Trying to make a "script" to automate LTSC services default state...Here it is: Code: @echo Restore The Services Start Registry Entries as Saved At 20:45:00,00 24/10/2018 @pause for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 2 /f ) for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 3 /f ) for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 4 /f ) @echo Restore The Service Start State Saved At 20:55:00,00 24/10/2018 @pause for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do ( sc config %%G start= AUTO ) for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do ( sc config %%G start= DEMAND ) for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do ( sc config %%G start= DISABLED ) cmd /k @pause I get lots of access denied error when running, so I had to make second script to invoke nsudo... Code: @pause Nsudo -U:T "Path\RestoreAllMyServices.bat" (Note Nsudo has to be in 'path' environment variables to be called like this from cmd prompt) But I still get 3 "access denied" error : coremessagingregistrar, dnscache and printworkflowUserSvc and don't know why because printworkflowUserSvc was disabled already before my test (so, not in use)... All 3 services depends on RpSc (remote procedure call) So my question are: Is this code ok? Is there a better way to do this? and/or is it possible to have an "All in One" command (Nsudo+.bat)? Do not make fun of me, I am just a beginner...but always eager to learn! ps: my previous .bat was this: Spoiler Code: @echo Restore Service Start State Saved At 20:15:36,73 22/10/2018 @pause sc config AJRouter start= DISABLED sc config ALG start= DISABLED sc config AppIDSvc start= DEMAND sc config Appinfo start= DEMAND sc config AppMgmt start= DISABLED sc config AppReadiness start= DEMAND sc config AppVClient start= DISABLED sc config AppXSvc start= DEMAND sc config AssignedAccessManagerSvc start= DEMAND sc config AudioEndpointBuilder start= AUTO sc config Audiosrv start= AUTO sc config AxInstSV start= DEMAND sc config BDESVC start= DEMAND sc config BFE start= AUTO sc config BITS start= DEMAND sc config BrokerInfrastructure start= AUTO sc config BTAGService start= DISABLED sc config BthAvctpSvc start= DISABLED sc config bthserv start= DISABLED sc config camsvc start= DEMAND sc config CDPSvc start= DISABLED sc config CertPropSvc start= DISABLED sc config ClipSVC start= DEMAND sc config COMSysApp start= DEMAND sc config CoreMessagingRegistrar start= AUTO sc config CryptSvc start= AUTO sc config CscService start= DISABLED sc config DcomLaunch start= AUTO sc config ddpsvc start= DEMAND sc config ddpvssvc start= AUTO sc config defragsvc start= DEMAND sc config DeviceAssociationService start= DISABLED sc config DeviceInstall start= DEMAND sc config DevQueryBroker start= DEMAND sc config Dhcp start= AUTO sc config diagnosticshub.standardcollector.service start= DISABLED sc config diagsvc start= DEMAND sc config DiagTrack start= DISABLED sc config DisplayEnhancementService start= DEMAND sc config DmEnrollmentSvc start= DEMAND sc config dmwappushservice start= DISABLED sc config Dnscache start= AUTO sc config DoSvc start= DISABLED sc config dot3svc start= DEMAND sc config DPS start= AUTO sc config DsmSvc start= DEMAND sc config DsSvc start= DEMAND sc config DusmSvc start= AUTO sc config Eaphost start= DEMAND sc config EFS start= DEMAND sc config embeddedmode start= DEMAND sc config EntAppSvc start= DEMAND sc config EventLog start= AUTO sc config EventSystem start= AUTO sc config fdPHost start= DEMAND sc config FDResPub start= DISABLED sc config fhsvc start= DISABLED sc config FontCache start= AUTO sc config FontCache3.0.0.0 start= DEMAND sc config FrameServer start= DISABLED sc config gpsvc start= AUTO sc config GraphicsPerfSvc start= DEMAND sc config hidserv start= DEMAND sc config HvHost start= DISABLED sc config IAStorDataMgrSvc start= DISABLED sc config icssvc start= DISABLED sc config IKEEXT start= AUTO sc config InstallService start= DEMAND sc config iphlpsvc start= DISABLED sc config IpxlatCfgSvc start= DISABLED sc config irmon start= DISABLED sc config jhi_service start= DEMAND sc config KeyIso start= DEMAND sc config KtmRm start= DEMAND sc config LanmanServer start= DISABLED sc config LanmanWorkstation start= DISABLED sc config lfsvc start= DISABLED sc config LicenseManager start= DEMAND sc config lltdsvc start= DEMAND sc config lmhosts start= DISABLED sc config LMS start= DEMAND sc config LSM start= AUTO sc config LxpSvc start= DEMAND sc config MapsBroker start= DISABLED sc config mpssvc start= AUTO sc config MSDTC start= DEMAND sc config MSiSCSI start= DISABLED sc config msiserver start= DEMAND sc config NaturalAuthentication start= DISABLED sc config NcaSvc start= DISABLED sc config NcbService start= DISABLED sc config NcdAutoSetup start= DISABLED sc config Netlogon start= DISABLED sc config Netman start= DEMAND sc config netprofm start= DEMAND sc config NetSetupSvc start= DEMAND sc config NetTcpPortSharing start= DISABLED sc config NgcCtnrSvc start= DEMAND sc config NgcSvc start= DEMAND sc config NlaSvc start= AUTO sc config nsi start= AUTO sc config p2pimsvc start= DEMAND sc config p2psvc start= DEMAND sc config PcaSvc start= DISABLED sc config PeerDistSvc start= DISABLED sc config perceptionsimulation start= DEMAND sc config PerfHost start= DEMAND sc config PhoneSvc start= DISABLED sc config pla start= DEMAND sc config PlugPlay start= DEMAND sc config PNRPAutoReg start= DEMAND sc config PNRPsvc start= DEMAND sc config PolicyAgent start= DEMAND sc config Power start= AUTO sc config PrintNotify start= DISABLED sc config ProfSvc start= AUTO sc config PushToInstall start= DISABLED sc config QWAVE start= DEMAND sc config RasAuto start= DISABLED sc config RasMan start= DISABLED sc config RemoteAccess start= DISABLED sc config RemoteRegistry start= DISABLED sc config RetailDemo start= DISABLED sc config RmSvc start= DISABLED sc config RpcEptMapper start= AUTO sc config RpcLocator start= DISABLED sc config RpcSs start= AUTO sc config SamSs start= AUTO sc config SCardSvr start= DISABLED sc config ScDeviceEnum start= DISABLED sc config Schedule start= AUTO sc config SCPolicySvc start= DISABLED sc config SDRSVC start= DISABLED sc config seclogon start= DEMAND sc config SecurityHealthService start= DEMAND sc config SEMgrSvc start= DISABLED sc config SENS start= AUTO sc config Sense start= DEMAND sc config SensorDataService start= DISABLED sc config SensorService start= DISABLED sc config SensrSvc start= DISABLED sc config SentinelKeysServer start= DEMAND sc config SentinelProtectionServer start= DEMAND sc config SentinelSecurityRuntime start= DEMAND sc config SessionEnv start= DISABLED sc config SgrmBroker start= DISABLED sc config SharedAccess start= DISABLED sc config SharedRealitySvc start= DISABLED sc config ShellHWDetection start= AUTO sc config shpamsvc start= DISABLED sc config smphost start= DEMAND sc config SmsRouter start= DISABLED sc config SNMPTRAP start= DISABLED sc config spectrum start= DEMAND sc config Spooler start= DISABLED sc config sppsvc start= AUTO sc config SSDPSRV start= DISABLED sc config ssh-agent start= DISABLED sc config SstpSvc start= DEMAND sc config StateRepository start= DEMAND sc config stisvc start= DISABLED sc config StorSvc start= DEMAND sc config svsvc start= DEMAND sc config swprv start= DEMAND sc config SysMain start= AUTO sc config SystemEventsBroker start= AUTO sc config TabletInputService start= DISABLED sc config TapiSrv start= DISABLED sc config TermService start= DISABLED sc config Themes start= AUTO sc config TieringEngineService start= DEMAND sc config TimeBrokerSvc start= DEMAND sc config TokenBroker start= DEMAND sc config TrkWks start= AUTO sc config TrustedInstaller start= DEMAND sc config tzautoupdate start= DISABLED sc config UevAgentService start= DISABLED sc config UmRdpService start= DISABLED sc config upnphost start= DISABLED sc config UserManager start= AUTO sc config UsoSvc start= AUTO sc config VacSvc start= DISABLED sc config VaultSvc start= DEMAND sc config vds start= DEMAND sc config vmicguestinterface start= DISABLED sc config vmicheartbeat start= DISABLED sc config vmickvpexchange start= DISABLED sc config vmicrdv start= DISABLED sc config vmicshutdown start= DISABLED sc config vmictimesync start= DISABLED sc config vmicvmsession start= DISABLED sc config vmicvss start= DISABLED sc config VSS start= DEMAND sc config W32Time start= DISABLED sc config WaaSMedicSvc start= DEMAND sc config WalletService start= DEMAND sc config WarpJITSvc start= DEMAND sc config wbengine start= DEMAND sc config WbioSrvc start= DISABLED sc config Wcmsvc start= AUTO sc config wcncsvc start= DISABLED sc config WdiServiceHost start= DEMAND sc config WdiSystemHost start= DEMAND sc config WdNisSvc start= DEMAND sc config WebClient start= DISABLED sc config Wecsvc start= DEMAND sc config WEPHOSTSVC start= DEMAND sc config wercplsupport start= DEMAND sc config WerSvc start= DISABLED sc config wfcs start= AUTO sc config WFDSConMgrSvc start= DISABLED sc config WiaRpc start= DISABLED sc config WinDefend start= AUTO sc config WinHttpAutoProxySvc start= DISABLED sc config Winmgmt start= AUTO sc config WinRM start= DISABLED sc config wisvc start= DISABLED sc config WlanSvc start= DISABLED sc config wlidsvc start= DISABLED sc config wlpasvc start= DEMAND sc config WManSvc start= DEMAND sc config wmiApSrv start= DEMAND sc config WpcMonSvc start= DISABLED sc config WPDBusEnum start= DEMAND sc config WpnService start= DISABLED sc config wscsvc start= AUTO sc config WSearch start= AUTO sc config wuauserv start= DEMAND sc config WwanSvc start= DISABLED sc config XblAuthManager start= DISABLED sc config XblGameSave start= DISABLED sc config XboxGipSvc start= DISABLED sc config XboxNetApiSvc start= DISABLED sc config BcastDVRUserService start= DISABLED sc config BluetoothUserService start= DISABLED sc config CaptureService start= DISABLED sc config cbdhsvc start= DEMAND sc config CDPUserSvc start= DISABLED sc config ConsentUxUserSvc start= DISABLED sc config DevicePickerUserSvc start= DISABLED sc config DevicesFlowUserSvc start= DEMAND sc config MessagingService start= DISABLED sc config PimIndexMaintenanceSvc start= DISABLED sc config PrintWorkflowUserSvc start= DISABLED sc config UnistoreSvc start= DISABLED sc config UserDataSvc start= DISABLED sc config WpnUserService start= DEMAND @pause
Everthing looks good to me probably you need to enable all TI priveliges: Code: NSudo -U:T -P:E "Path\RestoreAllMyServices.bat" as for one script, you can add this check at top to make the script re-lauch itself with Nsudo Code: @echo off %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && ( goto :OK ) || ( "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0" goto :eof ) :OK add your code after :OK, then add exit comand
Thanks a lot mate! Even with all TI privileges I still get the same 3 access denied errors, but I guess it's normal... One small thing, I had to change the code like this: Code: @echo %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && ( goto :OK ) || ( Nsudo -U:T -P:E "%~dpnx0" goto :eof ) :OK With %~dp0Nsudo it does not work. Is it because I've got Nsudo in C:/program files/Nsudo ? (I added Nsudo path to "PATH" environment variable, to be able to use the short name in cmd prompt) Or because my .bat is not on located C:/ drive? I understand somehow the %~dp command "expands" the drive where is the script to find Nsudo path? Sorry it's a bit foreign language for me, but I will get there Also is there a way to auto elevate it? or is it really that bad to do that? If I start it like this: Code: @echo set "params=%*" cd /d "%~dp0" && ( if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" ) && fsutil dirty query %systemdrive% 1>nul 2>nul || ( cmd /u /c echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "cmd.exe", "/k cd ""%~sdp0"" && %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs" && "%temp%\getadmin.vbs" && exit /B ) %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && ( goto :OK ) || ( Nsudo -U:T -P:E "%~dpnx0" goto :eof ) :OK it works, but first cmd window stays open so its a bit ugly Sorry to bother...thanks for your time and great work anyway!
Whatever works for you i just assumed Nsudo.exe is next to the script auto elevate is not always bad, but with script that change system services, accidental double-click will be unrecoverable specially if you have auto admin-elevation policy set (ConsentPromptBehaviorAdmin) anyway, this is my current elevation code Code: cd /d "%~dp0" && ( if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" ) && fsutil dirty query %systemdrive% 1>nul 2>nul || ( cmd /u /c echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "cmd.exe", "/k cd ""%~dp0"" && ""%~dpnx0""", "", "runas", 1 >> "%temp%\getadmin.vbs" && "%temp%\getadmin.vbs" 1>nul 2>nul && exit )
the ONLY way i know to disable EVERYTHING is "become" trusted installer & autoruns! i recently realized that telemetrics and diags even run in a clean old boot.wim.. from windows 8 for example. reason i guess is UEFI capabilities (bios size 16MB f.e. AND UEFI ram full size 128MB may be (is) the trick ;-) so.. try this in windows explorer folder location bar - not IE! https://live.sysinternals.com/
Thanks guys! Here's my final script for LTSC "core services" (took out acronis and some other custom/hardware services). With Nsudo next to the script: Code: @Echo cd %systemroot%\system32 call :IsAdmin %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && ( goto :OK ) || ( "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"&exit /b ) :OK @echo Restore "core services" start state, saved at 20:45:00,00 24/10/2018 @pause for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 2 /f ) for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 3 /f ) for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 4 /f ) for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do ( sc config %%G start= AUTO ) for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do ( sc config %%G start= DEMAND ) for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do ( sc config %%G start= DISABLED ) cmd /c @pause exit :IsAdmin Reg.exe query "HKU\S-1-5-19\Environment" If Not %ERRORLEVEL% EQU 0 ( Cls & echo You must have administrator rights to continue. @echo Press any key to exit... pause>NUL 2>&1 & exit ) Cls goto:eof With Nsudo "installed" (registred in environment path variables) Code: @Echo cd %systemroot%\system32 call :IsAdmin %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && ( goto :OK ) || ( NSudo -U:T -P:E "%~dpnx0"&exit /b ) :OK @echo Restore "core services" start state, saved at 20:45:00,00 24/10/2018 @pause for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 2 /f ) for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 3 /f ) for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && ( reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 4 /f ) for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do ( sc config %%G start= AUTO ) for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do ( sc config %%G start= DEMAND ) for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do ( sc config %%G start= DISABLED ) cmd /c @pause exit :IsAdmin Reg.exe query "HKU\S-1-5-19\Environment" If Not %ERRORLEVEL% EQU 0 ( Cls & echo You must have administrator rights to continue. @echo Press any key to exit... pause>NUL 2>&1 & exit ) Cls goto:eof