Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

The 10 Commandments for Windows® 10

Purpose
Reason
First Commandment
Second Commandment
Third Commandment
Fourth Commandment
Fifth Commandment
Sixth Commandment
Seventh Commandment
Eighth Commandment
Ninth Commandment
Tenth Commandment
...

Purpose

Reason

First Commandment: No Short 8.3 Filenames, but Long Pathnames

Short 8.3 filenames are a (completely superfluous) cruft from the past of MS-DOS ...

Windows PE

Setup.exe /NoReboot
Reg.exe Query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RecoveryEnvironment" /V "TargetOS"
FSUtil.exe 8Dot3Name Set ‹drive letter›: 1
FSUtil.exe 8Dot3Name Strip /F /S ‹drive letter›:\
...

The length limitation of pathnames to MAX_PATH = 260 characters is another cruft from the past ...

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"LongPathsEnabled"=dword:00000001
...

Second Commandment: Strict Privilege Separation

Activate the builtin Administrator user account, as documented in the TechNet article Enable and Disable the Built-in Administrator Account, then demote the user account created during Windows setup from (protected) administrator to standard user. ...
"%SystemRoot%\System32\Net.exe" USER Administrator /Active:Yes /PasswordReq:Yes
"%SystemRoot%\System32\Net.exe" LOCALGROUP Administrators "%USERNAME%" /Delete
"%SystemRoot%\System32\Net.exe" LOCALGROUP Users "%USERNAME%" /Add
qUACkery ... to disable UAC from silent (automatic) elevation in the user protected administrator account created during Windows Setup, and to disable elevation in (unprivileged) standard user accounts, as documented in the TechNet article UAC Group Policy Settings and Registry Key Settings.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000000
REGEDIT4

; Disable 'Standard Users' in 'Safe Mode' (KB977542)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"SafeModeBlockNonAdmins"=dword:00000001
Separate the system’s (shared) TEMP directory from that of the NT AUTHORITY\SYSTEM alias LocalSystem user account:
MkDir "%SystemRoot%\System32\Config\SystemProfile\AppData\Local\Temp"
If Exist "%SystemRoot%\SysWoW64\Config\SystemProfile" MkDir "%SystemRoot%\SysWoW64\Config\SystemProfile\AppData\Local\Temp"
"%SystemRoot%\System32\SetX.exe" TEMP "%%USERPROFILE%%\AppData\Local\Temp" /M
"%SystemRoot%\System32\SetX.exe" TMP "%%USERPROFILE%%\AppData\Local\Temp" /M
Set the attributes hidden, read-only and system on the system’s (shared) Temp directory %SystemRoot%\Temp\ to prevent File Explorer from trying to perform the permanent damage documented in the MSKB article 950934:
"%SystemRoot%\System32\Attrib.exe" +H +R +S "%SystemRoot%\Temp"

Third Commandment: ...

MSKB article 2893294, the security bulletin MS13-098 and the security advisory Changes in Windows Authenticode Signature Verification
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\WinTrust\Config]
"EnableCertPaddingCheck"="1"

Fourth Commandment: Security

MSKB articles 239869, 823659, 960859, 973811 and 2793313, plus the TechNet article Configuring Additional LSA Protection
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
; Disable insecure 'LAN Manager' authentication
; 0: send LM and NTLMv1 responses; never use NTLMv2 security
; 1: send LM and NTLMv1 responses; use NTLMv2 if negotiated
; 2: send NTLMv1 response only
; 3: send NTLMv2 response only; still accept both LM and NTLMv1 challenges
; 4: send NTLMv2 response only; refuse LM challenge, accept both NTLMv1 and NTLMv2 challenges
; 5: send NTLMv2 response only; refuse LM and NTLMv1 challenges, accept NTLMv2 challenge only
"LMCompatibilityLevel"=dword:00000005

"NoLMHash"=dword:00000001
"RunAsPPL"=dword:00000001
MSKB article 2264107 and the MSDN article NeedCurrentDirectoryForExePath()
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"CWDIllegalInDLLSearch"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"NoDefaultCurrentDirectoryInExePath"="*"

Fifth Commandment: ...

Although the NT Virtual DOS Machine is an optional component since Windows 8.1, it gets installed on-demand as soon as a 16-bit DOS or legacy Windows application is executed.

See the MSDN article Windows components installed on demand for details.

On 32-bit editions, create the Registry entries

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]
"VDMDisallowed"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WoW]
"DisallowedPolicyDefault"=dword:00000001
to disable the NTVDM subsystem for 16-bit applications.

Sixth Commandment: Safety

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
;                       00000020 ; SSL 3.0
;                       00000080 ; TLS 1.0
;                       00000200 ; TLS 1.1
;                       00000800 ; TLS 1.2
;                       00002000 ; TLS 1.3
"SecureProtocols"=dword:00002a00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.3\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Seventh Commandment: Privacy

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo]
"DisabledByGroupPolicy"=dword:00000001
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
"AllowCortana"=dword:00000000
"ConnectedSearchUseWeb"=dword:00000000
"ConnectedSearchUseWebOverMeteredConnections"=dword:00000000
"DisableWebSearch"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search]
"AllowCortana"=dword:00000000
"AllowSearchToUseLocation"=dword:00000000
"BingSearchEnabled"=dword:00000000
"ConnectedSearchPrivacy"=dword:00000003
"ConnectedSearchUseWeb"=dword:00000000
"ConnectedSearchUseWebOverMeteredConnections"=dword:00000000
"CortanaConsent"=dword:00000000
"DisableWebSearch"=dword:00000001
Unless you definitively want to use OneDrive and store your personal documents on other people’s servers, create the Registry entries
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OneDrive]
"PreventNetworkTrafficPreUserSignIn"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive]
"DisableFileSync"=dword:00000001
"DisableFileSyncNGSC"=dword:00000001
"DisableLibrariesDefaultSaveToOneDrive"=dword:00000001
"DisableMeteredNetworkFileSync"=dword:00000001
To prevent the installation of the OneDrive Client in every user profile (where it is unprotected and can be overwritten), delete %SystemRoot%\SysWoW64\OneDriveSetup.exe before the first user login. Additionally run the command lines
REG.EXE LOAD   "HKEY_USERS\DEFAULT" "%SystemDrive%\Users\Default\NTUSER.DAT"
REG.EXE DELETE "HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /V "OneDriveSetup" /F
REG.EXE UNLOAD "HKEY_USERS\DEFAULT"
remove the registry entry that starts the installation program from the Default user’s registry hive.

Unless you definitively want to use the Malicious Software Removal Tool, create the Registry entries

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontOfferThroughWUAU"=dword:00000001
"DontReportInfectionInformation"=dword:00000001
to block its automatic monthly (re)installation via Windows Update and disable its reporting feature, as documented in the MSKB articles 890830, and 891716.

Eighth Commandment: Annoyances

Disable automatic reboot while users are logged on after (automatic) installation of updates, as documented in the TechNet article Configure Automatic Updates in a Non–Active Directory Environment:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000005
"IncludeRecommendedUpdates"=dword:00000000
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
Disable automatic installation of suggested Apps and Windows App Store Suggestions:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
"ContentDeliveryAllowed"=dword:00000000
"FeatureManagementEnabled"=dword:00000000
"OEMPreInstalledAppsEnabled"=dword:00000000
"PreInstalledAppsEnabled"=dword:00000000
"PreInstalledAppsEverEnabled"=dword:00000000
"SilentInstalledAppsEnabled"=dword:00000000
"SoftLandingEnabled"=dword:00000000
"SubscribedContentEnabled"=dword:00000000
"SubscribedContent-310093Enabled"=dword:00000000
"SubscribedContent-338387Enabled"=dword:00000000
"SubscribedContent-338388Enabled"=dword:00000000
"SubscribedContent-338389Enabled"=dword:00000000
"SubscribedContent-338393Enabled"=dword:00000000
"SystemPaneSuggestionsEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
"DisableWindowsConsumerFeatures"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds]
"EnableFeeds"=dword:00000000
Disable Fast Startup:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"HiberBootEnabled"=dword:00000000
Disable automatic login after reboot:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=dword:00000001

Ninth Commandment: ...

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore]
"AutoDownload"=dword:00000002
"DisableStoreApps"=dword:00000001
"RemoveWindowsStore"=dword:00000001
"%SystemRoot%\System32\DISM.exe" /Online /Get-ProvisionedAppxPackages /Format:Table | "%SystemRoot%\System32\FindStr.exe" /B /C:"PackageName: " 1>"%SystemRoot%\Setup\Scripts\SetupComplete.tmp"
For /F "Tokens=2 UseBackQ" %%? In ("%SystemRoot%\Setup\Scripts\SetupComplete.tmp") Do "%SystemRoot%\System32\DISM.exe" /Online /Remove-ProvisionedAppxPackage /PackageName:%%?

Tenth Commandment: ...

REGEDIT4

; Copyright © 2004-2022, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

[HKEY_CLASSES_ROOT\MSI.Package\Shell\RunAs]
"HasLUAShield"=""
"MUIVerb"="@C:\\Windows\\System32\\MSIMsg.dll,-36"

[HKEY_CLASSES_ROOT\MSI.Package\Shell\RunAs\Command]
@="C:\\Windows\\System32\\MSIExec.exe /I \"%L\" %*"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAs]
"HasLUAShield"=""
"MUIVerb"="@C:\\Windows\\System32\\MSIMsg.dll,-39"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAs\Command]
@="C:\\Windows\\System32\\MSIExec.exe /P \"%L\" %*"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAsUser]
@="@C:\\Windows\\System32\\Shell32.dll,-50944"
;@="@C:\\Windows\\System32\\TWinUI.dll,-8502" ; �
"Extended"=""
"SuppressionPolicyEx"="{F211AA05-D4DF-4370-A2A0-9F19C09756A7}"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAsUser\Command]
"DelegateExecute"="{EA72D00E-4960-42FA-BA92-7792A7944C1D}"
REGEDIT4

[HKEY_CLASSES_ROOT\.bmp]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.bmp\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.dib]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.dib\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.gif]
@="PhotoViewer.FileAssoc.GIF"

[HKEY_CLASSES_ROOT\.gif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.GIF"=hex(0):

[HKEY_CLASSES_ROOT\.ico]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.ico\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.jfif]
@="PhotoViewer.FileAssoc.JFIF"

[HKEY_CLASSES_ROOT\.jfif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JFIF"=hex(0):

[HKEY_CLASSES_ROOT\.jpe]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpe\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.jpeg]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpeg\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.jpg]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpg\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.png]
@="PhotoViewer.FileAssoc.PNG"

[HKEY_CLASSES_ROOT\.png\OpenWithProgIDs]
"PhotoViewer.FileAssoc.PNG"=hex(0):

[HKEY_CLASSES_ROOT\.rle]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.rle\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.tif]
@="PhotoViewer.FileAssoc.TIFF"

[HKEY_CLASSES_ROOT\.tif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.TIFF"=hex(0):

[HKEY_CLASSES_ROOT\.tiff]
@="PhotoViewer.FileAssoc.TIFF"

[HKEY_CLASSES_ROOT\.tiff\OpenWithProgIDs]
"PhotoViewer.FileAssoc.TIFF"=hex(0):

[HKEY_CLASSES_ROOT\.wdp]
@="PhotoViewer.FileAssoc.WDP"

[HKEY_CLASSES_ROOT\.wdp\OpenWithProgIDs]
"PhotoViewer.FileAssoc.WDP"=hex(0):

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Print\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Print\DropTarget]
"CLSID"="{60FD46DE-F830-4894-A628-6FA81BC0190D}"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\SupportedTypes]
".bmp"=""
".dib"=""
".gif"=""
".ico"=""
".jfif"=""
".jpe"=""
".jpeg"=""
".jpg"=""
".png"=""
".rle"=""
".tif"=""
".tiff"=""
".wdp"=""

[HKEY_CLASSES_ROOT\icofile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\icofile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\icofile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3056"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-70"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-71"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-72"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-72"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3057"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-71"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3058"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-122"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\DefaultIcon]
@="C:\\Windows\\System32\\WMPhoto.dll,-400"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\SystemFileAssociations\.bmp\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.dib\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.gif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.ico\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jfif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpe\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpeg\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpg\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.png\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.rle\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.tif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.tiff\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.wdp\OpenWithList\PhotoViewer.dll]

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Print\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Print\DropTarget]
"CLSID"="{60FD46DE-F830-4894-A628-6FA81BC0190D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities]
"ApplicationDescription"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3069"
"ApplicationName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3009"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
".bmp"="PhotoViewer.FileAssoc.BitMap"
".dib"="PhotoViewer.FileAssoc.BitMap"
".gif"="PhotoViewer.FileAssoc.GIF"
".ico"="PhotoViewer.FileAssoc.BitMap"
".jfif"="PhotoViewer.FileAssoc.JFIF"
".jpe"="PhotoViewer.FileAssoc.JPEG"
".jpeg"="PhotoViewer.FileAssoc.JPEG"
".jpg"="PhotoViewer.FileAssoc.JPEG"
".png"="PhotoViewer.FileAssoc.PNG"
".rle"="PhotoViewer.FileAssoc.BitMap"
".tif"="PhotoViewer.FileAssoc.TIFF"
".tiff"="PhotoViewer.FileAssoc.TIFF"
".wdp"="PhotoViewer.FileAssoc.WDP"

...

SetupComplete.cmd

The batch script SetupComplete.cmd is executed after the second reboot; it runs (invisible) under the NT AUTHORITY\SYSTEM alias LocalSystem user account.

Rem Copyright © 2009-2022, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

Rem Prevent accidental execution
If Not "%USERNAME%" == "SYSTEM" Exit /B
If /I Not "%USERPROFILE%" == "%SystemRoot%\System32\Config\SystemProfile" Exit /B
If /I Not "%~f0" == "%SystemRoot%\Setup\Scripts\SetupComplete.cmd" Exit /B

Call :REDIRECT %* 0<NUL: 1>"%SystemRoot%\Setup\Scripts\SetupComplete.out" 2>"%SystemRoot%\Setup\Scripts\SetupComplete.err"
Exit /B

:REDIRECT

…

Rem Private 'TEMP' directory for 'LocalSystem' user account
If /I "%TEMP%" == "%SystemRoot%\Temp" (
"%SystemRoot%\System32\SetX.exe" TEMP "%%USERPROFILE%%\AppData\Local\Temp" /M
"%SystemRoot%\System32\SetX.exe" TMP "%%USERPROFILE%%\AppData\Local\Temp" /M
MkDir "%SystemRoot%\System32\Config\SystemProfile\AppData\Local\Temp"
If Exist "%SystemRoot%\SysWoW64\Config\SystemProfile" MkDir "%SystemRoot%\SysWoW64\Config\SystemProfile\AppData\Local\Temp"
)

…

Rem Disable builtin 'Guest' user account
"%SystemRoot%\System32\Net.exe" USER Guest /Active:No

Rem Enable builtin 'Administrator' user account and set random password
Rem (https://support.microsoft.com/en-us/kb/251394)
"%SystemRoot%\System32\Net.exe" USER Administrator /Active:Yes /FullName:"Stefan Kanthak" /PasswordReq:Yes /Random

…

Rem Disable offer for permanent ACL change on inaccessible directories in 'File Explorer'
Rem (https://support.microsoft.com/en-us/kb/950934)
For %%? In ("%SystemRoot%\Security\Audit"
            "%SystemRoot%\ServiceProfiles\LocalService"
            "%SystemRoot%\ServiceProfiles\NetworkService"
            "%SystemRoot%\Temp") Do "%SystemRoot%\System32\Attrib.exe" +H +R +S "%%?"

…

Rem Remove 'Provisioned Apps'
"%SystemRoot%\System32\DISM.exe" /Online /Get-ProvisionedAppxPackages /Format:Table | "%SystemRoot%\System32\FindStr.exe" /B /C:"PackageName: " 1>"%SystemRoot%\Setup\Scripts\SetupComplete.tmp"
For /F "Tokens=2 UseBackQ" %%? In ("%SystemRoot%\Setup\Scripts\SetupComplete.tmp") Do "%SystemRoot%\System32\DISM.exe" /Online /Remove-ProvisionedAppxPackage /PackageName:%%?

…

Rem Remove 'Edge Chromium'
Rem If Defined ProgramFiles(x86) (For /R "%ProgramFiles(x86)%\Microsoft\Edge\Application" %%? In (Setup?.Exe) Do Set SETUP=%%~?) Else (For /R "%ProgramFiles%\Microsoft\Edge\Application" %%? In (Setup?.Exe) Do Set SETUP=%%~?)
Rem If Defined SETUP "%SETUP%" --uninstall --verbose-logging --system-level --force-uninstall

…

Rem Move 'Network Database'
MkDir "%ProgramData%\Microsoft\Network\Database"
Move "%SystemRoot%\System32\Drivers\Etc\*" "%ProgramData%\Microsoft\Network\Database"
For %%! In ("%ProgramData%\Microsoft\Network\Database\*") Do @(
For /D /R "%SystemRoot%\WinSxS" %%? In (*) Do @(
If Exist "%%?\%%~nx!" MkLink /H "%SystemRoot%\System32\Drivers\Etc\%%~nx!" "%%?\%%~nx!"))

…

"%SystemRoot%\System32\Reg.exe" IMPORT "%SystemRoot%\Setup\Scripts\SetupComplete.reg"

…

Rem (https://msdn.microsoft.com/en-us/library/gg441316.aspx)
"%SystemRoot%\System32\RunDLL32.exe" "%SystemRoot%\System32\AdvPack.dll",LaunchINFSection "%SystemRoot%\Setup\Scripts\SetupComplete.inf",UnattendedInstall

…
SetupConfig.ini %SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
[SetupConfig]
;AddBootMgrLast
;Auto={ Clean | DataOnly | Upgrade }
;BitLocker={ AlwaysSuspend | TryKeepActive | ForceKeepActive }
;CompactOS={ Enable | Disable }
;Compat={ IgnoreWarning | ScanOnly }
;CopyLogs=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;DiagnosticPrompt={ Disable | Enable }
;DynamicUpdate={ Disable | Enable }
;InstallDrivers=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;InstallFrom=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;InstallLangPacks=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;M=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;MigNEO=Disable
;MigrateDrivers={ All | None }
NoReboot
;PKey=23467-89BCD-FGHJK-MNPQR-TVWXY
;Priority=Normal
;PostOOBE=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \setupcomplete.cmd ]
;PostRollback=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \setuprollback.cmd ]
;PostRollbackContext={ System | User }
;Quiet
;ReflectDrivers=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;ResizeRecoveryPartition={ Disable | Enable }
;ShowOOBE={ Full | None }
;Telemetry={ Disable | Enable }
;TempDrive=‹drive›:
;Unattend=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \unattend.xml ]
;Uninstall={ Disable | Enable }

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):


Copyright © 1995–2022 • Stefan Kanthak • <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>