installing win7 on new ssd/new build - some quick questions

[arnoldma]

Just about to build my new PC, spec:

i7-2600k (d14 hsf)
asus p8z68v-pro
g-skill ripjawsx 8gb c9
crucial m4 128gb ssd
msi 6970
panosonic sata dvdrw
corsiar ax850

ive never actually installed windows 7 and never owned an ssd! behind i know...

ive done some reading and it seems i just need to:

make sure all drives are unplugged other than ssd
put on lowest sata port
enable AHCI in bios

what i'm not sure about is post install, some places have said install intel RST driver, do i need this on the m4? and do i need to apply the registry LPM fix, too?

anything else i need to remember?

thanks!!

[Anvil]

Seems you've got most of it already

Enable Hot Plugging in bios
Use the latest Intel RST driver + the LPM fix

Disable System Restore, Disable page file, Disable hibernation (cmd -> powercfg -h off),...

Can't think of any other right now, looks like a great new computer

Well, you should probably update to the latest bios on your MB.

[DAK1640]

Some good info here for ya...

http://www.tomshardware.com/reviews/...weak,2911.html

[IFMU]

i know how it feels to be left behind, i just recently got my first ssd. bought it from jcool if i remember correctly. gave me a good price on it too.

i'm pretty new to the whole ssd thing obviously, but i used this guide when i installed. Win7 Ultimate x64.
i've been running this install and this drive for about a month now. haven't had any issues that i've noticed, so don't think that guide is too bad or far off. i'm sure someone else here could give better input as far as that guide goes, but for me it seems to be doing ok.

[arnoldma]

cool, thanks for the guide!

im on the new pc now, the ssd is blazing fast - on everything! installs, loading, just general task is lightning fast...

im still on the win7 drivers, dont see the need to update to intal RST drivers (dont need LPM fix?), which means i dont have to update bios either - im lazy

hope everything stays ok. very very happy so far!

edit: from the guide "This step may be unnecessary to most as many tests have resulted in no appreciable performance difference between the standard MSAHCI driver and that put forward by Intel."

good news for a lazy guy

[pcunite]

I like to image my systems using Ghost. To make things easy this is how I do a fresh install:

Install without 100MB partition and SSD Alignment

--------------------------------------------------------------------------------

At the first setup screen (Language, Keyboard, etc.) press SHIFT+F10. This will open a command prompt window. Type "C:\" then Enter. Use the following commands.

- Diskpart
- List disk
- select disk 0
- clean
- create partition primary size=60000
(this creates a partition of 60GB in size. To skip just leave off "size=60000")

- select partition 1
- active
- format fs=ntfs quick (optional)

Now continue with the install. When you get to the partition screen, highlight the partition you just created and click Next. Windows will install to the partition you created and not create the 100MB boot partition. Instead, you will see a C:\Boot folder when the install is finished.


To check alignment:
- list partition

Then after Windows 7 is finished installing and I do the drivers, chipset, etc. I set it up for extreme security using LUA + SRP like so:

Run gpedit.msc

* Computer Configuration / Windows Settings / Security Settings / Acount Policies / Password Policy
Maximum password age = 0

* Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment
Change the system time = add the users group

* Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options
Devices: Allowed to format and eject removable media = Administrators and Interactive users

* Computer Configuration / Windows Settings / Security Settings / Software Restriction Policies
Security Levels = Disallowed
Additional Rules = "C:\Program Files(86)", Path for any drive partitions also
Enforcement = All users except local administrators, All software files
Designated File Types = remove .lnk restrictions
Trusted Publishers = Allow all administrators and users to manage....

* User Configuration / Administrative Templates / Desktop
Do not add shares of recently opened documents to Network Locations = Enabled

* User Configuration / Administrative Templates / Shared Folders
Allow shared folders to be published = Disabled

* User Configuration / Administrative Templates / Windows Components / Attachment Manager
Inclusion list for moderate risk file types = Enabled = *.exe

* Right click on "C:" drive and go to Properties
On the Security tab, remove Authenticated Users from list.

[LexDiamonds]

I have found that enabling hot swapping in the bios also eliminates the need for the LPM fix (at least on a crucial m4).

[IFMU]

I like to image my systems using Ghost. To make things easy this is how I do a fresh install:

Then after Windows 7 is finished installing and I do the drivers, chipset, etc. I set it up for extreme security using LUA + SRP like so:

Interesting moves there. In the 2nd group, what do those do? Some are rather obvious, but others, not so much.

[pcunite]

Interesting moves there. In the 2nd group, what do those do? Some are rather obvious, but others, not so much.

The main purpose is to give limited accounts (regular users) the ability to run an .exe from a given directory. But from that same directory remove the ability to write. Then, give the limited user the ability to write to other directories, but remove their ability to execute. This way you don't need virus scanning software because you can never execute a virus! Browser exploits don't matter either. Most of the hot fixes aren't needed as well. As long as you log in as Admin to install trustworthy software, the system will be as secure as possible perpetually.

I have set up all my family members PC's this way and I have not heard from them in five years. They don't need to install new software. Who does anyway? And when you do, just log in as admin and watch out for free software that you can't trust. I use VM's for playing around. All modern software since 2007 is designed to run in this type of situation by the way. Software runs from Program Files but writes to %userprofile%.