Windows 11

The reason most users (including half of ElevenForums' contributors) are wrong, is the actual behavior changed over time.

21H2 introduced the workaround. It works in all instances. But since every tech blogger had a loud mouth, this workaround intended for enterprise clients was widely shared on every site. This undercuts the reach of MS Account, for without one you can't buy a paid OneDrive subscription. MS essentially makes zero off Windows, but OneDrive and O365 subscriptions are the cash cow for Windows Consumer.

22H2 changed this behavior. BypassRNO doesn't work in all instances, especially if Windows already detected there was a valid network connection before you tried rebooting. So people moved to the fake e-mail account hack. But again, too much of the same over-reporting lead MS to block some fake accounts from working, so you need to invent a new fake account.

Like everything in Windows, it's all timing based. The earlier the reg key is inserted (reg hive, specialize pass), the more effective the bypass is. MS is expecting you to think they're stupid, and OOBE\BypassRNO will still work on 22H2 and later. Nope. They changed the logic and now are checking much earlier in the OOBE workflow.

Every time I roll my eyes on ElevenForums, I keep thinking someone should just make a comprehensive test matrix of what works and what doesn't. But half of the crowd is working off tribal knowledge, and doesn't bother to do updated testing.

The bypass check works differently btw 21H2 and 22H2+ releases. A number of times I've forgotten (or mis-applied) the reg in the image, and presumed I could just run OOBE\BypassRNO to get past OOBE – Nope. Which is why when I'm locked out and too lazy to remake the image, I will switch to the Work or School account hack on Pro.
Eleven forums < Ntlite forums
 
The reason most users (including half of ElevenForums' contributors) are wrong, is the actual behavior changed over time.
you got to test test test before deployment. people will say that tweak X works on windows 10 but wont usually say which version of windows 10, there have been 14 versions of windows 10 and to me that equates to 14 service packs, do you remember the fun and games when xp sp2 came out? i prefer to class each version as a new os in its own right due to the constant changes, even in a version series so thats why i list my stuff as 17763.3165 for example so if anyone complains i can say that it did work on 17763.3165.
 
I made a compilation of some things that appeared on my firewall. Which of these items can I safely block access to?
Most of that comes from telemetry, Windows Update, Microsoft Store, and the junk we're all trying to debloat. You can see a general overview by looking at the Network Usage page in Windows, which details how much data each item is downloading/uploading, and with enough general tweaking it will reduce this overhead as a side effect. My Optimized Image guide has a drastically reduced data usage page compared to a default install.
 
Last edited:
I removed the Windows Firewall, leaving only the core to be used in other security software. I did this thinking about managing the firewall by third-party software. But the one I'm using I've already seen that I can't just block the upload or download, but from what I'm seeing here all these items have been uploaded and downloaded. Any third-party firewall tips that compromise the minimum performance?
 
Most of that comes from telemetry, Windows Update, Microsoft Store, and the junk we're all trying to debloat. You can see a general overview by looking at the Network Usage page in Windows, which details how much data each item is downloading/uploading, and with enough general tweaking it will reduce this overhead as a side effect. My Optimized Image guide has a drastically reduced data usage page compared to a default install.
Did you inspect the block list? 1/2 are essential Windows services, 1/4 are vaguely detailed to the point of being unhelpful, and only 1/4 can be recognized as telemetry spam. The problem with low-end or 3rd-party firewalls are their self-learning heuristics (or lack of) will create a lot of false positives.
  • Windows Explorer - This is kinda vague. Are you browsing a network folder on another PC?
  • NT Kernel & System - This is stupidly vague
  • System Settings - I doubt it's sending data outbound, but it might be trying to send upsell data on the Home page for offers
  • DNS Caching Resolver - Essential service
  • BITS - Essential data download service for WU or Store
  • Cryptographic Services - Is it updating something with certs?
  • Network Profile Service - Not required if you're not part of a local or AAD domain
  • Host Process for Tasks - This is vague, what service or task is requesting network access?
  • NVIDIA Container - Confirmed telemetry from NVIDIA's GEForce
  • InstallService - Windows installer for apps
  • wlidsvc - MS Account logon service
  • ngngx_update - NVIDIA self-installer
If you removed the offending component (ie. MS Account) then a number of problems don't appear in the first place. NVDIA privacy issues can be avoided by using NVCleanstall or another tool to strip out the NVIDIA telemetry features before installation.
 
I was commenting on the goal rather than the question, since at the end of the day most people are really seeking to reduce bandwidth consumption, regardless of reasoning (security, gaming, stability, speed, etcetera). And while it would be great to know how every component works here, most people don't care and it's not going to change the outcome anyway (for the masses I mean).

I've focused on this specific goal for a long time now, carefully chipping away at the natural data usage of Windows, and simply by tweaking little things here and there to turn off features that I don't care for, it's having the rather large and successful byproduct of also reducing the background network data of Windows, and I've almost achieved 100% reduction without anything breaking, so I know I'm on the right path.

Features like Content Delivery Manager, Search Box Suggestions, etcetera, all use network data which then causes things like firewalls to report them, but if the features are disabled out of the box then there's no communication to worry about blocking, since the root problem has been solved. This is the best approach, because while blocking at the firewall level is effective, that doesn't reduce the resource overhead as much as having the communication not exist at all. Component removals and registry tweaks are both great at solving this.
 
Like I guessed before, Settings is trying to notify you of an upsell opportunity. I would ignore it, since it probably only happens the first time you open Settings on a newly installed PC or view the Home page.
Code:
Name:    a2-18-127-229.deploy.static.akamaitechnologies.com
Address:  2.18.127.229
 
Windows Explorer
InstallService - Windows installer for apps
It can check whether the digital signature of the file is valid.
DNS Caching Resolver - Essential service
It is only essential, if the one uses Windows DoH, if DNS service is disabled and DNS set manually, it will not make any requests.
Once disabled, DNS is faster and safer, no DNS poisoning. Many apps actually leak via DNS, especially chromium based browsers.
NT Kernel & System
Used for ping. I block it, apps like XSplit Broadcaster can ping separately.
Cryptographic Services
Required to update certificates used by browsers and to update digital signatures.
Windows Explorer
System Settings
Host Process for Tasks
I generally allow MS processes to connect only to MS IP ranges and CDN for updates and MS related stuff.
 

Attachments

  • capture_07142024_070033.jpg
    capture_07142024_070033.jpg
    516.8 KB
I don't know if there is something wrong with my Windows installation or why this happens. I cleaned the SSD using Diskpart, installed Windows, then created a D: partition. The strange thing is that the Backup Software I use shows the EFI partition at the end, after the D: is this normal?
 
Every Tuesday is a Taco Tuesday.

Patch Tuesday
is every 2nd Tuesday of the month. 10 AM PST/PDT (UTC-8)
Preview Update is every 4th Tuesday of the month. 10 AM PST/PDT (UTC-8)

Remember to celebrate Taco Tuesday if your community makes tacos for your enjoyment!!
BackyardTaco_Taco-Tue_Meme.jpg
 
WinPE Setup for 24H2 defaults to a new Setup client.

Some users claim to have install problems with it, while others think it's too ugly. If you prefer seeing the "Classic" client, you can apply this reg file to boot.wim (Setup):
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"CmdLine"="X:\\sources\\setup.exe"
 

Attachments

  • Windows 11 x64-2024-07-31-23-14-19.png
    Windows 11 x64-2024-07-31-23-14-19.png
    19.1 KB
  • Windows 11 x64-2024-07-31-23-31-18.png
    Windows 11 x64-2024-07-31-23-31-18.png
    24.9 KB
what about the page where it copies files etc/progress page? to be honest a new fugly Setup is the least of my worries, i got bigger fish to fry :rolleyes:. i do prefer the old style but i could easily work with the new style.
 
Last edited:
oh ffs :rolleyes:. good to know though :D. perhaps nuhi could add that setting :)

i usually wouldnt bother slimming the boot wim but if you are struggling to keep an iso to under 4.3GB(max size for dvd on nero 9) then its worth taking a look at boot.wim.

we could also take a look at what can be removed from the root of the iso and still keep it boot-able.
and what could be removed from boot.wim and iso if we Apply an image from a winpe disc.
 
Last edited:
Back
Top