====== Information ======
* Microsoft Windows 10 IoT Enterprise LTSC
* 21H2 (10.0.19044 Build 19044)
====== Resources ======
* https://superuser.com/questions/217504/is-there-a-list-of-windows-special-directories-shortcuts-like-temp/217506#217506
====== Download ======
* [[https://forums.mydigitallife.net/threads/discussion-windows-10-enterprise-iot-enterprise-n-ltsc-2021.84509|LTSC 2021]]
* IoT Enterprise LTSC has the longest support date of 2032-01-13 and works well
* [[https://www.catalog.update.microsoft.com/Search.aspx?q=Cumulative+Update+for+Windows+10+Version+21H2+for+x64-based+Systems|Windows 10 21H2 Cumulative Updates - Microsoft Update Catalog]]
* :!: [[https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014032|KB5014032]] 2022-05 SSU is required before the latest CU
en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f.iso
SHA256: a0334f31ea7a3e6932b9ad7206608248f0bd40698bfb8fc65f14fc5e4976c160
* TODO: ISO name, SSU, CU sort
====== Settings ======
===== Nagle's Algorithm =====
* https://gigperformer.com/docs/ultimate-guide-to-optimize-windows-for-stage/naglesalgorithm.html
* https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/registry-entry-control-tcp-acknowledgment-behavior
* TODO
===== Disable Clipboard History =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f
===== Disable Cortana and Web Search =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f
===== Disable CPU Mitigations =====
* https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
* https://www.grc.com/inspectre.htm
* :!: TODO: Research this further
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t "REG_DWORD" /d "3" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t "REG_DWORD" /d "3" /f
===== Disable Game DVR =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f
===== Disable Hibernation and Fast Start =====
****
powercfg /H off
===== Disable Last Access Time File Updates =====
****
fsutil behavior set disablelastaccess 1
===== Disable Online Speech Recognition =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f
===== Open Pictures With Windows Photo Viewer =====
reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
===== Disable Remote Desktop =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f
===== Disable Shared Experiences =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f
===== Disable SmartScreen =====
* General
* Windows Store Apps
* Microsoft Edge
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t "REG_DWORD" /d "0" /f
===== Disable Startup Delay =====
****
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f
===== Disable System Restore =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f
===== Disable Telemetry Features =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f
===== Disable User Account Control =====
****
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f
===== Disable Windows Defender =====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f
===== Remove Quick Access =====
****
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f
===== Remove Windows Search =====
****
Dism /online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove
===== Show All Folders in File Explorer Pane =====
****
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f
===== Verbose Shutdown =====
****
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "VerboseStatus" /t REG_DWORD /d "1" /f
====== Other ======
===== ScriptTiger Hosts File =====
* https://scripttiger.github.io/hosts-packages/
* :!: TODO: Revert multiple-entries
* Powershell Script ''*.ps1''
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
# https://scripttiger.github.io/alts/
# Compressed
# Unified hosts + fakenews + gambling + porn + social
Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fgps.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"
# Unified hosts + fakenews + gambling + social
#Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fgs.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"
# Unified hosts + fakenews + gambling
#Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fg.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"
ipconfig /flushdns
===== NetFX3 From Install Media =====
* Change ''D:\'' to install media drive if necessary
Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess
===== Maintenance =====
* TODO: Maintenance bat command notepad desktop
:: .NET Framework 4
"%windir%\microsoft.net\Framework\v4.0.30319\ngen.exe" update /force /queue
"%windir%\microsoft.net\Framework64\v4.0.30319\ngen.exe" update /force /queue
"%windir%\microsoft.net\Framework\v4.0.30319\ngen.exe" executequeueditems
"%windir%\microsoft.net\Framework64\v4.0.30319\ngen.exe" executequeueditems
:: System File Check, Cleanup, and Repair
"%windir%\system32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%windir%\system32\sfc.exe" /scannow
:: Classic Disk Cleanup
"%windir%\system32\cleanmgr.exe" /sageset:65535
"%windir%\system32\cleanmgr.exe" /sagerun:65535
:: Defrag/Trim
"%windir%\system32\dfrgui.exe"
====== Information ======
* TODO: Move to separate notes
===== Prevent Driver Changes =====
==== Notes ====
* To be done after a proper driver is manually installed
* This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
* Additional entries need to add a new number (the value after ''/v'')
* The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)
==== Base Policies ====
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f
==== Format ====
* Do **not** copy/paste these as-is; only here for reference
* Adjust to specific devices as-needed
==== Add Prevent Policy ====
****
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f
==== Remove Prevent Policy ====
****
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f
====== Programs ======
* [[windows:programs|More Programs]]
===== 7-Zip =====
* https://www.7-zip.org/download.html
===== Android Tools =====
* [[https://dl-ssl.google.com/android/repository/latest_usb_driver_windows.zip|Latest USB Driver]]
* [[https://dl-ssl.google.com/android/repository/platform-tools-latest-windows.zip|Latest platform-tools]]
* :!: [[https://dl.google.com/android/repository/platform-tools_r30.0.5-windows.zip|30.0.5 platform-tools]] ((this specific version was needed to workaround a ''fastboot'' error that only happened on the latest version))
* TODO: Set user instead of system-wide with ''/M'' and check syntax
SETX /M path "%path%;C:\Program Files\platform-tools"
===== aria2 =====
* https://github.com/aria2/aria2/releases
* TODO: Set user instead of system-wide with ''/M'' and check syntax
SETX /M path "%path%;C:\Program Files\aria2c"
===== Brain Workshop =====
* https://sourceforge.net/projects/brainworkshop/files/brainworkshop/
===== Calculator =====
* Only available on LTSB/LTSC
win32calc
===== DirectX End-User Runtime =====
* https://www.microsoft.com/en-us/download/confirmation.aspx?id=8109
===== Firefox =====
* https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-US
===== GIMP =====
* https://www.gimp.org/downloads
===== KeePassXC =====
* https://keepassxc.org/download#windows
===== mpv =====
* https://sourceforge.net/projects/mpv-player-windows/files/64bit-v3/
===== MuPDF =====
* https://mupdf.com/releases/index.html
* https://mupdf.com/releases/history.html
===== Notepad++ =====
* https://notepad-plus-plus.org/download
===== OBS =====
* https://obsproject.com/download
===== qBittorrent =====
* https://www.qbittorrent.org/download
===== VC++ Redist =====
* https://github.com/abbodi1406/vcredist/releases
===== Vulkan Runtime =====
* https://vulkan.lunarg.com/sdk/home
====== Games ======
===== Battle.net App =====
* https://download.battle.net/en-us/?product=bnetdesk
===== Steam =====
* https://steamcdn-a.akamaihd.net/client/installer/SteamSetup.exe
====== Drivers ======
* See [[windows:drivers|Drivers]] for more URLs
===== Spinesnap =====
* [[https://www.dell.com/support/home/en-us/product-support/product/latitude-15-5591-laptop/drivers|Dell Latitude 5591 - Support and BIOS Updates]]
==== Chipset ====
* Intel(R) Core(TM) i5-8400H CPU @ 2.50GHz
* TODO: Chipset name
* [[https://rog.asus.com/forum/showthread.php?117609-DRIVERS-Intel-Chipset-MEI-SATA-VMD-(1xx-2xx-3xx-4xx-5xx-6xx-7xx)|ASUS ROG Forums]] (AHCI 2xx/3xx)
* [[https://www.elevenforum.com/t/drivers-intel-chipset-mei-sata-vmd-1xx-2xx-3xx-4xx-5xx-6xx-7xx.11373/|Windows 11 Forum]] (AHCI 2xx/3xx)
* https://station-drivers.com/index.php/en/component/remository/Drivers/Intel/HID-Event-Filter/orderby,4/lang,en-gb/
==== SATA/RST ====
* Intel(R) Chipset SATA/PCIe RST Premium Controller
* ''PCI\VEN_8086&DEV_282A&SUBSYS_08191028&REV_10''
* [[https://www.intel.com/content/www/us/en/download/19755/intel-rapid-storage-technology-driver-installation-software-with-intel-optane-memory-8th-and-9th-gen-platforms.html|Intel Download Center]] ((Intel recommends extracting drivers (''f6vmdflpy-x64.zip'') from the exe in the [[https://downloadmirror.intel.com/773230/Release_Notes_17_11_3_1010_2_EndUser.pdf|17.11.3.1010.2 Release Notes]]))
* [[https://rog.asus.com/forum/showthread.php?117609-DRIVERS-Intel-Chipset-MEI-SATA-VMD-(1xx-2xx-3xx-4xx-5xx-6xx-7xx)|ASUS ROG Forums]] (AHCI 2xx/3xx)
* [[https://www.elevenforum.com/t/drivers-intel-chipset-mei-sata-vmd-1xx-2xx-3xx-4xx-5xx-6xx-7xx.11373/|Windows 11 Forum]] (AHCI 2xx/3xx)
==== SerialIO ====
* Intel(R) Serial IO GPIO Host Controller - INT3450
* Intel(R) Serial IO I2C Host Controller - A368
* Intel(R) Serial IO I2C Host Controller - A369
* ''ACPI\VEN_INT&DEV_3450''
* ''PCI\VEN_8086&DEV_A368&SUBSYS_08191028&REV_10''
* ''PCI\VEN_8086&DEV_A369&SUBSYS_08191028&REV_10''
* :?: At some point on the links below the ''3xx'' mention was removed, but ''4xx'' is the same ''30.100.2132.2'' version
* [[https://rog.asus.com/forum/showthread.php?125235-DRIVERS-Intel-Serial-IO-(3xx-4xx-5xx-6xx-7xx)|ASUS ROG Forums]] (3xx/4xx)
* [[https://www.elevenforum.com/t/drivers-intel-serial-io-3xx-4xx-5xx-6xx-7xx.11375/|Windows 11 Forum]] (3xx/4xx)
==== Ethernet ====
* I219-LM Gigabit
* :!: Intel Corporation Ethernet Connection (7) I219-LM (rev 10) ((rev 10 drivers, not rev 18+))
* [[https://www.intel.com/content/www/us/en/products/sku/82185/intel-ethernet-connection-i219lm/downloads.html|Intel Download Center]] ((2024/09/10: The latest version is ''29.3.1'' provided in the Complete Driver Pack, and is 800MB+))
* [[https://rog.asus.com/forum/showthread.php?118280-DRIVERS-Intel-Ethernet-WiFi-Bluetooth|ASUS ROG Forums]] (I217/I218/I219)
* [[https://www.elevenforum.com/t/drivers-intel-ethernet-wifi-bluetooth.11383/|Windows 11 Forum]] (I217/I218/I219)
==== Wireless + Bluetooth ====
* Intel(R) Wireless-AC 9560 160MHz
* ''PCI\VEN_8086&DEV_A370&SUBSYS_40308086&REV_10''
* [[https://www.intel.com/content/www/us/en/products/sku/99446/intel-wirelessac-9560/downloads.html|Intel Download Center]] (IT Administrators 8-))
* [[https://rog.asus.com/forum/showthread.php?118280-DRIVERS-Intel-Ethernet-WiFi-Bluetooth|ASUS ROG Forums]] (8xxx/9xxx/AXxxx)
* [[https://www.elevenforum.com/t/drivers-intel-ethernet-wifi-bluetooth.11383/|Windows 11 Forum]] (8xxx/9xxx/AXxxx)
==== Graphics ====
* Intel(R) UHD Graphics 630
* ''PCI\VEN_8086&DEV_3E9B&SUBSYS_08191028&REV_00''
* [[https://www.intel.com/content/www/us/en/support/products/126790/graphics/intel-uhd-graphics-family/intel-uhd-graphics-630.html#drivers-software|Intel Download Center]]