1) A small tip for all which have an issues with OOBE / updates integration I never used to MSMG for integrating updates (probably that's why I never had any ISO issues with them: OOBE always works fine for me, even with later HARD system apps removing). I'm always keeping calm, waiting for the most rescent ISO version at the torrents (original MSDN with CU updates integrated) and using it as a start point for modifications. This way I NEVER had an issues with OOBE or ANY errors inside MSMG scenarios. None at all. 2) I'm still not sure about how MSMG works with WinSxS, so may be someone will clear this up for me. So, if I'm not working with updates integration, do I need this tweak just from the ISO? (it's OK to switch it later on live system) • Enable DISM Image Cleanup with Full ResetBase ( DisableResetbase = 0 ) Or I shouln't make a cleaning the image in this case? Can leaving WinSxS "as it is" be helpful to avoid a breakage of the installing future offline CU due to removing "important" packages/apps (like Edge, Defender, Store, etc.)? As I know, untouched WinSxS is important for the new PSFX update method since 1809. Or I'm wrong here? For now, let's skip a question about returning of the deleted apps back. First I want to make a modded ISO more healthy and welcome for the future (at least, offline) updates. If possible, of course.
Does this tool still work? I doesn't seem to have been updated since 2015, and I keep getting "Unable to open input file" errors.
I agree with you on your point that not integrating updates does not produce OOBE problems or SFC errors. However I found that the first couple of CU updates released from Microsoft can be integrated without issues - perhaps I will again find the same with 20H2? Until the SFC and OOBE issues are fixed, like you I will continue to use the latest ISO that MSMG ToolKit supports. But I will use a trusted ESD source from these forums, not some torrent.
@MSMG: I've just tested the toolkit with the newly released October CU. When defender is removed from the image, the latest CU will still not integrate. Procedure: - Vanilla 1809 LTSC image x64 ES language - Integrate some features - Integrate the latest SSU, .Net CU and recommended CU for toolkit 10.6 to facilitate component removal - Remove using package list, toolkit method, defender included - Manually integrate latest October CU and get the error that appears in the screenshot. When leaving defender untouched, the process completes without error. Strangely, the x86 image has no problems at all: Both integration of latest CU and cleanup resetbase complete without error. Cheers.
MSMG, Are there any plans to prevent the recovery of deleted components via Windows update? p.s There must be some file somewhere that stores information about damaged or removed components.
@Yanta Spoiler I see you are still in trouble returning Defender back. Just giving you info about one more method to try. AutoSettingsPS have a feature to download and install removed components. Why I didn't say about this earlier? I'm not sure about one thing - whether source ISO must contain removed app (I guess your ISO doesn't). In other words, if you removed some app using AutoSettingsPS on LIVE system, then you can download + install it back using AutoSettingsPS. If you don't have this app in the ISO - I doubting this will work... So, if you'll decide to make a try, be careful and make a Restore Point or better a FULL BACKUP. UPD: All settings adapted for Windows 10 x64/x86 1809-2004 (17763-19043)
I think it would be better option to have a Menu item for checking all REMAINING apps/components. Because such list would be more obvious and it's expected as a shorter one, I guess. I.e. before creating a target image it would be nice to have a look at the final result (app/packages list after removing a garbage). Removed components list is also not a bad option (as a txt/log file or whatever). Or I missed such options somewere? P.S.: And I'm proposing to make an output with a full names, not as a shortened ones. Then you can save such list for future needs (complete names of the packages you have to operate in the future)
@ingviowarr Yes I can't seem to get SxS Expander to work. I thought perhaps since it was 5 years old, M$ may have changed the compression method. AutoSettingsPS is all in Russian, at least from everything I can find. Afraid I'm limited to English only. Yes, I have all my PCs on 1809 Enterprise LTSC x64, and yes, the image does not have Defender installed. In fact, almost everything was removed. But I have the original Windows ISOs, so I can create a new image, but my son won;t let me near his PC again to start from scratch. I won't be upgrading past 1809 until a method is found to reliably prevent packages from being restored, but what the original post was about was to reinstall (I don't want to use that nasty word "restore"), Windows Defender for one PC only. I'm growing skeptical as to whether anything reliable can be found as it's been almost two years now since 1903 was first tested here. I've also found that disabling components actually only partially disables them. It's not the disk space that concerns me; it's the system activity and phoning home.
With all due respect, and in the spirit of friendly humor, I suspect if @MSMG had a dollar for every time someone asked him that he'd be buying pizza for everyone here So far, Microsoft seems to have outsmarted the smartest of people.
1) Overwrite (copy & then rename) the corresponded files from the /Files/EN/ folder to the root folder 2) Edit correspondent line in the "Presets.txt" to: Code: Language-Script-Forced = 1 = en-US = # Script language if a specific language is required (forced) This is possible on LIVE STOCK build (if apps weren't removed from the ISO itself) + AutoSettingsPS AutoSettingsPS is reliable, including preventing packages from being "restored". GPO and the rest of the settings can avoid most of these negative factors. Now I'm dreaming of equal reliability with removing apps just from the ISO... I'm still hoping it will be possible one day...
Spoiler: Bon appetit Should be present on the 1-st post of the thread (big letters): ------------------------------------------------------------------------------- SIGNAGE (UNDER CONSTUCTION): BILL'S PIZZA ------------------------------------------------------------------------------- PAY A 1$ BILL ASKING FOR SELECTIVE UPDATES OR GET A FREE PIZZA FROM BILLY IF YOU FIND A WAY HOW TO MAKE THEM WORKING! (Pardon my imperfect French)
That's great. However, the image has everything removed. What I need to do is add back Windows Defender to a live system that doesn't have it. I need to script this as my son will not be able to do it himself. In all likelihood he's probably already bricked his system again by doing an in place upgrade, but assuming he hasn't I need to get all package files and reinstall it. There is nothing in 1903 onward of any value, and LTSC is supported for many more years so there's no real need to move past 1809.
Use SxSv1 1.Mount untouched install.wim to C:\mount 2.Set path to mounted install.wim in SxSv1\_Helper\SxSExport.cmd goto ::Examples and set the path Code: set Path_Image=C:\mount\Windows Code: _Packagelist_Base.txt 549; Windows-Defender-AM-Default-Definitions-Package 550; Windows-Defender-AppLayer-Group-Package 551; Windows-Defender-ApplicationGuard-Inbox-Package 552; Windows-Defender-ApplicationGuard-Inbox-WOW64-Package 553; Windows-Defender-Client-Package 554; Windows-Defender-Core-Group-Package 555; Windows-Defender-Group-Policy-Package 556; Windows-Defender-Management-Group-Package 557; Windows-Defender-Management-MDM-Group-Package 558; Windows-Defender-Management-Powershell-Group-Package 559; Windows-Defender-Nis-Group-Package Code: Generating Base-Packagelist... ------------------------------------------------------------------------------ Please look in: 'C:\Users\User\Desktop\SxSv1\_Packagelist_Base.txt' and type the number of the Base-Package you want to export. ------------------------------------------------------------------------------ >549 In prog.: Windows-Defender-AM-Default-Definitions-Package In prog.: Windows-Defender-AM-Default-Definitions-Package (en-US) >550 In prog.: Windows-Defender-AppLayer-Group-Package In prog.: Windows-Defender-AppLayer-Group-Package (en-US) >551 In prog.: Windows-Defender-ApplicationGuard-Inbox-Package In prog.: Windows-Defender-ApplicationGuard-Inbox-Package (en-US) >552 In prog.: Windows-Defender-ApplicationGuard-Inbox-WOW64-Package In prog.: Windows-Defender-ApplicationGuard-Inbox-WOW64-Package (en-US) >553 In prog.: Windows-Defender-Client-Package In prog.: Windows-Defender-Client-Package (en-US) >554 In prog.: Windows-Defender-Core-Group-Package In prog.: Windows-Defender-Core-Group-Package (en-US) >555 In prog.: Windows-Defender-Group-Policy-Package In prog.: Windows-Defender-Group-Policy-Package (en-US) >556 In prog.: Windows-Defender-Management-Group-Package In prog.: Windows-Defender-Management-Group-Package (en-US) >557 In prog.: Windows-Defender-Management-MDM-Group-Package In prog.: Windows-Defender-Management-MDM-Group-Package (en-US) >558 In prog.: Windows-Defender-Management-Powershell-Group-Package In prog.: Windows-Defender-Management-Powershell-Group-Package (en-US) >559 In prog.: Windows-Defender-Nis-Group-Package In prog.: Windows-Defender-Nis-Group-Package (en-US) > Work's for me. Update: installed packages Code: Microsoft Windows [Version 10.0.19041.572] (c) 2020 Microsoft Corporation. All rights reserved. C:\Windows\system32>dism /online /add-package /packagepath:C:\10.0.19041.1 Deployment Image Servicing and Management tool Version: 10.0.19041.572 Image Version: 10.0.19041.572 Processing 1 of 11 - Adding package Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 2 of 11 - Adding package Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 3 of 11 - Adding package Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 4 of 11 - Adding package Windows-Defender-ApplicationGuard-Inbox-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 5 of 11 - Adding package Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 6 of 11 - Adding package Windows-Defender-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 7 of 11 - Adding package Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 8 of 11 - Adding package Windows-Defender-Management-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 9 of 11 - Adding package Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 10 of 11 - Adding package Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] Processing 11 of 11 - Adding package Windows-Defender-Nis-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1 [==========================100.0%==========================] The operation completed successfully. C:\Windows\system32>dism /online /add-package /packagepath:C:\10.0.19041.1\en-US Deployment Image Servicing and Management tool Version: 10.0.19041.572 Image Version: 10.0.19041.572 Processing 1 of 11 - Adding package Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 2 of 11 - Adding package Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 3 of 11 - Adding package Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 4 of 11 - Adding package Windows-Defender-ApplicationGuard-Inbox-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 5 of 11 - Adding package Windows-Defender-Client-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 6 of 11 - Adding package Windows-Defender-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 7 of 11 - Adding package Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 8 of 11 - Adding package Windows-Defender-Management-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 9 of 11 - Adding package Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 10 of 11 - Adding package Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] Processing 11 of 11 - Adding package Windows-Defender-Nis-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 [==========================100.0%==========================] The operation completed successfully. C:\Windows\system32>
Yes, I agreed this is a good strategy for a long time. At the same time we are close to the moment when enthusiasts can make a modded image based on any rescent version even better than LTSC using modern hacky instruments. In the last Windows versions we have more relaxed limitations with removing Cortana, removing + switching to alternative Search, Start, AV, Browsers, etc. More alternative parts = more security/privacy.