How do you setup your device?

TheMystic

Well-known member
Member
Local time
11:37 AM
Posts
205
This post is to get ideas from users on how they setup their device, so it can serve as a guide to to everyone going forward.

On system installation and setup, please include the following broad categories, in addition to others that you may use:

1. File Security
2. File Backup & Sync
3. System Security
4. System Backup
5. Data Privacy
6. File Sharing
7. Windows Settings configurations
8. Customizations you do to your device

.
 
Windows Build/Version
Windows 11 21H2 Build 22000.282
Last edited:

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    250 GB Samsung Evo 860 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

TheMystic

Well-known member
Member
Thread Starter
Local time
11:37 AM
Posts
205
I'll post a summary of all unique and interesting ideas received here.
 
Last edited:

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    250 GB Samsung Evo 860 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

TheMystic

Well-known member
Member
Thread Starter
Local time
11:37 AM
Posts
205
Here's how I setup my device (WIP):

FILE SECURITY

01. The 1st thing I do when setting up a new system is to create a new partition on the internal disk, where I allocate anywhere from 60 GB to 120 GB (depending on the size of the internal disk) for exclusive use of the OS and programs. I don't store any user file in this partition. This has immense benefits and zero disadvantage:

i. In case of a system problem (software errors, malware, etc.), I can easily wipe (or format) the system partition and do a clean install of the OS (or restore a clean image from backup) without worrying about my files.

ii. System backups are very fast as the file size is much smaller.

02. Important files (especially documents and camera roll) are ALWAYS on the cloud. This not only keeps them safe but also accessible from all of my devices.


FILE BACKUP

03. The most important files are already backed up to the cloud. Yet I do a local backup to my external disk every once in a while, though not on any schedule.


SYSTEM SECURITY

04. Currently, I use only Windows Defender and Windows Firewall. They are adequate for my requirements. I have set Windows Firewall to BLOCK all connections by default. Windows Defender provides real time security, and is adequate for how I use my system.

05. I ALWAYS download apps from the developer website. I make sure that the web address is a secure one (https) and the domain belongs to the developer. For example, Firefox will only be downloaded from mozilla.org.

06. Every app I download is first uploaded to VirusTotal for malware analysis, regardless of where I download it from. I won't install it even if one antivirus engine flags it, with very rare exceptions. What I look for in the scan results is which antivirus engine is flagging the app. If the app itself is highly reputed, downloaded from developer website, and the scanning engine is less known, I may consider it as a false positive. For example, the Firefox installer was recently flagged by a less known antivirus scanner called Cylance. Just 1 out of about 65 scanners flagged it as malware. I considered it a false positive. But if 2 or more antivirus engines flag a file, I definitely won't install it. I won't consider them a false positive. They may both (all) be wrong, but I won't risk it.

Among the more than 60 antivirus scanners used on VirusTotal, I specifically look for the scan result of Kaspersky, BitDefender, Norton (Symantec) and Malwarebytes. I also loot at Sophos and Dr.Web. Ifany of these engines flag an app, I won't install it, regardless of where the app was downloaded from. Remember, even if an app is downloaded from the original site, it can still get infected via 'man-in-the-middle' attacks.

07. I don't usually install unknown or less known programs. But when I do, I run them in Windows Isolated Environment or an isolated environment using Sandboxie Plus. This allows the program to run in a secure isolated environment and prevents it from making any changes to the system, including registry.


SYSTEM BACKUP

07. I use the built-in System Image feature to backup my system once in a while, and there is no fixed schedule. More recently, I am making a system image using the Sysprep route. The advantage of this method is that the image strips out device specific information so that it can be installed on any device. This is an advantage over the built-in System Image utility which creates an image that can only be restored to the system on which it was prepared.

08. I backup all the drivers currently installed on the system. This is especially useful when OEM drivers are not available, or when an update breaks a driver.

09. I create a Recovery Disk that includes system files.


DATA PRIVACY

10. More than security, it is data privacy that I think is more at threat. Just about everyone is collecting data these days, and mostly stealthily. And internet is the primary mode of collecting data. So I block internet access to all programs, unless they need it for core functionality.


FILE SHARING

11. I create a new user on the device that has read/ write access to folders I want to share. This user isn't for logging in on the device itself, instead its sole purpose is to have user credentials that will be used on other devices on the network to connect to shared files and folders on the PC. The advantage here is that I can avoid giving away my Microsoft account credentials on 3rd party apps that I use on other devices to access shared folders on my PC.

12. I am trying to setup SFTP server on my system so I can use SFTP instead of the less secure SMB to access shares.


WINDOWS SETTINGS CONFIGURATIONS

13. I disable Cortana because I don't use it.

14. I disable location, camera, microphone, etc. for most apps. I don't understand why Microsoft Store, Feedback, etc. need access to my camera and microphone.


CUSTOMIZATIONS
 
Last edited:

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    250 GB Samsung Evo 860 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

badrobot

Well-known member
MVP
Power User
VIP
Local time
1:07 AM
Posts
498
Location
Toronto, CANADA
1. File Security - Separate data drive from OS drive. When your OS crash, your data is intact (or you can continue working from another PC and access your data drive)
2. File Backup & Sync - same as 1
3. System Security - Windows Defender and VPN
4. System Backup - Macrium Reflect Image backup
5. Data Privacy - VPN, Incognito mode on Web Browser
6. File Sharing - personal cloud (NAS)
7. Windows Settings configurations - this is personal preference (YMMV)
8. Customizations you do to your device - same as 7
 

My Computers

System One System Two

  • Operating System
    Windows 10/11 Pro
    Computer type
    PC/Desktop
    CPU
    i7-4790K
    Motherboard
    ASRock Xtreme6 Z97
    Memory
    16GB Corsair Vengeance Pro
    Graphics Card(s)
    MSI R9 290
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Samsung M.2
    PSU
    Thermaltake 475 Watts 80 Bronze
    Case
    Thermaltake Commander I Snow Edition
    Cooling
    Deep Cool Archer Air Cooler
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    "Moderna"
  • Operating System
    Windows 10 Pro
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 9 3900X
    Motherboard
    MSI MPG Gaming Edge Wifi (X570)
    Memory
    32GB Adata XPG DDR4
    Graphics card(s)
    ASUS GTX 1070 8GB ROG Strix
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Main Boot Drive : 512GB Adata XPG RGB Gen3x4 NVMe M.2 SSD
    PSU
    EVGA 600 Watts Gold
    Case
    Deepcool Genome II
    Cooling
    Deepcool Fryzen
    Mouse
    Logitech G402
    Keyboard
    Armageddon MKA-5R RGB-Hornet
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    Moderna :)

Timaximus

Member
Member
Local time
7:07 AM
Posts
32
1. File Security - Synology Drive Client, Copy to separate HD.
2. File Backup & Sync - Synology Drive Client, Copy to separate HD.
3. System Security - Windows Firewall, F-Secure.
4. System Backup - Macrium Reflect Image Backup.
5. Data Privacy - Think before acting.
6. File Sharing - Via private NAS.
7. Windows Settings configurations - Only set display scaling to 125%.
8. Customizations you do to your device - Only desktop backgrounds.

Regards,

Tim van S.
 

My Computer

System One

  • Operating System
    Windows 11 Pro - RP - Build 22000.346
    Computer type
    Laptop
    Manufacturer/Model
    OMEN by HP Laptop 17-an0xx
    CPU
    Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
    Memory
    16GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1070
    Monitor(s) Displays
    OMEN by HP 32
    Screen Resolution
    1920x1080 + 2560x1440
    Hard Drives
    512GB SSD + 1TB HDD + 4TB Synology 218+ NAS
    Keyboard
    OMEN by HP 1100
    Mouse
    OMEN Vector Wireless
    Internet Speed
    600/40 Mbit Cable
    Browser
    Edge (What Else)
    Antivirus
    Windows Defender + F-Secure + MalwareBytes free
    Other Info
    Razer Nari Essential wireless headphone + BOSE Mini Soundlink

TairikuOkami

Well-known member
Member
VIP
Local time
7:07 AM
Posts
203
Location
Trnava, SK
FILE SECURITY

01. The 1st thing I do when setting up a new system is to create a new partition on the internal disk, where I allocate anywhere from 60 GB to 120 GB (depending on the size of the internal disk) for exclusive use of the OS and programs. I don't store any user file in this partition. This has immense benefits and zero disadvantage:

i. In case of a system problem (software errors, malware, etc.), I can easily wipe (or format) the system partition and do a clean install of the OS without worrying about my files.

ii. System backups are very fast as the file size is much smaller.

02. Important files (especially documents and camera roll) are ALWAYS on the cloud. This not only keeps them safe but also accessible from all of my devices.
I agree with all your points, unfortunately 11 requires 65GB, so I have it set to 66666MB, even though it uses only 12GB.
On top of it, only my account is allowed to modify, users are allowed to read and SYSTEM (used by ransomware) is denied.
But I have allowed SYSTEM for Steam and for backups, otherwise Windows would not be able to read/restore them if needed.

capture_11142021_115458.jpg

FILE BACKUP
I use OneDrive and IceDrive, but they are not running nonstop to avoid any "accidents". A waterproof USB for docs.
SYSTEM SECURITY
Using Malwarebytes Windows Firewall Control. All blocked by default, svchost allowed only to known IP ranges.
Software is limited to port 443 only to prevent MITM, except silly Windows. DNS also limited to it's DNS IPs.
No realtime AV running, I have disabled IPv6 and WSH, removed PowerShell and setup some restrictions.

capture_11142021_121811.jpg

SYSTEM BACKUP
I use AOMEI Backupper after windows update + cleanup, so roughly twice a month.
DATA PRIVACY
NextDNS to block malware/trackers along with adguard used only to block trackers and cookie notices.
CookieAutoDelete to remove caches/cookies and I turn off PC with my tweaks to cleanup/to reset settings.

WINDOWS SETTINGS CONFIGURATIONS
I disable/uninstall basically everything, like Cortana, Widgets, YourPhone, etc. Edge is quickly setup via flags/policies.

10-10.jpg
CUSTOMIZATIONS
Process Hacker Nightly running nonstop and ponified Windows.

P.S. I have moved Desktop to ramdisk along with Temp, browser's a discord's caches and I use it as downloads folder, so in case of an emergency, I simply hit reset and all is gone without a trace, whether it is malware or privacy related. I also clean desktop using this.
Code:
rem takeown /s %computername% /u %username% /f "%SystemDrive%\Users\Public\Desktop" /r /d y
rem icacls "%SystemDrive%\Users\Public\Desktop" /inheritance:r
rem icacls "%SystemDrive%\Users\Public\Desktop" /inheritance:e /grant:r %username%:(OI)(CI)F /t /l /q /c
rem takeown /s %computername% /u %username% /f "%USERPROFILE%\Desktop" /r /d y
rem icacls "%USERPROFILE%\Desktop" /inheritance:r
rem icacls "%USERPROFILE%\Desktop" /inheritance:e /grant:r %username%:(OI)(CI)F /t /l /q /c
rem takeown /s %computername% /u %username% /f "Z:\Desktop" /r /d y
rem icacls "Z:\Desktop" /inheritance:r
rem icacls "Z:\Desktop" /inheritance:e /grant:r %username%:(OI)(CI)F /t /l /q /c

del "%SystemDrive%\Users\Public\Desktop\*" /s /f /q
del "%USERPROFILE%\Desktop\*" /s /f /q
rd "Z:\Desktop" /s /q
md "Z:\Desktop"
 

My Computer

System One

  • Operating System
    Windows 11 Home
    CPU
    AMD Ryzen 5 3600 (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1H6 (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz + FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB + 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm
    Keyboard
    HP Pavilion Wireless Keyboard 600 (05/21)
    Mouse
    HP Wireless Silent 280M Mouse (05/21)
    Internet Speed
    300/30 Mbps via RouterOS (05/21) + TCP Optimizer
    Browser
    Microsoft Edge
    Antivirus
    None
    Other Info
    Headphones: Sennheiser RS170 (09/10) + Software: https://tinyurl.com/7hkjyhsj
Top Bottom