Jump to content

Fix Errors (from a fresh or older Win10)


R4D3

Recommended Posts

Disclaimer: Use at own risk !
----------------------------------------------------------------------------

What is it for:
Fixing Errors, & most of the Eventlog Errors (from a fresh or older Win10) by Service Config
----------------------------------------------------------------------------

Why:
- Errors in the Eventviewer after a fresh install
- Some services was changed, you maybe didn't realize, but what you get, is that the Store, Windows Update & more couldn't run, properly anymore.
- My Experience is, most problems that appear on "friends" computers in Windows 10, belongs to the Service config !
----------------------------------------------------------------------------

Some weird Examples I've found:
- get Eventlog Errors by change LanmanWorkstation from Auto to Demand (On Demand, it will be started anyway)
- get Eventlog Errors by change WSearch (Indexing) from Auto to demand, but NOT if you set it to disabled... ???
----------------------------------------------------------------------------

Fixes Errors & Eventlog errors like:
- DNS Client (v10 Vortex+wpad) EventID 1014
- Service Control Manager (CldFlt+Spooler+iphlpsvc+Printer+Update Orchester) Event ID 7000
- DistributedCom (SID: Nicht verfügbar) ID1016
- SecurityCenter (SECURITY_PRODUCT_STATE_ON) EventID 16
- Perflib (Bits) EventID 1008
- Application Error (MRT.exe) EventID 1000
- DHCP CLient (DHCP Waiting) EventID 50160
- AppModel-Runtime (0x800700B7) EventID 37
- User Device Registration EventID 360
- Pipe Closed Errors
- Windows Store Problems (0x80072ee7)
- Cluster Errors & more
----------------------------------------------------------------------------

Limits:
- English\German Windows only, cause MS translated the ALC Permission Names (the user BUILTIN\Administrators is called VORDEFINIERT\Administratoren on a German Windows oO)
- Intention is to fix Errors, maybe you have reasons, to keep a service disabled, even if it provide errors
- Can't and won't change following 4 Services: DcomLaunch, RpcSs, WinDefend, gpsvc - don't try !!!
- Permissionchanges are permanent, sorry. - I would like to set them to their Original State after, but feels like to much work.
  BUILTIN\Administrators Allow FullControl (A;OICI;KA;;;BA) will be added on some Registry Service Entry's.
- Doesn't change, or restore, driver states that can controlled with SC command, cause: one single error here, and Windows is smashed...
- Doesn't fix KernelPnP (WudfRd) EventID 219 - This one can be fixed with "snappy driver installer" or similar which is using the driverpacks
----------------------------------------------------------------------------

Changes: 23.07.2017
- Add a Powershell policy bypass
- Add OS Language Check exitloop (Script is for English and German only, and will exits on other Systems !)
- Kept NcaSvc, WEPHOSTSVC and WiaRpc at Original State (cause one or all three, could be needed...)
----------------------------------------------------------------------------

Files:

Download -> R4D3_Fixes.zip <- Download or here link https://www.file-upload.com/jd6our1a5hrg

R4D3_Fix_All_Services_to_Default.bat - Change All Services to their Original State
1. OS Language will be checked
2. Services with Variable Names will be searched, and declared as variables (could take a while)
3. A Powershellscript runs with that Variables to get Full Adminrights on Permissionprotected Services
   From: www.alkanesolutions.co.uk/2016/06/29/set-registry-key-permissions-powershell
3. Some Services will be Changed via REG ADD (cause they can't be changed via SC)
4. NTFS-Registry Permission Protected Services will be changed to their Original State
5. Other Services will be changed to their Original State
----------------------------------------------------------------------------

R4D3_Fix_Service_Config.bat - Changes the following Servicestates

Demand:
CDPUserSvc_xxx = CDPUserSvc_xxx
CDPSvc = Connected Devices Platform Service
DoSvc = Delivery Optimization Service
FontCache = FontCache
MapsBroker = Downloaded Maps Manager
NlaSvc = Network Location Awareness
OneSyncSvc_xxx = OneSyncSvc

Disabled:
AxInstSV = ActiveX-Installer (needed sometimes in domain networks)
CldFlt = Cloud Files Mini Filter Driver (no reason for that one)
DiagTrack = Diagnostics Tracking Service (no thanks)
DusmSvc = Data Usage (no thanks)
iphlpsvc = IP Helper Service (keep, if you use IPv6)
lfsvc = Geolocation Service (no thanks)
MSiSCSI = Microsoft iSCSI Initiator Service (something for servers)
RetailDemo = RetailDemo (no thanks)
SCPolicySvc = Smart Card Removal Policy Service (never seen someone using a smartcard reader)
SessionEnv = Remote Desktop Configuration (for remote desktops)
SysMain = Superfetch (stop unnecessary writings on my ssd)
TrkWks = Distributed Link Tracking Client (nobody need that)
UmRdpService = Remote Desktop Services (for Terminal RDP Connections)
W32Time = Windows Time service (to get rid off it ADMIN CMD: w32tm.exe /unregister)
WbioSrvc = Windows Biometric Service (no thanks)
WinHttpAutoProxySvc = WinHTTP Web Proxy Auto-Discovery Service (for Domain? Networks with Proxy Server)
WMPNetworkSvc = Windows Media Player Network Sharing Service (for PlugAndPlay Network Media Devices ???)
workfolderssvc = Microsoft Work Folders (needed sometimes in domain Networks)
WSearch = Indexservice (stop unnecessary writings on my ssd/laptophdd)
----------------------------------------------------------------------------


R4D3_Fix_Homegroup_Assistent.bat
(Fixes Error 0x80630203, where a homegroup could not be changed or joined) - It just deletes the protected crypto files in \Users\All Users\Microsoft\Crypto\RSA\MachineKeys
----------------------------------------------------------------------------

R4D3_Fix_Geolocation_Service.bat
(Fixes the Error, that Geolocation Service could not be Started, via Removing a "false Trigger Info Reg Key")
----------------------------------------------------------------------------

R4D3_CleanUp_All_Event_Logs
(cmd wmic Shortcut)
----------------------------------------------------------------------------

R4D3_Restart_Special
(cmd shutdown Shortcut)
----------------------------------------------------------------------------

R4D3_Show_Activ_Connections
(cmd netstat Shortcut)
----------------------------------------------------------------------------

R4D3_Reg_Tweaks.reg
(some regtweaks, mostly for ssd, read the comments in the reg, before using)
----------------------------------------------------------------------------


Usage:

1) Important: You need to right click each file first, and click allow (there is a flag on the files: file is from another computer...)

2) (Optional) Cause I disable the indexservice, I would suggest to remove the indexes before (right click properties c: -> disable indexoption, then: in control panel under index, remove the folders, and rewrite the index... - both steps could be take a really long long time...)

3) .bat Files and Shortcuts needs to be run with ADMINRIGHTS to work properly (Mouse right click on the file and then ...)

4) (Optional) Cleanup your Eventlogs first - from a Console with Adminrights type: (or use the Shortcut)
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

5) Run "R4D3_Fix_All_Services_to_Default.bat" as Admin (Highly Recommend)

6) Run "R4D3_Fix_Service_Config.bat" as Admin (or edit it first to fit your needs)

7) Restart Your Computer (Optional: "Special Refresh [Cache???] Restart" via Adminconsole "C:\Windows\System32\cmd.exe /c "shutdown -g -t 0" (or use the Shortcut)

8) (Optional) Check your Logs in Eventviewer !

9) (Optional) Test and Tell me, what Problem my Script fixed for you...

Notes, you can:

- Check all Service acl flags with powershell:
  Get-ACL "HKLM:\SYSTEM\CurrentControlSet\Services\*" |Format-List

- Check Service Driver Dependencies:
  for /f "tokens=2" %s in ('sc query type^= driver ^| find "SERVICE_NAME"') do sc EnumDepend %s

- Check Service States Config:
  for /f "tokens=2" %s in ('sc query state^= all ^| findstr "SERVICE_NAME"') do @(for /f "tokens=3" %t in ('sc qc %s ^| findstr "START_TYPE"') do @echo xxx %s = %t)

Kept from Old Post:
- would be awesome if someone could change the Snippet that the output is:
  xxx SERVICE_NAME = START_TYPE = DISPLAY_NAME

 

Edited by R4D3
Link to comment
Share on other sites


This might do (as a batch, not one liner):

@ECHO OFF
SETLOCAL ENABLEEXTENSIONS
CALL :reset
FOR /F "tokens=1,2 delims=:" %%A IN ('sc query state^= all ^|FIND "_NAME"') DO SET %%A=%%B&CALL :parse
GOTO :EOF

:parse
IF NOT DEFINED DISPLAY_NAME GOTO :EOF
FOR /F "tokens=3" %%C in ('sc qc %SERVICE_NAME% ^| FIND "START_TYPE"') do ECHO xxx %SERVICE_NAME% = %%C =%DISPLAY_NAME%
:reset
SET SERVICE_NAME=
SET DISPLAY_NAME=
GOTO :EOF


 

The output is "ugly", due to the extremely different length of service names. :(

jaclaz
 

Link to comment
Share on other sites

Nah, its ok - thx (it has a little error at Plug & Play, cause of the & - but i can live with that...)

I think about trying to delete some dependency flags, - maybe then i can disable more services, without eventlog errors...

Link to comment
Share on other sites

I quickly tested it in XP, where the service is actually called PlugPlay or Plug and Play:
 

sc query PlugPlay

SERVICE_NAME: PlugPlay
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        
sc qc PlugPlay
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: PlugPlay
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\services.exe
        LOAD_ORDER_GROUP   : PlugPlay
        TAG                : 0
        DISPLAY_NAME       : Plug and Play
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

is there really a "&" in Windows 10? :unsure:

It would break a good 99% of any existing batch file ... :w00t:


 

jaclaz
 

Link to comment
Share on other sites

They did it in the German Version....

Exapmle of funny MS Translation:

1) SUBACLS... - Example: The User "Everyone" is translated to "Jeder"... - a English Script, that need to change Rights, just don´t work !  If it is a .cmd i can change it myself, - in an .exefile - no chance...

2) Folders: - I can´t trust Explorer anymore (cause MS used the Dektop.ini files - to call the mui´s) - in a German XP the Path %ProgramFiles% is called "Programme" and this was the real Foldername - in Windows 10 the Explorer shows the Folder as "Programme" but the foldername is "C:\Program Files"

- I would wish they did it otherways - (Using Mui´s for SubACLS not a real Translation, and for Folders the real one... - like they did in the past...)

P.S. They translated most of the ACL´s not only "Everyone" - they even did mui-files for "Short-Cut-Names" oO & there is no hint, that the desktop.ini files does different things than before...

P.P.S On their Auto-Translated Help pages - they even translate Commands and Flags ;) 

Edited by R4D3
Link to comment
Share on other sites

UPDATE:  R4D3_Service_Fix.zip

NEW: Grants "Build-In Admin" Permissions with a called PowershellSkript (just a minimal single Entry that allow BuiltIn Admins to change the RegEntry)

IMPORTANT:

If your Windows is NON-English (like mine) you need to change 1 Entry in the Powershellscript ! - Read the Comment in the Phoenix.bat

You need to Run AdminPowershell, and run: Set-ExecutionPolicy RemoteSigned one time (to allow Powershellscripts - dont forget to Restart then !)

You can turn it off with Set-ExecutionPolicy Restricted after...

Edit: You have, to rightcklick each file, - and click allow (there is a flag on the files, that they are from another computer... - next time i zip them from a Fat32 Filesystem, then this flag shouldn´t be there...)

Files: 

- Phoenix.bat
Change All Services to their Original State (Creators Update W10 Home) (Highly Recommend     New: Grants Admin Reg Permissions for Protected Services)

- R4D3_Service_Fix.bat
Yeah Hell MS, i fixed them ! (Change 22 Services & 1 Driver to Disabled, 7 to Demand)    New: Grants Admin Reg Permissions for Protected Services)

- PhoenixCall.ps1
Powershellscript thats be called from the Batchfiles to Grant Permission

Note: you can check all Service acl flags with (even to get names you can place in the PhoenixCall.ps1) this powershell command:

Quote

Get-ACL "HKLM:\SYSTEM\CurrentControlSet\Services\*" |Format-List

Edited by R4D3
Link to comment
Share on other sites

  • 2 weeks later...

Sorry, there is one Error in "my Fix.bat"... - Dnscache must stay at Auto - cause it is needed by WindowsStore... (error 0x80072ee7) for some Apps like ADBlock for Edge

Edited by R4D3
Link to comment
Share on other sites

  • 4 weeks later...

My problem of late is that with v1703 heavily tweaked it just refuses to do a Windows Update any more.

I even tried a full, fresh install.  It's so sensitive to tweaking that almost anything causes Windows Update to just fail.  I was even seeing failures when I would try to install an update directly from the Catalog.

I tried to tiptoe around that - for about 1 whole day - then I got frustrated and just tweaked the hell out of it.  The only error logged is that I don't allow luafv (the file virtualization part of UAC) to start via the EnableLUA setting in the registry.  And it never, ever contacts anyone online on its own.

Microsoft is going to cause me to just lose interest entirely if they keep this kind of garbage up.  I don't need an OS where Windows Update just raises the white flag if you look at it funny.

I'm down to about 68 processes total to support an idle desktop, 9 of which are from things I've added.  They haven't released another update for a while, so I don't honestly know if it's possible it might succeed.

-Noel

Link to comment
Share on other sites

  • 2 weeks later...

Hmm, and did you try my batch to fix it ?

As i wrote, i made many many tests, with the result that, you only can change the starttype of 21 Services and 1 driver, all other changes breaks the Store, Update, or other functions... - what maybe could helped with that i to remove depending states of the services with sc and the depend flag (i did not try removing all dependencies from all services yet) - please write feedback here if you have success with that...

Link to comment
Share on other sites

  • 2 months later...

NO, THEY DID IT AGAIN ! - NOW THEY TRANSLATED COMMAND FLAGS !!! :puke::puke::puke:

I will update my Script in a while (cause its broken now), but that the TakeOwn Command Flag /D Y (YES) on my German OS is now: /D J (Ja) is crappy s*** !

- What can i expect next ? Do You plan to translate it all ? So that a CD (Change Directory) Command will be changed to WO (Wechsle Ordner) ??? :puke::puke::puke:

 

 

Link to comment
Share on other sites

Just for the record (and FYI, though cannot say if of any use in this case) a similar thing happened a few years ago with the Format command that (obviously) behaved differently on different languages:

http://reboot.pro/topic/3229-international-format-y/

although the actual issue was solved (half-@§§edly in batch), paraglider was kind enough to make a small program:

http://reboot.pro/topic/3229-international-format-y/?p=28526

getyes that "reads string number 17208 from shell32.dll ":

www.paraglidernc.com/files/getyes.zip

If it still works in Windows 10, that might be the "correct" way. :unsure:

jaclaz

Link to comment
Share on other sites

Thx, but i dont know, how much Syntaxflags they changed, and how much they plan to localize... (and how often they change the way, doing it...)

- As example, in XP the "Program Files" folder was called: "Programme", and its real path was "C:\Programme". So, Foldernames, Shortcuts, Menu´s got a real translation and Explorer had shown their real path. Commands, Flags, BUILTIN/*usernames was global! That is, how it still should be, in my opinion - cause the other way is script breaking !

Now:

- The explorer only shows "C;\Programme", but the real path is: "C:\Program Files" done by a NTFS Junctionpint (or similar).
- The names of Icons in Starmenu just displaying other names via Desktop.ini.
- Some of the stuff is translated by Registry
- Some is translated by mui files
- Usernames are localized by a real translation (Script Breaking)
- They started to change common command flags (Script Breaking, and not sure if only YES/NO Flags are affected)...


I maybe would not care about, if there was a big german community, that localize every useful script from evrywhere for me, but: There is no such community.

Edited by R4D3
Link to comment
Share on other sites

  • 1 year later...

Just 2 Adds:

FIX HyperV BSOD on Version 1809 (when using AndroidEmu, Sandboxie, VM & similar)
CMD with Adminrights: (Restart after)

bcdedit /set hypervisorlaunchtype off

 

(Adding an Option to the Advanced Energy Schemes, to prevent, 1809 falling to Sleep after 2 mins (you need to set the added options manually to 0, as long as i didn´t write a script for it, cause  the entrys are protected, by that MS_dumb_rightsmanagement_System…

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0]
"Attributes"=dword:00000002

(

Edited by Tripredacus
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...