Skip to content

Windows

Registry & GPO Tweaks Removed

See 2022-10.19.0 for Registry and GPO settings before they were removed.

WinUtil

Goto utility for non-AD Windows machines. All major standard tweaks may be done with this utility.

# Run as administrator.
irm "https://christitus.com/win" | iex

Tip

See run commands for launching all settings windows from run command.

Setting Execution Policy

Powershell scripts require unrestricted execution policy to be set to execute. By default this is disabled and is the correct choice. Once you've executed scripts, you must manually reset this to restricted or you leave yourself open to bad things. This persists across sessions.

Check and set unrestricted policy. 

# Run as administrator.
Get-ExecutionPolicy
Set-ExecutionPolicy -ExecutionPolicy unrestricted -Force

Set restricted policy. 

# Run as administrator.
Set-ExecutionPolicy -ExecutionPolicy restricted -force

Set Execution Policy Via Script

Commands entered directly into powershell are executed. Scripts may be run without setting execution policy by launching a sub-shell with ExecutionPolicy bypassed.

Execute script without setting ExecutionPolicy. 

PowerShell.exe -ExecutionPolicy Bypass -File {SCRIPT}.ps1

ISO Downloads

Microsoft provides ISO images of Windows for users to install, which require a separate activation key.

Execute the downloaded binary:

  1. Create installation media for a different PC.
  2. Select correct options (typically, english, Pro / Multi, 64-bit).
  3. Select save location for the ISO file.

Try Linux

Modern linux distributions have greatly increased useability and game support in recent years. Instead of dealing with the Ad and privacy nightmare that is non-AD connected Windows machines, any modern distribution will meet your needs.

Recommend Manjaro (Arch stable) or Mint (Debian testing).

Create UEFI USB Boot Disk

Using the Windows Media Creation Tool will create a USB boot disk, however this will be using MBR. This specific setup will create a UEFI USB boot disk:

  1. Download and run Ventoy.
  2. Copy ISO downloaded to root of USB disk.
  3. Reboot and select ISO to boot into.

Install

Use USB Boot Disk.

Local Account Install

Connected Microsoft accounts associate TPM keys, Bitlocker keys, MS account, as well as user data together leading to a privacy nightmare. Additionally MS has recently pushed for automatically uploading user data via OneDrive without asking and setting default locations for Word documents to MS servers.

Warning

Always install using a local account. If you want an MS account associated later you can always make that link yourself.

Windows 11 (1)

  1. Windows versions <26120 use OOBE/BYPASSNRO local account bypass.

Continue through install until Sign in appears.

  1. Shift+F10 will open a terminal.
  2. start ms-cxh:local
  3. Create local user with opened dialog window.

Use 11 or Linux

Windows 10 is being actively exploited with 0-days post update support drop. Do not use unless isolated.

Windows 10 Home

  1. Unplug and disable all network connections.
  2. Continue through install until Let's connect you to a network.
  3. Select I don't have internet.
  4. Select Continue with limited setup.

Windows 10 Pro

  1. Continue through install until How would you like to set up?.
  2. Select Set up for personal use.
  3. Select Offline account.
  4. Create a local account.

Tip

Install Process Explorer and Secure Delete for detailed process tracking, debugging, and secure delete.