• Microsoft Windows 10 IoT Enterprise LTSC
• Version 21H2 (OS Build 19044.5608)

• Env PATH Variables
• System Error Codes (0-499+)
• http://redeem.microsoft.com/ (TODO: Put somewhere else)
• GitHub Batch Files

• https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e#ID0EBBBBJ=FeatureSettingsOverride
• https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--set
• https://forums.blurbusters.com/viewtopic.php?f=10&t=13429 (enable rss)

• Windows 10 21H2 Cumulative Updates - Microsoft Update Catalog
• KB5014032 2022-05 SSU is required before the latest CU

"notepad.exe" "%UserProfile%\Desktop\Maintenance.bat"

:: .NET Framework 4
"%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\ngen.exe" update /force /queue
"%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" update /force /queue
"%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\ngen.exe" executequeueditems
"%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" executequeueditems

:: System File Check, Cleanup, and Repair
"%SystemRoot%\System32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%SystemRoot%\System32\sfc.exe" /scannow

:: Classic Disk Cleanup
"%SystemRoot%\System32\cleanmgr.exe" /sageset:65535
"%SystemRoot%\System32\cleanmgr.exe" /sagerun:65535

:: Volume Shadow Copy
"%SystemRoot%\System32\vssadmin.exe" Delete Shadows /All

:: Defrag/Trim
"%SystemRoot%\System32\Defrag.exe" /AllVolumes /Defrag /TierOptimize /SlabConsolidate /Retrim /Optimize /PrintProgress /Verbose /NormalPriority

PAUSE

:: End

"notepad.exe" "%UserProfile%\Documents\Alira (LAN).rdp"

full address:s:192.168.1.152
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
redirectwebauthn:i:0
redirectclipboard:i:1
redirectposdevices:i:0

"explorer.exe" "%AppData%\Microsoft\Windows\Start Menu\Programs\Accessories"

"%UserProfile%\Documents\Alira (LAN).rdp"

Alira

REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "SeparateProcess" /t REG_DWORD /d "1" /f

"powercfg.exe" /HIBERNATE "OFF"

"powercfg.exe" /DUPLICATESCHEME "e9a42b02-d5df-448d-aa00-03f14749eb61"

• Results in notably higher idle temps
• Task Manager shows 100% core usage all the time

"powercfg.exe" /SETACVALUEINDEX "SCHEME_CURRENT" "SUB_PROCESSOR" "IdleDisable" "1" & "powercfg.exe" /SETACTIVE "SCHEME_CURRENT"

"powercfg.exe" /SETACVALUEINDEX "SCHEME_CURRENT" "SUB_PROCESSOR" "IdleDisable" "0" & "powercfg.exe" /SETACTIVE "SCHEME_CURRENT"

"powercfg.exe" /Qh

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "ThreadDpcEnable" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f

fsutil behavior set disablelastaccess 1

reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f

reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f

• General
• Windows Store Apps
• Microsoft Edge

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t "REG_DWORD" /d "0" /f

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f

"sc.exe" stop "WSearch" & "sc.exe" config "WSearch" "start=disabled"

"DISM.exe" /Online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "VerboseStatus" /t REG_DWORD /d "1" /f

• Change D:\ to install media drive if necessary

Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess

• Not necessary with Local Account log-ins and Pro/Enterprise/LTSC editions
• Tested fine on 20H2, 21H2, and 23H2
• This broke the start menu on 1809
• 2024/08: May cause Explorer windows to act broken at times on 11 23H2

• Powershell Script *.ps1

Get-AppxPackage -allusers | Remove-AppxPackage

taskkill /IM "OneDrive.exe" /F

%windir%\SysWOW64\OneDriveSetup.exe /uninstall

rmdir "%UserProfile%\OneDrive" "%ProgramData%\Microsoft OneDrive" "%LocalAppData%\Microsoft\OneDrive" "C:\OneDriveTemp" /S /Q

reg delete "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

reg delete "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

• To be done after a proper driver is manually installed
• This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
• Additional entries need to add a new number (the value after /v)
• The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f

• Do not copy/paste these as-is; only here for reference
• Adjust to specific devices as-needed

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f

"sc.exe" stop "DPS" & "sc.exe" config "DPS" "start=disabled"

"sc.exe" stop "SysMain" & "sc.exe" config "SysMain" "start=disabled"

"sc.exe" stop "esifsvc" & "sc.exe" config "esifsvc" "start=disabled"

"sc.exe" stop "ApHidMonitorService" & "sc.exe" config "ApHidMonitorService" "start=disabled"

• More Programs

• https://www.7-zip.org/download.html

• Latest USB Driver
• Latest platform-tools
• 30.0.5 platform-tools ¹⁾

• https://github.com/aria2/aria2/releases

• https://sourceforge.net/projects/brainworkshop/files/brainworkshop/

• Only available on LTSB/LTSC

win32calc

• https://www.microsoft.com/en-us/download/confirmation.aspx?id=8109
• TODO: Extras get installed if .NET 2/3 Windows feature is also installed

• https://aka.ms/dotnet/8.0/windowsdesktop-runtime-win-x64.exe

• exe
• Settings
• May benefit from intentionally setting OS ClearType font settings ²⁾

• https://www.gimp.org/downloads

• https://keepassxc.org/download#windows

• https://www.libreoffice.org/download/download/

• Options → Uncheck Use Skia (HW accel should be checked)
• Options → Disable Java runtime environment

• https://mupdf.com/releases/index.html
• https://mupdf.com/releases/history.html

• https://notepad-plus-plus.org/download

• https://obsproject.com/download

• https://www.qbittorrent.org/download
• https://github.com/waelisa/Best-blocklist/raw/main/wael.list.p2p.zip

• https://download.mozilla.org/?product=thunderbird-latest-ssl&os=win64&lang=en-US

• https://github.com/abbodi1406/vcredist/releases

"%UserProfile%\Downloads\VisualCppRedist_AIO_x86_x64.exe" /ai

"%UserProfile%\Downloads\VisualCppRedist_AIO_x86_x64.exe" /aiR

• https://download.videolan.org/pub/videolan/vlc/last/win64/
• https://www.videolan.org/vlc/download-windows.html

• https://vulkan.lunarg.com/sdk/home

• https://download.battle.net/en-us/?product=bnetdesk

• https://steamcdn-a.akamaihd.net/client/installer/SteamSetup.exe
• See Game Launch Flags

• See Drivers for more URLs

• Dell Latitude 5591 - Support and BIOS Updates

• Intel Download Center
• Last tested version: 17.11.3.1010

• I219-LM Gigabit
• Intel Corporation Ethernet Connection (7) I219-LM (rev 10) ³⁾

• Intel Download Center
• Last tested: Wired_driver_30.0_x64.zip

• wireless-AC 9560
• Intel Corporation Cannon Lake PCH CNVi WiFi (rev 10)

• Intel Download Center (IT Administrators )
• Last tested: WiFi-23.110.0-Driver64-Win10-Win11.zip

• Last tested: BT-23.100.1-64UWD-Win10-Win11.zip

• https://apps.microsoft.com/detail/9nb9srtl2kpt

• Intel UHD Graphics 630
• Intel Corporation CoffeeLake-H GT2 [UHD Graphics 630]

• Intel Download Center
• Last tested: gfx_win_101.2134.exe