Some Notes on the Machines

Currently, the only known way is this sort of effort:

Set-MpPreference -DisableIntrusionPreventionSystem $true `
-DisableBehaviorMonitoring $true `
-DisableRemovableDriveScanning $true `
-DisableScanningMappedNetworkDrivesForFullScan $true `
-DisableScanningNetworkFiles $true `
-DisableEmailScanning $true `
-DisableBlockAtFirstSeen $true `
-DisableIOAVProtection $true `
-DisableRealtimeMonitoring $true `
-DisableScriptScanning $true `
-EnableControlledFolderAccess Disabled `
-MAPSReporting Disabled `
-SubmitSamplesConsent NeverSend `
-PUAProtection Disabled

Try this, in administrative Powershell:

wevtutil el | ForEach-Object { "$_"; wevtutil cl "$_" }

Does not seem to have a web page of its own, it is linked from others:

http://aka.ms/diag_printer10

There have been many live CDs out there which have utilities to reset passwords on Windows. Unfortunately, many of them are long out of date and won’t work (or will do odd things) on recent hardware, and recent operating systems. This one, “MediCat”:

https://gbatemp.net/threads/medicat-dvd-a-multiboot-linux-dvd.361577/

Is the best of breed known to me at this writing.

This one:

http://pogostick.net/~pnh/ntpasswd/

may well be the original, last update 2014; it does fail to boot on some newer hardware.

Very informative:

https://support.hp.com/us-en/document/c05195282

and linked therein, a printer matrix:

https://support.hp.com/us-en/document/c04658195

It is far from clear what is going on, but here’s what I think I know:

• Lots of services are being created in Windows 10, 2016, and 2019 fitting the descriptions below.
• Many of these, but not all, have names with “_a1b2c” at their right-hand ends, where the characters and numbers are what look like non-random machine-readable strings, five characters long so far.
• Many of these, but not all, have been svchost.exe items, not standalone services.
• There are a variety of service names associated, including (on just this one machine) CaptureService_b8bc7, “Clipboard User Service_b8bc7”, “Connected Devices Platform Service”, “Connected Devices Platform Service_b8bc7”, “CredentialEnrollmentManagerUserSvc_b8bc7”, and many more. Of the list in this item, only the last is a standalone service, not a svchost item.
• There are a variety of svchost item names associated, including BthAppGroup, LocalService, and UnistackSvcGroup. In particular, the UnistackSvcGroup items can be googled, but thus far, it appears not known for what they are used.

Some of these services cannot be deleted with the SC command; some can. If one changes permissions in registry items, they all probably could. But the question remains, what are they for, what are our valuable computing resources being taken for? Thus far, no one has reported anything not working when they are stopped and/or deleted. We may be looking at infrastructure Microsoft is laying in our own machines before our eyes, for new software they will send.

There’s an automatic “backoff” feature of Windows Indexing from Vista onward, which causes it to slow down and stop depending on other load. This can prevent Indexing from working altogether when load is high and/or searchable datasets are very big. To fix this, change this registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\DisableBackoff

to a numeral 1. You will probably have to change the owner of “Gathering Manager” to Administrators in order to do so. After this change is made, restart Windows Indexing.

These packages bundle configurations, even domain joins, and other items. Native to Windows 10:

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package

The amazing Joe Busby showed me a number of things today. First, we remove all sorts of gaming bits which eat resources, and we also remove the built-in Mail and Calendar and BingNews, in administrative Powershell:

Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage
Get-AppxPackage "Microsoft.XboxGameOverlay" | Remove-AppxPackage
Get-AppxPackage "Microsoft.XboxIdentityProvider"  | Remove-AppxPackage
Get-AppxPackage "Microsoft.Xbox.TCUI" | Remove-AppxPackage
Get-AppxPackage "Microsoft.XboxSpeechToTextOverlay"  | Remove-AppxPackage 
Get-AppxPackage "Microsoft.WindowsCommunicationsApps" | Remove-AppxPackage
Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage 
Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage
Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage
Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Advertising.Xaml" | Remove-AppxPackage

There is an optional -allusers option for both Get-AppxPackage and Remove-AppxPackage, the following appears to do some good:

Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.XboxGameOverlay" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.XboxIdentityProvider"  | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.Xbox.TCUI" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.XboxSpeechToTextOverlay"  | Remove-AppxPackage  -allusers
Get-AppxPackage "Microsoft.WindowsCommunicationsApps" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage  -allusers
Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage -allusers
Get-AppxPackage "Microsoft.Advertising.Xaml" | Remove-AppxPackage -allusers

Another item. Search for “Background apps”. Open it up, and choose which apps run in your background !!!!! None is an option!

And a third. The Edge browser is reloaded by the operating system at boot and after it is closed. Turn it off with registry settings (this is in Powershell):

CD HKCU:\Software\Policies\Microsoft\
mkdir MicrosoftEdge
mkdir MicrosoftEdge\Main
CD MicrosoftEdge\Main
New-ItemProperty . -Name AllowPrelaunch -Value 0 -PropertyType "DWord" -Force

CD HKLM:\Software\Policies\Microsoft\
mkdir MicrosoftEdge
mkdir MicrosoftEdge\Main
CD MicrosoftEdge\Main
New-ItemProperty . -Name AllowPrelaunch -Value 0 -PropertyType "DWord" -Force

And a fourth. “Game Mode” is something which sits in the background eating resources. Its purpose is to semi-automatically record as a digital movie, everything that happens on your screen. It tries to detect and do this automatically, and it gets it wrong a lot, slowing things down, and sometimes, a lot. But Game Mode can be shut off globally. Turn it off with a registry setting here:

CD HKCU:\Software\Microsoft\
mkdir GameBar
New-ItemProperty . -Name AllowAutoGameMode -Value 0 -PropertyType "DWord" -Force

CD HKLM:\Software\Microsoft\
mkdir GameBar
New-ItemProperty . -Name AllowAutoGameMode -Value 0 -PropertyType "DWord" -Force

When you encounter a user account that spins forever trying to sign in on a computer that already has a local copy of their profile, here is a few steps to resolve the issues quickly without either data loss or the need to create a new Windows profile:

1. Sign in on an account with Local Administrator rights
2. Navigate to “C:\Users”
3. Locate the profile folder of the user unable to sign in.
4. Rename the folder (Usually I add “.old”)
5. Sign out
6. Sign in as the user who’s profile has not been working
7. While signed in on this temporary profile, navigate back to “C:\Users”
8. Rename their profile folder back to what it was originally
9. Sign out
10. You should now be able to sign in normally to that user with their profile intact.

Contributed by the excellent Joe Busby.