Table of Contents

Gaming Speed Tweaks

Click start and type msconfig, services.msc or regedit to access most of the options in this section.

The checklist is roughly:

Using Command Prompt

From a command prompt (cmd.exe), by issuing the following:

bcdedit /set BOOTUX disabled
vssadmin delete shadows /All /Quiet 
Powershell disable-computerrestore -drive c:\
netsh advfirewall set allprofiles state off 
powercfg -H OFF
fsutil behavior set DisableLastAccess 1
fsutil behavior set DisableEncryption 1
fsutil behavior set EncryptPagingFile 0
fsutil behavior set Disable8dot3 1
bcdedit.exe /set {current} nx AlwaysOff

the following actions will be performed:

Disable Services

A list of services that can be switched to manual for better performance. Note that these disable features such as printing, themes and firewalls and are meant only for a dedicated gaming machine. Some services may not be available depending on the Windows version.

Application Experience
Background Intelligent Transfer Service
Base Filtering Engine
IPHelper
IPsec Policy Agent
IKE and AuthIP IPsec Keying Modules
Offline Files
Print Spooler
Program Compatibility Assistant
Security Center
Superfetch
Themes (Aero will be gone)
Windows Image Acquisition (Cameras and scanners will stop working)
Windows Firewall
Security Center
Secondary Logon
Windows Search
Windows Update
WinHTTP Web Proxy Auto-Discovery
Wireless Zero Configuration (Not needed unless the machine has to connect through wireless)

Using the Command Prompt, execute:

sc stop WSearch
sc stop hidserv
 
sc stop napagent
sc stop iphlpsvc
sc stop TrkWks
sc stop CscService
sc stop WdiSystemHost
sc stop PcaSvc
sc stop DPS
sc stop WPDBusEnum
sc config WSearch start= disabled
sc config hidserv start= disabled
sc config napagent start= disabled
sc config iphlpsvc start= disabled
sc config TrkWks start= disabled
sc config CscService start= disabled
sc config WdiSystemHost start= disabled
sc config PcaSvc start= disabled
sc config DPS start= disabled
sc config WPDBusEnum start= disabled

Disable Core Parking

Core parking enables the operating system to put cores to sleep when they are not being used. Sometimes this procedure is pretty aggressive and may put a core to sleep when it could be used. Disabling the core parking will make sure that all the cores are active at all times.

For each power profile, find:

0cc5b647-c1df-4637-891a-dec35c318583

in the registry using regedit and set both ValueMax and ValueMin to the same value 0.

Disable Paging File

With sufficient RAM, you can disable the paging file. Right click My Computer go to Advanced Properties and Advanced. Set the paging file on drive C to No paging file. Worse than that, move the paging file to a different drive.

Disable Kernel Dumps

Go to System Properties, Advanced and Startup and Recovery and set the Write debugging information to (none).

Enable Write Caching

Right-click the main drive, go to Hardware and select your harddrive and press Properties. Got to Policies and tick both boxes Enable write caching on the device and Turn off Windows write-cache buffer flushing on the device and save.

Use TCP Optimizer

TCP Optimizer is a freeware tool that allows you to tweak your network parameters.

God Mode

God Mode gives you full control over all the settings in control panel.

Create a folder on the desktop and rename it to:

God Mode.{ED7BA470-8E54-465E-825C-99712043E01C}

The name must be exact.

Windows Activation Trojans

These windows updates should be removed in order to avoid WAT:

KB971033

Can be done by going to Control Panel and Remove Windows Components.

To uninstall the update from the command line, issue:

wusa /uninstall /kb:971033 /quiet

Users Auto-Login

For Windows XP, use userpasswords2, for Windows 7 use netplwiz.

Taskbar Shortcuts Folder

Taskbar shortcuts for Windows 7 onward can be found in:

C:\Users\USERNAME\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

where USERNAME is the username of the currently logged-in user.

Fix Windows Update

If you get "Windows Update cannot currently check for updates, because the service is not running.", then deleting the Windows Update logs from:

C:\Windows\SoftwareDistribution\DataStore\Logs\

May solve the problem.

Restore Windows Files

To restore boot files, overwriting any Windows loaders that may have been installed, run as an Administrator:

sfc /scannow

Batch Script to Insert Values into The Registry

The following batch script will insert a REG_SZ called Test at HKEY_CURRENT_USER\Software\Test with the value Succeeded. The batch file essentially interprets itself as a .reg file and given the Windows Registry Editor Version 5.00 at the beginning will merge the payload with the registry.

This example works for Windows 7, however the line Windows Registry Editor Version 5.00 can be replaced by REGEDIT4 for previous versions of Windows. For adding keys to the registry (generating the payload), it is useful to first create the values using Regedit and then export the .reg file and copy and paste the payload into this script at the bottom.

Windows Registry Editor Version 5.00
 
; @ECHO OFF
; CLS
; REGEDIT.EXE /S "%~f0"
; EXIT
 
[HKEY_CURRENT_USER\Software\Test]
"Test"="Succeeded"

Boot in Safe Mode from Command Line

Run the following command:

bcdedit /set {current} safeboot minimal

in order to boot in safe-mode on the next restart.

In order to boot in safe mode with only networking enabled:

bcdedit /set {current} safeboot network

Finally, to boot back into normal mode, run the command:

bcdedit /deletevalue {current} safeboot

Disable Routing Through VPN Connection

When creating a new VPN connection, Windows assumes that you want to route your entire traffic through the VPN. This may not be desirable, in case you just want to access some services over VPN and the rest of your traffic is meant to go out through your default interface.

In order to prevent Windows from routing through the VPN connection, follow these steps:

  1. click the network icon in the notification area (or go to the network adapter settings from control panel) and then click Connect or disconnect….
  2. right-click the VPN connection and select Properties
  3. click the Networking tab
  4. double-click Internet Protocol Version 4 (TCP/IPv4) to open up the properties window (the same applies to IPv6).
  5. on the main tab, click the Advanced… button
  6. and untick Use default gateway on remote network.
  7. click Ok to apply the settings.

Turn off DEP

Data-execution prevention is a frontend to the processor's NX flag and is turned on by default on Windows XP (and onward) for system executables. However, it seems to interfere with some programs and can be turned off by issuing the command:

bcdedit.exe /set {current} nx AlwaysOff

Turn on Compound TCP

netsh int tcp set global congestionprovider=ctcp

Get Operating System Architecture

wmic os get osarchitecture

Restart Windows from Command Line

shutdown /r

Get Domain Name

To get the domain of a computer, issue the following command:

systeminfo | findstr /B /C:"Domain"

In order to get the domain for the currently logged-on user, issue:

echo %userdomain%

Allow Programs to Bind to Network URLs

In cases where HttpListener is used to listen on an URL prefix, the program has to be started with administrative privileges. However, using the following command, we can whitelist a certain URL such that the program does not have to start in administrative mode:

netsh http add urlacl url=http://+:8080/ user=DOMAIN\user

where:

Note that this command needs administrative privileges.

Programatically Capture Console Close Button

Capturing the console exit buttons can be performed on Windows by importing the SetConsoleCtrlHandler from Kernel32.dll:

        /// <summary>
        ///     Import console handler for windows.
        /// </summary>
        [DllImport("Kernel32.dll")]
        private static extern bool SetConsoleCtrlHandler(EventHandler handler, bool add);
 
        // A delegate for SetConsoleCtrlHandler.
        private delegate bool EventHandler(CtrlType ctrlType);
        // Set to static in order to avoid garbage collection.
        private static EventHandler ConsoleEventHandler;
 
        // An enumerated type for the control messages
        // sent to the handler routine.
        private enum CtrlType
        {
            CTRL_C_EVENT = 0,
            CTRL_BREAK_EVENT,
            CTRL_CLOSE_EVENT,
            CTRL_LOGOFF_EVENT = 5,
            CTRL_SHUTDOWN_EVENT
        }
 
        private static bool ConsoleCtrlCheck(CtrlType ctrlType)
        {
 
            // Perform cleanup.
            // ...
 
            // Wait for threads to finish.
            Thread.Sleep(60000);
            return true;
        }
 
        // Main entry point.
        public static void Main()
        {
            // SetConsoleCtrlHandler supported on Windows 2000 or later.
            switch (Environment.OSVersion.Platform)
            {
                case PlatformID.Win32NT:
                    // Setup console handler.
                    ConsoleEventHandler += ConsoleCtrlCheck;
                    SetConsoleCtrlHandler(ConsoleEventHandler, true);
                    break;
            }
 
            // Rest of the program
            // ...
        }

This is particularly useful when you want to clean up before having the application shutdown. The handler in the code above that takes care of the cleaning is called ConsoleCtrlCheck. Also note that the event-handler ConsoleEventHandler is set to static otherwise the garbage-collector may clean up the delegate before it has a chance to run.

Erase Disk Partitions

Windows lets you create or format partitions when you go to Start→(Right Click)My Computer→Manage and then go to the Disk Management section in the left-hand pane. However, if you are looking to delete all partitions, you will find that you cannot accomplish that and that you must use the DiskPart command-line tool. Note that the DiskPart command-line tool contains a bug in Windows XP which will not let you delete anything and will bail-out with the error:

The selected partition may be neccessary to the operation of your computer, and may not be deleted.

the neccessary misspelling aside, you will need to use at least Windows 7 if you encounter this problem.

The first thing to do is to go to Start→(Right Click)My Computer→Manage→Disk Management and eject the partition (not the drive). This effectively unmounts the partition but leaves the device connected to the system.

Click Start and type Command and you will see Command Prompt in the menu. Right-click the item and select Run As Administrator in order to open a command prompt with administrator privileges.

Next, issue on the command line:

C:\Windows\system32>diskpart
 
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: JOJO
 
DISKPART>

Next, issue list volumes in order to get a list of volumes:

DISKPART> list volume
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     D                       CD-ROM          0 B  No Media
  Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System
  Volume 2     C                NTFS   Partition     63 GB  Healthy    Boot
  Volume 3     E                FAT32  Removable   3823 MB  Healthy
 
DISKPART> 

Now, let us assume that we want to remove all partitions from volume E, we issue select volume E:

DISKPART> select volume E
 
Volume 3 is the selected volume.

We can now list the disks with list disk:

DISKPART> list disk
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online           64 GB      0 B
* Disk 1    Online         3823 MB      0 B

As we can see, the Disk 0 is the 64GB drive, which is most likely the operating system, and the drive that interests us is Disk 1. So, we issue select disk 1:

DISKPART> select disk 1
 
Disk 1 is now the selected disk.

And we list the partitions with list partitions on Disk 1:

DISKPART> list partition
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           3823 MB      0 B

Now, for every partition, we select them with select partition N, where N is the partition number and we execute either clean or delete partition override:

DISKPART> clean
 
DiskPart succeeded in cleaning the disk.

After that, DiskPart can be exited by issuing quit.

Enable Wallaper on Remote Desktop Connections

Usually, this setting should be enabled on the connecting client. Otherwise, you need to connect to the computer that should show the wallpaper and run gpedit.msc, navigate to: Local Computer Policy→Computer Configuration→Administrative Templates→Windows Components→Remote Desktop Services→Remote Desktop Session Host→Remote Session Environment and disable or set the Enforce Removal of Remote Desktop Wallpaper option to Disabled.

Windows Installer Version

If you get the error:

This installation package cannot be installed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service.

You will need to download the update WindowsXP-KB942288-v3-x86.exe from Microsoft.

Remove Windows 10 Upgrade Trojan on Windows 7

It's that time again where Microsoft chose to advertise its new products at your expense and you get an annoying pop-up telling you to "Get Windows 10". If you are here, you most likely do not want to "Get Windows 10" but you want to put an end to the pop-ups and the icon in your system tray telling you to.

In order to do that, go to the Control Panel and select the Uninstall a program tool. Then, select View installed updates and look for:

KB3035583

You can sort the list by date such that it will be easier to follow the numbers and locate KB3035583. When you find the update, uninstall it by right-clicking and selecting Uninstall.

The next step is to start Windows Update, select Check for updates and then click the "[..] important updates are available" to locate KB3035583. Once found, right-click the update with KB3035583 in the name and select Hide update.

Disable Dial-Home-Device in Windows XP Search Function

The Start→Search function in Windows XP is rigged. It calls home to sa.windows.com which is now provided by AKAMAI. You should be able to block sa.windows.com using any firewall software - note that blocking by hostname is preferred due to the hostname resolving to multiple IP addresses.

Enable Legacy Boot Menu Option for Windows 10

Windows 10 cannot be booted into safe mode by default which is a problem in case you need to solve an issue that cannot be solved in normal boot mode. Nevertheless Windows 10 does have a boot menu but it needs to be activated by issuing the following command from a command-line prompt:

bcdedit /set {default} bootmenupolicy legacy 

Issuing this command can also be performed by booting off a rescue or boot medium such as a DVD or USB stick.

Restore Boot after Moving System Partition

If you use a partitioning tool in order to move a system partition (the one on which Windows resides - usually C:), then Windows will fail to boot since the BCD on the Windows partition will have a stored UUID that will not match the newly moved partition.

In case you have shrunk the Windows system partition (from the end), then this error will most likely not occur. However, if you have freed-up space before the Windows partition, such that the Windows system partition had to be moved, then you most likely will not be able to boot Windows again resulting in stop errors such as 0xc0000225.

To fix this issue, you will need either a bootable USB or DVD of Windows (you can create a bootable USB using Rufus). You would then boot off the bootable USB or DVD and, when the Windows installation starts, select the Repair option. Now, you want to follow the Advanced menus and reach Command Prompt (using the Boot Repair utility will just fail).

With a command prompt open, you have to:

  1. Use the diskpart utility in order to make the Windows partition active. This involves using the select disk diskpart command in order to select your Hard-Drive and then the select volume diskpart command in order to select the Windows partition. Finally, you would issue active that will make the Windows partition active. You can then exit diskpart.
  2. In the command prompt, you can make a backup of the BCD by issuing bcdedit /export C:\boot\bcd.backup - just in case.
  3. Next, either delete the bcd file or, better, rename it to something else: ren C:\boot\bcd C:\boot\bcd.old.
  4. Finally, tell the rescue disk to rebuild the BCD with the command bootrec /rebuildbcd.

You can now exit the command prompt and reboot your machine - Windows should boot fine now.

Enable and Disable Remote Desktop

To enable remote desktop, change the DWORD HKEY_LOCAL_MACHINE→SYSTEM→CurrentControlSet→Control→Terminal Server→fDenyTSConnections to the value 0 (conversely, 1 to disable remote desktop).

Enabling remote desktop also requires that the necessary rules be added to the firewall:

netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes

Enable Administrator Account

Windows has an administrator account that is built-in but is not active. To enable the administrator account, issue:

net user administrator /active:yes

Make sure to remember to change the password for the Administrator account.

Automatic Shutdown

A nice trick is to create a scheduled task that will automatically turn the computer off when it is not being used. This can be accomplished via the built-in Windows task manager without requiring extra software to be installed.

Roughly, the procedure involves using the Windows Task Scheduler application to create a new task and execute shutdown /s /t 0 /f as the SYSTEM user whenever the machine has been idle. Under the covers, the gallery shows that the Task Scheduler executes a task every 5 minutes to check whether the machine has been idle for more than 1 minute. In fact, Windows 7 only updates the idle state every 15 minutes such that the minimal value will not be overridden by these settings.

Associate URLs with Programs

To register a custom URL such as a magnet link to open with an user-specified program, open the registry editor (Start→Run and type regedit), navigate to HKEY_CLASSES_ROOT\Magnet and add the keys shell, open and command in order to create the path HKEY_CLASSES_ROOT\Magnet\shell\open\command. Click on the last key (command) and edit the Default string to point to the program executable plus the link variable, for instance set the value of Default:

"C:\Program Files\Transmission\transmission-qt.exe" "%L"

in order to open magnet links with the Transmission client.

Resolve Unrecognized Bluetooth Devices

Aside from installing the manufacturer's drivers and regardless of Bluetooth device type, Windows may list some devices in Device Manager as Bluetooth Peripheral Device and is unable to install a driver for it.

In such cases, right-click the device in Device Manager and then update the driver by picking the option to select the driver from a list. Select Ports (COM & LPT) as the device type and Microsoft as the manufacturer and install Standard Serial over Bluetooth Link in the model list.

Set Adapter Maximum Transfer Unit (MTU)

Open a privileged command prompt (with Administrator permissions) and issue the command:

netsh int ipv4 show subinterface

then pick one of the interfaces and set the MTU:

netsh int ipv4 set subinterface "Local Area Connection" mtu=9000 store=persistent

Hide Username and Picture from Windows 7 Login Screen

  1. Start gpedit.msc by either navigating to Start→Run and typing in gpedit.msc.
  2. Browse to Local Computer Policy→Computer Configuration→Windows Settings→Security Settings→Security Options and enable the following options:
    1. Interactive logon: Display user information when the session is locked set to Do not display,
    2. Interactive logon: Do not display last user name set to Enabled.

The unfortunate side-consequence is that a blank picture frame will appear in place of the user picture on the login screen. To prevent the blank picture frame from appearing, the file authui.dll in Windows\System32 has to be edited with a Windows resource editor to set height=0 for every instance of the frame.

For Windows 7 (all editions), the following authui.dll file can be used to overwrite the original in Windows\System32:

and, here is the original, un-modified version:

for backup purposes.

Force-Install BootCamp Drivers on PC

The bootcamp drivers will not install on the machine unless the installer detects Apple hardware. To work around the issue, open an elevated command prompt, change directory to where the MSI file BootCamp.msi is located and execute:

msiexec /i BootCamp.msi

The installation should now proceed beyond the unsupported hardware prompt.

In case the error 2753 appears, simply delete the file at C:\Windows\System32\AppleOSSMgr.exe.

Disable and Enable BitLocker from Command Line

To enable bit locker on driveC::

manage-bde -protectors -enable c:

to disable:

manage-bde -protectors -disable c:

Update to add support for TPM 2.0 in Windows 7 and Windows Server 2008 R2

This vaporware is hosted locally and will allow the usage of a 2.0 TPM on Windows 7 without having to downgrade the TPM firmware to 1.2.

Re-Enable SMBv2 Shares and Browsing

KB4480970 released in January 2019 breaks SMBv2 shares: either the computers cannot be browsed or attempting to mount a network share results in the error The handle is invalid.

To remedy the issue, run the command:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Map Network Drives from Command Prompt

Open a command prompt and issue:

net use Y: \\server\share

to map the share share on the server server to drive Y:.

Conversely, type:

net use Y: /delete

to remove the share.

Note that Windows maps the share under the account that is currently logged-in such that accessing the share from a non-elevated prompt may not allow read or write permissions.

To map a share under a different user on the target server, issue:

net use Y: \\server\share /user:[domain\]username [password] [/persistent:yes]

where:

Attempt to Fix Broken Windows Icons by Deleting Cache

taskkill /F /IM explorer.exe
cd /d %userprofile%\AppData\Local
attrib –h IconCache.db
del IconCache.db
start explorer.exe

Full Recycle Bin Reset

In case the Windows 7 recycle bin on the desktop manifests the following behaviours:

then it may be that the Recycle Bin is corrupt and needs fixing.

Attempting Icon Restore

Open Control Panel, search for "Personalization" and select the option to change the desktop icons. Select the Recycle Bin icons, for both full and empty and click the button to restore the default icon.

Open up a command prompt as administrator, then execute the code to remove the icon cache and reboot the machine.

Deleting the Hidden Recycle Bin Folder

Execute in a command prompt with administrator rights:

rd /s /q C:\$Recycle.bin

and restart the system.

Restoring Recycle Bin Registry Keys

Lastly, if nothing else worked, the registry keys may have been deleted or are corrupt, in which case they need to be restored with defaults. Open Notepad, copy and paste the following lines into a file on the desktop named Recycle Bin Restore.reg:

Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{48527bb3-e8de-450b-8910-8c4099cb8624}]
@="Empty Recycle Bin verb invocation"
 
[HKEY_CLASSES_ROOT\CLSID\{48527bb3-e8de-450b-8910-8c4099cb8624}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}]
@="Recycle Bin Manager"
 
[HKEY_CLASSES_ROOT\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}]
@="Recycle Bin Cleaner"
 
[HKEY_CLASSES_ROOT\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,33,\
  00,00,00
 
[HKEY_CLASSES_ROOT\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"
"InfoTip"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
  6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
  00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,\
  2d,00,32,00,32,00,39,00,31,00,35,00,00,00
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
  6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
  00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
  2c,00,2d,00,38,00,39,00,36,00,34,00,00,00
"AppID"=hex(2):7b,00,45,00,31,00,30,00,46,00,36,00,43,00,33,00,41,00,2d,00,46,\
  00,31,00,41,00,45,00,2d,00,34,00,41,00,44,00,43,00,2d,00,41,00,41,00,39,00,\
  44,00,2d,00,32,00,46,00,45,00,36,00,35,00,35,00,32,00,35,00,36,00,36,00,36,\
  00,45,00,7d,00,00,00
"SortOrderIndex"=dword:00000078
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6d,00,\
  61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,35,\
  00,35,00,00,00
"Empty"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,\
  6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
  00,35,00,35,00,00,00
"Full"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,\
  6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
  00,35,00,34,00,00,00
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell]
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty]
"MUIVerb"="@shell32.dll,-10564"
"Icon"="shell32.dll,-254"
"Description"="@shell32.dll,-31332"
"CommandStateHandler"="{c9298eef-69dd-4cdd-b153-bdbc38486781}"
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty\command]
"DelegateExecute"="{48527bb3-e8de-450b-8910-8c4099cb8624}"
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex]
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\PropertySheetHandlers]
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\PropertySheetHandlers\{645FF040-5081-101B-9F08-00AA002F954E}]
 
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder]
"Attributes"=hex:40,01,00,20
"HideOnDesktopPerUser"=""
 
[HKEY_CLASSES_ROOT\CLSID\{c9298eef-69dd-4cdd-b153-bdbc38486781}]
@="State of verb Empty Recycle Bin"
 
[HKEY_CLASSES_ROOT\CLSID\{c9298eef-69dd-4cdd-b153-bdbc38486781}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{48527bb3-e8de-450b-8910-8c4099cb8624}]
@="Empty Recycle Bin verb invocation"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{48527bb3-e8de-450b-8910-8c4099cb8624}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}]
@="Recycle Bin Manager"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}]
@="Recycle Bin Cleaner"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,33,\
  00,00,00
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"
"InfoTip"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
  6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
  00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,\
  2d,00,32,00,32,00,39,00,31,00,35,00,00,00
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
  6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
  00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
  2c,00,2d,00,38,00,39,00,36,00,34,00,00,00
"AppID"=hex(2):7b,00,45,00,31,00,30,00,46,00,36,00,43,00,33,00,41,00,2d,00,46,\
  00,31,00,41,00,45,00,2d,00,34,00,41,00,44,00,43,00,2d,00,41,00,41,00,39,00,\
  44,00,2d,00,32,00,46,00,45,00,36,00,35,00,35,00,32,00,35,00,36,00,36,00,36,\
  00,45,00,7d,00,00,00
"SortOrderIndex"=dword:00000078
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6d,00,\
  61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,35,\
  00,35,00,00,00
"Empty"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,\
  6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
  00,35,00,35,00,00,00
"Full"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,\
  6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
  00,35,00,34,00,00,00
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell]
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty]
"MUIVerb"="@shell32.dll,-10564"
"Icon"="shell32.dll,-254"
"Description"="@shell32.dll,-31332"
"CommandStateHandler"="{c9298eef-69dd-4cdd-b153-bdbc38486781}"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty\command]
"DelegateExecute"="{48527bb3-e8de-450b-8910-8c4099cb8624}"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex]
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\PropertySheetHandlers]
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\PropertySheetHandlers\{645FF040-5081-101B-9F08-00AA002F954E}]
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder]
"Attributes"=hex:40,01,00,20
"HideOnDesktopPerUser"=""
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c9298eef-69dd-4cdd-b153-bdbc38486781}]
@="State of verb Empty Recycle Bin"
 
[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c9298eef-69dd-4cdd-b153-bdbc38486781}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
 
[HKEY_CURRENT_USER\AppEvents\EventLabels\EmptyRecycleBin]
@="Empty Recycle Bin"
"DispFileName"="@mmres.dll,-5831"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin]
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current]
@="C:\\Windows\\media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
  77,00,73,00,20,00,52,00,65,00,63,00,79,00,63,00,6c,00,65,00,2e,00,77,00,61,\
  00,76,00,00,00
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Afternoon]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Calligraphy]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Characters]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Cityscape]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Festival]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Garden]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Heritage]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Landscape]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Quirky]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Raga]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Savanna]
@="C:\\Windows\\Media\\Windows Recycle.wav"
 
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Sonata]
@="C:\\Windows\\Media\\Windows Recycle.wav"

then right-click the file, select the option to merge with the registry and reboot the machine.

Disable Meltdown and Spectre Mitigations

The following commands must be ran to disable the meltdown and spectre mitigations on a Windows machine:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f
 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

In order to remove the CPU microcode update, take control of the two following files in C\Windows\System32\ and rename them to something else:

After a restart the microcode updates should be disabled.

Disable DisplayPort Blanking

The DisplayPort connector, unlike HDMI, is an active two-way interface such that Windows can automatically detect displays and query information from them (DCC). When a DisplayPort monitor is "detached" from the operating system, it triggers PnP events that will then propagate to the display drivers. In turn, when the display drivers sense that a monitor has been removed, it will re-query all other available displays to detect changes and automatically adapt to the situation - for instance, by shrinking a multi-monitor virtual desktop.

Unfortunately, it is often the case that various computer components use APM to lower the power consumption (including monitors) however extra software is sometimes needed, and not always reliable, to turn monitors off such that people prefer to leave the computer running but manually turn off monitors.

The effect with DCC and EDID enabled is that when a monitor turns off, either nVidia or ATI driver software will adjust the desktop - in case of nVidia, features such as multi-monitor desktops will have been turned off by turning monitors off. This results in very frustrating behavior such as on-screen windows being resized, bunched together and thrown into the upper left corner of the screen whilst multi-monitor is disabled and it will require the user to turn the monitors on and redo the entire configuration.

A solution to this problem is to use the driver software and, after a proper and acceptable configuration has been established, disable automatic EDID and force a well-known configuration.

The procedure is roughly as follows for nVidia:

Now, powercycling monitors should not disrupt the setup and will prevent the computer from re-organizing and re-configuring the displays. Please note that these steps should be performed if and only if the displays have already been setup and when the user is happy with the configuration; it follows that if the monitors are to be replaced with different hardware, the EDID forcing has to be turned off to prevent damage to the new displays.

Fix Broken Drive Icons

If one or more drive icons appear with a default icon, try deleting the key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\DriveIcons and restart explorer.exe.

Remove a Network Drive that Cannot be Disconnected

In case a network drive refuses to be disconnected and doing so yields an error message such as the network connection does not exist, then the fix may consist in adding the drive to the registry and then attempting to disconnect it.

Create a key (folder) at HKU→Network→DRIVE where DRIVE is the letter of the network drive using a registry editor. In that key, add the following values:

Name Type Value
ConnectionType REG_DWORD 1
DeferFlags REG_DWORD 4
ProviderName REG_SZ Microsoft Windows Network
ProviderType REG_DWORD 20000
RemotePath REG_SZ UNC path, ie: \\server\share
UserName REG_SZ N/A, leave empty

After adding the values, load up My Computer, right-click the drive and select Disconnect. The drive should now be removed.

Running Executable Files from Samba Shares

Newer Samba releases disallow running executable files (ie: EXE, MSI, BAT, etc.) from shares unless the files have the POSIX execute ACL bit set. This results in a misleading error on the client side claiming that the user does not have permissions to access the file. To work around the issue, the following line can be added to the Samba configuration inside the [Global] section:

acl allow execute always = yes

Remove Windows Default Beep

The Windows default beep:

can be removed by changing the default beep sound file to a silent WAV file:

silent.wav

Getting Stereo Audio Sink to Work on Windows 7 for Cambridge Silicon Radio (CSR)

When installing a CSR bluetooth dongle, the Windows 7 bluetooth stack does not install the stereo audio sink such that if headphones (not a headset) are connected via bluetooth then only mono audio is available.

In order to get bluetooth stereo to work, first pair the headphones with the Windows bluetooth stack, open up "Computer Management" and locate the bluetooth peripheral devices.

Select one of the devices, open up the properties for the device and install the driver contained in the following archive.

Once the driver is installed, a stereo audio device should appear in "Playback devices", matching the headphones. The procedure enables native headphones support on Windows 7 without any third party bluetooth stack.

BitsAdmin: Windows Native Solution ala Wget / cURL

To download a file under Windows from the command line or as part of a larger script, Windows provides a native tool bitsadmin.exe that can perform HTTP requests and fetch files. Compared to wget or curl, bitsadmin.exe is more robust and supports asynchronous notifications.

To download a file, emulating wget / curl behaviour, first create a named job:

bitsadmin /create download-peerblock

where:

Next, set a notification action when the file transfer will complete. In this case, we would like the container to be removed once the download is complete such that we set the notification to a command that will remove the container:

bitsadmin /setnotifycmdline download-peerblock C:\Windows\System32\bitsadmin.exe "C:\Windows\System32\bitsadmin.exe /complete download-peerblock"

Now, to add a file to download, issue:

bitsadmin /addfile download-peerblock http://omeglewarden.weebly.com/uploads/6/9/2/6/6926744/anti-p2p-companies.p2p C:\Users\darkstar\Documents\anti-p2p-companies.p2p

where:

The job is now configured but suspended such that the job must be started:

bitsadmin /resume download-peerblock

As an example, a peer block list can be downloaded by creating a re-occurring task that runs a script.

Export Firewall Rules

Unfortunately, exporting via the Windows Firewall with Advanced Security tool will generate a policy file that will replace all firewall rules such that a better option is to export individual registry keys and generate a "reg" file that can then be imported.

The firewall rules can be found at the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

Remove Windows 7/8 Telemetry Updates

Source: https://gist.github.com/xvitaly/eafa75ed2cb79b3bd4e9

@echo off

:: https://gist.github.com/xvitaly/eafa75ed2cb79b3bd4e9 - top list is from the first post/main comment/whatever.
:: On the top list, I modified a few of the echos/notes to be more verbose, thats all i changed about it....
:: Secondary list at the bottom is personal additions based on comments and external links provided in the gist (things that weren't in the main top script) 
:: Also, I realize that some things are "for Windows 8" but maybe they were for 7 and 8 both? Anyway, what the hey, can't be too careful, right?
:: **GK** means a comment by me
 
 
echo Uninstalling KB3075249 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3075249 /quiet /norestart
echo Uninstalling KB3080149 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3080149 /quiet /norestart
:: KB3021917: The annoying windows that pop up telling you about how your hardware is not good for Windows 7 and other bs. "...In order to determine whether performance issues may be encountered when the latest Windows operating system is installed. Telemetry is sent back to Microsoft for those computers that participate in the Windows Customer Experience Improvement Program (CEIP). " 
echo Uninstalling KB3021917 (telemetry for Win7)
start /w wusa.exe /uninstall /kb:3021917 /quiet /norestart
echo Uninstalling KB3022345 (Update for customer experience and diagnostic telemetry)
start /w wusa.exe /uninstall /kb:3022345 /quiet /norestart
echo Uninstalling KB3068708  (telemetry "CEIP" on Win8.1/Server2012r2/Win7sp1/Server2008r2Sp1)
start /w wusa.exe /uninstall /kb:3068708 /quiet /norestart
echo Uninstalling KB3044374 (Get Windows 10 for Win8.1)
start /w wusa.exe /uninstall /kb:3044374 /quiet /norestart
echo Uninstalling KB3035583 (Get Windows 10 for Win7sp1/8.1)
start /w wusa.exe /uninstall /kb:3035583 /quiet /norestart
echo Uninstalling KB2990214 (Get Windows 10 for Win7)
start /w wusa.exe /uninstall /kb:2990214 /quiet /norestart
echo Uninstalling KB2952664 (Get Windows 10 assistant)
start /w wusa.exe /uninstall /kb:2952664 /quiet /norestart
echo Uninstalling KB3075853 (update for "Windows Update" on Win8.1/Server 2012R2)
start /w wusa.exe /uninstall /kb:3075853 /quiet /norestart
echo Uninstalling KB3065987 (update for "Windows Update" on Win7/Server 2008R2)
start /w wusa.exe /uninstall /kb:3065987 /quiet /norestart
echo Uninstalling KB3050265 (update for "Windows Update" on Win7)
start /w wusa.exe /uninstall /kb:3050265 /quiet /norestart
echo Uninstalling KB971033  (license validation)
start /w wusa.exe /uninstall /kb:971033 /quiet /norestart
echo Uninstalling KB2902907 (Microsoft Security Essentials; Compatibility update for upgrading)
start /w wusa.exe /uninstall /kb:2902907 /quiet /norestart
echo Uninstalling KB2976987 (Compatibility update for upgrading)
start /w wusa.exe /uninstall /kb:2976987 /quiet /norestart
echo Uninstalling KB2976978 (compactibility update for Windows 8.1)
start /w wusa.exe /uninstall /kb:2976978 /quiet /norestart
echo Uninstalling KB3102810 (update for "Windows Update") Fixes an issue regarding long wait while searching for Windows Updates but also has Windows 10 Upgrade preparation for Windows 7)
start /w wusa.exe /uninstall /kb:3102810 /quiet /norestart
echo Uninstalling KB3112343 (Windows Update Client for Windows 7)
start /w wusa.exe /uninstall /kb:3112343 /quiet /norestart
echo Uninstalling KB3135445 (Windows Update Client for Windows 7)
start /w wusa.exe /uninstall /kb:3135445 /quiet /norestart
echo Uninstalling KB3123862 (Windows Update Client for Windows 7)
start /w wusa.exe /uninstall /kb:3123862 /quiet /norestart
echo Uninstalling KB3081954 (Telemetry Update for Windows 7)
start /w wusa.exe /uninstall /kb:3081954 /quiet /norestart
echo Uninstalling KB3139929 (Get Windows 10 update for MSIE)
start /w wusa.exe /uninstall /kb:3139929 /quiet /norestart
echo Uninstalling KB3138612 (Windows Update Client for Windows 7)
start /w wusa.exe /uninstall /kb:3138612 /quiet /norestart
echo Uninstalling KB3138615 (Windows Update Client for Windows 8.1)
start /w wusa.exe /uninstall /kb:3138615 /quiet /norestart
echo Uninstalling KB3150513 (Compactibility Update (another GWX) for Windows 7/8.1)
start /w wusa.exe /uninstall /kb:3150513 /quiet /norestart
echo Uninstalling KB3133977 (buggy update // adds UEFI Secure Boot to Windows 7 computers and renders them unbootable)
start /w wusa.exe /uninstall /kb:3133977 /quiet /norestart
echo Uninstalling KB3139923 (Another GWX for Windows 7/8.1)
start /w wusa.exe /uninstall /kb:3139923 /quiet /norestart
echo Uninstalling KB3173040 (Another GWX for Windows 7/8.1)
start /w wusa.exe /uninstall /kb:3173040 /quiet /norestart

 
 
:: Personal additions! :)

:: Template
rem  echo Uninstalling KB<>
rem  start /w wusa.exe /uninstall /kb:<> /quiet /norestart

rem  KB2505438
rem  Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2
rem  https://support.microsoft.com/en-us/kb/2505438
rem  Although it claims to fix performance issues, it often breaks fonts
echo Uninstalling KB2505438
start /w wusa.exe /uninstall /kb:2505438 /quiet /norestart

rem  KB2670838
rem  KB2670838 introduces Direct2D 1.1 to Windows 7 such that firefox and other programs relying on Direct2D will break and/or be unable to perform hardware rendering (overruled and permitted for now).
rem  Platform update for Windows 7 SP1 and Windows Server 2008 R2 SP1
rem  https://support.microsoft.com/en-us/kb/2670838
rem  Windows 7 Only (breaks AERO functionality and gives you blurry fonts on some websites)
rem  The EVIL Update, breaks AERO on Windows 7 and makes some fonts on websites fuzzy, Windows 7 specific update only, do not install IE10 or 11 otherwise it will be bundled with them, IE9 is the max version you should install
rem echo Uninstalling KB2670838
rem start /w wusa.exe /uninstall /kb:2670838 /quiet /norestart

rem  KB2977759
rem  Compatibility update for Windows 7 RTM
rem  This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. This update will help Microsoft and its partners ensure compatibility for customers who want to install the latest Windows operating system.
rem  https://support.microsoft.com/en-us/kb/2977759
rem  Windows 10 Upgrade preparation
echo Uninstalling KB2977759
start /w wusa.exe /uninstall /kb:2977759 /quiet /norestart

rem  KB971033
rem  Update for Windows Activation Technologies
rem  https://support.microsoft.com/en-us/kb/971033
echo Uninstalling KB971033
start /w wusa.exe /uninstall /kb:971033 /quiet /norestart
      
rem  KB2976987 (update for "updating" to Windows 10) Compatibility update for upgrading
echo Uninstalling KB2976987
start /w wusa.exe /uninstall /kb:2976987 /quiet /norestart

rem  KB3075851 (update for "Windows Update" on Win7/Server 2008R2 Aug.2015 replace KB 3065987)
echo Uninstalling KB3075851
start /w wusa.exe /uninstall /kb:3075851 /quiet /norestart

rem  KB3045999 - [**GK** : is present in a few telemetry lists. Is related to security bulletin MS15-038 (https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-038?redirectedfrom=MSDN). I really dont see how it is telemetry?? But, I'm uninstalling just in case. Seems like it's not really that important in the first place, so...]
echo Uninstalling KB3045999
start /w wusa.exe /uninstall /kb:3045999 /quiet /norestart

rem  KB2919355 (ie11 for Win8.1RT/8.1/Server2012r2 Apr.2015
echo Uninstalling KB2919355
start /w wusa.exe /uninstall /kb:2919355 /quiet /norestart

rem  KB3083324 (update for "Windows Update" on Win7sp1/Server 2008R2sp1 Sep.2015)
echo Uninstalling KB3083324
start /w wusa.exe /uninstall /kb:3083324 /quiet /norestart

rem  KB2882822 (telemetry "ITraceRelogger" to Embedded Standard7sp1/Win7sp1/Server2008r2Sp1)
echo Uninstalling KB2882822
start /w wusa.exe /uninstall /kb:2882822 /quiet /norestart

rem  KB3083325 (update for "Windows Update" on Win8.1/Server2012r2 Sep.2015)
echo Uninstalling KB3083325
start /w wusa.exe /uninstall /kb:3083325 /quiet /norestart

rem  KB3015249 (Adds telemetry points to consent.exe in Windows 7 & Windows 8)
echo Uninstalling KB3015249
start /w wusa.exe /uninstall /kb:3015249 /quiet /norestart

rem  KB3012973 (Force Trigger Download and Install of Windows 10)
echo Uninstalling KB3012973
start /w wusa.exe /uninstall /kb:3012973 /quiet /norestart

rem  KB2922324 [**GK** : Was pulled by Microsoft, including it in the removal list anyway just in case. Must've been pretty evil to have been pulled even by Microsoft c: A quick web search and this kb shows up on a lot of sites dedicated to exposing telemetry. Seems to have been related to Windows 10 updating]
echo Uninstalling KB2922324
start /w wusa.exe /uninstall /kb:2922324 /quiet /norestart

rem  KB3088195 (Miscorosft Claims it's a security update but also has a key logger on the Kernel Level) [**GK** : Also, I tried to search around the internet for the original attribution for the keylogger claim, but couldn't find any. Uninstalling anyway to be safe.]
echo Uninstalling KB3088195
start /w wusa.exe /uninstall /kb:3088195 /quiet /norestart

rem  KB3093983 (Microsoft claims it's a security update but it contains IE spying)
echo Uninstalling KB3093983
start /w wusa.exe /uninstall /kb:3093983 /quiet /norestart

rem  KB3093513 [**GK**: Seems to be in a couple other lists, other than that, just related to Security bulletin MS15-109. Uninstalling regardless]
echo Uninstalling KB3093513
start /w wusa.exe /uninstall /kb:3093513 /quiet /norestart

rem  KB3042058 (Microsoft claims its a security update but it contains Winlogon Spying)
echo Uninstalling KB3042058
start /w wusa.exe /uninstall /kb:3042058 /quiet /norestart

rem  KB3083710 (Update for the Windows Update client with sketchy details for Windows 7, see this thread http://www.infoworld.com/article/2989896/microsoft-windows/windows-snooping-and-nagging-patches-return-kb-3035583-kb-2952664.html or http://sensorstechforum.com/force-upgraded-to-windows-10-kb-3083710-and-kb-3083711-patches/)
echo Uninstalling KB3083710
start /w wusa.exe /uninstall /kb:3083710 /quiet /norestart

rem  KB3083711 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015 - http://sensorstechforum.com/forums/windows-updates-18/kb-3083710-and-kb-3083711/
echo Uninstalling KB3083711
start /w wusa.exe /uninstall /kb:3083711 /quiet /norestart

rem  2506928 A link in an .html file that you open in Outlook does not work in Windows 7 or in Windows Server 2008 R2
echo Uninstalling KB2506928
start /w wusa.exe /uninstall /kb:2506928 /quiet /norestart

rem  2545698 Text in some core fonts appears blurred in Internet Explorer 9 on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
echo Uninstalling KB2545698
start /w wusa.exe /uninstall /kb:2545698 /quiet /norestart

rem  2592687 Remote Desktop Protocol (RDP) 8.0 update for Windows 7 and Windows Server 2008 R2
echo Uninstalling KB2592687
start /w wusa.exe /uninstall /kb:2592687 /quiet /norestart

rem  2660075 You cannot change the time and date if the time zone is set to Samoa (UTC+13:00) and KB 2657025 is installed in Windows 7 or in Windows Server 2008 R2
echo Uninstalling KB2660075
start /w wusa.exe /uninstall /kb:2660075 /quiet /norestart

rem  2726535 An update is available that adds South Sudan to the list of countries in Windows Server 2008, Windows 7, and Windows Server 2008 R2
echo Uninstalling KB2726535
start /w wusa.exe /uninstall /kb:2726535 /quiet /norestart

rem  2876229 Skype for Microsoft Update
echo Uninstalling KB2876229
start /w wusa.exe /uninstall /kb:2876229 /quiet /norestart

rem  2970228 Russian Ruble symbol [**GK** Ah yes... 9.1MB to add a new currency symbol... Nice one Microsoft ;)]
echo Uninstalling KB2970228
start /w wusa.exe /uninstall /kb:2970228 /quiet /norestart

rem  2994023 RDP 8.1 client for Windows 7 or Windows Server 2008 R2 disconnects when it is connected through a RD gateway
echo Uninstalling KB2994023
start /w wusa.exe /uninstall /kb:2994023 /quiet /norestart

rem  3008188 November 2014 Windows Update client improvements in Windows 8.1 or Windows Server
echo Uninstalling KB3008188
start /w wusa.exe /uninstall /kb:3008188 /quiet /norestart

rem  3008273 update that enables Windows RT to update to Windows RT 8.1, and that enables Window 8 to update to Windows 8.1.
echo Uninstalling KB3008273
start /w wusa.exe /uninstall /kb:3008273 /quiet /norestart

rem  3014460 (Upgrade for windows insider preview / upgrade to windows 10)
echo Uninstalling KB3014460
start /w wusa.exe /uninstall /kb:3014460 /quiet /norestart

rem  3046480 Update helps to determine whether to migrate the .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7
echo Uninstalling KB3046480
start /w wusa.exe /uninstall /kb:3046480 /quiet /norestart

rem  3050267 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015 /// (Windows 10 upgrade preparation but also adds the option in GPEDIT to disable Windows 10 upgrade altogether so you may want to actually install this) [**GK**: No, I do not. lol. Microsoft's ILLUSION OF CHOICE will not sway me]
echo Uninstalling KB3050267
start /w wusa.exe /uninstall /kb:3050267 /quiet /norestart

rem  3065988 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015 - update allows Windows Update client to receive System Hardware Updates and System Firmware Updates from a future version of Windows Server Update Services (WSUS).
echo Uninstalling KB3065988
start /w wusa.exe /uninstall /kb:3065988 /quiet /norestart

rem  3068707 Customer experience telemetry point. W7,8,8.1
echo Uninstalling KB3068707
start /w wusa.exe /uninstall /kb:3068707 /quiet /norestart

rem  3072318 Update for Windows 8.1 OOBE to upgrade to Windows 10
echo Uninstalling KB3072318
start /w wusa.exe /uninstall /kb:3072318 /quiet /norestart

rem  3081452 Ensures smooth experience for updateing OS to future versions
echo Uninstalling KB3081452
start /w wusa.exe /uninstall /kb:3081452 /quiet /norestart

rem  3090045 Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1
echo Uninstalling KB3090045
start /w wusa.exe /uninstall /kb:3090045 /quiet /norestart

rem  KB3064683 (Windows 10 Upgrade for Windows 8)
echo Uninstalling KB3064683
start /w wusa.exe /uninstall /kb:3064683 /quiet /norestart

rem  KB3074677 (Windows 10 Upgrade preparation)
echo Uninstalling KB3074677
start /w wusa.exe /uninstall /kb:3074677 /quiet /norestart

rem  KB3081437 (Windows 10 Upgrade preparation)
echo Uninstalling KB3081437
start /w wusa.exe /uninstall /kb:3081437 /quiet /norestart

rem  KB3081454 (Windows 10 Upgrade preparation)
echo Uninstalling KB3081454
start /w wusa.exe /uninstall /kb:3081454 /quiet /norestart

rem  KB3086255 (Flagged as an Important update. It disables SafeDisc games in Windows Vista, 7, and 8/8.1)
echo Uninstalling KB3086255
start /w wusa.exe /uninstall /kb:3086255 /quiet /norestart

rem  KB3102812 (Fixes an issue regarding long wait while searching for Windows Updates but also has Windows 10 Upgrade preparation for Windows 8)
echo Uninstalling KB3102812
start /w wusa.exe /uninstall /kb:3102812 /quiet /norestart

rem  KB3107998 (Removes Lenovo USB Blocker)
echo Uninstalling KB3107998
start /w wusa.exe /uninstall /kb:3107998 /quiet /norestart
 
rem  KB3112336 (Windows 10 Upgrade for Windows 8)
echo Uninstalling KB3112336
start /w wusa.exe /uninstall /kb:3112336 /quiet /norestart

rem  KB3125574 (Telemetry for Windows 7) //  Apr 2016 rollup with bad ones in it [**GK**: "Convenience Rollup". Yeah, convenient for Microsoft to scarf my data xD]
echo Uninstalling KB3125574
start /w wusa.exe /uninstall /kb:3125574 /quiet /norestart

rem  KB3135449 (Windows 10 Upgrade for Windows 8)
echo Uninstalling KB3135449
start /w wusa.exe /uninstall /kb:3135449 /quiet /norestart

rem  KB3146449 (Windows 10 Upgrade for Windows 7/8)
echo Uninstalling KB3146449
start /w wusa.exe /uninstall /kb:3146449 /quiet /norestart

rem  KB4012218 (Windows Update processor generation detection)
echo Uninstalling KB4012218
start /w wusa.exe /uninstall /kb:4012218 /quiet /norestart

rem  KB4012219 (Windows Update processor generation detection)
echo Uninstalling KB4012219
start /w wusa.exe /uninstall /kb:4012219 /quiet /norestart

rem  KB4015546 (Hardware check for CPU Platform for Windows 7)
echo Uninstalling KB4015546
start /w wusa.exe /uninstall /kb:4015546 /quiet /norestart

rem  KB2982791, Causes crashes, Recomended to uninstall from microsoft
echo Uninstalling KB2982791
start /w wusa.exe /uninstall /kb:2982791 /quiet /norestart

rem  KB3004394, faulty update
echo Uninstalling KB3004394
start /w wusa.exe /uninstall /kb:3004394 /quiet /norestart

rem  KB3018238, only applies to Windows Server 2008
echo Uninstalling KB3018238
start /w wusa.exe /uninstall /kb:3018238 /quiet /norestart

rem  KB3097877, Casuses crashes
echo Uninstalling KB3097877
start /w wusa.exe /uninstall /kb:3097877 /quiet /norestart

rem  KB3121255, crash during backup of PI Data server fails
echo Uninstalling KB3121255
start /w wusa.exe /uninstall /kb:3121255 /quiet /norestart

rem  KB3137061, Azure virtual machines network outage data corruption
echo Uninstalling KB3137061
start /w wusa.exe /uninstall /kb:3137061 /quiet /norestart

rem  KB3138901, No Internet multiple users log on Remote Desktop Services
echo Uninstalling KB3138901
start /w wusa.exe /uninstall /kb:3138901 /quiet /norestart

rem  KB3147071, Connection to Oracle database fails. Causes browser lockups?
echo Uninstalling KB3147071
start /w wusa.exe /uninstall /kb:3147071 /quiet /norestart

rem  KB3172605 July 2016 update rollup (re-released Sep 13 2016)
echo Uninstalling KB3172605
start /w wusa.exe /uninstall /kb:3172605 /quiet /norestart

rem  KB3179573 August 2016 Rollup [**GK**: Rollup my data and send it to the feds ye]
echo Uninstalling KB3179573
start /w wusa.exe /uninstall /kb:3179573 /quiet /norestart

rem  KB894199 hmm.. Description of Software Update Services and Windows Server Update Services changes in content for 2018
echo Uninstalling KB894199
start /w wusa.exe /uninstall /kb:894199 /quiet /norestart

rem  KB947821 System Update Readiness tool. This update can be useful in some situations: an update or SP1 might not install if a system file is damaged. The DISM or System Update Readiness tool may help to fix some Windows corruption errors
echo Uninstalling KB947821
start /w wusa.exe /uninstall /kb:947821 /quiet /norestart

rem  KB949810 Office Genuine Advantage Notification
echo Uninstalling KB949810
start /w wusa.exe /uninstall /kb:949810 /quiet /norestart

rem  KB2719857 Fix for USB RNDIS device to connect to a 3G or 4G network in Windows 7 fix for a computer that is running Windows 7
echo Uninstalling KB2719857
start /w wusa.exe /uninstall /kb:2719857 /quiet /norestart

rem  KB2732059 fix for cannot open an .oxps file in Windows 7
echo Uninstalling KB2732059
start /w wusa.exe /uninstall /kb:2732059 /quiet /norestart

rem  KB2830477 Remote Desktop Connection (RDC) 8.1 client update
echo Uninstalling KB2830477
start /w wusa.exe /uninstall /kb:2830477 /quiet /norestart

rem  KB2834140 Stop error "0x00000050" after you install update 2670838 on a computer that is running Windows 7 SP1
echo Uninstalling KB2834140
start /w wusa.exe /uninstall /kb:2834140 /quiet /norestart

rem   KB2840149 security update for the Windows file system kernel-mode driver (ntfs.sys) Some have had some boot problems with it.
echo Uninstalling KB2840149
start /w wusa.exe /uninstall /kb:2840149 /quiet /norestart

rem  KB2923545 RDP Remote desktop protocol 
echo Uninstalling KB2923545
start /w wusa.exe /uninstall /kb:2923545 /quiet /norestart

rem  KB2938066 An update to harden Windows Server Update Services that further improves the security of Windows Server Update Services (WSUS) and the Windows Update Agent (WUA) (Fishy info)
echo Uninstalling KB2938066
start /w wusa.exe /uninstall /kb:2938066 /quiet /norestart

rem  KB2966583–Improvements for the System Update Readiness Tool in Windows 7
echo Uninstalling KB2966583
start /w wusa.exe /uninstall /kb:2966583 /quiet /norestart

rem  KB2976897 Recomended to uninstall from microsoft
echo Uninstalling KB2976897
start /w wusa.exe /uninstall /kb:2976897 /quiet /norestart

rem  KB2978092 Graphics software or applications crash
echo Uninstalling KB2978092
start /w wusa.exe /uninstall /kb:2978092 /quiet /norestart

rem KB2999226 win10 universal CRT
echo Uninstalling KB2999226
start /w wusa.exe /uninstall /kb:2999226 /quiet /norestart

rem  KB3006137 Update changes the currency symbol of Lithuania from the Lithuanian litas (Lt) to the euro (€) in Windows
echo Uninstalling KB3006137
start /w wusa.exe /uninstall /kb:3006137 /quiet /norestart

rem  KB3013531 Some says win10 ralated MS says to support copying .mkv files to Windows Phone from a computer that is running Windows
echo Uninstalling KB3013531
start /w wusa.exe /uninstall /kb:3013531 /quiet /norestart

rem  KB3014406 Some says fishy MS says: fix for Startup delay occurs after you disable IPv6 in Windows
echo Uninstalling KB3014406
start /w wusa.exe /uninstall /kb:3014406 /quiet /norestart

rem  KB3029606 Telemetry?? Update to improve Bluetooth driver diagnosis in Windows 8.1
echo Uninstalling KB3029606
start /w wusa.exe /uninstall /kb:3029606 /quiet /norestart

rem  KB3032359 IE update that can mess some..
echo Uninstalling KB3032359
start /w wusa.exe /uninstall /kb:3032359 /quiet /norestart

rem  KB3038314 messing with set default search provider..
echo Uninstalling KB3038314
start /w wusa.exe /uninstall /kb:3038314 /quiet /norestart

rem  KB3040272 fix.. Start time increases after another language pack is added to Windows.. very little info.
echo Uninstalling KB3040272
start /w wusa.exe /uninstall /kb:3040272 /quiet /norestart

rem  KB3045645 Some says win10 related. MS says: Update to force a UAC prompt when a customized .sdb file is created in Windows. little info.
echo Uninstalling KB3045645
start /w wusa.exe /uninstall /kb:3045645 /quiet /norestart

rem  KB3048043 Some had problems with corrupted files when installed. MS Says: fix for Screen flickers or becomes blank when you drag tiles on the Start screen in Windows
echo Uninstalling KB3048043
start /w wusa.exe /uninstall /kb:3048043 /quiet /norestart

rem  KB3054476 A little bit fishy, no real info and many avoid it. MS says:This update helps Microsoft improve the experiences when users run stream.sys driver-based applications in Windows 7 Service Pack 1 (SP1)
echo Uninstalling KB3054476
start /w wusa.exe /uninstall /kb:3054476 /quiet /norestart

rem  KB3077715 Some says bad and win10 related MS says: August 2015 cumulative time zone update for Windows operating systems
echo Uninstalling KB3077715
start /w wusa.exe /uninstall /kb:3077715 /quiet /norestart

rem  KB3078667 Some says bad and win10 related. MS says: fix for System malfunction because memory leak occurs in dwm.exe in Windows 7
echo Uninstalling KB3078667
start /w wusa.exe /uninstall /kb:3078667 /quiet /norestart

rem  KB3080079 Some have said bad win10/telemetry.. MS says: Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7
echo Uninstalling KB3080079
start /w wusa.exe /uninstall /kb:3080079 /quiet /norestart

rem  KB3080351 Win10 related
echo Uninstalling KB3080351
start /w wusa.exe /uninstall /kb:3080351 /quiet /norestart

rem  KB3083225 Some says Telemetry. No info avalible on MS
echo Uninstalling KB3083225
start /w wusa.exe /uninstall /kb:3083225 /quiet /norestart

rem  KB3095649 Some says win10 related MS says: Fixes a crash in Win32k.sys in Windows 7 SP1
echo Uninstalling KB3095649
start /w wusa.exe /uninstall /kb:3095649 /quiet /norestart

rem  KB3097966 Some says Telemetry and win10 related.. MS says:Microsoft security advisory: Inadvertently disclosed digital certificates could allow spoofing: October 13, 2015
echo Uninstalling KB3097966
start /w wusa.exe /uninstall /kb:3097966 /quiet /norestart

rem  KB3102429 Update that supports Azerbaijani Manat and Georgian Lari currency symbols in Windows
echo Uninstalling KB3102429
start /w wusa.exe /uninstall /kb:3102429 /quiet /norestart

rem  KB3106614 Security update for Silverlight to address remote code execution: December 8, 2015
echo Uninstalling KB3106614
start /w wusa.exe /uninstall /kb:3106614 /quiet /norestart

rem  KB3114409 May cause Outlook 2010 to crash
echo Uninstalling KB3114409
start /w wusa.exe /uninstall /kb:3114409 /quiet /norestart

rem  KB3118401 Update Universal C Runtime (CRT) Windows 10 universal CRT
echo Uninstalling KB3118401
start /w wusa.exe /uninstall /kb:3118401 /quiet /norestart

rem  KB3124263 Cumulative security update for Windows 10
echo Uninstalling KB3124263
start /w wusa.exe /uninstall /kb:3124263 /quiet /norestart

rem  KB3141092 Installed itself on LH computer 3/3/16 even though not selected, reportedly piggybacks on Security Update KB3134814 if IE11 is installed
echo Uninstalling KB3141092
start /w wusa.exe /uninstall /kb:3141092 /quiet /norestart

rem  KB3143736 After you install security update 3093983, Oracle Siebel CRM crashes in the Mshtml.dll file and returns code "c0000602" in Internet Explorer.
echo Uninstalling KB3143736
start /w wusa.exe /uninstall /kb:3143736 /quiet /norestart

rem  KB3146706 - Security update for Windows OLE. Not needed. Break pirate copies of Windows 7.
echo Uninstalling KB3146706
start /w wusa.exe /uninstall /kb:3146706 /quiet /norestart

rem  KB3148198 important but worrying - Cumulative update for IE11. Includes previous Windows 10 preparation.
echo Uninstalling KB3148198
start /w wusa.exe /uninstall /kb:3148198 /quiet /norestart

rem  KB3154996 After you install security update 3100773, you discover that you can't type Korean characters correctly by using the Korean Hangul input method editor (IME) in Internet Explorer 11.
echo Uninstalling KB3154996
start /w wusa.exe /uninstall /kb:3154996 /quiet /norestart

rem  KB3156417 -May 2016 non security update rollup for Windows 7 SP1
echo Uninstalling KB3156417
start /w wusa.exe /uninstall /kb:3156417 /quiet /norestart

rem  KB3159398 I read that several users have decided to postpone the patch KB3159398 for certain problems that it causes :
echo Uninstalling KB<>
start /w wusa.exe /uninstall /kb:<> /quiet /norestart

rem  KB3159706 is intended to sync and distribute Windows 10 upgrades
echo Uninstalling KB3159706
start /w wusa.exe /uninstall /kb:3159706 /quiet /norestart

rem  KB3161102 Removes Windows Journal component.
echo Uninstalling KB3161102
start /w wusa.exe /uninstall /kb:3161102 /quiet /norestart

rem  KB3161608 - June 2016 Update Rollup for Windows 7 SP1 (Includes Windows Update Client for Windows 7: June 2016) contains some telemetry.
echo Uninstalling KB3161608
start /w wusa.exe /uninstall /kb:3161608 /quiet /norestart

rem  KB3167679 MS-says: Description of the security update for Windows authentication methods: August 9, 2016.. But,KB3167679 breaks password changing on Win7 joined in NT style domain (samba 3.6.23)(This info found on Microsoft TechNet)
echo Uninstalling KB3167679
start /w wusa.exe /uninstall /kb:3167679 /quiet /norestart

rem  KB3170735 Is on many block lists. Says Win 10 related. MS says:July 2016 Update for Windows Journal... No real info about what it is in it.
echo Uninstalling KB3170735
start /w wusa.exe /uninstall /kb:3170735 /quiet /norestart

rem  KB3184143 Remove software related to the Windows 10 free upgrade offer.
echo Uninstalling KB3184143
start /w wusa.exe /uninstall /kb:3184143 /quiet /norestart

rem   KB3161647 Windows Update Client for Windows 7 and Windows Server 2008 R2: June 2016
echo Uninstalling KB3161647
start /w wusa.exe /uninstall /kb:3161647 /quiet /norestart

rem   KB3185278 September qality rollup The September 2016 update rollup includes some new improvements and fixes for the Windows 7 Service Pack 1 (SP1)
echo Uninstalling KB3185278
start /w wusa.exe /uninstall /kb:3185278 /quiet /norestart

rem   2018-02 Preview of Monthly Rollup - KB4075211
echo Uninstalling KB4075211
start /w wusa.exe /uninstall /kb:4075211 /quiet /norestart

rem    2018-02 Monthly Rollup - KB4074598 Unknown if it has spectre/meltdown patch
echo Uninstalling KB4075211
start /w wusa.exe /uninstall /kb:4075211 /quiet /norestart

Bypass Windows 11 Installation Checks

While installing windows, when the error message "This PC does not meet the requirements […]" pops up, press Shift+F10 in order to launch a command prompt. Type regedit in the command prompt and then browse to Computer→HKEY_LOCAL_MACHINE→SYSTEM→Setup and add a new key under Setup named LabConfig. Now, for the LabConfig key, add three new 32-bit DWORDS and give them the value of 1:

After they are added and set to a value of 1, simply close the "This PC does not meet the requirements […]" error message and abort the installation. Then the install should go back to the first screen and this time the error message should be gone.

Solve Issues with Windows Update on Windows 7

Due to old certificates, a newly installed Windows cannot access the Windows Update folder resulting in the error 80072EFE. To solve the issue, download the Windows 7 update KB3138612 and install it. After a reboot, Windows Update should work again.

Start Explorer Window from Command Prompt

Given a certain path in a command prompt, issue:

start .

to open an explorer window for the current folder.

Skip Initial Setup for Windows 11

After selecting the region and keyboard layout, press Shift+F10 and then type OOBE\BYPASSNRO in the command prompt. The computer should then restart and on the next boot, after selecting the region and keyboard layout again, a new option will appear allowing to proceed with the setup without an Internet connection.

Run tor as a System Service under Windows

tor can be installed locally on a Windows machine without having to use the Tor browser bundle and perhaps allowing different kinds of traffic, aside web browsing, to be anonymized using the tor onion network.

Given a Cygwin setup, tor can be compiled from source by issuing:

./configure
make
make install

that will install all the relevant files under the /usr/local FSH subpath.

A minimal tor configuration should suffice for the most part and here is a sample file that has been placed under the Cygwin relative path at /etc/torrc:

# Process parameters.
RunAsDaemon 0

# Data directory.
DataDirectory /var/lib/tor
PidFile /var/run/tor.pid
Log notice file /var/log/tor.log

# Network configuration.
SocksPort 0.0.0.0:9050
SocksPolicy accept 10.0.1.0/24
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
#DNSPort 53
#DNSListenAddress 127.0.0.1
AutomapHostsSuffixes .exit,.onion

# Bridges
UseBridges 1

# Snowflake
Bridge snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
ClientTransportPlugin snowflake exec /usr/local/bin/snowflake-client.exe

Since tor will be meant to run as a system service, some permissions should be changed to allow the Windows SYSTEM user to access /var/lib/tor:

chown -R SYSTEM /var/lib/tor

Finally, the next step is to use cygrunsrv in order to install tor as a Windows service:

cygrunsrv.exe -I tor -p /usr/local/bin/tor.exe -a '-f /etc/torrc' -d 'Onion Network Router'  -f 'Onion Network Router' -V

The service can also be removed by issuing:

cygrunsrv.exe -R tor

Starting the services control panel by running the Windows command services.msc will display a line corresponding to the tor service that has been installed. The service can then be started and stopped manually and will additionally restart on reboot.

In order to add an extra layer of obfuscation, snowflake can be used to provide a client transport over WebRTC. Compiling of the snowflake transport client can also be accomplished under Cygwin by:

git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
cp client.exe /usr/local/bin/snowflake-client.exe
# Bridges
UseBridges 1

# Snowflake
Bridge snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
ClientTransportPlugin snowflake exec /usr/local/bin/snowflake-client.exe

In order to use tor, for any program that has SOCKS proxy support, just set the server to the localhost 127.0.0.1 and port 9050 corresponding to the tor configuration file at /etc/torrc.

Remove Zone Liability Dumping on Windows

Starting with Windows XP, Microsoft added some liability dumping whenever any file is downloaded from the Internet by adding extra information to NTFS file streams indicating the zone from where the file originated. The prompt in the image above is typical when trying to open a file downloaded with any browser.

For files that have already been downloaded, the streams program can be used to remove the zone information from all files, for instance, the files in the user's Download directory:

streams -d %userprofile%\downloads\*

Otherwise, for a more permanent solution, navigate using a registry editor to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies and and create two new keys:

Within HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations create a new string value ModRiskFileTypes and set the value to the extensions that you wish to be opened without a warning, that is *.exe;*.msi; or set it to the all-files wildcard *.*. Next, within the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments registry key, create a new DWORD value named SaveZoneInformation and set it to 1.

Finally, run inetcpl.cpl (Internet Properties), navigate to the Security tab and select Custom Level. Scroll down to Miscellaneous and set Launching applications and unsafe files (not secure) to Enable (not secure).

Disable the Windows Key and Windows Menu Popup

In order to disable the Windows key and Windows menu popup, insert the following into the registry:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,03,00,00,00,00,00,5B,E0,00,00,5C,E0,00,00,00,00

in order to revert the changes and enable the Windows key, insert the following into the registry:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=-

Prevent Windows from Using Windows Update to Search and Install Drivers

In order to prevent windows from using windows update to search and install drivers, the "System Properties" panel can be loaded and then the "Hardware" tab will contain a "Device Installation Settings" section. By clicking the "Device Installation Settings" button, a panel will let the user decide between letting Windows connect to Windows Update automatically, or just prompt the user instead when a device driver cannot be found.

Install Office 2019 on Windows 7

A tool called wotok_offline can be used to install the 2019 variant of Microsoft Office on Windows 7 even if Office 2019 is unsupported. The procedure involves mounting the Microsoft Office 2019 ISO and then running the wotok_offline.exe binary that will ask for the location of the Office 2019 files and then start installing.

Unfortunately, Office 2019 does not seem to behave well on Windows 7 with various bugs that will eventually end up crashing the applications. Outlook 2019 on Windows 7 will, for example, crash when the user will try to set up an account after the initial account has been set up. Similarly, due to changes in authentication trends, programs like Outlook will not really work anymore with all major groupware account providers.

Restore Default Service State for Windows 7, 8, 10

After enabling or disabling Windows services using services.msc or similar, it would be useful to be able to return to the original settings for each service. In order to restore the service state, download the following zip file, extract is and open a command prompt inside the extracted folder:

and then issue the following command in order to batch-import the registry files within the current directory:

C:\Users\me\Desktop\DefaultServiceState>forfiles /s /m *.reg /c "cmd /c reg import @path"