Managing Microsoft Windows: Difference between revisions
Jump to navigation
Jump to search
(→Utils) |
No edit summary |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
How to manage Microsoft Windows without losing your sanity: | How to manage Microsoft Windows without losing your sanity: | ||
* | * FOR THE LOVE OF SANITY, DO NOT INSTALL ON PHYSICAL HARDWARE, only a virtual machine ! ! ! | ||
** Use VirtIO for the disk type | |||
** Consider using VirtIOFS for sharing data with the host | |||
* FOR THE LOVE OF SANITY, don't put anything other than the OS on the OS boot drive ! ! ! | |||
** Change the "Program Files" directory to a separate drive/filesystem | |||
** Change the "ProgramData" directory to a separate drive/filesystem | |||
** Move the pagefile to a separate drive/filesystem | |||
** Move the "users" directory to a separate drive/filesystem | |||
* Whenever possible, install the Server Core / non-Desktop Experience version for a more minimal install | |||
* Install [http://www.tightvnc.com/ TightVNC] and enable service mode (console access) and regular mode (on port 5901) for desktop session access | * Install [http://www.tightvnc.com/ TightVNC] and enable service mode (console access) and regular mode (on port 5901) for desktop session access | ||
* Install [https://www.cygwin.com/ Cygwin] with: | * Install [https://www.cygwin.com/ Cygwin] with: | ||
** ssh server | ** ssh server<br>See: https://docs.oracle.com/cd/E24628_01/install.121/e22624/preinstall_req_cygwin_ssh.htm#EMBSC150<br><tt>netsh firewall add portopening TCP 22 "SSH TCP Port 22"</tt> | ||
** rsync | ** rsync | ||
** vim | |||
** tmux/screen | |||
* Install OpenControl Center agent | * Install OpenControl Center agent | ||
* Install [https://msdn.microsoft.com/en-us/library/ff542282%28v=vs.85%29.aspx Emergency Management Services (EMS) redirection] | * Install [https://msdn.microsoft.com/en-us/library/ff542282%28v=vs.85%29.aspx Emergency Management Services (EMS) redirection]<br><tt>bcdedit /ems '{current}' ON</tt> | ||
* Install [https://support.microsoft.com/en-us/kb/216417 Recovery Console] | * Install [https://support.microsoft.com/en-us/kb/216417 Recovery Console] | ||
* Install [http://www.classicshell.net/ Classic Shell] | * Install [http://www.classicshell.net/ Classic Shell] | ||
| Line 15: | Line 25: | ||
* Use [http://download.wsusoffline.net/ WSUS Offline Update]<br>Update Microsoft Windows and Office without an Internet connection | * Use [http://download.wsusoffline.net/ WSUS Offline Update]<br>Update Microsoft Windows and Office without an Internet connection | ||
* [https://technet.microsoft.com/en-us/sysinternals/bb545027.aspx sysinternals tools] | * [https://technet.microsoft.com/en-us/sysinternals/bb545027.aspx sysinternals tools]<br>Install in c:\bin and add to system path. | ||
* Windows Servers Tools (Microsoft Windows Software Development Kit [SDK]) | * Windows Servers Tools (Microsoft Windows Software Development Kit [SDK]) | ||
** [http://www.microsoft.com/en-us/download/details.aspx?id=23719 Vista] | ** [http://www.microsoft.com/en-us/download/details.aspx?id=23719 Vista] | ||
= | =System= | ||
* [http:// | * [http://www.flexerasoftware.com/enterprise/products/software-vulnerability-management/personal-software-inspector/ Secunia PSI] - Keeps apps updated, shows you outdated versions and updates available | ||
* [http://wincdemu.sysprogs.org/ WinCDEmu] - Mount ISO files as virtual CD-ROM drives | |||
* [http://implbits.com/ HashTab] - Provides file hashes in the file properties dialog | * [http://implbits.com/ HashTab] - Provides file hashes in the file properties dialog | ||
=Usability= | |||
* [http://www.4t-niagara.com/tray.html 4t Tray Minimizer] - Provides the much-needed winshade functionality to the Windows "windows manger" | * [http://www.4t-niagara.com/tray.html 4t Tray Minimizer] - Provides the much-needed winshade functionality to the Windows "windows manger" | ||
* [http://virtuawin.sourceforge.net/ VirtuaWin] - Provides virtual desktop capability | |||
=Applications= | |||
* [http://winmerge.org/?lang=en WinMerge] - Does visual file/folder diffs | |||
* [http://www.vim.org/download.php gVim] - Graphical vim for Windows | * [http://www.vim.org/download.php gVim] - Graphical vim for Windows | ||
=Malware Detection / Removal= | =Malware Detection / Removal= | ||
| Line 37: | Line 53: | ||
* Microsoft Security Essentials | * Microsoft Security Essentials | ||
* 360 total security (varius systems checks / fixes) | * 360 total security (varius systems checks / fixes) | ||
=Exchange= | =Exchange= | ||
MFCMAPI | MFCMAPI | ||
=VNC when not installed= | |||
If you have the cygwin SSH server installed but not TightVNC yet, you can do the following in order to connect to the desktop: | |||
# Copy psexec.exe and tvnserver.exe to the server<pre>scp tvnserver.exe psexec.exe user@server:/cygdrive/c/</pre> | |||
# SSH to server<pre>me@desktop ssh user@server</pre> | |||
# Accept psexec EULA<pre>user@server# /cygdrive/c/psexec.exe -accepteula</pre> | |||
# Start TightVNC Server on desktop session 1<pre>user@server# /cygdrive/c/psexec.exe -s -h -i 1 "c:\Program Files\TightVNC\tvnserver.exe"</pre> | |||
# In another shell, connect out to remote<pre>user@server# /cygdrive/c/tvnserver.exe -controlapp -connect jeremybryansmith.com</pre> | |||
# Shut it down<pre>user@server# /cygdrive/c/tvnserver.exe -controlapp -shutdown</pre> | |||
# You may have to force shutdown<pre>user@server# taskkill /IM tvnserver.exe</pre> | |||
Latest revision as of 16:48, 5 January 2024
How to manage Microsoft Windows without losing your sanity:
- FOR THE LOVE OF SANITY, DO NOT INSTALL ON PHYSICAL HARDWARE, only a virtual machine ! ! !
- Use VirtIO for the disk type
- Consider using VirtIOFS for sharing data with the host
- FOR THE LOVE OF SANITY, don't put anything other than the OS on the OS boot drive ! ! !
- Change the "Program Files" directory to a separate drive/filesystem
- Change the "ProgramData" directory to a separate drive/filesystem
- Move the pagefile to a separate drive/filesystem
- Move the "users" directory to a separate drive/filesystem
- Whenever possible, install the Server Core / non-Desktop Experience version for a more minimal install
- Install TightVNC and enable service mode (console access) and regular mode (on port 5901) for desktop session access
- Install Cygwin with:
- ssh server
See: https://docs.oracle.com/cd/E24628_01/install.121/e22624/preinstall_req_cygwin_ssh.htm#EMBSC150
netsh firewall add portopening TCP 22 "SSH TCP Port 22" - rsync
- vim
- tmux/screen
- ssh server
- Install OpenControl Center agent
- Install Emergency Management Services (EMS) redirection
bcdedit /ems '{current}' ON - Install Recovery Console
- Install Classic Shell
- Install Firefox
- Install Everything Search Engine
- Put windows version on desktop
Registry edit:
HKEY_CURRENT_USER\Control Panel\Desktop\PaintDesktopVersion
Set DWORD value 1 - Install JDiskReport for disk usage analysis
- Use WSUS Offline Update
Update Microsoft Windows and Office without an Internet connection
- sysinternals tools
Install in c:\bin and add to system path. - Windows Servers Tools (Microsoft Windows Software Development Kit [SDK])
System
- Secunia PSI - Keeps apps updated, shows you outdated versions and updates available
- WinCDEmu - Mount ISO files as virtual CD-ROM drives
- HashTab - Provides file hashes in the file properties dialog
Usability
- 4t Tray Minimizer - Provides the much-needed winshade functionality to the Windows "windows manger"
- VirtuaWin - Provides virtual desktop capability
Applications
Malware Detection / Removal
- rootkit revlealer
- Junkware Removal Tool
- ComboFix
- ClamAV
- ADWCleaner
- RKill
- TDSSKiller
- Etc from bleepingcomputer.com
- Microsoft Security Essentials
- 360 total security (varius systems checks / fixes)
Exchange
MFCMAPI
VNC when not installed
If you have the cygwin SSH server installed but not TightVNC yet, you can do the following in order to connect to the desktop:
- Copy psexec.exe and tvnserver.exe to the server
scp tvnserver.exe psexec.exe user@server:/cygdrive/c/
- SSH to server
me@desktop ssh user@server
- Accept psexec EULA
user@server# /cygdrive/c/psexec.exe -accepteula
- Start TightVNC Server on desktop session 1
user@server# /cygdrive/c/psexec.exe -s -h -i 1 "c:\Program Files\TightVNC\tvnserver.exe"
- In another shell, connect out to remote
user@server# /cygdrive/c/tvnserver.exe -controlapp -connect jeremybryansmith.com
- Shut it down
user@server# /cygdrive/c/tvnserver.exe -controlapp -shutdown
- You may have to force shutdown
user@server# taskkill /IM tvnserver.exe