That's because that part of his script doesn't work in newer editions of Win10 which have TamperProtection. Spoiler Code: rem ========================= Windows Defender ========================= rem 1 - Disable Real-time protection reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f rem Disable WD Services reg add "HKLM\System\CurrentControlSet\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f rem Remove WD context menu reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f He also deletes PowerShell (why?) and deletes all Policies from registry... The script is (was) tailored to his needs, but dangerous for anyone else that doesn't analyze it fully and modify it. GL
going to do something like that, hope my system will survive ... will run at OOBE stage ... or SPECIALIZE stage Going test it on new install ,,, lets hope no problem Code: rem clean/disable auditing to conserve resources rem https://forums.mydigitallife.net/threads/windows-10-event-logs.86754 rem Not a good idea, kill WU service rem sc stop EventLog rem sc config EventLog start=disabled reg delete "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger" /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger" /f Auditpol /set /category:* /Success:disable /failure:disable Rem clean all this s**t Auditpol /clear /y powershell -nop -ep bypass -c "Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }"
Check on a live (backed up) installation... It was a long time since I have done such a thing, don't remember what were the consequences, but it was nothing good. Btw, you need to be Trusted Installer to disable/delete Autologgers. Edit: I guess if you're in OOBE it's ok, if you're SYSTEM there. GL
oh no ......... [I have a backup don't worry] Is it because of auto loggers? or EventLog service? going to investigate ... EventLog service must be kept alive ... Spoiler
From memory, remove EventLog from the value DependOnService of the NlaSvc. So current control set / services / nlasvc / dependonservice <- remove EventLog from this value, leave anything else that is there. GL
thats why i said someone should take a look. as i was very tired that day. but i did manage to pick stuff from it.. that i might need. so far so good.