Pillendreher
commented
4 years ago Same here. I removed basically everything, but just stumbled upon Edge in the start menu.
Closed espanafly closed 3 years ago
Pillendreher
commented
4 years ago Same here. I removed basically everything, but just stumbled upon Edge in the start menu.
Moe1369
commented
4 years ago So any news on this? Is this expected? Kinda looks like a dealbreaker to me.
espanafly
commented
4 years ago So any news on this? Is this expected? Kinda looks like a dealbreaker to me. No news. I agree that losing this super safe System app de-bloating solution would really suck. However, this project still offers a nicely consolidated package of many juicy optimization features. I'm hoping that, besides this project, there are other IT corporate types that use the "non-provisioning of system apps" as a tool to manage their OS roll-outs. If enough of them start complaining then maybe Microsoft relents and goes back to respecting the de-provisioning approach (ideal solution). Two positive notes: (1) Worst case, defender, at least, seems to remain leashed. l I haven't confirmed with wireshark, but AFAIK, the "re-provisioned" defender is just a useless shell that doesn't use any resources. And even if it somehow 'woke-up,' it's still locked down by the other optimize-offline applied registry changes. (2) If you don't update, then you are safe from System App poisoning. This may not be everyone's ideal solution, but it buys us some time till we hear what @DrEmpiricism comes up with as a solution or work-around.
espanafly
commented
4 years ago I have safely applied the kb4571744 update to 20H1 and 20H2 respectively increasing their build numbers to 19041.488 and 19042.488.
The solution involves setting all the permissions to "deny" for all the entries in the TrustedInstaller owned key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications I used Sordum's PowerRun to deny permissions for all the default entries. Once you deny permissions, you can safely update.
Since the solution involves using a third-party application, the details are posted on MyDigitalLife You'll have to login to read it unfortunately.
espanafly
commented
4 years ago mid-September 2020 Update I can report that the issue is not consistent. I have tested a mix of VM machines and real hardware 20H1 19041.388 20H2 19042.450 The H1 VM and real hardware has shown the issue with hotfixes KB4566782, KB4571744 and KB4571756. The H2 VM hasn't had a problem so far with with KB4571744 or KB4571756
There is now an open source script available that locks down the reg key to prevent forced installation of unwanted System Applications posted at the MyDigitalLife forum. The script is 99.9% the work of someone who is a member of that forum so that's why the script is posted there.
KedarWolf
commented
4 years ago Use W10UI to install the CU's and all new updates. It does NOT install any removed packages. I updated last two CU's and all other updates, see below. They are only what I kept with Optimize Offline even after installing the CU's.
https://forums.mydigitallife.net/threads/windows-10-hotfix-repository.57050/
Go to the version of Windows you have in the links to get ALL the updates you need as well.
PS D:\> Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
DisplayName PackageName
----------- -----------
Microsoft.549981C3F5F10 Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe
Microsoft.DesktopAppInstaller Microsoft.DesktopAppInstaller_2019.1019.1.0_neutral_~_8wekyb3d8bbwe
Microsoft.HEIFImageExtension Microsoft.HEIFImageExtension_1.0.31572.0_x64__8wekyb3d8bbwe
Microsoft.MicrosoftEdge.Stable Microsoft.MicrosoftEdge.Stable_85.0.564.51_neutral__8wekyb3d8bbwe
Microsoft.StorePurchaseApp Microsoft.StorePurchaseApp_12009.1001.113.0_neutral_~_8wekyb3d8bbwe
Microsoft.VCLibs.140.00 Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe
Microsoft.VP9VideoExtensions Microsoft.VP9VideoExtensions_1.0.31471.0_x64__8wekyb3d8bbwe
Microsoft.WebMediaExtensions Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe
Microsoft.WebpImageExtension Microsoft.WebpImageExtension_1.0.31251.0_x64__8wekyb3d8bbwe
Microsoft.WindowsStore Microsoft.WindowsStore_12009.1001.113.0_neutral_~_8wekyb3d8bbwe
Microsoft.Xbox.TCUI Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxApp Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxGameOverlay Microsoft.XboxGameOverlay_1.46.11001.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxGamingOverlay Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxIdentityProvider Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxSpeechToTextOverlay Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe
NVIDIACorp.NVIDIAControlPanel NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj
PS D:\> Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation
Name InstallLocation
---- ---------------
E2A4F912-2574-4A75-9BB0-0D023378592B C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy
Microsoft.AccountsControl C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy
Microsoft.AsyncTextService C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe
Microsoft.CredDialogHost C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy
Microsoft.EdgeDevtoolsPlugin C:\Windows\SystemApps\Microsoft.EdgeDevtoolsPlugin_cw5n1h2txyewy
Microsoft.Windows.Apprep.ChxApp C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy
Microsoft.Windows.AssignedAccessLockApp C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy
Microsoft.Windows.CapturePicker C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy
Microsoft.Windows.CloudExperienceHost C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy
Microsoft.Windows.NarratorQuickStart C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe
Microsoft.Windows.OOBENetworkCaptivePortal C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2...
Microsoft.Windows.OOBENetworkConnectionFlow C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h...
Microsoft.Windows.PinningConfirmationDialog C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h...
Microsoft.Windows.Search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy
Microsoft.Windows.ShellExperienceHost C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy
Microsoft.Windows.StartMenuExperienceHost C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2t...
Microsoft.XboxGameCallableUI C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy
MicrosoftWindows.Client.CBS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy
MicrosoftWindows.UndockedDevKit C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy
NcsiUwpApp C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe
windows.immersivecontrolpanel C:\Windows\ImmersiveControlPanel
Windows.PrintDialog C:\Windows\PrintDialog
Here is my W10UI.ini. My updates are in the D:\3 folder.
[W10UI-Configuration]
Target =
Repo =D:\3
DismRoot =dism.exe
Net35 =0
Net35Source =
Cleanup =1
ResetBase =1
WinRE =1
SkipEdge =1
_CabDir =D:\W10UItemp
MountDir =D:\W10UImount
WinreMount =D:\W10UImountre
wim2esd =0
ISO =0
ISODir =
Delete_Source =0
AutoStart =0
The last two cumulative updates for 20H2--19042.685 and 19042.804--proceeded without corrupting the optimized System Apps. I'm closing this issue unless the problem re-emerges or if I figure out what was happening to cause the earlier issues.
Request Please harden Optimize Offline to prevent Windows Update from provisioning for installation and installing all the default System Applications.
Describe the bug KB4566782 Cumulative Update "re-provisions" and installs System Applications designated as "removed' by this script.
Details Online application of the August Cumulative Windows Update (August 11, 2020—KB4566782 (OS Build 19041.450) adds the removed System Application entries to the registry allowing the associated applications to become fully or partially functional. To quote this projects ReadMe, System Applications Parameters description, "By removing these entries, Windows Setup does not provision them for installation." For Build 19041, this statement is true only until you perform an online cumulative update.
Additional content or data Installed System apps before and after CU shown by the PowerShell script shared by KedarWolf on the mydigitallife.net "Optimize-Offline Guide" Thread
Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocationBefore August Cumulative Update
After August Cumulative Update
Screenshots
Test of two previously removed System Applications that appeared in the Start Menu after the August Cumulative Update Microsoft Edge and Defender (Windows Security)
Fully functioning Edge
Defender (Windows Security) app opens, but is not functional. A "dummy" or "shell" app.
App history before August 2020 Cumulative Update
App history after August 2020 Cumulative Update
The silver lining is defender "shell" does not consume resources
Environment:
Log files Log files showed no errors and the initial result was as expected