How do you setup your device?

This post is to get ideas from users on how they setup their device, so it can serve as a guide to to everyone going forward.

On system installation and setup, please include the following broad categories, in addition to others that you may use:

1. File Security
2. File Backup & Sync
3. System Security
4. System Backup
5. Data Privacy
6. File Sharing
7. Windows Settings configurations
8. Customizations you do to your device

.

I'll post a summary of all unique and interesting ideas received here.

Here's how I setup my device (WIP):

FILE SECURITY

01. The 1st thing I do when setting up a new system is to create a new partition on the internal disk, where I allocate anywhere from 60 GB to 120 GB (depending on the size of the internal disk) for exclusive use of the OS and programs. I don't store any user file in this partition. This has immense benefits and zero disadvantage:

i. In case of a system problem (software errors, malware, etc.), I can easily wipe (or format) the system partition and do a clean install of the OS (or restore a clean image from backup) without worrying about my files.

ii. System backups are very fast as the file size is much smaller.

02. Important files (especially documents and camera roll) are ALWAYS on the cloud. This not only keeps them safe but also accessible from all of my devices.


FILE BACKUP

03. The most important files are already backed up to the cloud. Yet I do a local backup to my external disk every once in a while, though not on any schedule.


SYSTEM SECURITY

04. Currently, I use only Windows Defender and Windows Firewall. They are adequate for my requirements. I have set Windows Firewall to BLOCK all connections by default. Windows Defender provides real time security, and is adequate for how I use my system.

05. I ALWAYS download apps from the developer website. I make sure that the web address is a secure one (https) and the domain belongs to the developer. For example, Firefox will only be downloaded from mozilla.org.

06. Every app I download is first uploaded to VirusTotal for malware analysis, regardless of where I download it from. I won't install it even if one antivirus engine flags it, with very rare exceptions. What I look for in the scan results is which antivirus engine is flagging the app. If the app itself is highly reputed, downloaded from developer website, and the scanning engine is less known, I may consider it as a false positive. For example, the Firefox installer was recently flagged by a less known antivirus scanner called Cylance. Just 1 out of about 65 scanners flagged it as malware. I considered it a false positive. But if 2 or more antivirus engines flag a file, I definitely won't install it. I won't consider them a false positive. They may both (all) be wrong, but I won't risk it.

Among the more than 60 antivirus scanners used on VirusTotal, I specifically look for the scan result of Kaspersky, BitDefender, Norton (Symantec) and Malwarebytes. I also loot at Sophos and Dr.Web. Ifany of these engines flag an app, I won't install it, regardless of where the app was downloaded from. Remember, even if an app is downloaded from the original site, it can still get infected via 'man-in-the-middle' attacks.

07. I don't usually install unknown or less known programs. But when I do, I run them in Windows Isolated Environment or an isolated environment using Sandboxie Plus. This allows the program to run in a secure isolated environment and prevents it from making any changes to the system, including registry.


SYSTEM BACKUP

07. I use the built-in System Image feature to backup my system once in a while, and there is no fixed schedule. More recently, I am making a system image using the Sysprep route. The advantage of this method is that the image strips out device specific information so that it can be installed on any device. This is an advantage over the built-in System Image utility which creates an image that can only be restored to the system on which it was prepared.

08. I backup all the drivers currently installed on the system. This is especially useful when OEM drivers are not available, or when an update breaks a driver.

09. I create a Recovery Disk that includes system files.


DATA PRIVACY

10. More than security, it is data privacy that I think is more at threat. Just about everyone is collecting data these days, and mostly stealthily. And internet is the primary mode of collecting data. So I block internet access to all programs, unless they need it for core functionality.


FILE SHARING

11. I create a new user on the device that has read/ write access to folders I want to share. This user isn't for logging in on the device itself, instead its sole purpose is to have user credentials that will be used on other devices on the network to connect to shared files and folders on the PC. The advantage here is that I can avoid giving away my Microsoft account credentials on 3rd party apps that I use on other devices to access shared folders on my PC.

12. I am trying to setup SFTP server on my system so I can use SFTP instead of the less secure SMB to access shares.


WINDOWS SETTINGS CONFIGURATIONS

13. I disable Cortana because I don't use it.

14. I disable location, camera, microphone, etc. for most apps. I don't understand why Microsoft Store, Feedback, etc. need access to my camera and microphone.


CUSTOMIZATIONS

1. File Security - Separate data drive from OS drive. When your OS crash, your data is intact (or you can continue working from another PC and access your data drive)
2. File Backup & Sync - same as 1
3. System Security - Windows Defender and VPN
4. System Backup - Macrium Reflect Image backup
5. Data Privacy - VPN, Incognito mode on Web Browser
6. File Sharing - personal cloud (NAS)
7. Windows Settings configurations - this is personal preference (YMMV)
8. Customizations you do to your device - same as 7

1. File Security - Synology Drive Client, Copy to separate HD.
2. File Backup & Sync - Synology Drive Client, Copy to separate HD.
3. System Security - Windows Firewall, F-Secure.
4. System Backup - Macrium Reflect Image Backup.
5. Data Privacy - Think before acting.
6. File Sharing - Via private NAS.
7. Windows Settings configurations - Only set display scaling to 125%.
8. Customizations you do to your device - Only desktop backgrounds.

Regards,

Tim van S.

TheMystic said:

FILE SECURITY

01. The 1st thing I do when setting up a new system is to create a new partition on the internal disk, where I allocate anywhere from 60 GB to 120 GB (depending on the size of the internal disk) for exclusive use of the OS and programs. I don't store any user file in this partition. This has immense benefits and zero disadvantage:

i. In case of a system problem (software errors, malware, etc.), I can easily wipe (or format) the system partition and do a clean install of the OS without worrying about my files.

ii. System backups are very fast as the file size is much smaller.

02. Important files (especially documents and camera roll) are ALWAYS on the cloud. This not only keeps them safe but also accessible from all of my devices.

Click to expand...

I agree with all your points, unfortunately 11 requires 65GB, so I have it set to 66666MB, even though it uses only 12GB.
On top of it, only my account is allowed to modify, users are allowed to read and SYSTEM (used by ransomware) is denied.
But I have allowed SYSTEM for Steam and for backups, otherwise Windows would not be able to read/restore them if needed.

TheMystic said:

FILE BACKUP

Click to expand...

I use OneDrive and IceDrive, but they are not running nonstop to avoid any "accidents". A waterproof USB for docs.

TheMystic said:

SYSTEM SECURITY

Click to expand...

Using Malwarebytes Windows Firewall Control. All blocked by default, svchost allowed only to known IP ranges.
Software is limited to port 443 only to prevent MITM, except silly Windows. DNS also limited to it's DNS IPs.
No realtime AV running, I have disabled IPv6 and WSH, removed PowerShell and setup some restrictions.

TheMystic said:

SYSTEM BACKUP

Click to expand...

I use AOMEI Backupper after windows update + cleanup, so roughly twice a month.

TheMystic said:

DATA PRIVACY

Click to expand...

NextDNS to block malware/trackers along with adguard used only to block trackers and cookie notices.
CookieAutoDelete to remove caches/cookies and I turn off PC with my tweaks to cleanup/to reset settings.

TheMystic said:

WINDOWS SETTINGS CONFIGURATIONS

Click to expand...

I disable/uninstall basically everything, like Cortana, Widgets, YourPhone, etc. Edge is quickly setup via flags/policies.

TheMystic said:

CUSTOMIZATIONS

Click to expand...

Process Hacker Nightly running nonstop and ponified Windows.

P.S. I have moved Desktop to ramdisk along with Temp, browser's a discord's caches and I use it as downloads folder, so in case of an emergency, I simply hit reset and all is gone without a trace, whether it is malware or privacy related. I also clean desktop using this.

1. File Security--Not much. Everything on one drive.
2. File Backup--Only stuff I would have trouble getting back and it's stored on One Drive which is only on demand
3. System Security--Just Defender, Windows firewall and on demand Malwarebytes.
4. System Backup--System backups using AOMEI Backupper standard edition. No particular schedule. System Restore disabled.
5. Data Privacy--Don't worry too much about it but AdGuard extension is on Edge browser.
6. File Sharing--None really
7. Windows Settings--Pretty much defaults but most telemetry is disabled.
8. Customization--All features and apps I don't use either disabled or uninstalled. It's a lot.

1. File Security - OS on one SSD, Data on another
2. File Backup & Sync - Manual Back up monthly and Macrium Image regularly. Good apps and programs kept on data pen for reinstallation
3. System Security - Norton Security
4. System Backup - Macrium Reflect Image backup and Manual
5. Data Privacy - Just Privacy Badger, Adblocker Ultimate and Safe web on Browser
6. File Sharing - Just between PC's via Network Sharing Centre
7. Windows Settings configurations - Standard, just made scaling 125%
8. Customizations you do to your device - ExplorerPatcher, OpenShell and Win 10 Context Menu and all the Icons changed

I set up my device by putting it on cement blocks, and connecting the major components. hehehe Even though I don't live in a flood-prone area, I take no chances. I do live in Tornado Alley, and mother nature does what she wants to around here. Couple years ago, we had major flooding, and even though my apartment didn't have any major flooding, the levees west of me held. 500 year flood causes major damage. . . .. I don't take any chances, yes I do live UP hill from the local levee, but anything can happen. . .. . . .

Update to 2. I now use Aomei Backupper for file/folder backups and Macrium Reflect for Images ( Stored on separate external drives )

1. File Security - Shadow Defender
2. File Backup & Sync - Macrium Reflect with Image Guardian enabled
3. System Security - Shadow Defender plus Comodo Internet Security (overkill)
4. System Backup - Macrium Reflect Image Backup
5. Data Privacy - VPN, Comodo Internet Security
6. File Sharing - Sole user, no need
7. Windows Settings configurations - No changes made to standard installation
8. Customizations you do to your device - None

TheMystic said:

I'll post a summary of all unique and interesting ideas received here.

Click to expand...

For each one of the eight entries in the summary, compare it to how MS does it in the default installation, so the summary can better serve as the guide that you mentioned in the OP.