Virtual Machine Optimization

本文提供了一系列针对Windows虚拟机的优化建议,旨在提升用户体验和系统性能。包括配置最佳实践、金主映像优化、服务参数调整、注册表修改等,帮助用户减少资源消耗、提高响应速度,并确保系统的稳定性和安全性。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Contents

  [hide]

Introduction

The performance of your Userful system will largely be determined by the care and steps you take when setting up your golden master image(s). The impact of any mistakes -- or performance improvements -- savings made before cloning of your golden master image will be amplified 10-fold, so it is worth taking the time to prepare your master image correctly.

This document and the tools below are designed to provide potential optimizations you can consider to provide a more responsive Windows® VM desktop for users. These configurations typically add value by enhancing the user experience and increasing system performance.

For example, some of the changes suggested below optimize the user experience by enabling faster log-ons, reducing unnecessary prompts, and allowing faster screen updates. Others optimize performance and increase scalability by reducing unnecessary processor, memory, disk and network usage.


Please Note: The optimizations suggested below are suggestions only and their applicability will vary between environments. Use your own professional judgement as to which of these optimizations will be useful in your environment and be sure to test out your golden master image before deploying in a production environment.

3rd Party Tools & Documents

Please Note: The links provided below are provided for your convenience only. You bear the responsibility for determining if the tools or information linked to is appropriate for your needs.

Tools

  • Quest Workspace Optimizer A free GUI and command-line utility for optimizing a Windows image for using in vWorkspace (or any VDI deployment). Currently there are 40 optimizations. You can add your own optimizations by editing the configuration file of the of the Quest vWorkspace Desktop Optimizer.
  • VDI Optimizer: The tool called VDI Optimizer outputs a VBScript (based on the selections you make in the GUI interface), which can then be used to apply performance and configuration settings to images that will be deployed via VDI platforms – this is particularly useful if you are using MDT 2010 for your image engineering process as the VBScript can bolted into the task sequence using a Run Command Line task.

Licensing is Your Responsibility

Please Note: You are responsible for complying with all operating system and application vendors’ license agreements when you clone a virtual machine or make it available for multiple users.

Best practices for Installing Virtual Machines

Before cloning from the Golden Master Image, make any desired changes to the guest OS (except binding to an Active Directory). This includes:

  • Applying OS updates, service packs and patches.
  • Installing any desired VirtualBox Tools, especially the Guest OS Tools.
  • Install and Configure management agents.
  • Install and run anti-virus software, if needed. (Note: "locked" clones are returned to a pristine state whenever they are restarted, and thus should not require anti-virus software.)
  • Backup software or files, if necessary.
  • Install and configure any desired end-user applications
  • Finally, de-fragment the guest hard disk.

Make sure that your cloning process does not result in virtual machines with duplicate system attributes.

Using a known-good ISO file to create your initial VM image can save time over using CD or DVD media and also avoids any risk of damage to physical install media.

Optimizing your Golden Master (Windows OS) Image

Rules of Thumb

  • You want to ensure the average CPU load on your server is less than 70% under regular usage (by all users). You want to be able to gracefully handle spikes in need.
  • Disable Serial and Parallel Ports on your Host PC/Server
    • In BIOS, go to Advanced ->I/O Device Configuration and disable serial and parallel ports. Save changes and Exit.

Essentials

  • Install VirtualBox Guest Additions
  • Install all Windows Patches, then turn OFF Automatic Updates
  • Disable Serial and Parallel ports in Device Manager (if they exist)
  • Set Screensaver to "None" or "Blank" (this saves CPU over a graphic image screensaver)
  • Disable System Sounds (Set Sound scheme to "None")
  • (Windows 7) Uninstall Tablet PC Components
  • Disable Windows Error Reporting
  • Remove unnecessary boot applications (Quicktime, Real, Adobe Acrobat Updater, etc.).
  • Remove any unneeded Windows components and applications (Outlook Express, Messenger, Games, etc.)
  • Disable any unnecessary services
  • If you access the internet through a proxy, it is important to configure your golden master image with the correct proxy settings. It is recommended to refer to the operating system documentation for detailed instructions; a good starting point ishttp://technet.microsoft.com/en-us/library/cc985352.aspx.

File System

  • Disable NTFS "Last Accessed" option
    • fsutil behavior set disablelastaccess 1 (Requires reboot)
  • Disable Windows Prefetcher & Set the value to 0 (Disable)
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\EnablePrefetcher];
  • Disable System Restore
    • Right Click "My Computer" -> Properties, -> "System Restore" tab and select "Turn off System Restore"
  • Disable Indexing
    • Double Click "My Computer, Right click on C:\ -> Properties -> Click "General" tab and clear "Allow Indexing Service to Index…"
  • Disable Offline Files
  • Disable scheduled or background Defrag
  • Disable Windows Search
  • Disable Windows Disk Optimizer
  • Adjust the disk timeout value
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk] "TimeOutValue"=REG_DWORD:0×000000be(190)
  • Use User Profile Hive Cleanup Service to help prevent profile corruption

Power Settings

  • Disable hibernation
  • Change power settings to "High Performance" and disable sleep timer
  • Set HDD’s to "Never" turn off
  • Open Control Panel -> Power Options -> Change Plan Settings -> Change Advanced power settings and set the "Turn off hard disks after" setting to Never
  • Disable the Logon Screen Saver
  • HKEY_USERS\.DEFAULT\Control Panel\Desktop
  • Edit ScreenSaverActive and change value to 0

Disable Notifications

  • Disable logging of informational Printing events
  • Open "Printers and Faxes", Click File-> Server Properties -> Advanced and clear "Log spooler informational events"
  • Disable Success Logging (login attempts, etc.)
  • Only do this if security policy allows it
  • Disable Toolbar Notifications
  • Disable the Windows XP Tour Notifier
  • Disable Balloon Tips
  • Shrink Event Logs and enable circular logging (registry keys)
  • Disable Desktop Cleanup Wizard

Browser/Internet Explorer

  • Upgrade to the latest browser version.
  • Disable "Use Suggested Sites"
  • Set the default home page to your Intranet site, or blank, or something lightweight
  • Change IE to prevent programs from suggesting a change of the search provider
  • Remove Webslice gallery and suggested sites from Toolbars on IE
  • Add "trusted sites" as necessary
  • Shrink the IE Temp File size
  • Adjust browser cache size to lowest useful setting

Common Applications

  • Install Adobe Flash Player (turning off automatic updates)
  • Install Adobe Reader and set to "Do not download or install updates automatically"
  • Turn Java Updater off
  • Remove MS OneNote tray service (if installed)
  • Turn off Outlook Cached Mode
  • Remove the Language Bar
  • Regsvr32.exe /u msutb.dll
  • install a more efficient browser than Internet Explorer (e.g., Google Chrome) and set this as the default browser.

General OS Environment

  • Set Pagefile to static size
  • Change the default Windows Theme to "Basic"
  • Adjust visual effects for "Best Performance"
  • Enable ClearType Fonts
  • Turn off Windows Security Center
  • Turn off Automatic Computer Maintenance
  • Disable "Allow users to browse for troubleshooters"
  • Disable "Allow troubleshooting to begin immediately when started"

Network Optimizations

  • Install, setup and test your printers
  • Disable NetBIOS over TCP/IP
  • Disable IPv6
  • Add any necessary DNS suffixes
  • Add any necessary HOSTS entries for "custom" applications
  • Disable Automatic Searching of Network Printers and Shares
  • DHCP: Adjust default lease time

Final Cleanup

  • Optimize the Registry
    • RegScrub.exe – Registry Cleaner
    • NTRegOpt.exe – Registry Optimizer, removing "white" space in registry
  • Run disk cleanup
  • Defrag the HDD
  • Delete all event logs
  • Make the User profile the Default Profile
  • (Windows 7) ensure KMS server is enabled
  • Make sure Floppy and CD-ROM drives are set to "Client Device" and not set to "Connect at Power On"

Antivirus (AV)

  • When using "locked" clones AV may not be required
  • If you are using AV, avoid running AV scans concurrently
    • Full systems scans cause major performance impacts
    • Stagger full systems scans (when full system scans are a corporate standard)
    • Schedule any full system scans to run at night when no one is using the system.

User Data

  • Use folder redirection for My Documents potentially even to a Network Attached Storage (NAS)
  • Easier to use existing file archival system, maintain multiple file versions
  • Evaluate Profile Management Applications
  • Turn off Outlook/thunderbird Cached Mode (VMs that are on same high speed network as your mail server don’t benefit as much from cached mode). This will save on disk space and conserve storage IOPS.

Services

Recommended SettingBackground Explanation
Disable "Background Intelligent Transfer Service"This service uses idle network bandwidth to fetch updates for the system, like Windows Update. As we will disable these other services that rely on BITS, we can disable BITS.
Disable "Desktop Windows Manager Session Manager"This service is responsible for Windows 7 Aero theme. Turning this off typically improves performance.
Disable "Function Discovery Resource Publication"This service publishes each computer's information onto the network so peers can discover them. This functionality is typically not required in most environments. If you do not require this functionality we suggest disabling it.
Disable "HomeGroup listener" and "HomeGroup provider"This is responsible for HomeGroup membership. As the virtual Windows 7 desktops will most likely be in a domain model, the homegroup functionality is not required.
Disable "Indexing Service"The Indexing Service creates an index of local and remote files to allow for faster searching. As this information is created and stored locally. If you are using locked clones these indexes will be destroyed upon each reboot due to the read-only configuration of the locked clone. That means each reboot will start with a blank index. Disabling this service will improve scalability but will results in a slightly degraded user experience when they perform searches.
Disable Offline FilesResponsible for management and maintenance and synchronization of offline files. If your host PC/Server is online, there is little need for Offline File support.
Disable "Security Center"Disabling the Security center will eliminate reporting of issues with antivirus, malware or firewall configurations. Since many of these items are being disabled or modified, disabling this service eliminates these messages being displayed to (and potentially annoying) your users.
Disable "SuperFetch"SuperFetch tries to improve system performance over time by “learning” the typical user activity. In locked clones this information is deleted on each reboot hence provides little value.
Disable "System Restore"The System Restore service creates system snapshots and restore points. This functionality is unneeded as the virtual desktop is based on a golden, read-only (locked) image. Disabling System Restore will save disk space and CPU time.
Disable "Themes"Themes allows users to manage the themes (including backgrounds, sounds and visual effects, etc.). This service take resources and will impact overall scalability. We recommend disabling this unless you want user to be able to personalize their environment.
Disable "Windows Defender"Assuming you have your own anti-malware solution, it makes sense to disable the integrated windows service.
Disable "Windows Media Player Sharing Service"Unless users will be sharing items to other users via Media Player, this service can be disabled.
Disable "Windows Search"Disabling Windows Search will improve scalability, however many applications rely on this service. Disabling the service might result in failed searches or longer user wait-times for search results.
Disable "Windows Error Reporting"Administrative Templates – Windows Components – Windows Error Reporting
  • Generates application crash dumps to be sent to Microsoft. Should be safe to disable unless troubleshooting application.
Disable "Automatic Updates"Administrative Templates – Windows Components – Windows Updates
  • Windows updates should only be done on the base desktop image and not by users.
Disable "System Restore"Administrative templates – System – System Restore
  • Not needed due to the nature of desktop virtualization and single image management.
Disable Screensaver

Utilizing complex screen savers wastes resources. Instead, the blank screen saver should be used to secure the environment without impacting resources. Administrative Templates – Control Panel – Personalization

  • Enable screen saver: Enabled
  • Prevent changing screen saver: Enabled
  • Password protect screen saver: Enabled
  • Screen saver timeout: Enabled – 600 seconds
  • Force specific screen saver: Enabled – scrnsave.scr


Force Offscreen Composition for Internet Explorer

Overcomes a potential screen flicker issue for certain websites.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Force Offscreen Composition"=dword:00000001


Reduce Menu Show Delay

Reduces the delay Windows sets for menus. Provides better user experience.

[HKEY_CURRENT_USER\Control Panel\Desktop] 

"MenuShowDelay"="150"

 
Disable all Visual Effects except "Use common tasks in folders" and "Use visual styles on windows and buttons"

Provides a better user experience.[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]"VisualFXSetting"=dword:00000003 [HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] "MinAnimate"="0" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ListviewAlphaSelect"=dword:00000000 "TaskbarAnimations"=dword:00000000 "ListviewWatermark"=dword:00000000 "ListviewShadow"=dword:00000000 [HKEY_CURRENT_USER\Control Panel\Desktop] "DragFullWindows"="0" "FontSmoothing"="0" "UserPreferencesMask"=binary:90,12,01,80 ,10,00,00,00

Note: The UserPreferenceMask changes based on the settings selected in the System Properties – Performance Options configuration page.

Disable Boot Animation

Disabling the animation, saves resources and can speeds up the boot process.

  • bcdedit /set bootux disabled
Remove unused Windows components

These items are typically not be used in most zero client environments.

  • Windows Media Center
  • DVD Maker
  • Tablet Components
Set Min & Max Page file values to the sameKeeping the pagefile at a single size prevents the system from expanding, which creates a significant amount of IO.
Optimize AntivirusDecide your A/V strategy. Configure antivirus to scan writes and disable the scheduled scans. The base image should be scanned before being deployed within production. should be done after completing all other optimizations.
Disk CleanupRemoves unnecessary files and can save disk space (depending on your VM cloning strategy)
DefragmentationDefragmenting your disk should be done before cloning your Golden Mater Image to ensure the disk is optimized. Note: this step should be done as a final step after completing all other optimizations.


Recommended Windows Registry Modifications

ConfigurationOptimizerRegistry Modification (in REG format)
Disable Last Access TimestampYes[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem] "NtfsDisableLastAccessUpdate"=dword:00000001
Disable Large Send OffloadNo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNNS\Parameters]"EnableOffload"=dword:00000000
Disable TCP/IP OffloadNo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]"DisableTaskOffload"=dword:00000001
Increase Service Startup TimeoutNo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] "ServicesPipeTimeout"=dword:0002bf20
Hide Hard Error MessagesNo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows] "ErrorMode"=dword:00000002
Disable CIFS Change NotificationsNo[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoRemoteRecursiveEvents"=dword:00000001
Disable Logon ScreensaverNo[HKEY_USERS\.DEFAULT\Control Panel\Desktop]"ScreenSaveActive"="0"
Disable Clear Page File at ShutdownYesHKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]"ClearPageFileAtShutdown"=dword:00000000
Disable Offline FilesYes[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]"Enabled"=dword:00000000
Disable Background DefragmentationYes[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction] "Enable"="N"
Disable Background Layout ServiceYes[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout]"EnableAutoLayout"=dword:00000000
Disable Bug Check Memory DumpYes[HKLM\SYSTEM\CurrentControlSet\Control\CrashControl]"CrashDumpEnabled"=dword:00000000"LogEvent"=dword:00000000"SendAlert"=dword:00000000
Disable HibernationYes[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]"Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00
Disable Memory DumpsYes[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]"CrashDumpEnabled"=dword:00000000"LogEvent"=dword:00000000 "SendAlert"=dword:00000000
Disable Mach. Acct. Password ChangesYes[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]"DisablePasswordChange"=dword:00000001
Redirect Event LogsNoHKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application]"File"="D:\EventLogs\Application.evtx"[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security]"File"="D:\EventLogs\Security.evtx"[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System]"File"="D:\EventLogs\System.evtx"
Reduce Event Log Size to 64KYesHKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application]"MaxSize"=dword:00010000[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security]"MaxSize"=dword:00010000[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System]"MaxSize"=dword:00010000

Windows 7 Specific Config Settings

ParameterComment
Guest Operating SystemMicrosoft Windows 7 (32-bit or 64-bit)
SCSI ControllerLSI Logic SAS or Parallel
Hard DiskDisks for Templates or parent virtual machines can utilize Thin Provisioning
FloppyRemove the floppy drive
CD/DVDSuggest to turn this off unless you want to give users access to the CD drive of the host PC/Server.


Memory Specs32-bit, 1 – 3GB (no more than 3GB); 64-bit, 1 – 4GB (depends on use case)
Bios - Disable PortsGo to the Options tab of virtual machine properties and select force entry into bios to disable unnecessary LPT and COM ports

Windows 7 Services Parameters Table

ServiceDefaultStateComments
BitLocker Drive Encryption ServiceManualDisableNot recommended to encrypt VDI virtual machines
Block Level Backup Engine ServiceManualDisableLeveraged for backing up data on a workstation
Desktop Window Manager Session ManagerAutoDisableDisable if Aero is not necessary / desired
Disk DefragmenterManualDisableProvides disk defragmenting services for hard drives and can impact performance if run on a virtual machine
Diagnostic Policy ServiceAutoDisableProblem detection and troubleshooting resolution
Home Group ListenerManualDisableLeveraged for Home Networking
Home Group ProviderManualDisableLeveraged for Home Networking
IP HelperAutoDisableDisable if IPv6 is not leveraged
Microsoft iSCSI Initiator ServiceManualDisableNot needed for virtual machines
Microsoft Software Shadow Copy ProviderManualDisable/EnableDisable if you are not using System Restore.
Secure Socket Tunneling Protocol ServiceManualDisableUsed to provide VPN capability
Security CenterAutoDisableMonitors configuration of security-related services
SuperfetchAutoDisableLoads applications into memory for faster reload over time. Non-persistent virtual machines will likely not benefit from this setting being enabled. Full testing is recommended to determine the optimum setting for this service.
Tablet PC Input ServiceManualDisableTable PC Services
ThemesAutoDisableOnly if you want to run as “Classic” interface (no “Orb” for start button)
UPnP Host ServiceManualDisableDependent on SSDP Service
Volume Shadow Copy ServiceManualDisable/EnableDisable if you are not using System Restore.
Windows BackupManualDisableBacks up workstation data
Windows DefenderAutoDisableDisable if Anti Spyware / Malware isn’t needed
Windows Error Reporting ServiceManualDisableWindows Error Reporting
Windows FirewallAutoDisableDisable unless you are setting exceptions using GPO
Windows Media Center Receiver ServiceManualDisableUsed by Media Center
Windows Media Center Scheduler ServiceManualDisableUsed by Media Center
Windows SearchAutoDisableDisable if you are not doing a lot of searching on a virtual machine
Windows UpdateAutoDisableDisable unless needed for updates
WLAN AutoConfigManualDisableWireless LAN Configuration
WWAN AutoConfigManualDisableUsed for Mobile Broadband Devices
Offline FilesManualDisableUsed for maintenance of Offline Files cache
SSDP DiscoveryManualDisableUsed to discover UPNP Devices

Windows 7 Group Policy Table

PolicyPolicy LocationSettings
Action Center Icon RemovalUser Configuration > Administrative Templates > Start Menu and Taskbar
  • Remove the Action Center icon = Enabled
Event LogsComputer Configuration > Administrative Templates > Event Log Service > Specific Event Log
  • Maximum application log size = 1024
  • Maximum security log size = 1024
  • Maximum system log size = 1024

Note: If you are attempting to set the Security log size to 1024 via this Group Policy setting, you are restricted to 20480 unless you set this using the previous Group Policy Setting valid for Windows XP SP2 and Server 2003 and above located here ? Computer Configuration > Windows Settings > Security Settings > Event Log

FirewallComputer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall Properties
  • Firewall State = On (Recommended), or Off

Note: If the Windows Firewall Service is Disabled, this is not necessary

Internet Explorer Settings (cache)User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page
  • Empty Temporary Internet Files folder when browser is closed = Enabled
Internet Explorer Settings (first run wizard)Computer Configuration > Administrative Templates > Windows Components > Internet Explorer
  • Prevent performance of First Run Customize settings = Enabled
Recycle BinUser Configuration > Administrative Templates > Windows Components > Windows Explorer
  • Do not move deleted files to the recycle bin = Enabled
Remote DesktopComputer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections
  • Enables users to connect remotely using Remote Desktop Services = Enabled
Remote DesktopComputer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
  • Require user authentication for remote connections by using Network Level Authentication = Enabled
RSS FeedsUser Configuration > Administrative Templates > Windows Components > RSS Feeds
  • Turn off background sync for feeds and Web Slices = Enabled
*Screen SaverUser Configuration > Administrative Templates > Control Panel > Personalization
  • Password protect the screen saver = Enabled
  • Screen saver timeout = 600
  • Force specific screen saver = %windir%\system32\scrnsave.scr
System RestoreComputer Configuration > Administrative Templates > System > System Restore
  • Turn off System Restore = Enabled
User Access ControlComputer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  • User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode = Elevate without prompting
  • User Account Control: Detect application installations and prompt for elevation = Disabled
  • User Account Control: Only elevate UIAccess applications that are installed in secure locations = Disabled
  • User Account Control: Run all administrators in Admin Approval Mode = Disabled
WallpaperUser Configuration > Administrative Templates > Desktop > Desktop
  • Desktop Wallpaper = “ ”

Note: A “space” is required to set the wallpaper to none in the above setting. Optionally, setting to a file that does not exist will actually prevent a user from setting wallpaper at all.

Windows DefenderComputer Configuration > Administrative Templates > Windows Components > Windows Defender
  • Turn off Windows Defender = Enabled
Windows SideshowComputer Configuration > Administrative Templates > Windows Components > Windows Sideshow
  • Turn off Windows Sideshow = Enabled
*Windows UpdateComputer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings
  • Turn Off Access to All Windows Update Features = Enabled
  • Turn off Windows Update Device Driver Searching = Enabled

Note: If the Windows Update Service is Disabled, this is not necessary

Windows 7 Customizations Available Using the Registry

Computer (Local Machine) Settings

Windows Registry Editor Version 5.00

;Disables First Run Wizard for Internet Explorer

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]

“DisableFirstRunCustomize”=dword:00000001

;Disables Windows Update

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

“NoAutoUpdate”=dword:00000001

;Disables System Restore

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

“DisableSR”=dword:00000001

;Sets size and retention for Event Logs to 1 MB and no retention

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application]

“MaxSize”=dword:00100000

“Retention”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security

“MaxSize”=dword:00100000

“Retention”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System]

“MaxSize”=dword:00100000

“Retention”=dword:00000000

;Disables the crash dump file

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]

“CrashDumpEnabled”=dword:00000000

;Removes the option to store files in the recycle bin and deletes them immediately

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]

“NoRecycleFiles”=dword:00000001

;Allows RDP to be used – ensure firewall is configured or turned off

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]

“fDenyTSConnections”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\

RDP-Tcp]

“UserAuthentication”=dword:00000000

;Disables User Access Control (UAC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

“EnableLUA”=dword:00000000

;Set Superfetch for boot files only

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory

Management\PrefetchParameters]

“EnableSuperfetch”=dword:00000000

;Turn off Default Network Location Dialogue

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\

NewNetworkWindowOff]

; Extend Disk Time-Out Value to 200

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk]

“TimeOutValue”=dword:000000c8

[HKEY_LOCAL_MACHINE\SOFTWARE\Image]

“Revision”=”1.0”

“Virtual”=”Yes”

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Sideshow]

“Disabled”=dword:00000001

User (Default User) SettingsWindows Registry Editor Version 5.00
;Sets the screensaver default to “blank”, timeout 10 mins, protected

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop]

“SCRNSAVE.EXE”=”%windir%\\system32\\scrnsave.scr”

“ScreenSaveTimeOut”=”600”

“ScreenSaverIsSecure”=”1”

;Sets default wallpaper to nothing

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

“Wallpaper”=””

;Ensures that temporary internet files are always purged

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

“Persistent”=dword:00000000

;Hide the Action Center Task Tray Icon

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

“HideSCAHealth”=dword:00000001

;Disable RSS Feeds for Internet

[HKEY_CURRENT_USER\Software\Microsoft\Feeds]

“SyncStatus”=dword:00000000




Customizations Reference

TypeDescriptionStatusMethodHive
CustomizationAction Center IconDisableGPO, RegistryHKCU
CustomizationSet Boot to “No GUI”DisableCommand LineHKLM
CustomizationCrash DumpDisableRegistryHKLM
CustomizationDisk Timeout ValueModifyRegistryHKLM
CustomizationEvent LogsModifyGPO, RegistryHKLM
CustomizationHibernationDisableCommand LineHKLM
CustomizationIE CacheDisableGPO, RegistryHKCU
CustomizationIE First Run WizardDisableGPO, RegistryHKLM
CustomizationIE RSS FeedsDisableGPO, RegistryHKCU
CustomizationImage RevisionModify/CreateRegistryHKLM
CustomizationLast Access TimestampModifyCommand LineHKLM
CustomizationNetwork Location DialogueModifyRegistryHKLM
CustomizationRecycle BinDisable Deleted File RetentionGPO, RegistryHKLM
CustomizationRegistry Idle BackupDisableCommand LineHKLM
CustomizationScreensaverEnable and ConfigureGPO, RegistryHKCU
CustomizationWallpaperDisableGPO, RegistryHKCU
CustomizationWinSAT (Windows System Assessment Tool)DisableCommand LineHKLM
FeatureUser Access ControlTurn off or ConfigureGPO, RegistryHKLM
FeatureWindows SideshowDisableGPO, RegistryHKLM
Feature/ServiceSystem RestoreDisableGPO, Registry, Services, Command LineHKLM
Windows Service*Desktop Window Manager Session ManagerDisableServicesHKLM
Windows Service*IP HelperDisableServicesHKLM
Windows Service*SuperfetchDisableRegistry, ServicesHKLM
Windows Service*ThemesDisableServicesHKLM
Windows Service*Windows DefenderDisableGPO, Services, Command LineHKLM
Windows ServiceTabletPC InputServicesHKLM
Windows Service*Windows FirewallConfigure/DisableGPO, Services, Command LineHKLM
Windows ServiceBitLocker Drive Encryption ServiceDisableServicesHKLM
Windows ServiceBlock Level Backup Engine ServiceDisableServicesHKLM
Windows ServiceDiagnostic Policy ServiceDisableServicesHKLM
Windows ServiceDisk DefragmenterDisableServices, Command LineHKLM
Windows ServiceHome Group ListenerDisableServicesHKLM
Windows ServiceHome Group ProviderDisableServicesHKLM
Windows ServiceMicrosoft iSCSI Initiator ServiceDisableServicesHKLM
Windows ServiceMicrosoft Software Shadow Copy ProviderDisable/Enable for Persona ManagementServicesHKLM
Windows ServiceOffline FilesDisableServicesHKLM
Windows ServiceRemote DesktopEnableGPO, Registry, ServicesHKLM
Windows ServiceSecure Socket Tunneling Protocol ServiceDisableServicesHKLM
Windows ServiceSecurity CenterDisableServicesHKLM
Windows ServiceSSDP DiscoveryDisableServicesHKLM
Windows ServiceVolume Shadow Copy ServiceDisable/Enable for Persona ManagementServicesHKLM
Windows ServiceWindows BackupDisableServicesHKLM
Windows ServiceWindows Error Reporting ServiceDisableServicesHKLM
Windows ServiceWindows Media Center Receiver ServiceDisableServicesHKLM
Windows ServiceWindows Media Center Scheduler ServiceDisableServicesHKLM
Windows ServiceWindows SearchDisableServicesHKLM
Windows ServiceWindows UpdateDisableGPO, Registry, ServicesHKLM
Windows ServiceWLAN AutoConfigDisableServicesHKLM
Windows ServiceWWAN AutoConfigDisableServicesHKLM

































评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值