Jump to content

JFX

Member
  • Posts

    1,247
  • Joined

  • Days Won

    6
  • Donations

    0.00 USD 

Posts posted by JFX

  1. 2 hours ago, Nikolay said:

    Hi, why is your msr partition 128 MB and not 16mb?

    Because older Windows versions used a 128 MB MSR partition.

    The default unattend and diskpart scripts should work for all OS,
    but you are free to edit them or add your own.

  2. 1 hour ago, U96 said:

    Please add a dark theme to the program itself. The fact is that in Windows 8.1 or Windows LTSB there is no dark theme in the system and the program is white.

    Adding dark mode for current Windows 10/11 builds, was already several month of work. I don't do this for deprecated windows versions. 

    As for your mistakes:

    1) It now longer loads ADK, if the current windows don't needed it.

    2) Version display was removed, because some people carelessly updated and just broke supported OS versions, for no reason.

    3) That's wanted, looking more current system conform.

     

    Re-uploaded, you now can disable these 3 options in WinNTSetup.ini. 

    [Options]
    NoDownload=0
    ShowEngineVersion=1
    NewIcons=0

     

  3. 10 hours ago, Wu-Tang said:

    When start create image mounted from vmware.

    How to fix this to use last version?

    2024-05-27_08-05-33.png

    That's because vmware mounts in the user session and WinNTSetup now uses TrustedInstaller for WIM operations.
    You can get back old behavior by adding this to WinNTSetup.ini

    [WimHost]
    RunAsTI=0

    However VMware did removed the buggy disk mapping in version 17, so maybe better to mount the VDMK with OFSMount.

    This allow you to mount as physical disk and the capture won't have problems with special files like WIMBoot pointer files.

  4. File permission are changed for MinWin by default, so Admin users have full access to the entire file system.

    Profile\Options.ini --> options --> AdminAccess

     

    To use modified *.inf files, drvinst.exe need to be patched.

    you can remove signature check of inf files with:

    WinNTSetup_x64.exe drvinstpatch

     

  5. 17 hours ago, belivakov said:

    @JFX, please add an option to disable the Bitlocker in the Tweaking page, because of the new M$ policy for Windows 11 (24H2):

    Just add this to your unattend.xml --> oobsystem.

        <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" language="neutral" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS">
          <PreventDeviceEncryption>true</PreventDeviceEncryption>
        </component>

     

    10 hours ago, wuliyen said:

    WinSxS.ini
    Keep all files in the folder Manifests,
    How to set up?

    If you want to keep most of the WinSxS folder than delete WinSxS.ini.
    Without it you black\white list WinSxS files like all other in the Remove folder.

  6. WinNTSetup 5.3.5

    - removed redudant code, WimHost options removed
    - updated wimlib to version 1.14.4
    - enforce modded wimlib
    - HideProductKeys option defaults to 1
    - minwim crash fixed
    - minwim speed improved
    - minwim extended log files
    - fixed WinRE GUI bugs
    - fixed crash installing WinXP

  7. No sure if you still can disable defender online.
    This should work from WinPE/WinRE. Another Windows would need to run it with TrustedInstaller rights.

    Defender.cmd

    reg load HKLM\SOFT C:\Windows\System32\config\software
    reg load HKLM\SYS C:\Windows\System32\config\system
    reg import Defender.reg
    reg unload HKLM\SOFT
    reg unload HKLM\SYS

    Defender.reg

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Run]
    "SecurityHealth"=-
    
    [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Explorer]
    "SmartScreenEnabled"="Off"
    
    [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000001
    "DisableAntiVirus"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Features]
    "TamperProtection"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Real-Time Protection]
    "DisableRealtimeMonitoring"=dword:00000001
    "DisableAntiSpywareRealtimeProtection"=dword:00000001
    "DpaDisabled"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
    "Debugger"="NUL"
    
    [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
    "Debugger"="NUL"
    
    [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe]
    "Debugger"="NUL"
    
    [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows\System]
    "EnableSmartScreen"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000001
    "DisableAntiVirus"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender\SmartScreen]
    "ConfigureAppInstallControlEnabled"=dword:00000001
    "ConfigureAppInstallControl"=dword:00000001
    
    
    [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Control\CI\Policy]
    "VerifiedAndReputablePolicyState"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\SecurityHealthService]
    "Start"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\WinDefend]
    "Start"=dword:00000004

    P.S: Not sure why I set SecurityHealthService to autostart, either there was a problem with disabling or it's a typo.

  8. It does a bit more than just setting IFEO Debuggers.

    If Tweaks_NT6_Array(#Tweaks_NT6_Disbale_Defender, 1)
            
            If *Z\Build > 10100
              ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender", "DisableAntiSpyware", 1)
              ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender", "DisableAntiVirus", 1)
              
              ORSetString(*Z\SftHive, "Microsoft\Windows\CurrentVersion\Explorer", "SmartScreenEnabled", "Off")        
              ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows\System", "EnableSmartScreen", 0)
              ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender\SmartScreen", "ConfigureAppInstallControlEnabled", 1)
              ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender\SmartScreen", "ConfigureAppInstallControl", 1)
              
              ORSetDword_USClasses(*Z, *Z\Usr_Classes_Hive, "Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter", "EnabledV9", 0)
              ORSetDword_US(*Z, "Software\Microsoft\Windows\CurrentVersion\AppHost", "EnableWebContentEvaluation", 0)
              
            EndIf
            
            ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", 1)
            ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DisableAntiSpywareRealtimeProtection", 1)
            
            ORSetDword(*Z\SftHive, "Microsoft\Windows Defender", "DisableAntiSpyware", 1)
            ORSetDword(*Z\SftHive, "Microsoft\Windows Defender", "DisableAntiVirus", 1)
            
            If *Z\Build > 18300
              ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Features", "TamperProtection", 0)
            EndIf
            
            If *Z\Build >= 22000
              ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DpaDisabled", 1)
              ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe", "Debugger", "NUL")          
              ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe", "Debugger", "NUL")
              ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe", "Debugger", "NUL")
              
              ORSetDword(*Z\SysHive, "ControlSet001\Services\SecurityHealthService", "Start", 0)
              ORDeleteValue(*Z\SftHive, "Microsoft\Windows\CurrentVersion\Run", "SecurityHealth")
              
            EndIf
            
          EndIf

     

  9. Yes, there were some reports of this with Server 2022.
    I can't reproduce it and checking if a file exist, is the most basic feature.

    I could only assume something like an antivirus or filter driver that does interfere,
    but it does not happen if I install Server 2022 with WinNTSetup. The new system does not show any problem.

    The version display of wimlib and wimgapi will be removed, it just leads to wrong assumption and
    some people start updating them manually, what only causes problems.

  10. 10 hours ago, freqout said:

    This is great.  Wondering if this can be used to make the VHD bootable instead of actuing on my local boot partition, and if it can be scripted and completely automated from Powershell.

    Yes, if you select a different boot drive, your local boot partition will not not be touched. 
    For automation there are many command line options, see F1 - help.

×
×
  • Create New...