Kategorie: IT-New

This post describes how I typically set up and configure my Windows machines.

[compatibility issues with Windows on ARM are marked red]
See Using the Windows Dev Kit 2023 ARM Mini-PC as Office Computer

I am slowly migrating to Windows 11, see Windows 11 ist (noch?) nix für mich.

For details on Windows features and configuration, see Paul Thurrot’s Windows field guides:
– Windows 10 Field Guide
– Windows 11 Field Guide

My typical Windows and apps layout:

• Dark theme
• Dark solid color background
• Window borders in accent color (where supported by app)
• My favorite Office commands in Quick Access toolbar above ribbon
• Outlook HubBar disabled for more horizontal space
• My most uses apps pinned to taskbar
• Greenshot tray icon always visible
• ‚This PC‘ pinned to desktop
• Colored mouse pointer (here green)
  

Install Windows

[In case you are angry at Microsoft making it difficult to install Windows without using an MS account: One reason for this might be that on modern HW Windows by default encrypts the system partition with BitLocker. If one loses the BitLocker key, one will lose all data in case of problems where the key is needed. Thus, Windows automatically stores the BitLocker key in the MS account.]

Even though being German, I prefer English as display language because the UI texts are shorter, there are no translation errors and it is easier to search for help with English texts and error messages. Sadly MS and many app developers confuse display language with locale, often resulting in apps with German UI even though I intended English.

• Windows display language: English
• Region: German
• Keyboard: German
• Add German language via language settings for proofing tools

Set up a sign-in PIN. This is safer than always using your password.
In addition, I configure a fingerprint if the machine supports this.

Update Software to the newest version:

• Force Windows updates
• Force Windows Store apps updates
• Install PC maker’s updates via their toll, e.g. via Lenovo Vantage

Configure a backup tool
I don’t use File History because it does not support Boxcryptor encrypted files. It looks like MS has deprecated File History (for OneDrive folder backup?).

• Macrium Reflect
  I use Macrium to
  – backup system images (free version) and
  – important files & folders (paid)
  • Let Macrium create rescue boot entry
  • password protect backups!
• On ARM Macrium does not run
  I use ‚Backup and Restore (Windows 7)‘
  which is still available in Windows 11 (under Control Panel) or via the command wbAdmin.
• protect backups using Bitlocker on the external drive
  • turn on BitLocker auto-unlock
  • the drive can easily be unlocked other machines by simply entering the password (the key is needed only if one forgets the password)

Create a first backup to make it easy to revert to this point.

• Create Windows system restore point
  Might have to enable system restore first.
• Create System partition image backup using backup tool
• Create a recovery drive.
  See Gute Elektronik und Zubehör for good USB-C/A Sticks.

Configure Windows

• Dark mode for Windows and apps
• Windows background: solid dark color
  I consider background images distracting noise.
• Taskbar alignment left
  With a centered taskbar, pinned icons move when additional apps are opened. Left aligned looks nicer to me.
• Show accent color on title bars and windows borders
  Without colored borders I find it hard to distinguish between layered windows when using dark mode. Sadly the colored borders settings is currently respected by MS Office and many older apps.
• Additional clocks.
  Add two additional clocks via ‚Date & Time, Additional Clock‘.
  They will show in addition to the local time when pointing at the clock shown on the taskbar.
• Set Taskbar Widgets setting ‚Show Announcements“ off.
  This hopefully only shows weather info on the Taskbar.
• Show most used apps: on (Win11 only)
  Shows most used app at the top of All apps in the Start menu
• Tighten admin security
  This improves security and only costs a few additional confirmation prompts.
  • User Account Control settings: ‚Always notify me‘
  • Choose where to get apps: ‚Anywhere, but warn me before installing an app that’s not from the Microsoft Store‘
• Set „If you’ve been away, when should Windows require you to sign in again?“ to 5 min.
• Disable keyboard caps lock.
  I rarely need caps lock, but often hit it accidentally. This is easy to reverse.
  disable_caps_lock.zip
• Enable Windows Voice typing launcher via CTRL-H, Settings.
• Make Mouse pointer easier to locate
  • Green color
    I use a different color for each machine to help distinguishing which machine I am on when remoting.
  • Enable ‚Show location of pointer when I press the CTRL key‘
• If the File Explorer OneDrive context menu with „Share“ or „View online“ is missing: Change the User Account Control policies to allow OneDrive context menus. To cumbersome to configure. I use OneDrive online to share.
  With the Win11 March 2023 update the OneDrive menu items are available by default in the right-click context menu via „Show more options“ or via shift+right-click.
• Enable Remote Desktop Connection (RDP) to new machine
  I find it helpful to be able to remote into all my machines, e.g. for scenarios when they are running without peripherals connected or when they are not reacting to mouse and keyboard. Beware! If you did not RDP into a machine for a long time, it might refuse accepting the correct credentials. I typically fix this by running an app as admin on the remote machine, e.g.
  runas /u:MicrosoftAccount\[my account] cmd.exe
• Enable Nearby Sharing
  I currently don’t use this.
  For a good explanation of all Windows file sharing methods, see A quick survey of legacy sharing features
• Bitlocker
  • Enable Bitlocker for all drives
    • On modern HW Bitlocker is automatically enabled for the system drive (without notifying the user) and the key is stored in the Windows account
    • If the backup tool does not support password protection: enable BitLocker for the removable backup drive too
  • Backup Bitlocker Keys to
    • USB stick
    • Print to store in bank safe
    • Save to encrypted(!) cloud storage
    • Save to AD
      As my machines are connected to my work/school account BitLocker keys are saved to AD instead of my personal MS account. Because „Save… to AD…“ is not offered by the BitLocker control panel app is use PowerShell:
      • $BLV = Get-BitLockerVolume -MountPoint „D:“
      • BackupToAAD-BitLockerKeyProtector -MountPoint „D:“ -KeyProtectorId (($BLV.KeyProtector | where {$_.KeyProtectorType -eq „RecoveryPassword“}).KeyProtectorId)
• Storage Sense
  Maybe change run ‚During low free disk space“ to monthly.
• Import all EFS-Certificates
  I have lots from many machines. Some 10+ years old.Storage Sense
• Enable Windows long paths
  To enable long file paths in Windows, open Registry Editor, create a new DWORD named „LongPathsEnabled“ in „HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem“ and set the value to 1.
• Turn on the Diagnostic Data Viewer under ‚Diagnostics & feedback“
  • Install the Diagnostic Data Viewer app from the Microsoft Store

File Explorer options

• Compact view
• Single-click to open an item
  I am quicker with single-click. One only has to master selecting multiple files with single-click enabled.
• Deselect ‚Hide extensions of known file types‘
• Deselect ‚Hide protected operating system files‘
  Always showing protected OS files is no longer helpful since after Windows XP.

Install Apps

[ToDo: try using the winget installer. It seems to offer most of my apps]

Windows apps

• MS Office apps
  • Outlook
    • Add all my email accounts
    • Set download from the past‘ to ‚all‘
      sometime one has to force OL to actually download all by navigating to the last email
    • Restore Outlook signatures
      Sadly signatures don’t sync automatically between installations.
      I simply store them in a .txt file because I need them in different email clients.
    • Configure secure email using an S/MIME certificate
      I gave up on email encryption because none of my contacts were interested, including businesses (as I still was working for a SW house) – how incredibly stupid!
    • Check if Outlook uses Windows indexing, via Outlook, File, Opions, Search, Indexing Options. Note! the options Window here show Windows indexing setting more complete are readable than Windows Settings, Indexing options: e.g. Outlook, OneNote, … instead of cryptic mapi16//… names.
  • Word
    • Create signature image Quick Part to sign Word documents
      • Insert image into a document
      • Select image, got to Insert, Quick Pars, save selection to Quick Parts gallery
  • Exel
  • Powerpoint
• Windows Mail
  • Add my Microsoft 365 email account only
    For mail and calendar Live Tiles
    As fallback in case Outlook hangs.
• MS To Do
  • Connect to my Microsoft 365
    This automatically syncs Outlook tasks with To Do
• OneDrive Personal and For Business
  For a good description of OneDrive features, see Get to know OneDrive in Windows 11
  • Disable File Collaboration.
    I don’t work concurrently on Office docs on different PCs.
    Maybe that makes OneDrive faster and more robust.
  • Configure OneDrive Folder Backup for Documents and Pictures.
    Configure Folder Backup for Desktop on one PC only! Otherwise OneNote will create a merged mess of the desktops of several PCs.
  • Change the location of the Music folder to my OneDrive Music folder via properties, Location.
  • Add my OneDrive Camera Roll folder to File Explorer Quick Access – this is where OneDrive Android backs up my phone’s photos redundantly to Google Drive.
  • Configure offline use.
    I select offline use for my desktop machines, and files on-demand for my mobile machines, marking some folders with ‚Always keep on this device‘. The 200GB local storage space required in my case does not bother me.
  • Sadly OneDrive for Business syncs quite slowly (the Personal version is quicker)- sometimes it takes several days to download my 170GB – which is especially annoying because during this phase required files don’t download on-demand.
  • OneDrive for business has annoying restrictions for path length and file and folder names. This stems from its underlying implementation (Sharepoint). I found out the hard way when migrating from OneDrive personal to business. This is totally unacceptable and MS should have changed their implementation long ago.
• OneNote
  One of my favorite features of OneNote is that it automatically inserts a link to the source URL when pasting a snippet from the web.
  • Add from Windows store for auto updates
    Since Oct 2022 the store delivers the desktop version
    which is the version supported by MS in the future.
• Skype
  In addition to the standard Skype functionality I have a Skype number (Skype Festnetz Telefonnummer) and use Skype to Phone (to cheaply call any phone number anywhere in the World) using Skype credit (no monthly plan).
  • Configure microphone and cam
• Phone Link
  • Add new PC to the Android „Link to Windows“ app

• Windows Sandbox
  • Enable the Sandbox Windows feature
    Is very slow on ARM.
  • I automatically install Brave via a .wsb config file using the RuckZuck installer. For more Sandbox config options see Start Windows Sandbox With Preinstalled Apps

MS Office settings. For apps Outlook, Excel, Word, PowerPoint, OneNote:

• Show Quick Access toolbar above the Ribbon
• Import my app-specific Quick Access toolbar icons
  Office Quick Access Toolbar Icons.zip
• Outlook: disable the HubBar
  I often use Outlook on a monitor in portrait mode and HubBar needlessly wastes precious horizontal space. Set
  HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides\Microsoft.Office.Outlook.Hub.HubBar
  string to false
• OneNote
  Beware! When opening notebooks, multiple versions may exists in different network locations. I always make a change on a machine which is currently in use to verify if this change propagates to the notebook opened on the new machine.
  • Force a OneNote backup

Other Apps (manual install)

• Boxcryptor
  I consider zero-knowledge encryption of cloud data a must-have, see Thoughts and Experiments on Cloud Encryption and Datenschutz (Ende-zu-Ende Verschlüsselung, …)
  To include decrypted Boxcryptor files in Windows indexing ‚Enable Windows search‘ in Boxcryptor advanced settings and add the drive x: to Windows indexing.
  In Nov 2022 BoxCryptor was sold to Dropbox. I don’t know if and when Dropbox will offer good and safe E2EE encryption. The alternative Cryptomator does not support Windows on ARM. I moved to Tresorit.
  I don’t use OneDrive Vault: It offers no E2EE. Backup tools cannot backup Vault files. Vault was unstable in my tests.
• Tresorit
  For end-to-end encrypted storage of privates files in the cloud.
• 1Password
  A password manager is a must.
  For 2FA is use the MS Authenticator Android app.
  Many common assumptions about good password are wrong.
  See Toward better Master Passwords.
• Macrium Reflect
  to backup system images (free) and important files
  • password protect backups
  • ! Macrium cannot backup the Tresorit drive
    Thus I use Tresorit synced folders.
  • on ARM systems (like the Windows Dev Kit)
    Macrium does not work. I fallback to ‚Backup and Restore (Windows 7)‘ for image backups, which is still available in Windows 11 (under Control Panel).
• Portfolio Performance
• Kindle for PC app
  While reading is way better on a Kindle ePaper reader I prefer the PC app or cloud reader if I need to search a lot or jump around in books – as one typically does with technical books.
• Oscar
  To analyze my sleep apnea data from my APAP machine
• Adobe Acrobat XI Standard
  The license came with my iX500 Scanner
  To edit and sign PDFs with a signature image
  • Configure signature picture to sign PDFs
• AusweisApp2
  For authentication with my German identity card.
  Works fine with the Android AusweisApp2 and a phone as ID card reader.
• cyberjack RFID standard USB smart card driver and tools
• Balsamic Mockups
  To design UIs
• Markdown Monster
• Veracypt ?
• MS Powertoys
  I only use:
  • Awake to conveniently prevent the PC from shutting down
  • Image Resizer when I want to forward images
  • T (Win+Shift+T) Extractor to extract text from images
• Sysinternals Suite
  There is an ARM version!

• Private Internet Access (VPN)
• Brother printer tools
• Will never buy HP printers again because several time they stopped supporting new Windows versions.
• Fujitsu iX500 Scanner driver and tools

Other Apps (Ninite install)

Ninite is very handy to install common apps and automatically keep them updated.
I am using this for years: reliable, minimal UI – highly recommended!
The initial Ninite install is free (without any registration). The Ninite Updater costs $10/y.
For alternative installers see Start Windows Sandbox With Preinstalled Apps.

• Firefox
  • Enable sync
  • Add add-ons
    See Recherchieren – Warum, Wie und Womit
• Chrome
• Greenshot
  Is free and good.
  Always show tray icon on taskbar.
• FileZilla
  Export / import its settings
• Notepad++
• VLC
• 7-Zip
• Dropbox ?

Web Browsers

• Set Firefox as default web browser, configured for research
  see Recherchieren – Warum, Wie und Womit
• Brave as fallback option
• Edge is installed by default
• Set preferred language for search results for each search engine, e.g.
  on https://www.google.com/preferences
  

Virus scanners, Windows optimizers

I don’t install any 3rd party virus scanners, the built-in Windows Defender is sufficient for me.

One can install the new MS PC Manager – while it seems to offer no new functionality to Windows it makes it easier to do Windows healthcare by offering existing features in one place. Beware that Windows defender reports PC Manager as „another antivirus program“!

I never use any optimizers or driver tools (except the ones from notebook vendors).

Clean Windows

For minimal Windows VMs I sometimes use the Debloat Windows PowerShell scripts by Chris Titus.

Uninstall unwanted Apps.
Windows 11 is less stubborn here and lets you uninstall more unwanted stuff.

Remove unwanted shortcuts.

Disable unwanted Windows startup entries

Create App Shortcuts

Pin frequently used apps to taskbar

Add frequently used web sites to desktop

Resize desktop icons (depending on monitor resolution) by selecting all vie CTRL+A and CTRL+MouseWheel

Final Backup

Create ‚config completed‘ backups to make it easy to revert to this point.

• Create Windows system restore point
• Create System partition image backup using backup tool
• Backup BitLocker recovery keys:
  • Print to store in bank safe
  • Save to USB-Stick and encrypted(!) cloud storage

Store the Windows product key in 1Password
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\BackupProductKeyDefault

Windows 10 vs. Windows 11

With Win11 I miss Win10 Live Tiles. Was using a full start screen with large Live Tiles for Mail, Calendar, 5 MS Weather tiles for different locations I like to travel to, 3 MS To Do lists and 3 MS Money medium tiles for funds and currencies I am interested in. I don’t get the rationale behind those Win11 widgets: no full screen, no multiple instances and these pesky clickbait news stories which you cannot get configured away, however hard you try [Jan 2023: getting rid of the clickbait cards is slowly improving].

I like the new windows snap layouts in Windows 11. Snapping a Window can be initiated by moving it to the screen edges or by hovering over (not clicking!) the Windows minimize button.

With single monitor setups I frequently use the multiple desktops feature: