• Microsoft Windows 10 IoT Enterprise LTSC
• Version 21H2 (OS Build 19044.5854)

• Env PATH Variables
• misc
• System Error Codes (0-499+)
• http://redeem.microsoft.com/ (TODO: Put somewhere else)
• GitHub Batch Files

• https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e#ID0EBBBBJ=FeatureSettingsOverride
• https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--set (older rev)
• https://forums.blurbusters.com/viewtopic.php?f=10&t=13429 (enable rss)
• All game save start shortcuts to batch files instead of through cmd
• FIPS as batch file

• Windows 10 21H2 Cumulative Updates - Microsoft Update Catalog
• KB5014032 2022-05 SSU is required before the latest CU

"notepad.exe" "%UserProfile%\Desktop\Maintenance.bat"

:: .NET Framework 4
"%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\ngen.exe" update /force /queue
"%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" update /force /queue
"%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\ngen.exe" executequeueditems
"%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" executequeueditems

:: System File Check, Cleanup, and Repair
"%SystemRoot%\System32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%SystemRoot%\System32\sfc.exe" /scannow

:: Classic Disk Cleanup
"%SystemRoot%\System32\cleanmgr.exe" /sageset:65535
"%SystemRoot%\System32\cleanmgr.exe" /sagerun:65535

:: Volume Shadow Copy
"%SystemRoot%\System32\vssadmin.exe" Delete Shadows /All

PAUSE

:: Defrag/Trim
"%SystemRoot%\System32\Defrag.exe" /AllVolumes /Defrag /TierOptimize /SlabConsolidate /Retrim /Optimize /PrintProgress /Verbose /NormalPriority

PAUSE

:: End

"notepad.exe" "%UserProfile%\Downloads\Reset Icon Cache.bat"

TASKKILL /F /IM "explorer.exe"
TIMEOUT /NOBREAK /T "2"
DEL /F /Q "%LocalAppData%\Microsoft\Windows\Explorer\"*".db"
DEL /F /Q "%UserProfile%\AppData\Local\IconCache.db"
TIMEOUT /NOBREAK /T "2"
START explorer.exe

:: End

"%UserProfile%\Downloads\Reset Icon Cache.bat"

"notepad.exe" "%UserProfile%\Documents\Alira (LAN).rdp"

full address:s:192.168.1.152
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
redirectwebauthn:i:0
redirectclipboard:i:1
redirectposdevices:i:0

"explorer.exe" "%AppData%\Microsoft\Windows\Start Menu\Programs\Accessories"

"%UserProfile%\Documents\Alira (LAN).rdp"

Alira

REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "SeparateProcess" /t REG_DWORD /d "1" /f

• Edge Tweaks

"powercfg.exe" /HIBERNATE "OFF"

"powercfg.exe" /DUPLICATESCHEME "e9a42b02-d5df-448d-aa00-03f14749eb61"

• Results in notably higher idle temps
• Task Manager shows 100% core usage all the time

"powercfg.exe" /SETACVALUEINDEX "SCHEME_CURRENT" "SUB_PROCESSOR" "IdleDisable" "1" & "powercfg.exe" /SETACTIVE "SCHEME_CURRENT"

"powercfg.exe" /SETACVALUEINDEX "SCHEME_CURRENT" "SUB_PROCESSOR" "IdleDisable" "0" & "powercfg.exe" /SETACTIVE "SCHEME_CURRENT"

"powercfg.exe" /Qh

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f

fsutil behavior set disablelastaccess 1

reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f

reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f

• https://learn.microsoft.com/en-us/windows/security/security-foundations/certification/fips-140-validation
• Test
• TODO: Seemingly applies on-demand; combine in enable/disable batches with test and PAUSE

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy" /v "Enabled" /t "REG_DWORD" /d "1" /f

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy" /v "Enabled" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f

"sc.exe" stop "WSearch" & "sc.exe" config "WSearch" "start=disabled"

"DISM.exe" /Online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "VerboseStatus" /t REG_DWORD /d "1" /f

"WSReset.exe" -i

"WSReset.exe" -i
TIMEOUT /T "20" /NOBREAK
"WSReset.exe" -i
EXIT /B

:: End

"WinSAT.exe" forgethistory

"WinSAT.exe" "formal" -restart "clean"

"WinSAT.exe" query

• Change D:\ to install media drive if necessary

Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess

• To be done after a proper driver is manually installed
• This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
• Additional entries need to add a new number (the value after /v)
• The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f

• Do not copy/paste these as-is; only here for reference
• Adjust to specific devices as-needed

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f

• Requires Enterprise/Server

Uninstall-WindowsFeature -Name Windows-Defender

"notepad.exe" "%SystemRoot%\system32\drivers\etc\hosts"

# RoE (LAN)
192.168.1.152 realmofespionage.xyz
192.168.1.152 blog.realmofespionage.xyz
192.168.1.152 media.realmofespionage.xyz
192.168.1.152 wiki.realmofespionage.xyz
# End

• TODO: Separate page, individual batches

"sc.exe" stop "DPS" & "sc.exe" config "DPS" "start=disabled"

"sc.exe" stop "SysMain" & "sc.exe" config "SysMain" "start=disabled"

"sc.exe" stop "AMD External Events Utility" & "sc.exe" config "AMD External Events Utility" "start=disabled"

"sc.exe" stop "esifsvc" & "sc.exe" config "esifsvc" "start=disabled"

"sc.exe" stop "ApHidMonitorService" & "sc.exe" config "ApHidMonitorService" "start=disabled"

"sc.exe" stop "RstMwService" & "sc.exe" config "RstMwService" "start=disabled"

• More Programs

• https://www.7-zip.org/download.html

• Latest USB Driver
• Latest platform-tools
• 30.0.5 platform-tools ¹⁾

• https://github.com/aria2/aria2/releases

• https://sourceforge.net/projects/brainworkshop/files/brainworkshop/

• Only available on LTSB/LTSC

win32calc

• https://www.microsoft.com/en-us/download/confirmation.aspx?id=8109
• TODO: Extras get installed if .NET 2/3 Windows feature is also installed

• ESR MSI
• Last tested: Firefox Setup 128.10.0esr.msi

• Settings

• ESR MSI
• Last tested: Thunderbird Setup 128.10.0esr.msi

• https://www.gimp.org/downloads

• https://keepassxc.org/download#windows

• https://www.libreoffice.org/download/download/

• Options → Uncheck Use Skia (HW accel should be checked)
• Options → Disable Java runtime environment

• https://mupdf.com/releases/index.html (Ctrl + F → Win)
• Last tested: mupdf-1.25.2-windows.zip

• https://notepad-plus-plus.org/download
• Last tested: npp.8.7.9.Installer.x64.exe

• https://github.com/obsproject/obs-studio/releases

• https://www.qbittorrent.org/download
• https://github.com/waelisa/Best-blocklist/raw/main/wael.list.p2p.zip

• https://github.com/abbodi1406/vcredist/releases

"%UserProfile%\Downloads\VisualCppRedist_AIO_x86_x64.exe" /ai

"%UserProfile%\Downloads\VisualCppRedist_AIO_x86_x64.exe" /aiR

• https://download.videolan.org/pub/videolan/vlc/last/win64/
• https://www.videolan.org/vlc/download-windows.html

• https://vulkan.lunarg.com/sdk/home

• https://download.battle.net/en-us/?product=bnetdesk
• Older exe (no SSL)

• https://steamcdn-a.akamaihd.net/client/installer/SteamSetup.exe
• See Game Launch Flags

• Disable: Settings → Interface → Enable GPU accelerated rendering in web views

"%ProgramFiles(x86)%\Steam\steam.exe" -silent -nocrashmonitor -cef-single-process -cef-disable-breakpad

Steam (min)

• See Drivers for more URLs

• https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=r0jhr&oscode=w764&productcode=precision-m6500
• 9.1.1.1025

• https://www.amd.com/en/support/downloads/drivers.html/graphics/firepro/firepro-mobility-series/firepro-m7820-mobility.html
• amdcleanuputility.exe

• Dell Latitude 5591 - Support and BIOS Updates
• Last tested: Latitude_5X91_Precision_3530_1.38.0.exe

• EPOMAKER x LEOBOG Hi75

• https://epomaker.com/blogs/firmware/epomaker-x-leobog-hi75-firmware
• https://epomaker.com/blogs/software/epomaker-x-leobog-hi75-driver

• ATTACK SHARK R6

"%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge_proxy.exe" --app="https://cn.attackshark.pro/WebDriven/index.html#/project/items"

• Intel Download Center
• Last tested version: 17.11.3.1010

• I219-LM Gigabit
• Intel Corporation Ethernet Connection (7) I219-LM (rev 10) ²⁾

• Intel Download Center
• Last tested: Wired_driver_30.0.1_x64.zip

• Wireless-AC 9560
• Intel Corporation Cannon Lake PCH CNVi WiFi (rev 10)

• Intel Download Center (IT Administrators )
• Last tested: WiFi-23.110.0-Driver64-Win10-Win11.zip

• Last tested: BT-23.100.1-64UWD-Win10-Win11.zip

• Intel UHD Graphics 630
• Intel Corporation CoffeeLake-H GT2 [UHD Graphics 630]

• Intel Download Center
• Last tested: gfx_win_101.2135.exe