COMPLETE TWEAKING GUIDE FOR WINDOWS 7 SP2+ ESU

COMPLETE TWEAKING GUIDE FOR WINDOWS 7 SP2+ ESU
Page content

UPDATED ON: 2023-11-23

¶ ESSENTIAL INTRODUCTION

Finally I get up all one’s courage to compile and publish essential stuff regarding Windows 7 optimization.
Note that full version of the guide will be released somewhere around early 2023.
Check the warm place to stay on the edge.

And now….Let’s dive into the tweaking process!

All console commands should be executed from command line with with administrative privileges.
Most of mentioned tweaks could be done via control panel, to enter it in a fast way just type in command line or execute Start Run:

control panel

█▒░ SECURITY

▒ TURN ON INTERNAL FIREWALL

This should be checked first. Make sure that service is up and running.

You can turn it on using GUI [see red square on pix]



… or via command line:

net start MpsSvc

BACK TO TOP ▲

▒ DISABLE INSECURE SMB1/SMB2 PROTOCOLS [VERY IMPORTANT!]

Disable insecure SMB protocols, by means of command line with elevated admin privileges.

To disable SMBv1, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

To disable SMBv2 and SMBv3, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

Restart computer to apply changes.
Now your computer is protected against [EternalBlue] attacks.


BACK TO TOP ▲

▒ TURN OFF REMOTE ASSISTANCE AND REMOTE DESKTOP

Bottom section is greyed out because i disabled setting by means of group policy.



BACK TO TOP ▲

▒ TURN OFF AUTOPLAY/AUTORUN FEATURE

Terminate this feature for housewifes to limit autorun of unwanted applications and viruses.
I prefer fully manual control what’s starting and what is not.



To complete this tuning like a boss do the following on all external flash devices you have.

  • Format your Flash/HDD storage using NTFS file system
    Take a note that modern smartphones can’t read such storage devices.
    We are formatting device into NTFS file system because it supports file permissions on appropriate level, FAT32 do not support such feature.
  • Create appointed folders in root of the drive:
Autorun.inf
WindowsServices
_ 
  • Make them read-only and take away all permissions for Everybody [even youself], so there will be no way to do anything


Root folder of the drive must now look like this:



  • To finalize the procedure import [following file] into your registry. Contents of the file:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000004

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Doin’ so we totally restricted any kind of trickery regarding unauthorized auto-run.
Viruses can’t create file Autorun.inf to auto-launch themselves anymore.
Conclusion: we substantially decreased vector of attack for auto-run trojans and viruses.


BACK TO TOP ▲

▒ TURN OFF DISTRIBUTED COMPONENT OBJECT MODEL [DCOM]

Popular exploit known to many viruses. Terminate it.

To access needed menu just right click on My Computer and select Properties.



BACK TO TOP ▲

▒ BLOCKING INTERNET EXPLORER 11

If you are not using IE as a browser, block unnecessary settings to minimize vector of external attack.

Restricting IE in a rude way may lead to incompatibilities for some software installers, which are using html calls via IE.
For example: Corel Draw 2020.



Also don’t forget to turn off IE auto-updates in About Internet Explorer section.



BACK TO TOP ▲

▒ REMOVE ACCESS TO UNSAFE INTERNET EXPLORER 11



BACK TO TOP ▲

▒ DECREASE YOUR VISIBILITY ON LOCAL NETWORK AREA

Pretty self explanatory lan tweaks.



BACK TO TOP ▲

█▒░ PRIVACY

▒ DISABLE WINDOWS UPDATE & DRIVER UPDATES

I prefer not to use native windows update services, because they very frequently spreading junk & telemetry “updates”.

Currently using trusted source of ESU updates .
Simplix project is in Russian, but includes essential English language.
Constantly updated [magnet link] .



Driver updates OFF



FOR SUPER COMPREHENSIVE INFORMATION REGARDING WINDOWS UPDATE SERVICE AND TERMINATING TELEMETRY JUNK “UPDATES” [HEAD ON HERE]



BACK TO TOP ▲

▒ OPT OUT OF CUSTOMER TROUBLESHOOTING & HELP TELEMETRY





Press F1 and then opt out of telemetry.



Second option is greyed out because i turned it off via group policies.



BACK TO TOP ▲

▒ OPT OUT OF CUSTOMER EXPERIENCE TELEMETRY

In Action center i prefer to leave only Internet security settings & Network firewall notifications.

Telemetry settings are greyed out on both screens because i disabled them via group policies.





BACK TO TOP ▲

█▒░ PERFORMANCE

▒ SET PERMANENT SWAP FILE & FIXED TEMP FOLDERS

Assuming that your ‘puter have more then 32Gb of RAM and leaving ~800Mb of RAM to swap file just for compatibility.

Dynamic allocation of swap file is more demanding for CPU and windows system core.
System disk should be at list generic ssd, but nvme is more preferable.
Fixed folder for all junk makes your system more neat and organized.





BACK TO TOP ▲

▒ TURN OFF BOOT TIME LOGGING

Just to speed up loading times. Normally working system doesn’t need this.



▒ DISABLE HIBERNATION

Prevent creation of stupid hibernation file on system partition.

powercfg -h off

BACK TO TOP ▲

▒ TURN OFF SYSTEM RESTORE

Never helped me in troubleshooting, so in my opinion it’s just a waste of disk space and CPU cycles.



BACK TO TOP ▲

▒ LAUNCH FOLDER WINDOWS IN SEPARATE PROCESS

Setting for increased stability plus some misc convenience stuff.



BACK TO TOP ▲

▒ UNINSTALL UNNEEDED APPS IN PROGRAMS AND FEATURES

Wipe unused software and system functions: [Remove system junk] .



BACK TO TOP ▲

▒ TURN OFF SOUND SCHEMES

Some older ASIO applications could experience occasional difficulties when system is beeping sounds.

If you don’t care about such behaviour [grab my X-COM sound theme] .



BACK TO TOP ▲

▒ ENABLE DMA ACCESS AND FILE CACHING ON ALL STORAGE DEVICES



BACK TO TOP ▲

▒ TURN OFF USER ACCOUNT CONTROL [UAC]

Security feature, but brings too much annoyance and compatibility issues with older software.
After turning off UAC i strongly suggest to switch your account to non-admin type.



BACK TO TOP ▲

▒ TURN OFF DEVICE POWER MANAGEMENT

Power saving features not only decrease overall system performance, but introduce various glitches in most of the cases.
They could be found not only on USB hubs, but on misc devices like keyboards, network cards and so on.
Find out such harware by youself and turn power saving function off.



BACK TO TOP ▲

▒ TURN OFF UNUSED PERIPHERALS

In motherboard BIOS and then in Windows device manager.

As for me, i don’t use following stuff:

  • WiFi
  • Bluetooth
  • Internal audio chip
  • CD/DVD drive
  • Floppy drive
  • Security and RGB devices

Also disable PXE LAN Boot if you are not using this feature.



Note that you don’t have to turn off devices in Windows if you already ’ve done this in BIOS.

BACK TO TOP ▲

▒ DISABLE GUI EFFECTS

I prefer following settings:



Btw, if you like Vista looks check [this transformation pack out] .

BACK TO TOP ▲

▒ SET POWER PROFILE TO HIGH PERFORMANCE

Make sure to select High Performance setting.

However, i have a bit different setting selected, because i’m using [Park Control utility] , which prevents Windows to put cores of your CPU into sleep state without returning them back to normal.
Yeah, Windows likes such behaviour.
So, take a note.




BACK TO TOP ▲

▒ MSCONFIG SYSTEM TOOL

Mark highlighted checkbox to disable boot loading Windows animation.

RELEVANT: [Utility to change default animation] .



BACK TO TOP ▲

▒ TURN OFF WINDOWS DEFENDER

And, yeah, don’t forget to turn off this useless utility via GUI of control panel.
Defender itself and it’s realtime protection also.



Alternatively you can turn the service down by means of:

services.msc


BACK TO TOP ▲

▒ TURN OFF ODBC PERFORMANCE COUNTERS



To turn off even more perf counters use [EXCTRLST] tool from Windows 2000 Resource Kit.
[Link to Disroot cloud]

BACK TO TOP ▲

▒ CLEAR SYSTEM MMC TEMPORARY CACHE



▒ ROBOCOPY SECRET SWITCH [BONUS PART]

Great [robocopy] utility can be boosted by multi-threading parameter:

robocopy /mt:18

where mt is a number of threads, default value is 8.


BACK TO TOP ▲

▒ FINAL RESULT

If you followed my recommendations precisely you’ll get this screen in benchmarking.
Of course i’m jokin’ a bit, it fully depends on your hardware configuration and how well you know your system.

But i really make an effort to mention all possible tweaks that i’ve accumulated right from 2009 to current date.

MY AIM IS TO MAKE THE BEST POSSIBLE WINDOWS 7 FAQ ON THE WHOLE WEB



BACK TO TOP ▲

In this article I’ve mentioned only the most important things.
You can also check [WINDOWS7] / [TWEAKS] / [FAQ] tags to see more related posts on Windows 7 topic.

PREVIOUS RELEVANT ARTICLES FOR EVEN DEEPER UNDERSTANDING OF FINE-TUNING PROCCESS:


If you want even deeper dive into hacking and tweaking you have to wait before i finish my Windows 7 comprehensive guide or just grab raw very-very early beta version from [here] . Beware that it is incomplete and contain many errors. So, use it at your own risk.

Final version will be published in a separate post. To report some vital information regarding the topic or point out errors, please [drop me a line] .

To support my activities [click here] .