Advanced Plus Security oldschool's 2020 laptop setup

[blackice]

With a fresh install of 2004 my boot times are the same or faster. Of course, that comes with the time intensive task of a fresh install. I didn’t have boot slowdown when I updated, and I think the issue I encountered was already present pre-update, just windows store breaking things the way windows store does.

 

[oldschool]

With a fresh install of 2004 my boot times are the same or faster. Of course, that comes with the time intensive task of a fresh install. I didn’t have boot slowdown when I updated, and I think the issue I encountered was already present pre-update, just windows store breaking things the way windows store does.

I changed my power plan back to balanced and will check startup. What's the difference between a clean install and a "Reset this PC + remove everything?"

I still think it's the Intel updates prior to 2004. Once I reverted to 1909 I got those again immediately. My boot time is not horrible, it just seems a tad slower than before those.

 

[blackice]

I changed my power plan back to balanced and will check startup. What's the difference between a clean install and a "Reset this PC + remove everything?"

I still think it's the Intel updates prior to 2004. Once I reverted to 1909 I got those again immediately. My boot time is not horrible, it just seems a tad slower than before those.

Honestly it seemed like the reset and remove everything took longer than a format and install. I did the reset and remove. I couldn't find a lot of information from M$ explaining the true difference. I think with the reset you don't need a boot media, and obviously with a format and reinstall you need a thumbdrive or disk with bootable installer, if I remember it just used the drive for the reset.

 

[oldschool]

I couldn't find a lot of information from M$ explaining the true difference.

I've never found anything definitive either.

BTW I updated BIOS and some Lenovo drivers thanks to @Gandalf_The_Grey's post in my cloning suggestions thread. I haven't noticed any difference. I think Windows simply continues to eat up resources no matter what ...

 

[oldschool]

Updated --> Windows 10 2004 and edited configuration to show other minor changes.

 

[SeriousHoax]

Updated --> Windows 10 2004 and edited configuration to show other minor changes.

No ConfigureDefender?

 

[oldschool]

No ConfigureDefender?

Nope. All built-in configuration options equivalent to ConfigureDefender High. No 3rd party security apps.

 

[Protomartyr]

Nope. All built-in configuration options equivalent to ConfigureDefender High. No 3rd party security apps.

I plan on doing this down the road as well. Once 2004 becomes stable, I'll upgrade from Home to Pro, then clean install and do everything manually using built-in settings.
Do you have a list of what group policy settings you have configured?

For now, I'll just play around with them in a VM to test and eventually transfer everything over to my main system.

 

[oldschool]

Do you have a list of what group policy settings you have configured?

No. It takes longer to set up than Andy's tool but once done, it's done. Maybe I'll go back and start making a list to post.

I'm still a noob finding my way around Group Policy, especially with OS hardening.

 

[Protomartyr]

I'd definitely love to see a list. I was digging through the ConfigureDefender manual to see if there were any mentions of what each setting in CD translates to group policy but sadly there doesn't seem to be any references. The only thing I could find was the following:

The tabs: MAPS, MpEngine, Real-time Protection, Reporting, Scan, Spynet, and Windows Defender Exploit Guard, should be inspected before using the utility, if some settings are switched ensure they are set back to the defaults.

So at least I know where to look.

 

[bribon77]

Great setup. Thanks for sharing.

 

[oldschool]

Back to the Romanian Wolf-dragon

due to Windows Defender issues with Network Inspection Service.

 

[blackice]

Back to the Romanian Wolf-dragon
View attachment 245081
due to Windows Defender issues with Network Inspection Service.

Just looking for an excuse...

 

[oldschool]

Re-enabled µBO in medium mode and added Trace to Brave.

Trace settings --> configured to supplement Brave built-in privacy protection.

• All Main Protections enabled
• All Advanced Protections enabled except Cookie Eater and Google Header Removal
• URL Tracking Cleaner enabled
• All 3 Web Request Settings disabled as these are handled by µBO and ClearURLs

I find Trace's Web Request Settings are poorly executed, and I doubt that I would like them any more in the paid version. My 2 cents.

 

[oldschool]

After some trial and error I've reconfigured Trace settings for set-and-forget use. No whitelisting or per-site configuration required. This setup is primarily for fingerprinting protection and should work well on Chromium browsers with any adblocker. YMMV.

• All Main Protections Enabled
• E-Tag Tracking Protection Enabled All other Main Protections Disabled
• All Web Request Settings Disabled as these are handled by µBO and ClearURLs

Edit/Update: I removed this from Brave since it's duplicative/overkill, and have it installed only in Ungoogled Chromium

 

[klepto]

Re-enabled µBO in medium mode and added Trace to Brave.

Trace settings --> configured to supplement Brave built-in privacy protection.

• All Main Protections enabled
• All Advanced Protections enabled except Cookie Eater and Google Header Removal
• URL Tracking Cleaner enabled
• All 3 Web Request Settings disabled as these are handled by µBO and ClearURLs

I find Trace's Web Request Settings are poorly executed, and I doubt that I would like them any more in the paid version. My 2 cents.

I didn't know about trace, very interesting. I'm curious about which browser you use the most. I have yet to use Edge because I'm sure disabling the privacy eroding telemetry would be a chore.

 

[oldschool]

I didn't know about trace,

It covers fingerprinting pretty thorougly but I don't know about it Web Request antitracking feature as I haven't enabled it. I've already quit using it in Brave because it overlaps with built-in protections and ClearURLs. It would be great for Edge, but it's incompatible with the latest version.

I'm curious about which browser you use the most.

Brave/Brave Nightly

 

[blackice]

So you find uBO can add to Brave’s Shields? What does it cover that they don’t?

 

[oldschool]

So you find uBO can add to Brave’s Shields? What does it cover that they don’t?

Actually, I started using µBO again mostly for cookie notices - and today I discovered Easlylist-Cookie List filter in Brave Adblock. So now I'm back to built-in adblocking. I'm embarassed to admit it. Too much time on my hands, testing this and that.

 

[blackice]

Actually, I started using µBO again mostly for cookie notices - and today I discovered Easlylist-Cookie List filter in Brave Adblock. So now I'm back to built-in adblocking. I'm embarassed to admit it. Too much time on my hands, testing this and that.

We’ve all been there these days. I’m glad you shared the cookie notice. I’ll be ticking that box next time I’m on my machines.