Me, myself & IT

The 10 Commandments for Windows^® 10 (plus an 11th for Windows^® 11)

Purpose
Reason
First Commandment
Second Commandment
Third Commandment
Fourth Commandment
Fifth Commandment
Sixth Commandment
Seventh Commandment
Eighth Commandment
Ninth Commandment
Tenth Commandment
Eleventh Commandment
Sample Implementation

Purpose

…

Reason

…

First Commandment: no Short 8.3 Filenames, but Long Pathnames

Short 8.3 filenames are a (completely superfluous) cruft from the past of MS-DOS …

Windows PE

Setup.exe /NoReboot
FSUtil.exe 8Dot3Name Set ‹drive letter›: 1
FSUtil.exe 8Dot3Name Strip /F /S ‹drive letter›:\

FSUtil 8dot3Name

The length limitation of pathnames to MAX_PATH = 260 characters is another cruft from the past …

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"LongPathsEnabled"=dword:00000001

MSDN article Naming Files, Paths, and Namespaces …

Second Commandment: Strict Privilege Separation

Activate the builtin Administrator user account, as documented in the TechNet article Enable and Disable the Built-in Administrator Account, then demote the user account created during Windows setup from (protected) administrator to standard user. …

"%SystemRoot%\System32\Net.exe" USER Administrator /Active:Yes /PasswordReq:Yes
"%SystemRoot%\System32\Net.exe" LOCALGROUP Administrators "%USERNAME%" /Delete
"%SystemRoot%\System32\Net.exe" LOCALGROUP Users "%USERNAME%" /Add

No qUACkery any more: disable silent (automatic) elevation in the ~~user~~ (protected) administrator account created during Windows Setup, and disable elevation in (unprivileged) standard user accounts, as documented in the TechNet article UAC Group Policy Settings and Registry Key Settings:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000000

Block (unprivileged) standard user accounts from logging on in Safe Mode, as documented in the MSKB article 977542:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"SafeModeBlockNonAdmins"=dword:00000001

Separate the system’s user-writable (shared) TEMP directory %SystemRoot%\Temp\ from that of the NT AUTHORITY\SYSTEM alias LocalSystem user account:

MkDir "%SystemRoot%\System32\Config\SystemProfile\AppData\Local\Temp"
If Exist "%SystemRoot%\SysWoW64\Config\SystemProfile" MkDir "%SystemRoot%\SysWoW64\Config\SystemProfile\AppData\Local\Temp"
"%SystemRoot%\System32\SetX.exe" TEMP "%%USERPROFILE%%\AppData\Local\Temp" /M
"%SystemRoot%\System32\SetX.exe" TMP "%%USERPROFILE%%\AppData\Local\Temp" /M

Set the attributes hidden, read-only and system on the system’s (shared) Temp directory %SystemRoot%\Temp\ to prevent File Explorer from trying to perform the permanent damage documented in the MSKB article 950934:

"%SystemRoot%\System32\Attrib.exe" +H +R +S "%SystemRoot%\Temp"

Third Commandment: …

Disable user authentication via Microsoft Accounts:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftAccount]
"DisableUserAuth"=dword:00000001

Fourth Commandment: Security

MSKB article 2893294, the security bulletin MS13-098 and the security advisory Changes in Windows Authenticode Signature Verification

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\WinTrust\Config]
"EnableCertPaddingCheck"="1"

CAVEAT: on 64-bit systems this registry entry must be set in the 32-bit registry branch too!

"%SystemRoot%\System32\Reg.exe" ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\WinTrust\Config" /V "EnableCertPaddingCheck" /T REG_SZ /D "1" /F /REG:64
"%SystemRoot%\System32\Reg.exe" ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\WinTrust\Config" /V "EnableCertPaddingCheck" /T REG_SZ /D "1" /F /REG:32

MSKB articles 239869, 823659, 960859, 973811 and 2793313, plus the TechNet article Configuring Additional LSA Protection

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
; Disable insecure 'LAN Manager' authentication
; 0: send LM and NTLMv1 responses; never use NTLMv2 security
; 1: send LM and NTLMv1 responses; use NTLMv2 if negotiated
; 2: send NTLMv1 response only
; 3: send NTLMv2 response only; still accept both LM and NTLMv1 challenges
; 4: send NTLMv2 response only; refuse LM challenge, accept both NTLMv1 and NTLMv2 challenges
; 5: send NTLMv2 response only; refuse LM and NTLMv1 challenges, accept NTLMv2 challenge only
"LMCompatibilityLevel"=dword:00000005

"NoLMHash"=dword:00000001
"RunAsPPL"=dword:00000001

MSKB article 2264107 and the MSDN article NeedCurrentDirectoryForExePath()

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"CWDIllegalInDLLSearch"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"NoDefaultCurrentDirectoryInExePath"="*"

Fifth Commandment: …

Although the NT Virtual DOS Machine is an optional component since Windows 8.1, it gets installed on-demand as soon as a 16-bit DOS or legacy Windows application is executed.

See the MSDN article Windows components installed on demand for details.

On 32-bit editions, create the Registry entries

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]
"VDMDisallowed"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WoW]
"DisallowedPolicyDefault"=dword:00000001

to disable the NTVDM subsystem for 16-bit applications.

Sixth Commandment: Safety

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
;                       00000020 ; SSL 3.0
;                       00000080 ; TLS 1.0
;                       00000200 ; TLS 1.1
;                       00000800 ; TLS 1.2
;                       00002000 ; TLS 1.3
"SecureProtocols"=dword:00002a00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.3\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Seventh Commandment: Privacy

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo]
"DisabledByGroupPolicy"=dword:00000001

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"AlternateErrorPagesEnabled"=dword:00000000
"HubsSidebarEnabled"=dword:00000000

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowCortanaButton"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search]
"AllowCortana"=dword:00000000
"AllowSearchToUseLocation"=dword:00000000
"BingSearchEnabled"=dword:00000000
"ConnectedSearchPrivacy"=dword:00000003
"ConnectedSearchUseWeb"=dword:00000000
"ConnectedSearchUseWebOverMeteredConnections"=dword:00000000
"CortanaConsent"=dword:00000000
"DisableWebSearch"=dword:00000001
"SearchBoxTaskbarMode"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
"AllowCortana"=dword:00000000
"ConnectedSearchUseWeb"=dword:00000000
"ConnectedSearchUseWebOverMeteredConnections"=dword:00000000
"DisableWebSearch"=dword:00000001
"EnableDynamicContentInWSB"=dword:00000000

Unless you definitively want to use OneDrive and store your personal documents on other people’s servers, create the Registry entries

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OneDrive]
"PreventNetworkTrafficPreUserSignIn"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive]
"DisableFileSync"=dword:00000001
"DisableFileSyncNGSC"=dword:00000001
"DisableLibrariesDefaultSaveToOneDrive"=dword:00000001
"DisableMeteredNetworkFileSync"=dword:00000001

Delete %SystemRoot%\System32\OneDriveSetup.exe on 32-bit systems respectively %SystemRoot%\SysWoW64\OneDriveSetup.exe on 64-bit systems before the first user login to prevent the installation of the OneDrive Client in every user profile (where it is unprotected against tampering and can be overwritten).

Additionally run the command lines

"%SystemRoot%\System32\Reg.exe" LOAD   "HKEY_USERS\DEFAULT" "%SystemDrive%\Users\Default\NTUSER.DAT"
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /V "OneDriveSetup" /F
"%SystemRoot%\System32\Reg.exe" UNLOAD "HKEY_USERS\DEFAULT"

to remove the registry entry that starts the installation program from the Default user’s registry hive.

Unless you definitively want to use the Malicious Software Removal Tool, create the Registry entries

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontOfferThroughWUAU"=dword:00000001
"DontReportInfectionInformation"=dword:00000001

to block its automatic monthly (re)installation via Windows Update and disable its reporting feature, as documented in the MSKB articles 890830 and 891716.

Eighth Commandment: Annoyances

Disable automatic reboot while users are logged on after (automatic) installation of updates, as documented in the TechNet article Configure Automatic Updates in a Non–Active Directory Environment:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
;"ActiveHoursStart"=dword:00000000
;"ActiveHoursEnd"=dword:00000017
"SetActiveHours"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000005
"IncludeRecommendedUpdates"=dword:00000000
"NoAutoRebootWithLoggedOnUsers"=dword:00000001

Disable automatic installation of suggested Apps and Windows App Store Suggestions:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
"ContentDeliveryAllowed"=dword:00000000
"FeatureManagementEnabled"=dword:00000000
"OEMPreInstalledAppsEnabled"=dword:00000000
"PreInstalledAppsEnabled"=dword:00000000
"PreInstalledAppsEverEnabled"=dword:00000000
"SilentInstalledAppsEnabled"=dword:00000000
"SoftLandingEnabled"=dword:00000000
"SubscribedContentEnabled"=dword:00000000
"SubscribedContent-310093Enabled"=dword:00000000
"SubscribedContent-338387Enabled"=dword:00000000
"SubscribedContent-338388Enabled"=dword:00000000
"SubscribedContent-338389Enabled"=dword:00000000
"SubscribedContent-338393Enabled"=dword:00000000
"SystemPaneSuggestionsEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
"DisableWindowsConsumerFeatures"=dword:00000001

Disable Online Help & Tips in the Immersive Control Panel and the News & Interests icon on the Taskbar:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"AllowOnlineTips"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds]
"EnableFeeds"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Feeds]
"ShellFeedsTaskbarViewMode"=dword:00000002

Disable Fast Startup:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"HiberBootEnabled"=dword:00000000

Disable automatic login after reboot:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=dword:00000001

Disable search results from the Internet:

REGEDIT4

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
"DisableSearchBoxSuggestions"=dword:00000001

Disable creation of desktop icon for Edge Chromium:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
"CreateDesktopShortcutDefault"=dword:00000000

Ninth Commandment: …

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore]
"AutoDownload"=dword:00000002
"DisableStoreApps"=dword:00000001
"RemoveWindowsStore"=dword:00000001

"%SystemRoot%\System32\DISM.exe" /Online /Get-ProvisionedAppxPackages /Format:Table | "%SystemRoot%\System32\FindStr.exe" /B /C:"PackageName: " 1>"%SystemRoot%\Setup\Scripts\SetupComplete.tmp"
For /F "Tokens=2 UseBackQ" %%? In ("%SystemRoot%\Setup\Scripts\SetupComplete.tmp") Do "%SystemRoot%\System32\DISM.exe" /Online /Remove-ProvisionedAppxPackage /PackageName:%%?

REGEDIT4

; Disable (re)installation of (de)provisioned 'Apps'
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.3DBuilder_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.549981C3F5F10_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.GetHelp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Getstarted_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.HEIFImageExtension_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Messaging_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MixedReality.Portal_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MSPaint_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Office.OneNote_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.OneConnect_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Outlook.DesktopIntegrationServices_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.People_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Print3D_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ScreenSketch_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SkypeApp_kzf8qxf38zg5c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.StorePurchaseApp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.VCLibs.140.00_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Wallet_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WebMediaExtensions_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WebpImageExtension_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Windows.Photos_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsAlarms_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCalculator_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCamera_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsMaps_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsStore_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Xbox.TCUI_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxApp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameOverlay_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.YourPhone_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe]

Tenth Commandment: …

REGEDIT4

[HKEY_CLASSES_ROOT\.acm]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.ax]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.cab]
"Content Type"="application/vnd.ms-cab-compressed"

[HKEY_CLASSES_ROOT\.com]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.cpl]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.dll]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.drv]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.efi]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.exe]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.ime]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.mui]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.msu]
"Content Type"="application/vnd.ms-cab-compressed"

[HKEY_CLASSES_ROOT\.ocx]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.scr]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.sys]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.tsp]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-1]
"CodePage"=dword:00006FAF ; 28591
"InternetEncoding"=dword:00006FAF

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-2]
"CodePage"=dword:00006FB0 ; 28592
"InternetEncoding"=dword:00006FB0

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-3]
"CodePage"=dword:00006FB1 ; 28593
"InternetEncoding"=dword:00006FB1

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-4]
"CodePage"=dword:00006FB2 ; 28594
"InternetEncoding"=dword:00006FB2

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-5]
"CodePage"=dword:00006FB3 ; 28595
"InternetEncoding"=dword:00006FB3

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-6]
"CodePage"=dword:00006FB4 ; 28596
"InternetEncoding"=dword:00006FB4

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-7]
"CodePage"=dword:00006FB5 ; 28597
"InternetEncoding"=dword:00006FB5

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-8]
"CodePage"=dword:00006FB6 ; 28598
"InternetEncoding"=dword:00006FB6

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-9]
"CodePage"=dword:00006FB7 ; 28599
"InternetEncoding"=dword:00006FB7

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-10]
"CodePage"=dword:00006FB8 ; 28600
"InternetEncoding"=dword:00006FB8

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-11]
"AliasForCharSet"=-
"CodePage"=dword:00006FB9 ; 28601
"InternetEncoding"=dword:00006FB9

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-12]
"CodePage"=dword:00006FBA ; 28602
"InternetEncoding"=dword:00006FBA

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-13]
"CodePage"=dword:00006FBB ; 28603
"InternetEncoding"=dword:00006FBB

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-14]
"CodePage"=dword:00006FBC ; 28604
"InternetEncoding"=dword:00006FBC

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-15]
"CodePage"=dword:00006FBD ; 28605
"InternetEncoding"=dword:00006FBD

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-16]
"CodePage"=dword:00006FBE ; 28606
"InternetEncoding"=dword:00006FBE

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\windows-1254]
"AliasForCharSet"=-
"CodePage"=dword:000004E6 ; 1254
"InternetEncoding"=dword:000004E6

[HKEY_CLASSES_ROOT\MIME\DataBase\Content Type\application/vnd.microsoft.portable-executable]
;"Extension"=".exe"

[HKEY_CLASSES_ROOT\MIME\DataBase\Content Type\application/vnd.ms-cab-compressed]
;"Extension"=".cab"

REGEDIT4

; Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

[HKEY_CLASSES_ROOT\MSI.Package\Shell\RunAs]
"HasLUAShield"=""
"MUIVerb"="@C:\\Windows\\System32\\MSIMsg.dll,-36"

[HKEY_CLASSES_ROOT\MSI.Package\Shell\RunAs\Command]
@="C:\\Windows\\System32\\MSIExec.exe /I \"%L\" %*"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAs]
"HasLUAShield"=""
"MUIVerb"="@C:\\Windows\\System32\\MSIMsg.dll,-39"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAs\Command]
@="C:\\Windows\\System32\\MSIExec.exe /P \"%L\" %*"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAsUser]
@="@C:\\Windows\\System32\\Shell32.dll,-50944"
;@="@C:\\Windows\\System32\\TWinUI.dll,-8502" ; �
"Extended"=""
"SuppressionPolicyEx"="{F211AA05-D4DF-4370-A2A0-9F19C09756A7}"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAsUser\Command]
"DelegateExecute"="{EA72D00E-4960-42FA-BA92-7792A7944C1D}"

REGEDIT4

[HKEY_CLASSES_ROOT\.bmp]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.bmp\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.dib]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.dib\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.gif]
@="PhotoViewer.FileAssoc.GIF"

[HKEY_CLASSES_ROOT\.gif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.GIF"=hex(0):

[HKEY_CLASSES_ROOT\.ico]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.ico\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.jfif]
@="PhotoViewer.FileAssoc.JFIF"

[HKEY_CLASSES_ROOT\.jfif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JFIF"=hex(0):

[HKEY_CLASSES_ROOT\.jpe]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpe\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.jpeg]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpeg\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.jpg]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpg\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.png]
@="PhotoViewer.FileAssoc.PNG"

[HKEY_CLASSES_ROOT\.png\OpenWithProgIDs]
"PhotoViewer.FileAssoc.PNG"=hex(0):

[HKEY_CLASSES_ROOT\.rle]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.rle\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.tif]
@="PhotoViewer.FileAssoc.TIFF"

[HKEY_CLASSES_ROOT\.tif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.TIFF"=hex(0):

[HKEY_CLASSES_ROOT\.tiff]
@="PhotoViewer.FileAssoc.TIFF"

[HKEY_CLASSES_ROOT\.tiff\OpenWithProgIDs]
"PhotoViewer.FileAssoc.TIFF"=hex(0):

[HKEY_CLASSES_ROOT\.wdp]
@="PhotoViewer.FileAssoc.WDP"

[HKEY_CLASSES_ROOT\.wdp\OpenWithProgIDs]
"PhotoViewer.FileAssoc.WDP"=hex(0):

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Print\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Print\DropTarget]
"CLSID"="{60FD46DE-F830-4894-A628-6FA81BC0190D}"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\SupportedTypes]
".bmp"=""
".dib"=""
".gif"=""
".ico"=""
".jfif"=""
".jpe"=""
".jpeg"=""
".jpg"=""
".png"=""
".rle"=""
".tif"=""
".tiff"=""
".wdp"=""

[HKEY_CLASSES_ROOT\icofile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\icofile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\icofile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3056"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-70"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-71"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-72"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-72"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3057"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-71"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3058"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-122"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\DefaultIcon]
@="C:\\Windows\\System32\\WMPhoto.dll,-400"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\SystemFileAssociations\.bmp\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.dib\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.gif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.ico\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jfif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpe\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpeg\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpg\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.png\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.rle\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.tif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.tiff\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.wdp\OpenWithList\PhotoViewer.dll]

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Print\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Print\DropTarget]
"CLSID"="{60FD46DE-F830-4894-A628-6FA81BC0190D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities]
"ApplicationDescription"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3069"
"ApplicationName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3009"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
".bmp"="PhotoViewer.FileAssoc.BitMap"
".dib"="PhotoViewer.FileAssoc.BitMap"
".gif"="PhotoViewer.FileAssoc.GIF"
".ico"="PhotoViewer.FileAssoc.BitMap"
".jfif"="PhotoViewer.FileAssoc.JFIF"
".jpe"="PhotoViewer.FileAssoc.JPEG"
".jpeg"="PhotoViewer.FileAssoc.JPEG"
".jpg"="PhotoViewer.FileAssoc.JPEG"
".png"="PhotoViewer.FileAssoc.PNG"
".rle"="PhotoViewer.FileAssoc.BitMap"
".tif"="PhotoViewer.FileAssoc.TIFF"
".tiff"="PhotoViewer.FileAssoc.TIFF"
".wdp"="PhotoViewer.FileAssoc.WDP"

Eleventh Commandment: Prevent Installation of Outlook for Windows etc.

Prevent the installation of Apps like Outlook for Windows during the OoBE phase:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\EdgeUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate]

Sample Implementation

SetupComplete.cmd

The batch script SetupComplete.cmd is executed during installation of Windows Vista and later versions after the second reboot, between the Specialize and the OoBE phase; it runs (invisible) under the NT AUTHORITY\SYSTEM alias LocalSystem user account.

Rem Copyright © 2009-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

Rem Prevent accidental execution
If Not "%USERNAME%" == "SYSTEM" Exit /B
If /I Not "%USERPROFILE%" == "%SystemRoot%\System32\Config\SystemProfile" Exit /B
If /I Not "%~f0" == "%SystemRoot%\Setup\Scripts\SetupComplete.cmd" Exit /B

Call :REDIRECT %* 0<NUL: 1>"%SystemRoot%\Setup\Scripts\SetupComplete.out" 2>"%SystemRoot%\Setup\Scripts\SetupComplete.err"
Exit /B

:REDIRECT

…

Rem Private 'TEMP' directory for 'LocalSystem' user account
If /I "%TEMP%" == "%SystemRoot%\Temp" (
"%SystemRoot%\System32\SetX.exe" TEMP "%%USERPROFILE%%\AppData\Local\Temp" /M
"%SystemRoot%\System32\SetX.exe" TMP "%%USERPROFILE%%\AppData\Local\Temp" /M
MkDir "%SystemRoot%\System32\Config\SystemProfile\AppData\Local\Temp"
If Exist "%SystemRoot%\SysWoW64\Config\SystemProfile" MkDir "%SystemRoot%\SysWoW64\Config\SystemProfile\AppData\Local\Temp"
)

…

Rem Disable builtin 'Guest' user account
"%SystemRoot%\System32\Net.exe" USER Guest /Active:No

Rem Enable builtin 'Administrator' user account and set random password
Rem (https://support.microsoft.com/en-us/kb/251394)
"%SystemRoot%\System32\Net.exe" USER Administrator /Active:Yes /FullName:"Stefan Kanthak" /PasswordReq:Yes /Random

…

Rem Disable offer for permanent ACL change on inaccessible directories in 'File Explorer'
Rem (https://support.microsoft.com/en-us/kb/950934)
For %%? In ("%SystemRoot%\Security\Audit"
            "%SystemRoot%\ServiceProfiles\LocalService"
            "%SystemRoot%\ServiceProfiles\NetworkService"
            "%SystemRoot%\Temp") Do "%SystemRoot%\System32\Attrib.exe" +H +R +S "%%?"

…

Rem Remove 'Provisioned Apps'
"%SystemRoot%\System32\DISM.exe" /Online /Get-ProvisionedAppxPackages /Format:Table | "%SystemRoot%\System32\FindStr.exe" /B /C:"PackageName: " 1>"%SystemRoot%\Setup\Scripts\SetupComplete.tmp"
For /F "Tokens=2 UseBackQ" %%? In ("%SystemRoot%\Setup\Scripts\SetupComplete.tmp") Do "%SystemRoot%\System32\DISM.exe" /Online /Remove-ProvisionedAppxPackage /PackageName:%%?

…

Rem Remove 'Edge Chromium'
Rem If Defined ProgramFiles(x86) (For /R "%ProgramFiles(x86)%\Microsoft\Edge\Application" %%? In (Setup?.Exe) Do Set SETUP=%%~?) Else (For /R "%ProgramFiles%\Microsoft\Edge\Application" %%? In (Setup?.Exe) Do Set SETUP=%%~?)
Rem If Defined SETUP "%SETUP%" --force-uninstall --system-level --uninstall --verbose-logging

…

Rem Move 'Network Database'
MkDir "%ProgramData%\Microsoft\Network\Database"
Move "%SystemRoot%\System32\Drivers\Etc\*" "%ProgramData%\Microsoft\Network\Database"
For %%! In ("%ProgramData%\Microsoft\Network\Database\*") Do @(
For /D /R "%SystemRoot%\WinSxS" %%? In (*) Do @(
If Exist "%%?\%%~nx!" MkLink /H "%SystemRoot%\System32\Drivers\Etc\%%~nx!" "%%?\%%~nx!"))

…

Rem Prevent installation of 'OneDrive Client'
If Defined ProgramFiles(x86) (
Delete "%SystemRoot%\SysWoW64\OneDriveSetup.exe"
) Else (
Delete "%SystemRoot%\System32\OneDriveSetup.exe"
)
"%SystemRoot%\System32\Reg.exe" LOAD   "HKEY_USERS\DEFAULT" "%SystemDrive%\Users\Default\NTUSER.DAT"
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /V "OneDriveSetup" /F
"%SystemRoot%\System32\Reg.exe" UNLOAD "HKEY_USERS\DEFAULT"

…

Rem Prevent installation of 'Outlook for Windows' etc.
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate" /F
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\EdgeUpdate" /F
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate" /F

…

"%SystemRoot%\System32\Reg.exe" IMPORT "%SystemRoot%\Setup\Scripts\SetupComplete.reg"

…

Rem (https://msdn.microsoft.com/en-us/library/gg441316.aspx)
"%SystemRoot%\System32\RunDLL32.exe" "%SystemRoot%\System32\AdvPack.dll",LaunchINFSection "%SystemRoot%\Setup\Scripts\SetupComplete.inf",UnattendedInstall

…

SetupConfig.ini %SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini

[SetupConfig]
;AddBootMgrLast
;Auto={ Clean | DataOnly | Upgrade }
;BitLocker={ AlwaysSuspend | TryKeepActive | ForceKeepActive }
;CompactOS={ Enable | Disable }
;Compat={ IgnoreWarning | ScanOnly }
;CopyLogs=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;DiagnosticPrompt={ Disable | Enable }
;DynamicUpdate={ Disable | Enable }
;InstallDrivers=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;InstallFrom=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;InstallLangPacks=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;M=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;MigNEO=Disable
;MigrateDrivers={ All | None }
NoReboot
;PKey=23467-89BCD-FGHJK-MNPQR-TVWXY
;Priority=Normal
;PostOOBE=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \setupcomplete.cmd ]
;PostRollback=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \setuprollback.cmd ]
;PostRollbackContext={ System | User }
;Quiet
;ReflectDrivers=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;ResizeRecoveryPartition={ Disable | Enable }
;ShowOOBE={ Full | None }
;Telemetry={ Disable | Enable }
;TempDrive=‹drive›:
;Unattend=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \unattend.xml ]
;Uninstall={ Disable | Enable }

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

The software and the documentation on this site are provided as is without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising from the use of the software or the documentation.
Permission is granted to use the current version of the software and the current version of the documentation solely for personal private and non-commercial purposes.
An individuals use of the software or the documentation in his or her capacity or function as an agent, (independent) contractor, employee, member or officer of a business, corporation or organisation (commercial or non-commercial) does not qualify as personal private and non-commercial purpose.
Without written approval from the author the software or the documentation must not be used for a business, for commercial, corporate, governmental, military or organisational purposes of any kind, or in a commercial, corporate, governmental, military or organisational environment of any kind.
Redistribution of the software and the documentation is allowed only in unmodified form of its current version and free of charge.

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):

the (pseudonymised) IP address;
the date and time of the request;
the URL of the requested web page or file;
the Referer and User-Agent HTTP headers sent by the web browser;
the result (success or failure) of the request;
the amount of data received and sent.