πEverything Windows

π In this πͺ Windows notes repository, I store all of my notes related to the Windows operating system and Win apps.
π Some commands may be outdated.
ββ οΈ This document contains powerful Windows commands - review each carefully before execution, as they may impact your system, and use them at your own risk!
π Resources π
Install
Privacy
Debloat Windows 11
Install
π RECOMMENDED INSTALL SOLUTION β‘οΈ Rufus (simple)
The latest Rufus version can be used to create a bootable USB drive with the preconfigured necessary bypasses and automatic local user creation on the bootable Windows 11 ISO.
π Unattend-generator (advanced)
An additional answer file can be used for more specific first-install settings. Make sure to include
autounattend.xml
file at the root of the Windows installation media to be executed during Windows setup.π winutil - Chris Titus Tech's Windows Utility - Install Programs, Tweaks, Fixes, and Updates
How To Setup Windows - Chris Titus Tech - follow this video for full install with custom
iso
Windows 11 without Internet (manual)
π How to bypass internet connection to install Windows 11 - Pureinfotech
π UPDATED 2025 -> The New BypassNRO - YouTube
Manual bypass during standard install
Install Windows 11 via USB ISO
At the first boot in OOBE (Out-of-the-box experience), select Region and Keyboard layout
On the "Let's connect you to a network" screen, press
SHIFT+F10
on the keyboard to open theCommand Prompt
and type the following command
start ms-cxh:localonly
Create a local default Windows 11 account and proceed
Disable and answer
No
to all the Privacy Settings if not needed
Proceed with the final Configuration.
Configuration
π Tip: The following settings should be used with a clean Windows install; otherwise, proceed with caution β οΈ.
Privacy Settings
-TBA-
Disable Online Start Search
π How to Disable Online or Web Results in Start Menu in Windows 10
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Search /v AllowSearchToUseLocation /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Search /v BingSearchEnabled /t REG_DWORD /d 0 /f
Debloat Win
π winutil - Chris Titus Tech's Windows Utility
π BloatyNosy - by Builtbybel
π Windows11-Debloat-Privacy-Guide
π Win-Debloat-Tools - LeDragoX
β The repositories above contain many useful and powerful scripts. Be sure to review them carefully before applying to your system, and do so at your own risk! β οΈ
Download https://github.com/Raphire/Win11Debloat repo and run
Run.bat
to configureRun additional tweaks like
Regfiles\Hide_Onedrive_Folder.reg
Download https://github.com/LeDragoX/Win-Debloat-Tools repo and run other scripts if necessary (I prefer to run them manually)
Backup-System
Optimize-Privacy
Optimize-ServicesRunning
Optimize-TaskScheduler
Optimize-WindowsFeaturesList
Remove-BloatwareAppsList
Install-NerdFont
...
and Software install tool
Removing Telemetry and other unnecessary services
π The following commands may have already been executed by the scripts above. The command list may be outdated and requires some cleaning and fixing.
Open
cmd.exe
and type the following commands
sc delete DiagTrack
sc delete dmwappushservice
sc delete WerSvc
sc delete OneSyncSvc
sc delete MessagingService
sc delete wercplsupport
sc delete PcaSvc
sc config wlidsvc start=demand
sc delete wisvc
sc delete RetailDemo
sc delete diagsvc
sc delete shpamsvc
sc delete TermService
sc delete UmRdpService
sc delete SessionEnv
sc delete TroubleshootingSvc
for /f "tokens=1" %I in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "wscsvc" ^| find /i "wscsvc"') do (reg delete %I /f)
for /f "tokens=1" %I in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "OneSyncSvc" ^| find /i "OneSyncSvc"') do (reg delete %I /f)
for /f "tokens=1" %I in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "MessagingService" ^| find /i "MessagingService"') do (reg delete %I /f)
for /f "tokens=1" %I in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "PimIndexMaintenanceSvc" ^| find /i "PimIndexMaintenanceSvc"') do (reg delete %I /f)
for /f "tokens=1" %I in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "UserDataSvc" ^| find /i "UserDataSvc"') do (reg delete %I /f)
for /f "tokens=1" %I in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "UnistoreSvc" ^| find /i "UnistoreSvc"') do (reg delete %I /f)
for /f "tokens=1" %I in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "BcastDVRUserService" ^| find /i "BcastDVRUserService"') do (reg delete %I /f)
for /f "tokens=1" %I in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "Sgrmbroker" ^| find /i "Sgrmbroker"') do (reg delete %I /f)
sc delete diagnosticshub.standardcollector.service
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /f
reg add "HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" /v Start /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v AITEnable /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v DisableInventory /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v DisablePCA /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v DisableUAR /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoRecentDocsHistory" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f
reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\WindowsAI" /v DisableAIDataAnalysis /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsAI" /v DisableAIDataAnalysis /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsAI" /v AllowRecallEnablement /t REG_DWORD /d 0 /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowCopilotButton /t REG_DWORD /d 0 /f
reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f
pause
Scheduled tasks
del /F /Q "C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\*"
schtasks /Change /TN "\Microsoft\Windows\AppID\SmartScreenSpecific" /disable
schtasks /Change /TN "\Microsoft\Windows\Application Experience\AitAgent" /disable
schtasks /Change /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable
schtasks /Change /TN "\Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable
schtasks /Change /TN "\Microsoft\Windows\Application Experience\StartupAppTask" /disable
schtasks /Change /TN "\Microsoft\Windows\ApplicationData\DsSvcCleanup" /disable
schtasks /Change /TN "\Microsoft\Windows\Autochk\Proxy" /disable
schtasks /Change /TN "\Microsoft\Windows\Clip\License Validation" /disable
schtasks /Change /TN "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" /disable
schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\BthSQM" /disable
schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable
schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable
schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\Uploader" /disable
schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable
schtasks /Change /TN "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner" /disable
schtasks /Change /TN "\Microsoft\Windows\Diagnosis\Scheduled" /disable
schtasks /Change /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /disable
schtasks /Change /TN "\Microsoft\Windows\DiskFootprint\Diagnostics" /disable
schtasks /Change /TN "\Microsoft\Windows\FileHistory\File History (maintenance mode)" /disable
schtasks /Change /TN "\Microsoft\Windows\License Manager\TempSignedLicenseExchange" /disable
schtasks /Change /TN "\Microsoft\Windows\Location\Notifications" /disable
schtasks /Change /TN "\Microsoft\Windows\Location\WindowsActionDialog" /disable
schtasks /Change /TN "\Microsoft\Windows\Maintenance\WinSAT" /disable
schtasks /Change /TN "\Microsoft\Windows\Maps\MapsToastTask" /disable
schtasks /Change /TN "\Microsoft\Windows\Maps\MapsUpdateTask" /disable
schtasks /Change /TN "\Microsoft\Windows\NetTrace\GatherNetworkInfo" /disable
schtasks /Change /TN "\Microsoft\Windows\PI\Sqm-Tasks" /disable
schtasks /Change /TN "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /disable
schtasks /Change /TN "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /disable
schtasks /Change /TN "\Microsoft\Windows\PushToInstall\LoginCheck" /disable
schtasks /Change /TN "\Microsoft\Windows\PushToInstall\Registration" /disable
schtasks /Change /TN "\Microsoft\Windows\Retail Demo\CleanupOfflineContent" /disable
schtasks /Change /TN "\Microsoft\Windows\Shell\FamilySafetyMonitor" /disable
schtasks /Change /TN "\Microsoft\Windows\Shell\FamilySafetyRefreshTask" /disable
schtasks /Change /TN "\Microsoft\Windows\Shell\FamilySafetyUpload" /disable
schtasks /Change /TN "\Microsoft\Windows\Subscription\EnableLicenseAcquisition" /disable
schtasks /Change /TN "\Microsoft\Windows\Subscription\LicenseAcquisition" /disable
schtasks /Change /TN "\Microsoft\Windows\Windows Error Reporting\QueueReporting" /disable
Italian Dev Keyboard - Tilde and Backtick
Install Italian Dev keyboard - https://github.com/linuxiamo/devs-kb-layout-ita - and setup in Time & language - Language & region - Options - Keyboards
CMD commands
β Most of the following commands have to be run by opening
CMD
as Administrator.
Change Windows Theme
π How to Change Themes in Window 11 Without Activating Windows
Dark theme
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 0 /f
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v SystemUsesLightTheme /t REG_DWORD /d 0 /f
Light theme
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 1 /f
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v SystemUsesLightTheme /t REG_DWORD /d 1 /f
Winget Upgrade Script
Create a
UpgradePackages.bat
with the following content and run it to upgrade installed packages
@echo off
:: Check for admin rights
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
:: If error flag set, we do not have admin rights, so prompt for them
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
powershell.exe -Command "Start-Process '%~dpnx0' -Verb RunAs"
exit /B
)
:: Set the execution policy to allow local scripts to run
powershell -NoProfile -Command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force"
:: Run the winget upgrade command and log the output live
powershell -NoProfile -Command "Start-Transcript -Path UpgradeLog.txt -Force; winget upgrade --all; Stop-Transcript"
:: Indicate completion
echo All packages have been upgraded. Press any key to exit...
pause
cmd Cheatsheet
# System
set
set /?
ver
systeminfo
chkdsk
driverquery
sfc /scannow
shutdown /r
shutdown /a
# Network
ipconfig /all
ping example.com
tracert example.com
nslookup example.com
netstat -abon
netstat -abon | findstr :3389
# Files and Disk
cd
dir
dir /a
dir /s
mkdir dirname
rmdir dirname
type
more
copy
copy *.md
move
del
erase
# Tasks and Processes
tasklist
tasklist /FI "imagename eq notepad.exe"
tasklist /FI "pid eq 1516"
taskkill /PID targetpid
Powershell commands
PS1 Scripts
# 1. Run the script with Bypass mode (One-time execution)
powershell -ExecutionPolicy Bypass -File <SCRIPT.ps1>
# Shorter version
powershell -ep Bypass -f <SCRIPT.ps1>
# 2. Temporarily set execution policy for the current session
Set-ExecutionPolicy Bypass -Scope Process -Force
<SCRIPT.ps1> # Now run the script
# 3. Unblock the script file (if marked as untrusted)
Unblock-File -Path <SCRIPT.ps1>
<SCRIPT.ps1> # Try running again
# 4. Run the script without changing execution policy (using Invoke-Expression)
powershell -Command "Get-Content <SCRIPT.ps1> | Invoke-Expression"
# Alternative (more compact)
iex (Get-Content <SCRIPT.ps1> -Raw)
# 5. Change execution policy permanently (requires admin)
Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force # Allows all scripts
Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force # Allows only signed remote scripts
# 6. Run with -NoProfile to ignore execution policies
powershell -NoProfile -ExecutionPolicy Bypass -File <SCRIPT.ps1>
# 7. Reset execution policy back to restricted (optional, for security)
Set-ExecutionPolicy Restricted -Scope CurrentUser -Force # Blocks all scripts again
# Upgrade all installed packages to the latest version if available
winget upgrade --all
Powercat
Set-ExecutionPolicy Unrestricted
IEX (New-Object System.Net.webclient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1')
powercat -l -p 9000 -v
powercat -h
Directory and File Listing Without Extensions
Get-ChildItem -Recurse -Directory | ForEach-Object {
Write-Output "Directory: $($_.FullName)"
Get-ChildItem -Path $_.FullName | Where-Object { -not $_.PSIsContainer } | ForEach-Object {
$_.BaseName
}
Write-Output ""
} | Out-File -FilePath "C:\path\to\output.txt"
Powershell Cheatsheet
### Syntax ###
# Cmdlet --> Verb-Noun
# Cmdlet -Property "pattern*"
Find-Module -Name "PowerShell*"
Install-Module -Name "PowerShellGet"
Get-Command
Get-Command -CommandType "Function"
Get-Command -Name "Remove*"
Get-Help Get-Date
Get-Help Get-Date -examples
Get-Alias
Get-Alias | findstr echo
Get-ChildItem
Get-ChildItem -r -Filter '*.txt'
Get-ChildItem -Path ".\test\"
Get-ChildItem | Sort-Object Length
Get-ChildItem | Where-Object -Property "Extension" -eq ".txt"
Get-ChildItem | Where-Object -Property "Name" -like "file*"
Get-ChildItem | Where-Object -Property Length -gt 100
Get-ChildItem | Select-Object Name,Length
Get-ChildItem | Sort-Object Length -Descending | Select-Object -First 1
Select-String -Path ".\file.txt" -Pattern "text"
New-Item -Path ".\test\dir" -ItemType "Directory"
New-Item -Path ".\test\dir\file.txt" -ItemType "File"
Remove-Item -Path ".\test\dir\file.txt"
Remove-Item -Path ".\test\dir"
Copy-Item -Path .\test\dir\file.txt -Destination .\test\dir\file2.txt
Get-Content file
Set-Location -Path ".\Documents"
Get-ComputerInfo
Get-LocalUser
Get-NetIPConfiguration
Get-NetIPAddress
Get-Process
Get-Service
Get-Service -DisplayName "*remote*"
Get-NetTCPConnection
Get-FileHash -Path .\file.txt
Get-Help Invoke-Command -examples
Invoke-Command -ComputerName HOSTNAME -ScriptBlock {Get-Service}
Software
π Web: https://live.sysinternals.com/
Via Windows Explorer:
\\live.sysinternals.com\tools
e.g.
Copytools
folder toC:\Program Files\
and rename it tosysinternals
Download
vt_setup.msi
from https://github.com/SamuelTulach/VirusTotalUploader/releasesRun
vt_setup.msi
and install VirusTotalUploaderCreate an account and Get an API key from VirusTotal.com
Copy the API key
Run
VirusTotalUploader
, paste API key and selectDirect file upload

EXTRA: Change the context menu handler by opening
regedit.exe
and searching forVirusTotalUploader
.It should be in
HKEY_CLASSES_ROOT\*\shell
Change the
MUIVerb
data value, e.g. Upload to VirusTotal.

Now you can right-click any file an select "Upload to VirusTotal" to scan it using VirusTotal

Request rate
4 lookups / min
Daily quota
500 lookups / day
Monthly quota
15.5 K lookups / month
Troubleshooting
Delete GRUB files from a Boot EFI partition in Windows
π How to delete GRUB files from a Boot EFI partition in Windows 10
Run a
cmd.exe
process with administrator privilegesRun
diskpart
Type:
list disk
thensel disk X
where X is the drive your boot files reside onType
list vol
to see all partitions (volumes) on the disk (the EFI volume will be formatted in FAT, others will be NTFS)Select the EFI volume by typing:
sel vol Y
where Y is the SYSTEM volume (this is almost always the EFI partition)For convenience, assign a drive letter by typing:
assign letter=M:
where M is a free (unused) drive letterType
exit
to leave disk partWhile still in the
cmd
prompt, type:M:
and hit enter, where M was the drive letter you just created.Type
dir
to list directories on this mounted EFI partitionIf you are in the right place, you should see a directory called EFI
Type
cd EFI
and thendir
to list the child directories inside EFIType
rmdir /S ubuntu
to delete the ubuntu boot directory
## These commands are used to identify and select the hard drive
diskpart
list disk
sel disk 0
## These commands are used to list the partitions, select the Boot EFI partition,
## then assign it a drive letter
list vol
sel vol 2
assign letter=D:
exit
## These commands are used to change into the Boot EFI folder and delete the GRUB folder
cd /d D:
ls
ls EFI
cd EFI
ls
rmdir /s ubuntu
Resize Windows EFI partition
βοΈ Goal
Make the EFI System Partition larger to support Lenovo BIOS update, which requires more than the original 100 MB created by the Windows 11 standard installer.
π Expected result
EFI resized
MSR restored
Boot repaired
Windows stable and functioning
1. Check disk layout
Found that the 100 MB EFI System Partition was too small.
Discovered a 16 MB MSR partition (Microsoft Reserved) between
EFI
andC:
preventing resizing.
2. Deleted the MSR Partition
Booted into GParted Live USB
Deleted the 16 MB
MSR
partition (normally safe but can be risky).*Shrink the left part of the
C:
partition to free up the necessary space.This freed space to the right of the
EFI
partition.
3. Resized the EFI Partition
Expanded the
EFI
partition from 100 MB to a larger size (~300 MB).Applied the changes.
4. BSOD After Reboot
Upon reboot, Windows crashed with BSOD -
NTFS_FILE_SYSTEM stop code.
Cause: likely NTFS structure misalignment or partition table confusion after
MSR
deletion andEFI
+C:
resizing.
5. Recreated the MSR Partition
Booted into Windows recovery
Advanced Startup -> Command Prompt
Used
diskpart
to recreate a 16 MBMSR
partition in the correct spot:diskpart select disk 0 create partition msr size=16
6. Repaired Windows via Advanced Recovery
Rebooted into Windows Recovery Mode.
Used the built-in startup repair tool
Advanced Options β Startup Repair
Windows automatically fixed the bootloader/NTFS issues.
7. System Booted Successfully
No more BSOD.
EFI
partition now has enough space.Ready to proceed with BIOS update or other tasks.
Check disk info - diskpart
DISKPART> sel disk 0
Disk 0 is now the selected disk.
DISKPART> detail disk
CT2000P5PSSD8
Disk ID: {9E********}
Type : NVMe
Status : Online
Path : 0
Target : 0
LUN ID : 0
Location Path : PCIROOT(0)#PCI(0204)#PCI(0000)#NVME(P00T00L00)
Current Read-only State : No
Read-only : No
Boot Disk : Yes
Pagefile Disk : Yes
Hibernation File Disk : No
Crashdump Disk : Yes
Clustered Disk : No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 C NTFS Partition 1857 GB Healthy Boot
Volume 1 FAT32 Partition 2048 MB Healthy System
Volume 2 NTFS Partition 642 MB Healthy Hidden
DISKPART> list part
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System 2048 MB 1024 KB
Partition 2 Reserved 16 MB 2049 MB
Partition 3 Primary 1857 GB 5237 MB
Partition 4 Recovery 642 MB 1862 GB
Last updated
Was this helpful?