacy.ps1

4. Diagnostics

If you encounter network issues, generate a diagnostic report.

.\Invoke-NetworkDiag.ps1

⚠️ Disclaimer

Use at your own risk. These scripts modify system configurations.

  • Always create a System Restore Point before running.
  • Firewall-Hardening.ps1 automatically creates a firewall policy backup (.wfw).
  • Review the code or run with -DryRun where available to understand the changes.

🤝 Contributing

Contributions are welcome! Please read our Contributing Guidelines for details on our code of conduct and the process for submitting pull requests.

  1. Fork the repo on GitHub.
  2. Create your feature branch (git checkout -b feature/amazing-feature).
  3. Commit your changes (git commit -m 'Add some amazing feature').
  4. Push to the branch (git push origin feature/amazing-feature).
  5. Open a Pull Request.

📜 License

MIT License

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages