Removing features from an online win10 Instalation

Discussion in 'Windows 10' started by DavidXanatos, Mar 28, 2019.

  1. DavidXanatos

    DavidXanatos MDL Member

    May 23, 2010
    239
    1,000
    10
    I know one can do that using NTLite,
    but it is a payed tool and it does not work that great to be honest (I know cause I have a Licence).

    I was plying with windows server 2019 the other day and noticed that there you can uninstall quite a few useless M$ crapware features quite easy.

    Get-WindowsOptionalFeature -Online
    Disable-WindowsOptionalFeature -Online -FeatureName SearchEngine-Server-Package
    Disable-WindowsOptionalFeature -Online -FeatureName File-Services-Search-Service
    Disable-WindowsOptionalFeature -Online -FeatureName Windows-Defender

    How ever in the non server editions these features can not be removed using this method.

    What is a pity, as this works quite a bit better than NTLite, for example removing windows defender leaves the parts of the settings app that are used for the firewall intact.

    Now I was wondering if it would be somehow possible to copy a file or two from a server install to a normal one, or may be patch some files and get the ability to remove those features also from a normal install using onboard functionality.

    Did anyone tried that already?
     
  2. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    9,454
    35,291
    300
    That's because those packages (features) are visible and selectable per CBS rules on Server editions

    on Client editions, they are not
    but mum files can be modified to unlock them
    https://forums.mydigitallife.net/posts/810090/

    e.g. selectable:
    Code:
        <update name="Microsoft-Windows-NetFx4-OC-Package">
          <selectable disposition="absent">
            <detectNone default="true"/>
          </selectable>
          <package contained="false" integrate="hidden">
            <assemblyIdentity buildType="release" language="neutral" name="Microsoft-Windows-NetFx4-OC-Package" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" version="6.3.9600.16384"/>
            <selection name="NetFx4" state="true"/>
          </package>
        </update>
    non selectable
    Code:
        <update name="Microsoft-Windows-ServerManager-Core-Package">
          <package contained="false" integrate="hidden">
            <assemblyIdentity buildType="release" language="neutral" name="Microsoft-Windows-ServerManager-Core-Package" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" version="6.3.9600.16384"/>
          </package>
        </update>
     
  3. DavidXanatos

    DavidXanatos MDL Member

    May 23, 2010
    239
    1,000
    10
    So if the method is already known could you please elaborate ion how to get it to work?
    I was comparing the windows 10 files with server files and did not noticed and meaningful difference with regard to

    Code:
          <selectable disposition="absent">
            <detectNone default="true" />
          </selectable>
    
    in coresponding mum files,
    however on windows server there is a Windows-Defender-Server-Core-Package~31bf3856ad364e35~amd64~~10.0.17763.1.mum
    file which has no appropriate corresponding file in a windows 10 installation.

    How should I proceed in such a case, can the package definition be imported into an installed windows?
     
  4. testtest322

    testtest322 MDL Senior Member

    Nov 20, 2016
    435
    75
    10
    Can this be automated to unlock several packages at once? Script?

     
  5. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    9,454
    35,291
    300
    It all depend on these 3 lines to be present under <update line and before <package line
    Code:
          <selectable disposition="absent">
            <detectNone default="true" />
          </selectable>
    Server packages are irrelevant here, the only difference is that they have more selectable packages by default

    disposition="absent" means the package and its payload will be removed if the corresponding feature is disabled (.NET packs as example and Defender-Default-Definitions)

    disposition="staged" means if the feature is disabled, the package and payload will remain in WinSxS (like all or most optional features)

    maybe it's better to explain on actual example: EnterpriseS 17763.1 x86 offline image

    # first of all, there are two ways (two packages types) to show "selectable" features
    1) the default Dism /Get-Features will show visible features for any package that have "Microsoft-Windows-Foundation-Package" as parent

    2) using /PackageName: allow to show features of a specific package that do not fall under Foundation-Package
    e.g.
    Code:
    Dism /Image:C:\Mount /Get-Features /PackageName:Microsoft-Windows-EnterpriseSEdition~31bf3856ad364e35~x86~~10.0.17763.1
    this of course will give (No features found for this package)

    # To make a feature (package) to show up with /Get-Features and thus can be disabled/removed
    simply edit the .mum file that deploy "contain" that package, not the mum file of the package itself

    example:
    - edit Microsoft-Windows-EnterpriseSEdition~31bf3856ad364e35~x86~~10.0.17763.1.mum
    - at the end you will find
    Code:
        <update name="Microsoft-Windows-Common-RegulatedPackages-Package">
          <package contained="false" integrate="hidden">
            <assemblyIdentity name="Microsoft-Windows-Common-RegulatedPackages-Package" version="10.0.17763.1" processorArchitecture="x86" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" />
          </package>
        </update>
    - add the selectable lines, the result will be
    Code:
        <update name="Microsoft-Windows-Common-RegulatedPackages-Package">
          <selectable disposition="absent">
            <detectNone default="true" />
          </selectable>
          <package contained="false" integrate="hidden">
            <assemblyIdentity name="Microsoft-Windows-Common-RegulatedPackages-Package" version="10.0.17763.1" processorArchitecture="x86" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" />
          </package>
        </update>
    - then query the features of the modified mum package
    Code:
    Dism /Image:C:\Mount /Get-Features /PackageName:Microsoft-Windows-EnterpriseSEdition~31bf3856ad364e35~x86~~10.0.17763.1
    you will get
    Code:
    Deployment Image Servicing and Management tool
    Version: 10.0.17763.1
    
    Image Version: 10.0.17763.1
    
    Features listing for package : Microsoft-Windows-EnterpriseSEdition~31bf3856ad364e35~x86~~10.0.17763.1
    
    Feature Name : Microsoft-Windows-Common-RegulatedPackages-Package
    State : Enabled
    - now you can disable "remove" the new feature
    Code:
    Dism /Image:C:\Mount /Disable-Feature:Microsoft-Windows-Common-RegulatedPackages-Package /PackageName:Microsoft-Windows-EnterpriseSEdition~31bf3856ad364e35~x86~~10.0.17763.1
    afterwards, the feature will show up as Disabled, but it's actually removed completely, only reference left

    - note: update name is what show up in Get-Features, not the package name
    Code:
    <update name="Microsoft-Windows-Common-RegulatedPackages-Package">
    above example was a bit easy, because update name was clear and meanful

    however, a lot of other packages contain hashed/hexadecimal update name, so you would need to make a note of each name related to package name

    # example: Windows Defender

    if you do a bit of search, you will find that Windows-Defender-Client-Package is deployed by Microsoft-Windows-Client-Desktop-Required-Package

    so to remove it:

    - edit Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~x86~~10.0.17763.1 as explained earlier
    Code:
        <update name="A99394208420ABCDC591607A36EEC7B4C7EFBF55D924AFBC52A0943AFEFDC496">
          <selectable disposition="absent">
            <detectNone default="true" />
          </selectable>
          <package integrate="hidden">
            <assemblyIdentity name="Windows-Defender-Client-Package" version="10.0.17763.1" processorArchitecture="x86" language="neutral" publicKeyToken="31bf3856ad364e35" buildType="release" />
          </package>
        </update>
    - to remove, use the update name
    Code:
    Dism /Image:C:\Mount /Disable-Feature:A99394208420ABCDC591607A36EEC7B4C7EFBF55D924AFBC52A0943AFEFDC496 /PackageName:Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~x86~~10.0.17763.1
    # example: Microsoft-Windows-SenseClient-Package (Windows Defender ATP)

    - edit Microsoft-Windows-EditionSpecific-EnterpriseS-Package~31bf3856ad364e35~x86~~10.0.17763.1
    Code:
        <update name="bd05998382fed353ddc98886622c25af">
          <selectable disposition="absent">
            <detectNone default="true" />
          </selectable>
          <package contained="false" integrate="hidden">
            <assemblyIdentity name="Microsoft-Windows-SenseClient-Package" version="10.0.17763.1" processorArchitecture="x86" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" />
          </package>
        </update>
    - remove
    Code:
    Dism /Image:C:\Mount /Disable-Feature:bd05998382fed353ddc98886622c25af /PackageName:Microsoft-Windows-EditionSpecific-EnterpriseS-Package~31bf3856ad364e35~x86~~10.0.17763.1


    # Type one package: Microsoft-Windows-EditionPack-Professional-Package

    unlike previous examples (independant packages), this EditionPack is parented by Microsoft-Windows-Foundation-Package

    meaning, to query or disable its features, you do not specify /PackageName:

    e.g. to remove Hyper-V-ClientEdition
    - edit Microsoft-Windows-EditionPack-Professional-Package~31bf3856ad364e35~x86~~10.0.17763.1.mum
    Code:
        <update name="e3388e42c5ba6cd8507a72fec63f691a">
          <selectable disposition="absent">
            <detectNone default="true" />
          </selectable>
          <package contained="false" integrate="hidden">
            <assemblyIdentity name="Microsoft-Hyper-V-ClientEdition-Package" version="10.0.17763.1" processorArchitecture="x86" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" />
          </package>
        </update>
    - then simply run this to remove
    Code:
    Dism /Image:C:\Mount /Disable-Feature:e3388e42c5ba6cd8507a72fec63f691a
    and without any modification, you can remove .NET packs or Embedded experience features
    Code:
    Dism /Image:C:\Mount /Disable-Feature:Microsoft-Windows-NetFx3-OC-Package
    Dism /Image:C:\Mount /Disable-Feature:Microsoft-Windows-NetFx4-US-OC-Package
    Dism /Image:C:\Mount /Disable-Feature:Microsoft-Windows-Client-EmbeddedExp-Package
    # Nested package example: Microsoft-Windows-Enterprise-Desktop-Shared-Package

    this pack is parented by Microsoft-Windows-EditionPack-Professional-Package, so it also inherit Microsoft-Windows-Foundation-Package as parent

    thus, to remove any of its features, you do not specify /PackageName:

    e.g. Microsoft-Windows-DeviceGuard-GPEXT-Package
    Code:
        <update name="96a37b67dd4e234dada28114d97b6e96">
          <selectable disposition="absent">
            <detectNone default="true" />
          </selectable>
          <package contained="false" integrate="hidden">
            <assemblyIdentity name="Microsoft-Windows-DeviceGuard-GPEXT-Package" version="10.0.17763.1" processorArchitecture="x86" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" />
          </package>
        </update>
    Code:
    Dism /Image:C:\Mount /Disable-Feature:96a37b67dd4e234dada28114d97b6e96
    # Remarks:

    - to edit mum files, start text editor with NSudo as TrustedInstaller (use proper one such as Notepad++)

    also, keep the mum file open (after saving), and after removing, restore original state of the file (i.e. revert all changes) to maintain integrity

    - while i successfully removed all packages in above examples, i did not try to install the image to see if it function properly
    and i never tested live modification of running system
     
  6. Krager

    Krager MDL Senior Member

    Jan 9, 2017
    395
    225
    10
    #6 Krager, Mar 29, 2019
    Last edited: Mar 29, 2019
    This is golden info, looks like something I've been looking for and not been able to find. I've been wanting to remove the Flash Player package in LTSC 2019. Would you mind giving me some pointers on that?
     
  7. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    9,454
    35,291
    300
    I'm afraid that's not possible, it's deeply buried as component of the big Microsoft-Windows-Client-Desktop-Required-Package

    Code:
    Resolving: FlashPlayerApp.exe
    ____________________________________________________________
    
    Component (*):
    x86_adobe-flash-for-windows_31bf3856ad364e35_10.0.17763.1_none_c0473268095b8e8f
    
    Deployment:
    x86_microsoft-windows-c..loyment0-deployment_31bf3856ad364e35_10.0.17763.1_none_8bc09258d74eb3e2
    
    Package:
    Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~x86~~10.0.17763.1
     
  8. pf100

    pf100 MDL Expert

    Oct 22, 2010
    1,645
    2,368
    60
    It's located at "C:\Windows\System32\Macromed\Flash" so you could rename the flash folder or disable the files however you want.
     
  9. Krager

    Krager MDL Senior Member

    Jan 9, 2017
    395
    225
    10
    Yeah I do that now, remove the control panel applet and set files non-executable. Would rather remove it entirely, dislike that product with prejudice. Will be glad when it finally dies. I can't believe they bundled it with Windows for gosh sake and made it impossible to remove, what the hell were they thinking.
     
  10. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,656
    703
    60
    is there a way to change it from the reg
     
  11. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    9,454
    35,291
    300
    No, It's read from files directly