abbodi1406's Batch Scripts Repo

Discussion in 'Scripting' started by abbodi1406, May 4, 2017.

  1. June's Hill

    June's Hill MDL Member

    Jul 1, 2021
    101
    131
    10
    First, thank you for your response, dear abbodi1406 :)

    I also never use Secure Boot, because my HP BIOS/UEFI Default Settings disable that option, and I don't want to use it because in the future I can boot to Linux without any problems.

    Ok, so the default setting of "UpdtBootFiles=0" is currently recommended, because we know very well it will work from ancient to newest UEFI, unlike the "2023 UEFI" that maybe cannot boot in old motherboards.
     
  2. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    7,262
    8,896
    240
    With SecureBoot disabled, or in CSM/BIOS Legacy mode, the choice of 2011 vs. 2023 UEFI is actually irrelevant. You can always install from a trusted source with SecureBoot disabled, update the OS, and then enable it again, if you want.

    SecureBoot is only relevant with non-trusted sources.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. 12 lb Turkey

    12 lb Turkey MDL Member

    Nov 24, 2022
    137
    85
    10
    If you add the CA 2023 cert to the UEFI's DB (allow list), but don't add CA 2011 to DBX (disallow list) -- then you can boot from either version with Secure Boot enabled.
     
  4. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    7,262
    8,896
    240
    Yeah, but you have to do it manually, and never run the Windows DBX update, as that one will update the blacklist, too.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. June's Hill

    June's Hill MDL Member

    Jul 1, 2021
    101
    131
    10
    So, to avoid any problem, and have the totally confidence your Windows/Linux ISO will boot, you can have always Secure Boot disabled. Because in reality, there's a more important setting you always have to enable: BIOS Password (for Setup/Configuration and Boot-Menu).

    Because an advanced user will always get/generated Windows ISOs from trusted source (UUP Dump, or SFV+GenuineVerification). Also, if someday a user wants to boot/install Linux, and has NVIDIA GPU, it's very recommended to disable permanently Secure Boot.

    This feature is oriented to people that don't have BIOS Password and want to prevent a malicious device to Boot in the computer/laptop. But again, without password, a bad guy can enter very easily to BIOS Setup, disable "SB" and boot whatever he wants.
     
  6. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    7,262
    8,896
    240
    BIOS/UEFI passwords are not very secure, unless it's a SecureCore (or similar tech) firmware.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. June's Hill

    June's Hill MDL Member

    Jul 1, 2021
    101
    131
    10
    Anyway, it's always recommended to Encrypt your Hard Drive if you have important files. Of course if that's only a Gaming PC and no more than that, the security is no so important.
     
  8. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,657
    93,804
    340
    https://github.com/gravesoft/CAS/tree/main/exe

    # Added .NET Framework console application to display the status without the need for Windows Powershell

    - runs with NetFx 3.5/2.0 family or 4.x family
    - works on Windows XP or later
    - supports the same features and command line parameters as equivalent powershell script
    - does not implement vNextDiag.ps1 functions (yet)

    use the Download ZIP from Code button to download the files properly
    (.exe.config file is needed to run on either NetFx 4 or 2)
     
  9. Dictation354

    Dictation354 MDL Novice

    Jul 12, 2022
    19
    18
    0
    Microsoft has blocked Shift+F10 in OOBE in latest updates. Can you add an option in W10UI to add bypassnro registry when making ISOs? Thanks in advance.

    Registry:

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE]
    "BypassNRO"=dword:00000001
     
  10. shhnedo

    shhnedo MDL Expert

    Mar 20, 2011
    1,917
    2,604
    60
    You can still implement it through unattend.xml in $OEM$ folder.
    Code:
    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" language="neutral" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS">
          <RunSynchronous>
            <RunSynchronousCommand wcm:action="add">
              <Order>1</Order>
              <Path>reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f</Path>
            </RunSynchronousCommand>
          </RunSynchronous>
        </component>
      </settings>
     
  11. Dictation354

    Dictation354 MDL Novice

    Jul 12, 2022
    19
    18
    0
    Thank you very much.
     
  12. LiteOS

    LiteOS Windowizer

    Mar 7, 2014
    2,379
    1,088
    90
  13. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,657
    93,804
    340
    Display Name does not matter
     
  14. ЯƎHTͶAꟼ

    ЯƎHTͶAꟼ MDL Senior Member

    Jan 29, 2017
    378
    101
    10
    #3714 ЯƎHTͶAꟼ, Jul 2, 2025
    Last edited: Jul 2, 2025
    Heyho

    Probably it's here the better place to ask:
    Another thing: Some feature request/wish:
    Option to make possible to chose edition while install-process.

    Or just... how to make it? I don't remember how it was possible with LTS boot etc.
    (I'm just used to create multi-choice [several sku based editions) images)
    Earlier it was with the removal of ei.cg but now/with LTS.. seems different or messed up some idk.
    With NTLite it works, but would love to make it by the script and using NTLite only for customizing.

    Now I see why I forgot how to make it: unattended.xml (that I only put in customs, not the to "untouched" updated one. I hope they will improve install.wim mechanic soon - its too unflexible )
    Well, I guess it's time to generalize one (like what you can choose whatever for kind of customers)
    So not just make one normal OEM-like, nope, that one that fits 24000 till 26200+ while it's doing prework. lol.

    So I guess its time for copy the section of some other script, that I modified in a way it "pause" before creating iso.
     
  15. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,657
    93,804
    340
    jump from what to what?
    you just want to create iso manually?
     
  16. ЯƎHTͶAꟼ

    ЯƎHTͶAꟼ MDL Senior Member

    Jan 29, 2017
    378
    101
    10
    Yep, how to make the script only picks and put build number in the name and build the iso then etc.
    I guess its only a few lines via cmd, but idk what to write exactly... I would like to do it with dism + oscdimg only instead of other tools.
     
  17. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,657
    93,804
    340
    Just do it manually
    the script detect and set label name based on various factors / stages
     
  18. ЯƎHTͶAꟼ

    ЯƎHTͶAꟼ MDL Senior Member

    Jan 29, 2017
    378
    101
    10
    Damn, I was afraid of that. Okay, then I'll start all over again with my “AIOs”. It's very much "just" an inner-monk-issue...
     
  19. ЯƎHTͶAꟼ

    ЯƎHTͶAꟼ MDL Senior Member

    Jan 29, 2017
    378
    101
    10
    #3719 ЯƎHTͶAꟼ, Jul 5, 2025
    Last edited: Jul 9, 2025
    DISM kind of stucks:
    I think it was the old problem, I was greedy for space.
    So the VM got too less, in result dism kind of crashed.
    And now it tries to repeat steps n stuff...

    I tried a few commands (yea the failure removal scripts several times ofcs too) but still stuff fails now.

    Any ways to reset dism to a clean, ready state without pending stuff?

    (Later)
     
  20. ЯƎHTͶAꟼ

    ЯƎHTͶAꟼ MDL Senior Member

    Jan 29, 2017
    378
    101
    10
    #3720 ЯƎHTͶAꟼ, Jul 6, 2025
    Last edited: Jul 9, 2025
    Okay no matter what, x86 fails...
    I remember I had that already long ago.. mhh..

    (Later)

    @abbodi1406 any idea what that stuff means?