Just to be clear, 0b8476eff31f957590ade6fe671f16161037d3f6 *en_windows_10_enterprise_ltsc_2019_x64_dvd_74865958.iso This is N version or non-N?
I don't think anyone ever answered your question. The Optimize-Offline script doesn't contain a 'list' of services like you're wanting. The services GodHand disables are spread around in his Optimize-Offline script. The the ones that get disabled depend on which System Applications you choose to remove. The services that get disabled are different depending on if you choose to remove Xbox, SecHealthUI and BioEnrollment. For instance, if you choose to remove "SecHealthUI" then the script disables these services found under "Removing Windows Defender Remnants." Code: "SecurityHealthService", "WinDefend", "WdNisSvc", "WdNisDrv", "WdBoot", "WdFilter", "Sense" Here is a PowerShell script you can apply "online" to remove services (the included list of services is partially based on this list from abbodi1406) Code: Write-Output "Disabling services" Get-Service -Name @( "CDPSvc", "CertPropSvc", "diagnosticshub.standardcollector.service", "DiagTrack", "dmwappushservice", "DoSvc" , "DusmSvc", "icssvc", "iphlpsvc", "lfsvc", "NcaSvc", "PcaSvc", "PhoneSvc", "RetailDemo", "SecurityHealthService", "Sense", "SysMain", "WdBoot", "WdFilter", "WdNisDrv", "WdNisSvc", "WerSvc", "WinDefend", "WMPNetworkSvc", "Wsearch", "xbgm", "XblAuthManager", "XblGameSave", "xboxgip", "xboxgipsvc", "XboxNetApiSvc" ) -ErrorAction SilentlyContinue ` | Stop-Service -PassThru -ErrorAction SilentlyContinue ` | Set-Service -StartupType Disabled -ErrorAction SilentlyContinue By the way, I updated my post https://forums.mydigitallife.net/th...rprise-n-ltsc-2019.76325/page-12#post-1464527 to include version 3.1.2.5 of Optimize-Offline. It seems to work the best so-far.
Thanks! I did a code comparison and the only exciting improvement (for me) is in the Function "Set-RegistryOwner" which gets used in a few places in the script. I don't go into details in my post, but I'll tell you publicly that (1) I stay away from DaRT since that's what I would call a "beta" feature that get's fixed and code tweaked with nearly every new script update since he introduced it a few weeks ago. Maybe I'll apply it when I next update my machines with LTSC 2021. (2) I use GodHands generously provided "NoSetup" parameter and run the Legacy Command Shell Code from the "SetupComplete.cmd" online instead of offline. That way I can deal with any errors that show-up. Usually I can sort out the problem, but If I can't figure out what the errors are about, I just comment out "::" the lines of code that aren't working for me and ignore them. Spoiler: the firewall part of the SetupComplete.cmd -apply online Code: :TELE_DISABLE :: Source: started with OO 3101 :: Objective: Increased stability and flexibility :: Moved SetupComplete content from OO to my "online" script :: New features and security began with OO 3113 CLS ECHO: ECHO Firewall Rules. SetupComplete.cmd 3123 thru 3126 :: Now under "$DefenderTasks" NETSH ADVFIREWALL FIREWALL ADD RULE NAME="SmartScreen" action="block" dir="in" interface="any" program="%WinDir%\System32\smartscreen.exe" Description="Prevent SmartScreen Inbound Traffic." enable=yes >NUL 2>&1 NETSH ADVFIREWALL FIREWALL ADD RULE NAME="SmartScreen" action="block" dir="out" interface="any" program="%WinDir%\System32\smartscreen.exe" Description="Prevent SmartScreen Outbound Traffic." enable=yes >NUL 2>&1 :: Under "$DisableTelemetry" :: The 'SET LOCALAPPDATA=' line never gets used PowerShell -Command "& { Get-Service -Name DiagTrack -ErrorAction SilentlyContinue | Stop-Service | Set-Service -StartupType Disabled }" PowerShell -Command "& { Get-ScheduledTask -TaskName @('Microsoft Compatibility Appraiser', 'ProgramDataUpdater') -ErrorAction SilentlyContinue | Disable-ScheduledTask }" PowerShell -Command "& { Get-NetFirewallRule | Where-Object Group -EQ 'DiagTrack' | Remove-NetFirewallRule -ErrorAction SilentlyContinue }" PowerShell -Command "& { Set-AutologgerConfig -Name 'AutoLogger-Diagtrack-Listener' -Start 0 -ErrorAction SilentlyContinue }" PowerShell -Command "& { New-NetFirewallRule -DisplayName 'Block DiagTrack' -Action Block -Description 'Block the DiagTrack Telemetry Service' -Direction Outbound -Name 'Block DiagTrack' -Profile Any -Service DiagTrack }" PowerShell -Command "& { Get-NetFirewallRule | Where-Object Group -Like '*@{*' | Remove-NetFirewallRule -ErrorAction SilentlyContinue }" :: still failing 'Unexpected token '}' in expression or statement." ::PowerShell -Command "& { Get-NetFirewallRule | Where-Object DisplayGroup -EQ 'Delivery Optimization' } | Remove-NetFirewallRule -ErrorAction SilentlyContinue }" ::PowerShell -Command "& { Get-NetFirewallRule | Where-Object DisplayGroup -Like 'Windows Media Player Network Sharing Service*' } | Remove-NetFirewallRule -ErrorAction SilentlyContinue }" NETSH ADVFIREWALL FIREWALL ADD RULE NAME="ContentDeliveryAdverts" action="block" dir="in" interface="any" program="%SystemDrive%\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll" Description="Prevent ContentDeliveryManager Inbound Traffic." enable=yes >NUL 2>&1 NETSH ADVFIREWALL FIREWALL ADD RULE NAME="ContentDeliveryAdverts" action="block" dir="out" interface="any" program="%SystemDrive%\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll" Description="Prevent ContentDeliveryManager Outbound Traffic." enable=yes >NUL 2>&1 NETSH ADVFIREWALL FIREWALL ADD RULE NAME="Block Windows Error Reporting Service [WerSvc]" dir="Out" action="Block" program="%SystemDrive%\windows\system32\svchost.exe" service="WerSvc" protocol="TCP" remoteport=80,443 >NUL 2>&1 NETSH ADVFIREWALL FIREWALL ADD RULE NAME="Compatability Telemetry Runner" action="block" dir="in" interface="any" program="%SystemDrive%\Windows\system32\CompatTelRunner.exe" Description="Prevent CompatTelRunner Inbound Traffic." enable=yes >NUL 2>&1 NETSH ADVFIREWALL FIREWALL ADD RULE NAME="Compatability Telemetry Runner" action="block" dir="out" interface="any" program="%SystemDrive%\Windows\system32\CompatTelRunner.exe" Description="Prevent CompatTelRunner Outbound Traffic." enable=yes >NUL 2>&1 REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Option\CompatTelRunner.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f >NUL 2>&1 ECHO: PAUSE GOTO :MAIN_MENU
3.1.2.6 had more contextual and syntax modifications than anything. I will be converting it into a module here within the next few updates so it can utilize separate advanced scripts for various processes without making the main script any larger than it already is.
How do I get the iso of the language I want? Or maybe I should ask how do I convert the english iso to the language I want? I'm a bit noob, sorry!
Yeah, by design the SVF process needs a Source ISO. In opposite to any unreliable ISO upload (by users) the EVAL ISO link is peristant and always available, so if you know of a better Source for conversions, keep me posted . TL;DR: The result of svf2iso tool process will be a valid MVS ISO.
The tool converts EVAL to VL and the result is identical as VL .iso images from MSDN/VLSC, you should know this by now, it's not so hard to guess.
I beg to differ . Consumer MVS is always OEMRET, the Business (former VL) and LTSB/C are Volume (exclusion is LTSC IoT which comes also as OEMRET).
Hi guys. I have heard that there is some problems with 1809. Will Microsoft create new .ISO for it? Does LTSC users then need to re-install Windows? Or will we get new fixes as normal updates?
there was pretty much only one problem and people made it worse then it's actually is. yes, if you do a upgrade coming from the old windows version, with the new iso and not a fresh install, there is a possibility to loose personal files in the user folder BUT only if you have used a special gpo setting before upgrading. so most people should be just fine. if you do a clean install with the first released iso, there is no problem at all and no reason to wait to install it.
they will probably do, the question is when. why wait, if you can just do a clean install right now without problems. i mean a clean install isn't that much more work then a upgrade anyway. the upgrade will reactive your deactivate services and settings (registry and gpo) anyway. going straight for a clean install and setup everything up new, without any problems then, is always my way to go