SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9d05a4a2236e510deb73fe7cded1b7c96160c2fd
SilverMetal/windows/debloat/appx-remove.txt
sysadmin 3a30a0421e docs(windows): add ISO-builder design + scaffold the windows/ tree 
Add windows/iso-builder.md: reproducible custom-packed-ISO pipeline design for
SilverMetal Enhanced - Windows on IoT Enterprise LTSC. Covers the licensing
frame (IoT = blessed channel for preinstalled custom images; self-apply stays a
builder), 7 build stages (verify/extract/DISM-service/inject-unattend/brand/
oscdimg-repack/attest), the offline-vs-first-boot-vs-firmware control split, an
honest reproducibility scope (pinned inputs + SBOM + attestation, NOT bit-
identical on Windows), and M0-M4 milestones.

Scaffold windows/ per the planned layout:
- installer/  build.ps1 (7-stage orchestrator, stages stubbed to M2),
              inputs.manifest.json (pinned-input schema), autounattend.xml
              (local-account OOBE), oem/SetupComplete.cmd (first-boot runner)
- hardening/  shared §A-H PowerShell modules + Verify-SilverMetalWindows.ps1
              (used by BOTH the ISO first-boot path and the self-apply track).
              BitLocker module enforces TPM+PIN and blocks TPM-only.
- policies/ wdac/ debloat/ stack-installer/ drivers/ tests/  scaffolded with
  READMEs; wdac/ documents audit->enforce; debloat/ flags Tiny11/NTLite as an
  anti-pattern; rename applocker/ -> wdac/ realised.

All 11 PowerShell scripts parse clean; manifest JSON + autounattend XML valid.
Module bodies are M1 scaffold (safe: log + policy-set; interactive/firmware
steps documented, not faked).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 15:35:13 +01:00

18 lines
768 B
Plaintext
Raw Blame History

# SilverMetal Enhanced - Windows : provisioned appx removal list.
# One package family name (or prefix) per line; '#' comments ignored.
# IoT Enterprise LTSC is already lean, so this list is intentionally SHORT and
# only targets residue. Do NOT remove servicing/Store-for-Business components
# that LTSC relies on. Verify per-build (TODO-M2).
#
# Removed offline in the WIM by build.ps1 (DISM /Remove-ProvisionedAppxPackage)
# and at first boot for the provisioned user where applicable.
Microsoft.Windows.Copilot
Microsoft.549981C3F5F10 # Cortana
Microsoft.BingWeather
Microsoft.BingNews
Microsoft.GamingApp
Microsoft.XboxGamingOverlay
Microsoft.MicrosoftSolitaireCollection
# TODO-M2: confirm against the actual LTSC media manifest before enabling removal.
Reference in New Issue View Git Blame Copy Permalink