Registry update fails.

[johnhc]

I brought over a .reg file from my XP x64 install that turns off the daily scan in Windows Defender. It does not run in my W7 install. I tried running the file on my installed system and got an error message saying unable to update Registry. Using regedit also fails. There must be some protection for this key/value preventing the update. Is there any way for me to circumvent this behavior? Thanks, John.

[RickSteele]

RegFiles.rar

Take a gander through the files in this attached RegFiles.rar. Windows Defender can be disabled two ways; in your answer file and through Group Policy registry entries-search in the GroupPolicyRegistry.reg file for that. The wim_reg_paths.txt provides a legend for converting the .reg to mergeable files in an installed Win 7 (64-bit). The cmd file will slipstream all of the reg files as they are in this package into your wim. I turn off all animations, UAC, Windows Defender etc. You must modify all of the paths in the cmd file to suit yours-all the files are fully customizable-comment out any registry entries you don't like. I placed so many pauses in the cmd because I like to see how each step progresses. After loading the wim registry run regedit to view the wim registry in HKLM\WIM_xxxxx. I got the inspiration and headsup for this from here:

http://www.wincert.n...dows-7-toolkit/

If you try to modify the Windows Defender HKLM file you will get an access violation on at least one entry. Further, WinXP is a different format. The entries in my GroupPolicyRegistry.reg file will turn it off without error. Download the latest Win 7 WAIK kit-<1gb-and install, then, take the time to learn how to create a truly comprehensive answer file. It is very easy, straight forward. You can disable almost anything from installing, along with any companion services-all fully reversible should the need arise in Programs and Features.

Edited October 11, 2010 by RickSteele

[johnhc]

RegFiles.rar

Take a gander through the files in this attached RegFiles.rar. Windows Defender can be disabled two ways; in your answer file and through Group Policy registry entries-search in the GroupPolicyRegistry.reg file for that. The wim_reg_paths.txt provides a legend for converting the .reg to mergeable files in an installed Win 7 (64-bit); for 32-bit eliminate all the WOW6432NODE entries. The cmd file will slipstream all of the reg files as they are in this package into your wim. I turn off all animations, Windows Defender etc. You must modify all of the paths in the cmd file to suit yours-all the files are fully customizable. I got the inspiration and headsup for this from here:

http://www.wincert.n...dows-7-toolkit/

If you try to modify the Windows Defender HKLM file you will get an access violation on at least one entry. Further, WinXP is a different format. The entries in my GroupPolicyRegistry.reg file will turn it off without error. Download the latest Win 7 WAIK kit-<1gb-and install, then, take the time to learn how to create a truly comprehensive answer file. It is very easy, straight forward. You can disable almost anything from installing, along with any companion services-all fully reversible should the need arise in Programs and Features.

RickSteele, thanks much. I will take a look. Enjoy, John.

[johnhc]

RickSteele, thanks much. I will take a look. Enjoy, John.

RickSteele, I have taken a look and it actually looks fairly straight forward. I did not know that Registry changes could be slipstreamed. I have a question, probably need to ask many, but in your batch file an import looks like:

reg.exe import ""D:\DISM_Folders\DISM_Temp\GroupPolicyRegistry.reg"

Why the double quotes at the beginning of the file path/name? I have been doing my builds (DISM etc) under XP x64. I assume it is OK to do this. Thanks, John.

[RickSteele]

RickSteele, thanks much. I will take a look. Enjoy, John.

RickSteele, I have taken a look and it actually looks fairly straight forward. I did not know that Registry changes could be slipstreamed. I have a question, probably need to ask many, but in your batch file an import looks like:

reg.exe import ""D:\DISM_Folders\DISM_Temp\GroupPolicyRegistry.reg"

Why the double quotes at the beginning of the file path/name? I have been doing my builds (DISM etc) under XP x64. I assume it is OK to do this. Thanks, John.

I cannot for the life of me remember why I left the double quotes in, but, you will experience no concerns with or without the double quotes-I have tried it both ways. I, also, cannot give you a reason why they are there in the first place-old age maybe....LOL. One thing I cannot stress enough is the power of the Windows 7 answer file; that xml can do anything you want with the OS. It really is worth it to spend the time.....; M$ has made it so easy using WAIK.

I slipstream and run IE 9 exclusively now so cull the IE 9 entries if you are into IE 8 (there are not many); I use this also: http://solor.wtf.la./Windows.7/

Edited October 12, 2010 by RickSteele

[johnhc]

I cannot for the life of me remember why I left the double quotes in, but, you will experience no concerns with or without the double quotes-I have tried it both ways. I, also, cannot give you a reason why they are there in the first place-old age maybe....LOL. One thing I cannot stress enough is the power of the Windows 7 answer file; that xml can do anything you want with the OS. It really is worth it to spend the time.....; M$ has made it so easy using WAIK.

I slipstream and run IE 9 exclusively now so cull the IE 9 entries if you are into IE 8 (there are not many); I use this also: http://solor.wtf.la./Windows.7/

RickSteele, thanks again. I do use WAIK and have for some time, have an fairly thorough AutoUnattend.xml and have started injecting IE9. I did not use my IE8 tweaks, but customized IE9 and Exported the keys I needed. I Import them on subsequent installs and all seems to be working fine. What I would really like is a way to inject (integrate) SP1. I know RT7Lite will do it but I am beginning to wonder it it has gone dormant. I see only questions (including mine) but no answers lately. I tried to PM bensam56, but his Inbox is full. I would like to know how he injects SP1. Please let us all know if you have an idea. I am not particularly interested in the so called Reverse Integration methods that use Sysprep. I have never used Sysprep since I am a home user not a company support person. Thanks, John.

[RickSteele]

I cannot for the life of me remember why I left the double quotes in, but, you will experience no concerns with or without the double quotes-I have tried it both ways. I, also, cannot give you a reason why they are there in the first place-old age maybe....LOL. One thing I cannot stress enough is the power of the Windows 7 answer file; that xml can do anything you want with the OS. It really is worth it to spend the time.....; M$ has made it so easy using WAIK.

I slipstream and run IE 9 exclusively now so cull the IE 9 entries if you are into IE 8 (there are not many); I use this also: http://solor.wtf.la./Windows.7/

RickSteele, thanks again. I do use WAIK and have for some time, have an fairly thorough AutoUnattend.xml and have started injecting IE9. I did not use my IE8 tweaks, but customized IE9 and Exported the keys I needed. I Import them on subsequent installs and all seems to be working fine. What I would really like is a way to inject (integrate) SP1. I know RT7Lite will do it but I am beginning to wonder it it has gone dormant. I see only questions (including mine) but no answers lately. I tried to PM bensam56, but his Inbox is full. I would like to know how he injects SP1. Please let us all know if you have an idea. I am not particularly interested in the so called Reverse Integration methods that use Sysprep. I have never used Sysprep since I am a home user not a company support person. Thanks, John.

Glad I could be of some assistance.

I installed an unmodified Win7(x64), applied all the customizations from the GUI, then, Group Policy, afterwhich I exported all the reg entries I required giving preference to those in HKLM to make the settings default. I, then, merged the files and did several trial installs realtime from USB stick to test the results, adding or removing as necessary to achieve optimal. If you load your wim with DISM, show hidden files first, then, load, then open up Windows Explorer and navigate to your wim mount folder, Windows Update must be renamed manually here after the reg file with that tweak has been merged in a previous session. Also, you can take ownership of and delete that which you do not like, or add some files you want in the wim so that all installs without having to worry about doing it from First Logon etc. I remove all except the default windows/Aero Resources/Themes/Wallpapers and add my custom Themes folder to the Default user folder this way, as an example-works really well; my themes only install; one less thing to worry about...LOL

SP1 is superseded by SoLor's pack; seriously, it is really good-http://forums.mydigitallife.info/threads/19461-Windows-Hotfix-repository is his forum. I have been using it since George King quit his endeavour and SoLor took up the torch-many months now without any issues. It slipstreams using DISM without a problem-I have saved all the cabs which I use with DISM. Many times SoLor has come up with unpublished update/hotfixes that are either included in the following M$ update cycle or published as an out of band standalone soon afterwards.

M$ has gone out of their way to ensure nobody can easily integrate SP1; I do not have an answer for that one and agree with you on both Reverse integration and Sysprep-which, as far as I'm concerned, is a whole lot of grief and work for nothing; not to mention it is severely impacted. I'm a home user too; probably much like yourself-to sum it up-a power user.

Edited October 12, 2010 by RickSteele

[johnhc]

RickSteele, I must be missing something very fundamental here. I tried a very slimmed down version of your RegHive.cmd, but I can get only 'System cannot access the file' errors on the Reg Load command. I run RegHive.cmd in a Command Prompt with Administrator privileges (UAC is at the lowest level) and have tried using TakeOwn and icacls to get as high a permission as possible. I had not used the Load and Unload parameters of the Reg command before, so I did some searching. All I find says the file to load from must be a .hiv file type. I hope you can help me. Here is the failing command:

reg.exe load HKEY_LOCAL_MACHINE\WIM_Software "E:\Mount\Windows\System32\config\SOFTWARE"

My image is mounted and I can browse to the file. I can't, however, open it with RegEdit (Disk or file system error). The image was mounted (using DISM) on my XP x64 system and I am trying to run the RegHive.cmd on my W7 Ult x64 system. Thanks for your time. Enjoy, John.

[RickSteele]

RickSteele, I must be missing something very fundamental here. I tried a very slimmed down version of your RegHive.cmd, but I can get only 'System cannot access the file' errors on the Reg Load command. I run RegHive.cmd in a Command Prompt with Administrator privileges (UAC is at the lowest level) and have tried using TakeOwn and icacls to get as high a permission as possible. I had not used the Load and Unload parameters of the Reg command before, so I did some searching. All I find says the file to load from must be a .hiv file type. I hope you can help me. Here is the failing command:

reg.exe load HKEY_LOCAL_MACHINE\WIM_Software "E:\Mount\Windows\System32\config\SOFTWARE"

My image is mounted and I can browse to the file. I can't, however, open it with RegEdit (Disk or file system error). The image was mounted (using DISM) on my XP x64 system and I am trying to run the RegHive.cmd on my W7 Ult x64 system. Thanks for your time. Enjoy, John.

To my knowledge you can only mount the wim and load the wim hives from the native OS on the native OS. You must mount the wim and run the cmd on your Win 7 system only; you will find the wim hive under "HKEY_LOCAL_MACHINE\WIM_Software" in regedit-refer to the WIMRegHivesMounted.7z for some screen captures illustrating what I stated. That is the only way I have used the cmd files.

Hope this clarifies it a little for ya'

WIMHivesMounted.7z

Check out this post:

http://www.ryanvm.net/forum/viewtopic.php?t=8616

....may be a workaround.

Edited October 13, 2010 by RickSteele

[johnhc]

To my knowledge you can only mount the wim and load the wim hives from the native OS on the native OS. You must mount the wim and run the cmd on your Win 7 system only; you will find the wim hive under "HKEY_LOCAL_MACHINE\WIM_Software" in regedit-refer to the WIMRegHivesMounted.7z for some screen captures illustrating what I stated. That is the only way I have used the cmd files.

Hope this clarifies it a little for ya'

WIMHivesMounted.7z

Check out this post:

http://www.ryanvm.net/forum/viewtopic.php?t=8616

....may be a workaround.

OK! Thanks again, RickSteele. I DLed and installed WAIK on my W7 machine. The first time I tried to run your scaled down RegHive.cmd file the Reg Unload got an 'Access is denied' error. I then ran it again (no Load) and included the TakeOwn and icacls commands and the Unload worked. The WIM_Software key is no longer in my Registry. I assume my image now contains my change. I will test the image on my VM later. Thanks and enjoy, John.

[RickSteele]

To my knowledge you can only mount the wim and load the wim hives from the native OS on the native OS. You must mount the wim and run the cmd on your Win 7 system only; you will find the wim hive under "HKEY_LOCAL_MACHINE\WIM_Software" in regedit-refer to the WIMRegHivesMounted.7z for some screen captures illustrating what I stated. That is the only way I have used the cmd files.

Hope this clarifies it a little for ya'

WIMHivesMounted.7z

Check out this post:

http://www.ryanvm.ne...opic.php?t=8616

....may be a workaround.

OK! Thanks again, RickSteele. I DLed and installed WAIK on my W7 machine. The first time I tried to run your scaled down RegHive.cmd file the Reg Unload got an 'Access is denied' error. I then ran it again (no Load) and included the TakeOwn and icacls commands and the Unload worked. The WIM_Software key is no longer in my Registry. I assume my image now contains my change. I will test the image on my VM later. Thanks and enjoy, John.

Yes, if you saved the changes before dismount you should be good to go-assuming you got no access errors merging the reg file containing your customizations. The access denied when loading/unloading is troublesome; I never get that error then. Something is keeping your files locked. I would work on finding out what that is because none of the other commands should be necessary; I have never, ever had to use anything else but the load/unload entries.

Glad to see things starting to go your way.

[johnhc]

Yes, if you saved the changes before dismount you should be good to go-assuming you got no access errors merging the reg file containing your customizations. The access denied when loading/unloading is troublesome; I never get that error then. Something is keeping your files locked. I would work on finding out what that is because none of the other commands should be necessary; I have never, ever had to use anything else but the load/unload entries.

Glad to see things starting to go your way.

RickSteele, since I could Load but not Unload the hive, I assume I had read permission, but not write to the mounted image. Thanks, John.

[johnhc]

RickSteele, I am getting a better understanding of all this as I get some experience, but I must still have a fundamental misconception. I only want to stop Windows Defender from automatically scanning on some schedule. In XP I run a .reg file:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
"ScheduleDay"=dword:00000008

I tried the same key and value with SOFTWARE changed to WIM-SOFTWARE (and loading the hive) but, was not allowed to set this key. So, I changed to the Policies key as:

[HKEY_LOCAL_MACHINE\WIM_Software\Policies\Microsoft\Windows Defender\Scan]
"ScheduleDay"=dword:00000008

I was allowed to change this and indeed on my installed system, I see the \Software\policies key set, but the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan key does not have the ScheduleDay value set. In Windows Defender-Options the Automatically Scan box is still check but I cannot say that the scans will actually happen. Can you give me some guidance here? How do I simply stop the automatic scans? Thanks, John.

[RickSteele]

RickSteele, I am getting a better understanding of all this as I get some experience, but I must still have a fundamental misconception. I only want to stop Windows Defender from automatically scanning on some schedule. In XP I run a .reg file:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
"ScheduleDay"=dword:00000008

I tried the same key and value with SOFTWARE changed to WIM-SOFTWARE (and loading the hive) but, was not allowed to set this key. So, I changed to the Policies key as:

[HKEY_LOCAL_MACHINE\WIM_Software\Policies\Microsoft\Windows Defender\Scan]
"ScheduleDay"=dword:00000008

I was allowed to change this and indeed on my installed system, I see the \Software\policies key set, but the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan key does not have the ScheduleDay value set. In Windows Defender-Options the Automatically Scan box is still check but I cannot say that the scans will actually happen. Can you give me some guidance here? How do I simply stop the automatic scans? Thanks, John.

I completely disable Windows Defender from running at all both in my answer and reg files. I have no scheduling key at all, actually all my Windows Defender keys are empty as a result. So, like the Action center entries, even though the box is checked, scheduling is turned off. You will find the same thing occurs with Action Center settings; all of the messages are turned off and if you open Action Center from the control panel it shows in settings "not monitored", yet, the check boxes remain checked. I fought and searched with this for a week and was able to come up with no cure for the boxes checked-to my knowledge no way around that. However, the targetted service is actually turned off. I confirmed this in the event logs. Also, don't forget to disable it in Task Scheduler. I'm still working on a way to import my exported tasks (xml files) using the answer file, but, have been unsuccessful so far. one last thing, don't forget this setting is entered in WOW6432 as well if memory serves.

Sorry I cannot be of more help.

[johnhc]

I completely disable Windows Defender from running at all both in my answer and reg files. I have no scheduling key at all, actually all my Windows Defender keys are empty as a result. So, like the Action center entries, even though the box is checked, scheduling is turned off. You will find the same thing occurs with Action Center settings; all of the messages are turned off and if you open Action Center from the control panel it shows in settings "not monitored", yet, the check boxes remain checked. I fought and searched with this for a week and was able to come up with no cure for the boxes checked-to my knowledge no way around that. However, the targetted service is actually turned off. I confirmed this in the event logs. Also, don't forget to disable it in Task Scheduler. I'm still working on a way to import my exported tasks (xml files) using the answer file, but, have been unsuccessful so far. one last thing, don't forget this setting is entered in WOW6432 as well if memory serves.

Sorry I cannot be of more help.

RickSteele, thanks, again. I will keep an eye on it. Enjoy, John.