::.. :: Title: Standard.cmd :: Purpose: Set default Optimized values for Windows 2003 :: Author: Kimmo Jernström / Advance AB :: Mail: kimmo.jernstrom@advance.se :: Version: 0.9.8 :: Comment: The CACLS part will only work for English :: versions of Windows 2003 ::....................................................... @echo off color 1f title Advance Standard setlocal set StandardVersion=0.9.8 :: TCP/IP Max Data Retransmissions. Double up from 5 to 10. See MS KB 170359 REG ADD "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxDataRetransmissions /t REG_DWORD /d 10 /f :: Lanmanserver and Lanmanworkstation tuning. See MS KB 324446 REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v MaxWorkItems /t REG_DWORD /d 8196 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v MaxMpxCt /t REG_DWORD /d 2048 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v MaxRawWorkItems /t REG_DWORD /d 512 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v MaxFreeConnections /t REG_DWORD /d 100 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v MinFreeConnections /t REG_DWORD /d 32 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters" /v MaxCmds /t REG_DWORD /d 2048 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager" /v RegistryLazyFlushInterval /t REG_DWORD /d 60 /f :: Disable Mapped Network drive Autodisconnect. See MS KB 297684 REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v autodisconnect /t REG_DWORD /d 4294967295 /f :: System Hard Error Messages. Report errors to system log only REG ADD "HKLM\System\CurrentControlSet\Control\Windows" /v ErrorMode /t REG_DWORD /d 2 /f :: Remove Dr.Watson, If two at same time machine will crash REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug" /v Debugger /t REG_SZ /d "" /f :: Printer Settings REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers" /v EventLog /t REG_DWORD /d 0 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers" /v NetPopup /t REG_DWORD /d 0 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers" /v NetPopupToComputer /t REG_DWORD /d 0 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers" /v RetryPopup /t REG_DWORD /d 0 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Print" /v BeepEnabled /t REG_DWORD /d 0 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v ErrorControl /t REG_DWORD /d 0 /f :: Disable NTFS Last Access Update, Faster fileaccess REG ADD "HKLM\System\CurrentControlSet\Control\FileSystem" /v NtfsDisableLastAccessUpdate /t REG_DWORD /d 1 /f :: Do not page NT Executive, Do not SWAP Kernel memory to pagefile (disk) REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v DisablePagingExecutive /t REG_DWORD /d 1 /f :: Do not create Outlook Express or Address Book icon for new users REG ADD "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}" /v StubPath /t REG_SZ /d "" /f REG ADD "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}" /v StubPath /t REG_SZ /d "" /f :: RDP-Tcp Properties REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fDisableCpm /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fDisableLPT /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fDisableCcm /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fDisableCam /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fDisableCdm /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fSingleSessionPerUser /t REG_DWORD /d 0 /f :: Disable File Association Web-Service when server not knows the filetype REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v NoInternetOpenWith /t REG_DWORD /d 1 /f :: Remove Briefcase and Bitmap image from New Menu REG DELETE "HKLM\SOFTWARE\Classes\.bfc\ShellNew" /f REG DELETE "HKLM\SOFTWARE\Classes\.bmp\ShellNew" /f :: Disable Error Reporting REG ADD "HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting" /v AllOrNone /t REG_DWORD /d 1 /f REG ADD "HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting" /v DoReport /t REG_DWORD /d 0 /f REG ADD "HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting" /v ShowUI /t REG_DWORD /d 0 /f :: Set Page File size to 4 gigs WMIC PageFileSet SET InitialSize=4092, MaximumSize=4092 :: Set Default Permissions on C: ECHO y| CACLS C:\ /G "Administrators":F "SYSTEM":F "Authenticated Users":R ECHO y| CACLS "%ProgramFiles%" /E /R "CREATOR OWNER" :: Disable DEP (Data execution prevention) BOOTCFG /raw "/noexecute=AlwaysOff /PAE /fastdetect" /id 1 :: Create Default Directories IF NOT EXIST C:\System mkdir C:\System IF NOT EXIST C:\SYstem\Download mkdir C:\System\Download IF NOT EXIST C:\System\Tools mkdir C:\System\Tools IF NOT EXIST C:\System\Temp mkdir C:\System\Temp :: Delete unattend.txt del c:\unattend.txt del c:\windows\system32\$winnt$.inf :: Finally create an event in the Event Log EVENTCREATE /T INFORMATION /L SYSTEM /ID 999 /SO Advance /D "Standard.cmd Version %StandardVersion% script implemented on %computername%" endlocal pause