well I already tell hundred of times that here in one thread ONLY for MSMG Toolkit, I don't understand some users insist in mixing things this simply annoy all users; I think is better these users open one dedicated thread ONLY for NTLite or same go to NTLite forum instead
Yes, I discovered that and because of me they fixed that but they still say that it'd break Extended View MMC but now there are entries in Optional Feature History after removing it and because of that I still remove it with MSMG ToolKit because I don't have them. I have to have a minimum of knowledge or the creators have to know what they are doing and write what will happen after each component removal? This si ridiculous! That's what I've been doing for months but I always have problems. Then you are denying what the other user said about not to use both tools? Ok, but that's what I did with some and I still had problems just by running some PowerShell scripts, let alone using CCleaner, NTLite, MSMG ToolKit or Install_WIM_Tweak.exe (together or separately) and it is still told that the fault is mine. So, I'd have to read each page to read what you write? Anyway, I explained my programs in the MSMG ToolKit thread and in NTLite's forum long time ago but to no avail.
Are you talking about the creator of a tool not writing what are the effects of a component removal? I guess a normal user shouldn't know what each component removal may cause.
I had problems with Optional Features but removed several things I do not know what was the cause. But I'm being more conservative because no more patience with this cat-and-mouse game with Microsoft WinReducer can remove IE + IE Engine without problems with extended view and Office installation working as long as you use the Protect Presets. However the sfc /scannow command encounters some errors however it is possible to install cumulative updates according to the author. Yes I think certain things are predictable like MMC Extended View and can be avoided but some things run out of developer control because it has no way to test all possible environments and combinations of features. The biggest problem I think is that Windows is not fully modular like Linux where you can remove components without affecting others as long as you maintain dependencies if they are being used by other resources. With each new build Windows becomes less modular Not necessarily denying it. I have said that it is POSSIBLE to use the 2 tools together but this is not ideal I avoid doing it myself but for example removing those 3 packages below using RemovePkgsList.txt in MSMG Toolkit is harmless and unrelated to anything I remove with NTLite: Code: Microsoft-Windows-BusinessScanning-Feature-Package Microsoft-Windows-Printing-XPSServices-Package Microsoft-Windows-Xps-Foundation-Client-Package
Even more annoying is to see repeating the same sentence without anything to add to the topic. Whether or not they are related tools because they have similar functions and commenting on it can generate insights and help in some sense. We are on a public forum if you do not like a post simply ignore or report to moderators who should judge whether a post is appropriate or not.
I stopped using WinReducer because in Hyper-V it froze in that install part which has a black screen and a white loading spinning circle. Well, it is for you. I wouldn't know removing IE caused this unless I tried it and it was thaks to me they added that information but they fixed that and they still kept that information. I told you that after removing some things with PowerShell scrips (like the Photos app) after doing a clean install with an untouched ISO I had problems so is it my fault (let alone after using two or more tools to remove some things)? I think I wasn't understood.
If you use WinReducer only to remove IE you will not have problems regarding other components I can not state why I have not tested. But anyway I've kept IE in my tests. Apparently removing IE causes Windows Update to download more data than without removing it then it is possible that some files will be restored by the updates. Try not to remove everything in one step. Do not remove some components that you think may be causing problems until you get an error-free image then remove them one by one or 4 by 4 until you find what causes the problem. Use only one of the tools to have a comparison parameter.
Well, I don't know since I used it for the last time some months ago. That's what I've been doing with MSMG ToolKit and NTLite alone and together. In my case even removing a simple app like the Calculator through a PowerShell script broke Windows.
Then there is something wrong with your Host OS because I can remove all the apps with no problems. And as far as I know Calculator is not necessary for any other features. App removal is similar across all tools, either Dism/Powershell (MSMG uses Dism) or via NTLite/WinReducer.
That's what I've been saying since the beginning but you guys all blame me! My PC froze after trying to decrypt an .ESD file, among other things, and no one helped me and even made fun of me after I asked what I was doing wrong! Also, these problems happened in other PCs which also had a clean install with an unthouched ISO and I didn't remove a thing with CCleaner, too.
Your reasoning does not logically follow, as every single (every single) "problem" you have have copious amounts of remedies by many of the knowledgeable users on this forum across a plethora of threads. Moreover, your problems always follow the same routine: You mixing optimization programs and scripts in conjunction with software like CCleaner. Those of us who actually do make working, serviceable and fully-functional images did not wake up one day knowing how to do it - it's trial and error; however, part of the trial and error is learning from mistakes and instead of constantly posting for help that has already been given, you brainstorm and you improvise. Expertise and ineptitude are not mutually exclusive. Moreover, I am not an expert, but I do know how to figure things out and in turn, help others who encounter the same issues down the road. Every sound piece of advice I offer people for problems are due to the fact I've had exactly the same problems, but just like life, you learn by doing, not by asking. I would truly like to offer you advice to help you, and get you in the right direction as to what you should be aiming for just a "master image" that you can then use any time to further optimize to your liking depending on your requirements. Unfortunately, however, I repeatedly see the same issues posted by you, despite good advice that has been afforded to you by many of the generous users on this forum, which makes it logical to infer one conclusion: You do not want to learn how to do any of this at all and would rather have others give you personal How-To's. No one on this forum has time for that nonsense. So if you ever decide you truly want help, and help you will use, you are free to message me at any time and I will reply to you. I am glad to help anyone out, no matter who it is, but what I'm not willing to do (and I doubt any others are, either) is waste time offering the same advice on how to go about correcting issues to someone who will not take that advice. In any case, good luck with your issues.
It looks like you refuse to read the part where I say that after doing a clean install with an untouched ISO and using some recommended PowerShell scripts to remove apps like the Photos and Store ones I still have problems, let alone use them alongside those tools you mention! I did follow what you said and it didn't work but you simply don't care. It's you who doesn't want to know that I did all your advice and it still didn't work.
Seems no one else is experiencing this. In case it's not re-produceable it's hard to recommend any fixes .
What is really nice about MSMG's toolkit is that anyone can open the command file, and study the code. Study the code, and read the thread postings. This is how you learn, and by the way, I don't use NTLite. I also write my own scripts for my own customizations so that when I clean install an IP it is mostly what I want from first boot.
Bugs are reproducible, unwitnessed human error is not. I have modified multiple OS images with the toolkit and have 0 issues all the way from a 775 based system to a X99 based system and next month I will be installing a modified image on an x299 system, I can already tell you that I wont have any issues with that either.
Heh nice to read your problems are, of course, not your fault. Step 1) Post that image does not work Step 2) Blame others for why that is the case ` Lastly, I recommend absolutely no 3rd party tools to do image optimizations unless an end-user has no intention of actually using proper scripts and projects. Anything and everything is available natively through 2 types of code; both easy to learn: C# and PowerShell. You can do anything from granting system rights and access token privileges by adjusting process privileges and user rights on the LSA namespace. You can use Wimgapi.dll to do more than any 3rd party tool can do with a WIM using the Interop namespace. An example of 3 of my cmdlets (the C# code is omitted because the last thing we need is you trying these advanced functions and ruining the hardware (yes, you can ruin your hardware with user right and process privilege token granting) Code: Function Grant-Privilege { <# .SYNOPSIS Grants system privileges by adjusting Access Tokens. .DESCRIPTION Grants system-level access by adjusting the process privileges associated with their corresponding Access Tokens. .PARAMETER Privilege The name of the process privilege to grant. .EXAMPLE PS C:\> Grant-Privilege -Privilege SeBackupPrivilege .NOTES To prevent accidental system inoperability, use privileges sparingly. Only grant process privileges when needed. .INPUTS PRIVILEGES_LSA.AccessTokens Privilege #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = 'The process token privilege to grant.')][ValidateSet('SeAssignPrimaryTokenPrivilege', 'SeAuditPrivilege', 'SeBackupPrivilege', 'SeChangeNotifyPrivilege', 'SeCreateGlobalPrivilege', 'SeCreatePagefilePrivilege', 'SeCreatePermanentPrivilege', 'SeCreateSymbolicLinkPrivilege', 'SeCreateTokenPrivilege', 'SeDebugPrivilege', 'SeEnableDelegationPrivilege', 'SeImpersonatePrivilege', 'SeIncreaseBasePriorityPrivilege', 'SeIncreaseQuotaPrivilege', 'SeIncreaseWorkingSetPrivilege', 'SeLoadDriverPrivilege', 'SeLockMemoryPrivilege', 'SeMachineAccountPrivilege', 'SeManageVolumePrivilege', 'SeProfileSingleProcessPrivilege', 'SeRelabelPrivilege', 'SeRemoteShutdownPrivilege', 'SeRestorePrivilege', 'SeSecurityPrivilege', 'SeShutdownPrivilege', 'SeSyncAgentPrivilege', 'SeSystemEnvironmentPrivilege', 'SeSystemProfilePrivilege', 'SeSystemtimePrivilege', 'SeTakeOwnershipPrivilege', 'SeTcbPrivilege', 'SeTimeZonePrivilege', 'SeTrustedCredManAccessPrivilege', 'SeUndockPrivilege', 'SeUnsolicitedInputPrivilege')][ValidateNotNullOrEmpty()][Alias('Token')][PRIVILEGES_LSA.AccessTokens[]]$Privilege ) Begin { $ErrorMessage = $_.Exception.Message } Process { ForEach ($Token in $Privilege) { Try { [PRIVILEGES_LSA.TokenAdjustor]::GrantPrivilege($Token) } Catch [System.ComponentModel.Win32Exception] { Throw [System.ComponentModel.Win32Exception]::New("$($ErrorMessage) ($Token)", $_.Exception) } } } } Function Revoke-Privilege { <# .SYNOPSIS Revokes system privileges by adjusting Access Tokens. .DESCRIPTION Revokes system-level access by adjusting the process privileges associated with their corresponding Access Tokens. .PARAMETER Privilege The name of the process privilege to revoke. .EXAMPLE PS C:\> Revoke-Privilege -Privilege SeBackupPrivilege .NOTES To prevent accidental system inoperability, use privileges sparingly. Always revoke process privileges that are no longer needed. .INPUTS PRIVILEGES_LSA.AccessTokens Privilege #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = 'The process token privilege to revoke.')][ValidateSet('SeAssignPrimaryTokenPrivilege', 'SeAuditPrivilege', 'SeBackupPrivilege', 'SeChangeNotifyPrivilege', 'SeCreateGlobalPrivilege', 'SeCreatePagefilePrivilege', 'SeCreatePermanentPrivilege', 'SeCreateSymbolicLinkPrivilege', 'SeCreateTokenPrivilege', 'SeDebugPrivilege', 'SeEnableDelegationPrivilege', 'SeImpersonatePrivilege', 'SeIncreaseBasePriorityPrivilege', 'SeIncreaseQuotaPrivilege', 'SeIncreaseWorkingSetPrivilege', 'SeLoadDriverPrivilege', 'SeLockMemoryPrivilege', 'SeMachineAccountPrivilege', 'SeManageVolumePrivilege', 'SeProfileSingleProcessPrivilege', 'SeRelabelPrivilege', 'SeRemoteShutdownPrivilege', 'SeRestorePrivilege', 'SeSecurityPrivilege', 'SeShutdownPrivilege', 'SeSyncAgentPrivilege', 'SeSystemEnvironmentPrivilege', 'SeSystemProfilePrivilege', 'SeSystemtimePrivilege', 'SeTakeOwnershipPrivilege', 'SeTcbPrivilege', 'SeTimeZonePrivilege', 'SeTrustedCredManAccessPrivilege', 'SeUndockPrivilege', 'SeUnsolicitedInputPrivilege')][ValidateNotNullOrEmpty()][Alias('Token')][PRIVILEGES_LSA.AccessTokens[]]$Privilege ) Begin { $ErrorMessage = $_.Exception.Message } Process { ForEach ($Token in $Privilege) { Try { [PRIVILEGES_LSA.TokenAdjustor]::RevokePrivilege($Token) } Catch [System.ComponentModel.Win32Exception] { Throw [System.ComponentModel.Win32Exception]::New("$($ErrorMessage) ($Token)", $_.Exception) } } } } Another one of my cmdlets allowing full native ownership and access control of any object, no matter who owns it or its subkeys/child-keys. As you can see, when the script cannot take ownership of a file (leaf), it automatically moves up in the directory chain and takes control of the directory recursively instead. Code: Function Grant-AccessPermissions { <# .SYNOPSIS Grants file and folder access control permissions. .DESCRIPTION Grants system-level file and folder access by enabling access token process privileges. .PARAMETER Path The path to the file or folder access is to be granted to. .PARAMETER Account The account name that will be granted access. .PARAMETER Recurse Allows for access control permissions to be recursively granted on directories and subdirectories. .EXAMPLE PS C:\> Grant-AccessPermissions -Path 'File' .EXAMPLE PS C:\> Grant-AccessPermissions -Path 'Folder' -Recurse .EXAMPLE PS C:\> Grant-AccessPermissions -Path 'File' -Account 'DomainName\DomainAccount' .EXAMPLE PS C:\> $Path = "C:\Mount\Users\Default\ProgramData" PS C:\> Get-ChildItem -Path $Path -Recurse -Force | Grant-AccessPermissions .NOTES The BUILTIN\Administrators account is the default user-account access is granted to. #> [CmdletBinding(SupportsShouldProcess = $true)] Param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = 'The path to the file or folder to take ownership of.')][ValidateScript({ If (Test-Path -Path $_) { $_ } Else { Throw "$_ is not a valid path." } })][Alias('FullName')][string]$Path, [Parameter(HelpMessage = 'The name of the account that will be granted ownership.')][Alias('User')][string]$Account = "BUILTIN\Administrators", [Parameter(HelpMessage = 'Enables recursive ownership granting of directories and folders.')][switch]$Recurse ) Begin { If ($PSBoundParameters['Debug']) { $DebugPreference = 'Continue' } [PRIVILEGES_LSA.TokenAdjustor]::GrantPrivilege("SeRestorePrivilege") [PRIVILEGES_LSA.TokenAdjustor]::GrantPrivilege("SeBackupPrivilege") [PRIVILEGES_LSA.TokenAdjustor]::GrantPrivilege("SeTakeOwnershipPrivilege") } Process { ForEach ($File in $Path) { Write-Verbose "Processing: $File" $DirOwner = New-Object System.Security.AccessControl.DirectorySecurity $DirOwner.SetOwner([System.Security.Principal.NTAccount]$Account) $FileOwner = New-Object System.Security.AccessControl.FileSecurity $FileOwner.SetOwner([System.Security.Principal.NTAccount]$Account) $DirACL = New-Object System.Security.AccessControl.DirectorySecurity $FileACL = New-Object System.Security.AccessControl.FileSecurity $Rule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $FileACL.AddAccessRule($Rule) $DirACL.AddAccessRule($Rule) Try { $File = Get-Item -LiteralPath $File -Force If (!($File.PSIsContainer)) { If ($PSCmdlet.ShouldProcess($File, "Grant File Permissions")) { Try { $File.SetAccessControl($FileOwner) } Catch { Write-Warning "Failed to grant full permissions on $($File.FullName). Attempting to grant full permissions on $($File.Directory.FullName)." $File.Directory.SetAccessControl($FileACL) $File.SetAccessControl($FileOwner) } } } Else { If ($PSCmdlet.ShouldProcess($File, "Grant Directory Permissions")) { Try { $File.SetAccessControl($DirOwner) } Catch { Write-Warning "Failed to grant full directory permissions on $($File.FullName). Attempting to grant full directory permissions on $($File.Parent.FullName)." $File.Parent.SetAccessControl($DirACL) $File.SetAccessControl($DirOwner) } } If ($Recurse) { [void]$PSBoundParameters.Remove('Path') Get-ChildItem $File -Recurse -Force | Grant-AccessPermissions @PSBoundParameters } } } Catch { Write-Warning "$($File): $($_.Exception.Message)" } } } End { [PRIVILEGES_LSA.TokenAdjustor]::RevokePrivilege("SeRestorePrivilege") [PRIVILEGES_LSA.TokenAdjustor]::RevokePrivilege("SeBackupPrivilege") [PRIVILEGES_LSA.TokenAdjustor]::RevokePrivilege("SeTakeOwnershipPrivilege") } } Here we can natively take control of any protected registry key: Code: Function Grant-RegistryAccess { <# .SYNOPSIS Grants access to protected registry keys by adjusting Access Tokens. .DESCRIPTION Grants system-level registry key access by adjusting the process privileges associated with their corresponding Access Tokens. .PARAMETER Hive The name of the registry hive where the subkey resides. .PARAMETER SubKey The path to the subkey that will be granted access to. .EXAMPLE PS C:\> Grant-RegistryAccess -Hive HKLM -SubKey "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" .NOTES This returns ownership back to the original system owner after access has been granted and the subkey has been modified. This is to reduce the changes of broken or invalid account SIDs from cumulating. #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)][ValidateSet('HKCR', 'HKCU', 'HKLM')][string]$Hive, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)][string]$SubKey ) Begin { [PRIVILEGES_LSA.TokenAdjustor]::GrantPrivilege("SeRestorePrivilege") [PRIVILEGES_LSA.TokenAdjustor]::GrantPrivilege("SeBackupPrivilege") [PRIVILEGES_LSA.TokenAdjustor]::GrantPrivilege("SeTakeOwnershipPrivilege") } Process { Switch ($Hive.ToString().ToLower()) { "HKCR" { $Key = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey($SubKey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership) } "HKCU" { $Key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey($SubKey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership) } "HKLM" { $Key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($SubKey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership) } } $ACL = $Key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None) $AdminSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") $Account = $AdminSID.Translate([System.Security.Principal.NTAccount]) $ACL.SetOwner($Account) $Key.SetAccessControl($ACL) $ACL = $Key.GetAccessControl() $Rights = [System.Security.AccessControl.RegistryRights]"FullControl" $Inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit" $Propagation = [System.Security.AccessControl.PropagationFlags]"None" $Control = [System.Security.AccessControl.AccessControlType]"Allow" $Rule = New-Object System.Security.AccessControl.RegistryAccessRule($Account, $Rights, $Inheritance, $Propagation, $Control) $ACL.SetAccessRule($Rule) $Key.SetAccessControl($ACL) $Key.Close() Switch ($Hive.ToString().ToLower()) { "HKCR" { $Key = "HKLM:\SOFTWARE\Classes\$SubKey" } "HKCU" { $Key = "HKCU:\$SubKey" } "HKLM" { $Key = "HKLM:\$SubKey" } } } End { [PRIVILEGES_LSA.TokenAdjustor]::RevokePrivilege("SeRestorePrivilege") [PRIVILEGES_LSA.TokenAdjustor]::RevokePrivilege("SeBackupPrivilege") [PRIVILEGES_LSA.TokenAdjustor]::RevokePrivilege("SeTakeOwnershipPrivilege") } } Sorry, no, I do not need to run scripts with BIN files full of 20+ programs to do things I can write in 15 minutes myself and wrap in a PowerShell script. And this is why my images work - everything is always done natively, using the .NET framework, and properly using system objects.