NoelC

Member
  • Content count

    4,951
  • Joined

  • Last visited

  • Days Won

    222

NoelC last won the day on April 16

NoelC had the most liked content!

Community Reputation

1,292 Excellent

3 Followers

About NoelC

  • Rank
    Software Engineer
  • Birthday

Profile Information

  • OS
    Windows 8.1 x64
  • Country
  1. Yep, that's how I start Defender's UI too. Sorry about not describing how. I find it takes a little while for the Windows Defender panel to open, though. I suspect it may feel it's missing something from the UWP side of things. I have also been having some new update problems with 1703 today (as in, it won't update, spewing an 0x80070426 error). Since I installed it directly from the ISO before 1703 was actually released, it's possible I confused the Windows Update process - though I was able to get it all the way up to 15063.138 without any problems. I'm going to try going through the upgrade again since it's supposed to be as easy as restoring a VM snapshot and running Windows Update now... Otherwise, I'm not sure what's gone wrong with the Windows Update process yet. If you figure out what's wrong, please let me know. I hope it's not expecting something to run that's been disabled. -Noel
  2. All O&O does is reduce the attempts to communicate online. DNS blacklisting and a deny-by-default firewall configuration are the real enforcers for me, along with tweaking a number of other settings to discourage the system from trying to be chatty. Don't kid yourself: Win 8.1 and 7 are not mum without similar tweaking. -Noel
  3. Generally speaking: By removing AppX packages, removing other features (e.g., OneDrive), disabling many services, disabling many scheduled tasks - all on the online system that's running. I wrote a re-tweaker script that does a lot of it. One thing I'm NOT concerned with is making the system footprint on disk smaller; even SSD space is far too cheap to try to delete things that the OS wants to see remain there. Notably I'm very careful to ensure the system thinks it's still serviceable (e.g., SFC and DISM /Online report no problems). I have been doing it this way for many years. So far I've never had any failure to update. -Noel
  4. We may have a difference in what you mean by "chopping". I have a trimmed and functional Win 10 v1703 build setup now and I can apply cumulative updates no problem. It leaves me to wonder, what parts do I still have that are not in your ideally "chopped" system? I've removed all Apps, and have reduced the services and scheduled tasks considerably. To support an idle desktop it's running 75 processes and using about 1 GB of RAM. Is this substantially different than the goals in this thread? Have I chopped less deeply? Note that I started by removing things from a full ISO installation done as an in-place upgrade from the prior v1607 system I have been maintaining in a VM since before Win 10 was initially released. Since I was successful at this I'm actually starting to consider whether the ongoing advantages of "keeping current" are starting to outweigh the advantages of sticking with the older system (Win 8.1) I'm still using on my hardware. -Noel
  5. Thanks, I will consider doing so. I'll just have to disable it on my own systems for testing, since I have all the tools in my path. -Noel
  6. Sorry, I don't use UAC, and it works as it always did for me. I suggest that if you were to open a CMD prompt As Administrator, CD to the folder containing the batch file, then run it, it would access the tools from within that same folder. -Noel
  7. As far as I can tell, you can do most anything with it. The configuration capabilities are VERY powerful. But yes, I do understand that it is dauntingly complex at first. It took me months to finally become comfortable with all it does. The author maintains a good forum site if you want to ask questions: http://vistafirewallcontrol.freeforums.org/vistafirewallcontrol-f6.html When I first got the package I deleted all zones and application entries, then started over from scratch. Keep in mind I have an entire career of data communications behind me to rely upon, so a "start over" approach might not be your best path. The philosophy of this firewall is overall "deny by default", meaning if you haven't pre-approved a particular kind of communication it isn't allowed. I have populated the Domains list to allow, for all applications system-wide, communications with security/certificate servers. There are quite a few different certification authorities out there, and installers, services, and applications need to be able to communicate with them as needed in order to verify certificates. Then there's the Programs list, which allows you to set up specific communications capabilities for individual applications. I created a zone called "SysOps" that allows all LAN communications (by address range). I consider systems inside my LAN all trusted, and I want to freely allow communications between my systems. The entries in the Programs list I assign the SysOps zone include System, svchost, and various other system functions. Another zone I created is "Web Browsing", which allows http and https comms (by port number) and assign that to whatever browser needs to reach the web. That zone is actually very permissive by doing that, so it also contains several sites/domains that I never want contacted. I actually settled on fairly few zones - 16 in all - that cover pretty much all the kinds of communications I want any part of the system doing, from full denial (e.g., "Block All") to fully permissive ("Allow All"). The whole list is: Adobe - for allowing communications to the Adobe Creative Cloud All Applications Default Zone - just a placekeeper that allows nothing. Allow All Application Self Update - just allows http and https communications applications use to download their own updates. Block All BowPad - A special zone for the BowPad editor that I use to verify the firewall is working and logging correctly. Classic Shell Update - allows only updates from the sites Classic Shell needs to contact to get its own updates. Defender - Allows Windows Defender / MSE to get definitions updates. DWM Symbol Download - allows access to Microsoft's debug symbol servers. eMail and Web Browsing - basically what's needed by Outlook to send/receive eMail. MalwareBytes - What's needed for MalwareBytes to get its updates. Safari Browsing - Pretty much the same as Web Browsing below, but with a few telemetry sites blocked. SysOps - Allows LAN comms, ICMP (ping) with the world, and other basic system operations such as time sync. SysOps *WU* - Same as SysOps but also allows comms with Windows Update servers. Visual Studio - Allows comms with the servers Visual Studio needs to work. Similar in kind to Adobe. Web Browsing - Allows http and https comms, as well as specific ports I've found are needed for e.g., a speed test. I haven't come across an application I have needed to create another zone for in a long time (probably most of a year). If you'd like to try out a configuration I've developed, I've published one online here: http://Noel.ProDigitalSoftware.com/files/Sphinx8Win10Config.zip I don't expect these profiles to work for anyone but me out of the box, but they could be imported and you could poke around to see how I've set things up. Conceivably with some adjustments they could be made to work for another person's system. -Noel
  8. Thank you for that. I have the WinAero Tweaker, but I didn't know Sergey had built that separate panel. I do like his way of thinking. -Noel
  9. It's a pre-release test version Big Muscle was kind enough to provide to me so I could help test it. It's got a few problems with Modern Apps that I'm sure he feels need to be worked out before sending it out to the world. Thankfully it can facilitate theme replacement, though part 2 is that it's impossible to change the theme from the Settings App on the Modern side. The old control panel applet is still available, but I imagine it'll be out by the next release. And Windows 10 v1703 isn't too perfect yet either... I've seen a number of small problems with it. -Noel
  10. I believe I have Windows 10 all re-tweaked. No Apps, private, nice desktop, minimal process count (in the low 80s with an empty desktop), passes integrity checks, runs all my "legacy" Win32 desktop software OK including some that cuts deep, such as Sphinx Windows Firewall Control and Classic Shell. The only minor issue I know of at the moment, and this is from reading elsewhere, is that Windows Update can't be convinced to deliver patches to other Microsoft Products (e.g., Office) with my current configuration. One person over on AskWoody.com has already been experimenting with this. The box is grayed out with an asterisk here. I have more experimentation to do. -Noel
  11. Ah, the 3rd party anti-malware software was the issue. Thanks for letting us know. I'm just using the default Windows Defender, which is why I didn't see the problem. -Noel
  12. I haven't been able to reproduce it either lately. My Win 10 system just boots up smoothly. I have it set to auto-logon to my local account (via NetPLWiz), so it all happens together fairly quickly. CKyHC, have you tried adding an arbitrary few seconds delay to the AeroHost entry in the Task Scheduler? I have no confidence this will help, but I do remember one time quite a while back that I had problems with Aero Glass for Win 8+ at logon, and I remember adding a small delay gave me a workaround. -Noel
  13. I'm sorry; I can't explain why those commands couldn't be found on your system... They are simple command line executables. You can look in the .bat file and see how they're accessed. The CMD window should be started "As Administrator". You could alter the batch file to do @ECHO ON instead of OFF and you should be able to see the actual commands being executed. Do that and post the results here. There must be a permissions or path problem somehow. Try running the commands interactively to make sure you have what you think you have... When I run SetACL I see this: -Noel
  14. Did you put the executables in the same folder as the batch file or in your path? It will need to find the SQLite3 command when it's running, and it sets its default directory to the folder in which the .bat file is located. -Noel
  15. Hi Noel!

    Any chance you can explain your tweaking of Windows 10....

    I am thinking that if it becomes a viable OS then it would be nice to know how you have tweaked it and how to do it....

     

    Martyn