• Microsoft Windows 10 IoT Enterprise LTSC
• 21H2 (10.0.19044 Build 19044)

• https://superuser.com/questions/217504/is-there-a-list-of-windows-special-directories-shortcuts-like-temp/217506#217506

• LTSC 2021
• IoT Enterprise LTSC has the longest support date of 2032-01-13 and works well

• Windows 10 21H2 Cumulative Updates - Microsoft Update Catalog
• KB5014032 2022-05 SSU is required before the latest CU

en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f.iso

SHA256: a0334f31ea7a3e6932b9ad7206608248f0bd40698bfb8fc65f14fc5e4976c160

• TODO: ISO name, SSU, CU sort

• https://gigperformer.com/docs/ultimate-guide-to-optimize-windows-for-stage/naglesalgorithm.html
• https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/registry-entry-control-tcp-acknowledgment-behavior
• TODO

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f

• https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
• https://www.grc.com/inspectre.htm
• TODO: Research this further

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t "REG_DWORD" /d "3" /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t "REG_DWORD" /d "3" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f

powercfg /H off

fsutil behavior set disablelastaccess 1

reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f

reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f

• General
• Windows Store Apps
• Microsoft Edge

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t "REG_DWORD" /d "0" /f

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f

Dism /online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "VerboseStatus" /t REG_DWORD /d "1" /f

• https://scripttiger.github.io/hosts-packages/
• TODO: Revert multiple-entries

• Powershell Script *.ps1

if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"

# https://scripttiger.github.io/alts/
# Compressed

# Unified hosts + fakenews + gambling + porn + social
Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fgps.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"

# Unified hosts + fakenews + gambling + social
#Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fgs.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"

# Unified hosts + fakenews + gambling
#Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fg.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"

ipconfig /flushdns

• Change D:\ to install media drive if necessary

Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess

• TODO: Maintenance bat command notepad desktop

:: .NET Framework 4
"%windir%\microsoft.net\Framework\v4.0.30319\ngen.exe" update /force /queue
"%windir%\microsoft.net\Framework64\v4.0.30319\ngen.exe" update /force /queue
"%windir%\microsoft.net\Framework\v4.0.30319\ngen.exe" executequeueditems
"%windir%\microsoft.net\Framework64\v4.0.30319\ngen.exe" executequeueditems

:: System File Check, Cleanup, and Repair
"%windir%\system32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%windir%\system32\sfc.exe" /scannow

:: Classic Disk Cleanup
"%windir%\system32\cleanmgr.exe" /sageset:65535
"%windir%\system32\cleanmgr.exe" /sagerun:65535

:: Defrag/Trim
"%windir%\system32\dfrgui.exe"

• TODO: Move to separate notes

• To be done after a proper driver is manually installed
• This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
• Additional entries need to add a new number (the value after /v)
• The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f

• Do not copy/paste these as-is; only here for reference
• Adjust to specific devices as-needed

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f

• More Programs

• https://www.7-zip.org/download.html

• Latest USB Driver
• Latest platform-tools
• 30.0.5 platform-tools ¹⁾

• TODO: Set user instead of system-wide with /M and check syntax

SETX /M path "%path%;C:\Program Files\platform-tools"

• https://github.com/aria2/aria2/releases
• TODO: Set user instead of system-wide with /M and check syntax

SETX /M path "%path%;C:\Program Files\aria2c"

• https://sourceforge.net/projects/brainworkshop/files/brainworkshop/

• Only available on LTSB/LTSC

win32calc

• https://www.microsoft.com/en-us/download/confirmation.aspx?id=8109

• https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-US

• https://www.gimp.org/downloads

• https://keepassxc.org/download#windows

• https://sourceforge.net/projects/mpv-player-windows/files/64bit-v3/

• https://mupdf.com/releases/index.html
• https://mupdf.com/releases/history.html

• https://notepad-plus-plus.org/download

• https://obsproject.com/download

• https://www.qbittorrent.org/download

• https://github.com/abbodi1406/vcredist/releases

• https://vulkan.lunarg.com/sdk/home

• https://download.battle.net/en-us/?product=bnetdesk

• https://steamcdn-a.akamaihd.net/client/installer/SteamSetup.exe

• See Drivers for more URLs

• Dell Latitude 5591 - Support and BIOS Updates

• Intel(R) Core(TM) i5-8400H CPU @ 2.50GHz
• TODO: Chipset name

• ASUS ROG Forums (AHCI 2xx/3xx)
• Windows 11 Forum (AHCI 2xx/3xx)

• https://station-drivers.com/index.php/en/component/remository/Drivers/Intel/HID-Event-Filter/orderby,4/lang,en-gb/

• Intel(R) Chipset SATA/PCIe RST Premium Controller
• PCI\VEN_8086&DEV_282A&SUBSYS_08191028&REV_10

• Intel Download Center ²⁾
• ASUS ROG Forums (AHCI 2xx/3xx)
• Windows 11 Forum (AHCI 2xx/3xx)

• Intel(R) Serial IO GPIO Host Controller - INT3450
• Intel(R) Serial IO I2C Host Controller - A368
• Intel(R) Serial IO I2C Host Controller - A369
• ACPI\VEN_INT&DEV_3450
• PCI\VEN_8086&DEV_A368&SUBSYS_08191028&REV_10
• PCI\VEN_8086&DEV_A369&SUBSYS_08191028&REV_10

• At some point on the links below the 3xx mention was removed, but 4xx is the same 30.100.2132.2 version
• ASUS ROG Forums (3xx/4xx)
• Windows 11 Forum (3xx/4xx)

• I219-LM Gigabit
• Intel Corporation Ethernet Connection (7) I219-LM (rev 10) ³⁾

• Intel Download Center ⁴⁾
• ASUS ROG Forums (I217/I218/I219)
• Windows 11 Forum (I217/I218/I219)

• Intel(R) Wireless-AC 9560 160MHz
• PCI\VEN_8086&DEV_A370&SUBSYS_40308086&REV_10

• Intel Download Center (IT Administrators )
• ASUS ROG Forums (8xxx/9xxx/AXxxx)
• Windows 11 Forum (8xxx/9xxx/AXxxx)

• Intel(R) UHD Graphics 630
• PCI\VEN_8086&DEV_3E9B&SUBSYS_08191028&REV_00

• Intel Download Center