Debloat-Windows-10 icon indicating copy to clipboard operation
Debloat-Windows-10 copied to clipboard

Published 20 hours ago verified publisher icon W4RH4WK

Creators Update errors

Open AscendantX opened this issue 7 years ago • 6 comments

scripts run in alphabetical order on fresh install of windows 10 x64 pro creators update, US version. did not test experimental-unfuckery.ps1

Encountered errors:

disable-windows-defender.ps1

Disabling Windows Defender Services
sp : Attempted to perform an unauthorized operation.
At C:\_\scripts\disable-windows-defender.ps1:37 char:1
+ sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "Start" 4
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (Start:String) [Set-ItemProperty], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

sp : Attempted to perform an unauthorized operation.
At C:\_\scripts\disable-windows-defender.ps1:38 char:1
+ sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "AutorunsDisab ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (AutorunsDisabled:String) [Set-ItemProperty], UnauthorizedAccessExcept
   ion
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

sp : Attempted to perform an unauthorized operation.
At C:\_\scripts\disable-windows-defender.ps1:39 char:1
+ sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "Start" 4
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (Start:String) [Set-ItemProperty], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

sp : Attempted to perform an unauthorized operation.
At C:\_\scripts\disable-windows-defender.ps1:40 char:1
+ sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "AutorunsDisabl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (AutorunsDisabled:String) [Set-ItemProperty], UnauthorizedAccessExcept
   ion
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

fix-privacy-settings.ps1

Name                           Property
----                           --------
{BFA794E4-F964-4FDB-90F6-51056
BFE4B44}
Disable submission of Windows Defender findings (w/ elevated privileges)
sp : Attempted to perform an unauthorized operation.
At C:\_\scripts\fix-privacy-settings.ps1:92 char:1
+ sp "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" "SpyNetReportin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (SpyNetReporting:String) [Set-ItemProperty], UnauthorizedAccessExcepti
   on
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

remove-onedrive.ps1

rm : Cannot remove item C:\Windows\WinSxS\amd64_microsoft-windows-settingsync-onedrive_31bf3856ad364e35_10.0.15063.0_no
ne_e0610f8e7a1c2a88\OneDriveSettingSyncProvider.dll: Access to the path 'OneDriveSettingSyncProvider.dll' is denied.
At C:\_\scripts\remove-onedrive.ps1:54 char:5
+     rm -Recurse -Force $item.FullName
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (OneDriveSettingSyncProvider.dll:FileInfo) [Remove-Item], Unauthorized
   AccessException
    + FullyQualifiedErrorId : RemoveFileSystemItemUnAuthorizedAccess,Microsoft.PowerShell.Commands.RemoveItemCommand
rm : Cannot remove item
C:\Windows\WinSxS\amd64_microsoft-windows-settingsync-onedrive_31bf3856ad364e35_10.0.15063.0_none_e0610f8e7a1c2a88:
The directory is not empty.
At C:\_\scripts\remove-onedrive.ps1:54 char:5
+     rm -Recurse -Force $item.FullName
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (C:\Windows\WinS...0610f8e7a1c2a88:DirectoryInfo) [Remove-Item], IOException
    + FullyQualifiedErrorId : RemoveFileSystemItemIOError,Microsoft.PowerShell.Commands.RemoveItemCommand

AscendantX avatar Apr 18 '17 08:04 AscendantX

Thanks for the information, as stated in the README, I'll gather issues until the creators update is live (no longer opt-in) and take a look at them afterwards.

W4RH4WK avatar Apr 18 '17 09:04 W4RH4WK

I read that in the creators update the defender's security has been hardened [1]. A special permission for Windows Resource Protection is now required. The TrustedIstaller account is part of this group and is able to write to these protected keys.

I have tested it using this tool that allows to run program as TrustedInstaller: http://winaero.com/blog/execti-run-programs-trustedinstaller/

I don't know how this could be done through powershell. Here is one topic with a solution that might work: https://serverfault.com/questions/551429/how-can-i-set-audit-controls-on-files-owned-by-trustedinstaller-using-powershell

tumpio avatar Apr 23 '17 08:04 tumpio

Thank you for that information, it will be quite valuable in future :)

W4RH4WK avatar Apr 23 '17 13:04 W4RH4WK

Is this still relevant, or can I close this now?

W4RH4WK avatar Nov 28 '18 10:11 W4RH4WK

Recently ran this, still relevant. 👍

syntaqx avatar May 14 '19 01:05 syntaqx

getting this error on 1909, any workarounds?

JeffDerk avatar Mar 07 '20 04:03 JeffDerk