Update registry options

valleyofdoom · Jun 30, 2024 · 730820d · 730820d
1 parent 5fe58ff
commit 730820d
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -775,31 +775,30 @@ The registry settings are merged with the ``apply-registry.ps1`` script. As for
 |``disable automatic windows updates``|Prevents automatic download and installation of Windows updates as the process can be intrusive compared to disabling Windows Update completely. This option is overridden if ``disable windows update`` is set to ``true``. Instead, check for updates manually from time to time<br><br>This option does not affect upgrades which can be controlled using group policies ([instructions](https://www.tenforums.com/tutorials/159624-how-specify-target-feature-update-version-windows-10-a.html)). However, you are limited to preventing upgrades until the specified version reaches end-of-life|``true``|
 |``disable driver installation via windows update``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Prevents outdated, vulnerable and bloated drivers from being installed via Windows Update. It is recommended to manually only install ones that you require along with the latest version directly from the manufacture's website as outlined in section [11.5. Installing Drivers](#115-installing-drivers). This option is overridden if ``disable windows update`` is set to ``true``.|``true``|
 |``disable automatic store app updates``|🔒 A value of ``true`` may negatively impact security and expose the system to vulnerabilities. Users should evaluate the security risks associated with modifying the specified setting<br><br>Prevents automatic download and installation of store application updates compared to disabling app updates completely which is not desirable in terms of reducing CPU overhead. Instead, check for application updates manually from time to time|``true``|
-|``disable user account control``|🔒 A value of ``true`` may negatively impact security. Users should assess the security risk involved with modifying the mentioned setting<br>⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Eliminates [this](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/user-account-control/how-it-works#uac-elevation-prompts) subjectively intrusive UAC elevation prompt. Disabling UAC may negatively impact security as all processes are run with administrator privileges by default ([1](https://www.howtogeek.com/124754/htg-explains-why-you-shouldnt-disable-uac/), [2](https://raptor.solutions/the-risks-of-disabling-uac-in-windows-10/)). If you choose to leave UAC enabled, I would recommend setting it to the highest level (most restrictive) in control panel as the default level can be exploited ([1](https://devblogs.microsoft.com/oldnewthing/20160816-00/?p=94105))|``false``|
-|``disable windows marking file attachments with information about their zone of origin``|🔒 A value of ``true`` may negatively impact security. Users should assess the security risk involved with modifying the mentioned setting<br>⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Prevents [this](https://www.tenforums.com/tutorials/85418-how-disable-downloaded-files-being-blocked-windows.html) intrusive security warning as downloaded files are constantly required to be unblocked however this may negatively impact security as the user will not be notified of blocked files via a security warning prompt ([1](https://www.tenforums.com/tutorials/85418-how-disable-downloaded-files-being-blocked-windows.html))|``true``|
 |``disable windows defender``|🔒 A value of ``true`` may negatively impact security. Users should assess the security risk involved with modifying the mentioned setting<br><br>Prevents CPU overhead and interferes with the CPU operating in C-State 0 ([1](https://www.techpowerup.com/295877/windows-defender-can-significantly-impact-intel-cpu-performance-we-have-the-fix)). Instead, run system scans frequently, use a hardened browser with [uBlock Origin](https://ublockorigin.com), keep UAC enabled and favor free, open source and reputable software. Stay away from proprietary software where you can and ensure to scan files and executables with [VirusTotal](https://www.virustotal.com/gui/home/upload) before opening them|``true``|
+|``disable gamebarpresencewriter``|Prevents CPU overhead as the process runs constantly in the background and is not required for Game Mode or Game Bar to function from my testing|``true``|
+|``disable background apps``|Prevents CPU overhead due to preventing background apps running in the background. Background applications are disabled via policies with this option as the option is not available in the interface on Windows 11|``true``|
+|``disable notifications network usage``|Telemetry and prevents CPU overhead due to polling ([1](https://learn.microsoft.com/en-gb/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#10-live-tiles))|``true``|
+|``disable transparency effects``|Disables transparency effects in settings as it results in reproducibly higher CPU overhead ([1](/assets/images/transparency-effects-benchmark.png)) |``true``|
+|``disable windows marking file attachments with information about their zone of origin``|🔒 A value of ``true`` may negatively impact security. Users should assess the security risk involved with modifying the mentioned setting<br>⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Prevents [this](https://www.tenforums.com/tutorials/85418-how-disable-downloaded-files-being-blocked-windows.html) intrusive security warning as downloaded files are constantly required to be unblocked however this may negatively impact security as the user will not be notified of blocked files via a security warning prompt ([1](https://www.tenforums.com/tutorials/85418-how-disable-downloaded-files-being-blocked-windows.html))|``true``|
 |``disable malicious software removal tool updates``|🔒 A value of ``true`` may negatively impact security. Users should assess the security risk involved with modifying the mentioned setting<br>⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Prevent Windows offering Malicious Software Removal Tool through Windows Update|``true``|
 |``disable sticky keys``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Disables the *Do you want to turn on Sticky Keys?* promt when the hotkey is pressed a certain number of times. This is severely intrusive in applications that utilize the ``Shift`` key for controls such as games|``true``|
 |``disable pointer acceleration``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Ensures one-to-one mouse response for games that do not subscribe to raw input events and on Desktop|``true``|
 |``disable fast startup``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Interferes with shutting down in the sense that the system does not enter S5 which can lead to unexpected issues ([explanation](https://www.youtube.com/watch?v=OBGxt8zhbRk)). See section [6.16. Fast Startup, Standby and Hibernate](#616-fast-startup-standby-and-hibernate) for related information. It is possible to shut down  properly without disabling Fast Startup by holding ``Shift`` while clicking ``Shut down`` in the start menu. However, the downside to this is that you may forget to hold the ``Shift`` key.|``true``|
 |``disable automatic maintenance``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Intrusive|``true``|
 |``disable program compatibility assistant``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Prevent Windows applying changes anonymously after running troubleshooters|``true``|
-|``disable gamebarpresencewriter``|Prevents CPU overhead as the process runs constantly in the background and is not required for Game Mode or Game Bar to function from my testing|``true``|
-|``disable background apps``|Disabled via policies as the option is not available in the interface on Windows 11|``true``|
 |``disable remote assistance``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Security risk|``true``|
 |``disable sign-in and lock last interactive user after a restart``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Security risk ([1](https://www.stigviewer.com/stig/windows_server_2012_2012_r2_member_server/2014-06-30/finding/V-43245))|``true``|
 |``show file extensions``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Security risk ([1](https://www.youtube.com/watch?v=nYdS3FIu3rI))|``true``|
 |``disable widgets``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Security risk ([1](https://www.youtube.com/watch?v=m9d-fXl3Z8k))|``true``|
 |``disable customer experience improvement program``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Telemetry ([1](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj618322(v=ws.11)))|``true``|
 |``disable windows error reporting``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Telemetry|``true``|
 |``disable search the web or display web results in search``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Telemetry|``true``|
-|``disable notifications network usage``|Telemetry and prevents CPU overhead due to polling ([1](https://learn.microsoft.com/en-gb/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#10-live-tiles))|``true``|
 |``disable telemetry``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Telemetry|``true``|
 |``disable retrieval of online tips and help in the immersive control panel``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Telemetry|``true``|
 |``disable typing insights``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Telemetry|``true``|
 |``disable suggestions in the search box and in search home``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Telemetry and intrusive|``true``|
 |``disable computer is out of support message``|⛔ This option is **NOT** strictly included as an inventive to enhance performance and instead, is related to gaining more control over the feature in question<br><br>Disables [this](https://support.microsoft.com/en-us/topic/you-received-a-notification-your-windows-7-pc-is-out-of-support-3278599f-9613-5cc1-e0ee-4f81f623adcf) intrusive message. Not relevant to users with a modern Windows version|``true``|
-|``disable transparency effects``|Disables transparency effects in settings as it results in reproducibly higher CPU overhead ([1](/assets/images/transparency-effects-benchmark.png)) |``true``|
 
 ### 11.4.2. Applying Options
 

diff --git a/bin/apply-registry.ps1 b/bin/apply-registry.ps1
@@ -139,11 +139,6 @@ $entries = @{
         }
     }
     "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"                                                          = @{
-        "EnableLUA"                     = @{
-            "value"    = 0
-            "type"     = "REG_DWORD"
-            "apply_if" = @("disable user account control")
-        }
         "DisableAutomaticRestartSignOn" = @{
             "min_version" = 18362
             "value"       = 1

diff --git a/bin/registry-options.json b/bin/registry-options.json
@@ -4,30 +4,29 @@
     "disable automatic windows updates": true,
     "disable driver installation via windows update": true,
     "disable automatic store app updates": true,
-    "disable user account control": false,
-    "disable windows marking file attachments with information about their zone of origin": true,
     "disable windows defender": true,
+    "disable gamebarpresencewriter": true,
+    "disable background apps": true,
+    "disable notifications network usage": true,
+    "disable transparency effects": true,
+    "disable windows marking file attachments with information about their zone of origin": true,
     "disable malicious software removal tool updates": true,
     "disable sticky keys": true,
     "disable pointer acceleration": true,
     "disable fast startup": true,
     "disable automatic maintenance": true,
     "disable program compatibility assistant": true,
-    "disable gamebarpresencewriter": true,
-    "disable background apps": true,
     "disable remote assistance": true,
     "disable sign-in and lock last interactive user after a restart": true,
     "show file extensions": true,
     "disable widgets": true,
     "disable customer experience improvement program": true,
     "disable windows error reporting": true,
     "disable search the web or display web results in search": true,
-    "disable notifications network usage": true,
     "disable telemetry": true,
     "disable retrieval of online tips and help in the immersive control panel": true,
     "disable typing insights": true,
     "disable suggestions in the search box and in search home": true,
     "disable computer is out of support message": true,
-    "disable transparency effects": true
   }
 }