Windows 11 Tweaks, Fixes and Modifications [Overview]

It is not just that anymore, it is typing overall now, like in Settings and you will not be able to login to Windows, local or MS account, if you use any password or PIN.

 

i cant remember where ist in one of the slimdown 10 threads if disabled it but you cant use the search on task bar you can use something called shell explorer then you can search.

 

Yes, CTFMon is needed for search on Taskbar, Start menu and Settings

 

If I don't use any of those how do I go about disabling it?

 

I am trying to disable the windows defender service (windefend) for an offline wim image but without success.

Is there a way to disable the windows defender service before windows starts? Can this be applied already on an offline wim image?

 

ren the folder to windows defender2

 

I'm not looking to remove it, just disable it.

 

You can already test by renaming the ctfmon.exe file
And with 24h2, you may need to modify this registry key, if you have errors when closing the task manager or others

Go there : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input

InputServiceEnabled => 0 to 1

 

Disable Windows Defender (windefend) service for wim image offline.

Spoiler: Script Disable Windows Defender. Win 11 24H2

@echo off
TITLE Script Disable Windows Defender. Win 11 24H2
Color 1F

SETLOCAL ENABLEDELAYEDEXPANSION
SETLOCAL ENABLEEXTENSIONS

Pushd "%~dp0" >nul
CD /d "%~dp0" >nul
IF /I "%~1" equ "asTrustedInstaller" (
ECHO.
ECHO."%~nx0" Script - Running As Trusted Installer by %~2.
)

:: Detect [OS Architecture
IF EXIST "%WinDir%\SysWOW64" (set "arch=x64") else (set "arch=x86")

:: Getting Admin Rights by Run Script as Trusted Installer with nSudo or PowerRun
IF /I "%~1" neq "asTrustedInstaller" (
IF /I EXIST "Bin\nSudo.exe" (
REM IF /I EXIST "Bin\PowerRun.exe" (
FOR /f %%# in ('dir /B /A:-D "%~nx0"') do ("%%~dp#Bin\nSudo.exe" -U=T -P=E -CurrentDirectory=%%~dp# "%%~f#" "asTrustedInstaller" "nSudo")
REM FOR /f %%# in ('dir /B /A:-D "%~nx0"') do ("%%~dp#Bin\PowerRun.exe" /WD:"%%~dp#" "%%~f#" "asTrustedInstaller" "PowerRun")
) else (
ECHO.
ECHO.
ECHO.Run "%~nx0" Script Disable Windows Defender.
ECHO.
TIMEOUT.exe /T -1
)
EXIT
)

:: Setting environment path for the Windows setup
Set "Mount=%~dp0Mount"
Set "BootMount=%Mount%\Boot"
Set "BootWim=%~dp0DVD\sources\boot.wim"
Set "BootWimTmp=%~dp0DVD\sources\boot_temp.wim"
Set "InstallMount=%Mount%\Install"
Set "WinREmount=%~dp0Mount\WinRE"
Set "WinRE=%~dp0Mount\Install\Windows\System32\Recovery"
Set "WIM=%~dp0DVD\sources\install.wim"
Set "WimTemp=%~dp0DVD\sources\install_temp.wim"

:: Setting dependent tools environment path variables
Set "DISM=%~dp0Bin\DISM\dism.exe"

Set ISOName=
for /f "delims=" %%i in ('dir /b "ISO\*.iso" 2^>nul') do (
ECHO %%i 2>nul | findstr /r /c:"^Windows10_x[86][46]_[a-zA-Z][a-zA-Z]-[a-zA-Z][a-zA-Z]*\.iso" >nul 2>&1 || set "ISOName=%%i"
)

ECHO.
ECHO ============================================================
ECHO Unpacking ISO/DVD image: "%ISOName%" to DVD directory...
ECHO ============================================================
IF not "%ISOName%"=="" (
IF Exist "DVD" RD /s /q "DVD" >nul 2>&1
"Bin\7z.exe" x -y -o"DVD" "ISO\%ISOName%"
)

for /f "tokens=2" %%a in ('Bin\wimlib-imagex.exe info "%WIM%" ^| find /i "Index:"') do set maxindex=%%a
ECHO %maxindex%
for /l %%i in (1,1,%maxindex%) do (
"%DISM11%" /english /Get-WimInfo /WimFile:"%WIM%" /index:"%%i"
ECHO.
ECHO ============================================================
ECHO Mounting installation image %maxindex%
ECHO ============================================================
If Exist "%Mount%" rd /q /s "%Mount%"
If not Exist "%Mount%" mkdir "%Mount%"
If not Exist "%InstallMount%" mkdir "%InstallMount%"
"%DISM%" /english /Mount-Wim /WimFile:"%WIM%" /index:%%i /MountDir:"%InstallMount%"

"%DISM%" /Image:"%InstallMount%" /Disable-Feature /FeatureName:Windows-Defender-Default-Definitions

ECHO.
ECHO ============================================================
ECHO Mount Image Registry
ECHO ============================================================
reg load HKLM\TK_DEFAULT "%InstallMount%\Windows\System32\config\DEFAULT"
reg load HKLM\TK_NTUSER "%InstallMount%\Users\Default\NTUSER.DAT"
reg load HKLM\TK_SOFTWARE "%InstallMount%\Windows\System32\config\SOFTWARE"
reg load HKLM\TK_SYSTEM "%InstallMount%\Windows\System32\config\SYSTEM"

ECHO.
ECHO ============================================================.
ECHO Disable Windows Defender
ECHO ============================================================
reg add "HKLM\TK_NTUSER\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "4" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t REG_DWORD /d "2" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v "FirstAuGracePeriod" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /t REG_BINARY /d "030000000000000000000000" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "LocalSettingOverridePurgeItemsAfterDelay" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScriptScanning" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Remediation" /v "Scan_ScheduleDay" /t REG_DWORD /d "8" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Remediation" /v "Scan_ScheduleTime" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "AdditionalActionTimeOut" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "CriticalFailureTimeOut" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "NonCriticalTimeOut" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "AvgCPULoadFactor" /t REG_DWORD /d "16" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableArchiveScanning" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupFullScan" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupQuickScan" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRemovableDriveScanning" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRestorePoint" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningMappedNetworkDrivesForFullScan" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningNetworkFiles" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "PurgeItemsAfterDelay" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScanOnlyIfIdle" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScanParameters" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScheduleDay" /t REG_DWORD /d "8" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScheduleTime" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableUpdateOnStartupWithoutEngine" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleDay" /t REG_DWORD /d "8" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleTime" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureUpdateCatchupInterval" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SpyNetReportingLocation" /t REG_MULTI_SZ /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
reg add "HKLM\TK_SYSTEM\ControlSet001\Services\EventLog\System\Microsoft-Antimalware-ShieldProvider" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\TK_SYSTEM\ControlSet001\Services\EventLog\System\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\TK_DEFAULT\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d "0" /f
reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f 1>nul 2>nul
for /f %%x in ('dir /b "%InstallMount%\Program Files\WindowsApps\Microsoft.SecHealthUI*"') do (rmdir /q /s "%InstallMount%\Program Files\WindowsApps\%%x")

ECHO.
ECHO ============================================================
ECHO Disabling DefenderApiLogger, DefenderAuditLogger
ECHO ============================================================
for %%t in (DefenderApiLogger, DefenderAuditLogger) do (
for /F "tokens=1 delims=" %%a in ('reg query "HKLM\TK_SYSTEM\ControlSet001\Control\WMI\Autologger" /e /k /f "%%~t" 2^>nul ^| find /i "%%~t"') do (
ECHO Disabling tracker %%~t
reg add "HKLM\TK_SYSTEM\ControlSet001\Control\WMI\Autologger\%%~t" /v "Start" /t REG_DWORD /d "0" /f
)
)

ECHO.
ECHO ============================================================
ECHO Disabling services WinDefender
ECHO ============================================================
for %%s in (MsSecFlt, SecurityHealthService, Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend, wscsvc) do (
for /f "tokens=1 delims=" %%a in ('reg query "HKLM\TK_SYSTEM\ControlSet001\Services" /e /k /f "%%s" 2^>nul ^| find /i "%%s"') do (
ECHO Disabling service %%s
reg add "HKLM\TK_SYSTEM\ControlSet001\Services\%%s" /v "Start" /t REG_DWORD /d "4" /f
)
)

ECHO.
ECHO ============================================================
ECHO Delete scheduled tasks WinDefender
ECHO ============================================================
for %%t in ("Windows Defender\Windows Defender Cache Maintenance","Windows Defender\Windows Defender Cleanup","Windows Defender\Windows Defender Scheduled Scan","Windows Defender\Windows Defender Verification","ExploitGuard\ExploitGuard MDM policy Refresh") do (
for /f "tokens=3 delims= " %%a in ('reg query "HKLM\TK_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\%%~t" /v "Id" 2^>nul ^| find /i "Id" ^| find /i "REG_SZ"') do (
ECHO Removing task %%~t
reg delete "HKLM\TK_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\%%~t" /f
)
)

ECHO.
ECHO ============================================================
ECHO Disable SmartScreen
ECHO ============================================================
reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_NTUSER\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_DEFAULT\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t REG_DWORD /d "0" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.AppReputationService" /v "ActivationType" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.EventLogger" /v "ActivationType" /t REG_DWORD /d "1" /f
reg add "HKLM\TK_SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.UriReputationService" /v "ActivationType" /t REG_DWORD /d "1" /f

ECHO.
ECHO ============================================================
ECHO Hide the Windows Backup App
ECHO ============================================================
reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\MicrosoftAccount" /v "DisableUserAuth" /t REG_DWORD /d "1" /f

ECHO.
ECHO =============================================================
ECHO Un-Mounting Image Registry
ECHO =============================================================
reg Unload HKLM\TK_DEFAULT
reg Unload HKLM\TK_NTUSER
reg Unload HKLM\TK_SOFTWARE
reg Unload HKLM\TK_SYSTEM

rem Unmounting image
"%DISM%" /english /Unmount-Wim /MountDir:"%InstallMount%" /commit
)

ECHO.
ECHO ============================================================
ECHO Re-Building Source Install.wim Image
ECHO ============================================================
"Bin\wimlib-imagex.exe" export "%Wim%" all "%WimTemp%" --compress=LZX
move /y "%WimTemp%" "%Wim%"
"%DISM%" /English /Cleanup-Mountpoints

ECHO.
ECHO.
ECHO All Finished.
ECHO.
ECHO Press any key to end the script.
ECHO.
Pause >nul
EXIT

 

Any thoughts and ideas on ripping out recall and AI features from 24H2 and future versions? Currently we seem to be in a situation similar to The Walking Dead where everyone is infected with the virus, which lies dormant in the living but turns them into zombies when they die. AI features won't work unless your system has a supported NPU, but the code is sitting there doing God knows what - data mining, maybe?

 

Update my tweak script again.
Disable Recall was stuck, at Do you want to restart bla bla
now fixed.

Code:

dism.exe /online /disable-feature /FeatureName:recall /noRestart

https://forums.mydigitallife.net/threads/83744/page-17#post-1683742

 

Since 24h2, I often have the message that I cannot eject the USB key (64GB therefore seen as a disk and NTFS) because it is used by another process.
I looked, that's it



If I wait several minutes (about 4 or 5 minutes) it's fine
No problem with 23h2

Do you have an idea of a comment to solve this ?

Thanks

 

Explorer , 3 Dots , menu goes up rather then down, do this ...

Another way to fix the Explorer menu bug...

Run the following in administrative mode:

Code:

vivetool.exe /disable /id:51960011

Then reboot.

 

Do you know what exactly is disabled by running that command? i have seen some people here using that Vivetool thing and then they cry because their windows fails and dont know how to fix it...

 

https://forums.mydigitallife.net/th...retail-ge-release.88220/page-133#post-1857943

 

So, basically you are spreading "fixes" using 3rd party tools without explanations what it does or change? cool dude... thank you very much.

 

I have noticed that in 23h2 some settings are not applied offline, it is as if there is a protection against alterations that does not allow some settings to be made, an example is when trying to hide the search bar, in the registry it is applied correctly but when testing in a virtual machine, the search bar continues to be displayed and when checking in the registry the changes are not applied.

Does anyone know what is happening? Is there any configuration in the registry that prevents this?

Code:

echo.
echo Hide TaskView Icon and Hide Search Bar
Reg add "HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d "0" /f >nul
Reg add "HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d "0" /f >nul

 

In Windows 11 23H2, Microsoft has introduced more robust protection mechanisms for certain UI and functionality settings. These protections can prevent offline modifications—such as directly editing the registry from an offline hive—from being fully applied to the live system once it is booted. Here’s an explanation of what might be happening and potential solutions:

Why Are Changes Not Applied?

1. Settings Synchronization: Some settings, such as taskbar search configurations, are now managed through multiple layers, including:
   
   • User experience settings stored elsewhere: Even though the registry reflects your changes, Windows may overwrite them with cached or synchronized values.
   • Cloud sync via Microsoft Account: If the system is tied to a Microsoft account, it may synchronize settings from the cloud, effectively overriding registry changes.
2. Feature Lock via Feature Control:
   
   • Starting with newer builds, Windows may actively block offline modifications to certain settings to maintain system consistency or prevent errors.
3. Live Policy Updates: Some features rely on active user sessions, and changes applied offline might not propagate until they are explicitly triggered in the active session.
   
   
4. Registry Virtualization:
   
   • The registry keys for certain settings, especially UI elements like the search bar or task view, might be virtualized for the active user profile, and changes made offline won't reflect in the corresponding virtual registry hive.

Workaround Suggestions
1. Apply Changes to the Correct Hive
The key in your script:

bash
HKLM\zNTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\

is targeting an offline hive (zNTUSER). While this should work theoretically, the keys might be profile-specific. Ensure you’re targeting the correct active user hive:

bash
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

and:

bash
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search

2. Modify Group Policies Instead
For taskbar-related settings, group policy changes can be more effective:

• Open gpedit.msc.
• Navigate to:
  • Search Bar: User Configuration > Administrative Templates > Windows Components > Search > Allow search highlights
  • Task View Button: User Configuration > Administrative Templates > Start Menu and Taskbar > Show Task View button
• Set these policies accordingly, export them to .pol files, and apply them using scripts.

3. Use Taskbar Management Tools
Scripts or tools like TaskbarX or PowerShell modules designed to interact directly with the Windows Shell can force changes in taskbar settings.

4. Force Settings in an Online State
Apply the settings once the system is booted:

powershell
# Hide Task View
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Value 0

# Hide Search Bar
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Value 0

# Restart Explorer for changes to take effect
Stop-Process -Name "explorer" -Force
Start-Process "explorer"

5. Disable Cloud Sync
If cloud synchronization is enabled for your Microsoft account, disable it:

• Go to Settings > Accounts > Windows backup > Remember my preferences.
• Turn off Other Windows settings.

Verify Results
After implementing any changes:

1. Restart explorer.exe or reboot the machine.
2. Check the settings manually in the taskbar and ensure they persist across reboots.
3. Double-check the registry keys to ensure no overwriting occurs post-boot.

If you continue to face issues, tools like Sysinternals' Procmon can help trace what overwrites the registry changes during startup.

 

You need to login to view this posts content.