This is a dump of configuration changes I am making to the new computer I am building. It is running Window 8 Preview, and not all of this may apply to previous incarnations. I will update as I go along in the process and will and (Complete) to the title once I am done editing.

Oh and before I begin on the main topic once you have installed your operating system, you may want to do a hardware health check (on Windows Vista and up it is Control Panel > Proformance Information and Tools > Advanced Tools (on the left) > Generate Health Report (at the bottom as I recall).

First up is an extended list of settings to consider on a computer with an SSD and an HDD. Previously I linked to this article, which makes a good starting point but there is more that can be done. Just as a note about creating new users (which that howto calls for), I would recommend restarting before creating them if you have deleted any users and always restart before logging into an account for the first time after creating it.

One modification to the proceedure described in the article is to make the the drive for users an enviorment variable which makes changing it (for any reason) easier, though usually you will not be changing it again. To do so, goto Control Panel > System > Advanced Settings (on the left) > Enviorment Variables (button at the bottom). Add a new variable to the list of system variables (not user) called something obvious like UserDrive or DataDrive. Set the value to "X:" (no quotes), where X is the drive letter to use. Then you place the name of the variable surrounded by percent signs at the start of the registry entries (which by default start with %SystemDrive% on my machine, so just replace that). Now if you ever want to change, just change the variable's value.

Another change to make is where temporary files are placed (see end of section for why and why not to have temporary stuff on the SSD). Both also involve editing enviorment variables. In each System and User variables there are TEMP and TMP, with tell where they will go. Where ever the variable in the User list points needs to contain the user's name, and you will need to find out the name of the variable that contains that if there are any on your own. Possibly it might have to be changed manually for each user, in which case you would just need to make each unique (I have not done it so I do not know) For the system one, as far as I can tell it is not used much anymore so whether it is on the SSD or not will have little impact on anything. I would say just point it at your HDD and be done with it. Similar to setting where user folders are placed.

Last is to relocate the Page File (similar in reasons to do and not do to those of temp files). Page files are locations for Windows to store stuff that will not fit on the RAM in order to pretend it has more that it really does. Goto Control Panel > System > Advanced Settings > Settings (button in the preformace section at the top) > Advanced (middle tab) > Change (under Virtual Memory). Uncheck Automatically Manage. Select each drive in turn and select to let the system manage the size, use a custom size, or to not have a page file. Hit set before moving on to the next. Hit Apply when finished, and a restart is needed for changes to take effect.

Also, you can turn System Restore points (or at least limit how much space they can take up) be selecting System Protection from the System page in the Control Panel. It should be turned on at least for the System Drive, though you may want to limit the size availible for them.

Files on the SSD will be read and written faster, expecially if they are not done sequentially (in order). However, space on an SSD is limited compared to an HDD. Finally, the life time of SSDs is limited by how many times sectors on the drive can be written too. Moving temporary files, page files, and other files that are frequently written too off the SSD is a good way to increase its life span at the cost of speed. However, the actual impact of writes is also mitigated by having lots of free space as it can rearrange sectors to reduce how often they are used. Plus as time goes of they get better at being able to stand more writes as technology improves.

Settings to make Windows more secure:

First up is data execution prevention (DEP), found under Control Panel > System > Advanced Settings > Settings (button under preformace section) > Data Execution Prevention tab. It should not slow up the system much if hardware support is indicated on that page, so set it to be applied to all programs and not just Windows if you want it. When it is enforced on a program in violation it will likely crash with an Access Violation Error. The page can also be used to exempt applications that need it off. Programs that need to be exempt will either not work, crash frequently, or crash at specific points. If making them exept stops the crashes, then it needs to be exempt. Avoid applications that access the internet that need this feature turned off as they can easily be compromised.

It would be good to browse through the settings under Control Panel > Administrative Tools > Local Security Policy. As of at least Windows 7 when you go to edit settings there is a tab in the dialog box explaining what the setting does. One in particular is the option for who to allow to log on using Remote Desktop under Local Policies > User Rights Assignment. If you are going to turn Remote Desktop on (it is a set of sevices that are disabled by default) then you should probably remove the 'Administors' group from the list (at least once you have selected the specific users that will be allowed access, which is under System > Remote Settings > Select Users (button at the bottom). The dialog you use to reach the user list has a toggle for allowing Remote Desktop Connections. If you do not know what Network Level Authentication is, then you do not want to limit connections to that.)

Fun Fact: The Administrator accounts you create are not the real Administrator and some actions are blocked to them (such as disabling Safe Mode from the Registry). The real account is disable, but it and the Guest account can be turned on and off under Local Security Policy.

Have a separate administrator account from your user accounts that are not set to Administrator (set under Control Panel > Users). And then never work under the Administrator account unless you have to do so (such as changing the settings on Norton Antivirus, which is a pain and therefore I do not use it unlike some others in the family). Just right click programs that need Admin priveleges and select Run As Administrator from the drop down.

Check the sharing settings in the Network and Sharing Center (in the Control Panel) > Home Group (bottom left). In particular turn off the sharing option on Public networks, and then look through the other settings. This last one is mostly for computers that will connect to untrusted / unsecure networks (more of a laptop thing, though it may apply to a college dorm).

Do look through the features to enable and disable under Control Panel > Programs and Features > Turn Windows feature on and off (on the left).

P.S.:
Use a GPT boot record on your Boot Drive if and only if your MoBo has (U)EFI and you are running an OS that supports it (like Windows 7 and up), and also use it on all other drives. It works better than the dated MBR