First, verify that the OS is Windows 7 SP1.  If not, update to SP1 first.


 


NOTE:


->    - Denotes a single left click of the mouse or "go to" or "do this


next"


*RC - Denotes single right click of the mouse *DC - Denotes double left click of the mouse X     - Denotes clicking the "X" in the upper right corner of a window to close it


 


 


I.) ***PRELIMINARY SETTINGS***


 


1.)  Setup Windows users and passwords


Windows Key + R (to open Run Box) -> type in "control userpasswords2" ->


OK -> Advanced tab -> Advanced button -> *DC "Users" folder ->


*RC "Administrator" user, choose "Set Password..." -> Proceed -> type


password in both boxes as "prism2000" -> OK -> OK


*RC in a blank area below user list -> New User... ->


     a.) User name: "manager"


     b.) Full name:  "manager"


     c.) Password (in both boxes):  "manager2000"


     d.) Uncheck "User must change password at next logon"


     e.) Check "User cannot change password" and "Password never expires"


     f.)  Click the "Create" button.


     g.) Do a.-f. again, but for a.) and b.) use "pos", and for c.) use


"pos2000".


     h.) Click the "Close" button.


     i.) *DC the "manager" user -> Member Of tab -> Add… -> In the


"Object names to select" box, type "Administrators" -> OK -> OK


     j.) Repeat step i. For the "pos" user


     k.) X (on the "Local Users and Groups" window) -> Users tab -> If 


"Users must enter a user name and password to use this computer." is not


checked already, check it. ->


 


FOR A MANAGER: in the list of users click the "manager" user -> Uncheck


"Users must enter a user name and password to use this computer." -> OK


-> Username should already be  "manager", password (in both boxes)


should be "manager2000" -> OK


 


FOR A STATION: in the list of users click the "pos" user -> Uncheck


"Users must enter a user name and password to use this computer." -> OK


-> Username should already be  "pos", password (in both boxes) should be


"pos2000" -> OK


 


2.)  Log off of current user and log in as correct user


FOR A MANAGER: Start button -> Arrow next to Shut Down -> Select Log Off


-> OK -> Once it is logged off, for username specify "manager" for


password specify "manager2000" -> OK


FOR A STATION: Start button -> Arrow next to Shut Down -> Select Log Off


-> OK -> Once it is logged off, for username specify "pos" for password


specify "pos2000" -> OK


 


3.) Enable "Log on as a service" for the "manager" user, in order for


PrismService to start after install.  Do the following to enable that:


     a.) Go to Start->Run and specify "secpol.msc" and hit OK


     b.) Double click: Local Policies -> User Rights Assignment -> Log


on as a service


     c.) Click 'Add User or Group'


     d.) Type: 'manager' in the box, hit the 'Check Names' button; and


then hit OK.  Hit OK on the window behind it too, and then you can close


the 'Local Security Policy' window.


 


4.)    Disable UAC (User Account Control).


     a.)    Start -> Search Box -> type in "uac" -> OK


     b.)    Slide the slider on the left to the bottom -> OK


 


 


II.) ***CONTROL PANEL SETTINGS***


 


1.)  Open Control Panel, set view options


     a.) Start button -> Control Panel


     b.) Change "View by:" in the upper right to "Small icons"


 


2.)  Disable Action Center warnings


     a.) *DC "Action Center" -> "Change Action Center settings" in the


upper left


     b.)  Uncheck ALL boxes here -> OK ->Control Panel Home link in the


upper left.


 


3.) Disable write caching on the hard disk.


     a.) *DC "Device Manager" -> Click the + sign next to "Disk drives"


-> *DC the hard disk device underneath.


     b.)  Policies Tab -> UNCHECK "Enable write caching on this device"


-> OK -> X


 


4.)    Services to STOP and DISABLE:



  1. Disk Defragmenter

  2. Internet Connection Sharing

  3. IP Helper (IPv6 related)

  4. Media Center Extended Services

  5. Offline Files

  6. Superfetch

  7. Windows Media Player Network Sharing Service

  8. WinHTTP Web Proxy Auto-Discovery


 


5.)    Disable/Enable some TCP/IP settings (Network and Sharing center)



  1. Setup Network as "WORK NETWORK" type

  2. This disables HomeGroup

  3. Click on Change Advanced Sharing Settings

  4. Set Network Discovery = On

  5. File and printer Sharing = On

  6. Public Folder Sharing = OFF

  7. Media Streaming = OFF

  8. File sharing connections = 128bit

  9. Password protected sharing = OFF

  10. HomeGroup Connections = Use user accounts


         iii.    Make PUBLIC settings the same



  1. Open up the properties for the adapter

  2. Uncheck IPv6

  3. Set IP Address to 192.168.1.100 (MANAGER) or 192.168.1.10X


(STATION)


             Set subnet to 255.255.255.0


             Set Gateway to 192.168.1.1


             MANAGERS: Set DNS to 192.168.1.1 & 8.8.8.8


 


6.)    Open Folder Options in Control Panel



  1. Go to view tab

  2. Uncheck Use Sharing Wizard


 


7.)  Disable AERO Interface and set desktop properties


     a.) *DC "Personalization"


     b.)    On the right, scroll down to "Windows Classic" and click on it.


     c.)  On the left -> Change desktop icons.  Check the boxes for:


Computer, Recycle Bin, Network -> OK -> X


 


8.)  Disable unneeded Programs and Features


     a.) *DC "Programs and Features" -> "Turn Windows features on or


off" link on the upper left.  In the window that opens, UNCHECK the


following items:


             Indexing Service


             Media Features


             Remote Differential Compression


             Tablet PC Components


             Windows Gadget Platform


     b.) -> OK -> Control Panel Home link in the upper left.


 


9.)    Set system performance options and enable Remote Desktop


     a.)    *DC "System" -> Advanced system settings -> Settings button


under performance


     b.)  Set to "Adjust for best performance"


     c.)     Remote tab -> Check "Allow Remote Assistance connections to


this computer.  Change the radio button to "Allow connections from


computers running any version of Remote Desktop (less secure) -> OK ->


Control Panel Home link in the upper left.


         NOTE: If using Remote Desktop remotely, remember to open port


3389 in the router for the MANAGER IP address for external RDP access to


function.


 


10.)  Set taskbar and start menu properties


     a.) *DC "Taskbar and Start Menu"


     b.)  Set "Taskbar buttons" to "Combine when taskbar is full"


     c.)  Check "Use small icons"


     d.)  Start Menu tab -> Customize button -> Click the checkbox for


"Run command" -> OK -> OK


 


11.)  Disable Windows Firewall


     a.) *DC "Windows Firewall" -> click the link on the left for "Turn


Windows Firewall on or off"


     b.)  Under "Home or work (private) network location settings" ->


Change to "Turn off Windows Firewall (not recommended)"


     c.)  Under "Public network location settings" -> Change to "Turn


off Windows Firewall (not recommended) -> OK -> Control Panel Home link


in the upper left.


 


12.)  Setup Windows Update


     a.) *DC "Windows Update" -> click the link on the left for "Change


settings"


     b.)  Under "Important updates" -> Change to "Download updates but


let me choose whether to install them"


     c.)  Check both of the checkboxes here -> OK -> Control Panel Home


link in the upper left.


 


13.) Verify Power settings in Control panel - Power Options


     a.). Click the "Change plan settings" link next to the selected


"Balanced" plan


     b.). Click the "Advanced Power Settings" link



  1. In the dialog box click the "+" next to hard disk

  2. Click the "+" next to the "Turn off hard disk after"

  3. Should be set to Never (if not put a 0 in the field)


     c.) Click the "+" next to the "Allow Hybrid Sleep"



  1. Should be Off


 


14.) Fully disable hibernation which also deletes the "hiberfil.sys"


file.  Run this command from the Run box:


  powercfg -h off


 


15.) Setup Windows Registry to Disable SMB2.0 on Manager and Stations


 


         The registry must be changed by hand by adding the following


keys on each computer with the


         following procedure:


 



  1. Run "regedit"

  2. Add a new REG_DWORD key in the following locations


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers]


                     "EnabledProtocols"=dword:00000006


 


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]


                     "LmCompatibilityLevel"=dword:00000001


 


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session


Manager\Memory Management]


                     "LargeSystemCache"=dword:00000001


 


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AeLookupSvc]


                     "Start"=dword:00000002


 


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]


                     "Size"=dword:00000003


                     "Smb2"=dword:00000000


                     "Smb3"=dword:00000000


 


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteRegistry]


                     "Start"=dword:00000002


 


         On the STATIONS following commands are issued at the command


prompt and result in changes to the registry;


             sc config lanmanworkstation depend= bowser/mrxsmb10/nsi


             sc config mrxsmb20 start= disabled


 


16.)    Install MSE - Microsoft Security Essentials per K1775


 


17.)    Install ELO 5.5.3 Touch Driver (7 x64/x86)


 


--