is alive!

Hello and welcome to, this blogs intent is to create a central resource for Cloud Security with information for combined fields including; security architecture, SecOps, security automation (DevSecOps), incident response, penetration testing, threat intelligence, threat hunting, focused on Public Cloud (Azure, GCP and AWS.)

  • Cloud Security Penetration Testing. Red Teaming. (e.g. TIBER-EU)
  • Cloud Security Digital Forensics.
  • Cloud Security Architecture and Detection Engineering. (Blue Teaming)
  • Cloud Security Incident Response.
  • Cloud Security Strategy and Risk Assessment.
  • Cloud Security Proactive Threat Hunting.
  • Cloud Security Monitoring and Compliance.
  • Cloud Security Automation.
  • Serverless, Container, SaaS, API and Web Security.

Proactive Threat Hunting is a unique combination of skills and it is not something that is commonly promoted.

Proactive Threat Hunting rises from Digital Forensic and Incident Response. It is about all the environment-wide insights and analysis. Threat hunting doesn’t consist of incidents investigation, it is a proactive search of known and unknown threats, so a threat hunter can’t just sit and wait until something happens. Human-led reactive and proactive threat hunting based on risk analysis and integrated threat intelligence feeds to augment indicators of compromise

Threat hunting expertise. Reactive threat hunting, targeted threat hunting, and proactive threat hunting all are important in helping organizations improve security maturity and strengthen their defenses. Another key differentiator is continuous proactive threat hunting, which is an optimal preventive strategy.

Threat Hunting utilises EDR and XDR in its purest form is a platform that offers detection and response capabilities utilizing e(X)tended telemetry sources that is managed by the purchasing entity.

This blog will include articles, PodCasts, Source Code, templates, Screencasts, Best practices guides, documentation template and Research into various aspects of Cyber Security.

Why write blogs; The Protégé Effect: How You Can Learn by Teaching Others

The protégé effect is a psychological phenomenon where teaching, pretending to teach, or preparing to teach information to others helps a person learn that information.

DetectX Social media links

I will cull some of the above depending on popularity.

Rules for PodCasts and Blogs

  • 30 mins concise (not waste of time, straight to the point and Topic.) Allot of PodCast is like listening to two people talk without any structure and goes on forever.
  • Easy PodCast must have corresponding Show Notes, ToC, Blog and Reference of all things discussed.
  • Provide a forum and discussion via Discord.
  • Content relevant to Australian Cyber Security industry.

It is peculiar irony in life that the fastest and best way to learn something is to give it to others as soon as you learn it — not to hog it yourself.

If you would like to support, please share, subscribe to the followings;

Windows 8 and Server 2012 Optimisation Guide for Citrix VDI

Windows 8 and Server 2012 Optimization Guide for Citrix VDI

‘ Title: Windows 8 and Server 2012 VDI Optimization Script
‘ Author: Pablo Legorreta
‘ Modifications: Steven Krueger & William Elvington

‘ Special thanks to Jonathan Bennett (AutoITScript)
‘ for creating a wonderful optimizer tool and to Jeff Stokes (MSFT)
‘ for creating the original baseline script for Windows 7

‘ Purpose: The following script will prepare a Windows 8 or Server 2012
‘ static image for VDI deployment based on MSFT and Citrix recommendations.

‘ Requirements: Administrative Privileges, Registry backup – Just in case 😉

‘ // ==============
‘ // Variables
‘ // ==============

‘ Constants
Const ForReading = 1
Const Disable_Aero = False
Const Disable_BranchCache = False
Const Disable_EFS = False
Const Disable_iSCSI = False
Const Disable_MachPass = False
Const Disable_Search = False

Const Install_NetFX3 = False
Const NetFX3_Source = "D:\Sources\SxS"

‘ Common objects
Set oShell = WScript.CreateObject ("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oEnv = oShell.Environment("User")

‘ Command Line Arguments for Some Settings
Set colNamedArguments = WScript.Arguments.Named

If colNamedArguments.Exists("Aero") Then
strAero = colNamedArguments.Item("Aero")
strAero = Disable_Aero
End If

If colNamedArguments.Exists("BranchCache") Then
strBranchCache = colNamedArguments.Item("BranchCache")
strBranchCache = Disable_BranchCache
End If

If colNamedArguments.Exists("EFS") Then
strEFS = colNamedArguments.Item("EFS")
strEFS = Disable_EFS
End If

If colNamedArguments.Exists("iSCSI") Then
striSCSI = colNamedArguments.Item("iSCSI")
striSCSI = Disable_iSCSI
End If

If colNamedArguments.Exists("MachPass") Then
strMachPass = colNamedArguments.Item("MachPass")
strMachPass = Disable_MachPass
End If

If colNamedArguments.Exists("Search") Then
strSearch = colNamedArguments.Item("Search")
strSearch = Disable_Search
End If

If colNamedArguments.Exists("NetFX3") Then
strNetFX3 = colNamedArguments.Item("NetFX3")
strNetFX3 = Install_NetFX3
End If

‘ Enable RDP Connections
RunWait "WMIC rdtoggle where AllowTSConnections=0 call SetAllowTSConnections 1,1"
RunWait "netsh advfirewall firewall set rule group=" & Chr(34) & "remote desktop" & Chr(34) & " new enable=Yes"

‘ // ==================
‘ // Service Settings
‘ // ==================

‘ Disable Application Layer Gateway Service
RunWait "sc config ALG start= disabled"

‘ Disable Background Intelligent Transfer Service
RunWait "sc config BITS start= disabled"

‘ Disable Bitlocker Drive Encryption Service
RunWait "sc config BDESVC start= disabled"

‘ Disable Block Level Backup Engine Service
RunWait "sc config wbengine start= disabled"

‘ Disable Bluetooth Support Service
RunWait "sc config bthserv start= disabled"

If strBranchCache = True Then
‘ Disable BranchCache Service
RunWait "sc config PeerDistSvc start= disabled"
End If

‘ Disable Computer Browser Service
RunWait "sc config Browser start= disabled"

‘ Disable Device Association Service
RunWait "sc config DeviceAssociationService start= disabled"

‘ Disable Device Setup Manager Service
RunWait "sc config DsmSvc start= disabled"

‘ Disable Diagnostic Policy Services
RunWait "sc config DPS start= disabled"
RunWait "sc config WdiServiceHost start= disabled"
RunWait "sc config WdiSystemHost start= disabled"

‘ Disable Distributed Link Tracking Client Service
RunWait "sc stop TrkWks"
RunWait "sc config TrkWks start= disabled"

If strEFS = True Then
‘ Disable Encrypting File System Service
RunWait "sc config EFS start= disabled"
End If

‘ Disable Family Safety Service
RunWait "sc config WPCSvc start= disabled"

‘ Disable Fax Service
RunWait "sc config Fax start= disabled"

‘ Disable Function Discovery Resource Publication Service
RunWait "sc config FDResPub start= disabled"

‘ Disable HomeGroup Listener Service
RunWait "sc config HomeGroupListener start= disabled"

‘ Disable HomeGroup Provider Service
RunWait "sc config HomeGroupProvider start= disabled"

If striSCSI = True Then
‘ Disable Microsoft iSCSI Initiator Service
RunWait "sc config msiscsi start= disabled"
End If

‘ Disable Microsoft Software Shadow Copy Provider Service
RunWait "sc config swprv start= disabled"

‘ Set Network List Service to Auto
RunWait "sc config netprofm start= auto"

‘ Disable Offline Files
RunWait "sc config CscService start= disabled"

‘ Disable Optimize Drives Service
RunWait "schtasks /change /tn ""microsoft\windows\defrag\ScheduledDefrag"" /disable"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction\Enable", "N", "REG_SZ"
RunWait "sc config defragsvc start= disabled"

‘ Disable Secure Socket Tunneling Protocol Service
RunWait "sc config SstpSvc start= disabled"

‘ Disable Security Center
RunWait "sc config wscsvc start= disabled"

‘ Disable Sensor Monitoring Service
RunWait "sc config SensrSvc start= disabled"

‘ Disable Shell Hardware Detection Service
RunWait "sc config ShellHWDetection start= disabled"

‘ Disable SNMP Trap Service
RunWait "sc config SNMPTRAP start= disabled"

‘ Disable SSDP Discovery Service
RunWait "sc stop SSDPSRV"
RunWait "sc config SSDPSRV start= disabled"

‘ Disable SuperFetch
RunWait "sc config SysMain start= disabled"

‘ Disable Telephony Service
RunWait "sc config TapiSrv start= disabled"

If strAero = True Then
‘ Disable Themes Service
RunWait "sc config Themes start= disabled"
End If

‘ Disable UPnP Device Host Service
RunWait "sc config upnphost start= disabled"

‘ Disable Volume Shadow Copy Service
RunWait "sc config VSS start= disabled"

‘ Disable Windows Backup Service
RunWait "sc config SDRSVC start= disabled"

‘ Disable Windows Color System Service
RunWait "sc config WcsPlugInService start= disabled"

‘ Disable Windows Connect Now – Config Registrar Service
RunWait "sc config wcncsvc start= disabled"

‘ Disable Windows Defender Service
RunWait "sc config WinDefend start= disabled"

‘ Disable Windows Error Reporting Service
RunWait "sc config WerSvc start= disabled"

‘ Disable Windows Media Player Network Sharing Service
RunWait "sc config WMPNetworkSvc start= disabled"

‘ Break out Windows Management Instrumentation Service
RunWait "winmgmt /standalonehost"
RunWait "sc config winmgmt group= COM Infrastructure"

‘ Disable Windows Search Service
If strSearch = True Then
RunWait "sc stop WSearch"
RunWait "sc config WSearch start= disabled"
End If

‘ Disable Windows Updates
RunWait "sc config wuauserv start= disabled"

‘ Disable WLAN AutoConfig Service
RunWait "sc config Wlansvc start= disabled"

‘ Disable WWAN AutoConfig Service
RunWait "sc config WwanSvc start= disabled"

‘ // ================
‘ // Computer Settings
‘ // ================

‘ Disable Hard disk timeouts
RunWait "POWERCFG /SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0"
RunWait "POWERCFG /SETDCVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0"

‘ Disable Action Center
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth", &H00000001, "REG_DWORD"

‘ Optimize Processor Resource Scheduling
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl\Win32PrioritySeparation", &H00000026, "REG_DWORD"

‘ Disable TCP/IP / Large Send Offload
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload", &H00000001, "REG_DWORD"

‘ Disable hibernate
RunWait "powercfg -h off"

‘ Disable NTFS Last Access Timestamps
RunWait "FSUTIL behavior set disablelastaccess 1"

If strMachPass = True Then
‘ Disable Machine Account Password Changes
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange", &H00000001, "REG_DWORD"
End If

‘ Disable memory dumps
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\LogEvent", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot", &H00000001, "REG_DWORD"

‘ Disable default system screensaver
oShell.RegWrite "HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveActive", 0, "REG_DWORD"

‘ Increase service startup timeouts
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServicesPipeTimeout", &H0002bf20, "REG_DWORD"

‘ Increase Disk I/O Timeout to 200 seconds.
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk\TimeOutValue", &H000000C8, "REG_DWORD"

‘ Disable Other Scheduled Tasks
RunWait "schtasks /change /tn ""microsoft\windows\Application Experience\AitAgent"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Application Experience\ProgramDataUpdater"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Application Experience\StartupAppTask"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Autochk\Proxy"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Bluetooth\UninstallDeviceTask"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Customer Experience Improvement Program\BthSQM"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Customer Experience Improvement Program\Consolidator"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Customer Experience Improvement Program\KernelCeipTask"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Customer Experience Improvement Program\Uploader"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Customer Experience Improvement Program\UsbCeip"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Diagnosis\Scheduled"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Maintenance\WinSAT"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\MobilePC\HotStart"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Power Efficiency Diagnostic\AnalyzeSystem"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\RAC\RacTask"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Ras\MobilityManager"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Registry\RegIdleBackup"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Shell\FamilySafetyMonitor"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Shell\FamilySafetyRefresh"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\SideShow\AutoWake"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\SideShow\GadgetManager"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\SideShow\SessionAgent"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\SideShow\SystemDataProviders"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\UPnP\UPnPHostConfig"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\WDI\ResolutionHost"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Windows Filtering Platform\BfeOnServiceStartTypeChange"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Windows Media Sharing\UpdateLibrary"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\WindowsBackup\ConfigNotification"" /disable"

‘ Configure Event Logs to 1028KB (Minimum size under Vista/7) and set retention to "overwrite"
Set oEventLogs = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!//./root/cimv2").InstancesOf("Win32_NTEventLogFile")
For Each e in oEventLogs
e.MaxFileSize = 1052672
e.OverWritePolicy = "WhenNeeded"
e.OverWriteOutdated = 0

oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Retention", 0, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Retention", 0, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Retention", 0, "REG_DWORD"

‘ Set PopUp Error Mode to "Neither"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\ErrorMode", 2, "REG_DWORD"

‘ Disable bootlog and boot animation
RunWait "bcdedit /set {default} bootlog no"
RunWait "bcdedit /set {default} quietboot yes"

‘ Disable UAC secure desktop prompt
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop", &H00000000, "REG_DWORD"

‘ Disable New Network dialog
RunWait "reg add HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff"

‘ Disable AutoUpdate of drivers from WU
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\searchorderConfig", 0, "REG_DWORD"

‘ Turn off Windows SideShow and install NetFX3
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Sideshow\Disabled", 1, "REG_DWORD"
If strNetFX3 = True Then
RunWait "dism /online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:" & NetFX3_Source & " /NoRestart"
End If

‘ Disable IE First Run Wizard and RSS Feeds
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize", 1, "REG_DWORD"

‘ Disable the ability to clear the paging file during shutdown
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\ClearPageFileAtShutdown", 0, "REG_DWORD"

‘ Disable Internet Explorer Enhanced Security Enhanced
oShell.RegWrite "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073\IsInstalled", 0, "REG_DWORD"
oShell.RegWrite "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073\IsInstalled", 0, "REG_DWORD"

‘ Disables Background Layout Service
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout\EnabledAutoLayout", 0, "REG_DWORD"

‘ Disables CIFS Change Notifications
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRemoteRecursiveEvents", &H00000001, "REG_DWORD"

‘ Disable Data Execution Prevention
RunWait "bcdedit /set nx AlwaysOff"

‘ Set Power Saving Scheme to High Performance
RunWait "powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c"

‘ Set Recovery Dump to Small
RunWait "wmic recoveros set DebugInfoType = 3"

‘ Perform a disk cleanup
‘ Automate by creating the reg checks corresponding to "cleanmgr /sageset:100" so we can use "sagerun:100"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Downloaded Program Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Internet Cache Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Memory Dump Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Offline Pages Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Old ChkDsk Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Previous Installations\StateFlags0100", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Recycle Bin\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Setup Log Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\System error memory dump files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\System error minidump files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Setup Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Thumbnail Cache\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Upgrade Discarded Files\StateFlags0100", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Error Reporting Archive Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Error Reporting Queue Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Error Reporting System Archive Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Error Reporting System Queue Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Upgrade Log Files\StateFlags0100", &H00000002, "REG_DWORD"
RunWait "cleanmgr.exe /sagerun:100"

‘ // =============
‘ // User Settings
‘ // =============

‘ Reduce menu show delay
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\MenuShowDelay", "0", "REG_SZ"

‘ Disable cursor blink
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\CursorBlinkRate", "-1", "REG_SZ"
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\DisableCursorBlink", &H00000001, "REG_DWORD"

‘ Force off-screen composition in IE
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Force Offscreen Composition", &H00000001, "REG_DWORD"

‘ Disable screensavers
oShell.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive", "0", "REG_SZ"
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive", "0", "REG_SZ"
oShell.RegWrite "HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveActive", "0", "REG_SZ"

‘ Don’t show window contents when dragging
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\DragFullWindows", "0", "REG_SZ"

‘ Don’t show window minimize/maximize animations
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\MinAnimate", "0", "REG_SZ"

‘ Disable font smoothing
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\FontSmoothing", "0", "REG_SZ"

‘ Disable most other visual effects
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\VisualFXSetting", &H00000003, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\TaskbarAnimations", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewWatermark", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow", &H00000000, "REG_DWORD"
RegBinWrite "HKEY_CURRENT_USER\Control Panel\Desktop", "UserPreferencesMask", "90,12,01,80"

‘ Disable Action Center
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth", &H00000001, "REG_DWORD"

‘ Disable IE Persistent Cache
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Persistent", 0, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Feeds\SyncStatus", 0, "REG_DWORD"

‘ Done

‘ // ================
‘ // Functions
‘ // ================

Function Run(sFile)
Run = oShell.Run(sFile, 1, False)
End Function

Function RunWait(sFile)
RunWait = oShell.Run(sFile, 1, True)
End Function

Function RunWaitHidden(sFile)
RunWaitHidden = oShell.Run(sFile, 0, True)
End Function

Function IsServer()
IsServer = False
On Error Resume Next
For Each objOS in GetObject("winmgmts:").InstancesOf ("Win32_OperatingSystem")
If objOS.ProductType = 1 Then IsServer = False
If objOS.ProductType = 2 Or ObjOS.ProductType = 3 Then IsServer = True
End Function

Sub RegBinWrite (key, value, data)
key = "[" & key & "]"

If value <> "@" then
value = chr(34) & value & chr(34)
End if

valString = value & "=" & "hex:" & data

tempFile = GetTempDir() & "\regbinaryimport.reg"
Set txtStream = oFSO.CreateTextFile(tempFile,true)
txtStream.WriteLine("Windows Registry Editor Version 5.00")

oShell.Run "regedit.exe /s """ & tempFile & """", 1, true

oFSO.DeleteFile tempFile
End Sub

Function GetTEMPDir()
GetTEMPDir = oEnv("TEMP")
If InStr(GetTEMPDir, "%") Then
GetTEMPDir = oShell.ExpandEnvironmentStrings(GetTEMPDir)
End If
End Function




  • Superfetch
  • Themes
  • Windows Audio
  • Windows Audio Endpoint Builder
  • Google Update Service
  • Window Search
  • Internet Connection Sharing
  • Media Center Extender Service
  • Routing and Remote Access
  • Adobe Flash Player Update Service
  • Fax