Windows 系统配置最佳实践 (全新安装或恢复系统后的设置项)
Published by SAGAN Jacques De on November 20th, 2013
禁用Guest帐号. (一般默认已禁用)
控制面板电源模式设置为high performance
自动关闭显示器等待时间设为never
自动关机等待时间设为never
关闭UAC.
将UAC滑块拖动到最低级别.
额外步骤(Windows8 Only): (组策略) gpedit.msc,Computer Configuration--Windows Settings--Security Settings--Local Policies--Security Options--User Account Control: Run all administrators in Admin Approval Mode(以管理员批准模式运行所有管理员)--设为Disabled
注: 右键菜单Run as Administrator, 或runas命令可以确保以管理员权限运行某些命令.
关闭Windows Defender(windows8)
services.msc里停止和禁用Windows Defender服务
调整IPV6地址优先级为最高
netsh int ipv6 set prefix 2002::/16 30 1
netsh int ipv6 set prefix 2001::/32 5 1
关闭thumbs.db文件的生成和读取(组策略)
gpedit.msc / User Configuration / Administrative Templates / Windows Components / Windows Explorer
Turn off the caching of thumbnails in hidden thumbs.db files 设为 Enabled
资源管理器文件夹选项
![Machine generated alternative text: General] View [Search __________________________ Folder views You can apply the view (such as Details or Icons) that you are using for this folder to all folders of this type. j Apply to Folders j [ Reset Folders ] Advanced settings: :0: Show hidden files, folders, and drives a Hide empty drives in the Computer folder [] Hide extensions for known file types (j] Hide protected operating system files (Recommended) [] Launch folder windows in a separate process E1 Restore previous folder windows at logon Show drive letters [] Show encrypted or compressed NTFS files in color [j Show pop-up description for folder and desktop items [J Show preview handlers in preview pane Use check boxes to select items D Use Sharing Wizard (Recommended) Restore Defaufts [ 0k j [ Cancel j apply ]](https://cdn-images.postach.io/e23e172f-0c22-4c36-97c7-de5a757553e9/5808249e-ea6d-4112-a9e4-c9bcdb713e5a/a2bd6e17-ba77-4289-92c1-cc04cd4fa429.jpg)
取消windows explorer里.html和文件夹的关联:
Managing pairs of Web pages and folders option, 选择"Show both parts and manage them individually"
windows8 的folder options里取消了这个选项, 修改方法未知(组策略?).
Hide Pre-Populated Items in Windows Explorer's Sidebar
HKEY_CLASSES>ROOT\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder
Double click on "Attributes" in the right hand pane and change the value from b084010c to b094010c.
The process for the other items is the same, except you use the following keys:
Libraries: change b080010d to b090010d in HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder
Network: change b0040064 to b0940064 in HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
Favorites: change a0900100 to a9400100 in HKEY_CLASSES_ROOT\CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder
关闭Windows默认共享 (重要)
导入注册表. (注意Windows 7/8 和Windows 2008注册表项位置不同, 下面的reg同时适用桌面和服务器windows系统)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000
Internet选项, 将本地LAN网络网段和127.0.0.1加入到Local Intranet里, 将Local Intranet安全级别设为最低.
![Machine generated alternative text: You can add and remove websites from this zone. All websites in . this zone will use the zone抯 security settings. Add this website to the zone: Websites: 127.0.0.1 192.168.0. * [] Require server verification (https:) for all sites in this zone L Remove j Close](https://cdn-images.postach.io/e23e172f-0c22-4c36-97c7-de5a757553e9/5808249e-ea6d-4112-a9e4-c9bcdb713e5a/ae7acf04-010f-42f4-8f55-3c0678956631.jpg)
关闭chm文件打开权限限制(使用hh.exe工具)
否则每次打开chm文件都会提示是否允许执行内容.
gpedit.msc, User Configuration\Administrative Templates\Windows Components\Attachment Manager. 权限设置
Default Risk Level for File Attachments: 设为Enabled, Low Risk
Do Not Preserve Zone Information in File Attachments: 设为Enabled
Notify Antivirus Programs When Opening Attachments 设为Disabled
Inclusion List for Low File Types: 设为Enabled, 值如下:
.exe;.com;.msi;.js;.bat;.cmd;.vbs;.scr;.zip;.rar;.7z;.reg;.chm;
Action Center设置
禁用所有通知项
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting]
"Disabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting]
"Disabled"=-
隐藏Action Center图标
Right click on the Taskbar and select Properties.
Select Customize next to Notification Area.
Select Turn System Icons On or Off.
Turn Action Center Off.
关闭休眠(使用SSD硬盘的话)
powercfg /hibernate off
[HKEY_CLASSES_ROOT\*\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
;need logoff and relogin
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,02,00,00,00,1d,00,3a,00,\
00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]
"Debugger"="wscript \"C:\\Program Files (x86)\\Notepad++\\notepadpp.vbs\""
Dim sCmd, x, arg
sCmd = chr(34) & LeftB(WScript.ScriptFullName, LenB(WScript.ScriptFullName) _
- LenB(WScript.ScriptName)) _
& "notepad++.exe" & chr(34)
For x = 1 To WScript.Arguments.Count - 1
arg = arg & " " & WScript.Arguments( x )
Next
if arg <> "" then
sCmd = sCmd & " " & chr(34) & trim(arg) & chr(34)
end if
CreateObject("WScript.Shell").Run sCmd, 1, False
WScript.Quit
Unlocker: 解锁被其它程序打开的文件
FastCopy: 快速拷贝或复制文件
Puretext: 增加 Win + V 快捷键将剪贴板内容以纯文本方式paste
Posted on November 20th, 2013