Virtual Machine Optimization
Contents[hide]
|
Introduction
The performance of your Userful system will largely be determined by the care and steps you take when setting up your golden master image(s). The impact of any mistakes -- or performance improvements -- savings made before cloning of your golden master image will be amplified 10-fold, so it is worth taking the time to prepare your master image correctly.
This document and the tools below are designed to provide potential optimizations you can consider to provide a more responsive Windows® VM desktop for users. These configurations typically add value by enhancing the user experience and increasing system performance.
For example, some of the changes suggested below optimize the user experience by enabling faster log-ons, reducing unnecessary prompts, and allowing faster screen updates. Others optimize performance and increase scalability by reducing unnecessary processor, memory, disk and network usage.
| Please Note: The optimizations suggested below are suggestions only and their applicability will vary between environments. Use your own professional judgement as to which of these optimizations will be useful in your environment and be sure to test out your golden master image before deploying in a production environment. |
3rd Party Tools & Documents
| Please Note: The links provided below are provided for your convenience only. You bear the responsibility for determining if the tools or information linked to is appropriate for your needs. |
Tools
- Quest Workspace Optimizer A free GUI and command-line utility for optimizing a Windows image for using in vWorkspace (or any VDI deployment). Currently there are 40 optimizations. You can add your own optimizations by editing the configuration file of the of the Quest vWorkspace Desktop Optimizer.
- VDI Optimizer: The tool called VDI Optimizer outputs a VBScript (based on the selections you make in the GUI interface), which can then be used to apply performance and configuration settings to images that will be deployed via VDI platforms – this is particularly useful if you are using MDT 2010 for your image engineering process as the VBScript can bolted into the task sequence using a Run Command Line task.
Licensing is Your Responsibility
| Please Note: You are responsible for complying with all operating system and application vendors’ license agreements when you clone a virtual machine or make it available for multiple users. |
Best practices for Installing Virtual Machines
Before cloning from the Golden Master Image, make any desired changes to the guest OS (except binding to an Active Directory). This includes:
- Applying OS updates, service packs and patches.
- Installing any desired VirtualBox Tools, especially the Guest OS Tools.
- Install and Configure management agents.
- Install and run anti-virus software, if needed. (Note: "locked" clones are returned to a pristine state whenever they are restarted, and thus should not require anti-virus software.)
- Backup software or files, if necessary.
- Install and configure any desired end-user applications
- Finally, de-fragment the guest hard disk.
Make sure that your cloning process does not result in virtual machines with duplicate system attributes.
Using a known-good ISO file to create your initial VM image can save time over using CD or DVD media and also avoids any risk of damage to physical install media.
Optimizing your Golden Master (Windows OS) Image
Rules of Thumb
- You want to ensure the average CPU load on your server is less than 70% under regular usage (by all users). You want to be able to gracefully handle spikes in need.
- Disable Serial and Parallel Ports on your Host PC/Server
- In BIOS, go to Advanced ->I/O Device Configuration and disable serial and parallel ports. Save changes and Exit.
Essentials
- Install VirtualBox Guest Additions
- Install all Windows Patches, then turn OFF Automatic Updates
- Disable Serial and Parallel ports in Device Manager (if they exist)
- Set Screensaver to "None" or "Blank" (this saves CPU over a graphic image screensaver)
- Disable System Sounds (Set Sound scheme to "None")
- (Windows 7) Uninstall Tablet PC Components
- Disable Windows Error Reporting
- Remove unnecessary boot applications (Quicktime, Real, Adobe Acrobat Updater, etc.).
- Remove any unneeded Windows components and applications (Outlook Express, Messenger, Games, etc.)
- Disable any unnecessary services
- If you access the internet through a proxy, it is important to configure your golden master image with the correct proxy settings. It is recommended to refer to the operating system documentation for detailed instructions; a good starting point ishttp://technet.microsoft.com/en-us/library/cc985352.aspx.
File System
- Disable NTFS "Last Accessed" option
fsutil behavior set disablelastaccess 1(Requires reboot)
- Disable Windows Prefetcher & Set the value to 0 (Disable)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\EnablePrefetcher];
- Disable System Restore
- Right Click "My Computer" -> Properties, -> "System Restore" tab and select "Turn off System Restore"
- Disable Indexing
- Double Click "My Computer, Right click on C:\ -> Properties -> Click "General" tab and clear "Allow Indexing Service to Index…"
- Disable Offline Files
- Disable scheduled or background Defrag
- Disable Windows Search
- Disable Windows Disk Optimizer
- Adjust the disk timeout value
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk] "TimeOutValue"=REG_DWORD:0×000000be(190)
- Use User Profile Hive Cleanup Service to help prevent profile corruption
Power Settings
- Disable hibernation
- Change power settings to "High Performance" and disable sleep timer
- Set HDD’s to "Never" turn off
- Open
Control Panel -> Power Options -> Change Plan Settings -> Change Advanced power settingsand set the "Turn off hard disks after" setting toNever - Disable the Logon Screen Saver
- HKEY_USERS\.DEFAULT\Control Panel\Desktop
- Edit ScreenSaverActive and change value to 0
Disable Notifications
- Disable logging of informational Printing events
- Open "Printers and Faxes", Click
File-> Server Properties -> Advancedand clear "Log spooler informational events" - Disable Success Logging (login attempts, etc.)
- Only do this if security policy allows it
- Disable Toolbar Notifications
- Disable the Windows XP Tour Notifier
- Disable Balloon Tips
- Shrink Event Logs and enable circular logging (registry keys)
- Disable Desktop Cleanup Wizard
Browser/Internet Explorer
- Upgrade to the latest browser version.
- Disable "Use Suggested Sites"
- Set the default home page to your Intranet site, or blank, or something lightweight
- Change IE to prevent programs from suggesting a change of the search provider
- Remove Webslice gallery and suggested sites from Toolbars on IE
- Add "trusted sites" as necessary
- Shrink the IE Temp File size
- Adjust browser cache size to lowest useful setting
Common Applications
- Install Adobe Flash Player (turning off automatic updates)
- Install Adobe Reader and set to "Do not download or install updates automatically"
- Turn Java Updater off
- Remove MS OneNote tray service (if installed)
- Turn off Outlook Cached Mode
- Remove the Language Bar
- Regsvr32.exe /u msutb.dll
- install a more efficient browser than Internet Explorer (e.g., Google Chrome) and set this as the default browser.
General OS Environment
- Set Pagefile to static size
- Change the default Windows Theme to "Basic"
- Adjust visual effects for "Best Performance"
- Enable ClearType Fonts
- Turn off Windows Security Center
- Turn off Automatic Computer Maintenance
- Disable "Allow users to browse for troubleshooters"
- Disable "Allow troubleshooting to begin immediately when started"
Network Optimizations
- Install, setup and test your printers
- Disable NetBIOS over TCP/IP
- Disable IPv6
- Add any necessary DNS suffixes
- Add any necessary HOSTS entries for "custom" applications
- Disable Automatic Searching of Network Printers and Shares
- DHCP: Adjust default lease time
Final Cleanup
- Optimize the Registry
- RegScrub.exe – Registry Cleaner
- NTRegOpt.exe – Registry Optimizer, removing "white" space in registry
- Run disk cleanup
- Defrag the HDD
- Delete all event logs
- Make the User profile the Default Profile
- (Windows 7) ensure KMS server is enabled
- Make sure Floppy and CD-ROM drives are set to "Client Device" and not set to "Connect at Power On"
Antivirus (AV)
- When using "locked" clones AV may not be required
- If you are using AV, avoid running AV scans concurrently
- Full systems scans cause major performance impacts
- Stagger full systems scans (when full system scans are a corporate standard)
- Schedule any full system scans to run at night when no one is using the system.
User Data
- Use folder redirection for My Documents potentially even to a Network Attached Storage (NAS)
- Easier to use existing file archival system, maintain multiple file versions
- Evaluate Profile Management Applications
- Turn off Outlook/thunderbird Cached Mode (VMs that are on same high speed network as your mail server don’t benefit as much from cached mode). This will save on disk space and conserve storage IOPS.
Services
| Recommended Setting | Background Explanation | |
|---|---|---|
| Disable "Background Intelligent Transfer Service" | This service uses idle network bandwidth to fetch updates for the system, like Windows Update. As we will disable these other services that rely on BITS, we can disable BITS. | |
| Disable "Desktop Windows Manager Session Manager" | This service is responsible for Windows 7 Aero theme. Turning this off typically improves performance. | |
| Disable "Function Discovery Resource Publication" | This service publishes each computer's information onto the network so peers can discover them. This functionality is typically not required in most environments. If you do not require this functionality we suggest disabling it. | |
| Disable "HomeGroup listener" and "HomeGroup provider" | This is responsible for HomeGroup membership. As the virtual Windows 7 desktops will most likely be in a domain model, the homegroup functionality is not required. | |
| Disable "Indexing Service" | The Indexing Service creates an index of local and remote files to allow for faster searching. As this information is created and stored locally. If you are using locked clones these indexes will be destroyed upon each reboot due to the read-only configuration of the locked clone. That means each reboot will start with a blank index. Disabling this service will improve scalability but will results in a slightly degraded user experience when they perform searches. | |
| Disable Offline Files | Responsible for management and maintenance and synchronization of offline files. If your host PC/Server is online, there is little need for Offline File support. | |
| Disable "Security Center" | Disabling the Security center will eliminate reporting of issues with antivirus, malware or firewall configurations. Since many of these items are being disabled or modified, disabling this service eliminates these messages being displayed to (and potentially annoying) your users. | |
| Disable "SuperFetch" | SuperFetch tries to improve system performance over time by “learning” the typical user activity. In locked clones this information is deleted on each reboot hence provides little value. | |
| Disable "System Restore" | The System Restore service creates system snapshots and restore points. This functionality is unneeded as the virtual desktop is based on a golden, read-only (locked) image. Disabling System Restore will save disk space and CPU time. | |
| Disable "Themes" | Themes allows users to manage the themes (including backgrounds, sounds and visual effects, etc.). This service take resources and will impact overall scalability. We recommend disabling this unless you want user to be able to personalize their environment. | |
| Disable "Windows Defender" | Assuming you have your own anti-malware solution, it makes sense to disable the integrated windows service. | |
| Disable "Windows Media Player Sharing Service" | Unless users will be sharing items to other users via Media Player, this service can be disabled. | |
| Disable "Windows Search" | Disabling Windows Search will improve scalability, however many applications rely on this service. Disabling the service might result in failed searches or longer user wait-times for search results. | |
| Disable "Windows Error Reporting" | Administrative Templates – Windows Components – Windows Error Reporting
|
|
| Disable "Automatic Updates" | Administrative Templates – Windows Components – Windows Updates
|
|
| Disable "System Restore" | Administrative templates – System – System Restore
|
|
| Disable Screensaver | Utilizing complex screen savers wastes resources. Instead, the blank screen saver should be used to secure the environment without impacting resources.
|
|
| Force Offscreen Composition for Internet Explorer | Overcomes a potential screen flicker issue for certain websites. "Force Offscreen Composition"=dword:00000001 |
|
| Reduce Menu Show Delay | Reduces the delay Windows sets for menus. Provides better user experience. "MenuShowDelay"="150" |
|
| Disable all Visual Effects except "Use common tasks in folders" and "Use visual styles on windows and buttons" | Provides a better user experience. Note: The UserPreferenceMask changes based on the settings selected in the System Properties – Performance Options configuration page. |
|
| Disable Boot Animation | Disabling the animation, saves resources and can speeds up the boot process.
|
|
| Remove unused Windows components | These items are typically not be used in most zero client environments.
|
|
| Set Min & Max Page file values to the same | Keeping the pagefile at a single size prevents the system from expanding, which creates a significant amount of IO. | |
| Optimize Antivirus | Decide your A/V strategy. Configure antivirus to scan writes and disable the scheduled scans. The base image should be scanned before being deployed within production. should be done after completing all other optimizations. | |
| Disk Cleanup | Removes unnecessary files and can save disk space (depending on your VM cloning strategy) | |
| Defragmentation | Defragmenting your disk should be done before cloning your Golden Mater Image to ensure the disk is optimized. Note: this step should be done as a final step after completing all other optimizations. |
Recommended Windows Registry Modifications
| Configuration | Optimizer | Registry Modification (in REG format) |
|---|---|---|
| Disable Last Access Timestamp | Yes | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem] "NtfsDisableLastAccessUpdate"=dword:00000001 |
| Disable Large Send Offload | No | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNNS\Parameters]"EnableOffload"=dword:00000000 |
| Disable TCP/IP Offload | No | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]"DisableTaskOffload"=dword:00000001 |
| Increase Service Startup Timeout | No | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] "ServicesPipeTimeout"=dword:0002bf20 |
| Hide Hard Error Messages | No | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows] "ErrorMode"=dword:00000002 |
| Disable CIFS Change Notifications | No | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoRemoteRecursiveEvents"=dword:00000001 |
| Disable Logon Screensaver | No | [HKEY_USERS\.DEFAULT\Control Panel\Desktop]"ScreenSaveActive"="0" |
| Disable Clear Page File at Shutdown | Yes | HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]"ClearPageFileAtShutdown"=dword:00000000 |
| Disable Offline Files | Yes | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]"Enabled"=dword:00000000 |
| Disable Background Defragmentation | Yes | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction] "Enable"="N" |
| Disable Background Layout Service | Yes | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout]"EnableAutoLayout"=dword:00000000 |
| Disable Bug Check Memory Dump | Yes | [HKLM\SYSTEM\CurrentControlSet\Control\CrashControl]"CrashDumpEnabled"=dword:00000000"LogEvent"=dword:00000000"SendAlert"=dword:00000000 |
| Disable Hibernation | Yes | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]"Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00 |
| Disable Memory Dumps | Yes | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]"CrashDumpEnabled"=dword:00000000"LogEvent"=dword:00000000 "SendAlert"=dword:00000000 |
| Disable Mach. Acct. Password Changes | Yes | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]"DisablePasswordChange"=dword:00000001 |
| Redirect Event Logs | No | HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application]"File"="D:\EventLogs\Application.evtx"[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security]"File"="D:\EventLogs\Security.evtx"[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System]"File"="D:\EventLogs\System.evtx" |
| Reduce Event Log Size to 64K | Yes | HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application]"MaxSize"=dword:00010000[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security]"MaxSize"=dword:00010000[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System]"MaxSize"=dword:00010000 |
Windows 7 Specific Config Settings
| Parameter | Comment |
|---|---|
| Guest Operating System | Microsoft Windows 7 (32-bit or 64-bit) |
| SCSI Controller | LSI Logic SAS or Parallel |
| Hard Disk | Disks for Templates or parent virtual machines can utilize Thin Provisioning |
| Floppy | Remove the floppy drive |
| CD/DVD | Suggest to turn this off unless you want to give users access to the CD drive of the host PC/Server. |
| Memory Specs | 32-bit, 1 – 3GB (no more than 3GB); 64-bit, 1 – 4GB (depends on use case) |
| Bios - Disable Ports | Go to the Options tab of virtual machine properties and select force entry into bios to disable unnecessary LPT and COM ports |
Windows 7 Services Parameters Table
| Service | Default | State | Comments |
|---|---|---|---|
| BitLocker Drive Encryption Service | Manual | Disable | Not recommended to encrypt VDI virtual machines |
| Block Level Backup Engine Service | Manual | Disable | Leveraged for backing up data on a workstation |
| Desktop Window Manager Session Manager | Auto | Disable | Disable if Aero is not necessary / desired |
| Disk Defragmenter | Manual | Disable | Provides disk defragmenting services for hard drives and can impact performance if run on a virtual machine |
| Diagnostic Policy Service | Auto | Disable | Problem detection and troubleshooting resolution |
| Home Group Listener | Manual | Disable | Leveraged for Home Networking |
| Home Group Provider | Manual | Disable | Leveraged for Home Networking |
| IP Helper | Auto | Disable | Disable if IPv6 is not leveraged |
| Microsoft iSCSI Initiator Service | Manual | Disable | Not needed for virtual machines |
| Microsoft Software Shadow Copy Provider | Manual | Disable/Enable | Disable if you are not using System Restore. |
| Secure Socket Tunneling Protocol Service | Manual | Disable | Used to provide VPN capability |
| Security Center | Auto | Disable | Monitors configuration of security-related services |
| Superfetch | Auto | Disable | Loads applications into memory for faster reload over time. Non-persistent virtual machines will likely not benefit from this setting being enabled. Full testing is recommended to determine the optimum setting for this service. |
| Tablet PC Input Service | Manual | Disable | Table PC Services |
| Themes | Auto | Disable | Only if you want to run as “Classic” interface (no “Orb” for start button) |
| UPnP Host Service | Manual | Disable | Dependent on SSDP Service |
| Volume Shadow Copy Service | Manual | Disable/Enable | Disable if you are not using System Restore. |
| Windows Backup | Manual | Disable | Backs up workstation data |
| Windows Defender | Auto | Disable | Disable if Anti Spyware / Malware isn’t needed |
| Windows Error Reporting Service | Manual | Disable | Windows Error Reporting |
| Windows Firewall | Auto | Disable | Disable unless you are setting exceptions using GPO |
| Windows Media Center Receiver Service | Manual | Disable | Used by Media Center |
| Windows Media Center Scheduler Service | Manual | Disable | Used by Media Center |
| Windows Search | Auto | Disable | Disable if you are not doing a lot of searching on a virtual machine |
| Windows Update | Auto | Disable | Disable unless needed for updates |
| WLAN AutoConfig | Manual | Disable | Wireless LAN Configuration |
| WWAN AutoConfig | Manual | Disable | Used for Mobile Broadband Devices |
| Offline Files | Manual | Disable | Used for maintenance of Offline Files cache |
| SSDP Discovery | Manual | Disable | Used to discover UPNP Devices |
Windows 7 Group Policy Table
| Policy | Policy Location | Settings |
|---|---|---|
| Action Center Icon Removal | User Configuration > Administrative Templates > Start Menu and Taskbar |
|
| Event Logs | Computer Configuration > Administrative Templates > Event Log Service > Specific Event Log |
Note: If you are attempting to set the Security log size to 1024 via this Group Policy setting, you are restricted to 20480 unless you set this using the previous Group Policy Setting valid for Windows XP SP2 and Server 2003 and above located here ? Computer Configuration > Windows Settings > Security Settings > Event Log |
| Firewall | Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall Properties |
Note: If the Windows Firewall Service is Disabled, this is not necessary |
| Internet Explorer Settings (cache) | User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page |
|
| Internet Explorer Settings (first run wizard) | Computer Configuration > Administrative Templates > Windows Components > Internet Explorer |
|
| Recycle Bin | User Configuration > Administrative Templates > Windows Components > Windows Explorer |
|
| Remote Desktop | Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections |
|
| Remote Desktop | Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security |
|
| RSS Feeds | User Configuration > Administrative Templates > Windows Components > RSS Feeds |
|
| *Screen Saver | User Configuration > Administrative Templates > Control Panel > Personalization |
|
| System Restore | Computer Configuration > Administrative Templates > System > System Restore |
|
| User Access Control | Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options |
|
| Wallpaper | User Configuration > Administrative Templates > Desktop > Desktop |
Note: A “space” is required to set the wallpaper to none in the above setting. Optionally, setting to a file that does not exist will actually prevent a user from setting wallpaper at all. |
| Windows Defender | Computer Configuration > Administrative Templates > Windows Components > Windows Defender |
|
| Windows Sideshow | Computer Configuration > Administrative Templates > Windows Components > Windows Sideshow |
|
| *Windows Update | Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings |
Note: If the Windows Update Service is Disabled, this is not necessary |
Windows 7 Customizations Available Using the Registry
| Computer (Local Machine) Settings Windows Registry Editor Version 5.00 |
|---|
| ;Disables First Run Wizard for Internet Explorer [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main] “DisableFirstRunCustomize”=dword:00000001 ;Disables Windows Update [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] “NoAutoUpdate”=dword:00000001 ;Disables System Restore [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] “DisableSR”=dword:00000001 ;Sets size and retention for Event Logs to 1 MB and no retention [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application] “MaxSize”=dword:00100000 “Retention”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security “MaxSize”=dword:00100000 “Retention”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System] “MaxSize”=dword:00100000 “Retention”=dword:00000000 ;Disables the crash dump file [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl] “CrashDumpEnabled”=dword:00000000 ;Removes the option to store files in the recycle bin and deletes them immediately [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] “NoRecycleFiles”=dword:00000001 ;Allows RDP to be used – ensure firewall is configured or turned off [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] “fDenyTSConnections”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\ RDP-Tcp] “UserAuthentication”=dword:00000000 ;Disables User Access Control (UAC) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] “EnableLUA”=dword:00000000 ;Set Superfetch for boot files only [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters] “EnableSuperfetch”=dword:00000000 ;Turn off Default Network Location Dialogue [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\ NewNetworkWindowOff] ; Extend Disk Time-Out Value to 200 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk] “TimeOutValue”=dword:000000c8 [HKEY_LOCAL_MACHINE\SOFTWARE\Image] “Revision”=”1.0” “Virtual”=”Yes” [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Sideshow] “Disabled”=dword:00000001 |
| User (Default User) SettingsWindows Registry Editor Version 5.00 |
| ;Sets the screensaver default to “blank”, timeout 10 mins, protected [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop] “SCRNSAVE.EXE”=”%windir%\\system32\\scrnsave.scr” “ScreenSaveTimeOut”=”600” “ScreenSaverIsSecure”=”1” ;Sets default wallpaper to nothing [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] “Wallpaper”=”” ;Ensures that temporary internet files are always purged [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache] “Persistent”=dword:00000000 ;Hide the Action Center Task Tray Icon [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] “HideSCAHealth”=dword:00000001 ;Disable RSS Feeds for Internet [HKEY_CURRENT_USER\Software\Microsoft\Feeds] “SyncStatus”=dword:00000000 |
Customizations Reference
| Type | Description | Status | Method | Hive |
|---|---|---|---|---|
| Customization | Action Center Icon | Disable | GPO, Registry | HKCU |
| Customization | Set Boot to “No GUI” | Disable | Command Line | HKLM |
| Customization | Crash Dump | Disable | Registry | HKLM |
| Customization | Disk Timeout Value | Modify | Registry | HKLM |
| Customization | Event Logs | Modify | GPO, Registry | HKLM |
| Customization | Hibernation | Disable | Command Line | HKLM |
| Customization | IE Cache | Disable | GPO, Registry | HKCU |
| Customization | IE First Run Wizard | Disable | GPO, Registry | HKLM |
| Customization | IE RSS Feeds | Disable | GPO, Registry | HKCU |
| Customization | Image Revision | Modify/Create | Registry | HKLM |
| Customization | Last Access Timestamp | Modify | Command Line | HKLM |
| Customization | Network Location Dialogue | Modify | Registry | HKLM |
| Customization | Recycle Bin | Disable Deleted File Retention | GPO, Registry | HKLM |
| Customization | Registry Idle Backup | Disable | Command Line | HKLM |
| Customization | Screensaver | Enable and Configure | GPO, Registry | HKCU |
| Customization | Wallpaper | Disable | GPO, Registry | HKCU |
| Customization | WinSAT (Windows System Assessment Tool) | Disable | Command Line | HKLM |
| Feature | User Access Control | Turn off or Configure | GPO, Registry | HKLM |
| Feature | Windows Sideshow | Disable | GPO, Registry | HKLM |
| Feature/Service | System Restore | Disable | GPO, Registry, Services, Command Line | HKLM |
| Windows Service | *Desktop Window Manager Session Manager | Disable | Services | HKLM |
| Windows Service | *IP Helper | Disable | Services | HKLM |
| Windows Service | *Superfetch | Disable | Registry, Services | HKLM |
| Windows Service | *Themes | Disable | Services | HKLM |
| Windows Service | *Windows Defender | Disable | GPO, Services, Command Line | HKLM |
| Windows Service | Tablet | PC Input | Services | HKLM |
| Windows Service | *Windows Firewall | Configure/Disable | GPO, Services, Command Line | HKLM |
| Windows Service | BitLocker Drive Encryption Service | Disable | Services | HKLM |
| Windows Service | Block Level Backup Engine Service | Disable | Services | HKLM |
| Windows Service | Diagnostic Policy Service | Disable | Services | HKLM |
| Windows Service | Disk Defragmenter | Disable | Services, Command Line | HKLM |
| Windows Service | Home Group Listener | Disable | Services | HKLM |
| Windows Service | Home Group Provider | Disable | Services | HKLM |
| Windows Service | Microsoft iSCSI Initiator Service | Disable | Services | HKLM |
| Windows Service | Microsoft Software Shadow Copy Provider | Disable/Enable for Persona Management | Services | HKLM |
| Windows Service | Offline Files | Disable | Services | HKLM |
| Windows Service | Remote Desktop | Enable | GPO, Registry, Services | HKLM |
| Windows Service | Secure Socket Tunneling Protocol Service | Disable | Services | HKLM |
| Windows Service | Security Center | Disable | Services | HKLM |
| Windows Service | SSDP Discovery | Disable | Services | HKLM |
| Windows Service | Volume Shadow Copy Service | Disable/Enable for Persona Management | Services | HKLM |
| Windows Service | Windows Backup | Disable | Services | HKLM |
| Windows Service | Windows Error Reporting Service | Disable | Services | HKLM |
| Windows Service | Windows Media Center Receiver Service | Disable | Services | HKLM |
| Windows Service | Windows Media Center Scheduler Service | Disable | Services | HKLM |
| Windows Service | Windows Search | Disable | Services | HKLM |
| Windows Service | Windows Update | Disable | GPO, Registry, Services | HKLM |
| Windows Service | WLAN AutoConfig | Disable | Services | HKLM |
| Windows Service | WWAN AutoConfig | Disable | Services | HKLM |