New to Windows 7 on SSD drive

Discussion in 'sandboxing & virtualization' started by Smuck, Jul 19, 2012.

Thread Status:
Not open for further replies.
  1. Smuck

    Smuck Registered Member

    Jul 17, 2012
    United Kingdom
    I'm not sure about the security configuration of Windows 7 with a small SSD drive, so I wanted to ask. Here's what I had in mind:

    60 GB SSD Drive Labeled "System" C:
    System Programs (maybe 20-40 GB)
    Pagefile (Keeping the pagefile on SSD will probably make OS faster)
    Secured by a System Image and :
    Deep Freeze (anti virus)
    Rollback Rx (anti bug)
    (Shadow Defender is not compatible with SSD & TRIM)​

    1 TB USB v3.0 Labeled "Data" D:
    System Image Backup
    Users Folder
    Sandbox Folder (for preinstallations)
    Secured by Sandboxie + a File Integrity Checker + a Virus Scanner on Downloads:
    Kaspersky Virus Removal Tool

    1. After Windows 7 installation have all driver updates from your motherboard vendor ready
    2. Enable display of hidden folders and files in explorer and check what temporary folders are created during drivers update
    3. Update BIOS and check BIOS settings (that it supports virtual machine etc.)
      And set use of AHCI (not IDE) for SSD
    4. Update Drivers (processor, SSD, SATA, USB etc; old processor driver might not support SSD TRIM function)
    5. Check in system that all hardware & drivers are working and delete again temporary folders created during updates
    6. Use USBDLM to secure a letter for drive users folder is to be redirected to
    7. Redirect Users folder to "Data" partition as described here.
    8. Turn off:
      • Indexing (probably useless if system is frozen with DF or Rollback RX)
      • Windows Restore (it has issues with SSD TRIM & to use less space on SSD)
      • Hibernation Option (SSD boot should be just as fast) Enter cmd (command prompt): powercfg -h off
      • Splash Screen: Winkey + R, type MSConfig and enable NO GUI Boot
      • Prefetch, Superfetch, Boottrace for SSD in regedit: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManager\PrefetchParameters and set them to 0
      • Windows Defender
      • Defrag schedule for SSD drive (do not defrag SSD!)
      • Windows Update (because system will be frozen)
    9. Lower Recycle Bin to 200MB to save space on SSD and reduce writes.
    10. Install additional Themes and setup background rotation and power savings
    11. Install Desktop Gadgets and configure icons, menus and explorer
    12. Check Pagefile location and size (Keep it on SSD for faster OS or on "Data" drive for more space)
    13. Check graphics card settings (highest res), Processor settings and perhaps SSD configuration
    14. Install System Tools:
      • Deep Freeze
      • CCleaner
      • Fraps
      • Daemon Tools Lite
      • DirectX (game edition)
      • Redistributionable packages
      • 7zip
      • Sandboxie
      • File Verifier++
    15. Check Windows 7 install list
    16. Run all system tools and do setup
    17. Defrag SSD system drive
    18. Set all programs auto update to off
    19. Put Internet Explorer in sandbox
    20. Create a Sandbox folder on "Data" drive
    21. Run CCleaner
    22. Create System Image and save it to "Apps" drive
    23. Freeze System with DF and Rollback RX
    Last edited: Jul 22, 2012
  2. Spysnake

    Spysnake Registered Member

    Apr 11, 2009
    Do NOT defrag the SSD drive. It only creates unnecessary reads and writes. Aside from that, your list is pretty comprehensive. Only thing that I would add would be the SATA drivers, if you have a Intel chipset powered system.
  3. majoMo

    majoMo Registered Member

    Aug 31, 2007
    > 22. Create a Sandbox folder on "Data" drive

    I could create the normal SandboxIE used folder to browse on a RamDisk drive.
  4. Smuck

    Smuck Registered Member

    Jul 17, 2012
    United Kingdom
    Thx. Apparently Windows 7 is not very flexible concerning small SSD drives, so the setup list becomes comprehensive when you need to move users folder etc. Maybe Windows 7 does it automatically but it is also suggested concerning SSD, that one turn off Prefetch, Superfetch and Boottrace.

    Btw I'm also planning to reduce IE temp files directory size
    Set Firefox to use memory as cache instead of using disk
    And turn off Windows Logs all except "Eventlog-Application, Security, System and Security-Essentials"

    The processor is an Intel i7-2600 3.40 but I don't think it needs SATA drivers update, because I'm going to use an USB v3.0 portable drive.
  5. TheQuest

    TheQuest Registered Member

    Jun 9, 2003
    Kent. UK by the sea
    Hi Smuck

    Here is some information that you might find of help :- SSD Optimization Guide

    Take Care
    TheQuest :cool:
  6. littleturle

    littleturle Registered Member

    Jun 26, 2012
    this is great!
    Thanks for the link!

  7. Smuck

    Smuck Registered Member

    Jul 17, 2012
    United Kingdom
    Thx, good to know that SSD require AHCI and not IDE.

    I think it's better not to split Applications from Users Folder on "Data" drive in two partitions, cause they do belong together.

    But how should new downloads be treated securely? The system is frozen and the downloads are in a sandbox folder until scanned. But should they be scanned with Windows Defender or MSE? Or can I just as well turn off Windows Defender since the system is frozen with Deep Freeze?

    I'm neither so sure about how to secure drive letter for link to Users folder from system before login?
    Last edited: Jul 20, 2012
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    May 9, 2005
    Just use it as it is.
  9. Smuck

    Smuck Registered Member

    Jul 17, 2012
    United Kingdom
    Yeah, why not install fishy windows 8, that surely must be an update and use it as it is. You have to be sherlock to even find it
Thread Status:
Not open for further replies.