UPDATED ON: 2023-11-23
¶ ESSENTIAL INTRODUCTION
Finally I get up all one’s courage to compile and publish essential stuff regarding Windows 7 optimization.
Note that full version of the guide will be released somewhere around early 2023.
Check the warm place to stay on the edge.
And now….Let’s dive into the tweaking process!
All console commands should be executed from command line with with administrative privileges.
Most of mentioned tweaks could be done via control panel, to enter it in a fast way just type in command line or execute Start Run:
▒ TURN ON INTERNAL FIREWALL
This should be checked first. Make sure that service is up and running.
You can turn it on using GUI [see red square on pix]
… or via command line:
net start MpsSvc
▒ DISABLE INSECURE SMB1/SMB2 PROTOCOLS [VERY IMPORTANT!]
Disable insecure SMB protocols, by means of command line with elevated admin privileges.
To disable SMBv1, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start= disabled
To disable SMBv2 and SMBv3, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi sc.exe config mrxsmb20 start= disabled
Restart computer to apply changes.
Now your computer is protected against [EternalBlue] attacks.
▒ TURN OFF REMOTE ASSISTANCE AND REMOTE DESKTOP
Bottom section is greyed out because i disabled setting by means of group policy.
▒ TURN OFF AUTOPLAY/AUTORUN FEATURE
Terminate this feature for housewifes to limit autorun of unwanted applications and viruses.
I prefer fully manual control what’s starting and what is not.
To complete this tuning like a boss do the following on all external flash devices you have.
- Format your Flash/HDD storage using NTFS file system
Take a note that modern smartphones can’t read such storage devices.
We are formatting device into NTFS file system because it supports file permissions on appropriate level, FAT32 do not support such feature.
- Create appointed folders in root of the drive:
- Make them read-only and take away all permissions for Everybody [even youself], so there will be no way to do anything
Root folder of the drive must now look like this:
- To finalize the procedure import [following file] into your registry. Contents of the file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000004 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist"
Doin’ so we totally restricted any kind of trickery regarding unauthorized auto-run.
Viruses can’t create file Autorun.inf to auto-launch themselves anymore.
Conclusion: we substantially decreased vector of attack for auto-run trojans and viruses.
▒ TURN OFF DISTRIBUTED COMPONENT OBJECT MODEL [DCOM]
Popular exploit known to many viruses. Terminate it.
To access needed menu just right click on My Computer and select Properties.
▒ BLOCKING INTERNET EXPLORER 11
If you are not using IE as a browser, block unnecessary settings to minimize vector of external attack.
Restricting IE in a rude way may lead to incompatibilities for some software installers, which are using html calls via IE.
For example: Corel Draw 2020.
Also don’t forget to turn off IE auto-updates in About Internet Explorer section.
▒ REMOVE ACCESS TO UNSAFE INTERNET EXPLORER 11
▒ DECREASE YOUR VISIBILITY ON LOCAL NETWORK AREA
Pretty self explanatory lan tweaks.
▒ DISABLE WINDOWS UPDATE & DRIVER UPDATES
I prefer not to use native windows update services, because they very frequently spreading junk & telemetry “updates”.
Driver updates OFF
FOR SUPER COMPREHENSIVE INFORMATION REGARDING WINDOWS UPDATE SERVICE AND TERMINATING TELEMETRY JUNK “UPDATES” [HEAD ON HERE]
▒ OPT OUT OF CUSTOMER TROUBLESHOOTING & HELP TELEMETRY
Press F1 and then opt out of telemetry.
Second option is greyed out because i turned it off via group policies.
▒ OPT OUT OF CUSTOMER EXPERIENCE TELEMETRY
In Action center i prefer to leave only Internet security settings & Network firewall notifications.
Telemetry settings are greyed out on both screens because i disabled them via group policies.
▒ SET PERMANENT SWAP FILE & FIXED TEMP FOLDERS
Assuming that your ‘puter have more then 32Gb of RAM and leaving ~800Mb of RAM to swap file just for compatibility.
Dynamic allocation of swap file is more demanding for CPU and windows system core.
System disk should be at list generic ssd, but nvme is more preferable.
Fixed folder for all junk makes your system more neat and organized.
▒ TURN OFF BOOT TIME LOGGING
Just to speed up loading times. Normally working system doesn’t need this.
▒ DISABLE HIBERNATION
Prevent creation of stupid hibernation file on system partition.
powercfg -h off
▒ TURN OFF SYSTEM RESTORE
Never helped me in troubleshooting, so in my opinion it’s just a waste of disk space and CPU cycles.
▒ LAUNCH FOLDER WINDOWS IN SEPARATE PROCESS
Setting for increased stability plus some misc convenience stuff.
▒ UNINSTALL UNNEEDED APPS IN PROGRAMS AND FEATURES
Wipe unused software and system functions: [Remove system junk] .
▒ TURN OFF SOUND SCHEMES
Some older ASIO applications could experience occasional difficulties when system is beeping sounds.
If you don’t care about such behaviour [grab my X-COM sound theme] .
▒ ENABLE DMA ACCESS AND FILE CACHING ON ALL STORAGE DEVICES
▒ TURN OFF USER ACCOUNT CONTROL [UAC]
Security feature, but brings too much annoyance and compatibility issues with older software.
After turning off UAC i strongly suggest to switch your account to non-admin type.
▒ TURN OFF DEVICE POWER MANAGEMENT
Power saving features not only decrease overall system performance, but introduce various glitches in most of the cases.
They could be found not only on USB hubs, but on misc devices like keyboards, network cards and so on.
Find out such harware by youself and turn power saving function off.
▒ TURN OFF UNUSED PERIPHERALS
In motherboard BIOS and then in Windows device manager.
As for me, i don’t use following stuff:
- Internal audio chip
- CD/DVD drive
- Floppy drive
- Security and RGB devices
Also disable PXE LAN Boot if you are not using this feature.
Note that you don’t have to turn off devices in Windows if you already ’ve done this in BIOS.
▒ DISABLE GUI EFFECTS
I prefer following settings:
Btw, if you like Vista looks check [this transformation pack out] .
▒ SET POWER PROFILE TO HIGH PERFORMANCE
Make sure to select High Performance setting.
However, i have a bit different setting selected, because i’m using [Park Control utility]
, which prevents Windows to put cores of your CPU into sleep state without returning them back to normal.
Yeah, Windows likes such behaviour.
So, take a note.
▒ MSCONFIG SYSTEM TOOL
Mark highlighted checkbox to disable boot loading Windows animation.
RELEVANT: [Utility to change default animation] .
▒ TURN OFF WINDOWS DEFENDER
And, yeah, don’t forget to turn off this useless utility via GUI of control panel.
Defender itself and it’s realtime protection also.
Alternatively you can turn the service down by means of:
▒ TURN OFF ODBC PERFORMANCE COUNTERS
To turn off even more perf counters use [EXCTRLST]
tool from Windows 2000 Resource Kit.
[Link to Disroot cloud]
▒ CLEAR SYSTEM MMC TEMPORARY CACHE
▒ ROBOCOPY SECRET SWITCH [BONUS PART]
Great [robocopy] utility can be boosted by multi-threading parameter:
where mt is a number of threads, default value is 8.
▒ FINAL RESULT
If you followed my recommendations precisely you’ll get this screen in benchmarking.
Of course i’m jokin’ a bit, it fully depends on your hardware configuration and how well you know your system.
But i really make an effort to mention all possible tweaks that i’ve accumulated right from 2009 to current date.
MY AIM IS TO MAKE THE BEST POSSIBLE WINDOWS 7 FAQ ON THE WHOLE WEB
█ MANDATORY CLOSING NOTES & RELEVANT LINKS
PREVIOUS RELEVANT ARTICLES FOR EVEN DEEPER UNDERSTANDING OF FINE-TUNING PROCCESS:
- [CORRECT BIOS SETTINGS TO INSTALL WINDOWS 7]
- [EXTENDED SECURITY UPDATES]
- [MANDATORY STEPS TO OPTIMIZE NEWLY INSTALLED WINDOWS 7]
- [REMOVE PREINSTALLED JUNKWARE]
- [REMOVE TELEMETRY SPYING UPDATES]
- [LIST OF THE MOST CRUCIAL WINDOWS 7 SERVICES]
- [TRUSTED SOFTWARE FOR WINDOWS 7]
- [USEFUL CONSOLE COMMANDS]
- [HOW TO REPAIR BROKEN WINDOWS 7]
- [POWER OF WINDOWS 7 [256 THREADS + 192Gb RAM]]
If you want even deeper dive into hacking and tweaking you have to wait before i finish my Windows 7 comprehensive guide or just grab raw very-very early beta version from [here] . Beware that it is incomplete and contain many errors. So, use it at your own risk.
Final version will be published in a separate post. To report some vital information regarding the topic or point out errors, please [drop me a line] .
To support my activities [click here] .