• View
• Edit
• History
• Print

WindowsXPInstall

Notes on installing Windows XP Professional.

• Install Windows XP
• Install Service Pack 3 (SP3) [if necessary]
• Install hardware drivers (chipset, video, LAN, audio).
• Install post-SP2 updates with Windows Update (possibly excluding IE7)
• Uninstall Outlook Express, MSN Explorer (possibly Messenger and disable in gpedit.msc).
• Set IE home page to default:blank (User-Specific)
• Set desktop to classic view (User-Specific)
• Copy Windows Installation Files
  • Create SP3-slipstreamed CABS/ directory.
    • Copy the windows cd's contents to c:\CABS
    • sp3.exe /integrate:c:\sp3x
    • Delete everything in that directory except the i386\ directory.
  • Modify the registry so Windows looks for installation files in C:\CABS (Two places in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup .)
• Disable unnecessary services with services.msc - see this article
  • Application Layer Gateway Service -> disabled
  • Application Management -> disabled
  • Computer Browser -> disabled
  • Distributed Link Tracking Client -> manual
  • Error Reporting Service -> disabled
  • Help and Support -> manual
  • Indexing Service -> disabled
  • Logical Disk Manager -> manual
  • Net Logon -> disabled (non-domain systems)
  • NetMeeting Remote Desktop Sharing -> disabled
  • Network Location Awareness (NLA) -> disabled
  • Network Provisioning Service -> disabled
  • Portable Media Serial Number Service -> disabled
  • QoS RSVP -> disabled
  • Remote Desktop Help Session Manager -> disabled
  • Remote Registry -> disabled
  • Secondary Logon -> disabled
  • Smart Card -> disabled
  • SSDP Discovery Service -> disabled (reference)
  • TCP/IP NetBIOS Helper Service -> disabled (for non-domain systems)
  • Uninterruptible Power Supply -> disabled
  • Universal Plug and Plan Device Host -> disabled (reference)
  • WebClient -> disabled
  • Windows Time -> disabled (for non-domain systems)
  • Wireless Zero Configuration -> disabled (if no wireless network interface or, not using Windows wireless configuration)
  • WMI Performance Adapter -> disabled
• Disable storing of LM Hashes (see this article)
  

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  Value Name: NoLMHash
  Value Type: REG_DWORD
  Data:       1

  
  Note: Restart required
• Turn off the "take a tour of Windows XP" prompt (this is a per-user/profile item) (User-Specific):
  

  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Tour
  Value Name: RunCount
  Value Type: REG_DWORD
  Data: 0
• Get rid of the MSN Passport creation prompt:
  

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService
  Value Name: PassportBalloon
  Value Type: REG_BINARY
  Data: 0a (hexadecimal)
• Disable administrative shares:
  

  Hive: HKEY_LOCAL_MACHINE
  Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
  Name: AutoShareWks
  Data Type: REG_DWORD
  Value: 0

  
  Note: This does not disable the IPC$ share. See notes here.
• Disable checking scheduled tasks on remote machines when browsing Network Neighborhood:
  

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Remote Computer\NameSpace
  Delete: {D627790-4C6A-11CF-8D87-00AA0060F5BF}

  
  
• Restrict access to IPC$ share: (reference)
  

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
  "everyoneincludesanonymous"=dword:00000000
  "restrictanonymous"=dword:00000001
  "restrictanonymoussam"=dword:00000001

Here is a Reg File with the previous six registry changes (tested 5/20/2008).

• Turn off allow remote assistance
  • Right-click on My Computer and choose Properties
  • In the Remote tab, Remote Assistance section, un-check "Allow Remote Assistance invitations to be send from this computer"
• Disable the Memory Dump file creation. This can be turned back on if needed but, wastes drive space for deployment systems.
  • Right-click My Computer and select Properties
  • In the Advanced tab, under the Startup and Recovery section, press the Settings button.
  • In the System Failure section under the Write Debugging Information drop down list select None.
  • Press Ok all the way out.
  • You may need to reboot in order to finish the configuration.
• System Properties -> Advanced
  • Performance Options
    • Disable some visual effects
    • #Uncheck all that start with "Animate...", "Fade...", and "Slide...".
  • Disable the Error Reporting option. There is really no point in sending errors to MSFT.
    • Right-click My Computer and select Properties.
    • In the Advanced tab press the Error Reporting button.
    • Select Disable Error Reporting. If you want you can select the option to let you know what happened (in case of an application error).
    • Click Ok all the way out.
  • Set virtual memory paging file size to 2048/2048 (fixed at 2GB).
  • Don't allow Remote Assistance invitations to be sent from this computer.
  • Do not allow users to connect remotely to this computer
• Disable Use Welcome Screen and Fast User Switching (Control Panel>User Accounts>Change the Way Users Logon ...)
• Set the Administrator password.
• Disable "highlight newly installed programs" (User-Specific)
  • Right-click on Start button and choose Properties
  • Click the Customize button
  • In the Advanced tab, un-check "highlight newly installed programs"
  • Click OK
• Disable hiding of inactive icons (User-Specific)
  • Right-click on Start button and choose Properties
  • Un-check "hide inactive icons" in the Taskbar tab
  • Click OK
• Show Quick Launch (User-Specific)
  • Right-click on Start button and choose Properties
  • Check "Show Quick Launch"
  • Click OK
• Turn off the Language Bar - Although there is a checkbox to do this in the task bar Toolbars sub-menu, it will often come back after rebooting if disabled there. (User-Specific)?
  • In Control Panel, choose Regional and Language Options
  • In the Languages tab, click on Details
  • In the (new window that opened) click on Language Bar and untick "show language bar..."
• Set machine name and join to domain [Does this go here?]
• Customize Windows Explorer settings (User-Specific)
  • Show Status Bar (File -> Close to make persistent)
  • Set toolbar to use small icons
  • Detail view
  • Set View options
    • Show hidden files
    • Uncheck Hide file extensions for known file types
    • Check Launch folder windows in a separate process (not for 512M RAM machines)
    • Uncheck Use simple file sharing
  • Do not hide extensions for known file types
  • Apply to all folders
  • Disable offline files
  • Delete Internet Explorer and My Network Places from Explorer view of Desktop
• Rename the Administrator account to Admin. (Administrative tools-> Local Security Policy -> Local Policies -> Security Options)
• Make sure hibernation support is disabled (for desktop systems):
  • Right-click an empty space on your desktop. Choose Properties.
  • Go to the Screen Saver tab and click the Power button.
  • Un-check the Enable Hibernation check-box.
  • Click Ok all the way out.
  • Notice that the HIBERFIL is gone from the system partition.
• Start WMP 11.
  • Use "Custom Settings" and uncheck all boxes.
  • Don't add any extra shortcuts.
  • Accept default file associations.
  • Don't set up a store.
• [Optional] Turn off shortcuts for StickyKeys, FilterKeys, and ToggleKeys
  • In Control Panel, double-click Accessibility Options
  • For each keyboard accessibility feature, click on Settings and uncheck "Use shortcut."
• Set the Recycle Bin to not display a delete confirmation dialog.
• Don't use any effects for menus and tooltips.
• Install Command Prompt Here
• Install Windows XP Power Toys (TweakUI)
  • General
    • Disable list box animation.
    • Disable menu fading.
    • Disable tooltip fade.
  • Mouse
    • Make the menu speed one notch faster
    • Change Hover response time from 400ms to 200ms [optional].
  • Explorer
    • Don't allow web content to be added to the desktop.
    • Disable "Prefix 'Shortcut to' on new shortcuts"
    • Use Classic Search in Explorer.
  • My Computer
    • Disable autoplay for CD, DVD, and removable drives.
• Add Local Area Connection icons to your system tray
  • Right-click on My Network Places and choose properties.
  • In the Network Connections window - right click the Local Area Connection icon. If you have more than one NIC installed you can do the same for all NICs.
  • In the Local Area Connection Properties window select the "Show icon in the notification...". Click Ok.
• Create a "send to Notepad" shortcut:
  • Go to %SystemDrive%\documents and settings\%username%\sendto
  • Right-click in the right hand panel and select New > Shortcut
  • Create a new shortcut to Notepad.exe in the sendto folder.
• Turn off the Desktop Cleanup Wizard:
  • Right-click a blank spot on the desktop, and then click Properties to open the Display Properties dialog box.
  • Click the Desktop tab.
  • Click Customize desktop to open the Desktop Items dialog box.
  • Click to clear the Run Desktop Cleanup Wizard every 60 days check box.
  • Click OK twice to close the dialog boxes.
• Disable Recycle Bin delete confirmation:
  • Right-click on the Recycle Bin and choose Properties
  • Uncheck "Display delete confirmation dialog"
  • Click Ok
• Install the ISO Recorder Power Toy
• [Systems connected to domains] Install IFMEMBER.EXE to Windows/System32.
• Install Windows Media Encoder
• Install Firefox
• [Optional] Install Thunderbird
• Install anti-virus software & firewall (AVG). If using AVG Professional, set AVG default scan to 50ms.
• Install SpywareBlaster, update, protect, make install snapshot
• Add Evermore SSL cert to Firefox
• Install Flash
• Install Shockwave (do not install the free Norton Security Suite trial)
• Install Java
• Update Java
• Install Adobe Acrobat Reader
• Update Adobe Acrobat Reader (even the latest release usually requires an update)
• Install QuickTime or iTunes
• Install Evermore Remote
• [If Microsoft Messenger is still installed] Run Microsoft Messenger and configure it to not "Start when Windows starts."
• [Optional] Install additional apps:
  • PDF Creator (create Quick Launch icon, no desktop icons)
  • 7zip
  • WinDirStat (place exe in C:\Program Files\WinDirStat, create shortcut in Accesories\System Tools for all users)
  • DeepBurner
  • Gimp
  • InkScape
  • Audacity (install plug-ins, LAME, configure LAME by exporting something from C:\Windows\Media to MP3 format)
  • VLC Player
  • Media Player Classic (place exe in C:\Program Files\MPC, add shortcut to Start menu in Windows Media folder)
  • DVD Codec for WMP 11 ($15 - alternately, play DVDs in VLC or Media Player Classic)
  • Open Office (set to handle all appropriate file types)
• In Firefox:
  • Set home page to http://www.google.com/
  • Hide the AVG and PDF Creator toolbars (if installed)
• Set Firefox and Thunderbird as default browser and email applications:
  • Right-click on Start button and choose Properties
  • In the Start Menu tab, click the Customize button
  • Set in the "Show on Start Menu" section
• Set up desktop and start menu as desired.
• Adjust Quick Launch width
• Create the default profile:
  • Create another administrative user, reboot and, logon as that user.
  • Set Windows Explorer to show hidden files and apply to all directories
  • Copy the configured profile to the default using System Properties Advanced tab, User Profiles Settings.
  • Reboot and logon as the main user
  • Remove the additional administrative user
• Delete any remaining temporary files
• Run the drive clean-up wizard
• Defragment the drive
• Create the base system restore point
  • Turn off System Restore to remove existing restore points
  • Turn on System Restore
  • Create the new initial restore point, giving it an appropriate name
• Image system

Troubleshooting

Windows Updates Fail to Install

Sometimes, Windows updates will fail to install. Here is an article from Microsoft on how to correct that. Summary: Register the Wups2.dll file in Windows:

• Command prompt
• net stop wuauserv
• regsvr32 \system32\wups2.dll
• net start wuauserv
• Reboot

... or, install the current version of Windows Update Agent.