My favorite trick is to install with English (World) language to avoid auto-install of all sorts of crap. Windows Store won't work in this mode, but it's just a matter of reverting to your preferred language after first boot.
Edit: in my experience, changing the language to something else immediately after install is done still adds the crapware automatically. I think I needed to reboot once or twice for whatever post-install service Windows runs to no longer get executed.
> My favorite trick is to install with English (World) language to avoid auto-install of all sorts of crap.
Edit: This sounded neat so I tried it. I just loaded up a physical box from a 24H2 ISO on a thumb drive (booted from Ventoy with no special options loaded to bypass the Microsoft Account requirement).
I got an oddball "Something went wrong" / "You can try again, or skip for now" / "OOBEREGION" window with a silly and wholly inappropriate for a corporate-targeted OSA depiction of a dropped ice cream cone (pink flavor, by the look of it). I've definitely never seen this one before.
I clicked "Skip" and then it proceeded thru the OOBE as I'd expect, including demanding an Internet connection.
I added "BypassNRO" to the registry, rebooted, and completed the OOBE with a local account (seeing the same silly ice cream cone again).
Once I got into Windows I found the Start menu looked a little emptier than normal. Memory usage seems a little lower than I'd expect. The running process list is still ridiculously long.
I connected the Ethernet to a network with Internet access and didn't see a huge change.
The Store app doesn't work. It returns "Sorry about that!" / "Something went wrong...".
The Co-Pilot pinned shortcut returns a blue modal error dialog in the Windows 8 style saying "Search Support" / "Something happened on our end ... 0x87E10BC6".
Installing this way definitely did something. I'm just not sure exactly what. It'll be interesting to see what happens when the machine updates. I already see it loading drivers and doing device detects.
Update on this machine: After applying all pending updates to-date it has remained clean and runs about 2.7GB memory used at the desktop with nothing foreground open. While that offends my sensibilities in the general sense (remembering running Linux w/ X and Netscape in 8MB of RAM, or Windows XP in 128MB) that doesn't seem bad for what it is.
For all of Windows faults, one thing I love about it is that (with persistence and skill) you can usually bang and hammer it into whatever shape you need it to be. Someone got XP running on a 486 using only a handful of MB memory recently.
Yep, mostly thanks to enterprise. There's a group policy for just about anything you could ever imagine you'd want Windows to do (or not do).
Granted, a lot of it isn't super discoverable, or exposed to the user in a pretty GUI (it mostly lives deep within the registry, a good chunk undocumented), but it truly is a general purpose OS in every sense of the word.
Unlike most here I actually like and enjoy using Windows (doubly so with WSLv2 and the new windows terminal), although I'll admit since WSL I pretty much use Windows as if it were another Linux distro. But over the years I've come to learn a lot of the ins and outs of what it can do.
That said, if Microsoft continues down this MS account, consumer hostile behavior even more it's going to be time for me to say my goodbyes to windows.
Windows, just like any other operating system, has its set of contrivances for different functions (in this case automated installation). Having used RedHat Kickstart I don't see it as hugely different.
I assume this is being posted/upvoted in terms of “workaround for Microsoft Account requirement”. I actually mostly like Windows, but that particular thing they're pushing is more infuriating than any other, and there have been lots of others.
See the page's description for “Allow Windows 11 to be installed without internet connection”:
> This effectively runs the oobe\BypassNRO.cmd command, which was discovered by Reddit user AveYo. You still have to click the I don't have internet button during Windows Setup.
> Only check this option if your computer really does not have internet access. If you just want to create local (“offline”) user accounts in Windows 11, you can always do so in the _User accounts_ section of this form.
They've disabled the ability to finish Windows installation without having an internet connection and connecting your Microsoft account.
> According to a Windows Insider blog post announcing Preview build 26200.5516 (KB5054687) the bypassnro.cmd script has been removed in order to "enhance security and user experience of Windows 11."
> "This change ensures that all users exit setup with internet connectivity and a Microsoft Account."
lol.
Never been a better time to jump ship to Linux, honestly. I held out for ages because I was a princess and wanted everything to be perfect. I used Linux 24x7 as an admin and developer, but from afar and never locally as my daily driver. Finally bit the bullet July '23 and it has been nothing but smooth sailing.
Since i‘ve been doing this sort of thing for many years here are some basic rules:
- Get LTSC (W10) or IoT/Enterprise (W11) images to begin with
- Get https://www.ntlite.com/ .. you won‘t find any other tool which does a better job at removing packages, adding drivers, etc. Worth every penny with great support.
- Use GroupPolicies to configure your system. Take the time and download them for Office, Edge, Chrome, Firefox and update those that come with Windows.
- Integrate drivers not only for the base image but also in the recovery and setup image.
- Install a firewall (binisoft is fine)
- Use NextDNS
- If you don’t mind the security implications: Disable Defender, SmartScreen, BootGuard and VBS (use bcdedit)
- Disable Microcode loading (delete the DLL)
- Disable Spectre/Meltdown mitigations
- If you need Office: Use the LTSC version
Most third party tools are outdated or do stupid stuff which isn’t needed. You can silence Windows with the right GroupPolicies quite easy.
No one should follow those suggestions. They’re wholly unnecessary and plain bad security practices. You make yourself/users significantly more vulnerable with these suggestions for no gain.
Exactly what is this trying to achieve? Running a third party tool to modify the OS, disabling security features, using "downloaded" group policies (what policies?), and sending all your DNS traffic to a third party (when on PC it's possible to just modify the etc/hosts file) -- these aren't exactly the best security practices. The only reasonable suggestion is the IoT Windows version.
Agreed with the "what does this achieve". In Corporate environments you would use SCCM or simply the Windows ADK plus WDS.
Installing a custom Firewall and Antivirus ist straight counteproductive, as ist disabling security features... obvisouly.
Downloading and installing group policies however is often required and a typical enterprise scenario.
Whenever I hear people praise these kind of things I know they don't really have any professional knowledge. It's fine to configure your own system, but suggesting these things SHOULD be done pisses me off to no end.
Doing things for many years doesnt mean you are experienced. Half the stuff you recommend would land straight in the bin of any person who truly has some idea of security, not speaking of true professionals.
> Always show file extensions; Use classic context (right-click) menu; Show End task command in the taskbar; Hide search box; Do not show Bing results when searching; Enable long paths; Prevent Windows Update from rebooting your computer; ...
I'd definitely love a .reg file generator website like this one, to apply some of these settings after the fact!
This talks about unattended installs yada yada. I go to CostCo, I buy a Windows 11 laptop, I turn it on. Does this xml file help me with this? I've done the "no internet" trick before, but does that still work?
We need one of these for .debs.
The answer files are easy to generate after installing once but it would be better to have an HTML ui that catered for every annoying .deb that can't think up sensible defaults for itself.
For Debian it's trivial to do so. `debconf-set-selections` is your friend, if you want something for unattended installations you can embed that into `live-boot` or into FAI.
So have I, having failed to manage installing Win 11 without a MS account in the end. Actually I only wanted to complete a dual-boot Win 10/11 setup without having to haphazardly install Win 11 on top later, not actually use Win 11.
Unattend has been part of windows setup for way longer than a decade.
The current form of it was introduced in Vista.
The same concept existed before, but I know less about how it worked back then.
Even without unattend, something I think people don't realize is that you can install windows on the command line. Diskpart to partition, dism /apply-image to extract files, then bcdboot to install the bootloader.
I've used unattend.xml to put C:\Users on a hard drive, leaving the rest on a SSD, so I don't need to think about what files go where. Documentation specifically warns against doing it that way, but I ran Windows 7 and 10 that way for over 12 years with precisely 0 issues with it.
Now I run Linux with / on a hard drive and /usr on SSD.
Normally on Linux you'd put /home on a different drive/partition, which I do mainly for upgrade purposes (I upgrade my root filesystem to a new distro/distro version and then mount my home dir on the fresh install)
My favorite trick is to install with English (World) language to avoid auto-install of all sorts of crap. Windows Store won't work in this mode, but it's just a matter of reverting to your preferred language after first boot.
https://www.reddit.com/r/Windows11/comments/15gk07n/english_...
Edit: in my experience, changing the language to something else immediately after install is done still adds the crapware automatically. I think I needed to reboot once or twice for whatever post-install service Windows runs to no longer get executed.
> My favorite trick is to install with English (World) language to avoid auto-install of all sorts of crap.
Edit: This sounded neat so I tried it. I just loaded up a physical box from a 24H2 ISO on a thumb drive (booted from Ventoy with no special options loaded to bypass the Microsoft Account requirement).
I got an oddball "Something went wrong" / "You can try again, or skip for now" / "OOBEREGION" window with a silly and wholly inappropriate for a corporate-targeted OSA depiction of a dropped ice cream cone (pink flavor, by the look of it). I've definitely never seen this one before.
I clicked "Skip" and then it proceeded thru the OOBE as I'd expect, including demanding an Internet connection.
I added "BypassNRO" to the registry, rebooted, and completed the OOBE with a local account (seeing the same silly ice cream cone again).
Once I got into Windows I found the Start menu looked a little emptier than normal. Memory usage seems a little lower than I'd expect. The running process list is still ridiculously long.
I connected the Ethernet to a network with Internet access and didn't see a huge change.
The Store app doesn't work. It returns "Sorry about that!" / "Something went wrong...".
The Co-Pilot pinned shortcut returns a blue modal error dialog in the Windows 8 style saying "Search Support" / "Something happened on our end ... 0x87E10BC6".
Installing this way definitely did something. I'm just not sure exactly what. It'll be interesting to see what happens when the machine updates. I already see it loading drivers and doing device detects.
Screenshots and step-by-step of the process also here: https://www.wired.com/story/how-to-clean-install-windows-11
Update on this machine: After applying all pending updates to-date it has remained clean and runs about 2.7GB memory used at the desktop with nothing foreground open. While that offends my sensibilities in the general sense (remembering running Linux w/ X and Netscape in 8MB of RAM, or Windows XP in 128MB) that doesn't seem bad for what it is.
For all of Windows faults, one thing I love about it is that (with persistence and skill) you can usually bang and hammer it into whatever shape you need it to be. Someone got XP running on a 486 using only a handful of MB memory recently.
Yep, mostly thanks to enterprise. There's a group policy for just about anything you could ever imagine you'd want Windows to do (or not do).
Granted, a lot of it isn't super discoverable, or exposed to the user in a pretty GUI (it mostly lives deep within the registry, a good chunk undocumented), but it truly is a general purpose OS in every sense of the word.
Unlike most here I actually like and enjoy using Windows (doubly so with WSLv2 and the new windows terminal), although I'll admit since WSL I pretty much use Windows as if it were another Linux distro. But over the years I've come to learn a lot of the ins and outs of what it can do.
That said, if Microsoft continues down this MS account, consumer hostile behavior even more it's going to be time for me to say my goodbyes to windows.
The millions of registry options are not for joke, I guess
The level of workarounds that windows requires never cease to amaze me.
My favorite is that even Microsoft themselves maintain MIT licensed debloat scripts of their own software.
https://github.com/microsoft/windows-dev-box-setup-scripts/b...
I really gotta ask Microsoft about that beer they owe me :)
1 reply →
This is the best joke I have seen in a while.
Workarounds to what?
Windows, just like any other operating system, has its set of contrivances for different functions (in this case automated installation). Having used RedHat Kickstart I don't see it as hugely different.
Workarounds on Linux systems are necessary for possible hardware compatibility issues or bugs which are not intentional.
Workarounds for commercial OSes are necessary to avoid user-hostile behaviors that are completely intentional and likely to get worse over time.
I just stick to qubes, thanks but nothanks. To treat every OS as hostile seems to be the sane solution these days.
3 replies →
I assume this is being posted/upvoted in terms of “workaround for Microsoft Account requirement”. I actually mostly like Windows, but that particular thing they're pushing is more infuriating than any other, and there have been lots of others.
See the page's description for “Allow Windows 11 to be installed without internet connection”:
> This effectively runs the oobe\BypassNRO.cmd command, which was discovered by Reddit user AveYo. You still have to click the I don't have internet button during Windows Setup.
> Only check this option if your computer really does not have internet access. If you just want to create local (“offline”) user accounts in Windows 11, you can always do so in the _User accounts_ section of this form.
8 replies →
have you tried installing win11 and creating an account without internet access?
After their most recent shenanigans, the writing is on the wall, the nails are in the coffin - https://www.pcgamer.com/software/operating-systems/microsoft...
They've disabled the ability to finish Windows installation without having an internet connection and connecting your Microsoft account.
> According to a Windows Insider blog post announcing Preview build 26200.5516 (KB5054687) the bypassnro.cmd script has been removed in order to "enhance security and user experience of Windows 11."
> "This change ensures that all users exit setup with internet connectivity and a Microsoft Account."
lol.
Never been a better time to jump ship to Linux, honestly. I held out for ages because I was a princess and wanted everything to be perfect. I used Linux 24x7 as an admin and developer, but from afar and never locally as my daily driver. Finally bit the bullet July '23 and it has been nothing but smooth sailing.
9 replies →
it's not just windows. every OS has "secret" options that a power user can use if only they knew about them.
Definitely. I have a script I run on new Macs to turn on/off various features, mostly using "defaults write".
1 reply →
Yeah, but it's a breeze compared to making GNOME usable; hamburger menus everywhere!!11!
Wait is there a way to turn those back into regular menu bars?
6 replies →
Since i‘ve been doing this sort of thing for many years here are some basic rules: - Get LTSC (W10) or IoT/Enterprise (W11) images to begin with - Get https://www.ntlite.com/ .. you won‘t find any other tool which does a better job at removing packages, adding drivers, etc. Worth every penny with great support. - Use GroupPolicies to configure your system. Take the time and download them for Office, Edge, Chrome, Firefox and update those that come with Windows. - Integrate drivers not only for the base image but also in the recovery and setup image. - Install a firewall (binisoft is fine) - Use NextDNS - If you don’t mind the security implications: Disable Defender, SmartScreen, BootGuard and VBS (use bcdedit) - Disable Microcode loading (delete the DLL) - Disable Spectre/Meltdown mitigations - If you need Office: Use the LTSC version
Most third party tools are outdated or do stupid stuff which isn’t needed. You can silence Windows with the right GroupPolicies quite easy.
No one should follow those suggestions. They’re wholly unnecessary and plain bad security practices. You make yourself/users significantly more vulnerable with these suggestions for no gain.
Exactly what is this trying to achieve? Running a third party tool to modify the OS, disabling security features, using "downloaded" group policies (what policies?), and sending all your DNS traffic to a third party (when on PC it's possible to just modify the etc/hosts file) -- these aren't exactly the best security practices. The only reasonable suggestion is the IoT Windows version.
Agreed with the "what does this achieve". In Corporate environments you would use SCCM or simply the Windows ADK plus WDS.
Installing a custom Firewall and Antivirus ist straight counteproductive, as ist disabling security features... obvisouly.
Downloading and installing group policies however is often required and a typical enterprise scenario.
Whenever I hear people praise these kind of things I know they don't really have any professional knowledge. It's fine to configure your own system, but suggesting these things SHOULD be done pisses me off to no end.
Disable all antivirsus capabilities, microcode and spectre/meltdown mitigations...
Can't believe NSO group is here doing some weird psyop. Very funny.
Doing things for many years doesnt mean you are experienced. Half the stuff you recommend would land straight in the bin of any person who truly has some idea of security, not speaking of true professionals.
> Always show file extensions; Use classic context (right-click) menu; Show End task command in the taskbar; Hide search box; Do not show Bing results when searching; Enable long paths; Prevent Windows Update from rebooting your computer; ...
I'd definitely love a .reg file generator website like this one, to apply some of these settings after the fact!
Check WinAero tweaker. I don't remember it creating a .reg file but it can export & import the tweaks you've applied.
This talks about unattended installs yada yada. I go to CostCo, I buy a Windows 11 laptop, I turn it on. Does this xml file help me with this? I've done the "no internet" trick before, but does that still work?
Hmm, no way to turn off the sticky keys shortcuts and similar; I hit those by accident _constantly_ on new machines.
You could achieve this with the “Run Custom Scripts” option and the appropriate Registry values:
See here for more a much more detailed example: https://github.com/dreikanter/win-tweaks/blob/master/complet...
I recently used this generator to deploy a fleet of Windows 11 Enterprise virtual machines in VMWare Workstation. Very nice.
We need one of these for .debs. The answer files are easy to generate after installing once but it would be better to have an HTML ui that catered for every annoying .deb that can't think up sensible defaults for itself.
For Debian it's trivial to do so. `debconf-set-selections` is your friend, if you want something for unattended installations you can embed that into `live-boot` or into FAI.
[1] https://manpages.debian.org/testing/debconf/debconf-set-sele...
I love the option for "Use a solid color background:" is Windows 95 background color. I love that color.
I could have definitely used this a few weeks ago! Very nice.
So have I, having failed to manage installing Win 11 without a MS account in the end. Actually I only wanted to complete a dual-boot Win 10/11 setup without having to haphazardly install Win 11 on top later, not actually use Win 11.
I could have used it a decade ago!
Now could someone please fix the BCD store mess?
Unattend has been part of windows setup for way longer than a decade.
The current form of it was introduced in Vista.
The same concept existed before, but I know less about how it worked back then.
Even without unattend, something I think people don't realize is that you can install windows on the command line. Diskpart to partition, dism /apply-image to extract files, then bcdboot to install the bootloader.
I've used unattend.xml to put C:\Users on a hard drive, leaving the rest on a SSD, so I don't need to think about what files go where. Documentation specifically warns against doing it that way, but I ran Windows 7 and 10 that way for over 12 years with precisely 0 issues with it.
Now I run Linux with / on a hard drive and /usr on SSD.
Normally on Linux you'd put /home on a different drive/partition, which I do mainly for upgrade purposes (I upgrade my root filesystem to a new distro/distro version and then mount my home dir on the fresh install)
GP's just returning to the Unix style, though they typically had /usr on NAS (which is why some things were in /bin instead of /usr/bin, for example.)
Does anyone know if it’s possible to disable autopilot/mdm with this?
could you please add enterprise iot versions? it looks great :)
Or you know, use the Windows ADK and do it like a pro. Sigh... This is a completely useless tool...
[dead]