Jump to content

Unofficial Windows 10 Audio Workstation build and tweak guide


Noel Borthwick

Recommended Posts

I tested in in Firefox as well. Maybe you're blocking something with an ad blocker, firewall, or DNS black hole?

The blog site does check to see if you're signed into it when it first loads up, but it's not required unless you want to comment.

If you go to just aka.ms without the rest of it, that's our page for managing short links. You have to have Microsoft employee credentials to log in there. Totally separate thing.

Pete

Link to comment
Share on other sites

Excellent! It doesn't get more authoritative than this. I knew about excluding folders from Defender scanning (a tweak I figured out on my own, really good to disable it for your Cakewalk Projects folder and the VST3 and VST2 folders) but I didn't know that you could also exclude processes.

One note:

Quote

In general, I recommend Pro, because it has more knobs you can turn to control aspects of the system, especially anything that uses Group Policy....

If you wish to mess with Group Policy settings (which are absent from Pete's guide) Group Policy Editor comes with Windows 10 Home, but the feature is not enabled by default. Fortunately, it's not difficult to enable it.

I've done this, and it worked a treat (although at one point a Windows Update disabled it again so I had to re-enable it). I haven't tried the 3rd-party policy editor they recommend.

Link to comment
Share on other sites

10 minutes ago, Starship Krupa said:

Excellent! It doesn't get more authoritative than this. I knew about excluding folders from Defender scanning (a tweak I figured out on my own, really good to disable it for your Cakewalk Projects folder and the VST3 and VST2 folders) but I didn't know that you could also exclude processes.

One note:

If you wish to mess with Group Policy settings (which are absent from Pete's guide) Group Policy Editor comes with Windows 10 Home, but the feature is not enabled by default. Fortunately, it's not difficult to enable it.

I've done this, and it worked a treat (although at one point a Windows Update disabled it again so I had to re-enable it). I haven't tried the 3rd-party policy editor they recommend.

FWIW the group policy editor is not actually supported on Windows 10 Home, but I figure anyone doing the above knows that. Also, be careful with DISM, as it's really easy to hose your drive with that. DISM does a lot of things, including provision an empty drive. It's the deployment image servicing tool. The way the batch file is written, that's not going to happen, but should anyone get curious about the tool, this is important to know.

Which group policy settings would you apply to a DAW? I have some for controlling updates linked to from the post, but I haven't found any others that are essential, myself.

Pete

  • Thanks 1
Link to comment
Share on other sites

29 minutes ago, Pete Brown said:

Which group policy settings would you apply to a DAW?

Controversial, to the point that I seldom recommend it unless people ask, but I disable Defender realtime scanning completely on all my systems. Excluding folders and processes from it as you suggest probably works as well. "Kids, do not try it at home" caveats apply.

Background:

I have my own anti-malware system in place I call "not clicking on random crap I get via email and on-demand scanning any executables I download." In the 40 years I have been using DOS and Windows, it's never failed me.

Having been around that long in the industry, I'm also cantankerous about lowest common denominator precautions. In my IT career I never encountered malware that was as destructive and invasive than the malware solutions I encountered (slow startup, resource hogging, performance degradation, pop-up nags, etc.). I understand that as the user base for Windows has expanded (and to be fair, malware has gotten nastier) it may be considered essential to harden the protection to make it more fool-resistant. I'm a very persistent fool. 😁

Regarding updates, I've found that the standard control in Home is fine for my amateur home studio.

Edited by Starship Krupa
  • Like 2
Link to comment
Share on other sites

In his guide, Pete sez...

<<I beg forgiveness for the marketing-like blurb, but please do check [Edge] out.>>

I know he can't shamelessly promote Edge without looking like a shill, so I will. Edge is fast and efficient, and improvements like Collections shows someone at Microsoft is thinking "hmm, I wonder what would actually help users."

  • Like 6
Link to comment
Share on other sites

From @Pete Brown's article:

Quote

There’s one release, in-particular, which I recommend you avoid: 1903. That release had a change in the kernel which negatively impacted audio performance. That was fixed in Windows 10 1909 and further tweaked in Windows 10 2004.

This gives me some hope I can upgrade from 1803 at some point.

Edited by Colin Nicholls
  • Like 1
Link to comment
Share on other sites

2 hours ago, Starship Krupa said:

Controversial, to the point that I seldom recommend it unless people ask, but I disable Defender realtime scanning completely on all my systems. Excluding folders and processes from it as you suggest probably works as well. "Kids, do not try it at home" caveats apply.

Background:

I have my own anti-malware system in place I call "not clicking on random crap I get via email and on-demand scanning any executables I download." In the 40 years I have been using DOS and Windows, it's never failed me.

Having been around that long in the industry, I'm also cantankerous about lowest common denominator precautions. In my IT career I never encountered malware that was as destructive and invasive than the malware solutions I encountered (slow startup, resource hogging, performance degradation, pop-up nags, etc.). I understand that as the user base for Windows has expanded (and to be fair, malware has gotten nastier) it may be considered essential to harden the protection to make it more fool-resistant. I'm a very persistent fool. 😁

Regarding updates, I've found that the standard control in Home is fine for my amateur home studio.

Got it.

I don't agree with the decision to disable Defender, but I get where you're coming from.

What you don't end up protected from, however, are drive-by malware installs that use browser exploits to install software on your PC, Mac, Phone, etc. The owners of the sites often don't even know that the malware distribution is happening there, because it comes through compromised ad networks, hacked sites, posted comments, etc. You can still manage a lot of that by being careful and aware, but some of these things can be tricky.

I still use Defender, but I've also done a few other things in this house to help keep all the PCs safe (I have a 12yo and 15yo, each with their own PCs since they were 6, and my wife also has her own PC)

  • Ad-block. I felt guilty at first, but ad networks were a primary distributor of drive-by malware, so I gave up, That, and the ads that were pushing content all over the page were so distracting that I just couldn't function anymore.
  • Pi-Hole. I have a pi-hole for the house. Originally, I installed it so I could actually surf the web with my iPad Air. It was otherwise choking due to all the supplemental ad/tracking/scripting going on on pages. It really made a huge difference. I've unblocked the domains for xbox achievements, and some telemetry, but otherwise, it blocks a ton.
  • Before it was mandated, uninstalled and disabled Flash on all the PCs in the house. Way too many exploits
  • Way back, completely disabled Java on all browsers on all PCs. Hot mess of exploits that was. The only reason Java was on any of the PCs was (is) for Minecraft.

Since then, there's only been one instance of malware in the house, from when my son was trying to download a Minecraft texture pack, and clicked the wrong download button (I hate those sites). He learned a valuable lesson that day, and no one has had problems since.

There's a person on Gearslutz who PM'd me about malware they got. The vector there was their router, which has apparently been compromised. Again, didn't require any bad behavior on the part of the user, other than not making sure the router was up to date (and even then, not sure that would have stopped it).

One thing I did recently enable is Windows Defender Controlled Folder Access. The first time you enable this, it's a bit of a pain as file access starts silently failing for some apps. But once you let them through, it's all good. Given the massive rise in ransomware, this seemed prudent. 

Defender is pretty low-touch and low resource usage. Worth a try if you ever decide to give it another shot. :)

Pete

  • Like 2
  • Thanks 3
Link to comment
Share on other sites

1 hour ago, Craig Anderton said:

In his guide, Pete sez...

<<I beg forgiveness for the marketing-like blurb, but please do check [Edge] out.>>

I know he can't shamelessly promote Edge without looking like a shill, so I will. Edge is fast and efficient, and improvements like Collections shows someone at Microsoft is thinking "hmm, I wonder what would actually help users."

Thanks Craig

I'll buy you a drink the next time we have an in-person NAMM or MIDI meeting.  :D 

Pete

Link to comment
Share on other sites

10 hours ago, Craig Anderton said:

In his guide, Pete sez...

<<I beg forgiveness for the marketing-like blurb, but please do check [Edge] out.>>

I know he can't shamelessly promote Edge without looking like a shill, so I will. Edge is fast and efficient, and improvements like Collections shows someone at Microsoft is thinking "hmm, I wonder what would actually help users."

Im exclusively using edge these days including on an iPad where ironically it generally runs better than Safari.

Link to comment
Share on other sites

Dang, @Pete Brown, your approach to malware defense is so....rational. As opposed to crusty like mine or fear-mongering. 😁

Thanks for outlining the steps that you, as a savvy home network administrator, take. I've been away from IT as a profession so long that I've barely heard of "drive-by malware." Or Pi-Hole. My home firewallin' is done with DD-WRT-on-yardsale-Linksys. If there were people under voting age at my place, I'd be so fearful I'd probably set up an entirely separate network to prevent my Roku Box getting pwnd.

I haven't disabled Defender, just the realtime scanning part of it (which choice is, I believe, more exposed on Pro). I use it ad hoc when I download .EXE's, and I do nothing to stop it from doing its thing during "idle" periods. I'm not against anti-malware software, just the kind that stays running all the time constantly examining my computer activity to make sure I'm not doing something to ruin my system. When I moved my main DAW system from Windows 7 to 10 and Cakewalk playback got noticeably balkier was when I fired up Resource Monitor. It revealed that A. Cakewalk streams every audio file in the project whether or not it's associated with an unmuted clip (unless it's entirely owned by an archived track) and B: Defender was malware-scanning my audio files, plug-ins, and other .dll's every time Cakewalk read them. At the time I had a spinny drive (a pretty fast one, but spinny nonetheless).

6 takes of drums x 4 drum tracks was (at least) 24 audio files filtering through the Defender engine every time I hit Play. I had to figure out how to put a stop to that and figured out how to turn off realtime scanning before I learned about folder and process exclusion.

I'll look into Pi-Hole. I use Ad-Block for my browsers (and politely disable it on sites that ask politely), but having something stop those scripts and apps before they get to my trailing edge devices makes perfect sense.

  • Like 1
Link to comment
Share on other sites

@Pete Brown I just went through your guide and it is excellent and thorough. Great stuff!

One setting I haven't seen talked about in your guide, or I simply missed it, is the game mode. Since I do absolutely no gaming on my DAW's PC (I have a PS4 for gaming anyway), I turned that off. But I wonder if it has any real impact, negative or positive?

I will put my vote in with @Craig Anderton comment: I use Edge exclusively on my DAW's PC. I did not see the benefit in installing a second browser and Edge has filled my browser need without a hitch. I started using Edge on my other, much older PC, where the fan would just run wild with Chrome opened. I was surprised how well it ran and never looked back. 

  • Like 1
Link to comment
Share on other sites

15 hours ago, Pete Brown said:

There's a person on Gearslutz who PM'd me about malware they got. The vector there was their router, which has apparently been compromised. Again, didn't require any bad behavior on the part of the user, other than not making sure the router was up to date (and even then, not sure that would have stopped it).

Are you sure their router was compromised. Over in the UK I get loads of calls supposedly  from BT or Microsoft claiming that my router has been compromised and can I download anydesk or teamviewer so they can look at my PC. If I am not busy It can amuse me playing who hangs up first after I ask them for my i.p. address or claim I am running Windows 95 or claiming not to have a mobile or computer :)

 

p.s. great guide though

 

Edited by Hatstand
  • Haha 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...