User Tools

Site Tools


windows:10_ltsc_2021

Information

  • Microsoft Windows 10 IoT Enterprise LTSC
  • 21H2 (10.0.19044 Build 19044)

Resources

Download

  • IoT Enterprise LTSC has the longest support date of 2032-01-13 and works well
en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f.iso
SHA256: a0334f31ea7a3e6932b9ad7206608248f0bd40698bfb8fc65f14fc5e4976c160
  • TODO: ISO name, SSU, CU sort

Settings

Nagle's Algorithm

Disable Clipboard History

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f

Disable CPU Mitigations

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t "REG_DWORD" /d "3" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t "REG_DWORD" /d "3" /f

Disable Game DVR

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowgameDVR" /t "REG_DWORD" /d "0" /f

Disable Hibernation and Fast Start

powercfg /H off

Disable Last Access Time File Updates

fsutil behavior set disablelastaccess 1

Disable Online Speech Recognition

reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f

Open Pictures With Windows Photo Viewer

reg add "HKCU\Software\Classes\.jpg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.jpeg" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.gif" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.png" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.bmp" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.tiff" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f
reg add "HKCU\Software\Classes\.ico" /ve /t "REG_SZ" /d "PhotoViewer.FileAssoc.Tiff" /f

Disable Remote Desktop

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t REG_DWORD /d "1" /f

Disable Shared Experiences

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f

Disable SmartScreen

  • General
  • Windows Store Apps
  • Microsoft Edge
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t "REG_DWORD" /d "0" /f

Disable Startup Delay

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f

Disable System Restore

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR " /t "REG_DWORD" /d "1" /f

Disable Telemetry Features

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f

Disable User Account Control

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f

Disable Windows Defender

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f

Remove Quick Access

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "HubMode" /t "REG_DWORD" /d "1" /f

Dism /online /Disable-Feature /FeatureName:"SearchEngine-Client-Package" /Remove

Show All Folders in File Explorer Pane

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t "REG_DWORD" /d "1" /f

Verbose Shutdown

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "VerboseStatus" /t REG_DWORD /d "1" /f

Other

ScriptTiger Hosts File

  • Powershell Script *.ps1
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"

# https://scripttiger.github.io/alts/
# Compressed

# Unified hosts + fakenews + gambling + porn + social
Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fgps.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"

# Unified hosts + fakenews + gambling + social
#Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fgs.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"

# Unified hosts + fakenews + gambling
#Invoke-WebRequest "https://scripttiger.github.io/alts/compressed/blacklist-fg.txt" -OutFile "C:\Windows\System32\drivers\etc\hosts"

ipconfig /flushdns

NetFX3 From Install Media

  • Change D:\ to install media drive if necessary
Dism /online /enable-feature /featurename:"NetFX3" /All /Source:"D:\sources\sxs" /LimitAccess

Maintenance

  • TODO: Maintenance bat command notepad desktop
:: .NET Framework 4
"%windir%\microsoft.net\Framework\v4.0.30319\ngen.exe" update /force /queue
"%windir%\microsoft.net\Framework64\v4.0.30319\ngen.exe" update /force /queue
"%windir%\microsoft.net\Framework\v4.0.30319\ngen.exe" executequeueditems
"%windir%\microsoft.net\Framework64\v4.0.30319\ngen.exe" executequeueditems

:: System File Check, Cleanup, and Repair
"%windir%\system32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase /RestoreHealth
"%windir%\system32\sfc.exe" /scannow

:: Classic Disk Cleanup
"%windir%\system32\cleanmgr.exe" /sageset:65535
"%windir%\system32\cleanmgr.exe" /sagerun:65535

:: Defrag/Trim
"%windir%\system32\dfrgui.exe"

Information

  • TODO: Move to separate notes

Prevent Driver Changes

Notes

  • To be done after a proper driver is manually installed
  • This ensures Windows Update nor anything else can replace installed drivers for specific devices unattended
  • Additional entries need to add a new number (the value after /v)
  • The device ID can be acquired from Device Manager and should be pasted as-is (no extra slashes)

Base Policies

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDs" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "0" /f

Format

  • Do not copy/paste these as-is; only here for reference
  • Adjust to specific devices as-needed

Add Prevent Policy

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /t "REG_SZ" /d "PCI\VEN_XXXX&DEV_XXXX&SUBSYS_XXXXXXXX&REV_XX" /f

Remove Prevent Policy

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs" /v "#" /f

Programs

7-Zip

Android Tools

  • TODO: Set user instead of system-wide with /M and check syntax
SETX /M path "%path%;C:\Program Files\platform-tools"

aria2

SETX /M path "%path%;C:\Program Files\aria2c"

Brain Workshop

Calculator

  • Only available on LTSB/LTSC
win32calc

DirectX End-User Runtime

Firefox

GIMP

KeePassXC

mpv

MuPDF

Notepad++

OBS

qBittorrent

VC++ Redist

Vulkan Runtime

Games

Battle.net App

Steam

Drivers

Spinesnap

Chipset

SATA/RST

  • Intel(R) Chipset SATA/PCIe RST Premium Controller
  • PCI\VEN_8086&DEV_282A&SUBSYS_08191028&REV_10

SerialIO

  • Intel(R) Serial IO GPIO Host Controller - INT3450
  • Intel(R) Serial IO I2C Host Controller - A368
  • Intel(R) Serial IO I2C Host Controller - A369
  • ACPI\VEN_INT&DEV_3450
  • PCI\VEN_8086&DEV_A368&SUBSYS_08191028&REV_10
  • PCI\VEN_8086&DEV_A369&SUBSYS_08191028&REV_10
  • :?: At some point on the links below the 3xx mention was removed, but 4xx is the same 30.100.2132.2 version
  • ASUS ROG Forums (3xx/4xx)
  • Windows 11 Forum (3xx/4xx)

Ethernet

  • I219-LM Gigabit
  • :!: Intel Corporation Ethernet Connection (7) I219-LM (rev 10) 3)

Wireless + Bluetooth

  • Intel(R) Wireless-AC 9560 160MHz
  • PCI\VEN_8086&DEV_A370&SUBSYS_40308086&REV_10

Graphics

  • Intel(R) UHD Graphics 630
  • PCI\VEN_8086&DEV_3E9B&SUBSYS_08191028&REV_00
1)
this specific version was needed to workaround a fastboot error that only happened on the latest version
2)
Intel recommends extracting drivers (f6vmdflpy-x64.zip) from the exe in the 17.11.3.1010.2 Release Notes
3)
rev 10 drivers, not rev 18+
4)
2024/09/10: The latest version is 29.3.1 provided in the Complete Driver Pack, and is 800MB+
/usr/local/www/wiki/data/pages/windows/10_ltsc_2021.txt · Last modified: by Sean Rhone