Basically I've used Windows Toolkit to activate Windows, but then while removing its botnet I eventually entirely disabled the Windows Activation service and blocked all Windows update domains in my hosts file after editing dnsapi.dll to remove the domain whitelist. Doing this causes the "Activate Windows" watermark to appear, even though I'm "activated" and I've found some registry edits on the internet that cause it to disappear on every relog and reappear like every couple hours I leave the OS running. Restarting removes it. It's drawn by explorer.exe, killing explorer.exe removes it, but once it starts back there is no delay before it draws it again. I don't know the difference between restarting and killing the process from the prespective of explorer.exe but there is a difference. Can anyone tell me how I can force explorer.exe to NOT draw it, and possibly, tell me how I can stop the process that makes explorer.exe draw it in the first place? The service I disabled that caused this issue to transpire is sppsvc, and I'd rather never start it again on my computer. Thanks for the help in advance.
So far, using Process Hacker I've discovered that explorer.exe loads both slc.dll and sppc.dll the latter which always has a running thread in explorer.exe. Every time I tried to remove either Windows started up with a black screen. So far I've not figured out how to make explorer.exe start without them or if they even cause the watermark to appear, all I know is that they're dlls related to activation. Does anyone know how to remove them or make them unused?
why are you so sarcastic lmao, googling didn't help and I'm fairly ignorant about how Windows works so I'm just trying whatever I can
The reason I'm doing this is because I want a computer that is completely silent on the network until I initiate programs myself. Windows 10 is built to do the direct opposite of that, and even though I'm using Windows Firewall set to the strictest settings I still don't trust it to really block all the requests Microsoft uses to spy on you. I consider the "sppsvc" service to violate my privacy since it always tries to contact Microsoft and uses my processor cycles in a way I don't want them to be used in. Having activation components active in my Windows is useless anyways since it's stolen, I can't even buy it legitimately because it's the Enterprise LTSB edition (AFAIK, the Windows edition with the least spying) not that I would since Microsoft is a company that doesn't respect the user anyways. I would consider removing the activation components "recommended" since it gives the user more control over his computer. AFAIK RemoveWAT did this, but it's not made for Windows 10 and since I don't have a list of what it does if it breaks Windows then I can't revert it. Thanks for your opinion though.
Spying implies malicious intent without knowledge of the party involved. Since there is no malicious intent from Microsoft, and all communication is done with the consent of the person installing the software it is not spying.
Yes, apparently you consent to all the network connections that are made even after you explicity tell it in the settings not to make when you install Windows in the first place, but I still consider any and all collection of information anonymized or not as "Spying" By that logic, telemetry, updates, activation, diagnostics and a lot of other Windows services are all spying on you, and that's why I choose not only to turn them off, but to delete them and pull them out by the roots so they can't re-enable themselves again as they're known to do. But again, this thread is not dedicated to the philosophy behind what you should consider spying or not, rather just the removal of a function in explorer.exe
After many observations, I have strong reason to believe that the watermark is drawn after exactly 3 hours and 5 minutes of run-time, I have set up a task to forcefully kill explorer.exe and restart it, but that did literally nothing, as 5 minutes after the freshly-restarted process had started it came up again. Killing explorer.exe dwm, and literally every other process I can terminate without killing my display did not remove it. It appeared instantly as soon as explorer.exe started. Since a restart removes it this leads me to believe it's in one of the sensitive processes (with low PIDs) or that a file change is made and is reset when Windows shuts down? At this point I'm just wondering if the exact string "Activate Windows" is stored in unicode somewhere where I can HEX edit it into spaces or invisible characters? One thing to note is that explorer.exe's memory usage increased by approximately 11mb when the watermark appeared. Anyone know where Windows could store such strings?
Have you considered Universal Watermark Remover utility? I used to use it quite often, but I have not used it in a long time. I am not sure if it still works, but if all you want to do is to remove the watermark from Windows 10 Desktop it might be worth try.
Don't see the point in hacking the executables, since they are digitally signed and modifying 1 byte will essentially stop it from running. Using host files won't stop Windows sending telemetry data to MS since the IPs are hardcoded in one of the DLLs.
I've used a resource extractor to see what sort of images are inside explorer.exe, the activation .dlls and a bunch of other s**t, so far no dice, only found random icons. However, I found a "Watermark" entry in the registry that had "Timestamp" in it with some value. I wrote FF's over the current value and saved. I've yet to see if this might change anything, but this entry was specified in explorer.exe.
Why don't you use 'KMSAuto Net 2015 v1.3.6WIN10' to do the activation so that the watermark will go away?