PowerShell module/helper script with custom functions for imaging Windows 10 build 21H2 with MDT/WDS.

Set-Win10Baseline21H2.ps1

# For the purposes of this script, assume DWORD values
function Set-RegistryItem {
    param (
        [CmdletBinding()]
        [string]$Path
    )
    param (
        [CmdletBinding()]
        [string]$Name
    )
    param (
        [CmdletBinding()]
        [string]$Value
    )
    
    if (!(Test-Path -Path $Path)) {
        New-Item -Path $Path
        Try {
            New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType DWORD
        }
        Catch [System.IO.IOException] {
            Write-Output "Registry Value already exists. Proceeding..."
        }
        Catch {
            Write-Output "An unknown error occured."
        }
    }
}

# Using the above function as a baseline, the following functions tweak the registry.
## Disable Consumer Experiences
function Disable-ConsumerExperience {
    $regPath = "HKLM:\\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
    $regName = "DisableWindowsConsumerFeatures"
    $regValue = "1"

    Set-RegistryItem -Path $regPath -Name $regName -Value $regValue
}
## Disable Cortana
function Disable-Cortana {
    $regPath = "HKLM:\\SOFTWARE\Policies\Microsoft\Windows\Windows Search"
    $regName = "AllowCortana"
    $regValue = "0"

    Set-RegistryItem -Path $regPath -Name $regName -Value $regValue
}

## Disable FastBoot
function Disable-FastBoot {
    $regPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\Session Manager\Power"
    $regName = "HiberbootEnabled"
    $regValue = "0"

    Set-RegistryItem -Path $regPath -Name $regName -Value $regValue
}

## Disable-Hibernation
function Disable-Hibernation {
    $regPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\Power"
    $regName = "HibernateEnabled"
    $regValue = "0"

    Set-RegistryItem -Path $regPath -Name $regName -Value $regValue
}

<# Disable SMBv3 Compression
## https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200005
## May not be applicable to your environment
#>
function Disable-SMBv3Compression {
    $regPath = "HKLM:\\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
    $regName = "DisableCompression"
    $regValue = "0"

    Set-RegistryItem -Path $regPath -Name $regName -Value $regValue
    
}

function Set-OptionalFeatures {
    # Features we want to disable by default
    $toDisable = @(
        "Internet-Explorer-Optional-amd64",
        "MicrosoftWindowsPowerShellV2",
        "MicrosoftWindowsPowerShellV2Root",
        "Printing-XPSServices-Features",
        "WCF-Services45",
        "WCF-TCP-PortSharing45",
        "WindowsMediaPlayer",
        "WorkFolders-Client"
    )

    foreach ($feature in $toDisable) {
        Get-WindowsOptionalFeature -Online -FeatureName $feature | Disable-WindowsOptionalFeature -Online -NoRestart -Remove -Verbose
    }
    
    # Features we want to enable by default
    $toEnable = @(
        "Containers",
        "Containers-DisposableClientVM",
        "Windows-Defender-ApplicationGuard",
        "Microsoft-Windows-Subsystem-Linux"
    )

    foreach ($feature in $toEnable) {
        Try {
            Get-WindowsOptionalFeature -Online -FeatureName $feature | Enable-WindowsOptionalFeature -Online -NoRestart -Verbose
        }
        Catch [Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand] {
            Write-Host "$feature could not be enabled and may need a parent feature as a prerequisite"
        }
    }
}

function Remove-AppxPackages {
    $appx = @(
        "Microsoft.BingWeather",
        "Microsoft.GetHelp",
        "Microsoft.Getstarted",
        "Microsoft.MicrosoftOfficeHub",
        "Microsoft.MicrosoftSolitaireCollection",
        "Microsoft.Office.OneNote",
        "Microsoft.People",
        "Microsoft.SkypeApp",
        "Microsoft.Wallet",
        "microsoft.windowscommunicationsapps",
        "Microsoft.WindowsFeedbackHub",
        "Microsoft.WindowsMaps",
        "Microsoft.YourPhone",
        "Microsoft.ZuneMusic",
        "Microsoft.ZuneVideo"
    )

    foreach ($app in $appx) {
        # Found that running as built-in Administrator while in MDT deployment or manually running the script, some AppX Packages don't like the -AllUsers parameter on the Remove-AppxPackage cmdlet
        Try {
            Get-AppxPackage -AllUsers -Name $app | Remove-AppxPackage -AllUsers -Verbose
        } # These Packages will throw a COMException below, catch this error and run without the -AllUsers parameter 
        Catch [System.Runtime.InteropServices.COMException] {
            Get-AppxPackage -AllUsers -Name $app | Remove-AppxPackage -Verbose
        }
    }
    
    $provisioned = @(
        "Microsoft.BingWeather",
        "Microsoft.GetHelp",
        "Microsoft.Getstarted",
        "Microsoft.MicrosoftOfficeHub",
        "Microsoft.MicrosoftSolitaireCollection",
        "Microsoft.Office.OneNote",
        "Microsoft.People",
        "Microsoft.SkypeApp",
        "Microsoft.Wallet",
        "microsoft.windowscommunicationsapps",
        "Microsoft.WindowsFeedbackHub",
        "Microsoft.WindowsMaps",
        "Microsoft.YourPhone",
        "Microsoft.ZuneMusic",
        "Microsoft.ZuneVideo"
    )

    foreach ($app in $provisioned) {
        Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -like $app } | Remove-AppxProvisionedPackage -Online -Verbose
    }
    
}

function Invoke-WindowsActivation {
    param (
        [CmdletBinding()]
        [string]$Key
    )

    $MAK = Get-WmiObject -Query "Select * from SoftwareLicensingService"
    $MAK.InstallProductKey($Key)
    $MAK.RefreshLicenseStatus()
    
}