Thanks to crazy-max:
https://github.com/crazy-max/WindowsSpyBlocker

Windows Update & Windows Telemetry IP address lists //

Reroute Windows Updates via VPN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-list=windows_update new-connection-mark=\
c_windows_update passthrough=yes
add action=mark-packet chain=prerouting connection-mark=c_windows_update \
new-packet-mark=p_windows_update passthrough=yes
add action=mark-routing chain=prerouting new-routing-mark=VPN packet-mark=p_windows_update passthrough=no

 /ip route

add distance=1 gateway=<your-vpn-gateway> routing-mark=VPN

Microsoft announced yesterday that Windows 11 will require TPM (Trusted Platform Module) chips on existing and new devices. It’s a significant hardware change that has been years in the making, but Microsoft’s messy way of communicating this has left many confused about whether their hardware is compatible. What is a TPM, and why do you need one for Windows 11 anyway?

“The Trusted Platform Modules (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU,” explains David Weston, director of enterprise and OS security at Microsoft. “Its purpose is to protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.”

7+ Taskbar Tweaker allows you to configure various aspects of the Windows taskbar.

Most of the configuration options it provides can’t be tweaked using the taskbar properties or the registry.

The tweaker is designed for Windows 7, Windows 8, Windows 8.1, and Windows 10.

Download
7tt_setup.exe (1.75 MB, changelog)
Latest version: v5.11.3
Note: The installer can be used to extract a portable version. Refer to the FAQ below for details.

Make win10 taskbar buttons Never combine, hide labels Normally, this option isn't available //

These registry values are later read and translated into a hide bit and combine bit by explorer.exe. The function responsible for that translation looks like ... //

Now, we'd like to "Never combine, hide labels", one way to achieve this is to modify the bits set by one of the existing options, which is what I've done. Changing the instruction

explorer.exe+575ED - BB 01000000           - mov ebx,00000001

to

explorer.exe+575ED - BB 02000000           - mov ebx,00000002

This replaces the option Combine when taskbar is full with the behavior we want.

Set taskbar options

1. Open Taskbar properties.
2. In the "Taskbar Appearance" group, change the "Taskbar Button" option to "Never combine" if you don't want stacking.

Adding/editing the registry entry

1. Press Windows Key + R to open the run command
2. Type int "regedit" (without quotes) and press OK
3. Go to HKEY_CURRENT_USER -> Control Panel -> Desktop -> WindowMetrics
4. Find the "MinWidth" entry.
5. If it is not there, right click on an empty space and select New -> String Value. Name this entry "MinWidth" (without quotes)
6. Double click on the MinWidth entry. If you want just the buttons to show, set this to 38 if you're using small buttons, 52 if you're using large buttons (or 54 in Windows 8). Otherwise any value above 38 will work. If you set a value below 38, the buttons will behave oddly. If your main display (on Windows 8.1 or later) has non-standard DPI (e.g. it's Retina or 4k display) you might need to multiply these numbers by the factor of 1.25, 1.5 or 2. Otherwise buttons will shrink / animate incorrectly.
7. Log off and log back in or restart to see the changes.

Deleting/Uninstalling

1. Press Windows Key + R to open the run command
2. Type int "regedit" (without quotes) and press OK
3. Go to HKEY_CURRENT_USER -> Control Panel -> Desktop -> WindowMetrics
4. Find the "MinWidth" entry and delete it.
5. Log off and log back in or restart to see the changes.

Even taking into account the physical separation of second-factors I mentioned earlier, and the reliance on your smartphone, it’s still a win-win for most people, most of the time. That’s becuase most people don’t have unique, long, complex, random passwords for every account and use a password manager to, well, manage them. That said, if you do, then there’s no real rush to dump your password access route to be honest.

ping 198.168.57.98 && echo Success || echo failed

Very neat method, I've seen a lot of batch but have never seen that. However, I'd modify it to be more like

ping 198.168.57.98 -n 1 > nul 2>&1 && echo Success || echo failed

@echo off
:start
ping %1 -n 1 > nul 2>&1 && echo ok || beep
goto start

Kudos –
jacktrader

Are you looking to convert bootable USB to an ISO Image file in Windows 10?

If yes then this post is definitely for you.

In the previous post, I have already talked about how to create bootable ISO from windows files.

And which is similar to this post only.

The idea of this post came to my mind when I was writing one of my posts on how to create a bootable USB from an ISO file.

At that time I thought is it possible to create an ISO file from bootable USB that I have created.

So then I started searching on the internet and I found my answer.

And the answer is Yes.

So in this post, I will show you how to create an ISO file from a bootable USB drive & easily create a backup of it.

YAHB - Yet Another Hardlink-based Backup-tool

YAHB is a deduplicating file copy tool, intended for backup use. Deduplication works on the file-level with NTFS hardlinks.

With Windows 10, the device limits have been reduced to 10:

https://www.thurrott.com/windows/windows-10/4959/ask-paul-what-are-the-windows-10-device-limits

But Digital Licensing is not attached to the Microsoft Account, it is attached to the hardware with the qualifying operating system.

When you upgraded from a previous version of Windows or receive a new computer preinstalled with Windows 10, what happened is the hardware (your PC) will get a digital entitlement, where a unique signature of the computer will be stored on Microsoft Activation Servers. The Windows 7 or Windows 8 genuine license you were previously running will be exchanged for a diagnostics key.

Anytime you need to reinstall Windows 10 on that machine, just proceed to reinstall Windows 10. It will automatically reactivate.

So, there is no need to know or get a product key, if you need to reinstall Windows 10, you can use your Windows 7 or Windows 8 product key or use the reset function in Windows 10.

If you are prompted to enter a product key, click 'I don't have a key' and 'Do this later'

So as long as those systems are activated with Windows 10, Microsoft Account or not, it earns a digital license.

http://www.groovypost.com/how-to-use-digital-license-to-manage-and-activate-windows-10-anniversary-update-licenses/

More information:

For anyone else, including those with local or domain accounts, this step is optional. In any case, it applies only to those who have a Windows 10 digital license. That group consists primarily of those who took advantage of the year-long free upgrade offer that ends on July 29, 2016.

This new feature doesn't change the fundamental way that Microsoft's activation servers work. The process of activating Windows relies on a unique installation ID, which is based on a hash of information taken from the hardware on which Windows is installed. That hash is reportedly not reversible and is not tied to any other Microsoft services. It identifies a specific device, not a person.

Source: http://www.zdnet.com/article/microsoft-tweaks-activation-rules-for-the-windows-10-anniversary-update/

Create a virtual machine and install its operating system.

We've been building new tools for creating virtual machines so the instructions have changed significantly over the past three releases.

Pick your operating system for the right set of instructions:

• Windows 10 Fall Creators Update (v1709) and later
• Windows 10 Creators Update (v1703)
• Windows 10 Anniversary Update (v1607) and earlier

Windows 11 is on the way, and it’s going to bring with it a new look, new colors, and new features when it becomes available later in the year. But not everything that’s currently in Windows 10 is going to survive the upgrade.

Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser, but you must install and activate it first. //

Activation for TPM 2.0 and HVCI were explained before, but now we will look at the activation procedures for Microsoft Defender Application Guard in Windows 10. MDAG uses virtualization-based technology to help safeguard your systems from malicious and criminal websites that you visit with your enabled web browsers like Edge, Chrome and Firefox. //

MDAG is included with Windows 10 Professional, Enterprise and Educational versions by default. MDAG is part of Windows Features for those versions, so we will have to call up the Control Panel. //

The easiest way to get to the screen we need is to type "windows features" into the search box on your Windows 10 desktop. Be sure to select the Turn Windows Features On or Off item from the search results. //

Scroll down the list of features until you see Microsoft Defender Application Guard. Place a check in the checkbox for that item and click the OK button. The MDAG application will install and then ask you to reboot to activate. //

Now that MDAG is installed and activated, it is time to check its settings. Click or tap the Start Menu button and select Settings (gear icon). On the Settings page, select Update & Security and then select the Windows Security item from the left-hand navigation bar, //

From the right windowpane, click the App & Browser Control //

The security settings under MDAG are stricter than many of us are used to, so you may find yourself wanting to make some tweaks. Click the Change Application Guard settings link on this page to see a list of security features that you may want to turn on or off depending on your activity.

dolsh
David Murphy
1/06/21 10:08pm

all of my personal data sits within my main C:\Users folder

Rookie mistake. If you’re seriously going to re-install Windows regularly, or as I’d prefer it, if you’re going to use Windows 10 regularly, do not use your boot drive as User storage. Most purchased PC’s support this now (though not all laptops). I have another disagreement with the article, but I’ll get to that at the end.

Your boot drive should be windows and applications only. A separate physical disk is your User folder, Documents, Media, Games, etc.

This makes backup really easy... //

With the above, it only takes about a half hour to reinstall, configure, and kick off restoring applications and games. I used to do this quite often. Now, it’s really only when I have a significant enough hardware upgrade to warrant it.

So my main disagreement is that you need to reinstall Windows 10 at all. There was a time when applications embedded themselves in system startup, and even a technical Windows user would find their Windows installation slowing down over time. This just doesn’t happen with Windows 10. My current installation dates back to the Windows 7 to Windows 10 upgrade. The IT departments of my last two companies have experienced the same thing across thousands of desktops. The tools built into Windows 10 allow for managing application installs and determining what’s running much better than several years ago. I’ve found that when applications slow Windows down, I can remove them and preformance returns. That wasn’t always possible. There was a time when you needed to know what sysinternals and hijack-this were to keep it all running well.

Fast startup (aka: hiberboot, hybrid boot, or hybrid shutdown) is turned on by default in Windows and is a setting that helps your PC start up faster after shutdown. Even faster than hibernate. Windows does this by saving an image of the Windows kernel and loaded drivers to the hiberfile (C:\hiberfil.sys) upon shutdown so when you start your PC again, Windows simply loads the hiberfile (C:\hiberfil.sys) into memory to resume your PC instead of restarting it.

If you disable hibernate, then it will also disable fast startup.

You must be signed in as an administrator to turn fast startup on or off.

This tutorial will show you how to turn fast startup on or off for all users in Windows 10.

Tip #1: Have a Plan
Let us start easy: Have a plan. If you have not suffered a ransomware attack, congrats! You now have time on your side – hopefully. Use that to get a plan in place, even if you do not have a security team. Start with this simple question: If you got hit by an attack right now, how would you respond? //

Tip #2: Work Together: Ransomware is More than Security.
Ransomware is no longer just a “security problem.” A ransomware attack impacts users, legal, HR, finance and many others, including of course the security team. You cannot successfully defend against an attack if the organization is siloed within itself. //

Tip #3: Audit, and Limit, Highly-Privileged Accounts in Active Directory
One of the first objectives for attackers in a victim environment is to find and gain elevated credentials. These credentials are often necessary to achieve their objectives – they need privileges to find additional systems, move laterally around the environment, execute certain commands, establish persistence, etc. Far too often in our investigations we uncover environments with simply too many highly privileged accounts – and attackers are betting on this. //

Tip #5: Implement and Simulate. Wash, Rinse and Repeat.
Once you have account protections in place, utilize open-source tooling or a security vendor to test your environment. No need to ransom yourself – instead, focus on earlier stages of an attack such as credential theft or lateral movement. What did you detect, what were you able to achieve? Frequent testing will not only give you more insight into your environment, but it will also show you where you have detection gaps and coverage.

We cannot simply plug in tools and expect to be defended with the “push of a button.” Proper information security requires knowledge of the environment and frequent testing and tuning. If you have not suffered an attack, good. Do not wait for the “if” – instead, minimize the “when.”

if your computer does not meet the hardware requirements, you will see a message stating, "This PC can't run Windows 11."
Windows 11 setup blocked due to missing hardware requirements
Windows 11 setup blocked due to missing hardware requirements
When you see the above message, press Shift+F10 on your keyboard at the same time to launch a command prompt. At this command prompt, type regedit and press enter to launch the Windows Registry Editor.
Opening command prompt in Windows Setup
Opening command prompt in Windows Setup
When the Registry Editor opens, navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup, right-click on the Setup key and select New > Key.

When prompted to name the key, enter LabConfig and press enter.

Now right-click on the LabConfig key and select New > DWORD (32-bit) value and create a value named BypassTPMCheck, and set its data to 1. Now create the BypassRAMCheck and BypassSecureBootCheck values and set their data to 1 as well,

Once you configure those three values under the LabConfig key, close the Registry Editor, and then type exit in the Command Prompt followed by enter to close the window.
You will now be back at the message stating that the PC can't run Windows 11. Click on the back button in the Windows Setup dialog, as shown below.

You will now be back at the screen prompting you to select the version of Windows 11 you wish to install. You can now continue with the setup, and the hardware requirements will be bypassed, allowing you to install Windows 11.