Daily Archives: April 1, 2022

Windows 10 Python Smart Aleck

Posted on by
Reply

Windows 10 comes with a default alias that if you type python anywhere in terminal, powershell, run, etc, It will run a stub that points you to getting it in Windows Store. WTF man! I hate these stubs that are nothing but advertising! People will know there’s Python available in the store if Python Software Foundation’s website announces it. There’s no need to hijack the namespace with a useless stub!

After I install Spyder 5.3.0, it started with a Windows console instead of a Python Interpreter console, so when I typed Python (Spyder 5.3.0 came with Python 3.8.10 in its subfolder), this damn App store stub came up:

When I tried to force a .exe exceution in Powershell, I saw this:

So there’s a way to disable this bugger off!

It’s not the first time Spyder not working as intended out of the box, but Microsoft’s overzealous promotion of their ‘good ideas’ causes grief and agony to people who simply want things done.

It’s

Loading

NTLite Slipstreaming Windows 10 Notes

Posted on by
Reply

There are a few quirks when it comes to slipstreaming Windows 10 with NTLite.

Built-in administrator account logs in automatically by default

If you don’t create a password in NTLite when choosing built-in Administrator account, you will be auto-logged in. Remember to change the password afterwards!

Unattended installation will mark your machine as managed by the corporate office

Ping and file sharing (Samba/CIFS) with older Windows machines blocked out of the box

They are blocked by firewall out of the box. There’s a firewall setting group specifically for the service that can be enabled.

Powershell scripts wouldn’t execute

Because Microsoft changed the defaults and do not allow Powershell scripts to run out of the box. I have a CMD command to run in Post-Setup that you can run before any Powershell scripts are executed that’d fix the issue.

Slipstream-able Windows updates immediately following 21H2

windows10.0-kb4565627-x64-ndp48_b618d388f45d951c842a3e4fb71da120ae3940eb
windows10.0-kb4569745-x64-ndp48_8cd7482e550d1726441d66b46f11e968e919748e
windows10.0-kb5008876-x64-ndp48_9b34f8d0e6a5586806ee62c89775d758621e9b46
windows10.0-kb5010472-x64-ndp48_2ddef186366792bd766bc55a2ee63819e8770e07
windows10.0-kb5011543-x64_1c97e86392f8e18fe415630f60608a9091f28bbd

Basically all the 4 updates about with the tag -ndp48_ refers to NET Framework 4.8. The last one (KB5011543 for now) is a 600MB+ roll-up that gets updated often that you might want to check Microsoft Update Catalog for the latest YYYY-MM Cumulative Update Preview and replace it (check superseded info)

Annoyances fixed with Registry/Post-Setup scripts

  • Computer put to standby with a timeout by default
disable_standbyDownload

  • Event Viewer Errors that cannot be stopped by disabling all Event Viewer channels:
Disable-0xC004F069-warningDownload
  • Windows Updater keeps bugging you for Malicious Software Removal (it’ll prompt you over and over until you finished all the virus/malware definition files)
Disable-Malicious-Software-Removal-Tool-in-Windows-Update-1Download
  • Prevent Windows 11 upgrade from checking for TPM
DisableTPMcheckDownload
  • Microsoft Edge will bug you for executables downloads in general which they deemed unsafe regardless
EDGE_PreventSmartScreenPromptOverrideForFilesDownload
  • Windows do not backup your registry regularly by default
enable-periodic-registry-backupDownload
  • Event Viewer will bug you about Printer Notifications not working (Microsoft forgot to account for their product still using interactive Session 0 which they disabled for security concerns)
ReEnable_InteractiveServices_Session0_Interaction_Win10NewRuleBreaksPrintNotifyDownload

Enable System Restore Point and capture it on every login

  1. Enable System Restore on System Drive
  2. Disable refractory period (won’t run again in 24 hour even if requested) in registry
    (Needs to be done with reg.exe instead of just a registry file with NTLite to make sure it doesn’t get overwritten during provisioning)
  3. Create scheduled task that takes a snapshot at every logon
startSystemRestoreOnSystemDriveAtEveryBootDownload
Enable-ComputerRestore $env:systemdrive

# There's a 24hr refactory period if the key was not disabled (set to 0)
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /t REG_DWORD /v SystemRestorePointCreationFrequency /d 0 /f 

# Register task to create snapshot at every logon
$Trigger= New-ScheduledTaskTrigger -AtLogon
$User= "NT AUTHORITY\SYSTEM"
$Action= New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument '-Command Checkpoint-Computer -Description "TWC-RestorePoint" -RestorePointType MODIFY_SETTINGS'
Register-ScheduledTask -TaskName "Create System Restore Point" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest

NT Lite slipstream script for reference

	<Compatibility protectHidden="false">
		<ComponentFeatures>
			<Feature enabled="no">AppGuard</Feature>
			<Feature enabled="no">Bluetooth</Feature>
			<Feature enabled="no">CapFrameX</Feature>
			<Feature enabled="yes">Discord</Feature>
			<Feature enabled="yes">FileSharing</Feature>
			<Feature enabled="no">Hyper-V</Feature>
			<Feature enabled="no">iCloud</Feature>
			<Feature enabled="yes">ManualSetup</Feature>
			<Feature enabled="no">Edge</Feature>
			<Feature enabled="yes">OfficeSupport</Feature>
			<Feature enabled="yes">AppxSupport</Feature>
			<Feature enabled="yes">Netflix</Feature>
			<Feature enabled="no">NetworkDiscovery</Feature>
			<Feature enabled="no">NightLight</Feature>
			<Feature enabled="yes">NvidiaSetup</Feature>
			<Feature enabled="yes">OOBE</Feature>
			<Feature enabled="yes">Printing</Feature>
			<Feature enabled="yes">Recommended-All</Feature>
			<Feature enabled="no">SamsungSwitch</Feature>
			<Feature enabled="yes">Scanning</Feature>
			<Feature enabled="yes">ServicingStack</Feature>
			<Feature enabled="yes">ShellSearchSupport</Feature>
			<Feature enabled="yes">Spotify</Feature>
			<Feature enabled="yes">DefaultFonts</Feature>
			<Feature enabled="no">SafeMode</Feature>
			<Feature enabled="yes">TeamViewer</Feature>
			<Feature enabled="no">Recommended-Tablet</Feature>
			<Feature enabled="yes">USBModem</Feature>
			<Feature enabled="yes">USB</Feature>
			<Feature enabled="no">VideoPlayback</Feature>
			<Feature enabled="no">VPN</Feature>
			<Feature enabled="no">VisualStudio</Feature>
			<Feature enabled="no">VSS</Feature>
			<Feature enabled="yes">ActivationKMS</Feature>
			<Feature enabled="yes">Activation</Feature>
			<Feature enabled="yes">WindowsStore</Feature>
			<Feature enabled="yes">WindowsUpdate</Feature>
			<Feature enabled="yes">WLAN</Feature>
			<Feature enabled="no">YubiKey</Feature>
		</ComponentFeatures>
		<MachineDrivers>
			<Machine enabled="yes">HostMachine</Machine>
			<Machine enabled="no">Hyper-V VM</Machine>
			<Machine enabled="no">Parallels VM</Machine>
			<Machine enabled="no">Virtual Box VM</Machine>
			<Machine enabled="no">VMware VM</Machine>
		</MachineDrivers>
	</Compatibility>
	<Features>
		<Feature name="OneCoreUAP.OneSync~~~~0.0.1.0">false</Feature>
		<Feature name="Browser.InternetExplorer~~~~0.0.11.0">false</Feature>
		<Feature name="Internet-Explorer-Optional-amd64">false</Feature>
		<Feature name="MediaPlayback">false</Feature>
		<Feature name="Microsoft.Windows.MSPaint~~~~0.0.1.0">false</Feature>
		<Feature name="App.Support.QuickAssist~~~~0.0.1.0">false</Feature>
		<Feature name="Printing-XPSServices-Features">false</Feature>
		<Feature name="OpenSSH.Client~~~~0.0.1.0">false</Feature>
		<Feature name="SMB1Protocol-Deprecation">true</Feature>
		<Feature name="SMB1Protocol-Client">true</Feature>
		<Feature name="SMB1Protocol">true</Feature>
		<Feature name="SMB1Protocol-Server">true</Feature>
		<Feature name="Windows.Client.ShellComponents~~~~0.0.1.0">false</Feature>
		<Feature name="Hello.Face.Migration.18967~~~~0.0.1.0">false</Feature>
		<Feature name="Hello.Face.18967~~~~0.0.1.0">false</Feature>
		<Feature name="WindowsMediaPlayer">false</Feature>
		<Feature name="SearchEngine-Client-Package">false</Feature>
		<Feature name="Microsoft.Windows.WordPad~~~~0.0.1.0">false</Feature>
		<Feature name="WorkFolders-Client">false</Feature>
	</Features>
	<Drivers showHidden="false"></Drivers>
	<Unattended mode="1">
		<OEMSetupComplete>false</OEMSetupComplete>
		<AnswerFileLocationPanther>false</AnswerFileLocationPanther>
		<AnswerFileLocationBoot>false</AnswerFileLocationBoot>
		<SaveBothArch>false</SaveBothArch>
		<EditionPrompt>false</EditionPrompt>
		<settings pass="oobeSystem">
			<component name="Microsoft-Windows-International-Core">
				<InputLocale>007f:00000409</InputLocale>
				<SystemLocale>en-US</SystemLocale>
				<UILanguage>en-US</UILanguage>
				<UILanguageFallback>en-US</UILanguageFallback>
				<UserLocale>en-US</UserLocale>
			</component>
			<component name="Microsoft-Windows-Shell-Setup">
				<OOBE>
					<HideEULAPage>true</HideEULAPage>
					<HideLocalAccountScreen>true</HideLocalAccountScreen>
					<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
					<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
					<NetworkLocation>Home</NetworkLocation>
					<ProtectYourPC>3</ProtectYourPC>
					<SkipMachineOOBE>false</SkipMachineOOBE>
					<SkipUserOOBE>true</SkipUserOOBE>
				</OOBE>
				<UserAccounts>
					<AdministratorPassword>
						<PlainText>true</PlainText>
						<Value></Value>
					</AdministratorPassword>
					<LocalAccounts>
						<LocalAccount>
							<Group>Administrators</Group>
							<Name>Administrator</Name>
							<Password>
								<PlainText>true</PlainText>
								<Value></Value>
							</Password>
						</LocalAccount>
					</LocalAccounts>
				</UserAccounts>
			</component>
		</settings>
		<settings pass="specialize">
			<component name="Microsoft-Windows-Deployment">
				<RunSynchronous>
					<RunSynchronousCommand>
						<Order>1</Order>
						<Path>net user Administrator /active:Yes</Path>
						<WillReboot>Never</WillReboot>
					</RunSynchronousCommand>
				</RunSynchronous>
			</component>
			<component name="Microsoft-Windows-Security-SPP-UX">
				<SkipAutoActivation>true</SkipAutoActivation>
			</component>
		</settings>
		<settings pass="windowsPE">
			<component name="Microsoft-Windows-Setup">
				<Diagnostics>
					<OptIn>false</OptIn>
				</Diagnostics>
				<DynamicUpdate>
					<WillShowUI>OnError</WillShowUI>
				</DynamicUpdate>
				<ImageInstall>
					<OSImage>
						<WillShowUI>OnError</WillShowUI>
						<InstallFrom>
							<MetaData>
								<Key>/IMAGE/INDEX</Key>
								<Value>6</Value>
							</MetaData>
						</InstallFrom>
					</OSImage>
				</ImageInstall>
				<UserData>
					<AcceptEula>true</AcceptEula>
					<ProductKey>
						<Key></Key>
					</ProductKey>
				</UserData>
			</component>
		</settings>
	</Unattended>
	<Tweaks>
		<Settings>
			<TweakGroup name="AutoLogger">
				<Tweak name="CloudExperienceHostOobe\Start">0</Tweak>
			</TweakGroup>
			<TweakGroup name="CrashControl">
				<Tweak name="CrashControl\AutoReboot">0</Tweak>
				<Tweak name="CrashControl\CrashDumpEnabled">0</Tweak>
			</TweakGroup>
			<TweakGroup name="DesktopTweaks">
				<Tweak name="Explorer\NoPinningStoreToTaskbar">1</Tweak>
				<Tweak name="NewStartPanel\{59031a47-3f72-44a7-89c5-5595fe6b30ee}">1</Tweak>
				<Tweak name="Desktop\IconSize">256</Tweak>
				<Tweak name="Explorer\HideSCAMeetNow">1</Tweak>
				<Tweak name="Feeds\ShellFeedsTaskbarViewMode">2</Tweak>
				<Tweak name="Explorer\DisableNotificationCenter">1</Tweak>
				<Tweak name="PushNotifications\NoCloudApplicationNotification">1</Tweak>
				<Tweak name="Start\HideRecentJumplists">1</Tweak>
				<Tweak name="Search\SearchboxTaskbarMode">2</Tweak>
				<Tweak name="Advanced\DisablePreviewDesktop">1</Tweak>
				<Tweak name="People\PeopleBand">0</Tweak>
				<Tweak name="Advanced\TaskbarGlomLevel">2</Tweak>
				<Tweak name="Advanced\MMTaskbarEnabled">1</Tweak>
				<Tweak name="Keyboard\PrintScreenKeyForSnippingEnabled">0</Tweak>
			</TweakGroup>
			<TweakGroup name="EventLogs">
				<Tweak name="Microsoft-AppV-Client\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-AppV-Client\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-AppV-Client\Virtual Applications\Enabled">0</Tweak>
				<Tweak name="Microsoft-Client-Licensing-Platform\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-User Experience Virtualization-Agent Driver\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-User Experience Virtualization-App Agent\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-User Experience Virtualization-IPC\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-User Experience Virtualization-SQM Uploader\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AAD\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-All-User-Install-Agent\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AllJoyn\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppHost\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppID\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ApplicabilityEngine\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Application Server-Applications\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Application Server-Applications\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Application-Experience\Program-Compatibility-Assistant\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Application-Experience\Program-Compatibility-Troubleshooter\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Application-Experience\Program-Inventory\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Application-Experience\Program-Telemetry\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Application-Experience\Steps-Recorder\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-ApphelpCache\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppLocker\EXE and DLL\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppLocker\MSI and Script\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppLocker\Packaged app-Deployment\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppLocker\Packaged app-Execution\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppModel-Runtime\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppReadiness\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppReadiness\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppXDeploymentServer\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppXDeploymentServer\Restricted\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppXDeployment\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AppxPackaging\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AssignedAccess\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-AssignedAccessBroker\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Audio\CaptureMonitor\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Audio\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Audio\PlaybackManager\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-Windows-Backup\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Biometrics\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-BitLocker\BitLocker Management\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-BitLocker-DrivePreparationTool\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-BitLocker-DrivePreparationTool\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Bits-Client\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Bluetooth-BthLEPrepairing\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-BranchCache\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-BranchCacheSMB\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-BackgroundTaskInfrastructure\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Regsvr32\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-CertificateServicesClient-Lifecycle-System\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-CertificateServicesClient-Lifecycle-User\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Cleanmgr\Diagnostic\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-CloudStore\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-CodeIntegrity\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Compat-Appraiser\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Containers-BindFlt\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Containers-Wcifs\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Containers-Wcnfs\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-CoreSystem-SmsRouter-Events\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-CorruptedFileRecovery-Client\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-CorruptedFileRecovery-Server\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Crypto-DPAPI\BackUpKeySvc\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Crypto-DPAPI\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Crypto-NCrypt\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DAL-Provider\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DataIntegrityScan\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DataIntegrityScan\CrashRecovery\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DateTimeControlPanel\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Deduplication\Diagnostic\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Deduplication\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Deduplication\Scrubbing\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DeviceGuard\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Devices-Background\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DeviceSetupManager\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DeviceSetupManager\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DeviceSync\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DeviceUpdateAgent\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Dhcp-Client\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Dhcpv6-Client\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnosis-DPS\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnosis-PCW\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnosis-PLA\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnosis-Scheduled\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnosis-Scripted\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnosis-Scripted\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnostics-Networking\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Diagnostics-Performance\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DiskDiagnostic\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DiskDiagnosticDataCollector\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DiskDiagnosticResolver\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DSC\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DSC\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-DucUpdateAgent\Operational\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-Windows-DxgKrnl-Admin\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-Windows-DxgKrnl-Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EapHost\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EapMethods-RasChap\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EapMethods-RasTls\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EapMethods-Sim\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EapMethods-Ttls\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EDP-Application-Learning\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EDP-Audit-Regular\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EDP-Audit-TCB\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Policy\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-EventCollector\Operational\Enabled">0</Tweak>
				<Tweak name="Channels\Setup\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Fault-Tolerant-Heap\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-FeatureConfiguration\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-FileHistory-Core\WHC\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-FileHistory-Engine\BackupLog\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-FMS\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Folder Redirection\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Forwarding\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-GenericRoaming\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-GroupPolicy\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-HelloForBusiness\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Help\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-HomeGroup Control Panel\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-HomeGroup Listener Service\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-HomeGroup Provider Service\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-HotspotAuth\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Hyper-V-Guest-Drivers\Admin\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-Windows-Hyper-V-Hypervisor-Admin\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-Windows-Hyper-V-Hypervisor-Operational\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-Windows-Hyper-V-VID-Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-IdCtrls\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-CoreApplication\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TWinUI\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-International-RegionalOptionsControlPanel\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Iphlpsvc\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-IPxlatCfg\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-KdsSvc\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-Boot\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-EventTracing\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-IO\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-LiveDump\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-PnP\Configuration\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-PnP\Driver Watchdog\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-Power\Thermal-Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-ShimEngine\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-StoreMgr\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-WDI\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-WHEA\Errors\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Kernel-WHEA\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-KeyboardFilter\Admin\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-Windows-Known Folders API Service\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-LanguagePackSetup\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-LiveId\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-MemoryDiagnostics-Results\Debug\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task\Operational\Enabled">0</Tweak>
				<Tweak name="Channels\SMSApi\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ModernDeployment-Diagnostics-Provider\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ModernDeployment-Diagnostics-Provider\Autopilot\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ModernDeployment-Diagnostics-Provider\ManagementService\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Mprddm\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-MUI\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-MUI\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NcdAutoSetup\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NCSI\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NdisImPlatform\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NetworkProfile\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NetworkProvider\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NetworkProvisioning\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NlaSvc\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Ntfs\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Ntfs\WHC\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NTLM\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-OcpUpdateAgent\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-OfflineFiles\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-OneBackup\Debug\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-OOBE-Machine-DUI\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PackageStateRoaming\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ParentalControls\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Partition\Diagnostic\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PerceptionRuntime\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PerceptionSensorDataService\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PersistentMemory-Nvdimm\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PersistentMemory-PmemDisk\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PersistentMemory-ScmBus\Certification\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PersistentMemory-ScmBus\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PowerShell\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PowerShell\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-NetworkLocationWizard\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PrintBRM\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PrintService\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Privacy-Auditing\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Program-Compatibility-Assistant\CompatAfterUpgrade\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Provisioning-Diagnostics-Provider\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Provisioning-Diagnostics-Provider\AutoPilot\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Provisioning-Diagnostics-Provider\ManagementService\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PushNotification-Platform\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-PushNotification-Platform\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ReadyBoost\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ReadyBoostDriver\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ReFS\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RemoteApp and Desktop Connections\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RemoteApp and Desktop Connections\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RemoteAssistance\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RemoteAssistance\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RemoteDesktopServices-RdpCoreTS\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RemoteDesktopServices-RdpCoreTS\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RemoteDesktopServices-SessionServices\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Resource-Exhaustion-Detector\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Resource-Exhaustion-Resolver\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RestartManager\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RetailDemo\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-RetailDemo\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-Adminless\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-Audit-Configuration-Client\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-EnterpriseData-FileRevocationManager\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-LessPrivilegedAppContainer\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-Mitigations\KernelMode\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-Mitigations\UserMode\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-Netlogon\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-SPP-UX-Notifications\ActionCenter\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Security-UserConsentVerifier\Audit\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SecurityMitigationsBroker\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SENSE\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SenseIR\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SettingSync-Azure\Debug\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SettingSync-Azure\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SettingSync-OneDrive\Debug\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SettingSync-OneDrive\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SettingSync\Debug\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SettingSync\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Authentication User Interface\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Shell-ConnectedAccountState\ActionCenter\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Shell-Core\ActionCenter\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Shell-Core\AppDefaults\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Shell-Core\LogonTasksChannel\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Shell-Core\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-ShellCommon-StartLayoutPopulation\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SmartCard-Audit\Authentication\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SmartCard-DeviceEnum\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SmartCard-TPM-VCard-Module\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SmartCard-TPM-VCard-Module\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SmbClient\Audit\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SmbClient\Connectivity\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SMBClient\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SmbClient\Security\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SMBDirect\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SMBServer\Audit\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SMBServer\Connectivity\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SMBServer\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SMBServer\Security\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SMBWitnessClient\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SMBWitnessClient\Informational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StateRepository\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StateRepository\Restricted\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Storage-Tiering\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StorageManagement\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StorageSettings\Diagnostic\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StorageSpaces-Driver\Diagnostic\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StorageSpaces-Driver\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StorageSpaces-ManagementAgent\WHC\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StorageSpaces-SpaceManager\Diagnostic\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-StorageSpaces-SpaceManager\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Storage-ClassPnP\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Store\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Storage-Storport\Health\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Storage-Storport\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Storsvc\Diagnostic\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SystemSettingsThreshold\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TaskScheduler\Maintenance\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TCPIP\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-RDPClient\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-ClientUSBDevices\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-ClientUSBDevices\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-LocalSessionManager\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-LocalSessionManager\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-PnPDevices\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-PnPDevices\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-Printers\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-Printers\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-RemoteConnectionManager\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-RemoteConnectionManager\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-ServerUSBDevices\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TerminalServices-ServerUSBDevices\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Time-Service-PTP-Provider\PTP-Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Time-Service\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Troubleshooting-Recommended\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Troubleshooting-Recommended\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TZSync\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-TZUtil\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-UAC-FileVirtualization\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-UAC\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-SearchUI\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-UniversalTelemetryClient\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-User Device Registration\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-User Profile Service\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-User Control Panel\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-User-Loader\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-UserPnp\ActionCenter\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-UserPnp\DeviceInstall\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-VDRVROOT\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-VerifyHardwareSecurity\Admin\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-Windows-VHDMP-Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Volume\Diagnostic\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-VolumeSnapshot-Driver\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-VPN-Client\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Wcmsvc\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WDAG-PolicyEvaluator-CSP\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WDAG-PolicyEvaluator-GP\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WebAuthN\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WER-PayloadHealth\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-IKE\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-VPN\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WFP\Operational\Enabled">0</Tweak>
				<Tweak name="Channels\Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Win32k\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Windows Defender\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Windows Defender\WHC\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Windows Firewall With Advanced Security\ConnectionSecurity\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Windows Firewall With Advanced Security\Firewall\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Windows Firewall With Advanced Security\FirewallDiagnostics\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WindowsBackup\ActionCenter\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WindowsSystemAssessmentTool\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WindowsUpdateClient\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WinINet-Config\ProxyConfigChanged\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Winlogon\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WinRM\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Winsock-WS2HELP\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Wired-AutoConfig\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WLAN-AutoConfig\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WMI-Activity\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WorkFolders\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WorkFolders\WHC\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-Workplace Join\Admin\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WPD-CompositeClassDriver\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WPD-MTPClassDriver\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WPD-ClassInstaller\Operational\Enabled">0</Tweak>
				<Tweak name="Microsoft-Windows-WWAN-SVC-Events\Operational\Enabled">0</Tweak>
				<Tweak name="OpenSSH\Admin\Enabled">0</Tweak>
				<Tweak name="OpenSSH\Operational\Enabled">0</Tweak>
			</TweakGroup>
			<TweakGroup name="Explorer">
				<Tweak name="Explorer\EnableAutoTray">0</Tweak>
				<Tweak name="OperationStatusManager\EnthusiastMode">1</Tweak>
				<Tweak name="Explorer\NoThumbnailCache">1</Tweak>
				<Tweak name="Explorer\ClearRecentDocsOnExit">1</Tweak>
				<Tweak name="cmd\HideBasedOnVelocityId">0</Tweak>
				<Tweak name="ControlPanel\StartupPage">1</Tweak>
				<Tweak name="ControlPanel\AllItemsIconView">1</Tweak>
				<Tweak name="Advanced\FolderContentsInfoTip">1</Tweak>
				<Tweak name="Explorer\NoTrayItemsDisplay">0</Tweak>
				<Tweak name="Advanced\HideMergeConflicts">1</Tweak>
				<Tweak name="Explorer\NoRecentDocsHistory">1</Tweak>
				<Tweak name="Advanced\SeparateProcess">1</Tweak>
				<Tweak name="Advanced\NavPaneExpandToCurrentFolder">1</Tweak>
				<Tweak name="Advanced\NavPaneShowAllFolders">1</Tweak>
				<Tweak name="Advanced\LaunchTo">1</Tweak>
				<Tweak name="Explorer\HubMode">1</Tweak>
				<Tweak name="Advanced\DontUsePowerShellOnWinX">0</Tweak>
				<Tweak name="Explorer\DisableSearchBoxSuggestions">1</Tweak>
				<Tweak name="Explorer\HideClock">0</Tweak>
				<Tweak name="Explorer\ShowDriveLettersFirst">4</Tweak>
				<Tweak name="Explorer\NoNetConnectDisconnect">0</Tweak>
				<Tweak name="Advanced\ShowInfoTip">1</Tweak>
				<Tweak name="Advanced\ShowSyncProviderNotifications">0</Tweak>
				<Tweak name="Advanced\SharingWizardOn">0</Tweak>
				<Tweak name="Advanced\HideFileExt">0</Tweak>
			</TweakGroup>
			<TweakGroup name="Network">
				<Tweak name="DNSClient\DisableSmartNameResolution">1</Tweak>
				<Tweak name="Main\Isolation64Bit">0</Tweak>
				<Tweak name="Main\Isolation">PMIL</Tweak>
				<Tweak name="Parameters\IRPStackSize">30</Tweak>
				<Tweak name="System\LocalAccountTokenFilterPolicy">1</Tweak>
				<Tweak name="NewNetworkWindowOff\NewNetworkWindowOff">1</Tweak>
				<Tweak name="Parameters\DisableBandwidthThrottling">1</Tweak>
				<Tweak name="Parameters\DisableCompression">1</Tweak>
			</TweakGroup>
			<TweakGroup name="PowerAndShutdown">
				<Tweak name="Power\HiberbootEnabled">0</Tweak>
				<Tweak name="FlyoutMenuSettings\ShowHibernateOption">1</Tweak>
				<Tweak name="FlyoutMenuSettings\ShowLockOption">1</Tweak>
				<Tweak name="FlyoutMenuSettings\ShowSleepOption">1</Tweak>
				<Tweak name="System\ShutdownWithoutLogon">1</Tweak>
			</TweakGroup>
			<TweakGroup name="Privacy">
				<Tweak name="appointments\Value">Deny</Tweak>
				<Tweak name="phoneCallHistory\Value">Deny</Tweak>
				<Tweak name="webcam\Value">Deny</Tweak>
				<Tweak name="contacts\Value">Deny</Tweak>
				<Tweak name="appDiagnostics\Value">Deny</Tweak>
				<Tweak name="documentsLibrary\Value">Deny</Tweak>
				<Tweak name="email\Value">Deny</Tweak>
				<Tweak name="broadFileSystemAccess\Value">Deny</Tweak>
				<Tweak name="chat\Value">Deny</Tweak>
				<Tweak name="microphone\Value">Deny</Tweak>
				<Tweak name="userNotificationListener\Value">Deny</Tweak>
				<Tweak name="phoneCall\Value">Deny</Tweak>
				<Tweak name="picturesLibrary\Value">Deny</Tweak>
				<Tweak name="radios\Value">Deny</Tweak>
				<Tweak name="LooselyCoupled\Value">Deny</Tweak>
				<Tweak name="userDataTasks\Value">Deny</Tweak>
				<Tweak name="userAccountInformation\Value">Deny</Tweak>
				<Tweak name="videosLibrary\Value">Deny</Tweak>
				<Tweak name="Client\OptInOrOutPreference">0</Tweak>
				<Tweak name="System\AllowExperimentation">0</Tweak>
				<Tweak name="System\AllowLocation">0</Tweak>
				<Tweak name="DataCollection\AllowTelemetry">0</Tweak>
				<Tweak name="CloudContent\DisableWindowsConsumerFeatures">1</Tweak>
				<Tweak name="features\PaidWifi">0</Tweak>
				<Tweak name="features\WiFiSenseOpen">0</Tweak>
				<Tweak name="ContentDeliveryManager\SilentInstalledAppsEnabled">0</Tweak>
				<Tweak name="System\AllowClipboardHistory">0</Tweak>
				<Tweak name="CloudContent\DisableCloudOptimizedContent">1</Tweak>
				<Tweak name="AppCompat\DisableInventory">1</Tweak>
				<Tweak name="TrainedDataStore\HarvestContacts">0</Tweak>
				<Tweak name="InputPersonalization\RestrictImplicitTextCollection">1</Tweak>
				<Tweak name="InputPersonalization\RestrictImplicitInkCollection">1</Tweak>
				<Tweak name="Windows Search\AllowCortana">0</Tweak>
				<Tweak name="Search\HistoryViewEnabled">0</Tweak>
				<Tweak name="Search\DeviceHistoryEnabled">0</Tweak>
				<Tweak name="Advanced\ShowCortanaButton">0</Tweak>
				<Tweak name="Rules\NumberOfSIUFInPeriod">0</Tweak>
				<Tweak name="SmartGlass\UserAuthPolicy">0</Tweak>
				<Tweak name="SmartGlass\BluetoothPolicy">0</Tweak>
				<Tweak name="BackgroundAccessApplications\GlobalUserDisabled">0</Tweak>
				<Tweak name="AdvertisingInfo\Enabled">0</Tweak>
				<Tweak name="Privacy\TailoredExperiencesWithDiagnosticDataEnabled">0</Tweak>
				<Tweak name="AppSettings\Skype-UserConsentAccepted">0</Tweak>
				<Tweak name="User Profile\HttpAcceptLanguageOptOut">1</Tweak>
				<Tweak name="System\EnableActivityFeed">0</Tweak>
				<Tweak name="Advanced\Start_TrackProgs">0</Tweak>
				<Tweak name="Advanced\Start_TrackDocs">0</Tweak>
				<Tweak name="ContentDeliveryManager\SystemPaneSuggestionsEnabled">0</Tweak>
				<Tweak name="InputPersonalization\AllowInputPersonalization">0</Tweak>
				<Tweak name="Settings\AcceptedPrivacyPolicy">0</Tweak>
				<Tweak name="ContentDeliveryManager\PreInstalledAppsEnabled">0</Tweak>
				<Tweak name="ContentDeliveryManager\OemPreInstalledAppsEnabled">0</Tweak>
				<Tweak name="AppCompat\DisablePCA">1</Tweak>
				<Tweak name="Windows Search\AllowCloudSearch">0</Tweak>
				<Tweak name="Search\BingSearchEnabled">0</Tweak>
				<Tweak name="TIPC\Enabled">0</Tweak>
				<Tweak name="System\EnableCdp">0</Tweak>
				<Tweak name="Shell\BagMRU Size">1</Tweak>
				<Tweak name="Explorer\ShowFrequent">0</Tweak>
				<Tweak name="ContentDeliveryManager\SubscribedContent-338393Enabled">0</Tweak>
				<Tweak name="ContentDeliveryManager\SubscribedContent-310093Enabled">0</Tweak>
				<Tweak name="Explorer\ShowRecent">0</Tweak>
				<Tweak name="UserProfileEngagement\ScoobeSystemSettingEnabled">0</Tweak>
				<Tweak name="AppHost\EnableWebContentEvaluation">0</Tweak>
				<Tweak name="Settings\InsightsEnabled">0</Tweak>
				<Tweak name="AnqpCache\OsuRegistrationStatus">0</Tweak>
				<Tweak name="FlipAhead\FPEnabled">0</Tweak>
				<Tweak name="MicrosoftEdge\PhishingFilter\Enabledv9">0</Tweak>
				<Tweak name="Internet Explorer\PhishingFilter\Enabledv9">0</Tweak>
				<Tweak name="Explorer\SmartScreenEnabled">Off</Tweak>
				<Tweak name="CloudContent\DisableWindowsSpotlightFeatures">1</Tweak>
			</TweakGroup>
			<TweakGroup name="StartTweaks">
				<Tweak name="Start\HideAppList">1</Tweak>
				<Tweak name="Start\HideFrequentlyUsedApps">1</Tweak>
				<Tweak name="Start\HideRecentlyAddedApps">1</Tweak>
				<Tweak name="Start\AllowPinnedFolderDocuments">0</Tweak>
				<Tweak name="Start\AllowPinnedFolderDownloads">0</Tweak>
				<Tweak name="Start\AllowPinnedFolderFileExplorer">1</Tweak>
				<Tweak name="Start\AllowPinnedFolderHomeGroup">0</Tweak>
				<Tweak name="Start\AllowPinnedFolderMusic">0</Tweak>
				<Tweak name="Start\AllowPinnedFolderNetwork">1</Tweak>
				<Tweak name="Start\AllowPinnedFolderPersonalFolder">0</Tweak>
				<Tweak name="Start\AllowPinnedFolderPictures">0</Tweak>
				<Tweak name="Start\AllowPinnedFolderSettings">1</Tweak>
				<Tweak name="Start\AllowPinnedFolderVideos">0</Tweak>
				<Tweak name="Start\HideUserTile">1</Tweak>
				<Tweak name="Start\HideLock">1</Tweak>
				<Tweak name="Start\HideSignOut">1</Tweak>
				<Tweak name="Start\HideSwitchAccount">1</Tweak>
			</TweakGroup>
			<TweakGroup name="System">
				<Tweak name="Activation\Manual">1</Tweak>
				<Tweak name="Appx\AllowAutomaticAppArchiving">0</Tweak>
				<Tweak name="Winlogon\RestartApps">1</Tweak>
				<Tweak name="Configuration\DisableResetbase">0</Tweak>
				<Tweak name="System\EnableFirstLogonAnimation">0</Tweak>
				<Tweak name="GraphicsDrivers\HwSchMode">2</Tweak>
				<Tweak name="System\EnableLinkedConnections">1</Tweak>
				<Tweak name="System\NoConnectedUser">3</Tweak>
				<Tweak name="OneDrive\DisableFileSyncNGSC">1</Tweak>
				<Tweak name="Memory Management\PagingFiles1">-:\pagefile.sys</Tweak>
				<Tweak name="Terminal Server\fDenyTSConnections">0</Tweak>
				<Tweak name="RDP-Tcp\UserAuthentication">0</Tweak>
				<Tweak name="ReserveManager\ShippedWithReserves">0</Tweak>
				<Tweak name="LabConfig\BypassStorageCheck">1</Tweak>
				<Tweak name="LabConfig\BypassTPMCheck">1</Tweak>
				<Tweak name="StoragePolicy\01">0</Tweak>
				<Tweak name="StoragePolicy\512">0</Tweak>
				<Tweak name="StoragePolicy\256">0</Tweak>
				<Tweak name="StoragePolicy\04">0</Tweak>
				<Tweak name="StoragePolicy\2048">0</Tweak>
				<Tweak name="Environment\TEMP">%TEMP%</Tweak>
				<Tweak name=".NETFramework\OnlyUseLatestCLR">1</Tweak>
				<Tweak name="UserGpuPreferences\DirectXUserGlobalSettings">VRROptimizeEnable=1</Tweak>
				<Tweak name="DeviceGuard\EnableVirtualizationBasedSecurity">0</Tweak>
			</TweakGroup>
			<TweakGroup name="TCPIPSettings">
				<Tweak name="parameters\DeadGWDetectDefault">0</Tweak>
				<Tweak name="parameters\DisableReverseAddressRegistrations">0</Tweak>
				<Tweak name="parameters\DisableDynamicUpdate">1</Tweak>
				<Tweak name="parameters\EnableICMPRedirect">0</Tweak>
				<Tweak name="parameters\PerformRouterDiscovery">0</Tweak>
			</TweakGroup>
			<TweakGroup name="UAC">
				<Tweak name="System\EnableLUA">0</Tweak>
				<Tweak name="System\FilterAdministratorToken">0</Tweak>
				<Tweak name="System\ConsentPromptBehaviorAdmin">1</Tweak>
				<Tweak name="System\EnableUIADesktopToggle">1</Tweak>
			</TweakGroup>
			<TweakGroup name="WindowsDefender">
				<Tweak name="State\AccountProtection_MicrosoftAccount_Disconnected">0</Tweak>
				<Tweak name="Notifications\DisableNotifications">1</Tweak>
				<Tweak name="Notifications\DisableEnhancedNotifications">1</Tweak>
				<Tweak name="Features\TamperProtection">0</Tweak>
				<Tweak name="Windows Defender\DisableAntiSpyware">1</Tweak>
			</TweakGroup>
			<TweakGroup name="WindowsUpdate">
				<Tweak name="DriverSearching\SearchOrderConfig">1</Tweak>
				<Tweak name="DeliveryOptimization\DODownloadMode">99</Tweak>
				<Tweak name="MRT\DontOfferThroughWUAU">1</Tweak>
				<Tweak name="Settings\HideMCTLink">1</Tweak>
				<Tweak name="Settings\RestartNotificationsAllowed2">0</Tweak>
				<Tweak name="AU\AUOptions">2</Tweak>
			</TweakGroup>
		</Settings>
		<Services>
			<TweakGroup name="services">
				<Tweak name="Dnscache\Dnscache">3</Tweak>
				<Tweak name="MapsBroker\MapsBroker">3</Tweak>
			</TweakGroup>
		</Services>
		<ExtraServices>
			<TweakGroup name="drivers">
				<Tweak name="cdrom\cdrom">3</Tweak>
				<Tweak name="luafv\luafv">3</Tweak>
			</TweakGroup>
		</ExtraServices>
		<ScheduledTasks></ScheduledTasks>
	</Tweaks>

Loading

NTLite cannot run Powershell scripts with Windows 10 21H2

Posted on by
Reply

Turns out Microsoft decided to not allow you to run Powershell scripts out of the box. The Execution-Policy is set to be disabled and you have to go to Powershell to run

Set-ExecutionPolicy unrestricted -force

The -force switch skips the prompt. However, this is a chick and egg problem with slipstreaming as you need to execute this first programmatically. I tried to use CMD files to do powershell -command "Set-ExecutionPolicy unrestricted -force" but it does not work and quite a few people reported ignoring execution policy with -ExecutionPolicy Bypass switch to powershell.exe does not work with NTLite either.

It’s a colossal pain in the butt. Microsoft deciding to prevent Powershell scripts from running by default broke NTLite’s powershell scripting.

I decided to take a look at registry values that can be changed and this website suggested there is one. There’s a typo on the website. It’s not in HKCU but in HKLM (his screenshots says HKLM). The correct path is changing the string value ExecutionPolicy to Unrestricted in the key HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

I cannot confirm when the registry files are loaded in NTLite. It could be too early or too late. (Looks like it’s too early to me since MDM fake enrollment registry files do not take effect and I had to use reg command script later).

So instead, I’ll do the registry change as a CMD script:

reg add "HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /t REG_SZ  /v ExecutionPolicy /d "Unrestricted" /f
RUN_ME_FIRST_Allow_PowershellScriptsToRunDownload

Set it as the first script to run, or at least it has to run before the .ps1 (powershell) script

Loading

NTLite Unattended installation will mark your machine as managed by the corporate office

Posted on by
Reply

You’ll have to fake a MDM enrollment to get rid of the warning through registry entries, but loading the registry file in NTLite won’t work since it has to be processed after the unattended installation. This can be done by adding the registry entries with batch files to be run at Post-Setup

mdm_fake_enrollmentDownload
reg add "HKLM\SOFTWARE\Microsoft\Enrollments\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v EnrollmentState /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Enrollments\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v EnrollmentType /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Enrollments\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v IsFederated /d 0 /f

reg add "HKLM\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v Flags /d 0x00d6fb7f /f
reg add "HKLM\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_SZ /v AcctUId /d "0x000000000000000000000000000000000000000000000000000000000000000000000000" /f
reg add "HKLM\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v RoamingCount /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_SZ /v SslClientCertReference /d "MY;User;0000000000000000000000000000000000000000" /f
reg add "HKLM\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_SZ /v ProtoVer /d "1.2" /f

Loading