Interesting, but there's a downside: stopping “Windows-Kernel-Licensing-StartService-Trigger” Trace Provider moves Office into unlicensed status. Possibly Windows as well. I had managed to stop and delete UBPM running Performance Monitor as TrustedInstaller, but - let alone the Office issue - gave up because it is restored on next reboot anyway. A few trace sessions seem critical and cannot be turned off easily. Pretty stubborn stuff. My list (LTSC 2021): Data Collector Set Type Status ----------------------------------------------------------------------------------- Eventlog-Security Trace Running EventLog-Application Trace Running EventLog-System Trace Running UserNotPresentTraceSession Trace Running UBPM Trace Running
MY Windows 10 EnterpriseS (OS Build 19041.1) Code: Windows Event Log: sc config EventLog start= disabled Network List Service: sc config netprofm start= disabled Network Location Awareness: sc config NlaSvc start= disabled Goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc / DependOnService remove EventLog Run %windir%\system32\compmgmt.msc with PowerRun Goto Performance\Data Collector Sets\ Event Trace Sessions Startup Event Trace Sessions Disable all & Restart PC. NOTES: Eventlog-Security will NOT disable. Code: Event Trace Sessions: Name Status: UBPM Running UserNotPresentTraceSession Running SgrmEtwSession Running * Startup Event Trace Sessions: Name Status: AutoLogger-Diagtrack-Listener Disabled Cellcore Disabled Circular Kernel Context Logger Disabled CloudExperienceHostOobe Disabled DataMarket Disabled DiagLog Disabled EventLog-Application Disabled EventLog-Security Disabled EventLog-System Disabled LwtNetLog Disabled Mellanox-Kernel Disabled Microsoft-Windows-Rdp-Graphics-RdpIdd-Trace Disabled Microsoft-Windows-Setup Disabled NBSMBLOGGER Disabled NetCore Disabled NtfsLog Disabled PEAuthLog Disabled RadioMgr Disabled RdrLog Disabled ReadyBoot Enabled SetupPlatform Disabled SetupPlatformTel Disabled SpoolerLogger Disabled TCPIPLOGGER Disabled TileStore Disabled Tpm Disabled UBPM Disabled WdiContextLog Disabled WFP-IPsec Trace Disabled WiFiDriverIHVSession Disabled WiFiDriverIHVSessionRepro Disabled WiFiSession Disabled WinPhoneCritical Disabled
how do you run this.? powershell as admin or trust installer.? i did trust unstaller and still some are running
how you managed to install updates? w.u. won't run if you disable this. sc config EventLog start= disabled do you install updates manually?
I don't install updates ever, never have. Only show installing updates on [Windows Editions Reconstruction Project] to show image can still be updated.
This piece of code disabled (all) "Startup Event Trace Sessions" on a live system. No TI used. Code: @echo off REM * Disable Other (Telemetry) LOGGERS ECHO: FOR %%I in (InstallInfoCheck,ARPInfoCheck,MediaInfoCheck,FileInfoCheck) DO ( REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Tracing" /V %%I /T REG_DWORD /D 0 /F >NUL ) ECHO: REM This >> REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\AITEventLog" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Audio" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Circular Kernel Context Logger" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\DiagLog" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Microsoft-Windows-Setup" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\EventLog-AirSpaceChannel" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\NBSMBLOGGER" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\NtfsLog" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\PEAuthLog" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\PerfPipeUserSession:0" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\PerfPipeUserSession:1" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\PerfPipeUserSession:2" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\PerfPipeUserSession:3" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\RAC_PS" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\RdrLog" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\ReadyBoot" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\TCPIPLOGGER" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Tpm" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\UBPM" /V Start /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\WdiContextLog" /V "Start" /T REG_DWORD /D 0 /F >NUL REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\WFP-IPsec Trace" /V "Start" /T REG_DWORD /D 0 /F >NUL Not sure about the ones u posted in the screenshot?! Verify Code: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger Add the ones u see in the screenshot and re-apply the script to see if those are disabled... Have pfun
they dont show up in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger only MpWppTracing-07202016-140038-00000003-ffffffff but still its running.. i can set all to disable on start up but theyll show running on event trace session. i need to clean install windows but i would like to know how to stop them instead i think they cant be disaabled.. i already tried the scheduler task but am pretty sure am doing something wrong. i created xml file ... have nsudo in c:windows and created a cmd file place it in c:windows open task scheduler import the xml. and i gues thats it.. but this code Code: schtasks /Create /F /TN "Disable UBPM Logging" /XML C:\Disable_UBPM_LOG.xml i dont know what to do with the code above... without using code above i run scheduler restarted but then scheduler and computer mangament doesnt open... i have to go into safe mode and delete the cdm file in c:windows and if i find a way to have it stop how can i do the same for the ones running in he p[icture.???
Some of the ones you showed here in the screenshot, are not on my system. Either an old x86 that i always use... Or a fresh Windows 7 system. Some could be added from other software?! The others as showing in the screenshot must be disabled by running that piece of code i posted, as they are disabled here after running the batch file, except for EventLog-System on my old x86 system (I did run the batch on a live system) I never tested this before on this one... On a fresh Windows 7 install with a specialize.cmd/setupcomplete.cmd...All are disabled, only UBPM is running on that system as you could see from the screenshot i posted before. Must be something in those scripts. Can't say for sure atm, must redo to see... About the Task Scheduler script: 1) Save NSudoLC.exe into C:\Windows\System32 2) Save the batch into C:\Windows 3) Save the XML somewhere you like... 4)Then run the SCHTASKS command and point it to the XML After rebooting the system, the task runs hidden on startup and removes (atleast) the UBPM one...
thanks i got it... but i could only get rid of UserNotPresentTraceSession as UBPM is needed for windows update.. am going to clean install..
Hey After running an older LTSC 2019 to see if UBPM is required for WU to work. Although it;s really slow scanning there... WU works just fine if that one is disabled. Not sure about the rest Code: NSudoLC -U:T -P:E logman stop -n WindowsUpdate.20230504.012953.133.1 -ets NSudoLC -U:T -P:E logman stop -n 8696EAC4-1288-4288-A4EE-49EE431B0AD9 -ets NSudoLC -U:T -P:E logman stop -n UserNotPresentTraceSession -ets NSudoLC -U:T -P:E logman stop -n EventLog-System -ets NSudoLC -U:T -P:E logman stop -n EventLog-Application -ets
you are right it does work... i just tested UBPM id disabled.. but why i said it didnt work before.... well when you disable and restart then trying to open computer managment and see all the traces it just doesnt open.... then i tried and open windows update... same blank screen and loading bar.... but i was doing something else when all of the sudden computer managment open it took like a minute or more to open.. then check no UBPM is gone.. then i open windows update and this time it shows availble updates ect. thanks i ran a script i was just testing.. so clean install again....