Optimize Windows 10 for Special Purpose Use

How to Strip Down Windows 10 for Kiosks, Digital Signage and Other Special Purpose Systems

Windows 10 is an excellent operating system enabling robust and reliable machines for nearly any computing requirement. Due to its popularity, broad developer support, breadth of built-in capabilities, and unrivaled out-of-the-box support for peripheral devices, it is the platform of choice for hundreds-of-thousands of mission critical, industrial, and other special purpose applications such as kiosks, digital signage, and other systems.

Some organizations choose Windows 10 IoT (formally known as Windows Embedded) or Windows 10 LTSB (long term servicing branch) for their deployments because of stability and finite control over native operating system features. However, Windows 10 IoT and LTSB are overall more expensive and less accessible, offered only on a limited set of computing hardware, require special licensing, and in-depth knowledge of complex implementation and deployment procedures.

Many companies prefer to use the Home and Pro editions of Windows 10 for their projects instead in order to avoid IoT and LTSB shortcomings and expense. Organizations can capitalize on the huge array of low cost, “Designed for Windows 10,” brand-name computer systems that fit their requirements and budget. A shortfall of choosing this option is dealing with the bloatware included with these systems that often absorbs valuable system resources and increases security risks. However, these issues can be addressed by stripping down and optimizing the operating system. The remainder of this article is dedicated to the many options available to strip down and optimise Windows Home and Pro for special purpose use.

Optimize Windows 10 Home or Pro for Special Purpose Use

In order to optimize Windows 10 Home or Pro for specific purpose functionality, the OS environment should be:

Configured specifically to support the special purpose application
Stripped down to include only the needed OS features
 Optimized for speed and increased system resources (CPU, memory, storage)

To assist with these optimizations, Inteset has provided a detailed check-list and brief instructions on the various Windows 10 elements that can be adjusted or removed to improve the environment for special purpose use. It is recommended that a series of OS images be created periodically during the configuration process so that, in case of any misconfigurations, the OS can easily be reverted to the last good image. In addition, when configurations are completed, a master image can be created for deployment on multiple systems with the same hardware. There are several image creation solutions available such as Macrium Reflect or AOMEI Backupper.

Note that the list below constitutes as recommendations and in its entirety, may not fit all Windows configuration scenarios. Also note that many of the suggestions listed do not provide specific instructions as they go beyond the scope of this article. In this case, links to relevant detailed instructional sites are provided for your convenience.

Adjust Windows Settings for Special Use

This section covers recommended changes to various Windows 10 settings that are more suitable for special purpose use.

1. Create a New Administrator Account: In addition to the Windows account used for the special purpose use, it is recommended that a second, password protected local administrator account be created to more easily facilitate a system recovery if needed.
2. Configure Windows Auto Login (detailed instructions) - Typically special purpose configured systems are set up to boot directly into the application. Auto login provides that ability.
3. Turn Off Windows Notifications: Settings > Personalizations > Taskbar > Notification Area
4. Turn Off System Icons: Settings > Personalizations > Taskbar > Notification Area > Turn system icons on or off
5. If using Windows Defender: Create an Exclusion for your application folder
6. Turn Off Windows Defender Notifications: Settings > Windows Defender > Open Windows Defender > Settings (icon) > Windows Defender Antivirus | Firewall Notifications
7. Turn Off Snap: Settings > System > Multitasking  > Snap
8. Turn Off Virtual Desktops: Settings > System > Multitasking > Virtual Desktops > Only the desktop I’m...
9Remove People Icon from the Taskbar: Settings > Personalization > Taskbar > People
10Turn Off UAC: Control Panel > User Accounts > Change User Account Control settings
11Set Taskbar to Auto Hide: Settings > Personalizations > Start and Taskbar
12Disable WiFi Services: Settings > Network & Internet > Wi-Fi > Wi-Fi Services
13Disable WiFi Hotspot: Settings > Network & Internet > Wi-Fi > Hotspot 2.0
14Disable Mobile Hotspot: Settings > Network & Internet > Mobile Hotspot

Configure Touch Keyboard Settings for Touchscreen Desktop Applications

If your setup uses a touchscreen, following the recommendations below will ensure that the Windows 10 touch keyboard will appear when entering an input field in your Windows Desktop application (win32/classic). This does not apply to Windows UMP type applications.

1. Set Windows to Desktop Mode: Settings > Settings > System > Tablet mode > When I sign in > Use desktop mode
2. Turn Off Snap: Settings > Settings > System > Multitasking  > Snap
3. Set the Virtual Desktop: Settings > Settings > System > Multitasking  > Virtual desktops > Only the desktop I'm using
4. Turn On the Touch Keyboard: Settings > Devices > Typing > Show the touch keyboard when not in tablet mode and there's no keyboard attached option enabled
5. Turn On Standard Keyboard Capability: Settings > Devices > Typing > Add the standard keyboard layout as a touch keyboard option
6. Detach Input Devices: Be sure that no physical input devices (keyboard, mouse, etc) are attached to the device. Otherwise, Windows will not display the touch keyboard.
7. Add the "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" path to the Background Apps section in the Secure Lockdown utility. This is only required if you find issues with the Touch Keyboard appearing when entering input fields.
8. Some touch screens are connected via USB. If you're using the Chrome browser in this case, be sure to start Chrome with the following command line switch: "--disable-usb-keyboard-detect"

Remove Windows Start Menu Items

This section discusses how to remove items from the Windows Start Menu in order to display only the desired applications.

1. Unpin Unneeded Tiles: Right-click on each item and choose Unipin, or Uninstall (if available)
2. Remove Folders: Settings > Personalization > Start > Choose which folders appear on Start
3. Remove Start Menu List Items: Enter the following in the Windows Run dialog, then delete the unneeded shortcuts and folders:

%AppData%\Microsoft\Windows\Start Menu\Programs
%ProgramData%\Microsoft\Windows\Start Menu\Programs

Remove Unnecessary Apps and Windows Built-In Components

This section covers the removal of unneeded Windows applications and features such as Internet Explorer 11 and many built-in Windows 10 packages.

1. Remove Unnecessary Apps & Features: Settings > Apps > Apps & Features

Be sure not to uninstall needed system applications such as special graphics or network application specific to the computer. Be sure to uninstall Windows Update Assistant. If it is not uninstalled, it will download and install all Windows Updates (even if the Windows Update Service is disabled).

2. Remove Optional Apps & Features: Settings > Apps > Apps & Features > Manage optional features
3. Remove Unnecessary Built-in Windows System Apps (detailed instructions)

Remove or Disable Other Windows Features

This section lists several miscellaneous Windows core components to remove or disable such as Cortana, Edge Browser, and OneDrive as well as other unnecessary features. Performing these suggestions will assist in better boot speeds and improved system resources.

1. Turn Off Windows Recovery Screen: remove the Windows Recovery screen if there is a power failure.

Run a command prompt as an admin
Type "bcdedit /set {current} bootstatuspolicy ignoreallfailures"

2
. Disable Windows Recovery Dump Files:  Control Panel > System and Security > System > Advanced system settings > Startup and Recovery > Settings

Disable Write an event to the system log
Enable Automatic restart
Set Write debugging information > none

3. Remove Cortana (detailed instructions)
4. Remove Connect (detailed instructions)
5. Remove Edge Browser (detailed instructions)
6. Uninstall OneDrive (detailed instructions):
7Remove Unneeded Windows Services (detailed instructions)
8Disable the Windows Update Service (detailed instructions)
9. Delete the Windows Restore Partition (detailed instructions)

System BIOS Settings to Consider Adjusting

To optimize boot times further and improve security, there are several BIOS-level settings to consider.

1. Set a password to access the BIOS
2. Set the system to power on after a power outage
3. Enable Quick Start boot options
4. Disable any unused BIOS-level components such as boot from network or USB options

Lock Down Windows

To secure the setup of the special purpose system and to ensure that only the application(s) intended for the system are available, it is highly recommended that the applicable Secure Lockdown product be incorporated into the Windows 10 configuration.
Learn more about Inteset Secure Lockdown...