mikejsavage.co.uk / blog

RSS feed

12 Jan 2019 / Windows 10 2019 post-install checklist

This is a guide on how to set up Windows 10 to not be annoying. You should set aside a few hours to go through everything. Most steps, but not all, are detailed enough that you can autopilot your way through it.

Initial setup and disabling security features

  1. Install the correct version. You want Windows 10 LTSC, which is pretty stripped down out of the box and doesn’t get feature updates.
  2. In the installer, do domain join instead of creating a web account. Say no to all the location/telemetry garbage.
  3. Click the start button, Settings, Update & Security, Windows Update, Check for updates.
  4. Start, Windows Accessories, IE, download another browser. While you’re at it, go into Internet Options, Security, drag the security level all the way down, Custom level…, Launching applications and unsafe files, check Enabled (not secure), ok out of all of that. (Firefox 52 ESR link)
  5. If you installed an older Firefox, unplug your network cable before running it then go to settings and disable updates. Install uBlock Origin and NoScript (FF52 version). It’s very important to install those before you do anything else on the web. Go into uBlock settings and enable all filter lists that sound good.
  6. Install video drivers. Don’t install Geforce Experience.
  7. Open Control Panel (search for it in the start menu), User Accounts, User Accounts (again), Change User Account Control settings, disable it. Go back to Control Panel home, Programs, Turn Windows features on or off, check Windows Subsystem for Linux, don’t reboot. Back to Control Panel home, System and Security, Windows Defender Firewall, Turn Windows Defender Firewall on or off, turn it off.
  8. gpedit.msc, Computer Configuration, Administrative Templates, Windows Components, Windows Defender Antivirus. Double click Turn off Windows Defender Antivirus, check Enabled, click ok. The other Windows Defender entries are disabled and you can ignore them. Also go to Windows Components, OneDrive, Prevent the usage of OneDrive for file storage, Enabled, ok, Prevent OneDrive from generating network traffic…, Enabled, ok.
  9. services.msc, disable and stop Windows Search and Windows Update, and anything else that offends you.
  10. secpol.msc, Local Policies, Security Options, UAC: Run all administrators in Admin Approval Mode, Disabled.
  11. Ctrl+shift+escape, Startup, disable Windows Security notification icon.
  12. Reboot to BIOS (might need to fully shutdown), put Linux Boot Manager back at the top of the boot list. Reboot back to Windows and reboot until Windows Update is done.

Disable everything else

  1. Win+E, View, Options, View. Check Show hidden files, folders and drives. Uncheck Hide empty drives. Uncheck Hide extensions for known file types. Uncheck Hide protected operating system files. Go down to Naviation pane, check Expand to open folder.
  2. Install the Take Ownership Registry Hack. Ignore the tutorial, just scroll down to the zip and install it. Use it if you ever run into permissions errors. Don’t use it on C: because it causes problems.
  3. Install the Disable 3D Objects Hack.
  4. Right click the desktop, Personalize, go through all of it including all the links. In particular go Themes, Sounds, Sound Scheme = No Sounds. Taskbar, Combine taskbar buttons, Never. Start, disable everything. Taskbar, Turn system icons on or off, disable Action Center and Input Indicator.
  5. Right click the taskbar, Search, Hidden. Uncheck Show Task View button. Uncheck Show People on the taskbar.
  6. Control Panel, System and Security, System, Advanced system settings, Performance Settings…, disable almost everything under visual effects, Advanced, Change…, set the pagefile size to 800MB. Go back to the Advanced system settings window, Startup and Recovery Settings…, uncheck Automatically restart if you want.
  7. Control Panel, System and Security, Security and Maintenance. Click all the “Turn off messages about x” links.
  8. Win+R, cmd.exe, powercfg -h off.
  9. Set Windows to use UTC time.
  10. Install the MarkC mouse acceleration fix.
  11. Open Settings:
    1. System. Notifications & actions, disable them. Power & sleep, Never and Never.
    2. Devices. Typing, disable everything. AutoPlay, Off.
    3. Time & language. Set your time zone. Click Date, time & regional formatting, Change data formats, pick what you like.
    4. Ease of Access. Keyboard, disable everything.
    5. Privacy. Go through every tab and disable basically everything.
    6. Update & security. Windows Update, Advanced Options, Delivery Optimization, don’t let other people download updates from your PC. Click For developers in the sidebar, enable Developer Mode, disable Remote Desktop.
  12. Control Panel, Ease of Access, Change how your keyboard works, disable everything.
  13. regedit.exe, HKCU\Software\Microsoft\CurrentVersion\Explorer, create a key called Serialize, then create a DWORD called StartupDelayInMSec and set it to 0.
  14. HKCU\Control Panel\Accessibility\Keyboard Response, set Flags to 3 and AutoRepeatDelay/AutoRepeatRate to whatever. Never open the accessibility settings menu again.
  15. HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting, make a DWORD called Disabled and set it to 1.
  16. More Firefox things:
    1. Go to Options. General. When Firefox starts, Show your windows and tabs from last time. Set up fonts, set minimum font size, uncheck Allow pages to choose their own fonts. Downloads, Always ask you where to save files. Applications, PDF, Always ask (disables pdf.js). Privacy, Use custom settings for history, never accept third-party cookies, remove all cookies you picked up so far. Security, uncheck the warnings/blockers. Advanced, uncheck smooth scrolling, check autoscrolling. Update, Never check for updates, don’t update search engines.
    2. about:config. extensions.update.autoUpdateDefault = false, extensions.update.enabled = false. browser.tabs.closeWindowWithLastTab = false.
    3. Install Vimperator, Download Statusbar, Hide Tab Bar With One Tab, HideScrollbars, and bug489729. Click the links for Firefox 52 compatible versions. You might need to download through IE.
    4. Put the NoScript icons in the tab bar. Go into NoScript options. Whitelist, remove everything. Notifications, uncheck Show message about blocked scripts, uncheck Display the release notes on updates. Advanced, XSS, disable.
  17. Download the Sysinternals Suite. Run autoruns, disable anything you don’t like the look of. MozillaMaintenance, NVIDIA telemetry, etc. Run procexp and check nothing dumb is running just in case. You will have lots of svchost.exes because MS doesn’t run multiple services in one exe anymore.
  18. Reboot.

WSL

We are going to use WSL because it’s much faster than Cygwin.

  1. Install AlpineWSL. It has pretty comprehensive repos and comes with the least garbage (5MB!)
  2. Run apk update; apk add openssh; ssh-keygen -t ed25519; ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -t ed25519. Disable PasswordAuthentication in /etc/ssh/sshd_config. Set up authorized_keys. Create sshd.vbs somewhere:

    WScript.CreateObject( "shell.application" ).ShellExecute "C:\Program Files\Alpine Linux\Alpine.exe", "run /usr/sbin/sshd", "", "open", 0
    

    and copy a shortcut to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup.

  3. Install Xming. Run xlaunch, click ok a few times, click save configuration, save it to Startup.
  4. Install a terminal in Alpine (I like st), then create a script to run that too:

    WScript.CreateObject( "shell.application" ).ShellExecute "C:\Program Files\Alpine Linux\Alpine.exe", "run env DISPLAY=:0 st", "", "open", 0
    
  5. Check that copy paste between Windows and WSL works how you want. I had to swap primary/clipboard pastes in st for it to work out.

  6. Create a shortcut to it, right click, put wscript.exe at the front of the target, give it a nice icon, then drag it to the taskbar. When you run it, it makes a new icon rather than opening in place, if anyone knows how to fix that please email me.
  7. apk add bind-tools coreutils ctags curl fish fzf git grep htop less man man-pages mdocml-apropos p7zip the_silver_searcher tig tmux tree vim whois

Software I like

  1. 7-Zip. Go into settings and associate it with everything that isn’t zip. Disable all the junk context menu items.
  2. Create halt.bat somewhere containing shutdown /s /t 0. Create reboot.bat containing shutdown /r /t 0. Use Everything to run these.
  3. Search Everything. Sort by descending run count, and close window on execute. Right click on things and set run count to seed them to appear at the top. halt.bat, reboot.bat, Control Panel.lnk, Snipping Tool.lnk, firefox.exe, etc.
  4. Vim.
  5. AutoHotKey. Put startup.ahk in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. Include a hotkey to launch Everything. Scroll down for an example.
  6. Start Killer. Use Everything as a launcher instead.
  7. Clink.
  8. Dina font.
  9. Download psubst. psubst X: C:\Users\<user>\Documents /P.
  10. Sumatra PDF.
  11. f.lux.
  12. Visual Studio 2019. Check the Graphics debugger and GPU profiler for DirectX box.
  13. Apply this .reg file to fix JIT debugging.
  14. NSIS.
  15. Intel Architecture Code Analyzer.
  16. Windows SDK. Make sure you check Windows Performance Toolkit (for GPUView), Debugging Tools for Windows (WinDBG), Windows SDK Signing Tools for Desktop Apps (SignTool), and probably the x86/amd64 SDKs.
  17. DirectX SDK. You need it for XAudio 2.7, which you need if you want to ship software on Win7. You might need to reenable Windows Update for this.
  18. Windows Store. Delete the PurchaseApp/xbox stuff. Get WinDbg Preview from the Windows Store.
  19. Renderdoc. apitrace. GPU ShaderAnalyzer. Nsight Graphics.
  20. Color Cop. GIMP. Inkscape. Milton. Blender. Wings3D.
  21. mpv. Put youtube-dl in the same folder.
  22. foobar2000.
  23. Download Path Editor. Add VS compiler stuff, MSBuild, the Win10 Kit (with mt.exe), IACA, apitrace, NSIS, and mpv to path.
  24. Control Panel, System and Security, System, Advanced system settings, Environment Variables. Point INCLUDE and LIB at VS and the SDKs. For VS2015 I have:

    INCLUDE:
    C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include;C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt;C:\Program Files (x86)\Windows Kits\8.1\Include\shared;C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Include;C:\Program Files (x86)\Windows Kits\8.1\Include\um;C:\Program Files (x86)\Windows Kits\8.1\Include\winrt
    

    and

    LIB:
    C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\amd64;C:\Program Files (x86)\Windows Kits\10\Lib\10.0.10240.0\ucrt\x64;C:\Program Files (x86)\Windows Kits\8.1\lib\winv6.3\um\x64
    

startup.ahk

This script maps capslock to escape, adds some hotkeys for launching/closing programs, and doesn’t open the start menu when you press the windows key.

#SingleInstance force

SetCapsLockState, Off
SetCapsLockState, AlwaysOff
CapsLock::Escape

#e::Run C:\Users\mike\Documents
#p::Run C:\Program Files\Everything\Everything.exe
#Enter::
        Run C:\Program Files\Alpine Linux\st.vbs
        WinWait Xming,, 1
        WinMaximize
        return
#x::Winclose, A

LWin & vk07::return
LWin::return

Internet points

  1. Write a blog post.
  2. Email me if I forgot anything.