Major performance boost: Disable NETBIOS and related on all Windows NICs
article #1557, updated 2 days ago

NETBIOS is a very legacy protocol, security of it is very poor. Substantial performance gains by disabling it have been noticed. This is probably because when active it broadcasts constantly to every single NIC on its LAN, creating NIC and switch contention. Also, a large proportion of security violation exploits use it, so disabling becomes a very good idea in general. The only exceptions occur when there are needs to do SMB sharing with very old machines, machines all long out of support. By default, it is still active on all current Microsoft Windows operating systems.

Here is a paste to Powershell that does it all:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'

Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"

The various bits are below.

Turn off NETBIOS over TCP/IP, for each NIC:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Where-Object -Property 'TcpipNetbiosOptions' -ne $null | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get rid of all WINS entries, if present (sorry, no CimInstance code yet):

Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "IPEnabled='True'" | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

Uncheck of LMHOSTS lookups:

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'

Disable the service “TCP/IP NetBIOS Helper”:

Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"

If Microsoft DHCP is in use, DHCP can tell clients to do the simple disable, the first item above:

Below is another script, to reenable the protocols, though it does not try to put back any WINS server IPs that may have been deleted, and it cannot override Microsoft DHCP:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = 0 }

$DisableLMHosts_Class=Get-WmiObject -list Win32_NetworkAdapterConfiguration
Set-Service -Name "lmhosts" -StartupType Manual
Start-Service -Name "lmhosts"

And if you want to combine the above with a new Microsoft standard preventing Windows port exhaustion:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"
netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384



Delete and recreate NTFS USN journal for performance gains
article #1483, updated 3 days ago

The journal can get huge over time, slowing machines down a lot. Here’s how to delete it and recreate it for C:, in CMD. The process can cause interference and conflict with Windows internals and applications, though I have not seen this happen so far. On a machine that has been in use a while, it can help a whole lot.

fsutil usn deletejournal /n C: & fsutil usn createjournal C:

Here are quick pastes for D: and E:.

fsutil usn deletejournal /n D: & fsutil usn createjournal D:
fsutil usn deletejournal /n E: & fsutil usn createjournal E:

In 2012R2/8.1 and before, we must be more specific in the creation:

fsutil usn deletejournal /n C: & fsutil usn createjournal m=1000 a=100 C:
fsutil usn deletejournal /n D: & fsutil usn createjournal m=1000 a=100 D:
fsutil usn deletejournal /n E: & fsutil usn createjournal m=1000 a=100 E:

And here’s Powershell, to do it all for every drive letter in the system:

# Delete and Recreate NTFS USN Journal #

# This script iterates through all lettered NTFS drives in Windows, 
# and deletes and recreates the USN Journal of each one.
# Considerable performance gain results if the image has been running
# for a year or more.

# There are slightly different commands between some OS versions.
$OSVer = [System.Environment]::OSVersion.Version
If ($OSVer.Major -gt 10)
	"OS > 10. Create uses short command."
	$ShortCommand = $True
} ElseIf ($OSVer.Major -eq 10) {
	If ($OSVer.Build -le 14393)	{
		("OS is 10 build " + $OSVer.Build + ". " + "Create uses long command.")
		$ShortCommand = $False
	Else {
		"OS is 10, build > 14393. Create uses short command."
		$ShortCommand = $True
} ElseIf ($OSVer.Major -lt 10) {
	"OS < 10. Create uses long command."
	$ShortCommand = $False

Get-CimInstance -Query "Select * FROM Win32_LogicalDisk WHERE DriveType=3" | ForEach-Object {
	$DriveID = $_.DeviceID

	If ($DriveID -match "[A-Z]")
		"Deleting USN Journal on " + $DriveID + " ..."
		fsutil usn deletejournal /n $DriveID

		"Recreating USN Journal on " + $DriveID + " ..."
		if ($ShortCommand) {
			fsutil usn createjournal $DriveID
		else {
			fsutil usn createjournal m=1000 a=100 $DriveID
# End Script




Appx Cleanup for Windows 10/11 Performance
article #1561, updated 3 days ago

Appx’s are a method used for application install, first delivered in Windows 8.1. There are a lot of builtins which take live system resources in hidden fashion, usually not showing up in Task Manager very much or at all. And there have been a lot of changes in this over recent years. Here’s an overview of items for cleanup as of this writing. One can free a lot of resources on machines this way.

The first thing to know is that many appx’s are “provisioned”, they are embedded in the current (“online”) DISM image, and will be automatically activated whenever a new user profile is made. To get a list of these:

Get-AppxProvisionedPackage -Online | Sort-Object | ft DisplayName, PackageName

To get a list of all apps installed for all users, in nicely sorted form:

Get-AppxPackage -AllUsers | Sort-Object | ft

To remove several of these, that I like to have gone in business desktops, both from provisioning and from any user for which any of them may be installed:

#Begin Script

$RemovalItems =  @(

$ProvisionedItems = Get-AppxProvisionedPackage -Online
foreach ($ProvItem in $ProvisionedItems) {
	foreach ($RemItem in $RemovalItems) {
		If ($ProvItem.DisplayName -like "*$RemItem*") {
			Write-Host "Deprovisioning:" $ProvItem.DisplayName
			try {
				Remove-AppXProvisionedPackage -Online -PackageName $ProvItem.PackageName -ErrorAction SilentlyContinue | Out-Null
			catch { "Failed: Microsoft does not allow, or other error." }
			if (!$error) { "Succeeded!" }

$InstalledItems = Get-AppxPackage -AllUsers
foreach ($InstItem in $InstalledItems) {
	foreach ($RemItem in $RemovalItems) {
		if ($InstItem.Name -like "*$RemItem*") {
			Write-Host "User-level removal operation:" $InstItem.Name
			try {
				Get-AppxPackage $InstItem.Name -AllUsers | Remove-AppxPackage -Allusers -ErrorAction SilentlyContinue | Out-Null
			catch { "Failed: Microsoft does not allow, or other error." }
			if (!$error) { "Succeeded!" }

# End Script

The above first gets rid of the provisioned, then the user-level for all user profiles, for the whole list. There are some for which Microsoft prevents all removals; errors are thrown for these.



Use DMARC to harden SPF and DKIM
article #1255, updated 6 days ago

As of Q4 2023, Google and Yahoo are requiring DMARC to be set on the sender side, for many emails to be delivered. Some Office 365 tenants have exhibited similar behavior.

The following TXT record contents:

v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s

indicate that both DKIM and SPF are checked, and any email not satisfying both entirely, will be marked such that a spam filter should quarantine it. The =s means “strict”; there is a “relaxed” mode, =r, which allows subdomains. But if you have to allow for some email to be transmitted without DKIM, e.g. from a web site’s or application’s email generator, go with either this:

v=DMARC1; p=quarantine; pct=100; aspf=s

which does not look at DKIM; or if you must, this:

v=DMARC1; p=none

which is a kind of ‘null’ DMARC, it’s a placeholder such that DMARC exists, but doesn’t do anything. At least one cloud-application vendor is recommending this, but it’s far from clear how Google, Yahoo, and other machines will respond to it, either now or in the future.

To use the above, create a TXT record of name _dmarc with chosen contents.

Some more info is here:



If you have a Ford with a "permanent" air filter...
article #1586, updated 22 days ago

My sweet Lori’s 2007 Ford Focus came with a “permanent” air filter, “suitable for the life of the car” by one suggestion. After we had had the car a while, I knew we wanted to keep it running long, long past Ford’s glorious preferences, so I started looking for options. One well-known vendor sold an aftermarket air filter box for about $480. This seemed a bit high to me for a mildly complicated piece of plastic, so I looked further. And lo and behold:

Highly recommendable, and $78 at this writing. I saw some reports which said it made things a tad louder; au contraire I must report, Sweet Lori’s little car is now quieter, much smoother, better power. Yahoo!



Automatic update of Lenovo drivers, firmware, etc.
article #1585, updated 40 days ago

Here it is:

It’s also available via Winget: winget install "Lenovo System Update"



New Windows package management: winget
article #1504, updated 40 days ago

It’s built into the latest builds of Windows 10 and 11 and Server, and can be installed into many.

To see if you have it, try winget from CMD or Powershell. If you don’t have it on a newer platform with the Microsoft store, here’s the link:

One good way to try it, is to install Microsoft .NET framework (SDK) 6, thus, from administrative Powershell:

winget install --id Microsoft.DotNet.Runtime.6 --silent --accept-source-agreements

I learned just now that if you add other seemingly valuable options to the one above, e.g., --scope machine, at least while running as SYSTEM, it will fail citing package not found. So you’ll want to test carefully.

Here’s one proven just now for 7zip (there’s a “search” option in winget to get the ID):

winget install --exact --id 7zip.7zip --accept-package-agreements --silent --scope machine

Here’s one for Google Chrome, needs a bit of extra:

winget.exe install --exact --id Google.Chrome --silent --accept-package-agreements --accept-source-agreements --scope machine

If you do want to use it from the SYSTEM account, in scripting, it gets interesting. You’ll want to first run this:

$ResolveWingetPath = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe"
    if ($ResolveWingetPath){
           $WingetPath = $ResolveWingetPath[-1].Path
$ENV:PATH += ";$WingetPath"

and then winget will run as expected.

Adding Winget on Windows 10/2019/2016 builds 1809 or lower is touch and go. This worked on a recent Server 2019/1809, with the addition to the path above:

# Install VCLibs
Add-AppxPackage ''

# Install Microsoft.UI.Xaml.2.7.3 from NuGet
Invoke-WebRequest -Uri -OutFile .\
Expand-Archive .\
Add-AppxPackage .\microsoft.ui.xaml.2.7.3\tools\AppX\x64\Release\Microsoft.UI.Xaml.2.7.appx

# Install the latest release of Microsoft.DesktopInstaller from GitHub
Invoke-WebRequest -Uri -OutFile .\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle
Add-AppxPackage .\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle

# Fix permissions
TAKEOWN /F "C:\Program Files\WindowsApps" /R /A /D Y
ICACLS "C:\Program Files\WindowsApps" /grant Administrators:F /T



Disable Windows Compatibility Telemetry
article #1370, updated 44 days ago

This can sometimes save a lot of CPU and/or disk cycles. In administrative CMD:

schtasks /Change /Disable /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
sc delete DiagTrack
sc delete dmwappushservice
echo “” > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /v AllowTelemetry /t REG_DWORD /d 0 /f



Automatic install of Dell drivers and firmware, and more
article #1584, updated 46 days ago

Lots of interesting recently-updated tools here:



Automatically Resize Windows in Windows with AutoSizer
article #1583, updated 54 days ago


really works remarkably well. Rather helpful if you bring up ticket note windows or anything else over and over again which need resizing. It repositions and maximizes as desired too. By default it runs by window class (my own preference!) but can address windows by title as well. Sits in the Windows tray nice and quietly and does its job. Lovely!

Newly updated as of this writing, I’m running it on Windows 11.