Microsoft Edge Chromium Blocker Toolkit
- Thread starter Clanger
- Start date
not for me personally but i was following the comments in this thread and thought it may help.
no goddammit, i am going to stand by my find until someone tests it and says it works or it doesnt.
ms have been known to change their minds, windows 11 when they said w10 forever, shortened EOL times.
have you actually tested it yet? perhaps the reason ms got rid of it is because it does block edge reinstall and they later changed their minds.
i am standing firm until it is tested. if it dont work s--t happens and i will mark this as solved.
I have been testing for two weeks... The only exploit I can think of is CU will not overwrite a newer version of Edge installed by MSI. Now if you can fake Windows into thinking Edge was provisioned when it's not...
Nuhi asserted in this thread, removing Edge using NTLite will register DoNotUpgrade. This is not true on the current release.
I checked the mounted registry, it's not there unless you apply it. For reference, using Shep's mods.
People don't realize OOBE runs WU (to install "critical updates"), this cannot be skipped. This happens before Post-Setup.
If you're online then WU might replace IE for you. What the WinPE powercfg investigation taught me was execution order is critical to understanding why something works. Moving a command one step ahead might make a big difference.
Shep's build is most interesting. From a pre-install view, it's the most free of IE or Edge references in file structure and registry.
Deprovision regkeys are there, enough required IE legacy bits are left behind, folders are clean.
It's perfect until you run WU and install LCU. Splat.
Nuhi asserted in this thread, removing Edge using NTLite will register DoNotUpgrade. This is not true on the current release.
I checked the mounted registry, it's not there unless you apply it. For reference, using Shep's mods.
People don't realize OOBE runs WU (to install "critical updates"), this cannot be skipped. This happens before Post-Setup.
If you're online then WU might replace IE for you. What the WinPE powercfg investigation taught me was execution order is critical to understanding why something works. Moving a command one step ahead might make a big difference.
Shep's build is most interesting. From a pre-install view, it's the most free of IE or Edge references in file structure and registry.
Deprovision regkeys are there, enough required IE legacy bits are left behind, folders are clean.
It's perfect until you run WU and install LCU. Splat.
other stuff has been tried and nada, 50% chance this tool does work. everything to gain and nothing to lose has got to be worth a shot shirley?
ahhh so what if it dont work, least you can sit back and say we tried everything.
i doubt it but can edge be disabled in Features or Capabilities? that would be good enough for me.
ahhh so what if it dont work, least you can sit back and say we tried everything.
i doubt it but can edge be disabled in Features or Capabilities? that would be good enough for me.
Noob here Idk why this is important but Ive never had to deal with windows edge trying to return or reinstalling
edgeupdate 'Microsoft Edge Update'
microsoft.microsoftedge.stable 'Microsoft Edge (Chromium)'
Microsoft.MicrosoftEdge 'Microsoft Edge (Legacy)'
with just these three things removed its been gone for as long as I can remember even with updating
edgeupdate 'Microsoft Edge Update'
microsoft.microsoftedge.stable 'Microsoft Edge (Chromium)'
Microsoft.MicrosoftEdge 'Microsoft Edge (Legacy)'
with just these three things removed its been gone for as long as I can remember even with updating
Seems like the EdgeUpdate component removal removes the setting, will add it to that component as well, should solve the missing setting.
Thanks!
Yeah, if it was a bit faster, I would advise people to use Host-refresh instead of WU, whenever possible, and pull the previous preset, etc.
Will automate Remove Reinstalls at least, when it detects new Windows build, should be a tiny binary or a switch to an existing one, that just non-elevated checks for Windows version and prompts to start NTLite cleanup if changed.
What comes to mind, is to optionally keep the Settings portion of the preset backed up on the image/Windows folder, and reapply it on Remove Reinstalls?
LCU is released like a set of Russian nesting dolls. No wonder it takes forever to apply.
Unpacking KB5005565 (MSU) -> SSU 19041 (CAB) + KB5005565 (CAB) -> (SSU 19041 (CAB) + KB5005565 (CAB)) -> CAB2 (PSFX) -> amd64_microsoft-windows-edgechromium 10.0.19041.1202 (WIM) -> Edge 89.0.774.68
Edge Stable is currently 94.0.992.37
I'm going to cry myself to sleep now.
Unpacking KB5005565 (MSU) -> SSU 19041 (CAB) + KB5005565 (CAB) -> (SSU 19041 (CAB) + KB5005565 (CAB)) -> CAB2 (PSFX) -> amd64_microsoft-windows-edgechromium 10.0.19041.1202 (WIM) -> Edge 89.0.774.68
Edge Stable is currently 94.0.992.37
I'm going to cry myself to sleep now.
Indeed. Edge aside for a moment, due to this nesting is why there is an update extraction cache.
NTLite now upacks it all in advance, so integration is faster, less disk wear, especially if keeping the cache between sessions.
When we're bored (never?), we might think about recombining, replacing packages with newer (signed) versions where possible, repacking into a single archive etc.
no one has that much time, he's a talent.
crypticus
Well-Known Member
that edge toolkit only makes this change
set ProductName=Microsoft Edge (Chromium-based)
set REGBlockKey=HKLM\SOFTWARE\Microsoft\EdgeUpdate
set REGBlockValue=DoNotUpdateToEdgeWithChromium
REG ADD "\\%RemoteMachine%\%REGBlockKey%" /v %REGBlockValue% /t REG_DWORD /d 1 /f
this reg is being added with abbodi's scripts already. and don't think works rock solid
set ProductName=Microsoft Edge (Chromium-based)
set REGBlockKey=HKLM\SOFTWARE\Microsoft\EdgeUpdate
set REGBlockValue=DoNotUpdateToEdgeWithChromium
REG ADD "\\%RemoteMachine%\%REGBlockKey%" /v %REGBlockValue% /t REG_DWORD /d 1 /f
this reg is being added with abbodi's scripts already. and don't think works rock solid
Edge is no longer an update, it's part of a cumulative update, so that tweak or not, all the same.
If it's returned, that means a cumulative update was installed. As stated earlier in the topic, it is done automatically at the end of setup if it's not the latest version of the OS or disconnected from the net.
Run Remove Reinstalls and it will be gone.
Will soon automate remove reinstalls to prompt if newer Windows build is detected than the configured one.
If it's returned, that means a cumulative update was installed. As stated earlier in the topic, it is done automatically at the end of setup if it's not the latest version of the OS or disconnected from the net.
Run Remove Reinstalls and it will be gone.
Will soon automate remove reinstalls to prompt if newer Windows build is detected than the configured one.
More strange details.
When Edge 94 (MSI) is installed, LCU will not overwrite with 89. Edge 94 is removable from Apps, but EdgeUpdater is locked.
I suspect Windows team has an agreement to never ship a newer Edge to preserve compatibility for IT pros. This way Edge is expected on every machine, but EdgeUpdater can be blocked by GPO and IT can deploy a specific MSI version to replace it.
Blind copying of component registration & installer keys from Edge 94 to a clean image crashes LCU DISM. I can get other non-CU updates to install, but LCU breaks hard. Not sure if this leads to a working fix, but the idea is promising.
When Edge 94 (MSI) is installed, LCU will not overwrite with 89. Edge 94 is removable from Apps, but EdgeUpdater is locked.
I suspect Windows team has an agreement to never ship a newer Edge to preserve compatibility for IT pros. This way Edge is expected on every machine, but EdgeUpdater can be blocked by GPO and IT can deploy a specific MSI version to replace it.
Blind copying of component registration & installer keys from Edge 94 to a clean image crashes LCU DISM. I can get other non-CU updates to install, but LCU breaks hard. Not sure if this leads to a working fix, but the idea is promising.