đ In this đĒ Windows notes repository, I store all of my notes related to the Windows operating system and Win apps.
đ Some commands can be outdated.
đ Resources đ
Install
Privacy
Debloat Windows 11
Install
Windows 11 without Internet
đ How to bypass internet connection to install Windows 11 - Pureinfotech
At the first boot in OOBE (Out-of-the-box experience), select Region and Keyboard layout
On the "Let's connect you to a network" screen, press SHIFT+F10 on the keyboard to open the Command Prompt, type the following command and wait for the reboot.
After the reboot, click I don't have internet when asked to connect and Continue with limited setup.
Create a local default Windows 11 account and proceed.
Disable and answer No to all the Privacy Settings if not needed.
Proceed with the final Configuration .
Configuration
đ Tip : The following settings should be used with a clean Windows install ; otherwise, proceed with caution â ī¸.
Privacy Settings
-TBA-
Disable Bing Search
đ How To Disable Bing Search On Windows 11
Copy reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Search / v BingSearchEnabled / t REG_DWORD / d 0 / f Debloat Win
đ BloatyNosy - by Builtbybel
đ Windows11-Debloat-Privacy-Guide
Removing Telemetry and other unnecessary services
Open cmd.exe and type the following commands
Copy sc delete DiagTrack
sc delete dmwappushservice
sc delete WerSvc
sc delete OneSyncSvc
sc delete MessagingService
sc delete wercplsupport
sc delete PcaSvc
sc config wlidsvc start = demand
sc delete wisvc
sc delete RetailDemo
sc delete diagsvc
sc delete shpamsvc
sc delete TermService
sc delete UmRdpService
sc delete SessionEnv
sc delete TroubleshootingSvc
for / f "tokens=1" % I in ( 'reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "wscsvc" ^| find /i "wscsvc"' ) do (reg delete % I / f)
for / f "tokens=1" % I in ( 'reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "OneSyncSvc" ^| find /i "OneSyncSvc"' ) do (reg delete % I / f)
for / f "tokens=1" % I in ( 'reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "MessagingService" ^| find /i "MessagingService"' ) do (reg delete % I / f)
for / f "tokens=1" % I in ( 'reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "PimIndexMaintenanceSvc" ^| find /i "PimIndexMaintenanceSvc"' ) do (reg delete % I / f)
for / f "tokens=1" % I in ( 'reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "UserDataSvc" ^| find /i "UserDataSvc"' ) do (reg delete % I / f)
for / f "tokens=1" % I in ( 'reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "UnistoreSvc" ^| find /i "UnistoreSvc"' ) do (reg delete % I / f)
for / f "tokens=1" % I in ( 'reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "BcastDVRUserService" ^| find /i "BcastDVRUserService"' ) do (reg delete % I / f)
for / f "tokens=1" % I in ( 'reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "Sgrmbroker" ^| find /i "Sgrmbroker"' ) do (reg delete % I / f)
sc delete diagnosticshub.standardcollector.service
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" / v "NumberOfSIUFInPeriod" / t REG_DWORD / d 0 / f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" / v "PeriodInNanoSeconds" / f
reg add "HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" / v Start / t REG_DWORD / d 0 / f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" / v AITEnable / t REG_DWORD / d 0 / f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" / v DisableInventory / t REG_DWORD / d 1 / f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" / v DisablePCA / t REG_DWORD / d 1 / f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" / v DisableUAR / t REG_DWORD / d 1 / f
reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" / v "EnabledV9" / t REG_DWORD / d 0 / f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" / v "EnableSmartScreen" / t REG_DWORD / d 0 / f
reg add "HKCU\Software\Microsoft\Internet Explorer\PhishingFilter" / v "EnabledV9" / t REG_DWORD / d 0 / f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" / v "NoRecentDocsHistory" / t REG_DWORD / d 1 / f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe" / v Debugger / t REG_SZ / d "%windir%\System32\taskkill.exe" / f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe" / v Debugger / t REG_SZ / d "%windir%\System32\taskkill.exe" / f Scheduled tasks
Copy schtasks / Change / TN "Microsoft\Windows\AppID\SmartScreenSpecific" / disable
schtasks / Change / TN "Microsoft\Windows\Application Experience\AitAgent" / disable
schtasks / Change / TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" / disable
schtasks / Change / TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" / disable
schtasks / Change / TN "Microsoft\Windows\Application Experience\StartupAppTask" / disable
schtasks / Change / TN "Microsoft\Windows\Autochk\Proxy" / disable
schtasks / Change / TN "Microsoft\Windows\CloudExperienceHost\CreateObjectTask" / disable
schtasks / Change / TN "Microsoft\Windows\Customer Experience Improvement Program\BthSQM" / disable
schtasks / Change / TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" / disable
schtasks / Change / TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" / disable
schtasks / Change / TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader" / disable
schtasks / Change / TN "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" / disable
schtasks / Change / TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" / disable
schtasks / Change / TN "Microsoft\Windows\DiskFootprint\Diagnostics" / disable
schtasks / Change / TN "Microsoft\Windows\FileHistory\File History (maintenance mode)" / disable
schtasks / Change / TN "Microsoft\Windows\Maintenance\WinSAT" / disable
schtasks / Change / TN "Microsoft\Windows\PI\Sqm-Tasks" / disable
schtasks / Change / TN "Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" / disable
schtasks / Change / TN "Microsoft\Windows\Shell\FamilySafetyMonitor" / disable
schtasks / Change / TN "Microsoft\Windows\Shell\FamilySafetyRefresh" / disable
schtasks / Change / TN "Microsoft\Windows\Shell\FamilySafetyUpload" / disable
schtasks / Change / TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" / disable
schtasks / Change / TN "Microsoft\Windows\WindowsUpdate\Automatic App Update" / disable
schtasks / Change / TN "Microsoft\Windows\License Manager\TempSignedLicenseExchange" / disable
schtasks / Change / TN "Microsoft\Windows\Clip\License Validation" / disable
schtasks / Change / TN "\Microsoft\Windows\ApplicationData\DsSvcCleanup" / disable
schtasks / Change / TN "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" / disable
schtasks / Change / TN "\Microsoft\Windows\PushToInstall\LoginCheck" / disable
schtasks / Change / TN "\Microsoft\Windows\PushToInstall\Registration" / disable
schtasks / Change / TN "\Microsoft\Windows\Shell\FamilySafetyMonitor" / disable
schtasks / Change / TN "\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask" / disable
schtasks / Change / TN "\Microsoft\Windows\Shell\FamilySafetyRefreshTask" / disable
schtasks / Change / TN "\Microsoft\Windows\Subscription\EnableLicenseAcquisition" / disable
schtasks / Change / TN "\Microsoft\Windows\Subscription\LicenseAcquisition" / disable
schtasks / Change / TN "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner" / disable
schtasks / Change / TN "\Microsoft\Windows\Diagnosis\Scheduled" / disable
schtasks / Change / TN "\Microsoft\Windows\NetTrace\GatherNetworkInfo" / disable
del / F / Q "C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\*" CMD commands
â Most of the following commands have to be run by opening CMD as Administrator .
Change Windows Theme
đ How to Change Themes in Window 11 Without Activating Windows
Dark theme
Copy reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize / v AppsUseLightTheme / t REG_DWORD / d 0 / f
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize / v SystemUsesLightTheme / t REG_DWORD / d 0 / f Light theme
Copy reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize / v AppsUseLightTheme / t REG_DWORD / d 1 / f
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize / v SystemUsesLightTheme / t REG_DWORD / d 1 / f Winget Upgrade Script
Create a UpgradePackages.bat with the following content and run it to upgrade installed packages
Copy @echo off
:: Check for admin rights
> nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
:: If error flag set , we do not have admin rights , so prompt for them
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
powershell.exe - Command "Start-Process '%~dpnx0' -Verb RunAs"
exit / B
)
:: Set the execution policy to allow local scripts to run
powershell - NoProfile - Command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force"
:: Run the winget upgrade command and log the output live
powershell - NoProfile - Command "Start-Transcript -Path UpgradeLog.txt -Force; winget upgrade --all; Stop-Transcript"
:: Indicate completion
echo All packages have been upgraded. Press any key to exit ...
pause cmd Cheatsheet
Copy # System
set
set /?
ver
systeminfo
chkdsk
driverquery
sfc / scannow
shutdown / r
shutdown / a
# Network
ipconfig / all
ping example.com
tracert example.com
nslookup example.com
netstat - abon
netstat - abon | findstr : 3389
# Files and Disk
cd
dir
dir / a
dir / s
mkdir dirname
rmdir dirname
type
more
copy
copy * .md
move
del
erase
# Tasks and Processes
tasklist
tasklist / FI "imagename eq notepad.exe"
tasklist / FI "pid eq 1516"
taskkill / PID targetpid Powershell commands
Copy # Upgrade all installed packages to the latest version if available
winget upgrade --all Powercat
Copy Set-ExecutionPolicy Unrestricted
IEX ( New-Object System.Net.webclient).DownloadString( 'https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1' )
powercat - l - p 9000 - v
powercat - h Powershell Cheatsheet
Copy ### Syntax ###
# Cmdlet --> Verb-Noun
# Cmdlet -Property "pattern*"
Find-Module - Name "PowerShell*"
Install-Module - Name "PowerShellGet"
Get-Command
Get-Command - CommandType "Function"
Get-Command - Name "Remove*"
Get-Help Get-Date
Get-Help Get-Date - examples
Get-Alias
Get-Alias | findstr echo
Get-ChildItem
Get-ChildItem - r - Filter '*.txt'
Get-ChildItem - Path ".\test\"
Get-ChildItem | Sort-Object Length
Get-ChildItem | Where-Object - Property "Extension" -eq ".txt"
Get-ChildItem | Where-Object - Property "Name" -like "file*"
Get-ChildItem | Where-Object - Property Length -gt 100
Get-ChildItem | Select-Object Name , Length
Get-ChildItem | Sort-Object Length - Descending | Select-Object - First 1
Select-String - Path ".\file.txt" - Pattern "text"
New-Item - Path ".\test\dir" - ItemType "Directory"
New-Item - Path ".\test\dir\file.txt" - ItemType "File"
Remove-Item - Path ".\test\dir\file.txt"
Remove-Item - Path ".\test\dir"
Copy-Item - Path .\test\dir\file.txt - Destination .\test\dir\file2.txt
Get-Content file
Set-Location - Path ".\Documents"
Get-ComputerInfo
Get-LocalUser
Get-NetIPConfiguration
Get-NetIPAddress
Get-Process
Get-Service
Get-Service - DisplayName "*remote*"
Get-NetTCPConnection
Get-FileHash - Path .\file.txt
Get-Help Invoke-Command - examples
Invoke-Command - ComputerName HOSTNAME - ScriptBlock { Get-Service } Software
đ Web: https://live.sysinternals.com/
Copy \\ live.sysinternals.com \tools e.g. tools folder to C:\Program Files\ and rename it to sysinternals
Run vt_setup.msi and install VirusTotalUploader
Run VirusTotalUploader, paste API key and select Direct file upload
EXTRA : Change the context menu handler by opening regedit.exe and searching for VirusTotalUploader.
It should be in HKEY_CLASSES_ROOT\*\shell
Change the MUIVerb data value, e.g. Upload to VirusTotal .
Now you can right-click any file an select "Upload to VirusTotal " to scan it using VirusTotal
VirusTotal - Free public API
Limits
VMware Workstation Pro
Delay the bios boot in a VM
Copy # Add line to .vmx file:
bios.bootDelay = "5000" Troubleshooting
Delete GRUB files from a Boot EFI partition in Windows
đ How to delete GRUB files from a Boot EFI partition in Windows 10
Run a cmd.exe process with administrator privileges
Type: list disk then sel disk X where X is the drive your boot files reside on
Type list vol to see all partitions (volumes) on the disk (the EFI volume will be formatted in FAT, others will be NTFS)
Select the EFI volume by typing: sel vol Y where Y is the SYSTEM volume (this is almost always the EFI partition)
For convenience, assign a drive letter by typing: assign letter=M: where M is a free (unused) drive letter
Type exit to leave disk part
While still in the cmd prompt, type: M: and hit enter, where M was the drive letter you just created.
Type dir to list directories on this mounted EFI partition
If you are in the right place, you should see a directory called EFI
Type cd EFI and then dir to list the child directories inside EFI
Type rmdir /S ubuntu to delete the ubuntu boot directory
Copy ## These commands are used to identify and select the hard drive
diskpart
list disk
sel disk 0
## These commands are used to list the partitions, select the Boot EFI partition,
## then assign it a drive letter
list vol
sel vol 2
assign letter = D:
exit
## These commands are used to change into the Boot EFI folder and delete the GRUB folder
cd / d D:
ls
ls EFI
cd EFI
ls
rmdir / s ubuntu VMware performance - Disable Memory Integrity
â I do not assume any responsibility for the potential risks or consequences associated with the disabled memory integrity.
đ Options to optimize gaming performance in Windows 11 - Microsoft Support
đ Enable or Disable Core Isolation and Memory Integrity in Windows 11
đ How to Disable or Remove Hyper-V in Windows 11
This is done to ensure VMware Workstation virtualization operates smoothly without any performance issues.
Memory integrity (hypervisor-protected code integrity) is a security feature of Core isolation that prevents attacks from inserting malicious code into high-security processes. Take your own risk by disabling it.
Disable Memory Integrity - Windows Security -> Device Security -> Core Isolation details
Open cmd as Administrator and run
Copy # Disables power throttling for the VMware virtual machine executable (64-bit version)
powercfg / powerthrottling disable / path "C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe"
# Disables power throttling for the main VMware Workstation executable
powercfg / powerthrottling disable / path "C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe"
# Disables the Windows Hyper-V
bcdedit / set hypervisorlaunchtype off Enable or Disable Core Isolation and Memory Integrity using Registry
Copy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\
Right-click on Scenarios > New > Key .
Name it as HypervisorEnforcedCodeIntegrity.
Create a New DWORD (32-bit) Value.
Set the Value data as 0 to disable.
