Prepare my Windows workstation
Prepare my Windows workstation
Identification
- Name: HP Z210 Convertible Minitower Base Model Workstation
- Model #: XM856AV
- Serial #: CZC13941PV
Windows 10 “Light”
Download Windows 10 ISO tool from Microsoft
Windows phone activation: slui.exe 4
Reinstall all Apps:
Get-AppxPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Remove an App:
Get-AppxPackage *skypeapp* | Remove-AppxPackage
:: Determines how long the system waits for services to stop after notifying the service that the system is shutting down
reg ADD "HKLM\SYSTEM\CurrentControlSet\Control" /v "WaitToKillServiceTimeout" /d 20000 /f
:: Remove Windows Spying
:: https://github.com/Nummer/Destroy-Windows-10-Spying
:: Remove all built-in Apps
:: http://www.thewindowsclub.com/ultimate-windows-tweaker-4-windows-10
:: Remove OneDrive
reg ADD "HKLM\Software\Policies\Microsoft\Windows" /v "DisableFileSyncNGSC" /t REG_DWORD /d 1 /f
taskkill /f /im OneDrive.exe
%SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall
rd "%UserProfile%\OneDrive" /Q /S
rd "%LocalAppData%\Microsoft\OneDrive" /Q /S
rd "%ProgramData%\Microsoft OneDrive" /Q /S
rd "C:\OneDriveTemp" /Q /S
reg DELETE "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
reg DELETE "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
:: Remove Defender
:: Open Task Manager, select Startup tab, right click on "Windows Defender notification icon", click Disable
:: GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Defender
:: reg QUERY "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /d 1 /f
:: C:\Program Files\Windows Defender\MSASCui.exe
:: https://www.raymond.cc/blog/how-to-disable-uninstall-or-remove-windows-defender-in-vista/
"C:\Program Files\Windows Defender\mpcmdrun" -removedefinitions -all
reg ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /T REG_DWORD /d 1 /f
reg ADD "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /d 3 /f
shutdown /t 0 /r
:: Reboot to KNOPPIX (hit F8-F8-F8)
ntfs-3g.real /dev/sda1 /mnt
mv "/mnt/Program Files/Windows Defender" "/mnt/Program Files/_Windows Defender"
:: Dummy file to prevent folder recreation
touch "/mnt/Program Files/Windows Defender"
:: @FIXME Remove services, drivers: WdFilter.sys, WdNisDrv.sys
rem sc delete WinDefend
rem sc delete WdNisSvc
:: Disable SSDP Discovery service (enumerates UPnP devices)
sc stop SSDPSRV
sc config SSDPSRV start= disabled
:: Disable Remote Registry service
sc stop RemoteRegistry
sc config RemoteRegistry start= disabled
:: Check drivers
:: http://www.nirsoft.net/utils/driverview.html
sc query type= driver | find "_NAME:"
:: https://www.devside.net/wamp-server/opening-up-port-80-for-apache-to-use-on-windows
rem netsh http show urlacl | find "Reserved URL"
rem netsh http show servicestate
rem net stop HTTP
rem sc config HTTP start= disabled
:: Check missing files
Autoruns.exe
:: https://support.microsoft.com/en-us/kb/929833
sfc /VERIFYONLY
rem sfc /SCANNOW
Windows 10 version 1607 Error code: 0x8024200D WU_E_UH_NEEDANOTHERDOWNLOAD
Hardware related software
BIOS update
Applications
- Intel® Driver Update Utility
- CPUZ Disable monitoring
- HWMonitor
- S.M.A.R.T. status viewer
- HP SoftPaq Download Manager
- HP Support Assistant
- Fujitsu DeskUpdate
- Lenovo ThinkVantage System Update
- NVIDIA QFE driver (Quadro New Feature)
- DirectX
Windows settings
Drive labels
label C: system
label E: data
Boot display
bcdedit /set quietboot on
bcdedit /set sos on
Hibernation
powercfg -h on
:: powercfg -h off
powercfg.cpl
:: Power button: shutdown, Sleep button: hibernate
:: Hibernate command: shutdown /t 0 /f /h
Disable Windows key combinations (user)
reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoWinKeys" /t REG_DWORD /d 1 /f
https://support.microsoft.com/help/12445/windows-keyboard-shortcuts
Show known file extensions (user)
reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f
Don’t display delete confirmation (user)
reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "ConfirmFileDelete" /t REG_DWORD /d 0 /f
Disable NTFS last access update
If you have spinning drives.
reg ADD "HKCU\SYSTEM\CurrentControlSet\Control\FileSystem" /v "NtfsDisableLastAccessUpdate" /t REG_DWORD /d 0 /f
Disable Terminal Server aka. remote assistance
reg ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 1 /f
Show analogue clock
reg ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell" /v "UseWin32TrayClockExperience" /t REG_DWORD /d 1 /f
Untrusted Font Blocking in IE
gpedit.msc / Administrative Templates / System / Mitigation Options / Untrusted Font Blocking / “Do not block untrusted fonts”
Settings commands
All shell:::{ED7BA470-8E54-465E-825C-99712043E01C}
Battery Saver ms-settings:batterysaver
Battery Saver Settings ms-settings:batterysaver-settings
Battery use ms-settings:batterysaver-usagedetails
Bluetooth ms-settings:bluetooth
Colors ms-settings:colors
Data Usage ms-settings:datausage
Date and Time ms-settings:dateandtime
Closed Captioning ms-settings:easeofaccess-closedcaptioning
High Contrast ms-settings:easeofaccess-highcontrast
Magnifier ms-settings:easeofaccess-magnifier
Narrator ms-settings:easeofaccess-narrator
Keyboard ms-settings:easeofaccess-keyboard
Mouse ms-settings:easeofaccess-mouse
Other Options (Ease of Access) ms-settings:easeofaccess-otheroptions
Lockscreen ms-settings:lockscreen
* Offline maps ms-settings:maps
Airplane mode ms-settings:network-airplanemode
Proxy ms-settings:network-proxy
VPN ms-settings:network-vpn
* Notifications & actions ms-settings:notifications
* Account info ms-settings:privacy-accountinfo
Calendar ms-settings:privacy-calendar
Contacts ms-settings:privacy-contacts
Other Devices ms-settings:privacy-customdevices
* Feedback ms-settings:privacy-feedback
* Location ms-settings:privacy-location
Messaging ms-settings:privacy-messaging
Microphone ms-settings:privacy-microphone
Motion ms-settings:privacy-motion
Radios ms-settings:privacy-radios
Speech, inking, & typing ms-settings:privacy-speechtyping
Camera ms-settings:privacy-webcam
Region & language ms-settings:regionlanguage
Speech ms-settings:speech
* Windows Update ms-settings:windowsupdate
Work access ms-settings:workplace
Connected devices ms-settings:connecteddevices
For developers ms-settings:developers
Display ms-settings:display
Mouse & touchpad ms-settings:mousetouchpad
Cellular ms-settings:network-cellular
Dial-up ms-settings:network-dialup
DirectAccess ms-settings:network-directaccess
* Ethernet ms-settings:network-ethernet
Mobile hotspot ms-settings:network-mobilehotspot
* Wi-Fi ms-settings:network-wifi
Manage Wi-Fi Settings ms-settings:network-wifisettings
* Optional features ms-settings:optionalfeatures
Family & other users ms-settings:otherusers
* Personalization ms-settings:personalization
Backgrounds ms-settings:personalization-background
Colors ms-settings:personalization-colors
Start ms-settings:personalization-start
Power & sleep ms-settings:powersleep
Proximity ms-settings:proximity
Display ms-settings:screenrotation
Sign-in options ms-settings:signinoptions
Storage Sense ms-settings:storagesense
Themes ms-settings:themes
Typing ms-settings:typing
Tablet mode ms-settings://tabletmode/
* Privacy ms-settings:privacy
* Computer Management compmgmt.msc
* Windows Features OptionalFeatures.exe (Add HyperV)
* System Properties SystemPropertiesAdvanced.exe
* System Performance SystemPropertiesPerformance.exe (Disable animations)
* Remote Desktop (RDP) SystemPropertiesRemote.exe
* Security Center wscui.cpl
* Firewall Firewall.cpl
* Power Settings powercfg.cpl
* Certificate Manager certmgr.msc
* Mouse main.cpl (Disable mouse shadow)
* Time and Date timedate.cpl (Analogue clock)
* Task View shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257} (Virtual desktops)
See also: http://ss64.com/nt/shell.html and utl\shell-commands.cmd
for shell::
commands.
Time
Check RTC: https://toolbox.googleapps.com/apps/browserinfo/
Network and ISP
- IPv6 connectivity
- DNS resolvers
- NTP server
- Blocked SMTP port (25/TCP)
- BCP38 Spoofer
Fonts
- https://github.com/andreberg/Meslo-Font/releases (LGS=line gap small, DZ=dotted zero)
- http://www.fontsquirrel.com/fonts/open-sans
Usage in cmd.exe:
@FIXME HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont
000
=Meslo LG M DZ Regular
Cursors
- Windows built-in “Large inverted”
- See folder:
cursor OS X Yosemite for Windows/
- Chrome OS
- OS X Yosemite
Windows Updates
Disable reboot after update
Task Scheduler Library / Microsoft / Windows / UpdateOchestrator / Reboot right-click / Disable
reg ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoRebootWithLoggedOnUsers" /t REG_DWORD /d 1 /f
Applications
- Dataram RAMDisk
- Visual C++ Redist 2013
- Precise time for Windows (ntpd)
- Startup Delayer 64
- Notifu
- Keypirinha
- ShareX
- ConsoleZ
- Shapeshifter
- Caret Premium Markdown Editor
- WinCompose
- 7-zip 64
- CCleaner 64
- HitmanPro.Alert Second opinion behavioral based Anti-Malware, beta
- Kaspersky Security Scan
- herdProtect Portable
- zpaq 64
- bsc 64
- hubiC client
- Total Commander 64
- IrfanView 64
- DiffImg
- Media Player Classic - BE
- latest Skype
- Skype Utility Project
- Skype official full installer
- Portable:
Skype.exe /datapath:"path\to\profiles" /removable
- During call: Call / Call Technical Info
- @TODO tinyssh on Cygwin
- Chromium 64 / NIK stable / No sync / Archive
--safebrowsing-disable-auto-update --lang=en-US --no-proxy-server --disable-translate --disk-cache-size=1
- https://fpdownload.adobe.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
- https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
- https://chrome.google.com/webstore/detail/tag-assistant-by-google/kejbdjndbnbjgmefkgdddjlbokphdefk
- https://chrome.google.com/webstore/detail/google-analytics-debugger/jnkmfdileelhofjcijamephohjechhna
- https://chrome.google.com/webstore/detail/fb-pixel-helper/fdgfkebogiimcoedlicjlajpkdmockpc
- https://chrome.google.com/webstore/detail/seoquake/akdgnmcogleenhbclghghlkkdndkjdjc
- https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg
- https://chrome.google.com/webstore/detail/project-naptha/molncoemjfmpgdkbdlbjmhlcgniigdnf
- UltraVNC 64 Listen on port 5500
- UltraVNC SC
- TeamViewer full version
- Meneré Feedly reader
- todotxt winui, cli
- Libre Office 64
- MuseScore 32
- Miranda NG 64 SkypeWeb protocol
- GIMP 64
- Inkspace 64
- RealWolrd Paint
- Adobe PSE
- PDF-XChange Viewer
- Some PDF Images Extract
- Open Broadcaster Software
- Sizer
Also on http://mirror.szepe.net/software/
Alert on Event log errors
Scheduled task import: Task-Event log alert.xml
Exclude “DistributedCOM 10016”
<Suppress Path="Application">*[System[(EventID=10016)]]</Suppress>
<Suppress Path="Security">*[System[(EventID=10016)]]</Suppress>
<Suppress Path="Setup">*[System[(EventID=10016)]]</Suppress>
<Suppress Path="System">*[System[(EventID=10016)]]</Suppress>
<Suppress Path="ForwardedEvents">*[System[(EventID=10016)]]</Suppress>
wevtutil qe Application "/q:*[System[(Level=1 or Level=2 or Level=3)]]" /f:text /rd:true /c:1
wevtutil qe Security "/q:*[System[(Level=1 or Level=2 or Level=3)]]" /f:text /rd:true /c:1
wevtutil qe Setup "/q:*[System[(Level=1 or Level=2 or Level=3)]]" /f:text /rd:true /c:1
wevtutil qe System "/q:*[System[(Level=1 or Level=2 or Level=3)]]" /f:text /rd:true /c:1
wevtutil qe ForwardedEvents "/q:*[System[(Level=1 or Level=2 or Level=3)]]" /f:text /rd:true /c:1
Google Chrome portable 64 bit
- http://portableapps.com/apps/internet/google_chrome_portable / 64 bit
- Extract with 7-Zip File Manager
find "DownloadURL=" App\AppInfo\installer.ini
wget %DownloadURL%
7za e *_chrome_installer.exe
7za x chrome.7z
Virtualize Windows applications
- http://www.cameyo.com/ (Windows Server)
- https://www.rollapp.com/ (Ubuntu)
- https://turbo.net/ (WINE)
/usr/bin on Windows
Create folder and prepend to PATH
Prepend: %SystemDrive%\usr\bin;
mkdir %SystemDrive%\usr\bin
SystemPropertiesAdvanced.exe
Wget
Binary: https://eternallybored.org/misc/wget/
Mozilla CA certificate store: https://curl.haxx.se/ca/cacert.pem
CA download
:: Download deb package from https://packages.debian.org/stable/all/ca-certificates/download
7za e -t# "./ca-certificates_*_all.deb" "4.xz"
7za e "4.xz"
7za e -o.\bundle "4" ".\usr\share\ca-certificates\mozilla\*.crt"
type ".\bundle\*.crt" > "C:\usr\bin\ca-certificates.crt"
del /Q "ca-certificates_*_all.deb" "4.xz" "4" "bundle"
## C:\usr\bin\.wgetrc
ca-certificate = C:/usr/bin/ca-certificates.crt
content-disposition = on
#default: ca-certificate = c:/ssl/ssl/cert.pem
#http_proxy = http://192.168.2.161:8080/
#server_response = on
#verbose = on
Replace Microsoft CA certificates
wget -nv -O- https://curl.haxx.se/ca/cacert.pem \
| csplit --suppress-matched --elide-empty-files --silent -f "ca-" -b "%03d.crt" - '/^$/' '{*}'
rm -f ca-000.crt
unix2dos *.crt
:: Certificates / Computer account
mmc
FOR %%C IN (ca*.crt) DO (
certutil -addstore "Root" "%%C"
IF ERRORLEVEL 1 PAUSE
)
OpenSSL
https://indy.fulgan.com/SSL/ ZIP: openssl-*-x64_86-win64.zip
C:\usr\openssl\
echo CAfile = C:/usr/bin/cacert.pem> C:\usr\openssl\openssl.cnf
KeePass
Binary: http://keepass.info/download.html C:\usr\keepass\
Tools / Options / Security / Enter Master Key on Secure Desktop cacls auth-data.kdbx /P PC\User:F
Tools / Options / Advanced tab / Automatically save database on exit and workspace locking
Tools / Options / Integration tab / URL overrides…
- lftp:
cmd://cmd.exe /C "echo lftp -e 'set ftp:ssl-allow 0;' -u '{USERNAME},{PASSWORD}' ftp://{BASE:HOST} && pause"
- sshp:
cmd://putty.exe -ssh -P {BASE:PORT} {USERNAME}@{BASE:RMVSCM}
- rdp:
cmd://mstsc.exe /v:{BASE:RMVSCM}
Plugins
C:\usr\keepass\Plugins\
- KeeAgent (SSH agent)
- KeeOtp (TOTP 2FA)
- Readable Passphrase Generator (XKCD-style passwords)
-
- IOProtocolExt (SCP, SFTP, FTPS)
-
- KeeCloud (S3, Azure Blob, Dropbox)
QR code reader with webcam
bcWebCam .NET
Putty
cd \usr\bin
wget -nv -N http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
wget -nv -N http://the.earth.li/~sgtatham/putty/latest/x86/pscp.exe
wget -nv -N http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe
wget -nv -N https://github.com/altercation/solarized/raw/master/putty-colors-solarized/solarized_dark.reg
wget -nv -N https://github.com/altercation/solarized/raw/master/putty-colors-solarized/solarized_light.reg
Alternatives
- https://puttytray.goeswhere.com/ PuTTYtray
- http://www.fosshub.com/KiTTY.html (Cygterm)
- http://www.extraputty.com/download.php
- https://github.com/Maximus5/ConEmu/releases
Firefox Developer Edition
See: ff-dev
Bookmarks for Launchy: browser.bookmarks.autoExportHTML = true
Fullscreen screenshot: Shift + F2 screenshot --fullpage --clipboard
Web Developer extension: https://addons.mozilla.org/en-US/firefox/addon/web-developer/
Keypirinha
Profile\User\Keypirinha.ini
[app]
launch_at_startup = yes
hotkey_run = Alt+F1
[gui]
always_on_top = yes
hide_on_focus_lost = immediate
retain_last_search = yes
escape_always_closes = yes
show_on_taskbar = no
show_scores = no
show_history_hits = no
Virtualization
- Hyper-V: enable in BIOS,
bcdedit /set hypervisorlaunchtype Auto
,virtmgmt.msc
- VMware Workstation Player
- VirtualBox installer
Desktop malware cleaning
-
HitmanPro.Alert & herdProtect
- NoVirusThanks tools
- CryptoPrevent
- AdwCleaner
- Malwarebytes Anti-Malware
- Zemana AntiMalware
- Bitdefender Adware Removal Tool
- Malwarebytes Anti-Rootkit Beta
- Kaspersky TDSSKiller
- https://www.sophos.com/products/free-tools/sophos-anti-rootkit.aspx
- https://www.barkly.com/stackhackr
Cygwin
Create vdisk in diskpart
rem In cmd.exe: mkdir C:\cygwin2
create vdisk file="e:\cygwin64.vhd" maximum=20000
attach vdisk
create partition primary
assign mount="C:\cygwin2"
format label="Cygwin2" quick
Cygwin 64 bit setup
:: Cygwin vdisk script --- cyg-disk.dpt ---
select vdisk file="e:\cygwin64.vhd"
attach vdisk
rem select vdisk file="e:\cygwin64.vhd"
rem detach vdisk
:: Mount Cygwin vdisk --- cygpart-mount.cmd ---
@diskpart /s "C:\usr\bin\cyg-disk.dpt"
Shortcut target
:: Start Cygwin terminal
C:\cygwin2\bin\mintty.exe -i /Cygwin-Terminal.ico -
Associate .dpt extension
ftype DiskPartScript=diskpart.exe /s %1
assoc .dpt=DiskPartScript
Install apt-cyg
wget -nv -P /usr/local/sbin "https://github.com/transcode-open/apt-cyg/raw/master/apt-cyg"
chmod +x /usr/local/sbin/apt-cyg
Cygwin/X (XWin)
xorg-server
xinit
Application example: fontforge
Connect to remote X11: cygwin$ ssh -CXY user@example.com
Also: https://sourceforge.net/projects/vcxsrv/
Backup steps
- Run
backup-workstation.cmd
on Windows shutdown - Have hubiC client back it up daily, keep 10 versions
Remove unused drivers @yearly
set "DEVMGR_SHOW_NONPRESENT_DEVICES=1"
devmgmt.msc
:: View / Show hidden devices
Computer shops
- http://www.mindenolcso.hu/hasznalt-szamitogep.html
- http://www.mindenolcso.hu/hasznalt-monitor.html
- http://www.marseus.hu/hu/memoria/szerver/
- http://microstore.hu/index.php?manufacturer_id[]=503&path=20_94&route=product%2Fcategory