I had tried NTLite three years ago. I found the way the NTLite uses is not safe. I used it to remove Windows Defender for my Virtual Machine, but Windows Update failed if the cumulative update contains the newer components of Windows Defender. Note: MSMG's ToolKitHelper.exe is a non open source component and I don't know the its role. The ToolKitHelper.exe is too big. Kenji Mouri
hi there, would it be possible in the tweeks menu to add the capability of removeing the windows update, windows update-medic backround transfer service etc? that is if you choose to remove the ability of installing updates? just a thought? or is there away of doing this manually via the mounted image? thoughts? Majid
Since after the cumulative update is integrated into v1903 image, some components are restored and the Toolkit program cannot be removed, you can use the .reg files below and import them. Spoiler: Removing Windows Defender reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f install_wim_tweak /o /c Windows-Defender /r reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d 0 /f reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f Spoiler: Removing Microsoft Edge taskkill /F /IM browser_broker.exe taskkill /F /IM RuntimeBroker.exe taskkill /F /IM MicrosoftEdge.exe taskkill /F /IM MicrosoftEdgeCP.exe taskkill /F /IM MicrosoftEdgeSH.exe mv C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe_BAK reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdge.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f Get-WindowsPackage -Online | Where PackageName -like *InternetExplorer* | Remove-WindowsPackage -Online -NoRestart
Yes the ToolKitHelper code is big as the processing of component removal data is not done at runtime but instead it's is pre-processed and included as code in the ToolKitHelper.exe and adding code protection will increase the size bit further..
Working on component removal to make it better to work with images with updates integrated and also to support future builds.
@MSMG I don't completely understand how ToolKitHelper works, but I assume it is a AIO program for Windows 8, 8.1, 10, 1709, 1803 etc. Would it run quicker if perhaps each version of Windows had it's own ToolKitHelper, ie: ToolKitHelper1903, etc?
@MSMG This is to bring in your notice, Today i tried to integrate drivers with newly build windows 7 ISO (August 2018 Build) [ISO Name:- 7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_PROFESSIONAL_x64FRE_en-us]. Tried with both version 8.8 and 9.4.2, but both failed. While mounting the recovery image for deployment, its getting failed. In 8.8 giving me an error like "Syntax command Incorrect" and in 9.4.2 application got exited while pressing "Y".
NTLite has evolved a lot over time. Initially it was not possible to integrate or install updates after removals but now it is possible however with several problems. I will explain with examples. But the approach of the MSMG Toolkit I think is the safest because it does removals in a fixed build version. The following examples are with similar or equivalent removals: * NTLite with Windows 10 version 1809 without updates: No apparent problem. * NTLite with Windows 10 version 1809 with updates: Error installing cumulative update (language removal seems to be the problem). * NTLite with Windows 10 version 1607 without updates: No apparent problem. * NTLite with Windows 10 version 1607 with updates: Error in Windows Setup (I'm still debugging but it looks something related to the BitLocker component). * NTLite with Windows 7 without rollup update: No apparent problem. * NTLite with Windows 7 with rollup update: Does not install the most current rollup (removal of the Windows Error Reporting component seems to be the problem). Removing components and then integrating updates generates a considerably larger image (around 200 MB) than integrating updates and then removing components. Then there are the pros and cons to each approach. Apparently with each new update, a review of how removals are done is needed, even a mechanism that dynamically detects and removes components like NTLite needs corrections over time. I see it as a cat and mouse game with microsoft.
and MSMG has the same problem Nuhi has. Constantly monitoring changes is not limited to removals tools either, ask @pf100
Dont forget the monthly bugs too that Nuhi and MSMG have to contend with, they spend time debugging a problem only to find out its an MS bug.
That's why I just decided to use the month-end updates. Often they correct monthly Tuesday patches. In this particular month there were security fixes related to speculative execution so this should come with many bugs and loss of performance. I will be a long time without updating waiting for corrections
Test'em before integrating them, dont bungem in expecting them to work, thats wot i have always said.
I think the best solution would be something between the 2 approaches to use a fixed version of Windows but with some updates. With each new version of the program validate with a windows update version. Something similar to what WinReducer does.
The problem is that some bugs you only notice after a while of use. I don't mind waiting, I used LTSB 2016 with update from early 2017 until last week
@AeonX I dont know to be honest, all i know is what is best for me. do a default install, update, capture, lite then deploy on an airgapped machine. that way i dont have to worry about updating after removals and telemetry.
I have limited werewithal to ponce about with windows, i havnt had my workstation on for over a week, just this one for some limited interweb stuff.