i spoke too soon... disabling UBPM hangs for a while . like when i try to open task manager computer management or install a program it hangs for like 3-4 minutes then it opens. not sure what is happening once it open you can then open it again instantly. as for MPP and SHS it seems that those 2 create a new file name based on the date and time.. NSudoLC -U:T -P:E logman stop -n SHS-05042023-185432-7-7f -ets SHS-05042023-230640-7-7f SHS-05042023-232050-7-7f am on windows 10 22H2 latest.
Interesting... I also have hangs lasting several minutes when I try to open most of the MMCs (Event Log, Task Scheduler), but not always (services.msc always starts instantly, and sometimes the others). Now I start to think that that's Kernel trying to start UBPM (and in the instances when I see it started, Kernel has already done that job). I'll try to have start=1 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\UBPM (but all GUIDs below it still have enabled=0). These hangs are not critical, everything still works, I just have to wait a minute or few to open these MMCs which I rarely use. It happens on both Win7 and Win10, I think they are the same regarding this issue (in general, about autologgers and event logs). I also remembered that in the beginning, when 7 came out, it was advised to leave UBPM alone since it was linked to Task Scheduler and many other internals, I guess that knowledge got lost in the depths of Internet... Maybe Task Scheduler starts UBPM when UBPM is disabled? We might never know. Or at least I won't, because I always disable all scheduled tasks. GL
Interesting.. new install After removing auto logger key .. 5025239 fail .. related or not ? ( Any way .. I always keep backup. Before killing my system ... Lol. It's good for the experience ) Edit Update went just fine now System seems work fine .. Event log is dead .. service not disabled at all Edit 2 Some problem with settings.. Bluetooth settings totally f** Now try new install with out remove this keys
i decided to leave it alone... for me once MMC is open and hangs other apps open fine but some then hangs too. so ill just leave it alone. am not at reading logs but i also wanted to know what was causing the hang. but i know nothing about reading logs. am using a modified script and i spent yesterday and today.. when disabling a task i could no longer acces the log in password pressing any key didnt change unless i click on the mouse.. now am ready to clean install again. i just hope that windows spothlight works...
This could also due to disabled service(s) Then you get an error while trying to open that setting... After disabling UBPM the Task Scheduler does a little weird all of a sudden. Like it cannot connect to the remote computer....After some tries it does work once again.
Code: @echo off set NSudo=NSudoLC -U:T -P:E -UseCurrentConsole Credits to... set "_schtasks_remove=NSudoLC.exe -U:T -P:E -UseCurrentConsole -Wait cmd /c SCHTASKS /DELETE /F /TN" set "_schedule=Microsoft\Windows" REM Required for WU downloading... %NSudo% sc config EventLog start= auto >NUL 2>&1 REM Required for the WU "wuauserv" service to start/work properly %NSudo% logman start -n UserNotPresentTraceSession -ets >NUL %NSudo% logman start -n UBPM -ets >NUL REM Not required for WUMT REM %NSudo% SC config WaaSMedicSvc start= auto >NUL 2>&1 REM %NSudo% sc start WaaSMedicSvc >NUL 2>&1 NSudoLC -U:S -P:E "%PROGRAMFILES%\wumt\wumt.exe" ECHO: ECHO: ECHO * Verifying if Windows Update MiniTool is (still) running... ECHO: ECHO * Disabling Windows Update services after WUMT is closed. ECHO: :Check_WUMT TASKLIST /FI "IMAGENAME EQ wumt.exe" |FIND ":" >NUL IF ERRORLEVEL 1 TIMEOUT /T 7 /NOBREAK >NUL && GOTO :Check_WUMT ECHO * Disabling Windows Update and Windows Event Log services... ECHO: SC query UsoSvc 2>&1 | findstr /i running >NUL 2>&1 && net stop UsoSvc >NUL 2>&1 SC query wuauserv 2>&1 | findstr /i running >NUL 2>&1 && net stop wuauserv >NUL 2>&1 SC query WaaSMedicSvc 2>&1 | findstr /i running >NUL 2>&1 && net stop WaaSMedicSvc >NUL 2>&1 SC query EventLog 2>&1 | findstr /i running >NUL 2>&1 && net stop EventLog >NUL 2>&1 %NSudo% SC config UsoSvc start= disabled >NUL %NSudo% SC config wuauserv start= disabled >NUL %NSudo% SC config WaaSMedicSvc start= disabled >NUL %NSudo% SC config EventLog start= disabled >NUL ECHO * Re-disable Event Trace Sessions... Timeout /T 3 >NUL ECHO: %NSudo% logman stop -n UserNotPresentTraceSession -ets >NUL %NSudo% logman stop -n UBPM -ets >NUL REM Really? %_schtasks_remove% "%_schedule%\UpdateOrchestrator\Report policies" >NUL 2>&1 %_schtasks_remove% "%_schedule%\UpdateOrchestrator\Schedule Scan" >NUL 2>&1 %_schtasks_remove% "%_schedule%\UpdateOrchestrator\Schedule Scan Static Task" >NUL 2>&1 %_schtasks_remove% "%_schedule%\WindowsUpdate\Scheduled Start" >NUL 2>&1 exit This works...
how do you run this .? i get error PS C:\Windows\system32> %_schtasks_remove% "%_schedule%\WindowsUpdate\Scheduled Start" >NUL 2>&1 %_schtasks_remove% : The term '%_schtasks_remove%' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + %_schtasks_remove% "%_schedule%\WindowsUpdate\Scheduled Start" >NUL 2 ... + ~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (%_schtasks_remove%:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException have to use at each boot.?
Logic might suggest editing @Dark Dinosaur's script itself suggestions change Code: Auditpol /set /category:* /Success:disable /failure:disable to Code: Auditpol /set /category:* /Success:disable /failure:enable or Code: Auditpol /set /category:* /Success:enable /failure:enable change LogLevel and TraceLevel DWORD values to 3 (seems to be the recommended value here, see available values earlier in the thread) change findstr "HKEY"`) do >nul reg add "%%a %%b" /f /v "Enabled" /t REG_DWORD /d 0 <-- to 1 and findstr "HKEY"`) do >nul reg add "%%a %%b" /f /v "Start" /t REG_DWORD /d 0 <-- to 1 suggested changes should? give you an Enable as opposed to the afforementioned / presented Disable script... I could be wrong