User Tools

Site Tools


windows:10

This is an old revision of the document!


Table of Contents

Information

  • Microsoft Windows 10
  • LTSC 1809

Notes

  • Removing Most/All Modern UI apps on 1803 prevents facial login via Windows Hello from working entirely 1) 2)
  • :!: Enabling Secure Boot prevents non-WHQL drivers from working 3)

Download

Updates

Servicing Stack

Information

YYYY-MM Update for Windows 10 Version 1809 for x64-based Systems (KB#######)

Cumulative

Information

  • :!: SSU is recommended to be installed before the CU

Link

YYYY-MM Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB#######)

Prevent Driver Changes

Notes

  • To be done after a proper driver is manually installed
  • This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
  • Additional entries need to add a new number (the value after /v)
  • The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)

Base Policies

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f

Format

  • Do not copy/paste these as-is; only here for reference
  • Adjust to specific devices as-needed

Add Prevent Policy

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f

Remove Prevent Policy

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f

Tweaks

Disable Clipboard History

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f

Disable Game DVR

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f

Disable Hibernation and Fast Start

powercfg /H off

Disable Last Access Time File Updates

fsutil behavior set disablelastaccess 1

Disable Online Speech Recognition

reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f

Disable Remote Desktop

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f

Disable Shared Experiences

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f

Disable SmartScreen

  • General
  • Windows Store Apps
  • Microsoft EDGE
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t "REG_DWORD" /d "0" /f

Disable Startup Delay

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f

Disable System Restore

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f

Disable Telemetry Features

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f

Disable User Account Control

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f

Disable Windows Defender

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f

Open Pictures With Windows Photo Viewer

reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

Remove Quick Access

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f

Dism /online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove

ScriptTiger Hosts File

  • Powershell Script *.ps1
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fg.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"
ipconfig /flushdns

Show All Folders in File Explorer Pane

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f

NetFX3 From Install Media

  • Change D:\ to install media drive if necessary
Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess

1607

Disable HomeGroup

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\HomeGroup" /v "DisableHomeGroup" /t "REG_DWORD" /d "1" /f

Remove Most Modern UI Apps

  • Powershell Script *.ps1
  • :!: Do not run this on 1809 as it'll break the Start Menu
Get-AppxPackage -allusers | Remove-AppxPackage

Remove OneDrive

taskkill /IM "OneDrive.exe" /F
%windir%\SysWOW64\OneDriveSetup.exe /uninstall
rmdir "%UserProfile%\OneDrive" "%ProgramData%\Microsoft OneDrive" "%LocalAppData%\Microsoft\OneDrive" "C:\OneDriveTemp" /S /Q
reg delete "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
reg delete "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

Maintenance

  • TODO: Add BleachBit
"%windir%\system32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%windir%\system32\sfc.exe" /scannow
"%windir%\system32\cleanmgr.exe" /sageset:65535
"%windir%\system32\cleanmgr.exe" /sagerun:65535
"%windir%\system32\dfrgui.exe"

Auto Login

control userpasswords2

Add Hardware Wizard

%SYSTEMROOT%\System32\hdwwiz.exe

GodMode Folder

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

Settings

Lock screen Background

  • Hero
C:\Windows\Web\Wallpaper\Windows\img0.jpg

Hardware Diagnostiscs

CPU-Z

FurMark

GPU-Z

HWMonitor

Intel PDT

prime95

Programs

7-Zip

Android Tools

aria2

SETX /M path "%path%;C:\Program Files\aria2c"

BleachBit

Calculator

  • Only available on LTSB/LTSC
win32calc

DirectX End-User Runtimes

Etcher

FileZilla

Firefox

Download

Settings

Default Profile

rd "%appdata%\Mozilla" /s /q
md "%appdata%\Mozilla\Firefox\Profiles\espionage724"
profiles.ini
notepad "%appdata%\Mozilla\Firefox\profiles.ini"
[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=1
Path=Profiles/espionage724
Default=1

user.js

  • Last updated: 2019/07/24
  • :!: IPv6 is disabled in order to prevent WebRTC from potentially grabbing an IPv6 address
  • :!: media.peerconnection.enabled disables WebRTC
notepad "%appdata%\Mozilla\Firefox\Profiles\espionage724\user.js"
/***********
 * General *
 ***********/

user_pref("extensions.screenshots.disabled", true);
user_pref("reader.parse-on-load.enabled", false);

user_pref("media.mediasource.experimental.enabled", true);
user_pref("media.mediasource.ignore_codecs", true);
user_pref("media.autoplay.enabled", false);

user_pref("webgl.disabled", true);
user_pref("webgl.enable-webgl2", false);
user_pref("accessibility.force_disabled", 1);
user_pref("mousewheel.min_line_scroll_amount", 40);
user_pref("browser.tabs.drawInTitlebar", true);

/*******
 * U2F *
 *******/

user_pref("security.webauth.u2f", true);

/***********
 * Privacy *
 ***********/

user_pref("network.dns.disableIPv6", true);
user_pref("media.peerconnection.enabled", false);

/*******
 * END *
 *******/

Apply Settings

  • :!: Firefox must be started for the first time with the -p flag for the profile above to be used
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -p default

Remove Features

rd "%ProgramFiles%\Mozilla Firefox\browser\features" /s /q

Extensions

  • [x] Enable Automatic Cleaning? Delay Before Cleaning
  • [x] Enable Cleanup on Domain Change
  • [ ] Enable Cleanup Log and Counter
  • [ ] Show Notification After Cookie Cleanup
  • [x] Clean Cookies from Open Tabs on Startup
  • [x] Localstorage Cleanup (Firefox 58+)

uBlock Origin

Settings
  • [x] Prevent WebRTC from leaking local IP addresses
Filter lists
  • [ ] Ads → EasyList 4)
  • [ ] Privacy → EasyPrivacy 5)
  • Multipurpose → [x] Dan Pollock's hosts file
  • Multipurpose → [x] hpHost's Ad and tracking servers
  • Multipurpose → [x] MVPS HOSTS
  • Custom → [x] Import
Custom 3rd-party filters
  • Last updated: 2018/11/24
https://www.fanboy.co.nz/fanboy-problematic-sites.txt
https://www.fanboy.co.nz/r/fanboy-ultimate.txt
https://www.fanboy.co.nz/fanboy-antifacebook.txt
https://www.fanboy.co.nz/fanboy-antifonts.txt
https://www.fanboy.co.nz/fanboy-cookiemonster.txt
https://raw.githubusercontent.com/ryanbr/fanboy-adblock/master/popads-domains-list.txt
https://raw.githubusercontent.com/ryanbr/fanboy-adblock/master/fake-news.txt

Testing Sites

GIMP

Google Chrome

iTunes

KeePassXC

Keybase

KMS-VL-ALL

LibreOffice

MarkC Mouse Acceleration Fix

Notepad++

Thunderbird

  • :!: There is a 64-bit version of Thunderbird for Windows

Transmission

http://john.bitsurge.net/public/biglist.p2p.gz

Visual C++ Redistributable Runtimes

WireGuard

  • :!: If kill switch is enabled, all local network resources can't be accessed

VPN.AC

VLC

Games

Battle.net App

Path of Exile

Steam

Diablo II

Glide Wrapper

Guild Wars 2

"C:\Program Files\Guild Wars 2\Gw2-64.exe" -autologin
"C:\Program Files\Guild Wars 2\Gw2-64.exe" -image
"C:\Program Files\Guild Wars 2\Gw2-64.exe" -repair

Drivers

Spinesnap

Wireless

  • Intel Corporation Wireless-AC 9560 [Jefferson Peak] (rev 10)
  • Intel(R) Wireless-AC 9560 160MHz

Bluetooth

Ethernet

  • Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 12)
  • Realtek PCIe GbE Family Controller

Integrated Graphics

  • Intel Corporation UHD Graphics 630 (Mobile)
  • Intel(R) UHD Graphics 630

Notes

  • Control panel randomly downloads at some point

Discrete Graphics

  • NVIDIA Corporation GP106M [GeForce GTX 1060 Mobile] (rev a1)
  • NVIDIA GeForce GTX 1060
  • NVIDIA Corporation GP106 High Definition Audio Controller (rev a1)

TODO

Notes

  • :!: Do not use DCH drivers
  • :!: Remove the dch part from the driver URL in order to download the standard driver
  • :!: Example URLs: 441.87 DCH and 441.87 Standard
Telemetry Strip
  • :!: Keep the following folders/files and remove everything else:
  • Display.Driver
  • Display.Optimus
  • GFExperience
  • HDAudio
  • NVI2
  • EULA.txt
  • ListDevices.txt
  • setup.cfg
  • setup.exe
  • :!: Create a NVIDIA Silent.cmd in the root NVIDIA driver directory with the following contents:
setup.exe -s Display.Driver

Chipset

  • Intel Corporation Cannon Lake PCH

Serial IO

  • Intel Corporation Cannon Lake PCH Serial IO I2C Controller #0 (rev 10)
  • Intel(R) Serial IO I2C Host Controller - A368
  • Intel Corporation Cannon Lake PCH Serial IO I2C Controller #1 (rev 10)
  • Intel(R) Serial IO I2C Host Controller - A369
  • Intel Corporation Cannon Lake PCH Serial IO UART Host Controller (rev 10)
  • Intel(R) Serial IO UART Host Controller - A328

Notes

  • The latest version is tricky to get from Station-Drivers since some work and others don't ID match
  • Latest known good: 30.100.1915.1
  • Not compatible: 30.100.1932.6, 30.100.1916.1

Audio

  • Intel Corporation Cannon Lake PCH cAVS (rev 10)
  • Realtek High Definition Audio
  • ALC255

Notes

  • FF00 is wanted if given a choice since it's Generic

RST/NVMe

  • Intel Corporation SSD Pro 7600p/760p/E 6100p Series
  • Intel(R) NVMe Controller

Notes

  • The RST driver package provides the driver for both the SATA controller and NVMe drive, regardless of the NVMe drive being port-remapped or not

AHCI

  • Intel Corporation SSD Pro 7600p/760p/E 6100p Series

Notes

  • If RST is disabled, use the Intel Official driver for the NVMe drive, and use the AHCI driver provided from Win-Raid Forum for the SATA controller

Card Reader

  • Realtek Semiconductor Co., Ltd. RTL8411B PCI Express Card Reader (rev 01)
  • Realtek PCIE CardReader

Mouse

  • Corsair Gaming HARPOON RGB Mouse

I2C Touchpad

  • ELAN0504:01 04F3:3091 Touchpad
  • ELAN I2C Filter Driver

Notes

  • The I2C driver doesn't exist on Station-Drivers

Piety

AMD Radeon R7 M445/440

Realtek Ethernet

Intel HD Graphics

Intel Chipset

Intel Management Engine Interface

Intel Rapid Storage Technology

Intel Wireless

Intel Bluetooth

Hatebeat

AMD Radeon HD 6800 Series

aria2c "https://www2.ati.com/drivers/beta/non-whql-win10-64bit-radeon-software-crimson-relive-16.2.1-sep20.exe" --referer="https://www2.ati.com"

AMD Chipset

aria2c "https://www2.ati.com/drivers/amd-chipset-drivers.exe" --referer="https://www2.ati.com"
1)
removes camera?
2)
Does not apply to LTSB; can freely remove most/all Modern UI apps and still have functional Windows Hello
3)
this is particularly bad with Intel RST; if it's signed by Intel, it won't allow booting; there is no warning of this when loading the RST driver during Windows set-up
4) , 5)
uncheck; included in Fanboy Ultimate List
/var/www/wiki/data/attic/windows/10.1582495167.txt.gz · Last modified: 2020/02/23 16:59 by Sean Rhone