Started using Windows more because of work.

Settings->Privacy & Security->Recall & snapshots->disable Save snapshots

Installation

Bing “Windows 10 media creation tool”

If you get the ‘device driver not found’ error, make sure it’s plugged into USB 2.0, not 3.0.

Maintenance

  • Ew.
  • Before fixing someone’s computer… try to somehow ask or suggest them to physically clean their computer before bringing it to you for fixing. Particularly: keyboard, mouse, monitor, case
  • One update to keep in mind: scheduled antivirus scans, scheduled Windows update
  • If asked… it’s called “preventive maintenance.” Seriously. Ew.
  • “Choose how updates are delivered” = Set to Off

Compromised

PrintNightmare allows remote code execution (RCE) through the print spooler Remediate through registry settings

Here is how you delete dropped files after running a scan on your system. Boot your system into DOS then:

  1. Delete the following files from the Windows directory (usually C:\Windows): Temp$01.exe, Temp#01.exe, Scanregw.exe
  2. Go to the Windows System directory (usually C:\Windows\System) and delete this file: H@tkeysh@@k.dll

This is not an ideal solution since you are already compromised. The best way to deal with a compromised system is to start over (reinstall Windows).

Other Issues

Bing is good for anything Microsoft related because Bing indexes all of the TechNet and then some.

Use this to find all encrypted files on your system:

cipher /u /n /h

sfc /scannow
chkdsk /f /r
dism.exe /online /cleanup-image /restorehealth
mdsched.exe

For random freeze / crash, do this:

  1. Control Panel, find a setting “power”
  2. Edit power plan
  3. Change advanced power settings
  4. for all 3 profiles, set “Turn off hard disk after” to 0 and set “Link State Power Management” to Off

Services

To deal with services, run: services.msc

Consider turning off:

Hardening

What I’ve looked into when working in enterprise environments:

  • Ensure right accounts in right OUs
  • Separation of duties
  • Create/enforce standards/naming conventions
  • Address common misconfigurations
  • Move away from NTLMv1

When looking at accounts:

  • Deal with stale users
  • Disable admin with SPN (Service Principal Name)
  • Look for shadow admin accounts and disable if not needed
  • Set monitors for risky users

Shadow admin accounts can be added directly (usually planned or expected) or indirectly to privilege group

A true shadow admin account is indirectly given rights they should not have

gMSA (Group Managed Service Account) is preferred for service accounts

##

Winamp

Napster

To hide recycle bin from desktop: “Right click your desktop and navigate to Personalize > Go to Themes > Desktop icon settings, which will launch a window that lets you add, remove or change icons on your desktop. Uncheck Recycle Bin if you’d like to get rid of it and click OK.”

Check Credential Manager every so often Synology should not be on there

NT LAN Manager

weakly encrypted, gives access to cleartext passwords

Active Directory

Make sure to have good AD hygiene

Version History

  • 3.1
  • 95
  • 98
  • 2000
  • XP SP3
  • Vista
  • 7