Fresh Windows 10 installation configuration check-list, and how to take control of or dismantle your Windows 10 OS
Entry posted by Delicieuxz in none
1,939 views
Table of contents:
1. Preamble 1
2. Preamble 2
3. Getting on with the incomplete (see Preamble 2 for explanation) check-list
4. Instructions
Preamble 1
Someone asked me what can be done to make a fresh Windows 10 installation run more decently, and so here's a list of what can be done to make Windows 10 a more usable, peaceful, reliable, compatible, private, and controllable environment.
The premise of these instructions will be that you have Windows 10 Pro, Enterprise, or LTSC. Windows 10 Home doesn't give access to many of these settings and I don't recommend Windows 10 Home for any purpose as it's like being an infant confined to a baby pen at a daycare run by a data-harvesting rapist. I also don't recommend Windows 10 Pro, unless you can't get a copy of Enterprise or LTSC (check eBay, Craigslist, reddit for sales, or My Digital Life for additional solutions).
Ignore the "Enterprise", "business", and "LTSC" branding, which are simply disingenuous and deceptive. Practically-speaking, Enterprise and LTSC are the only moderately-competently-functional versions of Windows 10 when it comes to configuring things. To give an illustration of how restrictive Windows has become with Windows 10: Windows 7 Pro is most analogous to Windows 10 LTSC, and what is called Windows 10 Pro is actually much less accessible and controllable than Windows 7 Pro is. The Windows 10 edition which gives the closest experience to Windows 7 Pro is Windows 10 LTSC. And if you know that you won't need Microsoft Store or UWP apps, or to run some newest programs that require the latest Win 10 feature update, then LTSC is the version of Windows 10 I most recommend. If you want to be able to use UWP or run all the newest programs and play all the latest games for the years between LTSC releases, I recommend Enterprise.
The proper way to read Windows edition-branding is this:
LTSC = Almost everything is available but no support for UWP, has less bloatware, no ads, and doesn't get access to feature updates. However, you get all security updates for 10 years. This is the most stable and peaceful edition of Win 10.
Enterprise = You have everything available, but feature updates install along with security updates. If you don't want UWP and don't want feature updates to install along with security updates, then get LTSC.
Pro = Like Enterprise but with more restrictions to what you can do. It's pointless and obsolete if you can use Enterprise. Pro only exists to obstruct you from making changes that Microsoft doesn't want you to, and to upsell some features.
Home = A cut-down version of Windows that will get in your way if you want to change how the OS behaves. Getting it only takes away possibility from you, while keeping your PC and data maximally exploitable by Microsoft.
Another way to present LTSC is this: LTSC = Enterprise but without feature updates (a new updated version of LTSC releases every few years), support for UWP, and with less bloatware
If you knowingly chose Windows 10 Home based on its particular design, then you probably aren't someone who is wanting to make many of the changes I list below. But if you are wanting to make those changes and have Windows 10 Home, then you got the wrong Windows edition. Home isn't for people who want to be able to configure things in their OS. That said, it is possible to modify the registry in Windows 10 Home to add-in the Group Policy Editor, which is needed for some of these changes.
Preamble 2
Regarding the following instructions, I don't do all the things listed here, and if doing all these things, it could be a good idea to make sure you have some good 3rd-party security apps installed or have backed-up any of your data that's important to you.
Also, I'm running Windows 10 LTSC version 1903, so, some of this stuff could be different or irrelevant in later versions of Windows. The next time I fresh-install Windows on my PC, I expect there will be additional things that I have to look into to find-out how to disable or change.
Also also, the instructions given below aren't perfectly ordered to match the check-list. This was put together ad hoc, and there are instructions given below for things that are not included in the initial check-list. I've been editing to clean it up a bit, but it could use some more organization. So, I recommend scrolling through the instructions to see what might be relevant to your interests
Lastly also, if you have any suggestions for additions to this list, please let me know.
Getting on with the incomplete (see Preamble 2 for explanation) check-list
- Make the full ("super") administrator account your default account. Alternatively:
- Secure all folder permissions for your account
- Turn-off UAC
- Get rid of the "This app has been blocked for your protection" message and 0x80070522 errors
- Get rid of the "always ask before opening this type of file" message
- Get rid of the "You don't have permission to save in this location" message
- Replace the Windows 10 start menu with an actually-functional alternative (Startisback is nice)
- Enable .NET Framework 2 and 3, and DirectPlay for legacy game and app support
- Disable Windows Update (full details on that are here) or configure automatic updates
- Disable Windows Defender in the group policy editor (otherwise it will keep restarting)
- Disable Windows SmartScreen filter
- Turn-off / turn-down telemetry (O&O Shutup10 is a recommended part of that process, also this might help though it will probably be pretty outdated)
- Disable Activity History data collection
- Turn-off all pestering notifications
- Disable Cortana
- Turn-off automatic window resizing
- Configure File Explorer appearance and layout
- Turn-off tab-switching history
- Stop 'wake from sleep on network activity' (if having issues with PC not staying in sleep mode)
- Remove Windows bloatware
Instructions
Making the super administrator account your default account:
1. Press WIN+R to open the Run prompt, and type in lusrmgr.msc, then click OK.
2. In the Local User & Groups panel, click on Users in the left column to display a list of all the user accounts in Windows
3. In the middle panel, right-click the Administrator account and choose Rename to name it how you want your account to be named
4. Right-click the Administrator account and choose Properties
5. Make sure "User cannot change password" and "Account is disabled" are both unchecked, and that "Password never expires" is checked, and click OK to close the window
6. Right-click the Administrator account and choose "Set Password" to set the password for the account
7. Restart the computer to have the new account details take effect
To disable UAC:
1. Open the start menu and type "user account control"
2. Click on the search result titled "Change User Account Control Settings"
3. Slide the bar to the bottom where it says "Never notify" and then press OK
4. Confirm any prompt that appears
To get rid of "This app has been blocked for your protection" message and prevent error 0x80070522 when copying, downloading, or creating new files in root drives:
1. Open the Group Policy editor
2. Navigate to: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options :: User Account Control: Run all administrators in Admin Approval Mode
3. Set the policy to Disabled
4. Click OK
5. Restart the PC
Or:
1. Press WIN+R to open the Run box
2. Type "secpol.msc" and press ENTER
3. Navigate to Local Policies -> Security Options :: User Account Control: Run all administrators in Admin Approval Mode
4. Right-click on it, choose Properties and set to Disable. Click OK
5. Restart the PC
Disable the "always ask before opening this type of file" message:
1. Open the Group Policy editor
2. Navigate to: User Configuration -> Administrative Templates -> Windows Components -> Attachment Manager :: Inclusion list for low file types
3. Enable the policy, and in the options section enter the types of files to not give the warning about (example: ".exe")
4. Click OK and close the window
Fix the "You don't have permission to save in this location. Contact the administrator to obtain permission." message when trying to save to the root C:\
1. Open File Explorer and navigate to C:\Users\
2. Right-click on your user folder and select Properties
3. In the Properties window, select the Security tab, then click Advanced in the bottom-right of the Security tab
4. In the top-left of the Advanced window where it says "Owner: SYSTEM Change", click on "Change"
5. In the "Select User or Group" window that pops up, click Advanced
6. On the right side of the "Select User or Group" window that pops up, click Find Now
7. Locate your user name in the bottom panel, click on it, and then click OK to close that window
8. Click OK on the next window to close it
9. In the top-left of the "Advanced Security Settings" window, check the box labelled "Replace owner on subcontainers and objects"
10. Click on Apply, then say Yes to the window that pops up and wait for the permissions to be changed
11. When the process is finished, click OK to close the window, and then click OK to close the next window, then click OK to close the last window
To get Startisback (a fantastic Windows 10 start-menu replacement):
And to get Startisback to display recent programs:
Open Settings -> Privacy -> General. Enable “Let Windows track app launches to improve start and search results” Turn it on. Then go to Settings -> Personalization -> Start and turn-on “Show most used apps”.
To enable .NET Framework 3.5 for legacy game and app support:
Open Programs and Features -> Turn Windows features on or off -> check .NET Framework 3.5 -> click OK
To enable DirectPlay for legacy game and app support:
Open Programs and Features -> Turn Windows features on or off -> Legacy Components -> check DirectPlay -> click OK
To disable Windows Update:
Get rid of 'this setting is managed by your organization' messages (such as when trying to run Windows Update after disabling it in GPE and installing a telemetry-blocker program):
1. Open the Group Policy editor. Navigate to: Computer configuration -> Administrative templates
2. Right-click on "All settings", and select "Filter options"
3. Change the drop down for "Configured" to "Yes". Untick the check boxes if any are ticked."
4. Click OK
I found setting Managed, Configured, Commented - all to 'Any' removed the message.
Also check out this: http://www.thewindowsclub.com/some-settings-are-managed-by-your-organization
To configure Automatic Updates:
In the Group Policy Editor, navigate to: Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update :: Configure Automatic Updates
To disable Windows Defender:
https://www.windowscentral.com/how-permanently-disable-windows-defender-windows-10
Windows Defender can be disabled in the Windows settings panel, the group policy editor, and via the registry.
To disable Windows Defender via the group policy editor:
1. open the group policy editor
2. navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus
3. double-click the policy titled "Turn off Windows Defender Antivirus policy"
4. set that policy to "Enabled" and then press OK to close that window
Also, look at Task Scheduler -> Task Scheduler Library -> Microsoft -> Windows -> Windows Defender
To disable SmartScreen:
Settings -> Update & Security -> Windows Security -> App & browser control
In the window that opens up, there are 3 items that can have their tick-boxes changed to Off to disable SmartScreen for each of them:
- Check apps and files
- SmartScreen for Microsoft Edge
- SmartScreen for Microsoft Store apps
Or, turn-off SmartScreen in the GPE:
https://www.maketecheasier.com/disable-smartscreen-filter-windows10/
1. Open Group Policy Editor and navigate to: Computer Configuration -> Administrative Templates -> Windows Components -> File Explorer
2. Double-click on the “Configure Windows Defender SmartScreen” policy
3. Enable the policy and set its options as wanted
To configure Telemetry (Win 10 Pro is more restrictive in how far telemetry can be reduced than Enterprise and LTSC):
In the Group Policy Editor, navigate to: Computer Configuration -> Administrative Templates -> Windows Components -> Data Collection and Preview Builds :: Allow Telemetry
Download and run O&O Shutup10 to get rid of a lot more Windows 10 telemetry: https://www.oo-software.com/en/shutup10
To configure or turn-off some telemetry via Task Scheduler:
In Task Scheduler: Task Scheduler Library -> Microsoft -> Office :: OfficeBackgroundTaskHandlerRegistration / OfficeBackgroundTaskHandlerLogon / OfficeTelemetryAgentFallBack2016 / OfficeTelemetryAgentLogOn2016
To disable Activity History data collection:
Settings -> Privacy -> Activity History
To turn-off unwanted Windows 10 interference via notifications:
Settings > System Display > Notifications & actions > Turn OFF "Get tips, tricks and suggestions as you use Windows"
To disable Cortana:
In the Group Policy Editor (gpedit.msc): Computer Configuration -> Administrative Templates -> Windows Components -> Search -> Allow Cortana and set it to Disabled.
Turn-off automatic window resizing
Navigate to: Settings -> System -> Multitasking and set "Snap windows" to Off
Configure File Explorer appearance and layout:
Quick Access toolbar - Show below the ribbon
View -> Options :: General tab -> Privacy - uncheck both boxes
View -> Options :: View tab - enable "Show hidden files", uncheck "Hide extentions for known file types"
To turn-off tab-switching history:
Navigate to:Settings -> System -> Multi-tasking. Under Timeline, turn off "Show suggestions occasionally on timeline"
Then go to: Settings -> Privacy -> Activity History and turn off everything inside
Now you'll only see the currently running programs, with multiple virtual desktop similarly to before
To stop 'wake from sleep on network activity':
Open Device Manager -> Network adapters -> network adapter Properties -> Power Management tab :: unckeck Allow this device to wake the computer
Power Plan -> -> Edit Plan Settings -> Put the computer to sleep :: Choose option
To fix the recycle bin so that it refreshes properly from empty to full when using a custom icon:
1. Copy your custom recycle bin icons to somewhere in the C:\Windows\ folder
2. Change the recycle bin icons to those customer icons
3. Open regedit.exe and navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon
4. In the right-hand panel, there will be strings named "(Default)", "empty", and "full"
5. Double-click on each of them and add ",0" to the end of each string, without the quotation marks, and press OK to close the window
Remove Windows 10 bloatware (put into a .bat file and then run the file):
@powershell "Get-AppxPackage *3dbuilder* | Remove-AppxPackage"
@powershell "Get-AppxPackage *sway* | Remove-AppxPackage"
@powershell "Get-AppxPackage *messaging* | Remove-AppxPackage"
@powershell "Get-AppxPackage *zunemusic* | Remove-AppxPackage"
@powershell "Get-AppxPackage *windowsalarms* | Remove-AppxPackage"
@powershell "Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage"
@powershell "Get-AppxPackage *windowscamera* | Remove-AppxPackage"
@powershell "Get-AppxPackage *officehub* | Remove-AppxPackage"
@powershell "Get-AppxPackage *skypeapp* | Remove-AppxPackage"
@powershell "Get-AppxPackage *getstarted* | Remove-AppxPackage"
@powershell "Get-AppxPackage *windowsmaps* | Remove-AppxPackage"
@powershell "Get-AppxPackage *solitairecollection* | Remove-AppxPackage"
@powershell "Get-AppxPackage *bingfinance* | Remove-AppxPackage"
@powershell "Get-AppxPackage *zunevideo* | Remove-AppxPackage"
@powershell "Get-AppxPackage *bingnews* | Remove-AppxPackage"
@powershell "Get-AppxPackage *people* | Remove-AppxPackage"
@powershell "Get-AppxPackage *windowsphone* | Remove-AppxPackage"
@powershell "Get-AppxPackage *windowsstore* | Remove-AppxPackage"
@powershell "Get-AppxPackage *bingsports* | Remove-AppxPackage"
@powershell "Get-AppxPackage *soundrecorder* | Remove-AppxPackage"
@powershell "Get-AppxPackage *xboxapp* | Remove-AppxPackage"
@powershell "Get-AppxPackage *phone* | Remove-AppxPackage"
@powershell "Get-AppxPackage *windowsdvdplayer* | Remove-AppxPackage"
@powershell "Get-AppxPackage *xboxidentityprovider* | Remove-AppxPackage"
0 Comments
There are no comments to display.