Discussion: Sleep Study

Hellbovine

Hellbovine

Well-Known Member
I was researching how to disable the SleepStudy feature in Windows 10, which creates a bunch of .etl files, and runs on my computer although it has all forms of power savings disabled. I found an article by the Microsoft Defrag Tools team (link) and e-mailed them, asking how to disable it. I got a reply back (we discussed a few things), and the interesting bits are below.

1) Microsoft's policy is to avoid removing features once they are implemented, which is why each new Windows gets heavier with time.

2) To disable this feature run schtasks /change /tn "\microsoft\windows\power efficiency diagnostics\analyzesystem" /disable or go to Start > Windows Administrative Tools > Task Scheduler > expand the tree > Task Scheduler Library > Microsoft > Windows > Power Efficiency Diagnostics > right-click on the "AnalyzeSystem" trigger > disable/delete
 
Last edited:
You want to disable/delete Sleep Study's reporting task, and (optionally) stop the ETL providers supplying performance data.
Code: 
schtasks /delete /tn "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /f

wevtutil sl Microsoft-Windows-SleepStudy/Diagnostic /e:false
wevtutil sl Microsoft-Windows-Kernel-Processor-Power/Diagnostic /e:false
wevtutil sl Microsoft-Windows-UserModePowerService/Diagnostic /e:false

From NTLite, you can disable AnalyzeSystem task and by default all those ETL providers are disabled. There's a couple of more PnP Diagnostic providers, but you probably should keep them for normal error reporting.
Code: 
                <ScheduledTasks>
                        <TweakGroup name="Tree\Microsoft\Windows\Power Efficiency Diagnostics">
                                <Tweak name="AnalyzeSystem\AnalyzeSystem">remove</Tweak>
                        </TweakGroup>
                </ScheduledTasks>
 
Very dirty trick to lock sleepstudy for any user access which is found in system32 directory of w10.

Powershell -C "Write-Host 'Removing Everbody Access' -ForegroundColor Green"
icacls "%Windir%\System32\SleepStudy" /setowner "NT AUTHORITY\LOCAL SERVICE"
echo y| cacls.exe "%Windir%\System32\SleepStudy" /S:"D:pAI(D;OICI;DCLCRPCR;;;WD)(D;OICI;FA;;;AN)"
 
Last edited by a moderator:
MacVap said:
Care to share how to disable Sleep Study? I have heavily lited & tweaked Win10 with ALL scheduled tasks disabled and the little bugger still appears.
Click to expand...
Sorry, I wasn't at my desktop computer when I posted this. It looks like Garlin already addressed it, but just for completeness I updated the main post with what the Microsoft guys told me, for how to disable/delete it.
 
Last edited:
My Win10 install in a VM (the penultimate LTSC) was butchered with multiple tools (I know, a big no-no), Performance logs and alerts was taken out so I can not see/disable ETL providers in a regular way. Nevertheless, they are disabled in the registry (almost all); and ALL scheduled tasks are disabled (because of my experience in Win8.1, when deleted tasks were recreated, I just disable them running as Trusted Installer). Does that mean that Windows re-enables some of them? Possible, but I haven't caught it. :)

Anyway, this is begging for a fresh install, I just don't have the time...
 
Yeah, Windows reactivates a lot of things, it will actually change your power plan without your knowledge or consent, it reverts registry keys, and even reinstalls features. There's a ton of self-healing capabilities in Windows 10 and 11. The only real way to avoid that is to not use Windows Update and other related features after Windows has been installed.
 
Last edited:
Not with me :) M$ cant do anything on my machine without my acknowledgement .
 
You must log in or register to reply here.
Back
Top