This is an old revision of the document!
Windows Setup and Configuration
Troubleshooting
How To Do A Clean Boot Using the System Configuration Utility
- Run MSCONFIG: Go to Start > Run, type
msconfig
. - Hide Microsoft Services. Go to “System Configuration Utility” > “Services” tab, and then select the “Hide all Microsoft Services” check box.
- Click “Disable All”.
- Click “Startup” tab.
- Click “Disable All”.
- Click “Apply” then “Close”.
- Restart computer.
Restore your computer back.
- Run MSCONFIG: Got to Start > Run, type
msconfig
. Note: you can choose to do the following steps or just click “Normal Startup” on the General tab. - In “System Configuration Utility”, click the “Services” tab, and then click “Enable All”
- Click “Startup” tab.
- Click “Enable” All
- Click “Apply” then Close
- Restart computer
How to run Control Panel as Administrator
C:\WINDOWS> runas /user:Machinename\Administrator "Control.exe"
Optimization
Tune-up User Interface (Windows Vista)
- Fastest: Use Windows Vista Basic.
- Control Panel > Personalize > Window Color and Appearance.
- From that Window Color and Appearance box, click “Open classic appearance properties for more color options”.
- Choose Windows Vista Basic (you can click “Advanced” if you want to tweak the settings).
- Faster: Use Windows Aero with transparency turned off.
- Control Panel > Personalize > Window Color and Appearance.
- Uncheck “Enable transparency”.
- Fast: Use Windows Aero.
- Slow: Use Windows Standard or Windows Classic. It is slow because it does not use the graphics card processor, but the main CPU.
Other tune-ups:
- Control Panel > Performance and System Tools > Adjust visual effects.
- Choose “Adjust for best performance”, or choose “Custom” and pick the effects you want to keep.
Disabling Startup Applications & Services
- Run
MSCONFIG
(Start > Run As > MSCONFIG > Startup). - Disable startup applications that are not required by the system.
Disabling Non-Critical Services
These are services that can safely be disabled so that Windows can run faster:
- COM+ Event System
- Cryptographic Services
- DFS Replication
- Computer Browser
- Distributed Link Tracking Client
- IKE and AuthIP IPsec Keying Modules
- IP Helper
- IPsec Policy Agent
- KtmRm for Distributed Transaction Coordinator
- Offline Files
- Remote Registry
- Secondary Logon
- SSDP Discovery
- Tablet PC Input Service (Unless you have a Tablet PC)
- Terminal Services
- UPnP Device Host
- Windows Error Reporting Service (no more asking you to notify Microsoft when there's a crash!)
Disabling Last Access Time Stamps
If you are using an NTFS file system, you can increase the performance of Enhanced Write Filter by disabling the last access date/time stamps. 1)
To disable Last Access timestamps
Create the following registry key on your run-time image:
- Key Name:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
- Name:
NtfsDisableLastAccessUpdate
- Type:
REG_DWORD
- Value:
1
Alternatively, use the fsutil
command to set it:
C:\> fsutil behavior set disablelastaccess 1
Use the following command to query it:
C:\> fsutil behavior query disablelastaccess
NOTE: “Using the disablelastaccess
parameter can affect programs such as backup and Remote Storage that rely on this feature.” 2)
Disable User Acces Control (UAC) for Windows Vista
Method 1
- Run
MSCONFIG
. - Select Tools > Disable UAC > Launch. This operation will open a Command Line window. Just close it.
- Reboot system.
Method 2
- Using
REGEDIT
, edit registryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
. - Change
EnableLUA
(DWORD) to0
. - Reboot system.
Method 3
- Control Panel > User Accounts > Turn on/off User Account Control (UAC) to make your computer more secure
Enable 4GB RAM on a 32-bit Vista Computer
- Get explanation at: http://msdn.microsoft.com/en-us/library/ms791558.aspx
- Enable increase in RAM available:
- Open command line in Administrator mode (< WinKey > + R, then < Ctrl > < Shift > < Enter >)
- Run
BCDEDIT
with these parameters:C:\> bcdedit /set increaseuserva 3072
- If needing to reset value back to default, use:
C:\> bcdedit /deletevalue increaseuserva
- Review boot settings with:
C:\> bcdedit
Security
File Encryption
To protect files from other users, encrypt files:
- Right-click folder to encrypt, then Properties.
- Select <Advanced>.
- Click on checkbox “Encrypt contents to secure data”.
To safeguard from a hard disk crash, you must export the keys to be able to read those encrypted files if copied elsewhere. Exporting keys 4):
- To back up your certificates, follow these steps:
- Start Microsoft Internet Explorer.
- On the Tools menu, click Internet Options .
- On the Content tab, in the Certificates section, click Certificates .
- Click the Personal tab. Note: There may be several certificates present, depending on whether you have installed certificates for other purpose.
- Select one certificate at a time until the Certificate Intended Purposes field shows Encrypting File System . This is the certificate that was generated when you encrypted your first folder.
- Click Export to start the Certificate Export Wizard , and then click Next .
- Click Yes, export the private key to export the private key, and then click Next .
- Click Enable Strong protection , and then click Next .
- Type your password. (You must have a password to protect the private key.)
- Specify the path where you want to save the key. You can save the key to a floppy disk, another location on the hard disk, or a CD. If the hard disk fails or is reformatted, the key and the backup will be lost. (If you back up the key to a floppy disk or CD, you must store that disk or CD in a secure location.)
- Specify the destination, and then click Next .
Running Application with Privileges
To run a command or program with Administrator privileges:
C:\> runas /?
RUNAS USAGE: RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ] /user: program RUNAS [ [/noprofile | /profile] [/env] [/savecred] ] /smartcard [/user:] program /noprofile specifies that the user's profile should not be loaded. This causes the application to load more quickly, but can cause some applications to malfunction. /profile specifies that the user's profile should be loaded. This is the default. /env to use current environment instead of user's. /netonly use if the credentials specified are for remote access only. /savecred to use credentials previously saved by the user. This option is not available on Windows XP Home Edition and will be ignored. /smartcard use if the credentials are to be supplied from a smartcard. /user should be in form USER@DOMAIN or DOMAIN\USER program command line for EXE. See below for examples. Examples: > runas /noprofile /user:mymachine\administrator cmd > runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc" > runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\"" NOTE: Enter user's password only when prompted. NOTE: USER@DOMAIN is not compatible with /netonly. NOTE: /profile is not compatible with /netonly. NOTE: /savecred is not compatible with /smartcard.