How to prepare your system for a screen-share (Important)

Vape

Vape

Active Member
Messages
702
Social Credit
2
This tutorial focuses on disabling windows features that can lead to you getting caught in a screen-share. This is not a 'How to bypass a screen-share' thread you can refer to Ryan's post for that.

Ryan's post: http://bit.ly/2zsvfLc

Stop windows storing data in the Compatibility Assistant\Store registry key.

1.) Press the windows key and R at the exact same time.
2.) Type services.msc
3.) Find the 'Program compatibility assistant service'.
4.) Right click on this service and under 'startup type' select disabled.
5.) Reboot your system.

You can find out if you did this correctly by going to the following registry key and checking if there are any new logs I suggest deleting all the current ones residing within this registry key.

Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store

Stop windows storing data in the user assist view registry key.

1.) Press the windows key and R at the exact same time.
2.) Type regedit.
3.) Navigate to the following registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
4.) right click on the UserAssist registry key then select 'New' then 'key' and rename the key you created to settings.
5.) Under this registry key create a new DWORD value rename this to NoLog.
6.) Double click the DWORD key and give it a value of '1'.

Stop windows storing data in prefetch.

1.) Press the windows key and R at the exact same time.
2.) Type regedit.
3.) Navigate to this registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParameters'.
4.) Right-click on both EnablePrefetcher and EnableSuperfetch and choose modify on both of these and change the current value to 0.

Disabling memory compression.

1.) press your windows key and type in powershell right click on this and run it as administrator.
2.) Wait for the powershell to load and type the following command Disable-MMAgent -mc

Disabling MRU list's

1.) Press the windows key and R at the exact same time.
2.) type regedit
3.) Navigate to this registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
4.) Under this registry key create a new DWORD value rename this to
NoRecentDocsHistory.
5.) Right-click on the DWORD you just created 'NoRecentDocsHistory' and choose modify and change the current value to 1.

Disabling shell bags

1.) Press the windows key and R at the exact same time.
2.) type regedit.
3.) Navigate to this registry key.
HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell
5.) Under the Shell key you will find two subkeys 'Bags' and 'BagsMRU'. delete both of these.
6.) recreate the Bags subkey. Right click the Shell key and select 'New - Key'.
7.) Under the Bags sub-key you just created, create a new sub-key. Right click the Bags key and select "New - Key". Rename the new key to 'AllFolders'.
8.) Under the AllFolders key, create a new sub-key named Shell.
9.) Under the 'Shell' sub-key you created, create a new string value named FolderType and set it to NotSpecified.

Once you have done all this restart your system for the changes to take place.

Your system is now patched.
 
Last edited:
Ocureal

Ocureal

Active Member
Messages
810
Social Credit
1
Vape said:
This tutorial focuses on disabling windows features that can lead to you getting caught in a screen-share. This is not a 'How to bypass a screen-share' thread you can refer to Ryan's post for that.

Ryan's post: http://bit.ly/2zsvfLc

Stop windows storing data in the Compatibility Assistant\Store registry key.

1.) Press the windows key and R at the exact same time.
2.) Type services.msc
3.) Find the 'Program compatibility assistant service'.
4.) Right click on this service and under 'startup type' select disabled.
5.) Reboot your system.

You can find out if you did this correctly by going to the following registry key and checking if there are any new logs I suggest deleting all the current ones residing within this registry key.

Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store

Stop windows storing data in the user assist view registry key.

1.) Press the windows key and R at the exact same time.
2.) Type regedit.
3.) Navigate to the following registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
4.) right click on the UserAssist registry key then select 'New' then 'key' and rename the key you created to settings.
5.) Under this registry key create a new DWORD value rename this to NoLog.
6.) Double click the DWORD key and give it a value of '1'.

Stop windows storing data in prefetch.

1.) Press the windows key and R at the exact same time.
2.) Type regedit.
3.) Navigate to this registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParameters'.
4.) Right-click on both EnablePrefetcher and EnableSuperfetch and choose modify on both of these and change the current value to 0.

Disabling memory compression.

1.) press your windows key and type in powershell right click on this and run it as administrator.
2.) Wait for the powershell to load and type the following command Disable-MMAgent -mc.

Your system is now patched.
Click to expand...
kys, money whore with that bitly shit
 
Vape

Vape

Active Member
Messages
702
Social Credit
2
Ryan said:
Thanks for revealing half of what my updated tutorial was gonna look like. Oh well, it's not like I was gonna do it anytime soon. Nice tutorial though.

Add in how to get rid of the MRU lists and shellbags.
Click to expand...
Done, great suggestion.
 
W

Wirlo

New Member
Messages
24
Social Credit
0
Hey thanks for the tut.

just one question :/

if i want to "Disable my MRU list's" i dont have your last explorer file .. any advices?

thanks :)
 
A

ANAL HARASSMENT

Member
Messages
89
Social Credit
0
Couldn't find the MRU things, skipped it.
Couldn't disable Mc either it said it was not a good value
Also did I do this alright?
IMG-20171021-WA0029.jpg
 
Vape

Vape

Active Member
Messages
702
Social Credit
2
TsarMax said:
Couldn't do MRU things as there weren't the folders you mentioned, and the memory compression thing didn't work. I did all else though.
Click to expand...
Do you have a memory compression process running in process hacker?
 
Vape

Vape

Active Member
Messages
702
Social Credit
2
ANAL HARASSMENT said:
I couldnt either
Click to expand...
Once you enter Disable-MMAgent -mc into the powershell you will no longer have a memory compression process running in process hacker. I edited the post and removed the full stop and I think some of you thought the full stop was part of the command. Make sure you restart your PC once you have entered this into an administrator privileged powershell.
 
Apple

Apple

New Member
Messages
13
Social Credit
0
Got ssed on velt, they were in my process hacker and I got banned by an admin for disabling some PVS thing in process hacker.
(idk if was PVS im pretty sure it was im prob retarded and it was something else tho)
 
Vape

Vape

Active Member
Messages
702
Social Credit
2
Apple said:
Got ssed on velt, they were in my process hacker and I got banned by an admin for disabling some PVS thing in process hacker.
(idk if was PVS im pretty sure it was im prob retarded and it was something else tho)
Click to expand...
Whatever it was your not the retarded one. If a staff member bans you for doing anything listed here they are retarded, some windows machines come with memory compression, prefetch ect disabled. It's your operating system they don't not dictate what you do on it. If a server bans you for anything on this list there staff vetting process is shit and their not worth there salt.
 
Last edited:
Vape

Vape

Active Member
Messages
702
Social Credit
2
Apple said:
Got ssed on velt, they were in my process hacker and I got banned by an admin for disabling some PVS thing in process hacker.
(idk if was PVS im pretty sure it was im prob retarded and it was something else tho)
Click to expand...
I know what it is now, PCA Client. That can come disabled on your OS much like prefetch ect.
 
You must log in or register to reply here.
Top