Windows 11 Tweaks, Fixes and Modifications [Overview]

Discussion in 'Windows 11' started by Enthousiast, Jul 1, 2021.

  1. boe323

    boe323 MDL Expert

    Jul 19, 2011
    1,681
    490
    60
    #1501 boe323, Sep 18, 2023
    Last edited: Sep 18, 2023
    how is it insecure when its using https
    Its the best all rounder, having Malwarebytes browser gaurd ..i have no use for the others

    results for malware blocking only 1.1.1.2
    upload_2023-9-18_22-42-52.png
    no https
     
  2. xploitmachine

    xploitmachine MDL Member

    Sep 15, 2023
    141
    87
    10
    #1502 xploitmachine, Sep 19, 2023
    Last edited: Sep 19, 2023
    Yes, these are the best and suits my system without giving any issues / problems, some those not compatible with my system I have deleted thos registry files :)

    Google for freeware EC Menu, it also has GUI friendly "right-click" task enabler .. its just fine :)
     
  3. TairikuOkami

    TairikuOkami MDL Expert

    Mar 15, 2014
    1,192
    1,086
    60
    I was not talking about SSL, it is unfiltered and meant for enterprise, all botnets are allowed, it is the worst DNS to choose, even Google is better.
     
  4. Nicolas Bermudez

    Nicolas Bermudez MDL Member

    Jun 17, 2023
    119
    70
    10
    I think NextDNS or Adguard would be the better choice if you want built-in filter. The last time I used Cloudflare Security (1.1.1.2) it blocked some websites that I regularly visit while doing nothing to Google Analytics which is the obvious tracker. After I found some great DNS apps with custom blocklist feature (DNSCrypt-proxy for Windows, personaldnsfilter for Android), I decided to use unfiltered DNS only.
     
  5. RanCorX2

    RanCorX2 MDL Expert

    Jul 19, 2009
    1,001
    554
    60
  6. boe323

    boe323 MDL Expert

    Jul 19, 2011
    1,681
    490
    60
    google is defo not better:roflmao:
     
  7. d5aqoëp

    d5aqoëp MDL Addicted

    Jan 19, 2017
    802
    596
    30
    Looking to enable CoPilot in 22621.2361 with Vivetool
    I tried these 5 numbers but didn't work.
    /enable /id:44774629,44850061,44776738,42105254,41655236

    I thought it was part of .2361 RP update
     
  8. cuteee

    cuteee MDL Guru

    Oct 13, 2012
    5,755
    994
    180
    Wait to Tuesday.
     
  9. boe323

    boe323 MDL Expert

    Jul 19, 2011
    1,681
    490
    60
    now that youve added the keys, reboot ..wait 5mins or so and reboot again, open edge and check for updates
    enable by group policy if it doesn't auto enable
    you should be able to enable on that build, its the same as mine but disabled by default
     
  10. acer-5100

    acer-5100 MDL Guru

    Dec 8, 2018
    4,007
    2,879
    150
    #1512 acer-5100, Sep 24, 2023
    Last edited: Sep 25, 2023
    Sometimes the most obvious things are the most overlooked.

    But I just discovered that you can easily decrapify the W11 GUI, using.... Win10's explorer.exe (and obviously its mui)

    This thing never worked before, say you cant use the explorer 7 on win 8, but this time is different.


    upload_2023-9-24_19-19-9.png

    Depending on how you launch it you can have the W10 taskbar + W11 Filemanager like above, or the full Win10 experience, like below.

    upload_2023-9-24_19-25-56.png

    You can even play to go a bit crazier

    upload_2023-9-24_19-45-12.png






    The start menu will be still the ugly one from win 11, if you want a decent one, you need to install Classic Shell

    Edit: Perhaps it works even on 25951 where the current version of StartAllBack is partly broken (no systray) and explorer patcher doesn't work at all
     
  11. d5aqoëp

    d5aqoëp MDL Addicted

    Jan 19, 2017
    802
    596
    30
    which group policy?
     
  12. boe323

    boe323 MDL Expert

    Jul 19, 2011
    1,681
    490
    60
    upload_2023-9-24_19-50-18.png
    if it sill hasn't showed and the policy isn't there ...you will just have to wait a few days
     
  13. calaggan

    calaggan MDL Novice

    Nov 30, 2007
    15
    2
    0
    Try shortcut : microsoft-edge:///?ux=copilot&tcp=1&source=taskbar
     
  14. RanCorX2

    RanCorX2 MDL Expert

    Jul 19, 2009
    1,001
    554
    60
    #1518 RanCorX2, Oct 15, 2023
    Last edited: Oct 15, 2023
    for my personal tweaks i've been putting together a master list of services / drivers that are safe to disable in windows while still keeping basic functionality.

    i gave up making Lite versions of windows as i can't be bothered to slim down everytime a new windows drops..too much effort.

    now i just have the following;

    - disabled services list (.reg) and takeown bat for some locked keys
    still working on this, making sure windows is stable.

    now i'm splitting it into two lists, one listing the services present in windows vista/7

    and list two has all the services added in 8/8.1/10/11

    currently my list is split into catagories (standard, third party, drivers, networking, uwp/appx,
    accounts, xbox, windows update, vr and a few others)

    been doing it all on a virtual machine with windows 11 installed.

    - bats to disable some background processes (searchhost, smartscreen, textinputhost)

    - gui reg tweaks (some no longer work like small taskbar and never group) ffs ms...
    copy / move to
    taskbar small (not working)
    disable transparency
    hide action center tray icon
    hide quick actions
    no taskbar grouping (no working)
    show all tray icons
    print screen classic (no snipping tool)
    disable watermark

    - reg tweaks to disable the xbox crap (gamebar, dvr, pres writer)

    - bat to diable ALL scheduled tasks (then i disable the schedule svc)

    - bat / reg files to disable all event logs, traces and auto loggers except the standard ones (App, Sys etc) change all logs to 1mb and overwrite, might just end up disabling logging as they never seem to offer anything helpful...seriously reduces log writing.

    - ps to disable all the duplicate numbered services (+ bats that denies permissions of affected system files, only on ones that keep getting re-enabled after a reboot) stops the services constantly being re-enabled by windows. The rest stay disabled.

    these services are controlled by winlogon. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VolatileUserMgrKey
    contextLuid = the number on all the duplicate services with the random number string. you can delete that key but it just gets re-created after a reboot.
    so the only way to stop those services from running is to deny permissions of the system files used by those services. however, i only disable the ones that are safe.

    ones i deny permissions on are; cbdhsvc_, NPSMSvc_, UdkUserSvc_

    Code:
    ; Disable Numbered Services
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\BluetoothUserService_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\CaptureService_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\cbdhsvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\CredentialEnrollmentManagerUserSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DeviceAssociationBrokerSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\NPSMSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\P9RdrService_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\PenService_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UdkUserSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc_* -Name Start -Value 4 -Force
    Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_* -Name Start -Value 2 -Force
    the windows push notification service & the user service hav to stay on if you want to keep using the calendar flyout as it disables that if you stop that service (the numbered one)
    the user service (the one without numbers can be disabled)

    - reg to disable performance counters

    - reg to disable all the real-time and extra stuff of defender. i just do manual scanning. to avoid it catching things that aren't viruses and being annoying.

    - bat to disable hibernation

    - reg to disable ps restrictions

    - reg to enable DoH in windows and edge

    - ps to remove all apps (keeping store, app installer, security app)
    might end up removing store.
    i don't play xbox games on pc. i don't like uwp, never have.

    - reg to disable copilot

    so now i just click all the above stuff after an inplace upgrade and i'm all set. much easier than butchering a windows image. i have batches to restore all the services i've disabled and also i add comments to the lines for services that break things if disabled.

    i will share my services list when i've organised from A to Z.
    with my services list in effect i have 24 svchost processes active as opposed to 60+ on a fresh install.
    (this is when not using the reg tweak that groups the processes like on older windows) if you use winaero tweaker to enable grouping you will get even less processes but it's better to use the new way as having services on their own thread makes things more stable.
     
  15. raptorddd

    raptorddd MDL Addicted

    Aug 17, 2019
    685
    243
    30
    great.. ill keep on eye on this thread for your work.
     
  16. mimismitico

    mimismitico MDL Novice

    Aug 2, 2021
    9
    6
    0
    I would like to review those files