Just download EnterpriseS. You can create IoTEnterpriseS with abbodi's CreateVirtualEditions.cmd. As you know it is placed next to Convert-UUP.cmd into uup-converter-wimlib-120z.7z.
The ControlSetxxx keys were especially popular during the NT4 era, where you could create and switch between multiple Hardware Profiles. The HWProfiles would become the ControlSet001, ControlSet002 etc. Registry branches, and CurrentControlSet would always be mapped to the active HWProfile. No idea if that is still a thing, most PCs only have ControlSet001, these days. Edit: Looks like RemoteDesktop feature sometimes creates a second HWProfile for its redirect devices.
I instruct people to avoid using CurrentControlSet and use ControlSet001 instead, as it avoids some STOP CODE boot errors if there is a CurrentControlSet integration. Often, people want to use their own registry entries to integrate into the images, the Toolkit and IMCK do the conversion, but in other cases, people have to pay attention to this. I even suggest, in any case of booting with STOP CODE ERRORS, when dealing with custom images, that you check the registry integration (tweaks), looking for these CurrentControlSet entries and correct the *.reg files accordingly. EDITED translation issue: from: I instruct you to avoid to: I instruct people to avoid
@inTerActionVRI. Thanks for the clarification about 26H1 IoT Enterprise. I thought I read on Reddit that those virtual editions simply "marked" the OS as being a particular version and did not necessarily install all of the unique files belonging to that version. Good to know.
I understand. By raising this question, we can expect people who know both versions and who can make a comparison. Using an official version or a version on Massgrave, for example (supposedly an MSDN -- I say this because I really don't know the origin or how they were made) or creating via CreateVirtualEditions. But the virtual edition created by the tool is not just about renaming the Edition. The Reddit comments you read seem to assume that's all it is. About 24H2 which can accept EP integration becoming a 25H2. But, if you try something like that with 19044.1288 integrating EP to turn it into 19045, expect many problems. I've already tried, hehehehe! First, I read IoT and mistakenly thought of LTSC. I took the opportunity to research what the current LTSC is, just to avoid any misunderstandings. The non-LTSC version 26H1 IoT Enterprise can be present in any non-LTSC and non-Server ISO. This is derived from the Pro Edition. There are no 26H1 LTSC Enterprise, much less 26H1 LTSC IoT Enterprise. The US LTSC has both editions. For other languages, you have to create them virtually with the Create Virtual Editions tool. So, only the 24H2 LTSC Enterprise (EnterpriseS) VL Edition is the basis that allows the creation of the 24H2 LTSC IoT Enterprise (IoTEnterpriseS) OEM Edition. So, I don't recommend it for 24H2. I suggest you keep receiving official updates on your LTSC. If you use the Enablement Package, you will receive unstable updates, and the goal of LTS is to maintain stability. But some people want all the weekly updates; the decision is yours. And, I might be wrong in this thinking. If I'm wrong, correct me, because learning always increases.
Yes, just to clarifying. I think the ISO customization for Clean Install or Inplace Upgrade. But for Inplace Upgrade we need to be also carefull about this.
I agree! My only concern is with the Windows 11 Iot LTSC updates. Some of them clock in at 3GB-4GB in size. That s feels like more than security fixes and more like wholesale replacement of the OS. So that's why I've stayed with Windows 10 and MSO 2016. Whole lot less chatter with Microsoft & easier for me to manage the platform.
Yes. Adding to HKLM\TK_NTUSER adds entries here Users\Default\NTUSER.DAT and is then used for all new users
Thats why I keep doing Inplace Upgrade, always with my updated customized ISO, never by Windows Update or W10UI in Online mode. But, until now, my experience with the 23631 23H2 was better than with the previous 22000 and 22621. I didn't even use the 24H2, I migrated directly to the 25H2 and haven't had a good experience with it. I'm seriously considering switching to the 19044.1288 IoT Enterprise.
After applying these parameters, Yandex Music is still installed. Spoiler: Disable Automatic Download and Install of 3rd Party Apps Reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OemPreInstalledAppsEnabled" /t REG_DWORD /d "0" /f >nul 2>&1 Reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d "0" /f >nul 2>&1 Reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d "0" /f >nul 2>&1 Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d "1" /f >nul 2>&1 They probably changed something and need to disable some other parameter so that Yandex music is not installed. Does anyone know what else needs to be disabled to prevent Yandex music from being installed?
Spoiler Selection menu for Windows Defender SmartScreen Smart App Control :AskCHOICEDEFENDER echo. echo. echo ------------------------------------------------------------ echo Do you want to disable Windows Defender? echo ------------------------------------------------------------ echo. set "CHOICEDEFENDER=" set /p "CHOICEDEFENDER=Choice Your Option [Y/N]: " if /i "%CHOICEDEFENDER%"=="Y" ( set DisableDefender=1 echo Yes, Disable Defender ) else if /i "%CHOICEDEFENDER%"=="N" ( set DisableDefender=0 echo No, Keep Defender enabled ) else ( echo. echo Invalid input. Please type Y or N. echo. goto AskCHOICEDEFENDER ) if defined DisableDefender if "%DisableDefender%"=="1" ( echo. echo ============================================================ echo Disabling Windows Defender Optional echo ============================================================ echo. setlocal enabledelayedexpansion set /a defCount=0 for %%F in (Windows-Defender-Default-Definitions) do ( "%DISM11%" /English /Image:"%MountDir%" /Disable-Feature /FeatureName:%%F /Quiet >nul 2>&1 if !errorlevel! equ 0 ( set /a defCount+=1 echo [!defCount!] [OK] Disabled feature: %%F ) else ( echo Feature not found or already disabled: %%F ) ) echo. echo Total Defender features disabled: !defCount! echo Cleanup completed successfully. endlocal ) if defined DisableDefender if "%DisableDefender%"=="1" ( echo. echo ============================================================ echo Removing SecurityHealth UI App echo ============================================================ echo. setlocal enabledelayedexpansion set /a uiCount=0 for %%U in (Microsoft.SecHealthUI) do ( for /f "tokens=*" %%A in ('dir /b /ad "%MountDir%\Program Files\WindowsApps" 2^>nul ^| find /i "%%U"') do ( rd /s /q "%MountDir%\Program Files\WindowsApps\%%A" if not exist "%MountDir%\Program Files\WindowsApps\%%A" ( set /a uiCount+=1 echo [!uiCount!] [OK] Removed: %%A ) ) ) echo. echo Total SecurityHealth UI instances removed: !uiCount! echo Cleanup completed successfully. endlocal ) echo. echo ============================================================ echo Mount Image Registry echo ============================================================ echo. reg load HKLM\TK_DEFAULT "%MountDir%\Windows\System32\config\DEFAULT" reg load HKLM\TK_NTUSER "%MountDir%\Users\Default\NTUSER.DAT" reg load HKLM\TK_SOFTWARE "%MountDir%\Windows\System32\config\SOFTWARE" reg load HKLM\TK_SYSTEM "%MountDir%\Windows\System32\config\SYSTEM" If "%DisableDefender%"=="1" ( echo. echo ============================================================ echo Disable Windows Defender echo ============================================================ echo. :: Account Protection & Notifications reg add "HKLM\TK_NTUSER\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f :: Primary tamper protection settings reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d 0 /f :: Additional tamper protection settings reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t REG_DWORD /d 2 /f reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d 1 /f :: Signature Updates reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v "FirstAuGracePeriod" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableUpdateOnStartupWithoutEngine" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleDay" /t REG_DWORD /d "8" /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleTime" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureUpdateCatchupInterval" /t REG_DWORD /d 0 /f :: Privacy & Startup reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /t REG_BINARY /d "030000000000000000000000" /f :: Microsoft Malicious Software Removal Tool (MRT) reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f :: System Tray & UI reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d 1 /f :: Policy Settings reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t REG_DWORD /d 0 /f :: Exclusions & Engine reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d 0 /f :: Quarantine reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "LocalSettingOverridePurgeItemsAfterDelay" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t REG_DWORD /d 0 /f :: Real-Time Protection reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScriptScanning" /t REG_DWORD /d 1 /f :: Remediation Schedule reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Remediation" /v "Scan_ScheduleDay" /t REG_DWORD /d "8" /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Remediation" /v "Scan_ScheduleTime" /t REG_DWORD /d 0 /f :: Reporting reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "AdditionalActionTimeOut" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "CriticalFailureTimeOut" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "NonCriticalTimeOut" /t REG_DWORD /d 0 /f :: Scan Settings reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "AvgCPULoadFactor" /t REG_DWORD /d "16" /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableArchiveScanning" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupFullScan" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupQuickScan" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRemovableDriveScanning" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRestorePoint" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningMappedNetworkDrivesForFullScan" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningNetworkFiles" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "PurgeItemsAfterDelay" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScanOnlyIfIdle" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScanParameters" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScheduleDay" /t REG_DWORD /d "8" /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScheduleTime" /t REG_DWORD /d 0 /f :: SpyNet Settings reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SpyNetReporting" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SpyNetReportingLocation" /t REG_MULTI_SZ /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f :: Event Logging reg add "HKLM\TK_SYSTEM\ControlSet001\Services\EventLog\System\Microsoft-Antimalware-ShieldProvider" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\TK_SYSTEM\ControlSet001\Services\EventLog\System\WinDefend" /v "Start" /t REG_DWORD /d "4" /f :: Default Profile reg add "HKLM\TK_DEFAULT\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 0 /f :: Remove Startup Entries reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f :: Hide Defender & Insider in Settings reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /t REG_SZ /d "Hide:windowsinsider;windowsdefender" /f :: Keep Disabled apps from returning reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SecHealthUI_8wekyb3d8bbwe" /f echo. echo ============================================================ echo Disabling DefenderApiLogger and DefenderAuditLogger echo ============================================================ echo. setlocal enabledelayedexpansion set /a svcCount=0 for %%s in (DefenderApiLogger DefenderAuditLogger) do ( reg add "HKLM\TK_SYSTEM\ControlSet001\Control\WMI\Autologger\%%s" /v "Start" /t REG_DWORD /d 0 /f if !errorlevel! equ 0 ( set /a svcCount+=1 echo [OK] Disabled: %%s ) ) echo. echo Total : !svcCount! echo Disabling completed successfully. endlocal echo. echo ============================================================ echo Disabling services WinDefender echo ============================================================ echo. setlocal enabledelayedexpansion set /a svcCount=0 for %%s in (WdBoot WdFilter SecurityHealthService WdNisDrv WdNisSvc MsSecFlt WinDefend Sense) do ( reg add "HKLM\TK_SYSTEM\ControlSet001\Services\%%s" /v "Start" /t REG_DWORD /d 4 /f if !errorlevel! equ 0 ( set /a svcCount+=1 echo [OK] Disabled: %%s ) ) echo. echo Total : !svcCount! echo Disabling completed successfully. endlocal echo. echo ============================================================ echo Delete scheduled tasks WinDefender echo ============================================================ echo. setlocal enabledelayedexpansion set /a taskcount=0 for %%t in ( "Windows Defender\Windows Defender Cache Maintenance" "Windows Defender\Windows Defender Cleanup" "Windows Defender\Windows Defender Scheduled Scan" "Windows Defender\Windows Defender Verification" "ExploitGuard\ExploitGuard MDM policy Refresh" ) do ( for /f "tokens=3 delims= " %%a in ('reg query "HKLM\TK_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\%%~t" /v "Id" 2^>nul ^| find /i "Id" ^| find /i "REG_SZ"') do ( echo Removing task %%~t if !errorlevel! equ 0 set /a taskcount+=1 reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\%%~t" /f ) ) echo. echo Total removed scheduled tasks: !taskcount! echo Tasks successfully deleted. endlocal echo. echo ============================================================ echo Disable SmartScreen echo ============================================================ echo. :: NTUSER - AppHost Settings reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 0 /f reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d 0 /f :: System Security Health reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t REG_DWORD /d 0 /f :: AppHost & Explorer Settings reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f :: Internet Explorer & Legacy Edge reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d 0 /f :: Windows System Policies === reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d 0 /f :: Windows Defender SmartScreen Policies reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d 0 /f :: DEFAULT Profile - AppHost reg add "HKLM\TK_DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 0 /f reg add "HKLM\TK_DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d 0 /f :: DEFAULT Profile - Edge Policy reg add "HKLM\TK_DEFAULT\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t REG_DWORD /d 0 /f :: Disable SmartScreen in Microsoft Edge (system-wide) reg add "HKLM\TK_NTUSER\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d 1 /f reg add "HKLM\TK_NTUSER\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverrideForFiles" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverrideForFiles" /t REG_DWORD /d 1 /f reg add "HKLM\TK_DEFAULT\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d 1 /f reg add "HKLM\TK_DEFAULT\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverrideForFiles" /t REG_DWORD /d 1 /f :: Disable SmartScreen Runtime Services reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.AppReputationService" /v "ActivationType" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.EventLogger" /v "ActivationType" /t REG_DWORD /d 1 /f reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.UriReputationService" /v "ActivationType" /t REG_DWORD /d 1 /f :: Removing Provisioned AppPackages from Registry for %%i in (SecHealthUI) do ( for /f %%a in ('reg query "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications" /f %%i /k ^| find /i "Applications"') do if not errorlevel 1 (reg delete %%a /f) echo. echo Removing %%i from Registry ) echo. echo ============================================================ echo Firewall logging cleanup echo ============================================================ echo. :: Domain profile logging OFF reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging" /v "LogDroppedPackets" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging" /v "LogSuccessfulConnections" /t REG_DWORD /d 0 /f :: Standard profile logging OFF reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging" /v "LogDroppedPackets" /t REG_DWORD /d 0 /f reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging" /v "LogSuccessfulConnections" /t REG_DWORD /d 0 /f echo. echo Firewall logging disabled. echo. echo ============================================================ echo INSIDER PAGE - HIDE echo ============================================================ echo. reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" /v HideInsiderPage /t REG_DWORD /d 1 /f :: If you are disabling Windows Defender, you also need to disable Smart App Control. echo. echo ============================================================ echo Turn off Smart App Control echo ============================================================ echo. reg add "HKLM\TK_SYSTEM\ControlSet001\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d 0 /f ) echo. echo Defender and SmartScreen is disabled. echo. echo ============================================================ echo Unmounting Image Registry echo ============================================================ echo. reg unload HKLM\TK_DEFAULT reg unload HKLM\TK_NTUSER reg unload HKLM\TK_SOFTWARE reg unload HKLM\TK_SYSTEM echo. echo Finalized...
test: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent] "DisableCloudOptimizedContent"=dword:00000001
anyone knows why removing these packages with dism does not work anymore on 26h1? Microsoft-Windows-OneDrive-Setup-Package Microsoft-Windows-OneDrive-Setup-WOW64-Package packages get removed but onedrive still getting installed.
Everything is disabled in this branch HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent I added two parameters and watched for a couple of days... And Yandex music didn't show up. reg add 'HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'ContentDeliveryAllowed' /t REG_DWORD /d 0 /f reg add 'HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'SoftLandingEnabled' /t REG_DWORD /d 0 /f On version 26H1, after using the command reg add 'HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'ContentDeliveryAllowed' /t REG_DWORD /d 0 /f then, when installing windows, the value is overwritten again to 1
To prevent OneDrive from being installed, I use the command in SetupComplete.cmd Code: schtasks /change /tn "Microsoft\OneDrive\OneDrive Per-Machine First Setup Task" /disable Starting with version 26H1, they moved the auto-install command to the task scheduler.