I don't have Edge of any kind. No Edge Legacy. No CrEdge. Tested on image 19044.1381 LTSC (WIM) following below method. Using Windows NT 10.0 Updates Installer to update 19044.1 LTSC (WIM) to 19044.1381 LTSC (WIM) including Windows10.0-KB5003791-x64_21H2_EP_ [Enablement] Spoiler: Details "cabs" Code: 1/7: Windows10.0-KB5003791-x64_PSFX.cab [Enablement] 2/7: Windows10.0-KB5007253-x64_315004b8.cab [LCU] 3/7: Windows10.0-KB5007273-x64.cab [SSU] 4/7: Windows10.0-KB5007289-x64-NDP48.cab [NetFx] 5/7: Windows10.0-KB5007324-x64_efafca57.cab [WinPE] 6/7: windows10.0-kb5007401-x64.cab 7/7: windows10.0-kb5007402-x64.cab [Setup DU] W10UI.ini Code: [W10UI-Configuration] Target =%~dp0_Target-folder\install.wim Repo =%~dp0_Updates DismRoot =dism.exe Net35 =0 Net35Source = Cleanup =1 ResetBase =0 LCUwinre =0 WinRE =1 SkipEdge =1 _CabDir =C:\W10UI\W10UItemp MountDir =C:\W10UI\W10UImount WinreMount =C:\W10UI\W10UImountre wim2esd =0 wim2swm =0 ISO =0 ISODir = Delete_Source =0 AutoStart =0 Offline: Edge can be further locked out/removed from the 19044.1381 LTSC (WIM) using either MSMG or optimize-offline (never had a forced install). Online: if Edge ever does show-up, it can be uninstalled using @BAU's "Paste the code" solution https://forums.mydigitallife.net/threads/microsoft-edge.79237/page-137#post-1630576 or you can use my rough translation of his script into PowerShell in this post https://forums.mydigitallife.net/threads/microsoft-edge.79237/page-145#post-1708065 Not having Edge is a relief given it's a hackers dream https://forums.mydigitallife.net/threads/microsoft-edge.79237/page-145#post-1708047
Do you know If updating will reinstall Edge back and I'd have to run this script every time? I asked this before but didn't get a clear answer. Let's say Microsoft tomorrow releases new cumulative update and I've already removed Edge, now If I install that update will Edge get installed along with it? or It won't get reinstalled?
I'm not sure what script you're asking about since my post discusses a bunch of them. Do you mean running @huynhlam2's script to make a fresh 19041.1 and updating to the latest 19044.xxx and then doing an in-place-update? That seems like a lot of work when there are so many other online and offline tools you can use to harden your image so that Microsoft leaves you alone. Other scripts mentioned in my post: MSMG offline script is a well loved and celebrated project with a popular thread where you can ask for help Optimize-offline script also has an helpful MDL forum However, I use OO and can say that based on removal choices selected from here:#992, I've never had Edge or anything else of any kind forced on me by Microsoft. With Optimize-Offline you don't remove things, you disable or make permanently dormant (improves system integrity IMO) Some of the items I "remove" are SystemApps: Microsoft.MicrosoftEdge and Microsoft Edge DevTools Client The project includes many well-vetted registry changes that harden your OS and prevents all types of cumulative update poisoning I've also used @BAU's online Edge removal tool on a few Windows 11 test builds. It seems to do a great job, but he does warn that his script may not prevent future cumulative update Edge poisoning I've also used it on Windows 10 builds and it strips out everything Edge related!! Microsoft.MicrosoftEdge and Microsoft Edge DevTools Client, legacy Edge, CrEdge, Edge WebView it's all gone! He also has another Edge crippling tool that you can check out ChrEdgeFkOff_toggle.cmd. Personally, I prefer this disabling approach and, in the future, when I consider using Windows 11 (or 12), I'll see check out what he's done to improve/harden it.
I am using official LTSC and I was asking about future cumulative update Edge poisoning I think cumulative updates will reinstall Edge every time so I'd have to run the Edge Removal Script every time I install an update which is a no go. I guess I'll live with Edge I mean It has good PDF reader so I guess that's it's only use I have from it.
As already reported, this 'fix' fails to make an image at all (it did allow me to test my scripts image dismount code ). This method successfully builds an image, but it doesn't retain "Windows-Defender-Default-Definitions" so it's no different that your original 1.2.3.xml's Here all all the features in a test image built using the "modify 1.2.3.xml" Test Image: Was only updated from 19041.1 to 19044.1381 LTSC LTSC using W10UI Spoiler: All Features List Code: Image Version: 10.0.19044.1381 Features listing for package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.19041.1 ------------------------------------------- | ----------------------------- Feature Name | State ------------------------------------------- | ----------------------------- Printing-PrintToPDFServices-Features | Enabled Printing-XPSServices-Features | Enabled TelnetClient | Disabled TFTP | Disabled LegacyComponents | Disabled DirectPlay | Disabled SimpleTCP | Disabled Windows-Identity-Foundation | Disabled NetFx3 | Disabled with Payload Removed WCF-HTTP-Activation | Disabled WCF-NonHTTP-Activation | Disabled IIS-WebServerRole | Disabled IIS-WebServer | Disabled IIS-CommonHttpFeatures | Disabled IIS-HttpErrors | Disabled IIS-HttpRedirect | Disabled IIS-ApplicationDevelopment | Disabled IIS-Security | Disabled IIS-RequestFiltering | Disabled IIS-NetFxExtensibility | Disabled IIS-NetFxExtensibility45 | Disabled IIS-HealthAndDiagnostics | Disabled IIS-HttpLogging | Disabled IIS-LoggingLibraries | Disabled IIS-RequestMonitor | Disabled IIS-HttpTracing | Disabled IIS-URLAuthorization | Disabled IIS-IPSecurity | Disabled IIS-Performance | Disabled IIS-HttpCompressionDynamic | Disabled IIS-WebServerManagementTools | Disabled IIS-ManagementScriptingTools | Disabled IIS-IIS6ManagementCompatibility | Disabled IIS-Metabase | Disabled WAS-WindowsActivationService | Disabled WAS-ProcessModel | Disabled WAS-NetFxEnvironment | Disabled WAS-ConfigurationAPI | Disabled IIS-HostableWebCore | Disabled WCF-Services45 | Enabled WCF-HTTP-Activation45 | Disabled WCF-TCP-Activation45 | Disabled WCF-Pipe-Activation45 | Disabled WCF-MSMQ-Activation45 | Disabled WCF-TCP-PortSharing45 | Enabled IIS-StaticContent | Disabled IIS-DefaultDocument | Disabled IIS-DirectoryBrowsing | Disabled IIS-WebDAV | Disabled IIS-WebSockets | Disabled IIS-ApplicationInit | Disabled IIS-ASPNET | Disabled IIS-ASPNET45 | Disabled IIS-ASP | Disabled IIS-CGI | Disabled IIS-ISAPIExtensions | Disabled IIS-ISAPIFilter | Disabled IIS-ServerSideIncludes | Disabled IIS-CustomLogging | Disabled IIS-BasicAuthentication | Disabled IIS-HttpCompressionStatic | Disabled IIS-ManagementConsole | Disabled IIS-ManagementService | Disabled IIS-WMICompatibility | Disabled IIS-LegacyScripts | Disabled IIS-LegacySnapIn | Disabled IIS-FTPServer | Disabled IIS-FTPSvc | Disabled IIS-FTPExtensibility | Disabled MSMQ-Container | Disabled MSMQ-DCOMProxy | Disabled MSMQ-Server | Disabled MSMQ-ADIntegration | Disabled MSMQ-HTTP | Disabled MSMQ-Multicast | Disabled MSMQ-Triggers | Disabled IIS-CertProvider | Disabled IIS-WindowsAuthentication | Disabled IIS-DigestAuthentication | Disabled IIS-ClientCertificateMappingAuthentication | Disabled IIS-IISCertificateMappingAuthentication | Disabled IIS-ODBCLogging | Disabled MediaPlayback | Enabled WindowsMediaPlayer | Enabled DataCenterBridging | Disabled SmbDirect | Enabled HostGuardian | Disabled Windows-Defender-Default-Definitions | Enabled SearchEngine-Client-Package | Enabled MSRDC-Infrastructure | Enabled TIFFIFilter | Disabled WorkFolders-Client | Enabled Printing-Foundation-Features | Enabled Printing-Foundation-InternetPrinting-Client | Enabled Printing-Foundation-LPDPrintService | Disabled Printing-Foundation-LPRPortMonitor | Disabled MicrosoftWindowsPowerShellV2Root | Enabled MicrosoftWindowsPowerShellV2 | Enabled Microsoft-Windows-Subsystem-Linux | Disabled HypervisorPlatform | Disabled VirtualMachinePlatform | Disabled Client-ProjFS | Disabled Containers-DisposableClientVM | Disabled Microsoft-Hyper-V-All | Disabled Microsoft-Hyper-V | Disabled Microsoft-Hyper-V-Tools-All | Disabled Microsoft-Hyper-V-Management-PowerShell | Disabled Microsoft-Hyper-V-Hypervisor | Disabled Microsoft-Hyper-V-Services | Disabled Microsoft-Hyper-V-Management-Clients | Disabled Client-DeviceLockdown | Disabled Client-EmbeddedShellLauncher | Disabled Client-EmbeddedBootExp | Disabled Client-EmbeddedLogon | Disabled Client-KeyboardFilter | Disabled Client-UnifiedWriteFilter | Disabled DirectoryServices-ADAM-Client | Disabled Windows-Defender-ApplicationGuard | Disabled NetFx4-AdvSrvs | Enabled NetFx4Extended-ASPNET45 | Disabled ServicesForNFS-ClientOnly | Disabled ClientForNFS-Infrastructure | Disabled NFS-Administration | Disabled Containers | Disabled SMB1Protocol | Disabled SMB1Protocol-Client | Disabled SMB1Protocol-Server | Disabled SMB1Protocol-Deprecation | Disabled MultiPoint-Connector | Disabled MultiPoint-Connector-Services | Disabled MultiPoint-Tools | Disabled Internet-Explorer-Optional-amd64 | Enabled
Later today, I will test if using your 4.xml fix retains "Windows-Defender-Default-Definitions" The other possibility is to see if your SxSv1 repack of @huynhlam2's original pack along with your suggested 1.2.3.xml's works.
Hi my dear friend, Sorry to ask, but I run this code on CMD or Powershell? PS: In both cases I received this message: CMD Admin: C:\Windows\system32>for /f %%i in ('findstr /i . B:\EnterpriseS_22000.1_x64\ProvisionedAppxPackage.txt 2^>nul') do dism /scratchdir:B:\Temp /image:B:\Win11-22000.1x64-Mount /Remove-ProvisionedAppxPackage /Packagename:%%i %%i was unexpected at this time. PowerShell Admin: PS C:\Windows\system32> for /f %%i in ('findstr /i . B:\EnterpriseS_22000.1_x64\ProvisionedAppxPackage.txt 2^>nul') do dism /scratchdir:B:\Temp /image:B :\Win11-22000.1x64-Mount /Remove-ProvisionedAppxPackage /Packagename:%%i In line:1 character:4 + for /f %%i in ('findstr /i . B:\EnterpriseS_22000.1_x64\ProvisionedAp ... + ~ Missing opening '(' after the 'for' keyword. + CategoryInfo : ParserError: ) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : MissingOpenParenthesisAfterKeyword Thanks in advanced Regards @JeepWillys58
You can still use MSMG or Optimize-Offline on the LTSC.1288 official rebase image and rest assured that Edge is gone for good. If you're going to keep it, then until Microsoft fixes the security holes, I would definitely use:
Will post how to repack Microsoft-Windows-EnterpriseSEdition-Package-amd64-10.0.19041.1.cab, Will post 1.2.3.xml's Just checking that the image updates.
It's a BATCH script. Mount Install.wim. Something like this Code: @echo off rem == create mount and scratch folders == mkdir mount mkdir temp rem == mount install.wim == dism /mount-wim /wimfile:install.wim /index:1 /mountdir:mount first you run this script Code: if exist ProvisionedAppxPackage.txt del /s /q ProvisionedAppxPackage.txt >nul 2>&1 for /f "tokens=2 delims=: " %%i in ('dism /scratchdir:temp /image:mount /Get-ProvisionedAppxPackages ^| find /I "PackageName"') do echo %%i >>ProvisionedAppxPackage.txt then you modify the "ProvisionedAppxPackage.txt" then you run this script Code: for /f %%i in ('findstr /i . ProvisionedAppxPackage.txt 2^>nul') do dism /scratchdir:temp /image:mount /Remove-ProvisionedAppxPackage /Packagename:%%i
The OP @whatever127's original "enterpriseg_19041_x64.7z" package contains a pure DISM CMD script called "clean.cmd" that selectively or completely removes provisioned appx packages.
My dear friend, always trying to help everybody! But I would like to use a list of packages to remove, is it possible? Thanks in advanced. Regards
EDIT @whatever127's "clean.cmd" is a nice template script that has a decent list you can update and modify. Removing "Microsoft.VCLibs.140.00" requires extra effort see https://forums.mydigitallife.net/th...struction-project.80939/page-305#post-1714507 cor a package that includes code to remove it Here is a list for Windows 10 Spoiler: Appx List Code: "Microsoft.549981C3F5F10", "Microsoft.BingWeather", "Microsoft.DesktopAppInstaller", "Microsoft.GetHelp", "Microsoft.Getstarted", "Microsoft.HEIFImageExtension", "Microsoft.Microsoft3DViewer", "Microsoft.MicrosoftOfficeHub", "Microsoft.MicrosoftSolitaireCollection", "Microsoft.MicrosoftStickyNotes", "Microsoft.MixedReality.Portal", "Microsoft.MSPaint", "Microsoft.Office.OneNote", "Microsoft.People", "Microsoft.ScreenSketch", "Microsoft.SkypeApp", "Microsoft.StorePurchaseApp", "Microsoft.VCLibs.140.00", "Microsoft.VP9VideoExtensions", "Microsoft.Wallet", "Microsoft.WebMediaExtensions", "Microsoft.WebpImageExtension", "Microsoft.Windows.Photos", "Microsoft.WindowsAlarms", "Microsoft.WindowsCalculator", "Microsoft.WindowsCamera", "microsoft.windowscommunicationsapps", "Microsoft.WindowsFeedbackHub", "Microsoft.WindowsMaps", "Microsoft.WindowsSoundRecorder", "Microsoft.WindowsStore", "Microsoft.Xbox.TCUI", "Microsoft.XboxApp", "Microsoft.XboxGameOverlay", "Microsoft.XboxGamingOverlay", "Microsoft.XboxIdentityProvider", "Microsoft.XboxSpeechToTextOverlay", "Microsoft.YourPhone", "Microsoft.ZuneMusic", "Microsoft.ZuneVideo"
I read about, I just remove this: Code: Microsoft.BingNews_4.7.28001.0_neutral_~_8wekyb3d8bbwe Microsoft.DesktopAppInstaller_2020.812.2125.0_neutral_~_8wekyb3d8bbwe Microsoft.GamingApp_2021.427.138.0_neutral_~_8wekyb3d8bbwe Microsoft.GetHelp_10.2008.32311.0_neutral_~_8wekyb3d8bbwe Microsoft.Getstarted_10.2.41172.0_neutral_~_8wekyb3d8bbwe Microsoft.MicrosoftOfficeHub_18.2104.12721.0_neutral_~_8wekyb3d8bbwe Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_neutral_~_8wekyb3d8bbwe Microsoft.MicrosoftStickyNotes_4.1.2.0_neutral_~_8wekyb3d8bbwe Microsoft.People_2020.901.1724.0_neutral_~_8wekyb3d8bbwe Microsoft.PowerAutomateDesktop_10.0.561.0_neutral_~_8wekyb3d8bbwe Microsoft.StorePurchaseApp_12008.1001.113.0_neutral_~_8wekyb3d8bbwe Microsoft.Todos_2.33.33351.0_neutral_~_8wekyb3d8bbwe Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe Microsoft.WebMediaExtensions_1.0.40831.0_neutral_~_8wekyb3d8bbwe Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe Microsoft.Windows.Photos_21.21030.25003.0_neutral_~_8wekyb3d8bbwe Microsoft.WindowsAlarms_2021.2101.27.0_neutral_~_8wekyb3d8bbwe Microsoft.WindowsCamera_2020.503.58.0_neutral_~_8wekyb3d8bbwe microsoft.windowscommunicationsapps_16005.12827.20400.0_neutral_~_8wekyb3d8bbwe Microsoft.WindowsFeedbackHub_2021.427.1821.0_neutral_~_8wekyb3d8bbwe Microsoft.WindowsSoundRecorder_2021.2012.41.0_neutral_~_8wekyb3d8bbwe Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe Microsoft.XboxGameOverlay_1.46.11001.0_neutral_~_8wekyb3d8bbwe Microsoft.XboxGamingOverlay_2.50.24002.0_neutral_~_8wekyb3d8bbwe Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe Microsoft.YourPhone_2019.430.2026.0_neutral_~_8wekyb3d8bbwe Microsoft.ZuneMusic_2019.21012.10511.0_neutral_~_8wekyb3d8bbwe Microsoft.ZuneVideo_2019.21012.10511.0_neutral_~_8wekyb3d8bbwe MicrosoftWindows.Client.WebExperience_321.14700.0.9_neutral_~_cw5n1h2txyewy And I let this untouched: Code: PackageName : Microsoft.549981C3F5F10_2.2106.2807.0_neutral_~_8wekyb3d8bbwe PackageName : Microsoft.BingWeather_4.9.2002.0_neutral_~_8wekyb3d8bbwe PackageName : Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe PackageName : Microsoft.Paint_10.2104.17.0_neutral_~_8wekyb3d8bbwe PackageName : Microsoft.ScreenSketch_2021.2104.2.0_neutral_~_8wekyb3d8bbwe PackageName : Microsoft.SecHealthUI_1000.22000.1.0_neutral__8wekyb3d8bbwe PackageName : Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe PackageName : Microsoft.VCLibs.140.00_14.0.29231.0_x64__8wekyb3d8bbwe PackageName : Microsoft.WindowsCalculator_2020.2012.21.0_neutral_~_8wekyb3d8bbwe PackageName : Microsoft.WindowsMaps_2021.2012.10.0_neutral_~_8wekyb3d8bbwe PackageName : Microsoft.WindowsNotepad_10.2102.13.0_neutral_~_8wekyb3d8bbwe PackageName : Microsoft.WindowsStore_12104.1001.113.0_neutral_~_8wekyb3d8bbwe PackageName : Microsoft.WindowsTerminal_2021.226.1915.0_neutral_~_8wekyb3d8bbwe Regards @JeepWillys58