Deannoyafying a default windows server install / by Matt Wrock

This is a somewhat opinionated follow up to last week’s post on how to create a windows vagrant box. What I left out were a few settings you might want to include to prevent you from going absolutely bonkers. While many may argue that it is too late for myself, one goal of this post is to keep others from my own fate.

I’m just going to cover three configuration settings here and one of them applies to windows client installations, not just server SKUs. There are other improvements one can make for sure but these are easily up at the top.

IE Enhanced Security Configuration – turn it off

Sure, the Amarican Society of therapists and social workers does not want me to tell you this. But trust me on this one because both you and those around you will benefit. Unless you belong to the small subculture of technology workers that enjoy pointing and clicking several times prior to previewing any single web page, add this to your windows base images:

Write-Host "Disabling IE Enhanced Security Configuration (ESC)."
$key = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components"
$AdminKey = "$key\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "$key\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
if(Test-Path $AdminKey){    
  Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0    
if(Test-Path $UserKey) {    
  Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0    

This is a script I use generically on many windows machines and it will simply do nothing on client SKUs since it checks for the registry locations.

Do not open server manager at logon

Don’t worry everyone. I assure you that you can still manage your server even without server manager. This is the dashboardy looking app that comes up on windows server immediately after logon. Its one redeeming feature is that it exposes a way to turn off IE Enhanced Security Configuration. Here is an excerpt from our CenturyLink Cloud default windows Chef recipe that turns this off:

# Disable the ServerManager.
registry_key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager' do
  values [{    
    :name => 'DoNotOpenServerManagerAtLogon',    
    :type => :dword,    
    :data =>  0x1    

Of course you can do the same without Chef with this bit of powershell:

Write-Host "Disabling Server Manager opening at logon."
$Key = "HKLM:\SOFTWARE\Microsoft\ServerManager"
if(Test-Path $Key){  
  Set-ItemProperty -Path $Key -Name "DoNotOpenServerManagerAtLogon" -Value 1

Sensible windows explorer settings

This tends to drive me nuts. I can’t tell .bat files from .cmd files. I cant find my ProgramData folder. I’m initially excited that my 100TB page file has disappeared then crushed to discover its there and I just don’t see it. The world is not well. This script makes it right:

$key = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'
if(Test-Path -Path $Key) {  
  Set-ItemProperty $Key Hidden 1  
  Set-ItemProperty $Key HideFileExt 0  
  Set-ItemProperty $Key ShowSuperHidden 1
  Stop-Process -Path explorer

Who would NOT want to show Super hidden files?

Adding a couple light weight apps for extra sanity

There are a couple other things that I find unacceptably annoying but there is no simple configuration fix for these. Both mentioned here can be solved with a small install:

A tears free command line console

Windows 10 (in technical preview as of this post) is finally fixing some of this but in the meantime I use console that supports key mappings for human consumables copy/paste shortcuts and tabbed consoles since it is not uncommon for me to have half a dozen command lines open. It works with both powershell (site staff recomended) as well as the traditional command line. Many others really like the ConEmu console emulator.

Text editor that understands how lines end

When it comes to lite text editing, notepad is not so entirely bad in a 100% windows universe. However these days I work in a mixed environment and transfer bootstrap scripts from a linux box. If I need to inspect those files after they have made their way to a windows server, I'll often be faced with a one line file. While reducing the prior logic to a single line is impressive, the end result may mean having to use Wordpad to view the files. Is that wrong? Yes...yes it is. Text editors can be a very personal decision. I prefer sublime text 3 on which I am happy to spend the 50 bucks or whatever it was I spent, but there are lots of good free options available.

A chocolatey package to automate away the annoying

I have wrapped all of the three config changes above into a chocolatey package win-no-annoy. You can check out the complete powershell script that it will run here. If you are working with a newly provisioned machine or any machine that does not have chocolatey installed, use boxstarter to run the script which will also install chocolatey. Assuming IE is still the default browser, run the following command:


I hope your windows server experience will be much less annoying with these improvements made.