====== Information ======

  * Microsoft Windows 10 IoT Enterprise LTSC
  * Version 21H2 (OS Build 19044.5487)

====== Resources ======

  * [[windows:notes:env_paths|Env PATH Variables]]
  * [[https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-|System Error Codes (0-499+)]]
  * http://redeem.microsoft.com/ (TODO: Put somewhere else)
  * [[https://github.com/Espionage724/Windows|GitHub Batch Files]]

===== TODO =====

  * https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e#ID0EBBBBJ=FeatureSettingsOverride

====== Downloads ======

===== ISO =====

  * SHA256

  en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f.iso

  a0334f31ea7a3e6932b9ad7206608248f0bd40698bfb8fc65f14fc5e4976c160

===== Updates =====

  * [[https://www.catalog.update.microsoft.com/Search.aspx?q=Cumulative+Update+for+Windows+10+Version+21H2+for+x64-based+Systems|Windows 10 21H2 Cumulative Updates - Microsoft Update Catalog]]
  * :!: [[https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014032|KB5014032]] 2022-05 SSU is required before the latest CU

====== Shortcuts ======

===== Desktop =====

==== Maintenance ====

  notepad "%UserProfile%\Desktop\Maintenance.bat"

<code>
:: .NET Framework 4
"%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\ngen.exe" update /force /queue
"%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" update /force /queue
"%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\ngen.exe" executequeueditems
"%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" executequeueditems

:: System File Check, Cleanup, and Repair
"%SystemRoot%\System32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%SystemRoot%\System32\sfc.exe" /scannow

:: Classic Disk Cleanup
"%SystemRoot%\System32\cleanmgr.exe" /sageset:65535
"%SystemRoot%\System32\cleanmgr.exe" /sagerun:65535

:: Volume Shadow Copy
"%SystemRoot%\System32\vssadmin.exe" Delete Shadows /All

:: Defrag/Trim
"%SystemRoot%\System32\Defrag.exe" /AllVolumes /Defrag /TierOptimize /SlabConsolidate /Retrim /Optimize /PrintProgress /Verbose /NormalPriority

pause

:: End</code>

==== RDP ====

  notepad "%UserProfile%\Desktop\Kraityn.rdp"

<code>
full address:s:192.168.1.152
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
redirectwebauthn:i:0
redirectclipboard:i:1
redirectposdevices:i:0
</code>

====== Settings ======

===== Disable HPET =====

  "notepad.exe" "%ProgramData%\Microsoft\Windows\Start Menu\Programs\StartUp\Disable HPET.bat"

<code>
"bcdedit.exe" /set "useplatformtick" "no"
"bcdedit.exe" /set "useplatformclock" "no"</code>

  "%ProgramData%\Microsoft\Windows\Start Menu\Programs\StartUp\Disable HPET.bat"

===== Disable Clipboard History =====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f

===== Disable Cortana and Web Search =====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f

===== Disable Game DVR =====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f

===== Disable Hibernation and Fast Start =====

****

  powercfg /H off

===== Disable Last Access Time File Updates =====

****

  fsutil behavior set disablelastaccess 1

===== Disable Online Speech Recognition =====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f

===== Open Pictures With Windows Photo Viewer =====

  reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

  reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

  reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

  reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

  reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

  reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

  reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

===== Disable Remote Desktop =====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f

===== Disable Shared Experiences =====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f

===== Disable SmartScreen =====

  * General
  * Windows Store Apps
  * Microsoft Edge

  reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f

  reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f

  reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t "REG_DWORD" /d "0" /f

===== Disable Startup Delay =====

****

  reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f

===== Disable System Restore =====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f

===== Disable Telemetry Features =====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f

===== Disable User Account Control =====

****

  reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f

===== Disable Windows Defender =====

  * :!: TODO: GPE alternative ((this might trip Tamper Protection on 11; GPE W10 is one option))

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f

===== Remove Quick Access =====

****

  reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f

===== Remove Windows Search =====

****

  Dism /online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove

===== Show All Folders in File Explorer Pane =====

****

  reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f

===== Verbose Shutdown =====

****

  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "VerboseStatus" /t REG_DWORD /d "1" /f

====== Other ======

===== NetFX3 From Install Media =====

  * Change ''D:\'' to install media drive if necessary

  Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess

===== Remove Most Modern UI Apps =====

  * Not necessary with Local Account log-ins and Pro/Enterprise/LTSC editions
  * Tested fine on 20H2, 21H2, and 23H2
  * :!: This broke the start menu on 1809
  * :!: 2024/08: May cause Explorer windows to act broken at times on 11 23H2

  * Powershell Script ''*.ps1''

  Get-AppxPackage -allusers | Remove-AppxPackage

===== Remove OneDrive =====

  taskkill /IM "OneDrive.exe" /F

  %windir%\SysWOW64\OneDriveSetup.exe /uninstall

  rmdir "%UserProfile%\OneDrive" "%ProgramData%\Microsoft OneDrive" "%LocalAppData%\Microsoft\OneDrive" "C:\OneDriveTemp" /S /Q

  reg delete "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

  reg delete "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

====== Information ======

===== Prevent Driver Changes =====

==== Notes ====

  * To be done after a proper driver is manually installed
  * This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
  * Additional entries need to add a new number (the value after ''/v'')
  * The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)

==== Base Policies ====

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f

==== Format ====

  * Do **not** copy/paste these as-is; only here for reference
  * Adjust to specific devices as-needed

==== Add Prevent Policy ====

****

  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f

==== Remove Prevent Policy ====

****

  reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f

====== Programs ======

  * [[windows:programs|More Programs]]

===== 7-Zip =====

  * https://www.7-zip.org/download.html

===== Android Tools =====

  * [[https://dl-ssl.google.com/android/repository/latest_usb_driver_windows.zip|Latest USB Driver]]
  * [[https://dl-ssl.google.com/android/repository/platform-tools-latest-windows.zip|Latest platform-tools]]
  * :!: [[https://dl.google.com/android/repository/platform-tools_r30.0.5-windows.zip|30.0.5 platform-tools]] ((this specific version was needed to workaround a ''fastboot'' error that only happened on the latest version))

  SETX /M path "%path%;C:\Program Files\platform-tools"

===== aria2 =====

  * https://github.com/aria2/aria2/releases

  SETX /M path "%path%;C:\Program Files\aria2c"

===== Brain Workshop =====

  * https://sourceforge.net/projects/brainworkshop/files/brainworkshop/

===== Calculator =====

  * Only available on LTSB/LTSC

  win32calc

===== DirectX End-User Runtime =====

  * https://www.microsoft.com/en-us/download/confirmation.aspx?id=8109
  * :?: TODO: Extras get installed if .NET 2/3 Windows feature is also installed

===== .NET Runtime =====

  * https://dotnet.microsoft.com/en-us/download/dotnet
  * Latest LTS -> .NET Desktop Runtime

===== Firefox =====

  * [[https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-US|exe]]
  * [[programs;firefox|Settings]]
  * :?: May benefit from intentionally setting OS ClearType font settings

===== GIMP =====

  * https://www.gimp.org/downloads

===== KeePassXC =====

  * https://keepassxc.org/download#windows

===== LibreOffice =====

  * https://www.libreoffice.org/download/download/

  * Options -> Uncheck Use Skia (HW accel should be checked)
  * Options -> Disable Java runtime environment

===== MuPDF =====

  * https://mupdf.com/releases/index.html
  * https://mupdf.com/releases/history.html

===== Notepad++ =====

  * https://notepad-plus-plus.org/download

===== OBS =====

  * https://obsproject.com/download

===== qBittorrent =====

  * https://www.qbittorrent.org/download
  * https://github.com/waelisa/Best-blocklist/raw/main/wael.list.p2p.zip

===== Thunderbird =====

  * https://download.mozilla.org/?product=thunderbird-latest-ssl&os=win64&lang=en-US

===== VC++ Redist =====

  * https://github.com/abbodi1406/vcredist/releases

  "%UserProfile%\Downloads\VisualCppRedist_AIO_x86_x64.exe" /ai

  "%UserProfile%\Downloads\VisualCppRedist_AIO_x86_x64.exe" /aiR

===== VLC media player =====

  * https://download.videolan.org/pub/videolan/vlc/last/win64/
  * https://www.videolan.org/vlc/download-windows.html

===== Vulkan Runtime =====

  * https://vulkan.lunarg.com/sdk/home

====== Games ======

===== Battle.net App =====

  * https://download.battle.net/en-us/?product=bnetdesk

===== Steam =====

  * https://steamcdn-a.akamaihd.net/client/installer/SteamSetup.exe
  * See [[games;windows;notes;game_launch_flags|Game Launch Flags]]

====== Drivers ======

  * See [[windows:drivers|Drivers]] for more URLs

===== Spinesnap =====

  * [[https://www.dell.com/support/home/en-us/product-support/product/latitude-15-5591-laptop/drivers|Dell Latitude 5591 - Support and BIOS Updates]]

==== SATA/RST ====

  * [[https://www.intel.com/content/www/us/en/download/19755/intel-rapid-storage-technology-driver-installation-software-with-intel-optane-memory-8th-and-9th-gen-platforms.html|Intel Download Center]]
  * :?: Last tested version: ''17.11.3.1010''
  * :!: TODO: MSI-X may be only advantage ((on Linux via ''lspci -vvv''; might be the AHCI controller only and not affect NVMe)); check Standard AHCI and different NVMe drivers MSI-X states

==== Ethernet ====

  * I219-LM Gigabit
  * Intel Corporation Ethernet Connection (7) I219-LM (rev 10) ((rev 10 drivers, not rev 18+))

  * [[https://www.intel.com/content/www/us/en/products/sku/82185/intel-ethernet-connection-i219lm/downloads.html|Intel Download Center]]
  * Last tested: ''Wired_driver_30.0_x64.zip''

==== Wireless ====

  * wireless-AC 9560
  * Intel Corporation Cannon Lake PCH CNVi WiFi (rev 10)

  * [[https://www.intel.com/content/www/us/en/products/sku/99446/intel-wirelessac-9560/downloads.html|Intel Download Center]] (IT Administrators 8-))
  * Last tested: ''WiFi-23.110.0-Driver64-Win10-Win11.zip''

=== Bluetooth ===

  * Last tested: ''BT-23.100.1-64UWD-Win10-Win11.zip''

==== Graphics ====

  * Intel UHD Graphics 630
  * Intel Corporation CoffeeLake-H GT2 [UHD Graphics 630]

  * [[https://www.intel.com/content/www/us/en/support/products/126790/graphics/intel-uhd-graphics-family/intel-uhd-graphics-630.html#drivers-software|Intel Download Center]]
  * Last tested: ''gfx_win_101.2134.exe''