windows:10
This is an old revision of the document!
Table of Contents
Information
- Microsoft Windows 10
- LTSC 1809
Notes
- Enabling Secure Boot prevents non-WHQL drivers from working 3)
Download
Updates
Servicing Stack
Information
- SSU is recommended to be installed before the CU
Link
YYYY-MM Update for Windows 10 Version 1809 for x64-based Systems (KB#######)
Cumulative
Information
- SSU is recommended to be installed before the CU
Link
YYYY-MM Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB#######)
Prevent Driver Changes
Notes
- To be done after a proper driver is manually installed
- This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
- Additional entries need to add a new number (the value after
/v
) - The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)
Base Policies
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f
Format
- Do not copy/paste these as-is; only here for reference
- Adjust to specific devices as-needed
Add Prevent Policy
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f
Remove Prevent Policy
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f
Tweaks
Disable Clipboard History
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f
Disable Cortana and Web Search
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f
Disable Game DVR
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f
Disable Hibernation and Fast Start
powercfg /H off
Disable Last Access Time File Updates
fsutil behavior set disablelastaccess 1
Disable Online Speech Recognition
reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f
Disable Remote Desktop
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f
Disable Shared Experiences
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f
Disable SmartScreen
- General
- Windows Store Apps
- Microsoft EDGE
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t "REG_DWORD" /d "0" /f
Disable Startup Delay
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f
Disable System Restore
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f
Disable Telemetry Features
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f
Disable User Account Control
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f
Disable Windows Defender
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f
Open Pictures With Windows Photo Viewer
reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
Remove Quick Access
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f
Remove Windows Search
Dism /online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove
ScriptTiger Hosts File
- Powershell Script
*.ps1
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls" Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fg.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts" ipconfig /flushdns
Show All Folders in File Explorer Pane
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f
NetFX3 From Install Media
- Change
D:\
to install media drive if necessary
Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess
1607
Disable HomeGroup
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\HomeGroup" /v "DisableHomeGroup" /t "REG_DWORD" /d "1" /f
Remove Most Modern UI Apps
- Powershell Script
*.ps1
- Do not run this on 1809 as it'll break the Start Menu
Get-AppxPackage -allusers | Remove-AppxPackage
Remove OneDrive
taskkill /IM "OneDrive.exe" /F
%windir%\SysWOW64\OneDriveSetup.exe /uninstall
rmdir "%UserProfile%\OneDrive" "%ProgramData%\Microsoft OneDrive" "%LocalAppData%\Microsoft\OneDrive" "C:\OneDriveTemp" /S /Q
reg delete "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
reg delete "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
Maintenance
- TODO: Add BleachBit
"%windir%\system32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%windir%\system32\sfc.exe" /scannow
"%windir%\system32\cleanmgr.exe" /sageset:65535
"%windir%\system32\cleanmgr.exe" /sagerun:65535
"%windir%\system32\dfrgui.exe"
Auto Login
control userpasswords2
Add Hardware Wizard
%SYSTEMROOT%\System32\hdwwiz.exe
GodMode Folder
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
Settings
Lock screen Background
- Hero
C:\Windows\Web\Wallpaper\Windows\img0.jpg
Hardware Diagnostiscs
CPU-Z
FurMark
GPU-Z
HWMonitor
Intel PDT
- Intel Processor Diagnostic Tool
prime95
Programs
7-Zip
Android Tools
SETX /M path "%path%;C:\Program Files\platform-tools"
aria2
SETX /M path "%path%;C:\Program Files\aria2c"
BleachBit
Calculator
- Only available on LTSB/LTSC
win32calc
DirectX End-User Runtimes
Etcher
FileZilla
Firefox
Download
Settings
Default Profile
rd "%appdata%\Mozilla" /s /q
md "%appdata%\Mozilla\Firefox\Profiles\espionage724"
profiles.ini
notepad "%appdata%\Mozilla\Firefox\profiles.ini"
[General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=Profiles/espionage724 Default=1
user.js
- Last updated: 2019/07/24
- IPv6 is disabled in order to prevent WebRTC from potentially grabbing an IPv6 address
media.peerconnection.enabled
disables WebRTC
notepad "%appdata%\Mozilla\Firefox\Profiles\espionage724\user.js"
/*********** * General * ***********/ user_pref("extensions.screenshots.disabled", true); user_pref("reader.parse-on-load.enabled", false); user_pref("media.mediasource.experimental.enabled", true); user_pref("media.mediasource.ignore_codecs", true); user_pref("media.autoplay.enabled", false); user_pref("webgl.disabled", true); user_pref("webgl.enable-webgl2", false); user_pref("accessibility.force_disabled", 1); user_pref("mousewheel.min_line_scroll_amount", 40); user_pref("browser.tabs.drawInTitlebar", true); /******* * U2F * *******/ user_pref("security.webauth.u2f", true); /*********** * Privacy * ***********/ user_pref("network.dns.disableIPv6", true); user_pref("media.peerconnection.enabled", false); /******* * END * *******/
Apply Settings
- Firefox must be started for the first time with the
-p
flag for the profile above to be used
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -p default
Remove Features
rd "%ProgramFiles%\Mozilla Firefox\browser\features" /s /q
Extensions
- Decentraleyes
- HTTPS Everywhere
- Privacy Possum
- Cookie AutoDelete
- uBlock Origin
Cookie AutoDelete
- [x] Enable Automatic Cleaning? Delay Before Cleaning
- [x] Enable Cleanup on Domain Change
- [ ] Enable Cleanup Log and Counter
- [ ] Show Notification After Cookie Cleanup
- [x] Clean Cookies from Open Tabs on Startup
- [x] Localstorage Cleanup (Firefox 58+)
uBlock Origin
Settings
- [x] Prevent WebRTC from leaking local IP addresses
Filter lists
- Multipurpose → [x] Dan Pollock's hosts file
- Multipurpose → [x] hpHost's Ad and tracking servers
- Multipurpose → [x] MVPS HOSTS
- Custom → [x] Import
Custom 3rd-party filters
- Last updated: 2018/11/24
https://www.fanboy.co.nz/fanboy-problematic-sites.txt https://www.fanboy.co.nz/r/fanboy-ultimate.txt https://www.fanboy.co.nz/fanboy-antifacebook.txt https://www.fanboy.co.nz/fanboy-antifonts.txt https://www.fanboy.co.nz/fanboy-cookiemonster.txt https://raw.githubusercontent.com/ryanbr/fanboy-adblock/master/popads-domains-list.txt https://raw.githubusercontent.com/ryanbr/fanboy-adblock/master/fake-news.txt
Testing Sites
GIMP
Google Chrome
iTunes
KeePassXC
Keybase
KMS-VL-ALL
LibreOffice
MarkC Mouse Acceleration Fix
Notepad++
Thunderbird
- There is a 64-bit version of Thunderbird for Windows
Transmission
http://john.bitsurge.net/public/biglist.p2p.gz
Visual C++ Redistributable Runtimes
WireGuard
- If kill switch is enabled, all local network resources can't be accessed
VPN.AC
VLC
Games
Battle.net App
Path of Exile
Steam
Diablo II
Glide Wrapper
Guild Wars 2
"C:\Program Files\Guild Wars 2\Gw2-64.exe" -autologin
"C:\Program Files\Guild Wars 2\Gw2-64.exe" -image
"C:\Program Files\Guild Wars 2\Gw2-64.exe" -repair
Drivers
Spinesnap
Wireless
- Intel Corporation Wireless-AC 9560 [Jefferson Peak] (rev 10)
- Intel(R) Wireless-AC 9560 160MHz
Bluetooth
Ethernet
- Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 12)
- Realtek PCIe GbE Family Controller
Integrated Graphics
- Intel Corporation UHD Graphics 630 (Mobile)
- Intel(R) UHD Graphics 630
Notes
- Control panel randomly downloads at some point
Discrete Graphics
- NVIDIA Corporation GP106M [GeForce GTX 1060 Mobile] (rev a1)
- NVIDIA GeForce GTX 1060
- NVIDIA Corporation GP106 High Definition Audio Controller (rev a1)
TODO
Notes
- Do not use DCH drivers
- Remove the
dch
part from the driver URL in order to download the standard driver - Example URLs: 441.87 DCH and 441.87 Standard
Telemetry Strip
- Keep the following folders/files and remove everything else:
Display.Driver
Display.Optimus
GFExperience
HDAudio
NVI2
EULA.txt
ListDevices.txt
setup.cfg
setup.exe
- Create a
NVIDIA Silent.cmd
in the root NVIDIA driver directory with the following contents:
setup.exe -s Display.Driver
Chipset
- Intel Corporation Cannon Lake PCH
Serial IO
- Intel Corporation Cannon Lake PCH Serial IO I2C Controller #0 (rev 10)
- Intel(R) Serial IO I2C Host Controller - A368
- Intel Corporation Cannon Lake PCH Serial IO I2C Controller #1 (rev 10)
- Intel(R) Serial IO I2C Host Controller - A369
- Intel Corporation Cannon Lake PCH Serial IO UART Host Controller (rev 10)
- Intel(R) Serial IO UART Host Controller - A328
Notes
- The latest version is tricky to get from Station-Drivers since some work and others don't ID match
- Latest known good: 30.100.1915.1
- Not compatible: 30.100.1932.6, 30.100.1916.1
Audio
- Intel Corporation Cannon Lake PCH cAVS (rev 10)
- Realtek High Definition Audio
- ALC255
Notes
- FF00 is wanted if given a choice since it's Generic
RST/NVMe
- Intel Corporation SSD Pro 7600p/760p/E 6100p Series
- Intel(R) NVMe Controller
Notes
- The RST driver package provides the driver for both the SATA controller and NVMe drive, regardless of the NVMe drive being port-remapped or not
AHCI
- Intel Corporation SSD Pro 7600p/760p/E 6100p Series
Notes
- If RST is disabled, use the Intel Official driver for the NVMe drive, and use the AHCI driver provided from Win-Raid Forum for the SATA controller
Card Reader
- Realtek Semiconductor Co., Ltd. RTL8411B PCI Express Card Reader (rev 01)
- Realtek PCIE CardReader
Mouse
- Corsair Gaming HARPOON RGB Mouse
I2C Touchpad
- ELAN0504:01 04F3:3091 Touchpad
- ELAN I2C Filter Driver
Notes
- The I2C driver doesn't exist on Station-Drivers
Piety
- Dell Inspiron 17 5767
AMD Radeon R7 M445/440
Realtek Ethernet
Intel HD Graphics
Intel Chipset
Intel Management Engine Interface
- Intel MEI
Intel Rapid Storage Technology
- Intel RST
Intel Wireless
Intel Bluetooth
Hatebeat
AMD Radeon HD 6800 Series
aria2c "https://www2.ati.com/drivers/beta/non-whql-win10-64bit-radeon-software-crimson-relive-16.2.1-sep20.exe" --referer="https://www2.ati.com"
AMD Chipset
aria2c "https://www2.ati.com/drivers/amd-chipset-drivers.exe" --referer="https://www2.ati.com"
/var/www/wiki/data/attic/windows/10.1582495167.txt.gz · Last modified: 2020/02/23 16:59 by Sean Rhone