As I understand, it's less than 4GB. I have Win 11 Home 23H2 and it's almost 5GB without running any program except task manager.
Here is my full setup, which will bring almost all Windows/Edge settings to nearly Linux-tier, and apply the personalization shown. I'd say I'm about 99% complete by this point, and it's arguably an hour's worth of work max from being enterprise-deployment safe. Also included (here, not in the .7z) is a .ps1 file for blocking commonly exploited ports for both in/out and udp/tcp. Spoiler: port_authority.ps1 Code: # Blocks the most commonly exploited ports, and unblocks them for debugging access issues. # Define the ports to be blocked $ports = "20,22-23,25,43-46,48-50,52,54,56,63,70,77,79,81,85-87,90,96-99,101-103,105-107,109-111,113,135,137-139,445,666,1433-1434,1900,3000,5353,5900,6379,11211" # Expand port ranges $expandedPorts = $ports -split ',' | ForEach-Object { if ($_ -match '(\d+)-(\d+)') { $startPort = [int]$matches[1] $endPort = [int]$matches[2] $startPort..$endPort -join ',' } else { $_ } } # Join all ports into a single comma-separated list $allPorts = $expandedPorts -join ',' # Define the names of the rules $ruleNames = @( "Block TCP Ports Inbound", "Block UDP Ports Inbound", "Block TCP Ports Outbound", "Block UDP Ports Outbound" ) # Function to display the banner function Display-Banner { Write-Host "" Write-Host "========================================" -ForegroundColor Cyan Write-Host " Firewall Port Blocking Utility " -ForegroundColor Red Write-Host "========================================" -ForegroundColor Cyan Write-Host "" } # Function to display the ports function Display-Ports { Write-Host "This will block vulnerable ports." Write-Host "Ports list:" -ForegroundColor Yellow Write-Host $allPorts -ForegroundColor Magenta Write-Host "Optional:" -ForegroundColor Yellow Write-Host "21" -ForegroundColor Magenta } # Function to block ports function Block-Ports { netsh advfirewall firewall add rule name="Block TCP Ports Inbound" dir=in action=block protocol=TCP localport=$allPorts netsh advfirewall firewall add rule name="Block UDP Ports Inbound" dir=in action=block protocol=UDP localport=$allPorts netsh advfirewall firewall add rule name="Block TCP Ports Outbound" dir=out action=block protocol=TCP localport=$allPorts netsh advfirewall firewall add rule name="Block UDP Ports Outbound" dir=out action=block protocol=UDP localport=$allPorts Write-Host "Ports have been blocked." -ForegroundColor Green } # Function to block ports with FTP function Block-Ports-With-FTP { $allPortsWithFTP = $allPorts + ",21" netsh advfirewall firewall add rule name="Block TCP Ports Inbound" dir=in action=block protocol=TCP localport=$allPortsWithFTP netsh advfirewall firewall add rule name="Block UDP Ports Inbound" dir=in action=block protocol=UDP localport=$allPortsWithFTP netsh advfirewall firewall add rule name="Block TCP Ports Outbound" dir=out action=block protocol=TCP localport=$allPortsWithFTP netsh advfirewall firewall add rule name="Block UDP Ports Outbound" dir=out action=block protocol=UDP localport=$allPortsWithFTP Write-Host "Ports (including FTP) have been blocked." -ForegroundColor Green } # Function to unblock ports function Unblock-Ports { foreach ($ruleName in $ruleNames) { netsh advfirewall firewall delete rule name="$ruleName" } Write-Host "Ports have been unblocked." -ForegroundColor Green } # Function to check if the script is running as an administrator function Test-Administrator { $user = [Security.Principal.WindowsIdentity]::GetCurrent() (New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) } # Check if the script is running as an administrator if (-not (Test-Administrator)) { Write-Host "This script requires administrative privileges. Please run it as an administrator." -ForegroundColor Red Write-Host "Press any key to exit..." $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown') exit } # Main script logic Display-Banner Display-Ports while ($true) { Write-Host "`nPlease select an option:" -ForegroundColor Cyan Write-Host "0 - Exit" -ForegroundColor Yellow Write-Host "1 - Block defined ports" -ForegroundColor Yellow Write-Host "2 - Block defined ports (w/ FTP)" -ForegroundColor Yellow Write-Host "3 - Unblock defined ports" -ForegroundColor Yellow $choice = Read-Host "Enter your choice" switch ($choice) { 0 { Write-Host "Exiting the script." -ForegroundColor Green break } 1 { Block-Ports } 2 { Block-Ports-With-FTP } 3 { Unblock-Ports } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } } # githubgist The hklm_pers.reg will add this feature, but for those who won't be using the full .7z files you might like it. Spoiler: run .ps1 as admin context menu entry .reg file Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\SystemFileAssociations\.ps1\Shell\RunAs] @="Run as administrator" "HasLUAShield"="" [HKEY_CLASSES_ROOT\SystemFileAssociations\.ps1\Shell\RunAs\Command] @="powershell.exe -File \"%1\""
Windows works so that the more RAM installed, the more RAM is used, but that is different from the minimum amount of RAM necessary for the OS to work.
I ended up installing LTSC 2021 iot and all the apps I needed from store downloaded just fine from the developer website without the need to install the full store. WhatsApp for example opened up a store like window and installed. Will keep this pc static on this LTSC version since I run a file server on it.
hello guys. does anyone know how to change the IoT Enterprise LTSC windows 11 into pt-BR? is that any languagepack to download or is it possible to change the language from the o.s. itself? im talking about everything on the os. the full languagepack. is it avaliable anywhere?
First, install en-US. Open powershell as admin and type: Install-Language pt-BR Uninstall-Language en-US @BubuXP https://forums.mydigitallife.net/th...-2024-24h2-26100-x.88280/page-56#post-1843633
Maybe is that possible to pin somewhere the answer to this kind of questions? https://forums.mydigitallife.net/th...-2024-24h2-26100-x.88280/page-48#post-1841925 "Coz it repeats so many times...
(Edit - Cleaned up some mistakes) For a 'ready-to-go' BAU (AVEYO) FORCE APPX UNINSTALL.BAT - ONLINE DEPROVISIONING SCRIPT, See: https://forums.mydigitallife.net/th...-2024-24h2-26100-x.88280/page-54#post-1842956 I haven't gone through everything, but the registry tweaks look good. In light of you saying it's 99% there, here is some of the 1% concerns I've noticed (my concerns only apply to 24H2 LTSC/IoT and not any other build) I'm exclusively talking about your deprovisioning script "deprov-edit_as_needed.reg" Cortana is now gone AFAIK, the cryptic numbers used in W10/early W11 like F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE are now in English "Microsoft.Windows.AddSuggestedFoldersToLibarayDialog" There are a number of missing system apps like "Microsoft.Windows.CloudExperienceHost", etc The online deprovisioning script I use was originally shared by BAU (Aveyo). I just added the latest LTSC IoT 24H2 System Apps https://forums.mydigitallife.net/th...n-windows-10-version-1809.78576/#post-1634306 Spoiler: 24H2 System Apps Code: 1527c705-839a-4832-9118-54d4Bd6a0c89 c5e2524a-ea46-4f67-841f-6a9465d9d515 E2A4F912-2574-4A75-9BB0-0D023378592B F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE "Microsoft.AAD.BrokerPlugin", "Microsoft.AccountsControl", "Microsoft.AsyncTextService", "Microsoft.BioEnrollment", "Microsoft.CredDialogHost", "Microsoft.ECApp", "Microsoft.LockApp", "Microsoft.MicrosoftEdgeDevToolsClient", "Microsoft.UI.Xaml.CBS", "Microsoft.Win32WebViewHost", "Microsoft.Windows.AppRep.ChxApp", "Microsoft.Windows.AssignedAccessLockApp", "Microsoft.Windows.AugLoop.CBS", "Microsoft.Windows.CapturePicker", "Microsoft.Windows.CloudExperienceHost", "Microsoft.Windows.ContentDeliveryManager", "Microsoft.Windows.NarratorQuickStart", "Microsoft.Windows.OOBENetworkCaptivePortal", "Microsoft.Windows.OOBENetworkConnectionFlow", "Microsoft.Windows.ParentalControls", "Microsoft.Windows.PeopleExperienceHost", "Microsoft.Windows.PinningConfirmationDialog", "Microsoft.Windows.PrintQueueActionCenter", "Microsoft.Windows.SecureAssessmentBrowser", "Microsoft.Windows.ShellExperienceHost", "Microsoft.Windows.StartMenuExperienceHost", "Microsoft.Windows.XGpuEjectDialog", "Microsoft.WindowsAppRuntime.CBS", "Microsoft.XboxGameCallableUI", "MicrosoftWindows.Client.AIX", "MicrosoftWindows.Client.CBS", "MicrosoftWindows.Client.Core", "MicrosoftWindows.Client.FileExp", "MicrosoftWindows.Client.OOBE", "MicrosoftWindows.Client.Photon", "MicrosoftWindows.UndockedDevKit", "NcsiUwpApp", "Windows.CBSPreview", "windows.immersivecontrolpanel", "Windows.PrintDialog" Spoiler: BAU (Aveyo) FORCE APPX UNINSTALL.bat - online deprovisioning script Code: @(echo off% <#%) & title FORCE APPX UNINSTALL, AveYo 2020-12-05 &set script = Can be pasted directly into PowerShell set "0=%~f0"&set 1=%*&powershell -win 0 -nop -c iex ([io.file]::ReadAllText($env:0)) &exit/b ||#>)[1]; function prompt {} $YOU_MUST_FIRST_CUSTOMIZE_THE_FOLLOWING_SAMPLE_ENTRIES_TO_YOUR_NEEDS = '^_^' ; sp 'HKCU:\Volatile Environment' 'bloat' @' $bloat = @( ##"1527c705", ## Expel - "Modern File Picker Dialog" TH23 ##"c5e2524a", ## Expel - "Modern File Explorer App" TH23 ###"E2A4F912", ## Whitelist - AppResolverUX "Modern Open With Dialog" *TH23 says 'toss' ##"F46D4000", ## Expel - "Add Suggested Folders to Library Dialog" TH23 ###"BrokerPlugin", ## Whitelist - "Credential Handler for MS Azure Logon | Needed for: MS Account, Windows Store" TH23 ###"AccountsControl", ## Whitelist - "App to add MS Account for MS Apps | Needed for: Windows Store" TH23 ##"AsyncTextService", ## Expel - "Messaging extensions for People and Maps Apps" TH23 ###"BioEnrollment", ## Whitelist - "Windows Hello Setup" TH23 ###"CredDialogHost", ## Whitelist - "Authentication (Sign-in) shell support for Windows Hello" TH23 ##"ECApp", ## Expel - "Modern UI Dialog App for Eye Movement Control" TH23 ##"LockApp", ## Expel - Wildcard (1 of 2) - "Container App for Lockscreen Messages" TH23 ##"MicrosoftEdge", ## Expel - 'DevTools' "An extension to edge for web developers" *TH23 says 'keep' ###"UI.Xaml.CBS" ## Whitelist - Unknown app. Keeping all Component-Based Servicing (CBS) packages ###"Win32WebViewHost", ## Whitelist - "Desktop App Web Viewer" TH23 ##"Apprep.ChxApp", ## Expel - Unknown. Smartscreen? Zero issues removing on W10 ##*Wildcard "AssignedAccessLockApp" ##* Expel - Wildcard (2 of 2) - "Windows Kiosk Mode" *TH23 says 'keep' ###"AugLoop.CBS", ## Whitelist - Keeping all Component-Based Servicing (CBS) packages ###"CapturePicker", ## Whitelist - "Picker UI for selecting items for screen capture | Needed for Screen snip" TH23 ###"CloudExperienceHost, ## Whitelist - Your account ##"ContentDelivery", ## Expel - "Auto install apps and Ads. *TH23 says 'keep' TH23 clams app required for OOBE & MS Accounts ##"Narrator", ## Expel - Accessability "QuickStart Guide for Narrator" *TH23 says 'keep' ###"OOBENetworkCaptivePortal", ## Whitelist - "Captive Network Portals support (Login or EULA) during OOBE" TH23 ###"OOBENetworkConnectionFlow", ## Whitelist - "Connection Flow Network Portals support during OOBE" TH23 ##"ParentalControls", ## Expel - "App for Parental Controls" TH23 ##"PeopleExperience", ## Expel - "People Bar (People Hub)" TH23 ##"PinningConfirmation", ## Expel - "No description" TH23 ###"PrintQueueActionCenter" ## Whitelist - Printing ##"SecureAssessment", ## Expel - "Special Windows Mode for Exams (Take Test App)" TH23 ###"ShellExperienceHost", ## Whitelist - Windows Shell Experience ###"StartMenuExperienceHost", ## Whitelist - Start Menu ##"XGpuEjectDialog", ## Expel - "Modern Dialog App for safe removal of external GPUs" TH23 ###"WindowsAppRuntime.CBS", ## Whitelist - Keeping all Component-Based Servicing (CBS) packages ##"XboxGameCallableUI", ## Expel - "Xbox Live" TH23 ###"Client.AIX", ## Whitelist - Ditch AI later if it proves problamatic ###"Client.CBS", ## Whitelist - Windows Feature Experience Pack. Keeping all Component-Based Servicing (CBS) packages ###"Client.Core", ## Whitelist - Keeping all Component-Based Servicing (CBS) packages ###"Client.FileExp", ## Whitelist - Keeping all Component-Based Servicing (CBS) packages ###"Client.OOBE", ## Whitelist - Keeping all Component-Based Servicing (CBS) packages ###"Client.Photon", ## Whitelist - Keeping all Component-Based Servicing (CBS) packages ###"UndockedDevKit", ## Whitelist - UDK Package - possibly a run-time library for adding new shell features ###"NcsiUwpApp", ## Whitelist - "Network Connectivity Status Indicator (NCSI)" TH23 ##"CBSPreview" ## Expel - "App for Camera Barcode Scanner" TH23 ###"immersivecontrolpanel", ## Whitelist - Modern settings control panel ###"PrintDialog", ## Whitelist - "Modern Print Dialog" TH23 ) ## The 26 'Whitelist' apps to keep and the 18 'Expel' apps to deprovision are suggestions ## Remove the "#" symbols from in front of an app to make your own deprovisioning choice ## App descriptions tagged "TH23" are from the 2023 guide 'How to Create a Custom, Bloat-Free Windows 11 Install Disk | Tom's Hardware' ## Script Source: https://forums.mydigitallife.net/threads/change-value-of-isinbox-attribute-in-staterepository-machine-srd-in-windows-10-version-1809.78576/#post-1634306 $rights = whoami /groups; $env:__COMPAT_LAYER = 'Installer' ## run main code only if ti/system if ($rights -like '*1-16-16384*') { $D1=[uri].module.gettype('System.Diagnostics.Process')."GetM`ethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn 'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))} ## main $provisioned = get-appxprovisionedpackage -online; $appxpackage = get-appxpackage -allusers $store = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore' $users = @('S-1-5-18'); if (test-path $store) {$users += $((dir $store |where {$_ -like '*S-1-5-21*'}).PSChildName)} foreach ($name in $bloat) { write-host "*$name*"; if ('' -eq $name) {continue} foreach ($appx in $($provisioned |where {$_.PackageName -like "*$name*"})) { $family = $appxpackage |where {$_.Name -eq $appx.DisplayName} write-host -fore Blue $($family.PackageFamilyName) ## forced deprovision ni "$store\Deprovisioned\$($family.PackageFamilyName)" -force -ea 0 >$null ## default deprovision dism /online /remove-provisionedappxpackage /packagename:$($appx.PackageName) 2>&1 >$null #powershell -nop -c remove-appxprovisionedpackage -packagename "'$($appx.PackageName)'" -online 2>&1 >$null } foreach ($appx in $($appxpackage |where {$_.PackageFullName -like "*$name*"})) { write-host -fore Cyan $($appx.InstallLocation) ## remove from inbox $inbox = (gp "$store\InboxApplications\*$($appx.Name)*" Path).PSChildName foreach ($app in $inbox) {ri "$store\InboxApplications\$app" -recurse -force -ea 0} ## forced deprovision ni "$store\Deprovisioned\$($appx.PackageFamilyName)" -force -ea 0 >$null ## forced unlock - usually works foreach ($sid in $users) {ni "$store\EndOfLife\$sid\$($appx.PackageFullName)" -force -ea 0 >$null} ## default unlock - usually fails dism /online /set-nonremovableapppolicy /packagefamily:$($appx.PackageFamilyName) /nonremovable:0 2>&1 >$null ## uninstall silently powershell -nop -c remove-appxpackage -package "'$($appx.PackageFullName)'" -AllUsers 2>&1 >$null ## optional cleanup experiment - not needed #ri "$store\Config\$($appx.PackageFamilyName)" -recurse -force -ea 0 #foreach ($sid in $users) { # ri "$store\EndOfLife\$sid\$($appx.PackageFullName)" -recurse -force -ea 0 # ri "$store\Deleted\EndOfLife\$sid\$($appx.PackageFullName)" -recurse -force -ea 0 #} #$inbox = (gp "$store\InboxApplications\*$($appx.Name)*" Path).PSChildName #foreach ($app in $inbox) {foreach ($sid in $users) {ri "$store\$sid\$app" -recurse -force -ea 0}} ## optional delete from disk experiment - not needed, would break restoring from AppxManifest.xml #ri "'$($appx.InstallLocation)'" -recurse -force -ea 0 } } } ## admin-user elevated: run $cmd as ti/system via runasti lean and mean snippet by AveYo [$window hide:0x0E080600 show:0x0E080610] $cmd = 'powershell -win 0 -nop -noe -c & {iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* bloat -ea 0)[0].bloat)}' if ($rights -like '*1-16-12288*') { $A=[AppDomain]::CurrentDomain."Def`ineDynamicAssembly"(1,1)."Def`ineDynamicModule"(1);$D=@();0..5|%{$D+=$A."Def`ineType"('A'+$_, 1179913,[ValueType])} ;4,5|%{$D+=$D[$_]."Mak`eByRefType"()} ;$I=[Int32];$J="Int`Ptr";$P=$I.module.GetType("System.$J"); $F=@(0) $F+=($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$P,$P,$P,$I,$I,$I,$I,$I,$I,$I,$I,[Int16],[Int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I) $S=[String]; $9=$D[0]."Def`inePInvokeMethod"('CreateProcess',"kernel`32",8214,1,$I,@($S,$S,$I,$I,$I,$I,$I,$S,$D[6],$D[7]),1,4) 1..5|%{$k=$_;$n=1;$F[$_]|%{$9=$D[$k]."Def`ineField"('f'+$n++,$_,6)}};$T=@();0..5|%{$T+=$D[$_]."Cr`eateType"();$Z=[uintptr]::size nv ('T'+$_)([Activator]::CreateInstance($T[$_]))}; $H=$I.module.GetType("System.Runtime.Interop`Services.Mar`shal"); $WP=$H."Get`Method"("Write$J",[type[]]($J,$J)); $HG=$H."Get`Method"("AllocH`Global",[type[]]'int32'); $v=$HG.invoke($null,$Z) 'TrustedInstaller','lsass'|%{if(!$pn){net1 start $_ 2>&1 >$null;$pn=[Diagnostics.Process]::GetProcessesByName($_)[0];}} $WP.invoke($null,@($v,$pn.Handle)); $SZ=$H."Get`Method"("SizeOf",[type[]]'type'); $T1.f1=131072; $T1.f2=$Z; $T1.f3=$v; $T2.f1=1 $T2.f2=1;$T2.f3=1;$T2.f4=1;$T2.f6=$T1;$T3.f1=$SZ.invoke($null,$T[4]);$T4.f1=$T3;$T4.f2=$HG.invoke($null,$SZ.invoke($null,$T[2])) $H."Get`Method"("StructureTo`Ptr",[type[]]($D[2],$J,'boolean')).invoke($null,@(($T2-as $D[2]),$T4.f2,$false));$window=0x0E080610 $9=$T[0]."Get`Method"('CreateProcess').Invoke($null,@($null,$cmd,0,0,0,$window,0,$null,($T4-as $D[4]),($T5-as $D[5]))); break } ## ask to run script as admin '@ -force -ea 0; $script = '-win 1 -nop -c & {iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* bloat -ea 0)[0].bloat)}' start powershell -win 1 -args $script -verb runas $PRESS_ENTER_TO_FORCE_APPX_UNINSTALL_ONLY_IF_YOU_CUSTOMIZED_THE_SAMPLE_ENTRIES_TO_YOUR_NEEDS = '^_^'
Yes, why wouldn't it be. But I feel that 23H2 is better, and Windows 10 feels even better. Better to wait till 24H2 gets "officially" released in a few months.
Thanks for the run-thru. I also plan to apply it to images of 10 LTSC for people I know with ancient laptops, so I left some older things, entries meant for 11 included because lazy. I only remove Spoiler: these <c>microsoft.ecapp 'Eye Control'</c> <c>microsoft.microsoftedgedevtoolsclient 'Microsoft Edge DevTools Client'</c> <c>microsoft.windows.assignedaccesslockapp 'Assigned Access Lock app'</c> <c>microsoft.windows.contentdeliverymanager 'Content Delivery Manager'</c> <c>microsoft.windows.parentalcontrols 'Microsoft Family Safety'</c> <c>microsoft.windows.xgpuejectdialog 'Safely Remove Device'</c> <c>microsoft.xboxgamecallableui 'Xbox Game UI'</c> <c>windows.cbspreview 'Windows Barcode Preview'</c> also language files when setting up the install.wim. I had enough issue with updates when removing many other things like hello and biometrics before, so I leave them in and disable them. At the bottom of the autounattend is a place to add more packages to remove during first boot, very straightforward. I have been aiming to minimize potential burdens on users I share to from going too far. If Aveyo's script doesn't interfere with updates, awesome to know. I'll take note, and you can customize and redistribute as you wish.
For some reason, I can't exactly pin it down, maybe intel drivers updating, my full titlebar window colorization has ended and it is back to the tab being standard gray with tint of color. Of course, as before, taking a screen snip shows the full colorization... It's as if there is an alpha setting that is getting reset, perhaps. Anything thoughts would be appreciated. Spoiler: image from screen snip Spoiler: image from phone