JFX

WinNTSetup 5.3.5.2 - fixed crash with no source selection - removed policy for HiberbootEnabled

Yes, the second policy for HiberbootEnabled has no effect and will be removed. The first one seems to be different between windows versions.

Yes, MinWin focus on deleting files. It's unusual to delete complete folder and than want to keep it. In that case, use wildcard pattern: !\Windows\SysWOW64\WindowsPowerShell\*

It's just a problem with settings app. It properly tries to communicate with Defender and does not get any respond.

Yes, Windows 10 2015 version already uses a 16 MB partition.

Because older Windows versions used a 128 MB MSR partition. The default unattend and diskpart scripts should work for all OS, but you are free to edit them or add your own.

No, <ProductKey> is not supported with WinNTSetup's direct WIM apply. Maybe you can use FirstLogonCommands to run: slmgr /ipk M7XTQ-FN8P6-TTKYV-9D4CC-J462D

I think you can do this. The error your xml generates is very clear.

@xiaoyue it does work as expected, ignored by older Windows versions, and converted to registry by newer ones.

Adding dark mode for current Windows 10/11 builds, was already several month of work. I don't do this for deprecated windows versions. As for your mistakes: 1) It now longer loads ADK, if the current windows don't needed it. 2) Version display was removed, because some people carelessly updated and just broke supported OS versions, for no reason. 3) That's wanted, looking more current system conform. Re-uploaded, you now can disable these 3 options in WinNTSetup.ini. [Options] NoDownload=0 ShowEngineVersion=1 NewIcons=0

WinNTSetup 5.3.5.1 - fixed language file creation failed with 5.3.5 - fixed capture of mounted VMware disks - added support for multi language WIM files

That's because vmware mounts in the user session and WinNTSetup now uses TrustedInstaller for WIM operations. You can get back old behavior by adding this to WinNTSetup.ini [WimHost] RunAsTI=0 However VMware did removed the buggy disk mapping in version 17, so maybe better to mount the VDMK with OFSMount. This allow you to mount as physical disk and the capture won't have problems with special files like WIMBoot pointer files.

File permission are changed for MinWin by default, so Admin users have full access to the entire file system. Profile\Options.ini --> options --> AdminAccess To use modified *.inf files, drvinst.exe need to be patched. you can remove signature check of inf files with: WinNTSetup_x64.exe drvinstpatch

Just add this to your unattend.xml --> oobsystem. <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" language="neutral" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS"> <PreventDeviceEncryption>true</PreventDeviceEncryption> </component> If you want to keep most of the WinSxS folder than delete WinSxS.ini. Without it you black\white list WinSxS files like all other in the Remove folder.

Fixed.

That's because it is part of Windows 10/11. But old systems and WinPE are missing it.

I forgot offreg.dll again, re-uploaded.

WinNTSetup 5.3.5 - removed redudant code, WimHost options removed - updated wimlib to version 1.14.4 - enforce modded wimlib - HideProductKeys option defaults to 1 - minwim crash fixed - minwim speed improved - minwim extended log files - fixed WinRE GUI bugs - fixed crash installing WinXP

Tools\Win10Builds.ini

Listviews group header text color is back to dark blue on dark mode. Was good with SAB 3.7.3.

@dimo70 You can't disable defender while the system is still running, it does protect it self.

No sure if you still can disable defender online. This should work from WinPE/WinRE. Another Windows would need to run it with TrustedInstaller rights. Defender.cmd reg load HKLM\SOFT C:\Windows\System32\config\software reg load HKLM\SYS C:\Windows\System32\config\system reg import Defender.reg reg unload HKLM\SOFT reg unload HKLM\SYS Defender.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=- [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Explorer] "SmartScreenEnabled"="Off" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 "DisableAntiVirus"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Real-Time Protection] "DisableRealtimeMonitoring"=dword:00000001 "DisableAntiSpywareRealtimeProtection"=dword:00000001 "DpaDisabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows\System] "EnableSmartScreen"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 "DisableAntiVirus"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender\SmartScreen] "ConfigureAppInstallControlEnabled"=dword:00000001 "ConfigureAppInstallControl"=dword:00000001 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Control\CI\Policy] "VerifiedAndReputablePolicyState"=dword:00000000 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\SecurityHealthService] "Start"=dword:00000000 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\WinDefend] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT] "DontOfferThroughWUAU"=dword:00000001 P.S: Not sure why I set SecurityHealthService to autostart, either there was a problem with disabling or it's a typo.

Glad, you got it work.

Nope, I can recall something like this happend to me, first time trying this on some windows 10 or 11 build.

It does a bit more than just setting IFEO Debuggers. If Tweaks_NT6_Array(#Tweaks_NT6_Disbale_Defender, 1) If *Z\Build > 10100 ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender", "DisableAntiSpyware", 1) ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender", "DisableAntiVirus", 1) ORSetString(*Z\SftHive, "Microsoft\Windows\CurrentVersion\Explorer", "SmartScreenEnabled", "Off") ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows\System", "EnableSmartScreen", 0) ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender\SmartScreen", "ConfigureAppInstallControlEnabled", 1) ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender\SmartScreen", "ConfigureAppInstallControl", 1) ORSetDword_USClasses(*Z, *Z\Usr_Classes_Hive, "Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter", "EnabledV9", 0) ORSetDword_US(*Z, "Software\Microsoft\Windows\CurrentVersion\AppHost", "EnableWebContentEvaluation", 0) EndIf ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", 1) ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DisableAntiSpywareRealtimeProtection", 1) ORSetDword(*Z\SftHive, "Microsoft\Windows Defender", "DisableAntiSpyware", 1) ORSetDword(*Z\SftHive, "Microsoft\Windows Defender", "DisableAntiVirus", 1) If *Z\Build > 18300 ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Features", "TamperProtection", 0) EndIf If *Z\Build >= 22000 ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DpaDisabled", 1) ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe", "Debugger", "NUL") ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe", "Debugger", "NUL") ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe", "Debugger", "NUL") ORSetDword(*Z\SysHive, "ControlSet001\Services\SecurityHealthService", "Start", 0) ORDeleteValue(*Z\SftHive, "Microsoft\Windows\CurrentVersion\Run", "SecurityHealth") EndIf EndIf