Who Needs the Optional Features in Microsoft Windows

Minimizing the applications and services on your computer can help to reduce the hacker attack service. If an app or service does not exist and can not be started, then it can not be exploited. The consumer desktop version of Microsoft Windows is good at keeping backward compatibility. This unfortunately leads to increasing hacker attack service and bloated installations.

Microsoft Windows 10 can remove some of the unneeded software. In this example, we will remove the .Net Framework.

The command prompt command "systeminfo" shows the following:

OS Name:                   Microsoft Windows 10 Home
OS Version:                10.0.19045 N/A Build 19045

Before starting, please create a restoration point in case you want to undo the changes. Press Start button, type "restore", choose Create A Restore Point.

On the desktop, press the Start button then press the Settings icon (the gear).

In the Windows Settings, choose Apps and click Optional Features. This may request the administrator prompt, which is required to continue.

Click on Optional Features.

Scroll down and click More Windows Features. 

This will display the Windows Features box. 

Deselect .NET Framework. 

Press OK and apply the changes.

Reboot to finish the changes.

Hide Icons On Microsoft Windows Desktop

Anyone updating applications may notice that links to start the app often appear on the desktop. While these can often be easily deleted, if they are instead hidden then the next time the app is updated the link is likely to remain and stay hidden.

Microsoft has been pushing icons and shortcuts to the desktop. A recent Windows 10 patch rollup put a Microsoft Edge icon on the desktop, and it requires administrator privilege to remove it. 

Regular users can hide the icon with a quick command window. Bring up the command prompt by pressing Start button, type cmd, and press the Command Prompt app.

In the command prompt window, go to the desktop folder by typing:
cd desktop

Look for the file with the directory command and a flag:
dir /A

If the file does not exist, it may be in the Windows public profile. On the desktop, right-click on the icon, choose Properties, press the Details tab, and look where the actual link is located. If it is in the public profile you will need an administrator to help you.

If the file exists in your profile, you may set the hidden attribute on the filename for the icon to make it disappear:
attrib +h Microsoft*.lnk

The desktop should now be less cluttered with the icon hidden.

If the lnk file is in the Windows public profile and you can become adminstrator, then start the command prompt as administrator. Go to the directory and set the hidden flag:
C:\Users\Public\Desktop> attrib +h Microsoft*.lnk

DNS For Malware Blocking

The Domain Name System protocol maps a human-readable hostname to an IP number. The DNS protocol can be leveraged to filter these lookups. While an application can use a hard-coded IP number, hostname lookups can have any logic or filtering applied by the DNS resolver.

People have effectively self-hosted the Pi-hole solution at home. Typically it is configured to reduce ads which can improve website performance and reduce tracking. For those with some desire to configure a small device, pi-hole is a straightforward and lightweight method to take some control of your network.

There are also hosted DNS solutions which can provide varying levels of filtering and blocking.

Using a phone over a mobile network or public wifi, you may want to have some DNS filtering while not using the Pi-hole solution at home. For an Android phone, there is a setting to allow use of "Private DNS". Go to settings, Network & Internet, Private DNS. If you want to use the Cloudflare DNS offering of 1.1.1.1, Android will require an actual hostname instead of the 1.1.1.1 number scheme. In the settings prompt for Private DNS, enter the hostname 1dot1dot1dot1.cloudflare-dns.com and press save. Your Android phone should then use the Cloudflare DNS filtering. Using one.one.one.one as the hostname seems to have unreliable effects as it does not always properly resolve that name.

Android Private DNS setting:

Look up 1dot1dot1dot1.cloudflare-dns.com which resolves to 1.1.1.1:

Cloudflare's 1.1.1.1 is fast and convenient. For additional levels of filtering, look into using their family filtering at 1.1.1.3. For family filtering, also consider using OpenDNS.

Tar and Curl in MS Windows 10

I wanted to scp a deep directory structure to a unix machine. In MS Windows 10, I tried to use the File Explorer to click once on the directory and right-click to use the SendTo and choose "Compressed (zipped) folder". That did not work and there was no error message. It simply failed silently.

I opened a PowerShell and found, to my surprise, that both curl and tar are now in Windows 10. To put directories and files into one larger file, the tar command may be used. By itself tar does not compress, though it put everything into one file to make it easier to take a snapshot of a directory structure.

The basics of tar on MS Windows 10 is to open a PowerShell window. Navigate to the top of the directory structure. Type:

tar -cf filename1 filename2 directory3 directory4 newTARfilename.tar

If you want to have ongoing feedback from the command, add the verbose flag:

tar -cvf filename1 filename2 directory3 directory4 newTARfilename.tar

This example uses PowerShell and shows the tar help, the directory, and the tar command.

PS C:\temp\showcompress> tar /?

Usage:

  List:    tar.exe -tf <archive-filename>

  Extract: tar.exe -xf <archive-filename>

  Create:  tar.exe -cf <archive-filename> [filenames...]

  Help:    tar.exe --help

PS C:\temp\showcompress> dir

    Directory: C:\temp\showcompress

Mode                 LastWriteTime         Length Name

----                 -------------         ------ ----

d-----        2021-12-29     15:59                DecemberFolder

PS C:\temp\showcompress> tar -cf DecemberFolder.tar DecemberFolder

PS C:\temp\showcompress> dir

    Directory: C:\temp\showcompress

Mode                 LastWriteTime         Length Name

----                 -------------         ------ ----

d-----        2021-12-29     15:59                DecemberFolder

-a----        2021-12-30     00:22    39059677696 DecemberFolder.tar

You may also want to explore the Compress-Archive command in Powershell.

An example curl command will look like:

C:\>curl 2600.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>302 Found</title>

</head><body>

<h1>Found</h1>

<p>The document has moved <a href="https://2600.com/">here</a>.</p>

</body></html>

Remove Apps From MS Windows 10

Microsoft is push-installing many more applications in Windows 10. A user may remove some applications by clicking the Start button then right-click on an app and choose uninstall. The uninstall option is not available for many apps installed by Microsoft.

This list of MS Windows 10 PowerShell application removal lines can work on some versions of Windows, and may depend on the current naming and the build number of Windows. The following were tested on several versions of Windows 10, including Microsoft Windows 10 Pro version 10.0.19043 N/A Build 19043.

Right-click on the Start button and choose: Windows PowerShell

If you are not able to run PowerShell as administrator in order to remove the application packages for all users, you will receive an error:
Get-AppxPackage : Access is denied.
Access is denied.

You may instead run the following commands without this option: -Allusers
If the following commands are not working with "-Allusers", try do remove that and run the command again.

If you are looking for application package names to install, try this example for the Solitaire game:

> Get-AppxPackage | select-string  "solitaire"

Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe

Then use "solitaire" and remove the game:

Get-AppxPackage *solitaire* | Remove-AppxPackage

List of what you may want to remove. If you are not logged in as administrator, remove "-AllUsers" from the following:

Get-AppxPackage Microsoft.YourPhone -AllUsers | Remove-AppxPackage
# or
Get-AppxPackage *windowsphone* -AllUsers | Remove-AppxPackage

Get-AppxPackage *xbox* -AllUsers | Remove-AppxPackage

Get-AppxPackage *3dbuilder* -AllUsers | Remove-AppxPackage

Get-AppxPackage Microsoft.Microsoft3DViewer -AllUsers | Remove-AppxPackage

Get-AppxPackage *people* -AllUsers | Remove-AppxPackage
# or
Get-AppxPackage Microsoft.Windows.PeopleExperienceHost -AllUsers | Remove-AppxPackage
# or
Get-AppxPackage Microsoft.people -AllUsers | Remove-AppxPackage

# Cortana
Get-AppxPackage Microsoft.549981C3F5F10 -AllUsers | Remove-AppxPackage

Get-AppxPackage *Microsoft.GetHelp* -AllUsers | Remove-AppxPackage

Get-AppxPackage *windowsalarms* -AllUsers | Remove-AppxPackage

Get-AppxPackage *windowscommunicationsapps* -AllUsers | Remove-AppxPackage

Get-AppxPackage *skypeapp* -AllUsers | Remove-AppxPackage

Get-AppxPackage *officehub* -AllUsers | Remove-AppxPackage

Get-AppxPackage *getstarted* -AllUsers | Remove-AppxPackage

Get-AppxPackage *onenote* -AllUsers | Remove-AppxPackage

Get-AppxPackage *bingweather* -AllUsers | Remove-AppxPackage

Get-AppxPackage *windowscamera* -AllUsers | Remove-AppxPackage

Get-AppxPackage *windowsmaps* -AllUsers | Remove-AppxPackage

Get-AppxPackage Microsoft.WindowsFeedbackHub -AllUsers | Remove-AppxPackage

Get-AppxPackage *music* -AllUsers | Remove-AppxPackage

Get-AppxPackage *solitaire* -AllUsers | Remove-AppxPackage

Get-AppxPackage *portal* -AllUsers | Remove-AppxPackage

Get-AppxPackage *stickynotes* -AllUsers | Remove-AppxPackage

# Movies & TV

Get-AppxPackage *zunevideo* -AllUsers | Remove-AppxPackage

# Snip & Sketch
Get-AppxPackage *screensketch* -AllUsers | Remove-AppxPackage

# Sound Recorder
Get-AppxPackage *soundrecorder* -AllUsers | Remove-AppxPackage

Microsoft OneDrive may be removed from within the legacy "Control Panel" application. Press Start button, then begin typing "control panel".

After you have uninstalled applications, it is usually useful to create a Windows "restore point" to snapshot the current configuration. If you feel more advanced, you may want to explore the "Services" app to stop services you may not be using.