AvinashReddy3108
commented
1 week ago Notes for maintainer:
- Squash merge
Open AvinashReddy3108 opened 1 week ago
AvinashReddy3108
commented
1 week ago Notes for maintainer:
cschneegans
commented
1 week ago That looks very interesting, thanks! I will review this tomorrow.
AvinashReddy3108
commented
1 week ago That looks very interesting, thanks! I will review this tomorrow.
Converting this PR to draft, as it does not work me (will need to check the unattend logs) In theory (and searching on the internet), it should work.. but for some weird reason it does not..
Will need some more eyes on this..
AvinashReddy3108
commented
1 week ago I'm yet to do a fresh install in a VM to check logs but this seems to be the cause..
https://www.reddit.com/r/SCCM/comments/1g0pkp7/comment/lrdeb5s
Yes it's the UserChoice Protection Driver – UCPD driver more info
I ran into the same problem. Following the steps to disable it and a reboot,will make the keys writable again
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UCPD" -Name “Start” -Value 4 -PropertyType DWORD -Force
Disable-ScheduledTask -TaskName "\Microsoft\Windows\AppxDeploymentClient\UCPD velocity"I think the protection is there for a reason, removing it can cause other problems. Set the setting with a gpo policy.
AvinashReddy3108
commented
1 week ago And, as it turns out.. I was right..
autounattend.xml file (from public web UI)<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&Locale=en-US&Keyboard=00000409&GeoLocation=244&ProcessorArchitecture=amd64&BypassRequirementsCheck=true&BypassNetworkCheck=true&ComputerNameMode=Random&CompactOsMode=Default&TimeZoneMode=Implicit&PartitionMode=Interactive&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AccountName0=admin&AccountPassword0=admin&AccountGroup0=Administrators&AccountName1=user&AccountPassword1=password&AccountGroup1=Users&AccountName2=&AccountName3=&AccountName4=&AutoLogonMode=Own&PasswordExpirationMode=Unlimited&LockoutMode=Default&HideFiles=Hidden&TaskbarSearch=Box&ShowFileExtensions=true&LaunchToThisPC=true&DisableSystemRestore=true&EnableLongPaths=true&AllowPowerShellScripts=true&DisableLastAccess=true&PreventAutomaticReboot=true&DisableAppSuggestions=true&PreventDeviceEncryption=true&HideEdgeFre=true&MakeEdgeUninstallable=true&WifiMode=Skip&ExpressSettings=DisableAll&KeysMode=Skip&ColorMode=Default&WallpaperMode=Default&RemoveNotepadClassic=true&RemovePowerShellISE=true&RemoveWindowsMediaPlayer=true&StartTilesMode=Default&StartPinsMode=Empty&DefaultUserScript0=Windows+Registry+Editor+Version+5.00%0D%0A%0D%0A%5BHKEY_USERS%5CDefaultUser%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CExplorer%5CAdvanced%5D%0D%0A%22TaskbarDa%22%3Ddword%3A00000000&DefaultUserScriptType0=Reg&DefaultUserScript1=reg.exe+add+%22HKU%5CDefaultUser%5CSoftware%5CMicrosoft%5CWindows%5CCurrentVersion%5CExplorer%5CAdvanced%22+%2Fv+%22TaskbarDa%22+%2Ft+REG_DWORD+%2Fd+0+%2Ff&DefaultUserScriptType1=Cmd&DefaultUserScript2=Set-ItemProperty+-LiteralPath+%27Registry%3A%3AHKU%5CDefaultUser%5CSoftware%5CMicrosoft%5CWindows%5CCurrentVersion%5CExplorer%5CAdvanced%27+-Name+%27TaskbarDa%27+-Type+%27DWord%27+-Value+0&DefaultUserScriptType2=Ps1&RestartExplorer=true&WdacMode=Skip-->
<settings pass="offlineServicing"></settings>
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UserData>
<ProductKey>
<Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key>
</ProductKey>
<AcceptEula>true</AcceptEula>
</UserData>
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="generalize"></settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>powershell.exe -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); $sb = [scriptblock]::Create( $xml.unattend.Extensions.ExtractScript ); Invoke-Command -ScriptBlock $sb -ArgumentList $xml;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\Specialize.ps1' -Raw | Invoke-Expression;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>4</Order>
<Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\DefaultUser.ps1' -Raw | Invoke-Expression;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>5</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="auditSystem"></settings>
<settings pass="auditUser"></settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Name>admin</Name>
<Group>Administrators</Group>
<Password>
<Value>admin</Value>
<PlainText>true</PlainText>
</Password>
</LocalAccount>
<LocalAccount wcm:action="add">
<Name>user</Name>
<Group>Users</Group>
<Password>
<Value>password</Value>
<PlainText>true</PlainText>
</Password>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Username>admin</Username>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Password>
<Value>admin</Value>
<PlainText>true</PlainText>
</Password>
</AutoLogon>
<OOBE>
<ProtectYourPC>3</ProtectYourPC>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<HideOnlineAccountScreens>false</HideOnlineAccountScreens>
</OOBE>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\FirstLogon.ps1' -Raw | Invoke-Expression;"</CommandLine>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<Extensions xmlns="https://schneegans.de/windows/unattend-generator/">
<ExtractScript>
param(
[xml] $Document
);
$scriptsDir = 'C:\Windows\Setup\Scripts\';
foreach( $file in $Document.unattend.Extensions.File ) {
$path = [System.Environment]::ExpandEnvironmentVariables(
$file.GetAttribute( 'path' )
);
if( $path.StartsWith( $scriptsDir ) ) {
mkdir -Path $scriptsDir -ErrorAction 'SilentlyContinue';
}
$encoding = switch( [System.IO.Path]::GetExtension( $path ) ) {
{ $_ -in '.ps1', '.xml' } { [System.Text.Encoding]::UTF8; }
{ $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new( $false, $true ); }
default { [System.Text.Encoding]::Default; }
};
[System.IO.File]::WriteAllBytes( $path, ( $encoding.GetPreamble() + $encoding.GetBytes( $file.InnerText.Trim() ) ) );
}
</ExtractScript>
<File path="C:\Windows\Temp\remove-caps.ps1">
$selectors = @(
'Microsoft.Windows.Notepad';
'Microsoft.Windows.Notepad.System';
'Microsoft.Windows.PowerShell.ISE';
'Media.WindowsMediaPlayer';
);
$getCommand = {
Get-WindowsCapability -Online | Where-Object -Property 'State' -NotIn -Value @(
'NotPresent';
'Removed';
);
};
$filterCommand = {
($_.Name -split '~')[0] -eq $selector;
};
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-WindowsCapability -Online -ErrorAction 'Continue';
}
};
$type = 'Capability';
$logfile = 'C:\Windows\Temp\remove-caps.log';
& {
$installed = & $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | & $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *>&1 >> $logfile;
</File>
<File path="C:\Windows\Setup\Scripts\MoveActiveHours.vbs">
HKLM = &H80000002
key = "SOFTWARE\Microsoft\WindowsUpdate\UX\Settings"
Set reg = GetObject("winmgmts://./root/default:StdRegProv")
current = Hour(Now)
reg.SetDWORDValue HKLM, key, "ActiveHoursStart", ( current + 23 ) Mod 24
reg.SetDWORDValue HKLM, key, "ActiveHoursEnd", ( current + 11 ) Mod 24
reg.SetDWORDValue HKLM, key, "SmartActiveHoursState", 2
</File>
<File path="C:\Windows\Setup\Scripts\MoveActiveHours.xml">
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<Triggers>
<BootTrigger>
<Repetition>
<Interval>PT4H</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<Enabled>true</Enabled>
</BootTrigger>
<RegistrationTrigger>
<Repetition>
<Interval>PT4H</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-19</UserId>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\System32\wscript.exe</Command>
<Arguments>C:\Windows\Setup\Scripts\MoveActiveHours.vbs</Arguments>
</Exec>
</Actions>
</Task>
</File>
<File path="C:\Windows\Setup\Scripts\MakeEdgeUninstallable.ps1">
$ErrorActionPreference = 'Stop';
& {
try {
$params = @{
LiteralPath = 'C:\Windows\System32\IntegratedServicesRegionPolicySet.json';
Encoding = 'Utf8';
};
$o = Get-Content @params | ConvertFrom-Json;
$o.policies | ForEach-Object -Process {
if( $_.guid -eq '{1bca278a-5d11-4acf-ad2f-f9ab6d7f93a6}' ) {
$_.defaultState = 'enabled';
}
};
$o | ConvertTo-Json -Depth 9 | Out-File @params;
} catch {
$_;
}
} *>&1 >> 'C:\Windows\Setup\Scripts\MakeEdgeUninstallable.log';
</File>
<File path="C:\Windows\Setup\Scripts\SetStartPins.ps1">
$json = '{"pinnedList":[]}';
if( [System.Environment]::OSVersion.Version.Build -lt 20000 ) {
return;
}
$key = 'Registry::HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start';
New-Item -Path $key -ItemType 'Directory' -ErrorAction 'SilentlyContinue';
Set-ItemProperty -LiteralPath $key -Name 'ConfigureStartPins' -Value $json -Type 'String';
</File>
<File path="C:\Windows\Setup\Scripts\unattend-01.reg">
Windows Registry Editor Version 5.00
[HKEY_USERS\DefaultUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarDa"=dword:00000000
</File>
<File path="C:\Windows\Setup\Scripts\unattend-02.cmd">
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f
</File>
<File path="C:\Windows\Setup\Scripts\unattend-03.ps1">
Set-ItemProperty -LiteralPath 'Registry::HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'TaskbarDa' -Type 'DWord' -Value 0
</File>
<File path="C:\Windows\Setup\Scripts\Specialize.ps1">
$scripts = @(
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f;
};
{
Get-Content -LiteralPath 'C:\Windows\Temp\remove-caps.ps1' -Raw | Invoke-Expression;
};
{
net.exe accounts /maxpwage:UNLIMITED;
};
{
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v LongPathsEnabled /t REG_DWORD /d 1 /f
};
{
Set-ExecutionPolicy -Scope 'LocalMachine' -ExecutionPolicy 'RemoteSigned' -Force;
};
{
fsutil.exe behavior set disableLastAccess 1;
};
{
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 4 /f;
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f;
};
{
Register-ScheduledTask -TaskName 'MoveActiveHours' -Xml $( Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\MoveActiveHours.xml' -Raw );
};
{
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v HideFirstRunExperience /t REG_DWORD /d 1 /f;
};
{
Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\MakeEdgeUninstallable.ps1' -Raw | Invoke-Expression;
};
{
Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\SetStartPins.ps1' -Raw | Invoke-Expression;
};
);
& {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Activity 'Running scripts to customize your Windows installation. Do not close this window.' -PercentComplete $complete;
& $script;
$complete += $increment;
}
} *>&1 >> "C:\Windows\Setup\Scripts\Specialize.log";
</File>
<File path="C:\Windows\Setup\Scripts\UserOnce.ps1">
$scripts = @(
{
Set-ItemProperty -LiteralPath 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'LaunchTo' -Type 'DWord' -Value 1;
};
{
Get-Process -Name 'explorer' -ErrorAction 'SilentlyContinue' | Where-Object -FilterScript {
$_.SessionId -eq ( Get-Process -Id $PID ).SessionId;
} | Stop-Process -Force;
};
);
& {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Activity 'Running scripts to configure this user account. Do not close this window.' -PercentComplete $complete;
& $script;
$complete += $increment;
}
} *>&1 >> "$env:TEMP\UserOnce.log";
</File>
<File path="C:\Windows\Setup\Scripts\DefaultUser.ps1">
$scripts = @(
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f;
};
{
$names = @(
'ContentDeliveryAllowed';
'FeatureManagementEnabled';
'OEMPreInstalledAppsEnabled';
'PreInstalledAppsEnabled';
'PreInstalledAppsEverEnabled';
'SilentInstalledAppsEnabled';
'SoftLandingEnabled';
'SubscribedContentEnabled';
'SubscribedContent-310093Enabled';
'SubscribedContent-338387Enabled';
'SubscribedContent-338388Enabled';
'SubscribedContent-338389Enabled';
'SubscribedContent-338393Enabled';
'SubscribedContent-353698Enabled';
'SystemPaneSuggestionsEnabled';
);
foreach( $name in $names ) {
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v $name /t REG_DWORD /d 0 /f;
}
};
{
reg.exe import "C:\Windows\Setup\Scripts\unattend-01.reg";
};
{
C:\Windows\Setup\Scripts\unattend-02.cmd;
};
{
Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\unattend-03.ps1' -Raw | Invoke-Expression;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "UnattendedSetup" /t REG_SZ /d "powershell.exe -NoProfile -Command \""Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\UserOnce.ps1' -Raw | Invoke-Expression;\""" /f;
};
);
& {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Activity 'Running scripts to modify the default user’’s registry hive. Do not close this window.' -PercentComplete $complete;
& $script;
$complete += $increment;
}
} *>&1 >> "C:\Windows\Setup\Scripts\DefaultUser.log";
</File>
<File path="C:\Windows\Setup\Scripts\FirstLogon.ps1">
$scripts = @(
{
Set-ItemProperty -LiteralPath 'Registry::HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'AutoLogonCount' -Type 'DWord' -Force -Value 0;
};
{
Disable-ComputerRestore -Drive 'C:\';
};
{
cmd.exe /c "rmdir C:\Windows.old";
};
);
& {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Activity 'Running scripts to finalize your Windows installation. Do not close this window.' -PercentComplete $complete;
& $script;
$complete += $increment;
}
} *>&1 >> "C:\Windows\Setup\Scripts\FirstLogon.log";
</File>
</Extensions>
</unattend>C:\Windows\Setup\Scripts\DefaultUser.logThe operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
reg.exe : ERROR: Not all data was successfully written to the registry.
At line:29 char:3
+ reg.exe import "C:\Windows\Setup\Scripts\unattend-01.reg";
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (ERROR: Not all ...o the registry.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Some keys are open by the system or other processes, or you have insufficient privileges to perform this
operation.
C:\Windows\System32\oobe>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f
C:\Windows\Setup\Scripts\unattend-02.cmd : ERROR: Access is denied.
At line:32 char:3
+ C:\Windows\Setup\Scripts\unattend-02.cmd;
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (ERROR: Access is denied.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Set-ItemProperty : Attempted to perform an unauthorized operation.
At line:1 char:1
+ Set-ItemProperty -LiteralPath 'Registry::HKU\DefaultUser\Software\Mic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (TaskbarDa:String) [Set-ItemProperty], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
The operation completed successfully.
A hacky workaround is to have a temporary copy of powershell.exe and use that to bypass UCPD.
Hammerfest
commented
1 week ago Interestingly enough, I rewrote a powershell script into the following because I was running into issues with UCPD, but ended up just doing policy level blocks because its too finicky and Microsoft can flip the table at any point: EDIT: I hate the code blocks here...
CHOICE.zip See the .ps1 in the zip... so dumb github still cant parse/comment/properly display powershell
EDIT: I realize it may not help this request, but who knows, maybe it is useful somehow
This prevents the "Some settings are managed by your administrator" banner in the Settings page for Taskbar customization, while still being able to disable the Widgets.
Additionally, this also lets users enable it later by simply flipping the toggle in the Settings instead of digging into the registry stuff.
In short, it flips the "Widgets" toggle in Taskbar settings off instead of locking it behind a policy.