The problem that is happening has nothing to do with Toolkit or Custom Toolkit. ".\Toolkit\ISOsource" folder (for untouched ISOs) or ".\Toolkit\ISO" folder (for saving your customized ISOs)
I have untouched ISO, but where is "ISOsource" folder (can't see it)? Should I create the "ISOsource" folder myself?
When you start (GenericStart_LauncheMenu.cmd) Custom Toolkit for the first time the required folders will be created.
inTerActionVRI Thank you for your answerses! I have a small doubt. My ISO was created via uupdump.net Is it "untouched ISO" or "customized ISO"?
This started happening to me today, keep an eye on Windows Defender. It started flagging Trojan:Win32/Mamson.A!ml when trying to remove components. Allow it in defender and whitelist your toolkit folder and you'll be good to go.
How to add the nogenticket value to a protected registry key? Cannot take ownership and cannot change permissions. On a live system, without having to rebuild the image with toolkit and reinstall Registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\slui.exe\ Value: Nogenticket data: 1
Hey, Try the registry file from AveYo? RunAsTI.reg Atleast it works fine on a mounted registry hive... Code: Windows Registry Editor Version 5.00 ; Context Menu entries to use RunAsTI - lean and mean snippet by AveYo, 2018-2022 ; [FEATURES] ; - innovative HKCU load, no need for reg load / unload ping-pong; programs get the user profile ; - sets ownership privileges, high priority, and explorer support; get System if TI unavailable ; - accepts special characters in paths for which default run as administrator fails ; - show on the new 11 contextmenu via whitelisted id; plenty other available, f**k needing an app! ; 2022.04.07: PowerShell / Terminal here (if installed, use Terminal as TI, else use PowerShell as TI) [-HKEY_CLASSES_ROOT\RunAsTI] [-HKEY_CLASSES_ROOT\batfile\shell\setdesktopwallpaper] [-HKEY_CLASSES_ROOT\cmdfile\shell\setdesktopwallpaper] [-HKEY_CLASSES_ROOT\exefile\shell\setdesktopwallpaper] [-HKEY_CLASSES_ROOT\mscfile\shell\setdesktopwallpaper] [-HKEY_CLASSES_ROOT\Microsoft.PowerShellScript.1\shell\setdesktopwallpaper] [-HKEY_CLASSES_ROOT\regfile\shell\setdesktopwallpaper] [-HKEY_CLASSES_ROOT\Folder\shell\setdesktopwallpaper] [-HKEY_CLASSES_ROOT\Directory\background\shell\extract] ; To remove entries, copy paste above into undo_RunAsTI.reg file, then import it ; RunAsTI on .bat [HKEY_CLASSES_ROOT\batfile\shell\setdesktopwallpaper] "MUIVerb"="Run as trustedinstaller" "HasLUAShield"="" "Icon"="powershell.exe,0" [HKEY_CLASSES_ROOT\batfile\shell\setdesktopwallpaper\command] @="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -win 1 -nop -c iex((10..40|%%{(gp 'Registry::HKCR\\RunAsTI' $_ -ea 0).$_})-join[char]10); # --%% \"%L\"" ; RunAsTI on .cmd [HKEY_CLASSES_ROOT\cmdfile\shell\setdesktopwallpaper] "MUIVerb"="Run as trustedinstaller" "HasLUAShield"="" "Icon"="powershell.exe,0" [HKEY_CLASSES_ROOT\cmdfile\shell\setdesktopwallpaper\command] @="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -win 1 -nop -c iex((10..40|%%{(gp 'Registry::HKCR\\RunAsTI' $_ -ea 0).$_})-join[char]10); # --%% \"%L\"" ; RunAsTI on .exe [HKEY_CLASSES_ROOT\exefile\shell\setdesktopwallpaper] "MUIVerb"="Run as trustedinstaller" "HasLUAShield"="" "Icon"="powershell.exe,0" [HKEY_CLASSES_ROOT\exefile\shell\setdesktopwallpaper\command] @="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -win 1 -nop -c iex((10..40|%%{(gp 'Registry::HKCR\\RunAsTI' $_ -ea 0).$_})-join[char]10); # --%% \"%L\"" ; RunAsTI on .msc [HKEY_CLASSES_ROOT\mscfile\shell\setdesktopwallpaper] "MUIVerb"="Run as trustedinstaller" "HasLUAShield"="" "Icon"="powershell.exe,0" [HKEY_CLASSES_ROOT\mscfile\shell\setdesktopwallpaper\command] @="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -win 1 -nop -c iex((10..40|%%{(gp 'Registry::HKCR\\RunAsTI' $_ -ea 0).$_})-join[char]10); # --%% \"%L\"" ; RunAsTI on .ps1 [HKEY_CLASSES_ROOT\Microsoft.PowerShellScript.1\shell\setdesktopwallpaper] "MUIVerb"="Run as trustedinstaller" "HasLUAShield"="" "Icon"="powershell.exe,0" [HKEY_CLASSES_ROOT\Microsoft.PowerShellScript.1\shell\setdesktopwallpaper\command] @="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -win 1 -nop -c iex((10..40|%%{(gp 'Registry::HKCR\\RunAsTI' $_ -ea 0).$_})-join[char]10); # --%% powershell -nop -c iex((gc -lit '%L')-join[char]10)" ; RunAsTI on .reg [HKEY_CLASSES_ROOT\regfile\shell\setdesktopwallpaper] "MUIVerb"="Import as trustedinstaller" "HasLUAShield"="" "Icon"="powershell.exe,0" [HKEY_CLASSES_ROOT\regfile\shell\setdesktopwallpaper\command] @="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -win 1 -nop -c iex((10..40|%%{(gp 'Registry::HKCR\\RunAsTI' $_ -ea 0).$_})-join[char]10); # --%% regedit /s \"%L\"" ; RunAsTI on Folder [HKEY_CLASSES_ROOT\Folder\shell\setdesktopwallpaper] "MuiVerb"="Open as trustedinstaller" "HasLUAShield"="" "Icon"="powershell.exe,0" "AppliesTo"="NOT System.ParsingName:=\"::{645FF040-5081-101B-9F08-00AA002F954E}\"" [HKEY_CLASSES_ROOT\Folder\shell\setdesktopwallpaper\command] @="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -win 1 -nop -c iex((10..40|%%{(gp 'Registry::HKCR\\RunAsTI' $_ -ea 0).$_})-join[char]10); # --%% \"%L\"" ; Open Terminal or Powershell as trustedinstaller here - can spawn another terminal with: cmd /c $env:wt [HKEY_CLASSES_ROOT\Directory\background\shell\extract] "MuiVerb"="PowerShell / Terminal" "HasLUAShield"="" "NoWorkingDirectory"="" "Position"=- "Position"="Middle" "Icon"="powershell.exe,0" [HKEY_CLASSES_ROOT\Directory\background\shell\extract\command] @="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -win 1 -nop -c iex((10..40|%%{(gp 'Registry::HKCR\\RunAsTI' $_ -ea 0).$_})-join[char]10); # --%% cmd /c pushd \"%V\" & start \"RunAsTI\" %%wt%%" ; RunAsTI function [HKEY_CLASSES_ROOT\RunAsTI] "10"="function RunAsTI ($cmd,$arg) { $id='RunAsTI'; $key=\"Registry::HKU\\$(((whoami /user)-split' ')[-1])\\Volatile Environment\"; $code=@'" "11"=" $I=[int32]; $M=$I.module.gettype(\"System.Runtime.Interop`Services.Mar`shal\"); $P=$I.module.gettype(\"System.Int`Ptr\"); $S=[string]" "12"=" $D=@(); $T=@(); $DM=[AppDomain]::CurrentDomain.\"DefineDynami`cAssembly\"(1,1).\"DefineDynami`cModule\"(1); $Z=[uintptr]::size " "13"=" 0..5|% {$D += $DM.\"Defin`eType\"(\"AveYo_$_\",1179913,[ValueType])}; $D += [uintptr]; 4..6|% {$D += $D[$_].\"MakeByR`efType\"()}" "14"=" $F='kernel','advapi','advapi', ($S,$S,$I,$I,$I,$I,$I,$S,$D[7],$D[8]), ([uintptr],$S,$I,$I,$D[9]),([uintptr],$S,$I,$I,[byte[]],$I)" "15"=" 0..2|% {$9=$D[0].\"DefinePInvok`eMethod\"(('CreateProcess','RegOpenKeyEx','RegSetValueEx')[$_],$F[$_]+'32',8214,1,$S,$F[$_+3],1,4)}" "16"=" $DF=($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$S,$S,$S,$I,$I,$I,$I,$I,$I,$I,$I,[int16],[int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I)" "17"=" 1..5|% {$k=$_; $n=1; $DF[$_-1]|% {$9=$D[$k].\"Defin`eField\"('f' + $n++, $_, 6)}}; 0..5|% {$T += $D[$_].\"Creat`eType\"()}" "18"=" 0..5|% {nv \"A$_\" ([Activator]::CreateInstance($T[$_])) -fo}; function F ($1,$2) {$T[0].\"G`etMethod\"($1).invoke(0,$2)}" "19"=" $TI=(whoami /groups)-like'*1-16-16384*'; $As=0; if(!$cmd) {$cmd='control';$arg='admintools'}; if ($cmd-eq'This PC'){$cmd='file:'}" "20"=" if (!$TI) {'TrustedInstaller','lsass','winlogon'|% {if (!$As) {$9=sc.exe start $_; $As=@(get-process -name $_ -ea 0|% {$_})[0]}}" "21"=" function M ($1,$2,$3) {$M.\"G`etMethod\"($1,[type[]]$2).invoke(0,$3)}; $H=@(); $Z,(4*$Z+16)|% {$H += M \"AllocHG`lobal\" $I $_}" "22"=" M \"WriteInt`Ptr\" ($P,$P) ($H[0],$As.Handle); $A1.f1=131072; $A1.f2=$Z; $A1.f3=$H[0]; $A2.f1=1; $A2.f2=1; $A2.f3=1; $A2.f4=1" "23"=" $A2.f6=$A1; $A3.f1=10*$Z+32; $A4.f1=$A3; $A4.f2=$H[1]; M \"StructureTo`Ptr\" ($D[2],$P,[boolean]) (($A2 -as $D[2]),$A4.f2,$false)" "24"=" $Run=@($null, \"powershell -win 1 -nop -c iex `$env:R; # $id\", 0, 0, 0, 0x0E080600, 0, $null, ($A4 -as $T[4]), ($A5 -as $T[5]))" "25"=" F 'CreateProcess' $Run; return}; $env:R=''; rp $key $id -force; $priv=[diagnostics.process].\"GetM`ember\"('SetPrivilege',42)[0]" "26"=" 'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege' |% {$priv.Invoke($null, @(\"$_\",2))}" "27"=" $HKU=[uintptr][uint32]2147483651; $NT='S-1-5-18'; $reg=($HKU,$NT,8,2,($HKU -as $D[9])); F 'RegOpenKeyEx' $reg; $LNK=$reg[4]" "28"=" function L ($1,$2,$3) {sp 'Registry::HKCR\\AppID\\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}' 'RunAs' $3 -force -ea 0" "29"=" $b=[Text.Encoding]::Unicode.GetBytes(\"\\Registry\\User\\$1\"); F 'RegSetValueEx' @($2,'SymbolicLinkValue',0,6,[byte[]]$b,$b.Length)}" "30"=" function Q {[int](gwmi win32_process -filter 'name=\"explorer.exe\"'|?{$_.getownersid().sid-eq$NT}|select -last 1).ProcessId}" "31"=" $env:wt='powershell'; dir \"$env:ProgramFiles\\WindowsApps\\Microsoft.WindowsTerminal*\\wt.exe\" -rec|% {$env:wt='\"'+$_.FullName+'\" \"-d .\"'}" "32"=" $11bug=($((gwmi Win32_OperatingSystem).BuildNumber)-eq'22000')-AND(($cmd-eq'file:')-OR(test-path -lit $cmd -PathType Container))" "33"=" if ($11bug) {'System.Windows.Forms','Microsoft.VisualBasic' |% {$9=[Reflection.Assembly]::LoadWithPartialName(\"'$_\")}}" "34"=" if ($11bug) {$path='^(l)'+$($cmd -replace '([\\+\\^\\%\\~\\(\\)\\[\\]])','{$1}')+'{ENTER}'; $cmd='control.exe'; $arg='admintools'}" "35"=" L ($key-split'\\\\')[1] $LNK ''; $R=[diagnostics.process]::start($cmd,$arg); if ($R) {$R.PriorityClass='High'; $R.WaitForExit()}" "36"=" if ($11bug) {$w=0; do {if($w-gt40){break}; sleep -mi 250;$w++} until (Q); [Microsoft.VisualBasic.Interaction]::AppActivate($(Q))}" "37"=" if ($11bug) {[Windows.Forms.SendKeys]::SendWait($path)}; do {sleep 7} while(Q); L '.Default' $LNK 'Interactive User'" "38"="'@; $V='';'cmd','arg','id','key'|%{$V+=\"`n`$$_='$($(gv $_ -val)-replace\"'\",\"''\")';\"}; sp $key $id $($V,$code) -type 7 -force -ea 0" "39"=" start powershell -args \"-win 1 -nop -c `n$V `$env:R=(gi `$key -ea 0).getvalue(`$id)-join''; iex `$env:R\" -verb runas" "40"="}; $A=([environment]::commandline-split'-[-]%+ ?',2)[1]-split'\"([^\"]+)\"|([^ ]+)',2|%{$_.Trim(' \"')}; RunAsTI $A[1] $A[2]; # AveYo, 2022.04.07" ; [code] [QUOTE="Yanta, post: 1750647, member: 861057"] Registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\slui.exe\ Value: Nogenticket data: 1[/QUOTE]
Yup. For our case (use of tools to modify), I am considering custom, only those Images that undergo modifications made by the end user.
See if it works with mounting hives to apply the tweak commands. I think that only the last command can give error as it is applying directly to the Local Machine Registry. Save as "NoGenTicket.cmd" and Run as Admin or even as Thrustedinstaller Code: @echo OFF cd /d "%~dp0" setlocal EnableExtensions EnableDelayedExpansion for /f %%f in ('dir /B /ADH-I /OG "%HomeDRIVE%\Users" ^| findstr.exe /I "Default" 2^>nul') do ( if exist "%HomeDRIVE%\Users\%%f\NTUSER.dat" ( set "DU_NTUSERdat=%HomeDRIVE%\Users\%%f\NTUSER.dat" ) ) if exist "%USERPROFILE%\NTUSER.dat" ( set "CUP_NTUSERdat=%USERPROFILE%\NTUSER.dat" ) TaskKill.exe /F /IM "explorer.exe" :: Mounting Live Windows Session Image Registry Hive for: rem Default USER reg.exe load HKLM\HKDU "!DU_NTUSERdat!" rem Current USER Profile reg.exe load HKLM\HKCUP "!CUP_NTUSERdat!" reg.exe add "HKLM\HKDU\Software\Classes\AppID\slui.exe" /v "NoGenTicket" /t REG_DWORD /d "1" /f reg.exe add "HKLM\HKDU\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "NoGenTicket" /t REG_DWORD /d "1" /f reg.exe add "HKLM\HKCUP\Software\Classes\AppID\slui.exe" /v "NoGenTicket" /t REG_DWORD /d "1" /f reg.exe add "HKLM\HKCUP\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "NoGenTicket" /t REG_DWORD /d "1" /f rem Directly to Classes ROOT entries reg.exe add "HKCR\AppID\slui.exe" /v "NoGenTicket" /t REG_DWORD /d "1" /f rem Directly to Local Machine entries reg.exe add "HKLM\SOFTWARE\Classes\AppID\slui.exe" /v "NoGenTicket" /t REG_DWORD /d "1" /f reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "NoGenTicket" /t REG_DWORD /d "1" /f :: Un-Mounting Image Registry Hive reg.exe unload HKLM\HKDU reg.exe unload HKLM\HKCUP start "" /I "explorer.exe" exit /B 0 EDIT: I put the entrance you mentioned (...\Classes\AppID\slui.exe) in the commands.
When trying to remove components from the wim image, I get the generic error "This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information." How do I fix this?
As I said, "This week I would try with the new update." I come to bring the resolution feedback. I simply made the new custom iso 19044.1947. I did the Inplace Update and everything went well. Problem solved.
Thanks. Sorry for the delay. Had to wait for the weekend to try it out. All of the slui.exe reg commands fail with Access Denied. Checked the registry after reboot and none of the slui.exe registry entries have been added.
Understood. If even executing the script as Admin, it didn't work out, I don't know another way to help you right now. You are not using some of the SPbuilds 1862, 1865 or 1889 right? If so, try update to 19044.1947. These previous ones were very bugged. In the tests and my daily use, I realized this. In this 1947 fluidity came back.
Has anybody heard from @MSMG recently? I suspect he has gone quiet, because he is working hard to help his family, but I wondered if perhaps anybody else knew if he was okay. Looking to reinstall Windows 10 19044.1889 on a machine soon, but would rather have a clean install with help from the ToolKit before doing so.
Are the apps we remove with MSMG toolkit still supposed to show up under settings > apps in win11? Several of the ones I removed are still showing up and can be "uninstalled".