Suggestion: Add DisableCoInstallers to Windows post-install guide

[alexmalkin]

Hi, thank you for producing this guide.

Recently when debugging a system plagued with I/O issues, I had gone to lengths to try disable Windows from auto-installing third-party software using the registry methods already outlined in the guide.

I found in several cases, particularly Razer and Alienware hardware were installing their own bloatware even with these registry edits applied. In this case of Alienware - simply plugging in their monitor would auto-install the Alienware Command Center without any permission/asking. Razer would bring up an installer setup - even when declined would go ahead and install various Razer DLL files, for simply plugging in a mouse.

It has since been discovered that some of these coinstallers (Razer in particular) are abusing sys admin privileges to bypass UAC and user consent. In addition, several security vulnerabilities have been highlighted from this, which are not addressed by MS as of time of writing.

To prevent this, I had to do the following:

1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer Add DWORD-32 value named DisableCoInstallers and set it to 1 This registry edit appears to prevent driver coinstaller bloatware from auto-running when a device is plugged in.

2. Under System properties (sysdm. cp) -> Hardware -> Device Installation Settings -> Set to No Note: This setting was off for me and Razer/Alienware would still install, so this setting is not reliable on it's own.

Sources: https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-plug-and-play-auto-installing-insecure-apps/ https://twitter.com/wdormann/status/1432703702079508480

I think it would be beneficial to add this to the guide for others, as this is becoming an increasing problem.

[djdallmann]

Thanks for the suggestion, there are downsides to making this change as other types of drivers use co-installers, audio, printing and perhaps some others. I believe the razer co-installer is only an issue if you allow automatic driver downloads, I have recommendations for disabling automatic driver installs in the post install process.

I would probably add this as optional with some reasoning why/why not.

[alexmalkin]

For me I had the Razer software installing, even with the driver install tweaks applied + rebooted.

Others seem to experience this also - it seems Razer are pulling some voodoo to get around everything. Setting DisableCoInstallers was the only thing that stopped this for me. Hence why I suggested it could be added to the section about preventing driver installs, for anyone else with this issue.

Thanks!

[djdallmann]

Thanks I'll try to recreate it, I have some razer gear I can test with.

[djdallmann]

Is it possible you've built a custom iso that has already added the drivers?

I'm unable to replicate the behavior so far with a default windows 10/11 iso, the most critical part of my process is to not connect to the internet during the install process, apply the registry keys then restart the computer and at that point you can connect to the internet.

If you're doing a windows 11 install and not using a local account setup this is probably reason since you otherwise need to establish internet to install it using your microsoft account.

You can initiate local only account setup using this process.

• Disconnect your ethernet before starting
• After the initial disk and install process completes, press shift + F10 to open a command prompt
• Go to the directory C:\Windows\System32\oobe\ then run BypassNRO.cmd
• The windows 11 process will restart and continue as you would like a Window 10 install, do not reconnect the network card.

[djdallmann]

Added in recent commit to the Post Installation steps.