I'm on Windows 10 Build 2004 and I noticed that the Windows Defender Smartscreen process is running even though I have disabled it from the Settings and via Group Policy Editor. So I ran these commands but the third command gives me the following error: 1) takeown /f "%systemroot%\System32\smartscreen.exe" /a 2) icacls "%systemroot%\System32\smartscreen.exe" /reset 3) nsudoc -U:T -P:E "%systemroot%\System32\icacls.exe" %systemroot%\System32\smartscreen.exe /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18 What am I doing here? I tried searching the entire system for a file named nsudoc and I couldn't find it perhaps that's why it's throwing that error? Even by running the first 2 commands, the process is sitll running in the background.
The way you've written the code, nsudoc.exe has to be in the same folder as the script, or in the path, and it's not. Get it here. Also in line 3 you're missing quotes in the smartscreen path: nsudoc -U:T -P:E "%systemroot%\System32\icacls.exe" "%systemroot%\System32\smartscreen.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18
Sorry I just saw your reply but thanks a lot. nsudoc.exe is not in the latest version 8.0 I just checked. I don't know which one of those files I need: While I was searching today I found another way to disable it and that worked. Code: reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f reg add "HKLM\Software\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t "REG_DWORD" /d "0" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t "REG_DWORD" /d "0" /f takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe" icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F taskkill /im smartscreen.exe /f del "%WinDir%\System32\smartscreen.exe" /s /f /q
Best solution to disable any unwanted app and can easily be undone. BTW: There is no need to disable smartscreen.exe this way as group policies and removing it from autostart registry key is enough effective to prevent it from running. In my tool Slimdown10.cmd, I have section of code titled Disable Windows Defender, MRT, SmartScreen which is 100% effective and can be adapted to use on a live system. So anybody can reuse it.
No need to reinvent the wheel, we have winaerotweaker that does this and another ton of settings just with one mouse click
There are even ready modded Windows version. But as for me, severe system modifications are totally unacceptable unless they are fully open-source. If something breaks, I will have have no support from anybody. Not from any vendor and not from Microsoft, because my system is modded and nobody cares. And sometimes a single registry tweak could break compatibility with some software. I have experienced situation when old Autodesk Inventor stopped working just due to NoRecentDocsHistory group policy. It sounds like a nonsense, but it is reality with third party software.
A modded image is something like a black box that potentially could be plenty of viruses (although practically I never heard of such case). A tool written by a trusted MDL users, that on each setting explain what a setting does, is a bit of different thing, even if not fully open sourced. That's a stretch. Usually things posted on forums have way better support than commercial SW, and also have a less biased reviewers. That's why personally I like to use policies where they are meant to be used, like large organizations, and less on personal system(s) On Personal systems often a simpler and less radical setting tend to provide better results Whatever is always best to judge something after trying it, not before. Winaerotweaker is no exception.
I have also another two reasons: 1. Education. I understand more how Windows OSes work and how to mod them in the future without breaking things. 2. My individual preference. No tool works exactly the way I want it to. I have my personal vision how good OS should look like and I think that it should be tailored to my preference before installation (already on media), not after it. If someone disagree with my vision, then there are many different solutions. But some people have similar vision to me. Don't understand me wrong, I really appreciate advanced MDL members, as plenty of knowledge I have only thanks to them. There are simply many different approaches to achieve similar goal, that is the good, stable and convenient OS. No one is better than other. They are just different.
Education is some sort of top commercial SKU, so it includes most "features", so it's in a sense the opposite of LTSC. But it comes with a bit more sane policies than Home/Pro. Still if you like a clean yet powerful SKU nothing is better than LTS* For people who understand how modern deployment is done "before the installation" means nothing. Just use a native VHD, customize it, sysprep it. ONCE. Then whenever you need a fresh install just copy the VHD in place, add it to the bootloader and you are ready to OOBE (or ready to work, depending your preference) Alternatively, capture the syspreped VHD in install.wim, replace the stock one inside the ISO, and you have a old school ISO, ready to "install" windows like in the Vista days, but with all your tweaks, preinstalled SW/drivers, removed packages and so on. The last OS where before/after setup had a sense was XP/Server 2003 Obviously. No one force you to adopt my or other users approach, but given you look prone to experiment, I tough it was worth to share a bit of my experience, (and I think is worth to try some of my suggestions, before decide what's best)
I was talking about own education, not about the Windows 10 Education SKU. So we misunderstand each other. For the rest, I appreciate and I will think about it.