[Solved] Script to automate services default state

Discussion in 'Scripting' started by Thomas Dubreuil, Oct 24, 2018.

  1. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    146
    231
    10
    #1 Thomas Dubreuil, Oct 24, 2018
    Last edited: Oct 24, 2018
    Trying to make a "script" to automate LTSC services default state...Here it is:

    Code:
    @echo Restore The Services Start Registry Entries as Saved At 20:45:00,00 24/10/2018
    @pause
    
    for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 2 /f
    )
    
    for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 3 /f
    )
    
    for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 4 /f
    )
    
    @echo Restore The Service Start State Saved At 20:55:00,00 24/10/2018
    @pause
    
    for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do (
    sc config %%G start= AUTO
    )
    
    for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do (
    sc config %%G start= DEMAND
    )
    
    for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do (
    sc config %%G start= DISABLED
    )
    cmd /k
    @pause
    
    I get lots of access denied error when running, so I had to make second script to invoke nsudo...
    Code:
    @pause
    Nsudo -U:T "Path\RestoreAllMyServices.bat"
    (Note Nsudo has to be in 'path' environment variables to be called like this from cmd prompt)

    But I still get 3 "access denied" error : coremessagingregistrar, dnscache and printworkflowUserSvc and don't know why because printworkflowUserSvc was disabled already before my test (so, not in use)...
    All 3 services depends on RpSc (remote procedure call)

    So my question are: Is this code ok? Is there a better way to do this? and/or is it possible to have an "All in One" command (Nsudo+.bat)?
    Do not make fun of me, I am just a beginner...but always eager to learn!

    ps: my previous .bat was this:
    Code:
    @echo Restore Service Start State Saved At 20:15:36,73 22/10/2018
    @pause
    sc config  AJRouter start= DISABLED
    sc config  ALG start= DISABLED
    sc config  AppIDSvc start= DEMAND
    sc config  Appinfo start= DEMAND
    sc config  AppMgmt start= DISABLED
    sc config  AppReadiness start= DEMAND
    sc config  AppVClient start= DISABLED
    sc config  AppXSvc start= DEMAND
    sc config  AssignedAccessManagerSvc start= DEMAND
    sc config  AudioEndpointBuilder start= AUTO
    sc config  Audiosrv start= AUTO
    sc config  AxInstSV start= DEMAND
    sc config  BDESVC start= DEMAND
    sc config  BFE start= AUTO
    sc config  BITS start= DEMAND
    sc config  BrokerInfrastructure start= AUTO
    sc config  BTAGService start= DISABLED
    sc config  BthAvctpSvc start= DISABLED
    sc config  bthserv start= DISABLED
    sc config  camsvc start= DEMAND
    sc config  CDPSvc start= DISABLED
    sc config  CertPropSvc start= DISABLED
    sc config  ClipSVC start= DEMAND
    sc config  COMSysApp start= DEMAND
    sc config  CoreMessagingRegistrar start= AUTO
    sc config  CryptSvc start= AUTO
    sc config  CscService start= DISABLED
    sc config  DcomLaunch start= AUTO
    sc config  ddpsvc start= DEMAND
    sc config  ddpvssvc start= AUTO
    sc config  defragsvc start= DEMAND
    sc config  DeviceAssociationService start= DISABLED
    sc config  DeviceInstall start= DEMAND
    sc config  DevQueryBroker start= DEMAND
    sc config  Dhcp start= AUTO
    sc config  diagnosticshub.standardcollector.service start= DISABLED
    sc config  diagsvc start= DEMAND
    sc config  DiagTrack start= DISABLED
    sc config  DisplayEnhancementService start= DEMAND
    sc config  DmEnrollmentSvc start= DEMAND
    sc config  dmwappushservice start= DISABLED
    sc config  Dnscache start= AUTO
    sc config  DoSvc start= DISABLED
    sc config  dot3svc start= DEMAND
    sc config  DPS start= AUTO
    sc config  DsmSvc start= DEMAND
    sc config  DsSvc start= DEMAND
    sc config  DusmSvc start= AUTO
    sc config  Eaphost start= DEMAND
    sc config  EFS start= DEMAND
    sc config  embeddedmode start= DEMAND
    sc config  EntAppSvc start= DEMAND
    sc config  EventLog start= AUTO
    sc config  EventSystem start= AUTO
    sc config  fdPHost start= DEMAND
    sc config  FDResPub start= DISABLED
    sc config  fhsvc start= DISABLED
    sc config  FontCache start= AUTO
    sc config  FontCache3.0.0.0 start= DEMAND
    sc config  FrameServer start= DISABLED
    sc config  gpsvc start= AUTO
    sc config  GraphicsPerfSvc start= DEMAND
    sc config  hidserv start= DEMAND
    sc config  HvHost start= DISABLED
    sc config  IAStorDataMgrSvc start= DISABLED
    sc config  icssvc start= DISABLED
    sc config  IKEEXT start= AUTO
    sc config  InstallService start= DEMAND
    sc config  iphlpsvc start= DISABLED
    sc config  IpxlatCfgSvc start= DISABLED
    sc config  irmon start= DISABLED
    sc config  jhi_service start= DEMAND
    sc config  KeyIso start= DEMAND
    sc config  KtmRm start= DEMAND
    sc config  LanmanServer start= DISABLED
    sc config  LanmanWorkstation start= DISABLED
    sc config  lfsvc start= DISABLED
    sc config  LicenseManager start= DEMAND
    sc config  lltdsvc start= DEMAND
    sc config  lmhosts start= DISABLED
    sc config  LMS start= DEMAND
    sc config  LSM start= AUTO
    sc config  LxpSvc start= DEMAND
    sc config  MapsBroker start= DISABLED
    sc config  mpssvc start= AUTO
    sc config  MSDTC start= DEMAND
    sc config  MSiSCSI start= DISABLED
    sc config  msiserver start= DEMAND
    sc config  NaturalAuthentication start= DISABLED
    sc config  NcaSvc start= DISABLED
    sc config  NcbService start= DISABLED
    sc config  NcdAutoSetup start= DISABLED
    sc config  Netlogon start= DISABLED
    sc config  Netman start= DEMAND
    sc config  netprofm start= DEMAND
    sc config  NetSetupSvc start= DEMAND
    sc config  NetTcpPortSharing start= DISABLED
    sc config  NgcCtnrSvc start= DEMAND
    sc config  NgcSvc start= DEMAND
    sc config  NlaSvc start= AUTO
    sc config  nsi start= AUTO
    sc config  p2pimsvc start= DEMAND
    sc config  p2psvc start= DEMAND
    sc config  PcaSvc start= DISABLED
    sc config  PeerDistSvc start= DISABLED
    sc config  perceptionsimulation start= DEMAND
    sc config  PerfHost start= DEMAND
    sc config  PhoneSvc start= DISABLED
    sc config  pla start= DEMAND
    sc config  PlugPlay start= DEMAND
    sc config  PNRPAutoReg start= DEMAND
    sc config  PNRPsvc start= DEMAND
    sc config  PolicyAgent start= DEMAND
    sc config  Power start= AUTO
    sc config  PrintNotify start= DISABLED
    sc config  ProfSvc start= AUTO
    sc config  PushToInstall start= DISABLED
    sc config  QWAVE start= DEMAND
    sc config  RasAuto start= DISABLED
    sc config  RasMan start= DISABLED
    sc config  RemoteAccess start= DISABLED
    sc config  RemoteRegistry start= DISABLED
    sc config  RetailDemo start= DISABLED
    sc config  RmSvc start= DISABLED
    sc config  RpcEptMapper start= AUTO
    sc config  RpcLocator start= DISABLED
    sc config  RpcSs start= AUTO
    sc config  SamSs start= AUTO
    sc config  SCardSvr start= DISABLED
    sc config  ScDeviceEnum start= DISABLED
    sc config  Schedule start= AUTO
    sc config  SCPolicySvc start= DISABLED
    sc config  SDRSVC start= DISABLED
    sc config  seclogon start= DEMAND
    sc config  SecurityHealthService start= DEMAND
    sc config  SEMgrSvc start= DISABLED
    sc config  SENS start= AUTO
    sc config  Sense start= DEMAND
    sc config  SensorDataService start= DISABLED
    sc config  SensorService start= DISABLED
    sc config  SensrSvc start= DISABLED
    sc config  SentinelKeysServer start= DEMAND
    sc config  SentinelProtectionServer start= DEMAND
    sc config  SentinelSecurityRuntime start= DEMAND
    sc config  SessionEnv start= DISABLED
    sc config  SgrmBroker start= DISABLED
    sc config  SharedAccess start= DISABLED
    sc config  SharedRealitySvc start= DISABLED
    sc config  ShellHWDetection start= AUTO
    sc config  shpamsvc start= DISABLED
    sc config  smphost start= DEMAND
    sc config  SmsRouter start= DISABLED
    sc config  SNMPTRAP start= DISABLED
    sc config  spectrum start= DEMAND
    sc config  Spooler start= DISABLED
    sc config  sppsvc start= AUTO
    sc config  SSDPSRV start= DISABLED
    sc config  ssh-agent start= DISABLED
    sc config  SstpSvc start= DEMAND
    sc config  StateRepository start= DEMAND
    sc config  stisvc start= DISABLED
    sc config  StorSvc start= DEMAND
    sc config  svsvc start= DEMAND
    sc config  swprv start= DEMAND
    sc config  SysMain start= AUTO
    sc config  SystemEventsBroker start= AUTO
    sc config  TabletInputService start= DISABLED
    sc config  TapiSrv start= DISABLED
    sc config  TermService start= DISABLED
    sc config  Themes start= AUTO
    sc config  TieringEngineService start= DEMAND
    sc config  TimeBrokerSvc start= DEMAND
    sc config  TokenBroker start= DEMAND
    sc config  TrkWks start= AUTO
    sc config  TrustedInstaller start= DEMAND
    sc config  tzautoupdate start= DISABLED
    sc config  UevAgentService start= DISABLED
    sc config  UmRdpService start= DISABLED
    sc config  upnphost start= DISABLED
    sc config  UserManager start= AUTO
    sc config  UsoSvc start= AUTO
    sc config  VacSvc start= DISABLED
    sc config  VaultSvc start= DEMAND
    sc config  vds start= DEMAND
    sc config  vmicguestinterface start= DISABLED
    sc config  vmicheartbeat start= DISABLED
    sc config  vmickvpexchange start= DISABLED
    sc config  vmicrdv start= DISABLED
    sc config  vmicshutdown start= DISABLED
    sc config  vmictimesync start= DISABLED
    sc config  vmicvmsession start= DISABLED
    sc config  vmicvss start= DISABLED
    sc config  VSS start= DEMAND
    sc config  W32Time start= DISABLED
    sc config  WaaSMedicSvc start= DEMAND
    sc config  WalletService start= DEMAND
    sc config  WarpJITSvc start= DEMAND
    sc config  wbengine start= DEMAND
    sc config  WbioSrvc start= DISABLED
    sc config  Wcmsvc start= AUTO
    sc config  wcncsvc start= DISABLED
    sc config  WdiServiceHost start= DEMAND
    sc config  WdiSystemHost start= DEMAND
    sc config  WdNisSvc start= DEMAND
    sc config  WebClient start= DISABLED
    sc config  Wecsvc start= DEMAND
    sc config  WEPHOSTSVC start= DEMAND
    sc config  wercplsupport start= DEMAND
    sc config  WerSvc start= DISABLED
    sc config  wfcs start= AUTO
    sc config  WFDSConMgrSvc start= DISABLED
    sc config  WiaRpc start= DISABLED
    sc config  WinDefend start= AUTO
    sc config  WinHttpAutoProxySvc start= DISABLED
    sc config  Winmgmt start= AUTO
    sc config  WinRM start= DISABLED
    sc config  wisvc start= DISABLED
    sc config  WlanSvc start= DISABLED
    sc config  wlidsvc start= DISABLED
    sc config  wlpasvc start= DEMAND
    sc config  WManSvc start= DEMAND
    sc config  wmiApSrv start= DEMAND
    sc config  WpcMonSvc start= DISABLED
    sc config  WPDBusEnum start= DEMAND
    sc config  WpnService start= DISABLED
    sc config  wscsvc start= AUTO
    sc config  WSearch start= AUTO
    sc config  wuauserv start= DEMAND
    sc config  WwanSvc start= DISABLED
    sc config  XblAuthManager start= DISABLED
    sc config  XblGameSave start= DISABLED
    sc config  XboxGipSvc start= DISABLED
    sc config  XboxNetApiSvc start= DISABLED
    sc config  BcastDVRUserService start= DISABLED
    sc config  BluetoothUserService start= DISABLED
    sc config  CaptureService start= DISABLED
    sc config  cbdhsvc start= DEMAND
    sc config  CDPUserSvc start= DISABLED
    sc config  ConsentUxUserSvc start= DISABLED
    sc config  DevicePickerUserSvc start= DISABLED
    sc config  DevicesFlowUserSvc start= DEMAND
    sc config  MessagingService start= DISABLED
    sc config  PimIndexMaintenanceSvc start= DISABLED
    sc config  PrintWorkflowUserSvc start= DISABLED
    sc config  UnistoreSvc start= DISABLED
    sc config  UserDataSvc start= DISABLED
    sc config  WpnUserService start= DEMAND
    @pause
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    8,512
    29,653
    270
    Everthing looks good to me

    probably you need to enable all TI priveliges:
    Code:
    NSudo -U:T -P:E  "Path\RestoreAllMyServices.bat"
    as for one script, you can add this check at top to make the script re-lauch itself with Nsudo
    Code:
    @echo off
    %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"
    goto :eof
    )
    
    :OK
    
    add your code after :OK, then add exit comand
     
  3. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    146
    231
    10
    Thanks a lot mate! Even with all TI privileges I still get the same 3 access denied errors, but I guess it's normal...
    One small thing, I had to change the code like this:
    Code:
    @echo
    %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    Nsudo -U:T -P:E "%~dpnx0"
    goto :eof
    )
    
    :OK
    With %~dp0Nsudo it does not work.
    Is it because I've got Nsudo in C:/program files/Nsudo ? (I added Nsudo path to "PATH" environment variable, to be able to use the short name in cmd prompt)
    Or because my .bat is not on located C:/ drive? I understand somehow the %~dp command "expands" the drive where is the script to find Nsudo path?
    Sorry it's a bit foreign language for me, but I will get there :)

    Also is there a way to auto elevate it? or is it really that bad to do that?
    If I start it like this:
    Code:
    @echo
    
    set "params=%*"
    cd /d "%~dp0" && ( if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" ) && fsutil dirty query %systemdrive% 1>nul 2>nul || (  cmd /u /c echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "cmd.exe", "/k cd ""%~sdp0"" && %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs" && "%temp%\getadmin.vbs" && exit /B )
    
    %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    Nsudo -U:T -P:E "%~dpnx0"
    goto :eof
    )
    
    :OK
    it works, but first cmd window stays open so its a bit ugly :D
    Sorry to bother...thanks for your time and great work anyway!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    8,512
    29,653
    270
    Whatever works for you :)
    i just assumed Nsudo.exe is next to the script

    auto elevate is not always bad, but with script that change system services, accidental double-click will be unrecoverable :)
    specially if you have auto admin-elevation policy set (ConsentPromptBehaviorAdmin)

    anyway, this is my current elevation code
    Code:
    cd /d "%~dp0" && ( if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" ) && fsutil dirty query %systemdrive% 1>nul 2>nul || (  cmd /u /c echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "cmd.exe", "/k cd ""%~dp0"" && ""%~dpnx0""", "", "runas", 1 >> "%temp%\getadmin.vbs" && "%temp%\getadmin.vbs" 1>nul 2>nul && exit )
    
     
  5. app_raiser

    app_raiser MDL Junior Member

    Mar 18, 2018
    67
    25
    0
    the ONLY way i know to disable EVERYTHING is "become" trusted installer & autoruns! i recently realized that telemetrics and diags even run in a clean old boot.wim.. from windows 8 for example. reason i guess is UEFI capabilities (bios size 16MB f.e. AND UEFI ram full size 128MB may be (is) the trick ;-)

    so.. try this in windows explorer folder location bar - not IE! :)

    https://live.sysinternals.com/
     
  6. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    146
    231
    10
    Thanks guys! Here's my final script for LTSC "core services" (took out acronis and some other custom/hardware services).

    With Nsudo next to the script:
    Code:
    @Echo
    cd %systemroot%\system32
    call :IsAdmin
    
    %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"&exit /b
    )
    
    :OK
    @echo Restore "core services" start state, saved at 20:45:00,00 24/10/2018
    @pause
    
    for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 2 /f
    )
    
    for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 3 /f
    )
    
    for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 4 /f
    )
    
    for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do (
    sc config %%G start= AUTO
    )
    
    for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do (
    sc config %%G start= DEMAND
    )
    
    for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do (
    sc config %%G start= DISABLED
    )
    cmd /c
    @pause
    exit
    
    :IsAdmin
    Reg.exe query "HKU\S-1-5-19\Environment"
    If Not %ERRORLEVEL% EQU 0 (
    Cls & echo You must have administrator rights to continue.
    @echo Press any key to exit...
    pause>NUL 2>&1 & exit
    )
    Cls
    goto:eof

    With Nsudo "installed" (registred in environment path variables)
    Code:
    @Echo
    cd %systemroot%\system32
    call :IsAdmin
    
    %windir%\system32\reg.exe query "HKU\S-1-5-19" 1>nul 2>nul || goto :eof
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    NSudo -U:T -P:E "%~dpnx0"&exit /b
    )
    
    :OK
    @echo Restore "core services" start state, saved at 20:45:00,00 24/10/2018
    @pause
    
    for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 2 /f
    )
    
    for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 3 /f
    )
    
    for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do reg query HKLM\SYSTEM\ControlSet001\Services\%%G /v Start 1>nul 2>nul && (
    reg add HKLM\SYSTEM\ControlSet001\Services\%%G /v Start /t REG_DWORD /d 4 /f
    )
    
    for %%G in (AudioEndpointBuilder,Audiosrv,BFE,BrokerInfrastructure,CoreMessagingRegistrar,CryptSvc,DcomLaunch,ddpvssvc,Dhcp,Dnscache,DPS,DusmSvc,EventLog,EventSystem,FontCache,gpsvc,IKEEXT,LSM,mpssvc,NlaSvc,nsi,Power,ProfSvc,RpcEptMapper,RpcSs,SamSs,Schedule,SENS,ShellHWDetection,sppsvc,SysMain,SystemEventsBroker,Themes,TrkWks,UserManager,UsoSvc,Wcmsvc,wfcs,WinDefend,Winmgmt,wscsvc,WSearch) do (
    sc config %%G start= AUTO
    )
    
    for %%G in (AppIDSvc,Appinfo,AppReadiness,AppXSvc,AssignedAccessManagerSvc,AxInstSV,BDESVC,BITS,camsvc,ClipSVC,COMSysApp,ddpsvc,defragsvc,DeviceInstall,DevQueryBroker,diagsvc,DisplayEnhancementService,DmEnrollmentSvc,dot3svc,DsmSvc,DsSvc,Eaphost,EFS,embeddedmode,EntAppSvc,fdPHost,FontCache3.0.0.0,GraphicsPerfSvc,hidserv,InstallService,jhi_service,KeyIso,KtmRm,LicenseManager,lltdsvc,LMS,LxpSvc,MSDTC,msiserver,Netman,netprofm,NetSetupSvc,NgcCtnrSvc,NgcSvc,p2pimsvc,p2psvc,perceptionsimulation,PerfHost,pla,PlugPlay,PNRPAutoReg,PNRPsvc,PolicyAgent,QWAVE,seclogon,SecurityHealthService,Sense,SentinelKeysServer,SentinelProtectionServer,SentinelSecurityRuntime,smphost,spectrum,SstpSvc,StateRepository,StorSvc,svsvc,swprv,TieringEngineService,TimeBrokerSvc,TokenBroker,TrustedInstaller,VaultSvc,vds,VSS,WaaSMedicSvc,WalletService,WarpJITSvc,wbengine,WdiServiceHost,WdiSystemHost,WdNisSvc,Wecsvc,WEPHOSTSVC,wercplsupport,wlpasvc,WManSvc,wmiApSrv,WPDBusEnum,wuauserv,cbdhsvc,DevicesFlowUserSvc,WpnUserService) do (
    sc config %%G start= DEMAND
    )
    
    for %%G in (AJRouter,ALG,AppMgmt,AppVClient,BTAGService,BthAvctpSvc,bthserv,CDPSvc,CertPropSvc,CscService,DeviceAssociationService,diagnosticshub.standardcollector.service,DiagTrack,dmwappushservice,DoSvc,FDResPub,fhsvc,FrameServer,HvHost,IAStorDataMgrSvc,icssvc,iphlpsvc,IpxlatCfgSvc,irmon,LanmanServer,LanmanWorkstation,lfsvc,lmhosts,MapsBroker,MSiSCSI,NaturalAuthentication,NcaSvc,NcbService,NcdAutoSetup,Netlogon,NetTcpPortSharing,PcaSvc,PeerDistSvc,PhoneSvc,PrintNotify,PushToInstall,RasAuto,RasMan,RemoteAccess,RemoteRegistry,RetailDemo,RmSvc,RpcLocator,SCardSvr,ScDeviceEnum,SCPolicySvc,SDRSVC,SEMgrSvc,SensorDataService,SensorService,SensrSvc,SessionEnv,SgrmBroker,SharedAccess,SharedRealitySvc,shpamsvc,SmsRouter,SNMPTRAP,Spooler,SSDPSRV,ssh-agent,stisvc,TabletInputService,TapiSrv,TermService,tzautoupdate,UevAgentService,UmRdpService,upnphost,VacSvc,vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,W32Time,WbioSrvc,wcncsvc,WebClient,WerSvc,WFDSConMgrSvc,WiaRpc,WinHttpAutoProxySvc,WinRM,wisvc,WlanSvc,wlidsvc,WpcMonSvc,WpnService,WwanSvc,XblAuthManager,XblGameSave,XboxGipSvc,XboxNetApiSvc,BcastDVRUserService,BluetoothUserService,CaptureService,CDPUserSvc,ConsentUxUserSvc,DevicePickerUserSvc,MessagingService,PimIndexMaintenanceSvc,PrintWorkflowUserSvc,UnistoreSvc,UserDataSvc) do (
    sc config %%G start= DISABLED
    )
    cmd /c
    @pause
    exit
    
    :IsAdmin
    Reg.exe query "HKU\S-1-5-19\Environment"
    If Not %ERRORLEVEL% EQU 0 (
    Cls & echo You must have administrator rights to continue.
    @echo Press any key to exit...
    pause>NUL 2>&1 & exit
    )
    Cls
    goto:eof
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...