Configuring Windows 2000/XP for Performance, Usability and Security

Related documents: Configuring System BIOS, Windows 2000 Pro software installation and further notes on configuring Windows 2000

You can use TWEAK (The Windows Environment and Application Konfigurator) program to make the majority of these changes for you automatically.

Note: All the settings we're not sure of are temporarily highlighted in bold whilst we clarify every last registry setting that relates to this document. If you're using our automatic system configuration program, TWEAK, then the only settings you need make manually are highlighted in bold (and not italic), ignore those that are highlighted in bold and italic.

Contents

0. Changes to this document

1. Introduction

2. Hard Disk Partitioning

3. Directory Structure

4. Booting

5. The Windows Operating System [2000,XP]

6. Disaster Prevention

7. Further Windows Housekeeping

8. Clearing Out Unnecessary Files To Make Space And Increase Performance

9. Functionality That Can Be Removed From Windows If You Don't Use It

10. Still to add to this document

11. Appendix

0. Changes to this document

1.34.0 (30 July 04): incorporated Automatic Updates settings from 'Still to add to this document' section; removed 'Windows Automatic Updates' from the list of Windows Components to uninstall (it won't uninstall)

1.33.0 (12 Dec 03): added proper registry setting for Windows XP's 'classic start menu'; added Windows XP's 'Show Quick Launch'; added Windows XP Pro and XP Home Start menu and Desktop icons to be removed; added power scheme for laptops running on batteries

1.31.3 (30 Oct 03): Not convinced 'Launch browser windows in a separate process' and 'Reuse windows for launching shortcuts' are the same thing.
'Launch browser windows in a separate process' should be left to the operating system to decide, which it does automatically, depending on the amont of RAM available (and its registry setting should have been 'BrowseNewProcess' rather than 'SeparateProcess')

1.30.0 (24 Sept 03): changed Windows system TEMP directory name from 'winnt' to 'windows'

1. Introduction

You can configure Windows with all its user interface bells and whistles that have little functional value other than to slow the system down, and pay extra money for bigger, faster, hardware to compensate for your bad configuration; but why bother. This document details how to turn off all the extra fluff, and how to streamline it further so that the system runs at its fastest on the given hardware and saves you throwing away old equipment before its time is really up.

As far as performance goes, configuring a Windows system with the settings layed out in this document will really come-into-its-own on a computer with less resources than those you'd buy brand new now, yet it will enable any computer to run Windows faster and smoother. tuning the operating system for performance goes hand-in-hand with choosing lightweight software applications.

Use this document in conjunction with win-2k-pro-software-installation.html; this document deals with the software worth loading onto a Windows NT sytem, this document deals with how to configure the underlying operating system that exists before you begin loading software onto it.
There are also details of settings worth making in many of the individual programs that make up a Windows system, in documents which can be found via software.html.

Key

2. Hard Disk Partitioning

Stand-alone Windows 2000 Pro / XP Home / XP Pro

Drive Function Volume Name Directories Size(MB) File System Cluster Size Partition Type
C:

Windows operating system + virtual memory WINDOWS \winnt or \windows min: 700
advised: 1000 - 1200
+ 3X physical (incl. foreseeable) RAM for virtual memory
+ 1X physical (incl. foreseeable) RAM if want hibernation
NTFS default? primary
D: program files PROGRAMS \programs min: 600
advised: 1500+
NTFS default? extended/
logical
E: 1. Windows' temporary files
2. applications' (incl. browsers') temporary files / scratch space
TEMP 1. \windows
2. \'username'\
program-name
min: 400
advised: 1000
(2000+ for audio / still image / video editing)
NTFS default? extended/
logical
F: users' Home space for their data and various other uses HOME \files\'username'
\mail
\software
\drivers
\freedb
\backup
rest of available space; or leave some for GNU/Linux NTFS default? extended/
logical
Z: CD-ROM / CD-RW / etcetera . . . . . .
backup partitions (optional):
n/a invisible partition for 'WINDOWS' backup PROG-BAK n/a = NTFS default?
n/a invisible partition for 'PROGRAMS' backup WIN-BAK n/a = NTFS default?
partitions of an additional dual booting GNU/Linux system (optional):
hd# root n/a ? 100 EXT2 (83) ? primary/logical
hd# swap n/a ? = or 2x physical RAM size (and between 128MB and 2GB) LINUX-SWAP (82) ? logical
hd# everything else ? ? min: 800+
advised: 2000+
EXT2 (83) ? logical

Advantages of spreading operating system functionality over multiple partitions (or even disk drives):

If you have a second hard disk, depending on how often its being accessed by programs, you can improve performance by locating Windows' virtual memory on that disk. This saves the virtual memory file from fragmenting the Windows partition. We used to also advise locating Windows' virtual memory on its own partition in a single disk system but it transpires that though this reduces fragmentation (a major performance hindrance), it forces the disk heads to move back and forwards too much between the Windows system files and the virtual memory, reducing the performance boost gained from the lack of fragmentation; where-as with the virtual memory on a separate disk the disk heads remain constantly around the same position on the disk where the virtual memory file is located

TEMP wants to be larger (i.e. by an extra 1GB) if an image manipulation (i.e. GIMP, Photoshop) or audio editing software (i.e. Audacity, CoolEdit/Audition) is using it

If you wish to have the GNU/Linux operating system installed concurrently with Windows, install Windows first, leave some partition space free (use something like Ranish Partition Manager or FIPS and Partition Resizer or Partition Magic or FDISK), and the GNU/Linux installer should prompt you to allow it to install in the free space and should then insert an operating system loader (LILO/GRUB/etc) in the hard disk's Master Boot Record (MBR) (the first sectors of the disk, that previously had Windows' operating system loader that took you into Windows automatically) which instead will ask you each time you switch on which operating system you'd like to run

the minimum and maximum partition sizes in the following table are based on a system presumed to be heavily used for a typical set of popular contemporary desktop uses, such as office suite applications (word processing, spreadsheet, database), various Internet applications (web, email) and graphics editing (i.e. GIMP/Photoshop) and other general uses; and assumes you have generous amounts of disk space to use (minimum of 3GB but for full flexibility its advisable to have 5.5GB or more). More leniant partition sizes could be used instead, for a system not intended for such a variety of applications and/or with smaller hard disk(s) (see further on)

if you're trying to cram this into a smaller hard disk, remember this:

3. Directory Structure

per-machine

per-user

(this info needs to be folded into the 'windows-config' document)

4. Booting

BOOT.INI

Assuming your Windows system drive is on the first partition on the primary master hard disk, Windows is by installed in the \WINNT directory (this is Windopws 2000's default; Windows XP defaults to \WINDOWS) and you use an ATA disk controller (replace 'multi' with 'scsi' if you have a SCSI controller), copy this BOOT.INI file to the root directory of the system drive (usually C:\; otherwise known as %SYSTEMROOT%):

5. The Windows Operating System

System Properties -> Hardware -> Device Manager

System Properties -> Advanced -> Performance Options

(these are per-machine settings)

System Properties -> Advanced -> Startup and Recovery

(these are per-machine settings)

Sounds and Multimedia

(these are per-user settings)

Networking

Network Card (hardware)

(these are per-machine settings)

Modem (hardware)

(these are per-machine settings)

Taskbar & Start Menu

Internet Explorer

(presumably these are per-user settings)

These are Internet Explorer (IE) settings (integrated with the operating system from Windows 95c onwards, unless you use 98Lite so as to not install it in the first place). as IE is installed by default and is an integral part of Windows these changes are worth making in case anyone or anything chooses to use IE or its components). We recommend you lock down Internet Explorer as tight as you can and use something like Netscape (or another Gecko-based browser such as Mozilla or K-Meleon) instead. Or, if you do really need to use IE, loosen off those insecure parts of it that you need in browsing and for only those security zones which are apply. It is not advised using IE on the open Internet because of its many security vulnerabilities.

it's probably worth running IERadicator (unless Windows was initially installed Windows using 98Lite) to remove a greater proportion of Internet Explorer (but I haven't used it in a while and need to check what it does and doesn't remove)

'control panel -> Internet Options' or 'Internet Explorer -> Tools -> Options' or right click on Internet Explorer desktop icon and choose Properties

Options for various versions of IE (applicable product version number(s) are in square brackets afterward...
(Win2k comes with IE5.0, WinXP comes with IE6.0)

is it worth removing all security certificates that come with the default installation?

Display (settings)

(these are per-user settings (apart from hardware acceleration))

Windows Explorer

(these are per-user settings)

Automatic Updates

(these are per-machine settings)

Power Options

(these are per-machine settings)

Folder Options

(these can be configured either per-user or per-machine (by editing the registry directly). possibly, File Types can only be configured by users with high-ish priviliges)

Tools -> Folder Options

Desktop Aesthetic and Usability Improvements

(depending on how you use them, these can be either per-user or per-machine settings)
(make these changes when all applications have been installed)

Miscellaneous

Add/Remove Programs -> Add/Remove Windows Components

(these are per-machine settings)

these are on by default and can be turned off

edit %windir%\inf\sysoc.inf, removing all instances of ',hide'
command-line: perl -pi.bak -e 's/,hide//gi' %WINDIR%\inf\sysoc.inf

after editing sysoc.inf, you can then use Add/Remove Windows Components to delete atleast:

TweakUI

(unless otherwise indicated, we believe these are all per-user settings; though some may be disabled depending on Policy settings the administrator has made, we haven't played about with this yet)

Control Panel -> TweakUI
TweakUI (Tweak User Interface) is part of the Microsoft Power Toys collection of utilities for Windows and as such needs to be installed seperately. it is available from http://www.microsoft.com/ntworkstation/downloads/PowerToys/Networking/NTTweakUI.asp or http://www.annoyances.org/exec/show/tweakui

worthwhile settings (currently this deals only with settings worth changing from the default):

Thin Out Critical Directories For Performance Gain

More stuff to delete

Additional changes to make Windows XP's user interface that of Windows 'Classic'

6. Disaster Prevention

7. Further Windows Housekeeping

This doesn't need to be followed on a default installation

8. Clearing Out Unnecessary Files To Make Space And Increase Performance

This doesn't need to be followed on a default installation

9. Functionality That Can Be Removed From Windows If You Don't Use It

This doesn't need to be followed on a default installation

(dont delete the directories, just the files)

10. Still to add to this document

11. Appendix

breakdown of Internet Explorer's Security settings

(explanation of these: http://www.jsifaq.com/SUBK/tip5100/rh5130.htm)