[WinNTSetup v5.4.1]

2 hours ago, Nikolay said:

Hi, why is your msr partition 128 MB and not 16mb?

Because older Windows versions used a 128 MB MSR partition.

The default unattend and diskpart scripts should work for all OS,
but you are free to edit them or add your own.

[WinNTSetup v5.4.1]

No, <ProductKey> is not supported with WinNTSetup's direct WIM apply.

Maybe you can use FirstLogonCommands to run: slmgr /ipk M7XTQ-FN8P6-TTKYV-9D4CC-J462D

[WinNTSetup v5.4.1]

I think you can do this. The error your xml generates is very clear.

[WinNTSetup v5.4.1]

@xiaoyue it does work as expected, ignored by older Windows versions, and converted to registry by newer ones.

[WinNTSetup v5.4.1]

1 hour ago, U96 said:

Please add a dark theme to the program itself. The fact is that in Windows 8.1 or Windows LTSB there is no dark theme in the system and the program is white.

Adding dark mode for current Windows 10/11 builds, was already several month of work. I don't do this for deprecated windows versions. 

As for your mistakes:

1) It now longer loads ADK, if the current windows don't needed it.

2) Version display was removed, because some people carelessly updated and just broke supported OS versions, for no reason.

3) That's wanted, looking more current system conform.

 

Re-uploaded, you now can disable these 3 options in WinNTSetup.ini. 

[Options]
NoDownload=0
ShowEngineVersion=1
NewIcons=0

 

[WinNTSetup v5.4.1]

WinNTSetup 5.3.5.1

- fixed language file creation failed with 5.3.5
- fixed capture of mounted VMware disks
- added support for multi language WIM files

[WinNTSetup v5.4.1]

10 hours ago, Wu-Tang said:

When start create image mounted from vmware.

How to fix this to use last version?

That's because vmware mounts in the user session and WinNTSetup now uses TrustedInstaller for WIM operations.
You can get back old behavior by adding this to WinNTSetup.ini

[WimHost]
RunAsTI=0

However VMware did removed the buggy disk mapping in version 17, so maybe better to mount the VDMK with OFSMount.

This allow you to mount as physical disk and the capture won't have problems with special files like WIMBoot pointer files.

[WinNTSetup v5.4.1]

File permission are changed for MinWin by default, so Admin users have full access to the entire file system.

Profile\Options.ini --> options --> AdminAccess

 

To use modified *.inf files, drvinst.exe need to be patched.

you can remove signature check of inf files with:

WinNTSetup_x64.exe drvinstpatch

 

[WinNTSetup v5.4.1]

17 hours ago, belivakov said:

@JFX, please add an option to disable the Bitlocker in the Tweaking page, because of the new M$ policy for Windows 11 (24H2):

Just add this to your unattend.xml --> oobsystem.

    <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" language="neutral" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS">
      <PreventDeviceEncryption>true</PreventDeviceEncryption>
    </component>

 

10 hours ago, wuliyen said:

WinSxS.ini
Keep all files in the folder Manifests,
How to set up？

If you want to keep most of the WinSxS folder than delete WinSxS.ini.
Without it you black\white list WinSxS files like all other in the Remove folder.

[WinNTSetup v5.4.1]

Fixed.

[WinNTSetup v5.4.1]

That's because it is part of Windows 10/11. But old systems and WinPE are missing it.

[WinNTSetup v5.4.1]

I forgot offreg.dll again, re-uploaded.

[WinNTSetup v5.4.1]

WinNTSetup 5.3.5

- removed redudant code, WimHost options removed
- updated wimlib to version 1.14.4
- enforce modded wimlib
- HideProductKeys option defaults to 1
- minwim crash fixed
- minwim speed improved
- minwim extended log files
- fixed WinRE GUI bugs
- fixed crash installing WinXP

[WinNTSetup v5.4.1]

Tools\Win10Builds.ini

[StartAllBack for Windows 11]

Listviews group header text color is back to dark blue on dark mode. Was good with SAB 3.7.3.

[WinNTSetup v5.4.1]

@dimo70 You can't disable defender while the system is still running, it does protect it self.

[WinNTSetup v5.4.1]

No sure if you still can disable defender online.
This should work from WinPE/WinRE. Another Windows would need to run it with TrustedInstaller rights.

Defender.cmd

reg load HKLM\SOFT C:\Windows\System32\config\software
reg load HKLM\SYS C:\Windows\System32\config\system
reg import Defender.reg
reg unload HKLM\SOFT
reg unload HKLM\SYS

Defender.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=-

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="Off"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiSpywareRealtimeProtection"=dword:00000001
"DpaDisabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"=dword:00000001


[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Control\CI\Policy]
"VerifiedAndReputablePolicyState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\SecurityHealthService]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\WinDefend]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontOfferThroughWUAU"=dword:00000001

P.S: Not sure why I set SecurityHealthService to autostart, either there was a problem with disabling or it's a typo.

[WinNTSetup v5.4.1]

Glad, you got it work.  

[WinNTSetup v5.4.1]

Nope, I can recall something like this happend to me, first time trying this on some windows 10 or 11 build.

[WinNTSetup v5.4.1]

It does a bit more than just setting IFEO Debuggers.

If Tweaks_NT6_Array(#Tweaks_NT6_Disbale_Defender, 1)
        
        If *Z\Build > 10100
          ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender", "DisableAntiSpyware", 1)
          ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender", "DisableAntiVirus", 1)
          
          ORSetString(*Z\SftHive, "Microsoft\Windows\CurrentVersion\Explorer", "SmartScreenEnabled", "Off")        
          ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows\System", "EnableSmartScreen", 0)
          ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender\SmartScreen", "ConfigureAppInstallControlEnabled", 1)
          ORSetDword(*Z\SftHive, "Policies\Microsoft\Windows Defender\SmartScreen", "ConfigureAppInstallControl", 1)
          
          ORSetDword_USClasses(*Z, *Z\Usr_Classes_Hive, "Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter", "EnabledV9", 0)
          ORSetDword_US(*Z, "Software\Microsoft\Windows\CurrentVersion\AppHost", "EnableWebContentEvaluation", 0)
          
        EndIf
        
        ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", 1)
        ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DisableAntiSpywareRealtimeProtection", 1)
        
        ORSetDword(*Z\SftHive, "Microsoft\Windows Defender", "DisableAntiSpyware", 1)
        ORSetDword(*Z\SftHive, "Microsoft\Windows Defender", "DisableAntiVirus", 1)
        
        If *Z\Build > 18300
          ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Features", "TamperProtection", 0)
        EndIf
        
        If *Z\Build >= 22000
          ORSetDword(*Z\SftHive, "Microsoft\Windows Defender\Real-Time Protection", "DpaDisabled", 1)
          ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe", "Debugger", "NUL")          
          ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe", "Debugger", "NUL")
          ORSetString(*Z\SftHive, "Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe", "Debugger", "NUL")
          
          ORSetDword(*Z\SysHive, "ControlSet001\Services\SecurityHealthService", "Start", 0)
          ORDeleteValue(*Z\SftHive, "Microsoft\Windows\CurrentVersion\Run", "SecurityHealth")
          
        EndIf
        
      EndIf

 

[WinNTSetup v5.4.1]

Don't think there is a good way to remove defender. But WinNTSetup's tweak should completely disable it.

This can be reversed later, it needed.

[WinNTSetup v5.4.1]

Yes, there were some reports of this with Server 2022.
I can't reproduce it and checking if a file exist, is the most basic feature.

I could only assume something like an antivirus or filter driver that does interfere,
but it does not happen if I install Server 2022 with WinNTSetup. The new system does not show any problem.

The version display of wimlib and wimgapi will be removed, it just leads to wrong assumption and
some people start updating them manually, what only causes problems.

[WinNTSetup v5.4.1]

10 hours ago, freqout said:

This is great.  Wondering if this can be used to make the VHD bootable instead of actuing on my local boot partition, and if it can be scripted and completely automated from Powershell.

Yes, if you select a different boot drive, your local boot partition will not not be touched. 
For automation there are many command line options, see F1 - help.

[WinNTSetup v5.4.1]

That could happen if you update wimlib, the official version is no longer supported.

[WinNTSetup v5.4.1]

1 hour ago, wuliyen said:

Some files are located in the WINSXS folder when installed by default, but the MUI files exist in the Languages folder. What should I do in this case?

I would ignore them. If there is no lpq.exe in system32 than that applications is no installed and does not need a .mui file.

If it get's installed (by dism) later, it should copy the .mui, too.