• Microsoft Windows 10
• 21H2
• Also mostly-usable with Windows 11

• Enabling Secure Boot prevents non-WHQL drivers from working ¹⁾

• To show ISO downloads on Windows 10 from Firefox: Tools → Browser Tools → Responsive Design Mode

• Windows 10
• Windows 11
• Insider Preview
• LTSC 2021

• See slipstream-updates

• https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates#when-are-they-released
• https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
• SSU is to be installed before the CU

• Windows 10 21H2 (LTSC)
• Windows 11 22H2

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f

• https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
• https://www.grc.com/inspectre.htm

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t "REG_DWORD" /d "3" /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t "REG_DWORD" /d "3" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f

powercfg /H off

fsutil behavior set disablelastaccess 1

reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f

reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f

• General
• Windows Store Apps
• Microsoft EDGE

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t "REG_DWORD" /d "0" /f

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f

Dism /online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "VerboseStatus" /t REG_DWORD /d "1" /f

• https://scripttiger.github.io/hosts-packages/
• Unified hosts + fakenews + gambling (Compressed)

• Powershell Script *.ps1
• TODO: Add admin-mode

[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fg.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"
ipconfig /flushdns

• Change D:\ to install media drive if necessary

Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess

• Tested fine on 20H2
• This broke the start menu on 1809

• Powershell Script *.ps1

Get-AppxPackage -allusers | Remove-AppxPackage

taskkill /IM "OneDrive.exe" /F

%windir%\SysWOW64\OneDriveSetup.exe /uninstall

rmdir "%UserProfile%\OneDrive" "%ProgramData%\Microsoft OneDrive" "%LocalAppData%\Microsoft\OneDrive" "C:\OneDriveTemp" /S /Q

reg delete "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

reg delete "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

• Last updated: 2020/10/02

:: .NET Framework 4
"%windir%\microsoft.net\Framework\v4.0.30319\ngen.exe" update /force /queue
"%windir%\microsoft.net\Framework64\v4.0.30319\ngen.exe" update /force /queue
"%windir%\microsoft.net\Framework\v4.0.30319\ngen.exe" executequeueditems
"%windir%\microsoft.net\Framework64\v4.0.30319\ngen.exe" executequeueditems

:: System File Check, Cleanup, and Repair
"%windir%\system32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%windir%\system32\sfc.exe" /scannow

:: Classic Disk Cleanup
"%windir%\system32\cleanmgr.exe" /sageset:65535
"%windir%\system32\cleanmgr.exe" /sagerun:65535

:: Defrag/Trim
"%windir%\system32\dfrgui.exe"

• See Ubuntu WSL

powershell -Command "Add-AppxPackage https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx"

• https://github.com/microsoft/terminal/releases

powershell -Command "Add-AppxPackage https://github.com/microsoft/terminal/releases/download/v1.16.10261.0/Microsoft.WindowsTerminal_Win10_1.16.10261.0_8wekyb3d8bbwe.msixbundle"

• Requires WSL and Ubuntu installed

wt wsl --distribution "Ubuntu" -- ssh "espionage724@192.168.1.152"

• To be done after a proper driver is manually installed
• This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
• Additional entries need to add a new number (the value after /v)
• The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f

• Do not copy/paste these as-is; only here for reference
• Adjust to specific devices as-needed

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f

• https://www.cpuid.com/softwares/cpu-z.html

• https://www.techpowerup.com/download/techpowerup-gpu-z/

• https://www.mersenne.org/download/

• https://www.hwinfo.com/download/

• https://github.com/kruzer/poclmembench

• https://github.com/lostindark/DriverStoreExplorer

• https://www.amd.com/en/support/kb/faq/gpu-601

• https://developer.nvidia.com/cleanup-tool

• https://github.com/GpuZelenograd/memtest_vulkan

• https://github.com/GpuZelenograd/memtest_vulkan/releases
• https://github.com/GpuZelenograd/memtest_vulkan/actions

• https://simtk.org/projects/memtest/
• https://github.com/ihaque/memtestCL
• https://github.com/ihaque/memtestCL/raw/master/binaries/memtestCL.exe

• https://alax.info/blog/software

• https://geeks3d.com/furmark/downloads/

• https://downloadcenter.intel.com/download/19792
• Intel Processor Diagnostic Tool

• https://www.7-zip.org/download.html

• https://dl-ssl.google.com/android/repository/latest_usb_driver_windows.zip

• https://dl-ssl.google.com/android/repository/platform-tools-latest-windows.zip

SETX /M path "%path%;C:\Program Files\platform-tools"

• https://github.com/aria2/aria2/releases

SETX /M path "%path%;C:\Program Files\aria2c"

• https://www.bleachbit.org/download/windows
• https://ci.bleachbit.org/

• https://sourceforge.net/projects/brainworkshop/files/brainworkshop/

• Only available on LTSB/LTSC

win32calc

• https://www.microsoft.com/en-us/download/confirmation.aspx?id=8109

• https://filezilla-project.org/download.php?show_all=1

• exe

• https://www.gimp.org/downloads

• https://www.google.com/chrome/?standalone=1&platform=win64

• https://keepassxc.org/download#windows

• https://keybase.io/docs/the_app/install_windows

• https://www.libreoffice.org/download/download/

• https://sourceforge.net/projects/mpv-player-windows/files/64bit/
• https://mpv.io/

• https://mupdf.com/releases/index.html

• https://notepad-plus-plus.org/download

• https://obsproject.com/download

• https://www.python.org/downloads/

• https://rufus.ie/

• https://www.thunderbird.net/en-US/thunderbird/all/#E

• https://transmissionbt.com/download

• https://github.com/abbodi1406/vcredist/releases
• https://forums.mydigitallife.net/threads/repack-visual-c-redistributable-runtimes.76588/

• https://www.blizzard.com/en-us/download?product=bnetdesk

• https://discord.com/api/downloads/distributions/app/installers/latest?channel=stable&platform=win&arch=x86

• https://github.com/Heroic-Games-Launcher/HeroicGamesLauncher/releases

• https://sidequestvr.com/setup-howto

• https://steamcdn-a.akamaihd.net/client/installer/SteamSetup.exe
• See Command-line flags

• See drivers for more URLs

• Dell Support and BIOS Updates

• TODO: Chipset name
• ASUS ROG Forums (AHCI 2xx/3xx)
• Windows 11 Forum (AHCI 2xx/3xx)

• TODO: Chipset name
• Windows 11 Forum (3xx/4xx)
• ASUS ROG Forums (3xx/4xx)

• I219-LM Gigabit
• Windows 11 Forum (I217/I218/I219)
• ASUS ROG Forums (I217/I218/I219)

• wireless-AC 9560
• ASUS ROG Forums (8xxx/9xxx/AXxxx)
• Windows 11 Forum (8xxx/9xxx/AXxxx)

• Intel UHD Graphics 630
• Intel Download Center
• LaptopVideo2Go