February 2018

My definitive guide to reclaiming Windows 10

So, some friends on Facebook were discussing the fact that Windows 10 updates are a problem. They take forever, happen at an inopportune time, and coming back from the major releases means that custom file associations are reset, it’s entirely possible for programs to be uninstalled, and I’ve run into no shortage of instances where I’ve had to revert back because an update caused a computer to be unable to restart…not to mention the fact that computers preparing for major updates run unbearably slow as they download and stage things. Microsoft thinks this is a good idea. They are the only ones.

Let’s make a few things clear here: my steps to resolve these issues are my personal preferences. If you do this, you will prevent your system from getting updates. Software that “works on Windows 10” might assume you’re on the most recent release, rather than whatever release you were on when you did these things. Reversing it all is a pain, and still might not work – just assume it’s a one-way trip. No warranty is provided if you mess things up. With that being said, let’s begin…

  1. Update Windows as much as you can up until this point. You probably don’t want to be running on two-year-old install media. This should also include the SMBv1 fix; no sense in keeping yourself open to WannaCry.
  2. Take care of the major stuff in one shot…
    • Download W10 Privacy: https://www.winprivacy.de/deutsch-start/download/. Extract it, and run it as an admin.
    • Download this file: W10-CustomConfig. Extract it somewhere, too.
    • Click Configuration, then Load. Use ‘Choose Path’ to navigate to where you extracted the ZIP file, and import the INI file.
    • Go through the different tabs and make sure there’s nothing you’d like to change. This is the config I use on my computer, but your needs may be different, so give it a quick once-over.
    • Click ‘Set Changed Settings’, then confirm it. It’ll take a few minutes to finish everything. Reboot when you’re done.
    • After rebooting, from a ‘run’ prompt or a command line (or the start menu search), type “services.msc”. When it loads, scroll down to “Windows Update”. Double click it, set it to ‘disabled’ (if it isn’t already), then click ‘stop’ (if it isn’t already).
  3. Completely napalm Windows Update…
    • Go to c:\windows\system32. scroll down to ‘wuauclt.exe’.
    • Right-click, then click ‘Properties’. Go to the ‘security’ tab.  Click ‘Advanced’.
    • On the top where it lists the owner as “TrustedInstaller”, click ‘Change’. Type your user account name, then click OK. Click OK again to close out the “Advanced” window, then click ‘Advanced’ again to re-open it with the ownership changes.
    • Click ‘Change Permissions’, approving the UAC prompt if needed.
    • Click ‘TrustedInstaller’, then ‘Edit’. Uncheck everything except ‘Read’ (Windows Defender will replace it if you delete it or deny it ‘Read’ permissions). Do the same for the “System”, “Users”, “ALL APPLICATION PACKAGES”, and “ALL RESTRICTED APPLICATION PACKAGES” accounts as well. For added paranoia, remove everyone except “System” and “TrustedInstaller” so that it can’t run in a user context. Click OK, then OK again to commit the changes.
  4. Tell Cortana where to shove it. A word of caution though, if you use Outlook, you won’t be able to do search-as-you-type. You will also wait forever for file system searches to be performed, though if you’re not using Everything to do your file system searches instantly instead of battling the green bar, you don’t know what your missing. Anyway, without further ado…
    • Go to C:\Windows\SystemApps. You’ll see a folder called Microsoft.Windows.Cortana_[something].
    • Go back up to the last step about applying read-only permissions to “System” and “TrustedInstaller”, then do those exact same steps on this folder.
  5. Start Menu Fix.
    • Install Classic Shell. With Windows Update neutered, MS won’t be messing with it, so the final release will be just fine and very reliable. If you’re skittish about that, the five bucks Stardock wants for Start10 is perfectly reasonable. If you want to use the stock Windows 10 start menu, you’re weird, but you won’t see random apps starting up. At the very least, install Classic Shell provisionally, as it gives ‘uninstall’ options for a number of Win10 apps that Windows won’t allow, leaving you with just the core.
  6. Anti-Telemetry.
    • Most of this was addressed with W10 Privacy, as it adds a whole lot of entries to your “hosts” file to minimize the output. However, I strongly recommend using a third party antivirus since Windows Defender will clear the hosts file entries when it runs scans. ESET NOD32 is my personal favorite, and it’s frequently on sale on Newegg.
    • Run these commands from an elevated command prompt:
      sc delete DiagTrack
      sc delete dmwappushservice
      echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
      reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
    • Copy/paste this list of host file entries into yours. For added paranoia, if your firewall runs Tomato, you can use the integrated Adblocker to utilize this hosts file at the router level, though obviously this only protects you while you’re connected to that router.

 

Okay, those are the majors, and the required stuff for me when I first wipe and reload Windows 10 on my laptop. Understand though, that I wipe and reload Windows on my laptop approximately once every 14 months, meaning I’m not woefully out of date. 

Best of luck, everyone!

x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security