unattend-generator
unattend-generator copied to clipboard
cschneegans
Windows 11 24h2
Hello and thank you for this great project. Seems like on 24h2 windows 11 some options are not work like it should. For example, section "Remove bloatware" not removing apps. Defender still persist in system even if i tick option to disable it.
Tried on win11 24h2 download from microsoft site.
Did you by any chance edit the autounattend.xml after downloading it? If so, you must make sure that the file is saved without a byte-order mark – Windows 24H2 Setup could otherwise not process the file.
The bloatware removal scripts write output and errors to three log files:
C:\Windows\Temp\remove-caps.logC:\Windows\Temp\remove-features.logC:\Windows\Temp\remove-packages.log
To inspect those files, launch an elevated PowerShell session and type this command:
Get-ChildItem -LiteralPath C:\Windows\Temp -Force -Filter remove*.log | Get-Content | ConvertFrom-Json
Disabling Windows Defender on 24H2 will fail when Windows is not installed to the C: drive, see https://github.com/cschneegans/unattend-generator/issues/29.
I also use this wonderful tool to customise 24H2 and it works perfectly fine. All bloatware gone, all customisations done. I'm not entirely sure that Defender is fully removed as I still see the icon, and the hyper-annoying SmartSreen is still active. I then use the wonderful Defender removal tool included in AnWave to actually and completely nuke Defender from orbit. It's the only tool that I have ever found that does it properly, without issue, and it's not even its primary function!
https://sourceforge.net/projects/nvidia-power-management/
You are correct to observe that the Windows Security notification icon is still there:
However, that's not a bad thing, as this also means that Windows will not complain about Defender not running. The relevant Defender services and the MsMpEng.exe process are indeed disabled:
PS C:\> Get-Service -Name Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend
Status Name DisplayName
------ ---- -----------
Stopped Sense Windows Defender Advanced Threat Pr...
Stopped WdBoot Microsoft Defender Antivirus Boot D...
Stopped WdFilter Microsoft Defender Antivirus Mini-F...
Stopped WdNisDrv Microsoft Defender Antivirus Networ...
Stopped WdNisSvc Microsoft Defender Antivirus Networ...
Stopped WinDefend Microsoft Defender Antivirus Service
PS C:\> Get-Process -Name MsMpEng
Get-Process : Cannot find a process with the name "MsMpEng". Verify the process name and call the cmdlet again.
Furthermore, I have just added a new option Disable Smart App Control for Windows 11, based on Shawn Brink's .reg files. Feel free to check it out.
You are a hero! Thank you for your hard work and effort with your generator, It's a lifesaver!
Kudos for the Smart App Control option! I am really not a fan of SmartScreen either, do you think you could add an option to remove that? It's an awful system that nobody wants as it's so intrusive and confusing.
I made my own script to remove it, as many Defender removers don't remove it, or don't remove all of it, and it comes back after a reboot or two.
It's made up of years of research by me, because I'm no coder/scripter finding out all the best settings that actually work, don't upset Windows, leaves Windows Update fully working, as well as not coming back later. Obviously, a big upgrade may bring it back, but that happens to Defender too.
Here's my .BAT file. It's amateur, but it works... You're also more intelligent than I, so don't laugh at some of the code. But these registry settings are 100%
@echo off
:: BatchGotAdmin
:-------------------------------------
REM --> Check for permissions
IF "%PROCESSOR_ARCHITECTURE%" EQU "amd64" (
>nul 2>&1 "%SYSTEMROOT%\SysWOW64\cacls.exe" "%SYSTEMROOT%\SysWOW64\config\system"
) ELSE (
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
)
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params= %*
echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params:"=""%", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:gotAdmin
pushd "%CD%"
CD /D "%~dp0"
set Policies=HKEY_LOCAL_MACHINE\SOFTWARE\Policies
echo == Disabling SmartScreen
REG ADD "%Policies%\Microsoft\Windows\System" /f /v EnableSmartScreen /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControlEnabled /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControl /t REG_SZ /d "Anywhere"
REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v Enabled /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV8 /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV9 /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /f /v 2301 /t REG_DWORD /d "3"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /f /v value /t REG_DWORD /d "0"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /f /v SmartScreenEnabled /t REG_SZ /d "Off"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /f /v EnableSmartScreen /t REG_DWORD /d "0"
echo == Disabling SmartScreen for Store and Apps
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v EnableWebContentEvaluation /t REG_DWORD /d "0"
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v PreventOverride /t REG_DWORD /d "0"
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_StoreAppsSmartScreenOff /t REG_DWORD /d "0"
REG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /f /v "EnabledV9" /t REG_DWORD /d "0"
echo == Disabling SmartScreen for Microsoft Edge
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenEnabled /t REG_DWORD /d "0"
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenPuaEnabled /t REG_DWORD /d "0"
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_EdgeSmartScreenOff /t REG_DWORD /d "0"
echo == Disabling Smart App Control
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy" /f /v VerifiedAndReputablePolicyState /t REG_DWORD /d "0"
echo == Stopping SmartScreen and Cleaning Up
takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe"
icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F
taskkill /im smartscreen.exe /f
del "%WinDir%\System32\smartscreen.exe" /s /f /q
takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.dll"
icacls "%WinDir%\System32\smartscreen.dll" /grant:r %username%:F
del "%WinDir%\System32\smartscreen.dll" /s /f /q
takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreenps.dll"
icacls "%WinDir%\System32\smartscreenps.dll" /grant:r %username%:F
del "%WinDir%\System32\smartscreenps.dll" /s /f /q
pause
Did you by any chance edit the
autounattend.xmlafter downloading it? If so, you must make sure that the file is saved without a byte-order mark – Windows 24H2 Setup could otherwise not process the file.The bloatware removal scripts write output and errors to three log files:
C:\Windows\Temp\remove-caps.logC:\Windows\Temp\remove-features.logC:\Windows\Temp\remove-packages.logTo inspect those files, launch an elevated PowerShell session and type this command:
Get-ChildItem -LiteralPath C:\Windows\Temp -Force -Filter remove*.log | Get-Content | ConvertFrom-JsonDisabling Windows Defender on 24H2 will fail when Windows is not installed to the
C:drive, see #29.
thank you in advanced for this great utility yes, you are right - there are only icon from defender, however, all apps still persists, everything other works i'm not editing *.xml neither install it on other disk
tried both 24h2 and 23h2 in hyper-v downloaded from ms site dunno why it not work, maybe some language/locale issue?
Did you by any chance edit the
autounattend.xmlafter downloading it? If so, you must make sure that the file is saved without a byte-order mark – Windows 24H2 Setup could otherwise not process the file. The bloatware removal scripts write output and errors to three log files:
C:\Windows\Temp\remove-caps.logC:\Windows\Temp\remove-features.logC:\Windows\Temp\remove-packages.logTo inspect those files, launch an elevated PowerShell session and type this command:
Get-ChildItem -LiteralPath C:\Windows\Temp -Force -Filter remove*.log | Get-Content | ConvertFrom-JsonDisabling Windows Defender on 24H2 will fail when Windows is not installed to theC:drive, see #29.thank you in advanced for this great utility yes, you are right - there are only icon from defender, however, all apps still persists, everything other works i'm not editing *.xml neither install it on other disk
tried both 24h2 and 23h2 in hyper-v downloaded from ms site dunno why it not work, maybe some language/locale issue?
Where did you get the Windows .ISO file that you are using from, and which build number is it? Also is the .ISO file altered in anyway?
Mine is 26100.1301.240725-1635.GE_RELEASE_SVC_PROD3_CLIENTMULTI_X64FRE_EN-GB.iso and I built it myself from UUPdump, and works flawlessly with the autounattend.xml file generated from here on 4 different computers.
The bloatware removal scripts write output and errors to three log files:
C:\Windows\Temp\remove-caps.logC:\Windows\Temp\remove-features.logC:\Windows\Temp\remove-packages.logTo inspect those files, launch an elevated PowerShell session and type this command:
Get-ChildItem -LiteralPath C:\Windows\Temp -Force -Filter remove*.log | Get-Content | ConvertFrom-Jsonthank you in advanced for this great utility yes, you are right - there are only icon from defender, however, all apps still persists, everything other works i'm not editing *.xml neither install it on other disk
You really need to check the log files.
I am really not a fan of SmartScreen either, do you think you could add an option to remove that? It's an awful system that nobody wants as it's so intrusive and confusing.
Compared to other Windows security settings, SmartScreen really seems to be a nightmare to configure. For example, Shawn Brink has at least four tutorials to cover this topic:
- Enable or Disable Microsoft Defender SmartScreen Check Apps and Files from Web in Windows 11
- Enable or Disable Microsoft Defender SmartScreen for Microsoft Edge in Windows 11
- Enable or Disable Microsoft Defender SmartScreen for Microsoft Store Apps in Windows 11
- Enable or Disable Microsoft Defender SmartScreen Phishing Protection Windows 11
His .reg files are usually very good, but I simply cannot guarantee they all work as intended on both Windows 10 and 11. Also, there might be interdependencies with other settings offered by my service (like Disable Windows Defender), and testing all combinations is not possible for me. Furthermore, since I use Google Chrome, I have never experienced that much problems with SmartScreen.
For the time being, I do not intend to add SmartScreen settings to my service. However, I will look into the possibility to use Group Policies with autounattend.xml files – these seem to be much more manageable than .reg files.
As far as I'm aware, there is no difference between 10 & 11. I posted the script many months ago over on My Digital Life and I've had zero issues reported, but obviously that's no guarantee. I did use Shawns work as some of the reference for my script, but it's very simplistic and does not stay disabled for long, but most of it came from manually digging through the registry and a few other sources too - A compilation of greatest hits if you will!
SmartScreen is more of an annoyance than anything. It's what is responsible, among other things, for those annoying blue dialog boxes that ask if you are sure you want to install and application or not, and the one that you have to click a link to actually run it. It's reliant on an Internet connection, as it sends a file hash to Microsoft and compares it to their own database before allowing the user to run the installation or not. It can be very slow, but it's mostly confusing for those that don't really understand that they have to click the "more info" link to actually run something that Microsoft does not have in its database...
But I totally understand your point and appreciate you looking into the group policy option.
It turned out that SmartScreen configuration is not that hard after all – https://github.com/cschneegans/unattend-generator/commit/355cad9c9d272ff20c5ce2f175a5c932b9d9bc94 consists of only 9 registry values.
This is how the SmartScreen settings page looks in Windows 11 immediately after installation with the new Disable SmartScreen in Windows and Edge setting enabled:
You are correct to observe that the Windows Security notification icon is still there:
However, that's not a bad thing, as this also means that Windows will not complain about Defender not running. The relevant Defender services and the
MsMpEng.exeprocess are indeed disabled:PS C:\> Get-Service -Name Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend Status Name DisplayName ------ ---- ----------- Stopped Sense Windows Defender Advanced Threat Pr... Stopped WdBoot Microsoft Defender Antivirus Boot D... Stopped WdFilter Microsoft Defender Antivirus Mini-F... Stopped WdNisDrv Microsoft Defender Antivirus Networ... Stopped WdNisSvc Microsoft Defender Antivirus Networ... Stopped WinDefend Microsoft Defender Antivirus Service PS C:\> Get-Process -Name MsMpEng Get-Process : Cannot find a process with the name "MsMpEng". Verify the process name and call the cmdlet again.Furthermore, I have just added a new option Disable Smart App Control for Windows 11, based on Shawn Brink's .reg files. Feel free to check it out.
Mines still running.... I selected offline account And booted with the first administrator account.... It got enabled in few minutes... after installing graphics card driver and checking for upfates
Mines still running....
What processes exactly are still running? What .iso image did you use? Also, please attach your autounattend.xml file.
Mines still running....
What processes exactly are still running? What .iso image did you use? Also, please attach your autounattend.xml file.
and
i used official iso. used a offline account on the first boot i installed graphic card driver and all directx and visualc++ files then i tried to update the windows and i noticed defiender is running..
i used official iso.
So that means Win11_23H2_English_x64v2.iso, or what?
i used official iso.
So that means
Win11_23H2_English_x64v2.iso, or what?
en-us_windows_11_consumer_editions_version_23h2_updated_sep_2024_x64_dvd_edcefbe4.iso
Its a official iso just upto date... I tried this in a vm with the same xml file.... defender services were stopped...
When i install it physically... Defender services was working...
The only way forward with Defender is a separate removal tool. I have found one that works flawlessly, but every now and then, Microsoft will re-enable Defender in an update.
I believe the best way is to remove Defender from the install media, but I have no idea how you would do that easily.
en-us_windows_11_consumer_editions_version_23h2_updated_sep_2024_x64_dvd_edcefbe4.iso
Its a official iso just upto date...
So it's not an official image then.
You need at least check if the Defender services (Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend) are already running immediately after Windows has been installed. Also check the StartType property, like so:
Get-Service -Name Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend | Format-Table -AutoSize -Property Name, Status, StartType
@cschneegans Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue? I installed the ISO from the official Microsoft website. I tried the same autounattend.xml on 23H2 and it works fine but I need it on 24H2. I am not using any special customization like bloatware gone, just creating user account and changing the time zone etc. Any help would be appreciated thank you.
@cschneegans Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue? I installed the ISO from the official Microsoft website. I tried the same autounattend.xml on 23H2 and it works fine but I need it on 24H2. I am not using any special customization like bloatware gone, just creating user account and changing the time zone etc. Any help would be appreciated thank you.
Strange, as I use 24H2 and it has always worked perfectly, and I do use it to remove many apps etc...
@cschneegans Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue? I installed the ISO from the official Microsoft website. I tried the same autounattend.xml on 23H2 and it works fine but I need it on 24H2. I am not using any special customization like bloatware gone, just creating user account and changing the time zone etc. Any help would be appreciated thank you.
Strange, as I use 24H2 and it has always worked perfectly, and I do use it to remove many apps etc...
Yes, as it can be used on 23H2 it wouldn't be the autounattend.xml issue right? So, am I using the wrong 24H2 ISO, are you able to check on your end if it works using my exact 24H2 ISO version? Or can you tell me which 24H2 ISO you are using?
@cschneegans Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue? I installed the ISO from the official Microsoft website. I tried the same autounattend.xml on 23H2 and it works fine but I need it on 24H2. I am not using any special customization like bloatware gone, just creating user account and changing the time zone etc. Any help would be appreciated thank you.
Strange, as I use 24H2 and it has always worked perfectly, and I do use it to remove many apps etc...
Yes, as it can be used on 23H2 it wouldn't be the autounattend.xml issue right? So, am I using the wrong 24H2 ISO, are you able to check on your end if it works using my exact 24H2 ISO version? Or can you tell me which 24H2 ISO you are using?
I use an image ( 26100.1876.240918-1021.GE_RELEASE_SVC_PROD3_CLIENTMULTI_X64FRE_EN-GB) generated by uupdump(DotNet), which comes from MS own servers.
As yes, I think you're correct that the file must be ok if it works with the 23H2 image.
Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue?
The autounattend.xml files generated by my service should work with any Windows 10 or Windows 11 edition and version.
Do you add the autounattend.xml into the image? If so, I strongly advise against it. Instead, use the approach described in the usage notes.
Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue?
The autounattend.xml files generated by my service should work with any Windows 10 or Windows 11 edition and version.
Do you add the autounattend.xml into the image? If so, I strongly advise against it. Instead, use the approach described in the usage notes.
I used the same method as described in the usage notes but it still does not work, are there any other solutions I can try?
I used the same method as described in the usage notes but it still does not work, are there any other solutions I can try?
Maybe there is another autounattend.xml file – which may contain only a few instructions or none at all – higher up in the search order?
Also check the setupact.log file. To do so, press Shift+F10 after Windows Setup has started. In the console window that pops up, type notepad X:\Windows\setupact.log. The file should look like this:
I used the same method as described in the usage notes but it still does not work, are there any other solutions I can try?
Maybe there is another autounattend.xml file – which may contain only a few instructions or none at all – higher up in the search order?
Also check the setupact.log file. To do so, press Shift+F10 after Windows Setup has started. In the console window that pops up, type
notepad X:\Windows\setupact.log. The file should look like this:
Hi, I used the image from what stimpy81 commented and it was able to load the initial part of the autounattend.xml, where it will select the language settings. But after when it installs finished, I will still need to manually select the region, create my own user account, etc. And I did what you asked, the setupact.log something weird as compared to yours is that the same 3 line of code you circled, I have 2 set of it, most likely it ran twice. Do you think that is the cause as to why my autoattend.xml is not working? I checked and there is no other autounattend.xml file I can find. By the way I tried to re-download the xml file and try again but it is the same result.
Your issue is really odd... I'm scratching my head trying to think what would cause this... All I can come up with is some kind of hardware instability, like bad memory or USB/SSD/HDD acting up. It's really weird, as we are using the same image, and I can install Windows without these errors, as I also set language options, 2 of them actually.
But in fairness, I'm also having an issue with the show all icons on taskbar option, where the files that control this do not get installed during installation. I'm wondering if the new setup in 24H2 is bugged, or somehow sensitive to hardware.
Would you mind sharing the tech specs of your computer?
Your issue is really odd... I'm scratching my head trying to think what would cause this... All I can come up with is some kind of hardware instability, like bad memory or USB/SSD/HDD acting up. It's really weird, as we are using the same image, and I can install Windows without these errors, as I also set language options, 2 of them actually.
But in fairness, I'm also having an issue with the show all icons on taskbar option, where the files that control this do not get installed during installation. I'm wondering if the new setup in 24H2 is bugged, or somehow sensitive to hardware.
Would you mind sharing the tech specs of your computer?
I highly doubt it is the hardware instability as I tried back on 23H2 multiple times, and it works perfectly well. I am thinking whether if the autounattend.xml generated might not be compatible for 24H2. The autounattend.xml most likely stopped at the settings pass "oobeSystem". Not sure where I can check where it stopped exactly, because for the setup portion it works.
Not sure if you guys can see but this is the autounattend.xml I generated with the settings I want, I am hoping if you guys can check if there are any abnormalities in it.
Not sure if you guys can see but this is the autounattend.xml I generated with the settings I want, I am hoping if you guys can check if there are any abnormalities in it.
This file looks perfectly fine. You should show us your setupact.log file. You can copy the file to a thumb drive during Windows Setup, but a simple photo taken with your phone will also suffice.