Me, myself & IT

The 10 Commandments for Windows^™ 10 (plus an 11th for Windows^™ 11)

Purpose
Reason
First Commandment
Second Commandment
Third Commandment
Fourth Commandment
Fifth Commandment
Sixth Commandment
Seventh Commandment
Eighth Commandment
Ninth Commandment
Tenth Commandment
Eleventh Commandment
Sample Implementation

Purpose

Fix or mitigate some of the worst shortcomings, vulnerabilities and weaknesses of Windows 10 as well as Windows 11.

Reason

As shipped by Microsoft^®, all versions of Windows^™ NT are insecure and unsafe: Windows is still setup without strict privilege separation, i.e. without separate accounts for (unprivileged) user(s) and (privileged) administrator(s), it even fails to isolate processes running in different sessions, thereby allowing unprivileged (standard) users to elevate their privileges to NT AUTHORITY\SYSTEM alias LocalSystem, it violates the minimum requirements of the almost 30 (in words: thirty) years old Designed for Windows specification, and it doesn’t follow best practices as well as many security recommendations.

First Commandment: no Short 8.3 Filenames, but Long Pathnames

Short 8.3 filenames are a (completely superfluous) cruft from the past of MS-DOS …

Windows PE

Setup.exe /NoReboot
FSUtil.exe 8Dot3Name Strip /F /S ‹drive letter›:\
FSUtil.exe 8Dot3Name Set ‹drive letter›: 1

FSUtil 8dot3Name

The length limitation of pathnames to MAX_PATH = 260 characters is another cruft from the past …

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"LongPathsEnabled"=dword:00000001

MSDN article Naming Files, Paths, and Namespaces …

Second Commandment: Strict Privilege Separation

Activate the builtin Administrator user account, as documented in the TechNet article Enable and Disable the Built-in Administrator Account, then demote the user account created during Windows setup from (protected) administrator to standard user. …

"%SystemRoot%\System32\Net.exe" USER Administrator /Active:Yes /PasswordReq:Yes
"%SystemRoot%\System32\Net.exe" LOCALGROUP Administrators "%USERNAME%" /Delete
"%SystemRoot%\System32\Net.exe" LOCALGROUP Users "%USERNAME%" /Add

No qUACkery any more: disable silent (automatic) elevation in the ~~user~~ (protected) administrator account created during Windows Setup, and disable elevation in (unprivileged) standard user accounts, as documented in the TechNet article UAC Group Policy Settings and Registry Key Settings:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000000

Block (unprivileged) standard user accounts from logging on in Safe Mode, as documented in the MSKB article 977542:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"SafeModeBlockNonAdmins"=dword:00000001

Separate the system’s user-writable (shared) TEMP directory %SystemRoot%\Temp\ from that of the NT AUTHORITY\SYSTEM alias LocalSystem user account:

MkDir "%SystemRoot%\System32\Config\SystemProfile\AppData\Local\Temp"
If Exist "%SystemRoot%\SysWoW64\Config\SystemProfile" MkDir "%SystemRoot%\SysWoW64\Config\SystemProfile\AppData\Local\Temp"
"%SystemRoot%\System32\SetX.exe" TEMP "%%USERPROFILE%%\AppData\Local\Temp" /M
"%SystemRoot%\System32\SetX.exe" TMP "%%USERPROFILE%%\AppData\Local\Temp" /M

Set the attributes hidden, read-only and system on the system’s (shared) Temp directory %SystemRoot%\Temp\ to prevent File Explorer from trying to perform the permanent damage documented in the MSKB article 950934:

"%SystemRoot%\System32\Attrib.exe" +H +R +S "%SystemRoot%\Temp"

Third Commandment: …

Disable user authentication via Microsoft Accounts:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftAccount]
"DisableUserAuth"=dword:00000001

Disable automatic device encryption:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker]
"PreventDeviceEncryption"=dword:00000001

Fourth Commandment: Security

MSKB article 2893294, the security bulletin MS13-098 and the security advisory Changes in Windows Authenticode Signature Verification

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\WinTrust\Config]
"EnableCertPaddingCheck"="1"

CAVEAT: on 64-bit systems this registry entry must be set in the 32-bit registry branch too!

"%SystemRoot%\System32\Reg.exe" ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\WinTrust\Config" /V "EnableCertPaddingCheck" /T REG_SZ /D "1" /F /REG:64
"%SystemRoot%\System32\Reg.exe" ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\WinTrust\Config" /V "EnableCertPaddingCheck" /T REG_SZ /D "1" /F /REG:32

MSKB articles 239869, 823659, 960859, 973811 and 2793313, plus the TechNet article Configuring Additional LSA Protection

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
; Disable insecure 'LAN Manager' authentication
; 0: send LM and NTLMv1 responses; never use NTLMv2 security
; 1: send LM and NTLMv1 responses; use NTLMv2 if negotiated
; 2: send NTLMv1 response only
; 3: send NTLMv2 response only; still accept both LM and NTLMv1 challenges
; 4: send NTLMv2 response only; refuse LM challenge, accept both NTLMv1 and NTLMv2 challenges
; 5: send NTLMv2 response only; refuse LM and NTLMv1 challenges, accept NTLMv2 challenge only
"LMCompatibilityLevel"=dword:00000005

"NoLMHash"=dword:00000001
"RunAsPPL"=dword:00000001

MSKB article 2264107 and the MSDN article NeedCurrentDirectoryForExePath()

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"CWDIllegalInDLLSearch"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"NoDefaultCurrentDirectoryInExePath"="*"

Fifth Commandment: …

Although the NT Virtual DOS Machine is an optional component since Windows 8.1, it gets installed on-demand as soon as a 16-bit DOS or legacy Windows application is executed.

See the MSDN article Windows components installed on demand for details.

On 32-bit editions, disable the NTVDM subsystem for 16-bit applications.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]
"VDMDisallowed"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WoW]
"DisallowedPolicyDefault"=dword:00000001

Sixth Commandment: Safety

Disable the ms-appinstaller URL protocol handler:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\URLBlockList]
"0"="ms-appinstaller:*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppInstaller]
"EnableMSAppInstallerProtocol"=dword:00000000

Disable execution of .hta files:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\HTA]
"DisableHTMLApplication"dword:00000001

Disable Windows Script Host and with it execution of JScript, as well as VBScript files, typically .js, .jse, .vbs, .vbe, .wsf and .wsh.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Enabled"=dword:00000000
"Remote"=dword:00000000
"TrustPolicy"=dword:00000002
;"UseWinSAFER"="1"

CAVEAT: these settings can be overridden in the (current) user’s registry branch!

Disable JScript and VBScript in all URL security zones of Internet Explorer for every user account:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\0]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\1]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\2]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\3]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\4]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"140C"=dword:00000003
"140D"=dword:00000003

Documented in the MSKB articles 4012494 and 4586060, the cumulative security update 4014661 for Internet Explorer introduced both options in Windows 10 1703 alias Creators Update, codenamed Redstone 2.

Enable TLS 1.3:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
;                       00000020 ; SSL 3.0
;                       00000080 ; TLS 1.0
;                       00000200 ; TLS 1.1
;                       00000800 ; TLS 1.2
;                       00002000 ; TLS 1.3
"SecureProtocols"=dword:00002a00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.3\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Seventh Commandment: Privacy

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo]
"DisabledByGroupPolicy"=dword:00000001

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"AlternateErrorPagesEnabled"=dword:00000000
"HubsSidebarEnabled"=dword:00000000

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowCortanaButton"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search]
"AllowCortana"=dword:00000000
"AllowSearchToUseLocation"=dword:00000000
"BingSearchEnabled"=dword:00000000
"ConnectedSearchPrivacy"=dword:00000003
"ConnectedSearchUseWeb"=dword:00000000
"ConnectedSearchUseWebOverMeteredConnections"=dword:00000000
"CortanaConsent"=dword:00000000
"DisableWebSearch"=dword:00000001
"SearchBoxTaskbarMode"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
"AllowCortana"=dword:00000000
"ConnectedSearchUseWeb"=dword:00000000
"ConnectedSearchUseWebOverMeteredConnections"=dword:00000000
"DisableWebSearch"=dword:00000001
"EnableDynamicContentInWSB"=dword:00000000

Unless you definitively want to use OneDrive and store your personal documents on other people’s servers, create the following Registry entries to disable its client:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OneDrive]
"PreventNetworkTrafficPreUserSignIn"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive]
"DisableFileSync"=dword:00000001
"DisableFileSyncNGSC"=dword:00000001
"DisableLibrariesDefaultSaveToOneDrive"=dword:00000001
"DisableMeteredNetworkFileSync"=dword:00000001

Also run the following command lines to remove the registry entry that starts the installation program OneDriveSetup.exe from the Default user’s registry hive before the first user login to prevent the installation of the outdated OneDrive Client shipped with Windows in every user profile (where it is unprotected against tampering and can be overwritten).

"%SystemRoot%\System32\Reg.exe" LOAD   "HKEY_USERS\DEFAULT" "%SystemDrive%\Users\Default\NTUSER.DAT"
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /V "OneDriveSetup" /F
"%SystemRoot%\System32\Reg.exe" UNLOAD "HKEY_USERS\DEFAULT"

Note: optionally run the command line %SystemRoot%\System32\OneDriveSetup.exe /AllUsers on 32-bit systems respectively %SystemRoot%\SysWoW64\OneDriveSetup.exe /AllUsers on 64-bit systems to perform a per-machine installation of the OneDrive Client.

Additionally delete the installation program %SystemRoot%\System32\OneDriveSetup.exe on 32-bit systems respectively %SystemRoot%\SysWoW64\OneDriveSetup.exe on 64-bit systems.

Unless you definitively want to use the Malicious Software Removal Tool, create the following Registry entries to block its automatic monthly (re)installation via Windows Update and disable its reporting feature, as documented in the MSKB articles 890830 and 891716:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontOfferThroughWUAU"=dword:00000001
"DontReportInfectionInformation"=dword:00000001

Eighth Commandment: Annoyances

Disable the Lock Screen:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
"NoLockScreen"=dword:00000001

Show Command Prompt instead of PowerShell on the Start Menu, and Start Command Prompt here instead of Start PowerShell here on the Context Menu of directories and drives, for all or just selected users:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"DontUsePowerShellOnWinX"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"DontUsePowerShellOnWinX"=dword:00000001

Disable automatic reboot while users are logged on after (automatic) installation of updates, as documented in the TechNet article Configure Automatic Updates in a Non–Active Directory Environment:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
;"ActiveHoursStart"=dword:00000000
;"ActiveHoursEnd"=dword:00000017
"SetActiveHours"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000005
"IncludeRecommendedUpdates"=dword:00000000
"NoAutoRebootWithLoggedOnUsers"=dword:00000001

Disable automatic installation of suggested Apps, Windows App Store Suggestions and other gimmicks:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
"ContentDeliveryAllowed"=dword:00000000
"FeatureManagementEnabled"=dword:00000000
"OEMPreInstalledAppsEnabled"=dword:00000000
"PreInstalledAppsEnabled"=dword:00000000
"PreInstalledAppsEverEnabled"=dword:00000000
"SilentInstalledAppsEnabled"=dword:00000000
"SoftLandingEnabled"=dword:00000000
"SubscribedContentEnabled"=dword:00000000
"SubscribedContent-310093Enabled"=dword:00000000
"SubscribedContent-338387Enabled"=dword:00000000
"SubscribedContent-338388Enabled"=dword:00000000
"SubscribedContent-338389Enabled"=dword:00000000
"SubscribedContent-338393Enabled"=dword:00000000
"SystemPaneSuggestionsEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
"ConfigureWindowsSpotlight"=dword:00000002
"DisableSoftLanding"=dword:00000001
"DisableSpotlightCollectionOnDesktop"=dword:00000001
"DisableTailoredExperiencesWithDiagnosticData"=dword:00000001
"DisableThirdPartySuggestions"=dword:00000001
"DisableWindowsConsumerFeatures"=dword:00000001
"DisableWindowsSpotlightFeatures"=dword:00000001
"DisableWindowsSpotlightOnActionCenter"=dword:00000001
"DisableWindowsSpotlightOnSettings"=dword:00000001
"DisableWindowsSpotlightWindowsWelcomeExperience"=dword:00000001
"IncludeEnterpriseSpotlight"=dword:00000000

Disable automatic changes of the desktop background, i.e. the wallpaper:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DesktopSpotlight\Settings]
"EnabledState"=dword:00000000

Disable Online Help & Tips in the Immersive Control Panel and the News & Interests icon on the Taskbar:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"AllowOnlineTips"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds]
"EnableFeeds"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Feeds]
"ShellFeedsTaskbarViewMode"=dword:00000002

Disable Fast Startup:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"HiberBootEnabled"=dword:00000000

Disable automatic login after reboot:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=dword:00000001

Disable search results from the Internet:

REGEDIT4

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
"DisableSearchBoxSuggestions"=dword:00000001

Disable creation of desktop icon for Edge Chromium:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
"CreateDesktopShortcutDefault"=dword:00000000

Unless you intend to join an Active Directory Domain and also operate the computer with permanent network connectivity to the domain controllers, run the following command line to modify the start/stop trigger of the W32Time service, as documented in the MSKB article 2385818:

"%SystemRoot%\System32\SC.exe" TriggerInfo W32Time Start/NetworkOn Stop/NetworkOff

Ninth Commandment: …

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore]
"AutoDownload"=dword:00000002
"DisableStoreApps"=dword:00000001
"RemoveWindowsStore"=dword:00000001

"%SystemRoot%\System32\DISM.exe" /Online /Get-ProvisionedAppxPackages /Format:Table | "%SystemRoot%\System32\FindStr.exe" /B /C:"PackageName: " 1>"%SystemRoot%\Setup\Scripts\SetupComplete.tmp"
For /F "Tokens=2 UseBackQ" %%? In ("%SystemRoot%\Setup\Scripts\SetupComplete.tmp") Do "%SystemRoot%\System32\DISM.exe" /Online /Remove-ProvisionedAppxPackage /PackageName:%%?

REGEDIT4

; Disable (re)installation of (de)provisioned 'Apps'
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.3DBuilder_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.549981C3F5F10_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.GetHelp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Getstarted_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.HEIFImageExtension_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Messaging_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MixedReality.Portal_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MSPaint_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Office.OneNote_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.OneConnect_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Outlook.DesktopIntegrationServices_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.People_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Print3D_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ScreenSketch_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SkypeApp_kzf8qxf38zg5c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.StorePurchaseApp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.VCLibs.140.00_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Wallet_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WebMediaExtensions_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WebpImageExtension_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Windows.Photos_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsAlarms_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCalculator_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCamera_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsMaps_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsStore_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Xbox.TCUI_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxApp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameOverlay_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.YourPhone_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe]

Prevent the installation of Outlook for Windows with cumulative updates in 2025:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe]
"BlockedOobeUpdaters"="["MS_Outlook"]"

Tenth Commandment: …

REGEDIT4

[HKEY_CLASSES_ROOT\.acm]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.ax]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.cab]
"Content Type"="application/vnd.ms-cab-compressed"

[HKEY_CLASSES_ROOT\.com]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.cpl]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.dll]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.drv]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.efi]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.exe]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.ime]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.mui]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.msu]
"Content Type"="application/vnd.ms-cab-compressed"

[HKEY_CLASSES_ROOT\.ocx]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.scr]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.sys]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\.tsp]
"Content Type"="application/vnd.microsoft.portable-executable"

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-1]
"CodePage"=dword:00006FAF ; 28591
"InternetEncoding"=dword:00006FAF

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-2]
"CodePage"=dword:00006FB0 ; 28592
"InternetEncoding"=dword:00006FB0

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-3]
"CodePage"=dword:00006FB1 ; 28593
"InternetEncoding"=dword:00006FB1

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-4]
"CodePage"=dword:00006FB2 ; 28594
"InternetEncoding"=dword:00006FB2

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-5]
"CodePage"=dword:00006FB3 ; 28595
"InternetEncoding"=dword:00006FB3

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-6]
"CodePage"=dword:00006FB4 ; 28596
"InternetEncoding"=dword:00006FB4

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-7]
"CodePage"=dword:00006FB5 ; 28597
"InternetEncoding"=dword:00006FB5

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-8]
"CodePage"=dword:00006FB6 ; 28598
"InternetEncoding"=dword:00006FB6

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-9]
"CodePage"=dword:00006FB7 ; 28599
"InternetEncoding"=dword:00006FB7

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-10]
"CodePage"=dword:00006FB8 ; 28600
"InternetEncoding"=dword:00006FB8

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-11]
"AliasForCharSet"=-
"CodePage"=dword:00006FB9 ; 28601
"InternetEncoding"=dword:00006FB9

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-12]
"CodePage"=dword:00006FBA ; 28602
"InternetEncoding"=dword:00006FBA

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-13]
"CodePage"=dword:00006FBB ; 28603
"InternetEncoding"=dword:00006FBB

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-14]
"CodePage"=dword:00006FBC ; 28604
"InternetEncoding"=dword:00006FBC

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-15]
"CodePage"=dword:00006FBD ; 28605
"InternetEncoding"=dword:00006FBD

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\iso-8859-16]
"CodePage"=dword:00006FBE ; 28606
"InternetEncoding"=dword:00006FBE

[HKEY_CLASSES_ROOT\MIME\DataBase\CharSet\windows-1254]
"AliasForCharSet"=-
"CodePage"=dword:000004E6 ; 1254
"InternetEncoding"=dword:000004E6

[HKEY_CLASSES_ROOT\MIME\DataBase\Content Type\application/vnd.microsoft.portable-executable]
;"Extension"=".exe"

[HKEY_CLASSES_ROOT\MIME\DataBase\Content Type\application/vnd.ms-cab-compressed]
;"Extension"=".cab"

REGEDIT4

; Copyright © 2004-2025, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

[HKEY_CLASSES_ROOT\MSI.Package\Shell\RunAs]
"HasLUAShield"=""
"MUIVerb"="@C:\\Windows\\System32\\MSIMsg.dll,-36"

[HKEY_CLASSES_ROOT\MSI.Package\Shell\RunAs\Command]
@="C:\\Windows\\System32\\MSIExec.exe /I \"%L\" %*"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAs]
"HasLUAShield"=""
"MUIVerb"="@C:\\Windows\\System32\\MSIMsg.dll,-39"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAs\Command]
@="C:\\Windows\\System32\\MSIExec.exe /P \"%L\" %*"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAsUser]
@="@C:\\Windows\\System32\\Shell32.dll,-50944"
;@="@C:\\Windows\\System32\\TWinUI.dll,-8502" ; �
"Extended"=""
"SuppressionPolicyEx"="{F211AA05-D4DF-4370-A2A0-9F19C09756A7}"

[HKEY_CLASSES_ROOT\MSI.Patch\Shell\RunAsUser\Command]
"DelegateExecute"="{EA72D00E-4960-42FA-BA92-7792A7944C1D}"

REGEDIT4

[HKEY_CLASSES_ROOT\.bmp]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.bmp\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.dib]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.dib\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.gif]
@="PhotoViewer.FileAssoc.GIF"

[HKEY_CLASSES_ROOT\.gif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.GIF"=hex(0):

[HKEY_CLASSES_ROOT\.ico]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.ico\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.jfif]
@="PhotoViewer.FileAssoc.JFIF"

[HKEY_CLASSES_ROOT\.jfif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JFIF"=hex(0):

[HKEY_CLASSES_ROOT\.jpe]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpe\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.jpeg]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpeg\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.jpg]
@="PhotoViewer.FileAssoc.JPEG"

[HKEY_CLASSES_ROOT\.jpg\OpenWithProgIDs]
"PhotoViewer.FileAssoc.JPEG"=hex(0):

[HKEY_CLASSES_ROOT\.png]
@="PhotoViewer.FileAssoc.PNG"

[HKEY_CLASSES_ROOT\.png\OpenWithProgIDs]
"PhotoViewer.FileAssoc.PNG"=hex(0):

[HKEY_CLASSES_ROOT\.rle]
@="PhotoViewer.FileAssoc.BitMap"

[HKEY_CLASSES_ROOT\.rle\OpenWithProgIDs]
"PhotoViewer.FileAssoc.BitMap"=hex(0):

[HKEY_CLASSES_ROOT\.tif]
@="PhotoViewer.FileAssoc.TIFF"

[HKEY_CLASSES_ROOT\.tif\OpenWithProgIDs]
"PhotoViewer.FileAssoc.TIFF"=hex(0):

[HKEY_CLASSES_ROOT\.tiff]
@="PhotoViewer.FileAssoc.TIFF"

[HKEY_CLASSES_ROOT\.tiff\OpenWithProgIDs]
"PhotoViewer.FileAssoc.TIFF"=hex(0):

[HKEY_CLASSES_ROOT\.wdp]
@="PhotoViewer.FileAssoc.WDP"

[HKEY_CLASSES_ROOT\.wdp\OpenWithProgIDs]
"PhotoViewer.FileAssoc.WDP"=hex(0):

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Print\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\Shell\Print\DropTarget]
"CLSID"="{60FD46DE-F830-4894-A628-6FA81BC0190D}"

[HKEY_CLASSES_ROOT\Applications\PhotoViewer.dll\SupportedTypes]
".bmp"=""
".dib"=""
".gif"=""
".ico"=""
".jfif"=""
".jpe"=""
".jpeg"=""
".jpg"=""
".png"=""
".rle"=""
".tif"=""
".tiff"=""
".wdp"=""

[HKEY_CLASSES_ROOT\icofile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\icofile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\icofile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\jpegfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\pjpegfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\pngfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\wdpfile\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\Paint.Picture\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\TIFImage.Document\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3056"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-70"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.BitMap\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-71"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.GIF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-72"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG]
"EditFlags"=dword:00010000
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3055"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-72"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JPEG\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3057"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-71"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.PNG\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF]
"FriendlyTypeName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3058"
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\DefaultIcon]
@="C:\\Windows\\System32\\ImageRes.dll,-122"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.TIFF\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\DefaultIcon]
@="C:\\Windows\\System32\\WMPhoto.dll,-400"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.WDP\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\SystemFileAssociations\.bmp\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.dib\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.gif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.ico\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jfif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpe\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpeg\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.jpg\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.png\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.rle\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.tif\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.tiff\OpenWithList\PhotoViewer.dll]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.wdp\OpenWithList\PhotoViewer.dll]

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open]
"MUIVerb"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3043"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Open\DropTarget]
"CLSID"="{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Print\Command]
@="C:\\Windows\\System32\\RunDLL32.exe \"C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll\",ImageView_Fullscreen %L"

[HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Print\DropTarget]
"CLSID"="{60FD46DE-F830-4894-A628-6FA81BC0190D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities]
"ApplicationDescription"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3069"
"ApplicationName"="@C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll,-3009"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
".bmp"="PhotoViewer.FileAssoc.BitMap"
".dib"="PhotoViewer.FileAssoc.BitMap"
".gif"="PhotoViewer.FileAssoc.GIF"
".ico"="PhotoViewer.FileAssoc.BitMap"
".jfif"="PhotoViewer.FileAssoc.JFIF"
".jpe"="PhotoViewer.FileAssoc.JPEG"
".jpeg"="PhotoViewer.FileAssoc.JPEG"
".jpg"="PhotoViewer.FileAssoc.JPEG"
".png"="PhotoViewer.FileAssoc.PNG"
".rle"="PhotoViewer.FileAssoc.BitMap"
".tif"="PhotoViewer.FileAssoc.TIFF"
".tiff"="PhotoViewer.FileAssoc.TIFF"
".wdp"="PhotoViewer.FileAssoc.WDP"

Eleventh Commandment: Prevent Installation of Outlook for Windows etc.

Prevent the installation of Apps like Outlook for Windows during the OoBE phase:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\EdgeUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate]

Remove the requirement for a Microsoft Account and a network connection:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE]
"BypassNRO"=dword:00000001
"DisablePrivacyExperience"=dword:00000001

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Privacy]
"PrivacyConsentPresentationVersion"=dword:00000003
"PrivacyConsentSettingsValidMask"=dword:0000003F
"PrivacyConsentSettingsVersion"=dword:00000004
"TailoredExperiencesWithDiagnosticDataEnabled"=dword:00000000

Sample Implementation

SetupComplete.cmd

The batch script SetupComplete.cmd is executed during installation of Windows Vista and later versions after the second reboot, between the Specialize and the OoBE phase; it runs (invisible) under the NT AUTHORITY\SYSTEM alias LocalSystem user account.

Rem Copyright © 2009-2025, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

Rem Prevent accidental execution
If Not "%USERNAME%" == "SYSTEM" Exit /B
If /I Not "%USERPROFILE%" == "%SystemRoot%\System32\Config\SystemProfile" Exit /B
If /I Not "%~f0" == "%SystemRoot%\Setup\Scripts\SetupComplete.cmd" Exit /B

Call :REDIRECT %* 0<NUL: 1>"%SystemRoot%\Setup\Scripts\SetupComplete.out" 2>"%SystemRoot%\Setup\Scripts\SetupComplete.err"
Exit /B

:REDIRECT

…

Rem Private 'TEMP' directory for 'LocalSystem' user account
If /I "%TEMP%" == "%SystemRoot%\Temp" (
"%SystemRoot%\System32\SetX.exe" TEMP "%%USERPROFILE%%\AppData\Local\Temp" /M
"%SystemRoot%\System32\SetX.exe" TMP "%%USERPROFILE%%\AppData\Local\Temp" /M
MkDir "%SystemRoot%\System32\Config\SystemProfile\AppData\Local\Temp"
If Exist "%SystemRoot%\SysWoW64\Config\SystemProfile" MkDir "%SystemRoot%\SysWoW64\Config\SystemProfile\AppData\Local\Temp"
)

…

Rem Disable builtin 'Guest' user account
"%SystemRoot%\System32\Net.exe" USER Guest /Active:No

Rem Enable builtin 'Administrator' user account and set random password
Rem (https://support.microsoft.com/en-us/kb/251394)
"%SystemRoot%\System32\Net.exe" USER Administrator /Active:Yes /FullName:"Stefan Kanthak" /PasswordReq:Yes /Random

…

Rem Disable offer for permanent ACL change on inaccessible directories in 'File Explorer'
Rem (https://support.microsoft.com/en-us/kb/950934)
For %%? In ("%SystemRoot%\Security\Audit"
            "%SystemRoot%\ServiceProfiles\LocalService"
            "%SystemRoot%\ServiceProfiles\NetworkService"
            "%SystemRoot%\Temp") Do "%SystemRoot%\System32\Attrib.exe" +H +R +S "%%?"

…

Rem Remove 'Provisioned Apps'
"%SystemRoot%\System32\DISM.exe" /Online /Get-ProvisionedAppxPackages /Format:Table | "%SystemRoot%\System32\FindStr.exe" /B /C:"PackageName: " 1>"%SystemRoot%\Setup\Scripts\SetupComplete.tmp"
For /F "Tokens=2 UseBackQ" %%? In ("%SystemRoot%\Setup\Scripts\SetupComplete.tmp") Do "%SystemRoot%\System32\DISM.exe" /Online /Remove-ProvisionedAppxPackage /PackageName:%%?

…

Rem Remove 'Edge Chromium'
Rem If Defined ProgramFiles(x86) (For /R "%ProgramFiles(x86)%\Microsoft\Edge\Application" %%? In (Setup?.Exe) Do Set SETUP=%%~?) Else (For /R "%ProgramFiles%\Microsoft\Edge\Application" %%? In (Setup?.Exe) Do Set SETUP=%%~?)
Rem If Defined SETUP "%SETUP%" --force-uninstall --system-level --uninstall --verbose-logging

…

Rem Move 'Network Database'
MkDir "%ProgramData%\Microsoft\Network\Database"
Move "%SystemRoot%\System32\Drivers\Etc\*" "%ProgramData%\Microsoft\Network\Database"
"%SystemRoot%\System32\Reg.exe" ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters" /V "DataBasePath" /T REG_SZ /D "%ProgramData%\Microsoft\Network\Database" /F

For %%! In ("%ProgramData%\Microsoft\Network\Database\*") Do @(
For /D /R "%SystemRoot%\WinSxS" %%? In (*) Do @(
If Exist "%%?\%%~nx!" MkLink /H "%SystemRoot%\System32\Drivers\Etc\%%~nx!" "%%?\%%~nx!"))

…

Rem Prevent (per-user) installation of 'OneDrive Client'
"%SystemRoot%\System32\Reg.exe" LOAD   "HKEY_USERS\DEFAULT" "%SystemDrive%\Users\Default\NTUSER.DAT"
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /V "OneDriveSetup" /F
"%SystemRoot%\System32\Reg.exe" UNLOAD "HKEY_USERS\DEFAULT"
If Defined ProgramFiles(x86) (
Delete "%SystemRoot%\SysWoW64\OneDriveSetup.exe"
) Else (
Delete "%SystemRoot%\System32\OneDriveSetup.exe"
)

…

Rem Remove the requirement for a 'Microsoft Account'
"%SystemRoot%\System32\Reg.exe" ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /V "BypassNRO" /T REG_DWORD /D 1 /F

…

Rem Prevent installation of 'Outlook for Windows' etc.
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate" /F
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\EdgeUpdate" /F
"%SystemRoot%\System32\Reg.exe" DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate" /F

…

"%SystemRoot%\System32\Reg.exe" IMPORT "%SystemRoot%\Setup\Scripts\SetupComplete.reg"

…

Rem (https://msdn.microsoft.com/en-us/library/gg441316.aspx)
"%SystemRoot%\System32\RunDLL32.exe" "%SystemRoot%\System32\AdvPack.dll",LaunchINFSection "%SystemRoot%\Setup\Scripts\SetupComplete.inf",UnattendedInstall

…

SetupConfig.ini %SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini

[SetupConfig]
;AddBootMgrLast
;Auto={ Clean | DataOnly | Upgrade }
;BitLocker={ AlwaysSuspend | TryKeepActive | ForceKeepActive }
;CompactOS={ Enable | Disable }
;Compat={ IgnoreWarning | ScanOnly }
;CopyLogs=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;DiagnosticPrompt={ Disable | Enable }
;DynamicUpdate={ Disable | Enable }
;InstallDrivers=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;InstallFrom=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;InstallLangPacks=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;M=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;MigNEO=Disable
;MigrateDrivers={ All | None }
NoReboot
;PKey=23467-89BCD-FGHJK-MNPQR-TVWXY
;Priority=Normal
;PostOOBE=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \setupcomplete.cmd ]
;PostRollback=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \setuprollback.cmd ]
;PostRollbackContext={ System | User }
;Quiet
;ReflectDrivers=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ]
;ResizeRecoveryPartition={ Disable | Enable }
;ShowOOBE={ Full | None }
;Telemetry={ Disable | Enable }
;TempDrive=‹drive›:
;Unattend=[ ‹drive›:\‹directory› | \\‹computer›\‹share›\‹directory› ] [ \unattend.xml ]
;Uninstall={ Disable | Enable }

Contact and Feedback

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

The software and the documentation on this site are provided as is without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising from the use of the software or the documentation.
Permission is granted to use the current version of the software and the current version of the documentation solely for personal private and non-commercial purposes.
An individuals use of the software or the documentation in his or her capacity or function as an agent, (independent) contractor, employee, member or officer of a business, corporation or organisation (commercial or non-commercial) does not qualify as personal private and non-commercial purpose.
Without written approval from the author the software or the documentation must not be used for a business, for commercial, corporate, governmental, military or organisational purposes of any kind, or in a commercial, corporate, governmental, military or organisational environment of any kind.
Redistribution of the software and the documentation is allowed only in unmodified form of its current version and free of charge.

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):

the (pseudonymised) IP address;
the date and time of the request;
the URL of the requested web page or file;
the Referer and User-Agent HTTP headers sent by the web browser;
the result (success or failure) of the request;
the amount of data received and sent.