1. inTerActionVRI

    inTerActionVRI MDL Expert

    Sep 23, 2009
    1,770
    3,601
    60
    Just download EnterpriseS.
    You can create IoTEnterpriseS with abbodi's CreateVirtualEditions.cmd. As you know it is placed next to Convert-UUP.cmd into uup-converter-wimlib-120z.7z.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    8,076
    10,298
    270
    #27562 Carlos Detweiller, Jan 15, 2026
    Last edited: Jan 16, 2026
    The ControlSetxxx keys were especially popular during the NT4 era, where you could create and switch between multiple Hardware Profiles. The HWProfiles would become the ControlSet001, ControlSet002 etc. Registry branches, and CurrentControlSet would always be mapped to the active HWProfile. No idea if that is still a thing, most PCs only have ControlSet001, these days.

    Edit: Looks like RemoteDesktop feature sometimes creates a second HWProfile for its redirect devices.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. maximusdreamer

    maximusdreamer MDL Novice

    Jan 15, 2026
    1
    0
    0
  4. inTerActionVRI

    inTerActionVRI MDL Expert

    Sep 23, 2009
    1,770
    3,601
    60
    #27564 inTerActionVRI, Jan 16, 2026
    Last edited: Jan 16, 2026
    I instruct people to avoid using CurrentControlSet and use ControlSet001 instead, as it avoids some STOP CODE boot errors if there is a CurrentControlSet integration.
    Often, people want to use their own registry entries to integrate into the images, the Toolkit and IMCK do the conversion, but in other cases, people have to pay attention to this. I even suggest, in any case of booting with STOP CODE ERRORS, when dealing with custom images, that you check the registry integration (tweaks), looking for these CurrentControlSet entries and correct the *.reg files accordingly.

    EDITED translation issue:
    from:
    I instruct you to avoid
    to:
    I instruct people to avoid
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. imlost2

    imlost2 MDL Member

    Aug 5, 2013
    183
    185
    10
    @inTerActionVRI. Thanks for the clarification about 26H1 IoT Enterprise. I thought I read on Reddit that those virtual editions simply "marked" the OS as being a particular version and did not necessarily install all of the unique files belonging to that version. Good to know.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    8,076
    10,298
    270
    As long as ControlSet001 is the active profile. But that is not always the case.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. inTerActionVRI

    inTerActionVRI MDL Expert

    Sep 23, 2009
    1,770
    3,601
    60
    I understand.
    By raising this question, we can expect people who know both versions and who can make a comparison. Using an official version or a version on Massgrave, for example (supposedly an MSDN -- I say this because I really don't know the origin or how they were made) or creating via CreateVirtualEditions.

    But the virtual edition created by the tool is not just about renaming the Edition. The Reddit comments you read seem to assume that's all it is.

    About 24H2 which can accept EP integration becoming a 25H2. But, if you try something like that with 19044.1288 integrating EP to turn it into 19045, expect many problems. I've already tried, hehehehe!
    First, I read IoT and mistakenly thought of LTSC.
    I took the opportunity to research what the current LTSC is, just to avoid any misunderstandings.
    The non-LTSC version 26H1 IoT Enterprise can be present in any non-LTSC and non-Server ISO. This is derived from the Pro Edition.
    There are no 26H1 LTSC Enterprise, much less 26H1 LTSC IoT Enterprise.
    The US LTSC has both editions. For other languages, you have to create them virtually with the Create Virtual Editions tool. So, only the 24H2 LTSC Enterprise (EnterpriseS) VL Edition is the basis that allows the creation of the 24H2 LTSC IoT Enterprise (IoTEnterpriseS) OEM Edition.

    So, I don't recommend it for 24H2.
    I suggest you keep receiving official updates on your LTSC. If you use the Enablement Package, you will receive unstable updates, and the goal of LTS is to maintain stability. But some people want all the weekly updates; the decision is yours.
    And, I might be wrong in this thinking. If I'm wrong, correct me, because learning always increases.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. inTerActionVRI

    inTerActionVRI MDL Expert

    Sep 23, 2009
    1,770
    3,601
    60
    Yes, just to clarifying. I think the ISO customization for Clean Install or Inplace Upgrade. But for Inplace Upgrade we need to be also carefull about this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. imlost2

    imlost2 MDL Member

    Aug 5, 2013
    183
    185
    10
    I agree! My only concern is with the Windows 11 Iot LTSC updates. Some of them clock in at 3GB-4GB in size. That s feels like more than security fixes and more like wholesale replacement of the OS. So that's why I've stayed with Windows 10 and MSO 2016. Whole lot less chatter with Microsoft & easier for me to manage the platform.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Igor147

    Igor147 MDL Member

    Oct 20, 2016
    162
    75
    10
    Yes. Adding to HKLM\TK_NTUSER adds entries here Users\Default\NTUSER.DAT and is then used for all new users
     
  11. inTerActionVRI

    inTerActionVRI MDL Expert

    Sep 23, 2009
    1,770
    3,601
    60
    Thats why I keep doing Inplace Upgrade, always with my updated customized ISO, never by Windows Update or W10UI in Online mode.
    But, until now, my experience with the 23631 23H2 was better than with the previous 22000 and 22621. I didn't even use the 24H2, I migrated directly to the 25H2 and haven't had a good experience with it. I'm seriously considering switching to the 19044.1288 IoT Enterprise.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Igor147

    Igor147 MDL Member

    Oct 20, 2016
    162
    75
    10
    #27572 Igor147, Jan 25, 2026
    Last edited: Jan 25, 2026
    After applying these parameters, Yandex Music is still installed.
    Reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OemPreInstalledAppsEnabled" /t REG_DWORD /d "0" /f >nul 2>&1
    Reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d "0" /f >nul 2>&1
    Reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d "0" /f >nul 2>&1
    Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d "1" /f >nul 2>&1
    They probably changed something and need to disable some other parameter so that Yandex music is not installed.
    Does anyone know what else needs to be disabled to prevent Yandex music from being installed?
     
  13. sergey130270

    sergey130270 MDL Senior Member

    May 15, 2014
    299
    395
    10
    #27573 sergey130270, Feb 10, 2026
    Last edited: Feb 10, 2026
    Selection menu for
    Windows Defender
    SmartScreen
    Smart App Control


    :AskCHOICEDEFENDER
    echo.
    echo.
    echo ------------------------------------------------------------
    echo Do you want to disable Windows Defender?
    echo ------------------------------------------------------------
    echo.

    set "CHOICEDEFENDER="
    set /p "CHOICEDEFENDER=Choice Your Option [Y/N]: "

    if /i "%CHOICEDEFENDER%"=="Y" (
    set DisableDefender=1
    echo Yes, Disable Defender
    ) else if /i "%CHOICEDEFENDER%"=="N" (
    set DisableDefender=0
    echo No, Keep Defender enabled
    ) else (
    echo.
    echo Invalid input. Please type Y or N.
    echo.
    goto AskCHOICEDEFENDER
    )


    if defined DisableDefender if "%DisableDefender%"=="1" (
    echo.
    echo ============================================================
    echo Disabling Windows Defender Optional
    echo ============================================================
    echo.

    setlocal enabledelayedexpansion
    set /a defCount=0

    for %%F in (Windows-Defender-Default-Definitions) do (
    "%DISM11%" /English /Image:"%MountDir%" /Disable-Feature /FeatureName:%%F /Quiet >nul 2>&1
    if !errorlevel! equ 0 (
    set /a defCount+=1
    echo [!defCount!] [OK] Disabled feature: %%F
    ) else (
    echo Feature not found or already disabled: %%F
    )
    )

    echo.
    echo Total Defender features disabled: !defCount!
    echo Cleanup completed successfully.
    endlocal
    )


    if defined DisableDefender if "%DisableDefender%"=="1" (
    echo.
    echo ============================================================
    echo Removing SecurityHealth UI App
    echo ============================================================
    echo.

    setlocal enabledelayedexpansion
    set /a uiCount=0

    for %%U in (Microsoft.SecHealthUI) do (
    for /f "tokens=*" %%A in ('dir /b /ad "%MountDir%\Program Files\WindowsApps" 2^>nul ^| find /i "%%U"') do (
    rd /s /q "%MountDir%\Program Files\WindowsApps\%%A"
    if not exist "%MountDir%\Program Files\WindowsApps\%%A" (
    set /a uiCount+=1
    echo [!uiCount!] [OK] Removed: %%A
    )
    )
    )

    echo.
    echo Total SecurityHealth UI instances removed: !uiCount!
    echo Cleanup completed successfully.
    endlocal
    )


    echo.
    echo ============================================================
    echo Mount Image Registry
    echo ============================================================
    echo.

    reg load HKLM\TK_DEFAULT "%MountDir%\Windows\System32\config\DEFAULT"
    reg load HKLM\TK_NTUSER "%MountDir%\Users\Default\NTUSER.DAT"
    reg load HKLM\TK_SOFTWARE "%MountDir%\Windows\System32\config\SOFTWARE"
    reg load HKLM\TK_SYSTEM "%MountDir%\Windows\System32\config\SYSTEM"


    If "%DisableDefender%"=="1" (
    echo.
    echo ============================================================
    echo Disable Windows Defender
    echo ============================================================
    echo.

    :: Account Protection & Notifications
    reg add "HKLM\TK_NTUSER\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f

    :: Primary tamper protection settings
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d 0 /f

    :: Additional tamper protection settings
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t REG_DWORD /d 2 /f
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d 1 /f

    :: Signature Updates
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v "FirstAuGracePeriod" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableUpdateOnStartupWithoutEngine" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleDay" /t REG_DWORD /d "8" /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleTime" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureUpdateCatchupInterval" /t REG_DWORD /d 0 /f

    :: Privacy & Startup
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /t REG_BINARY /d "030000000000000000000000" /f

    :: Microsoft Malicious Software Removal Tool (MRT)
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f
    reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f

    :: System Tray & UI
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d 1 /f

    :: Policy Settings
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t REG_DWORD /d 0 /f

    :: Exclusions & Engine
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d 0 /f

    :: Quarantine
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "LocalSettingOverridePurgeItemsAfterDelay" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t REG_DWORD /d 0 /f

    :: Real-Time Protection
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScriptScanning" /t REG_DWORD /d 1 /f

    :: Remediation Schedule
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Remediation" /v "Scan_ScheduleDay" /t REG_DWORD /d "8" /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Remediation" /v "Scan_ScheduleTime" /t REG_DWORD /d 0 /f

    :: Reporting
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "AdditionalActionTimeOut" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "CriticalFailureTimeOut" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "NonCriticalTimeOut" /t REG_DWORD /d 0 /f

    :: Scan Settings
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "AvgCPULoadFactor" /t REG_DWORD /d "16" /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableArchiveScanning" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupFullScan" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupQuickScan" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRemovableDriveScanning" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRestorePoint" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningMappedNetworkDrivesForFullScan" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningNetworkFiles" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "PurgeItemsAfterDelay" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScanOnlyIfIdle" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScanParameters" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScheduleDay" /t REG_DWORD /d "8" /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScheduleTime" /t REG_DWORD /d 0 /f

    :: SpyNet Settings
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SpyNetReporting" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SpyNetReportingLocation" /t REG_MULTI_SZ /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f

    :: Event Logging
    reg add "HKLM\TK_SYSTEM\ControlSet001\Services\EventLog\System\Microsoft-Antimalware-ShieldProvider" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\TK_SYSTEM\ControlSet001\Services\EventLog\System\WinDefend" /v "Start" /t REG_DWORD /d "4" /f

    :: Default Profile
    reg add "HKLM\TK_DEFAULT\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 0 /f

    :: Remove Startup Entries
    reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
    reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f

    :: Hide Defender & Insider in Settings
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /t REG_SZ /d "Hide:windowsinsider;windowsdefender" /f

    :: Keep Disabled apps from returning
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SecHealthUI_8wekyb3d8bbwe" /f


    echo.
    echo ============================================================
    echo Disabling DefenderApiLogger and DefenderAuditLogger
    echo ============================================================
    echo.

    setlocal enabledelayedexpansion
    set /a svcCount=0

    for %%s in (DefenderApiLogger DefenderAuditLogger) do (
    reg add "HKLM\TK_SYSTEM\ControlSet001\Control\WMI\Autologger\%%s" /v "Start" /t REG_DWORD /d 0 /f
    if !errorlevel! equ 0 (
    set /a svcCount+=1
    echo [OK] Disabled: %%s
    )
    )

    echo.
    echo Total : !svcCount!
    echo Disabling completed successfully.
    endlocal


    echo.
    echo ============================================================
    echo Disabling services WinDefender
    echo ============================================================
    echo.

    setlocal enabledelayedexpansion
    set /a svcCount=0

    for %%s in (WdBoot WdFilter SecurityHealthService WdNisDrv WdNisSvc MsSecFlt WinDefend Sense) do (
    reg add "HKLM\TK_SYSTEM\ControlSet001\Services\%%s" /v "Start" /t REG_DWORD /d 4 /f
    if !errorlevel! equ 0 (
    set /a svcCount+=1
    echo [OK] Disabled: %%s
    )
    )

    echo.
    echo Total : !svcCount!
    echo Disabling completed successfully.
    endlocal


    echo.
    echo ============================================================
    echo Delete scheduled tasks WinDefender
    echo ============================================================
    echo.

    setlocal enabledelayedexpansion
    set /a taskcount=0

    for %%t in (
    "Windows Defender\Windows Defender Cache Maintenance"
    "Windows Defender\Windows Defender Cleanup"
    "Windows Defender\Windows Defender Scheduled Scan"
    "Windows Defender\Windows Defender Verification"
    "ExploitGuard\ExploitGuard MDM policy Refresh"
    ) do (
    for /f "tokens=3 delims= " %%a in ('reg query "HKLM\TK_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\%%~t" /v "Id" 2^>nul ^| find /i "Id" ^| find /i "REG_SZ"') do (
    echo Removing task %%~t
    if !errorlevel! equ 0 set /a taskcount+=1
    reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\%%~t" /f
    )
    )

    echo.
    echo Total removed scheduled tasks: !taskcount!
    echo Tasks successfully deleted.
    endlocal


    echo.
    echo ============================================================
    echo Disable SmartScreen
    echo ============================================================
    echo.

    :: NTUSER - AppHost Settings
    reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d 0 /f

    :: System Security Health
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t REG_DWORD /d 0 /f

    :: AppHost & Explorer Settings
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f
    reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f

    :: Internet Explorer & Legacy Edge
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d 0 /f

    :: Windows System Policies ===
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d 0 /f

    :: Windows Defender SmartScreen Policies
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d 0 /f

    :: DEFAULT Profile - AppHost
    reg add "HKLM\TK_DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d 0 /f

    :: DEFAULT Profile - Edge Policy
    reg add "HKLM\TK_DEFAULT\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t REG_DWORD /d 0 /f

    :: Disable SmartScreen in Microsoft Edge (system-wide)
    reg add "HKLM\TK_NTUSER\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_NTUSER\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverrideForFiles" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverrideForFiles" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_DEFAULT\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_DEFAULT\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverrideForFiles" /t REG_DWORD /d 1 /f

    :: Disable SmartScreen Runtime Services
    reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.AppReputationService" /v "ActivationType" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.EventLogger" /v "ActivationType" /t REG_DWORD /d 1 /f
    reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.UriReputationService" /v "ActivationType" /t REG_DWORD /d 1 /f

    :: Removing Provisioned AppPackages from Registry
    for %%i in (SecHealthUI) do (
    for /f %%a in ('reg query "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications" /f %%i /k ^| find /i "Applications"') do if not errorlevel 1 (reg delete %%a /f)
    echo.
    echo Removing %%i from Registry
    )


    echo.
    echo ============================================================
    echo Firewall logging cleanup
    echo ============================================================
    echo.

    :: Domain profile logging OFF
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging" /v "LogDroppedPackets" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging" /v "LogSuccessfulConnections" /t REG_DWORD /d 0 /f

    :: Standard profile logging OFF
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging" /v "LogDroppedPackets" /t REG_DWORD /d 0 /f
    reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging" /v "LogSuccessfulConnections" /t REG_DWORD /d 0 /f
    echo.
    echo Firewall logging disabled.


    echo.
    echo ============================================================
    echo INSIDER PAGE - HIDE
    echo ============================================================
    echo.
    reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" /v HideInsiderPage /t REG_DWORD /d 1 /f


    :: If you are disabling Windows Defender, you also need to disable Smart App Control.
    echo.
    echo ============================================================
    echo Turn off Smart App Control
    echo ============================================================
    echo.
    reg add "HKLM\TK_SYSTEM\ControlSet001\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d 0 /f

    )
    echo.
    echo Defender and SmartScreen is disabled.


    echo.
    echo ============================================================
    echo Unmounting Image Registry
    echo ============================================================
    echo.

    reg unload HKLM\TK_DEFAULT
    reg unload HKLM\TK_NTUSER
    reg unload HKLM\TK_SOFTWARE
    reg unload HKLM\TK_SYSTEM

    echo.
    echo Finalized...
     
  14. Igor147

    Igor147 MDL Member

    Oct 20, 2016
    162
    75
    10
    Thank you. I will study it.
     
  15. Cristhian

    Cristhian MDL Novice

    Aug 7, 2018
    22
    7
    0
    test:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
    "DisableCloudOptimizedContent"=dword:00000001
     
  16. Cristhian

    Cristhian MDL Novice

    Aug 7, 2018
    22
    7
    0
    anyone knows why removing these packages with dism does not work anymore on 26h1?

    Microsoft-Windows-OneDrive-Setup-Package
    Microsoft-Windows-OneDrive-Setup-WOW64-Package

    packages get removed but onedrive still getting installed.
     
  17. tcntad

    tcntad MDL Guru

    Oct 26, 2009
    4,742
    1,745
    150
    I bet you need to delete regkeys and everything else
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Igor147

    Igor147 MDL Member

    Oct 20, 2016
    162
    75
    10
    #27578 Igor147, Feb 16, 2026
    Last edited: Feb 16, 2026
    Everything is disabled in this branch
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent

    I added two parameters and watched for a couple of days... And Yandex music didn't show up.
    reg add 'HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'ContentDeliveryAllowed' /t REG_DWORD /d 0 /f
    reg add 'HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'SoftLandingEnabled' /t REG_DWORD /d 0 /f

    On version 26H1, after using the command
    reg add 'HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'ContentDeliveryAllowed' /t REG_DWORD /d 0 /f
    then, when installing windows, the value is overwritten again to 1
     
  19. Igor147

    Igor147 MDL Member

    Oct 20, 2016
    162
    75
    10
    To prevent OneDrive from being installed, I use the command in SetupComplete.cmd
    Code:
    schtasks /change /tn "Microsoft\OneDrive\OneDrive Per-Machine First Setup Task" /disable
    Starting with version 26H1, they moved the auto-install command to the task scheduler.
     
  20. Igor147

    Igor147 MDL Member

    Oct 20, 2016
    162
    75
    10
    #27580 Igor147, Feb 19, 2026
    Last edited: Feb 20, 2026