I wanted to post a fast guide to get your windows pc set up and locked down for average users or maybe those new to Windows or haven't used Windows in a while. There are several steps including editing the registry. Some people may feel intimidated but it is not difficult and can be fun to learn terminal commands. I am going to go through an average PC with Macafee pre-installed.
First step do you want a local account or MS login?? If local then press shift and f10 at the welcome screen. You will see a command prompt. Type in oobo\bypassnro and hit enter. It will restart. hit shift and f10 again and type ipconfig/release and hit enter. Then follow setup until the internet page. Once there scroll down and hit continue with limited setup. Now you have a local account in Windows 11.
Next remove Macafee. https://download.mcafee.com/molbin/iss-loc/SupportTools/MCPR/MCPR.exe
Use the tool above and then restart. Macafee is now completely removed.
Next search regedit. Once there navigate to HKEY_Local_Machine, then SOFTWARE, then Microsoft then to Data collection right click new d word 64 bit. Then type in AllowTelemetry. Then click again and set hexidecimal to zero. Boom you have no telemetry in Windows.
Go to setting in privacy. In general toggle off everything but last bottom toggle. Then active history. hit clear. Then turn it off. Turn find my device off and all other device tracking.
You can go into edge and limit tracking and activate secure browsing with Defender.
Make sure Windows security is on and browser security is on. You can go into ransomware setting and turn on file protection. You can turn off encryption unless you travel a lot and then run a Defender offline scan every week or so.
Make sure Windows Firewall is active.
Go into control panel and remove any bloatware from the device and it will vary from manufacturer. Do not remove drivers or software that helps control the device for example something like MyHP is something you don't want to remove but maybe you don't want onedrive or something else.
Go into settings and go to apps and remove any apps you don't want like LinkedIn etc.
Then reboot. Turn on your wifi if you setup local account and start Windows updates. Windows updates should be set not to download updates from other pcs in advanced settings. Also you want to download any additional drivers. Do not turn on get latest updates until you have completed updating everything. Then once it says up to date add get updates first and run updates again. It may take a few time and then it will update 23h2 for example. Then once all Windows updates have completed and rebooted. Go to Micrososft store in library and run updates. Let that go.
Then reboot.
One in search change how power button works. Then change setting not available. Then turn off hybrid boot. Add hibernate to list and reboot.
Now search defrag. Run optimize drive. Reboot.
If you have software from the OEM to update drivers now run that. Update drivers. Reboot.
Now you are setup and secure.
First step do you want a local account or MS login?? If local then press shift and f10 at the welcome screen. You will see a command prompt. Type in oobo\bypassnro and hit enter. It will restart. hit shift and f10 again and type ipconfig/release and hit enter. Then follow setup until the internet page. Once there scroll down and hit continue with limited setup. Now you have a local account in Windows 11.
Next remove Macafee. https://download.mcafee.com/molbin/iss-loc/SupportTools/MCPR/MCPR.exe
Use the tool above and then restart. Macafee is now completely removed.
Next search regedit. Once there navigate to HKEY_Local_Machine, then SOFTWARE, then Microsoft then to Data collection right click new d word 64 bit. Then type in AllowTelemetry. Then click again and set hexidecimal to zero. Boom you have no telemetry in Windows.
Go to setting in privacy. In general toggle off everything but last bottom toggle. Then active history. hit clear. Then turn it off. Turn find my device off and all other device tracking.
You can go into edge and limit tracking and activate secure browsing with Defender.
Make sure Windows security is on and browser security is on. You can go into ransomware setting and turn on file protection. You can turn off encryption unless you travel a lot and then run a Defender offline scan every week or so.
Make sure Windows Firewall is active.
Go into control panel and remove any bloatware from the device and it will vary from manufacturer. Do not remove drivers or software that helps control the device for example something like MyHP is something you don't want to remove but maybe you don't want onedrive or something else.
Go into settings and go to apps and remove any apps you don't want like LinkedIn etc.
Then reboot. Turn on your wifi if you setup local account and start Windows updates. Windows updates should be set not to download updates from other pcs in advanced settings. Also you want to download any additional drivers. Do not turn on get latest updates until you have completed updating everything. Then once it says up to date add get updates first and run updates again. It may take a few time and then it will update 23h2 for example. Then once all Windows updates have completed and rebooted. Go to Micrososft store in library and run updates. Let that go.
Then reboot.
One in search change how power button works. Then change setting not available. Then turn off hybrid boot. Add hibernate to list and reboot.
Now search defrag. Run optimize drive. Reboot.
If you have software from the OEM to update drivers now run that. Update drivers. Reboot.
Now you are setup and secure.