MSMG ToolKit

@MSMG:
I've just tested the toolkit with the newly released October CU. When defender is removed from the image, the latest CU will still not integrate.


Procedure:
- Vanilla 1809 LTSC image x64 ES language
- Integrate some features
- Integrate the latest SSU, .Net CU and recommended CU for toolkit 10.6 to facilitate component removal
- Remove using package list, toolkit method, defender included
- Manually integrate latest October CU and get the error that appears in the screenshot.

When leaving defender untouched, the process completes without error.

Strangely, the x86 image has no problems at all:

Both integration of latest CU and cleanup resetbase complete without error.

Cheers.

 

You need to login to view this posts content.

 

MSMG,
Are there any plans to prevent the recovery of deleted components via Windows update?

p.s
There must be some file somewhere that stores information about damaged or removed components.

 

@Yanta

Spoiler

I see you are still in trouble returning Defender back. Just giving you info about one more method to try.
AutoSettingsPS have a feature to download and install removed components.

Why I didn't say about this earlier? I'm not sure about one thing - whether source ISO must contain removed app (I guess your ISO doesn't).
In other words, if you removed some app using AutoSettingsPS on LIVE system, then you can download + install it back using AutoSettingsPS.
If you don't have this app in the ISO - I doubting this will work... So, if you'll decide to make a try, be careful and make a Restore Point or better a FULL BACKUP.

UPD: All settings adapted for Windows 10 x64/x86 1809-2004 (17763-19043)

 

You need to login to view this posts content.

 

I think it would be better option to have a Menu item for checking all REMAINING apps/components. Because such list would be more obvious and it's expected as a shorter one, I guess.
I.e. before creating a target image it would be nice to have a look at the final result (app/packages list after removing a garbage).
Removed components list is also not a bad option (as a txt/log file or whatever).
Or I missed such options somewere?

P.S.: And I'm proposing to make an output with a full names, not as a shortened ones.
Then you can save such list for future needs (complete names of the packages you have to operate in the future)

 

@ingviowarr Yes I can't seem to get SxS Expander to work. I thought perhaps since it was 5 years old, M$ may have changed the compression method.

AutoSettingsPS is all in Russian, at least from everything I can find. Afraid I'm limited to English only.

Yes, I have all my PCs on 1809 Enterprise LTSC x64, and yes, the image does not have Defender installed. In fact, almost everything was removed. But I have the original Windows ISOs, so I can create a new image, but my son won;t let me near his PC again to start from scratch.

I won't be upgrading past 1809 until a method is found to reliably prevent packages from being restored, but what the original post was about was to reinstall (I don't want to use that nasty word "restore"), Windows Defender for one PC only.

I'm growing skeptical as to whether anything reliable can be found as it's been almost two years now since 1903 was first tested here. I've also found that disabling components actually only partially disables them. It's not the disk space that concerns me; it's the system activity and phoning home.

 

With all due respect, and in the spirit of friendly humor, I suspect if @MSMG had a dollar for every time someone asked him that he'd be buying pizza for everyone here

So far, Microsoft seems to have outsmarted the smartest of people.

 

1) Overwrite (copy & then rename) the corresponded files from the /Files/EN/ folder to the root folder
2) Edit correspondent line in the "Presets.txt" to:

Code:

Language-Script-Forced = 1 = en-US =   # Script language if a specific language is required (forced)

This is possible on LIVE STOCK build (if apps weren't removed from the ISO itself) + AutoSettingsPS

AutoSettingsPS is reliable, including preventing packages from being "restored". GPO and the rest of the settings can avoid most of these negative factors.

Now I'm dreaming of equal reliability with removing apps just from the ISO... I'm still hoping it will be possible one day...

 

AutoSettingsPS now in en-US.

 

the last time we exchanged emails was in 2011 ...

 

Spoiler: Bon appetit

Should be present on the 1-st post of the thread (big letters):

-------------------------------------------------------------------------------
SIGNAGE (UNDER CONSTUCTION): BILL'S PIZZA
-------------------------------------------------------------------------------
PAY A 1$ BILL ASKING FOR SELECTIVE UPDATES OR GET A FREE PIZZA FROM BILLY IF YOU FIND A WAY HOW TO MAKE THEM WORKING!

(Pardon my imperfect French)

 

That's great. However, the image has everything removed. What I need to do is add back Windows Defender to a live system that doesn't have it. I need to script this as my son will not be able to do it himself. In all likelihood he's probably already bricked his system again by doing an in place upgrade, but assuming he hasn't I need to get all package files and reinstall it.

There is nothing in 1903 onward of any value, and LTSC is supported for many more years so there's no real need to move past 1809.

 

Use SxSv1

1.Mount untouched install.wim to C:\mount

2.Set path to mounted install.wim in SxSv1\_Helper\SxSExport.cmd goto ::Examples and set the path

Code:

set Path_Image=C:\mount\Windows

Code:

_Packagelist_Base.txt

549;   Windows-Defender-AM-Default-Definitions-Package
550;   Windows-Defender-AppLayer-Group-Package
551;   Windows-Defender-ApplicationGuard-Inbox-Package
552;   Windows-Defender-ApplicationGuard-Inbox-WOW64-Package
553;   Windows-Defender-Client-Package
554;   Windows-Defender-Core-Group-Package
555;   Windows-Defender-Group-Policy-Package
556;   Windows-Defender-Management-Group-Package
557;   Windows-Defender-Management-MDM-Group-Package
558;   Windows-Defender-Management-Powershell-Group-Package
559;   Windows-Defender-Nis-Group-Package

Code:

      Generating Base-Packagelist...
------------------------------------------------------------------------------

      Please look in:
      'C:\Users\User\Desktop\SxSv1\_Packagelist_Base.txt'
      and type the number of the Base-Package you want to export.
------------------------------------------------------------------------------

>549
In prog.: Windows-Defender-AM-Default-Definitions-Package
In prog.: Windows-Defender-AM-Default-Definitions-Package (en-US)
>550
In prog.: Windows-Defender-AppLayer-Group-Package
In prog.: Windows-Defender-AppLayer-Group-Package (en-US)
>551
In prog.: Windows-Defender-ApplicationGuard-Inbox-Package
In prog.: Windows-Defender-ApplicationGuard-Inbox-Package (en-US)
>552
In prog.: Windows-Defender-ApplicationGuard-Inbox-WOW64-Package
In prog.: Windows-Defender-ApplicationGuard-Inbox-WOW64-Package (en-US)
>553
In prog.: Windows-Defender-Client-Package
In prog.: Windows-Defender-Client-Package (en-US)
>554
In prog.: Windows-Defender-Core-Group-Package
In prog.: Windows-Defender-Core-Group-Package (en-US)
>555
In prog.: Windows-Defender-Group-Policy-Package
In prog.: Windows-Defender-Group-Policy-Package (en-US)
>556
In prog.: Windows-Defender-Management-Group-Package
In prog.: Windows-Defender-Management-Group-Package (en-US)
>557
In prog.: Windows-Defender-Management-MDM-Group-Package
In prog.: Windows-Defender-Management-MDM-Group-Package (en-US)
>558
In prog.: Windows-Defender-Management-Powershell-Group-Package
In prog.: Windows-Defender-Management-Powershell-Group-Package (en-US)
>559
In prog.: Windows-Defender-Nis-Group-Package
In prog.: Windows-Defender-Nis-Group-Package (en-US)
>

Work's for me.

Update: installed packages

Code:

Microsoft Windows [Version 10.0.19041.572]
(c) 2020 Microsoft Corporation. All rights reserved.

C:\Windows\system32>dism /online /add-package /packagepath:C:\10.0.19041.1

Deployment Image Servicing and Management tool
Version: 10.0.19041.572

Image Version: 10.0.19041.572

Processing 1 of 11 - Adding package Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 2 of 11 - Adding package Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 3 of 11 - Adding package Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 4 of 11 - Adding package Windows-Defender-ApplicationGuard-Inbox-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 5 of 11 - Adding package Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 6 of 11 - Adding package Windows-Defender-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 7 of 11 - Adding package Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 8 of 11 - Adding package Windows-Defender-Management-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 9 of 11 - Adding package Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 10 of 11 - Adding package Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
Processing 11 of 11 - Adding package Windows-Defender-Nis-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1
[==========================100.0%==========================]
The operation completed successfully.

C:\Windows\system32>dism /online /add-package /packagepath:C:\10.0.19041.1\en-US

Deployment Image Servicing and Management tool
Version: 10.0.19041.572

Image Version: 10.0.19041.572

Processing 1 of 11 - Adding package Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 2 of 11 - Adding package Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 3 of 11 - Adding package Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 4 of 11 - Adding package Windows-Defender-ApplicationGuard-Inbox-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 5 of 11 - Adding package Windows-Defender-Client-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 6 of 11 - Adding package Windows-Defender-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 7 of 11 - Adding package Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 8 of 11 - Adding package Windows-Defender-Management-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 9 of 11 - Adding package Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 10 of 11 - Adding package Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
Processing 11 of 11 - Adding package Windows-Defender-Nis-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
[==========================100.0%==========================]
The operation completed successfully.

C:\Windows\system32>

 

Yes, I agreed this is a good strategy for a long time.
At the same time we are close to the moment when enthusiasts can make a modded image based on any rescent version even better than LTSC using modern hacky instruments.
In the last Windows versions we have more relaxed limitations with removing Cortana, removing + switching to alternative Search, Start, AV, Browsers, etc.
More alternative parts = more security/privacy.

 

MSMG,

Code:

Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /v "DODownloadMode" /t REG_DWORD /d "0" /f >nul 2>&1
Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v "DODownloadMode" /t REG_DWORD /d "0" /f >nul 2>&1

These settings are added by O&O ShutUp10

Code:

Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" /v "OptInOOBE" /t REG_DWORD /d "0" /f >nul 2>&1
Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v "DODownloadMode" /t REG_DWORD /d "0" /f >nul 2>&1
Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v "DODownloadMode" /t REG_DWORD /d "63" /f >nul 2>&1

What settings do I need to completely block Delivery Optimization, but for Windows updates to work?

p.s
I am using LTSC version!

 

Code:

[HKEY_LOCAL_MACHINE\TK_SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization]
"DODownloadMode"=dword:00000000