News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Canadian Tech: How to rebuild a Win7 system with minimal snooping

    Home Forums AskWoody blog Canadian Tech: How to rebuild a Win7 system with minimal snooping

    Tagged: 

    This topic contains 43 replies, has 19 voices, and was last updated by  radosuaf 2 weeks, 2 days ago.

    • Author
      Posts
    • #2006717 Reply

      woody
      Da Boss

      For those of you who need (or want) to rebuild a Win7 system, but don’t want to get stuck with all of the “telemetry,” Canadian Tech has a detailed ch
      [See the full post at: Canadian Tech: How to rebuild a Win7 system with minimal snooping]

    • #2006728 Reply

      CADesertRat
      AskWoody Plus

      I have a couple of old W7 systems just gathering dust so this could be helpful if I decided to bring them back to life for any reason.

      Thanks Woody & CT 🙂

      Don't take yourself so seriously, no one else does 🙂
      4 Win 10 Pro currently 1809 (3 Desktops, 1 Laptop).

    • #2006732 Reply

      Canadian Tech
      AskWoody_MVP

      If you want to do that, do it soon. No one know if you will be able to after Jan 14, 2020

      CT

      9 users thanked author for this post.
    • #2006741 Reply

      mulletback
      AskWoody Plus

      I have a Macrium Reflect image of a so-called CT final-state win7pro installation, which I can use with Redeploy to rebuild any of my win7pro boxen. All offline, with tested rescue media as well. The OEM machines have all re-activated on their own; I also keep a list of phone activation numbers.

      • #2006742 Reply

        Canadian Tech
        AskWoody_MVP

        1. In my experience, all Dell systems automatically activate on installation. They do not require you to enter an activation code. The only provision is that the install must be of the same edition (home, pro, etc) and bitness (32 or 64) as the original product key.

        2. When you install an image of a completed system, activation has already taken place and will not be called for for any brand system. That goes for Office as well. I suspect MS activation could well cease after 1-14-20

        CT

        2 users thanked author for this post.
        • #2006766 Reply

          anonymous

          Quote:
          “I emphasize the need for PLUS R DVD blanks. Do not use the more common MINUS R DVD blanks.”

          Why is that?

          • #2006826 Reply

            AJNorth
            AskWoody Plus

            Ah, the old question about which DVD R/RW format is the “best” one to use.

            Here are two articles that may help to explain the differences (and history) between the DVD-R/RW and DVD+R/RW formats (incidentally, that’s a dash, not a minus sign, in “DVD-R/RW”):

            http://www.digitalfaq.com/guides/media/dvd-formats.htm and,

            https://www.diffen.com/difference/DVD%2BR_vs_DVD-R (note links at the bottom).

            Cheers,

            AJN

            3 users thanked author for this post.
            • #2006833 Reply

              Canadian Tech
              AskWoody_MVP

              Thanks AJN. clarification appreciated.

              CT

              1 user thanked author for this post.
            • #2007078 Reply

              rc primak
              AskWoody_MVP

              And just to be clear, never use the /RW type for backup, as these can be overwritten and you’d possibly never know it until you try to do a restore or set up a new installation.

              -- rc primak

              • This reply was modified 2 weeks, 4 days ago by  rc primak.
            • #2007086 Reply

              OscarCP
              AskWoody Plus

              One good day Win 7 laptop stop burning DVDs: it would get right to the end of the burn, then change its mind and terminate with an error message saying that it had failed to complete the recording (which I thought was a little unnecessary). I decided the built-in DVD drive was coming to a rather earlier end of its existence, muttered something no fit for repeating here about OEMs fondness for building their machines using showy, but cheap, flimsy stuff, and started looking online for a replacement. Then I mentioned my problem here and someone (maybe you, AJNorth?) told me to check if the DVD disks I was using were + or – and to use only +. So I checked and, sure enough, found that the pack of DVDs, recently bought at the local Staples, was all – . So I went back and got a pack of + from there. Tried one of the new blank + DVDs to see if I could burn something on it and… problem solved! The optical drive was as OK as could be expected given its several years of service. The problem was caused by using DVD disks with the wrong sign!

              Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

              1 user thanked author for this post.
        • #2007076 Reply

          rc primak
          AskWoody_MVP

          I suspect MS activation could well cease after 1-14-20

          I wonder if this event would munge CT’s whole scheme? I would hate for folks to go to all this trouble, only to find that activation is revoked and cannot be re-established.

          -- rc primak

          • #2007238 Reply

            Canadian Tech
            AskWoody_MVP

            rc, that is one of the beautiful features of this method. When you restore the image of an activated system, it is already activated.

            CT

    • #2006768 Reply

      anonymous

      I run multiple 32bit Win7/Ent/SP1, Office 2016 locally installed, and an upper-tier AV. All systems and software are fully patched, all set to automatically update, and I check for updates religiously. Like Canadian Tech, I haven’t had any problems with any of my systems. I don’t care about telemetry, whether MS or NSA. I have spare parts to keep all my systems going, and I will run Win7 until I die or the world ends, whichever comes first.

    • #2006824 Reply

      Canadian Tech
      AskWoody_MVP

      Anonymous, DVD MINUS R is a completely different kind of disk. It is pretty much designed for Video recordings, not data. DVD PLUS R is designed for much greater precision.

      If you use -r’s you will encounter many errors. You will not with +r’s.

      The System Image creation in Win7 writes the DVD, then reads it back to verify. -r’s will frequently fail that verification step.

      You are building something you really want to work when and if you need it. Do not take chances with technology that is not as reliable.

      When you shop you will find the vast majority that are offered are -r. Here is an example
      https://www.amazon.ca/Verbatim-4-7-upto-Recordable-Disc/dp/B0003QIXBY/ref=sr_1_4?crid=6G9T24ZI1SQL&keywords=dvd+%2Br&qid=1574018303&sprefix=dvd+%2Br%2Caps%2C156&sr=8-4

      CT

      • This reply was modified 2 weeks, 5 days ago by  Canadian Tech.
      7 users thanked author for this post.
      • #2007080 Reply

        rc primak
        AskWoody_MVP

        Out of curiosity, why not use multiple copies on mechanical hard drives? Is the point of using DVD+R to prevent any possibility of overwriting of the Final Version?

        -- rc primak

        • #2007239 Reply

          Canadian Tech
          AskWoody_MVP

          I know of no reason why you could not make the image on an external hard drive. It is just that the image can be quite large and that takes a lot of space out of use for what could be a long time. This is an insurance kind of thing that you hope you will never need.

          CT

      • #2007560 Reply

        wavy
        AskWoody Plus

        Seems like DVDs have gotten more expensive!
        BTW those are +s not -s 😉

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
    • #2006840 Reply

      anonymous

      Is it really a good idea not to use Spectre or Meltdown patches? Can they not be isolated from the other stuff? It just seems prudent to make sure those are patched, at least in case something happens with them in the future.

      Personally, I stick with the main updates and just disable telemetry after the update. I’ve never had any problems with that, either. Woody’s guide is fine.

      • #2007082 Reply

        rc primak
        AskWoody_MVP

        Spectre and Meltdown have no active in the wild exploits, last time Woody revisited the topic here.

        As for “removing all the telemetry”,  we don’t even know what or where all the telemetry is, so how do you remove what you can’t even find?

        -- rc primak

        • #2007123 Reply

          AJNorth
          AskWoody Plus

          Spectre and Meltdown have no active in the wild exploits, last time Woody revisited the topic here.

          Then there is the matter of the BIOS update required for complete protection.  Several of the machines that I tend to were never issued that update by their OEMs (mostly HPs, plus a few Dells), even though Intel indicated that they were available for their respective processors (and, of course, the performance hit — which can be significant).

        • #2007614 Reply

          anonymous

          WPD is a good program to disable all telemetry for Windows 7-10, and includes an IP blacklist. O&O Shutup only works for Windows 10.

          https://www.ghacks.net/2015/08/14/comparison-of-windows-10-privacy-tools/

          I just find it satisfying to go will all the updates, and then select, “NOPE!” a “Come and take it, you just try!” approach.

    • #2006863 Reply

      OscarCP
      AskWoody Plus

      Thanks, Canadian Tech, for taken the time and trouble to explain in careful detail one way to keep running Windows 7 safely after EOL in January. I am sure that many here can benefit from it.

      For my part, running, not hundreds of computers as a professional computer OS administrator or repairer, but only my one good old laptop for my own personal business, I do have, based on my own and very personal experience, since the days of Win 98, a somewhat different take on what is coming and how to be ready for it. At least for someone in my situation, without the responsibility for any other machines other than my own.

      In particular, I have been updating in my 8.5 year-old laptop, since I first got it in 2011, both Windows 7 and Office 2010 all the way through this October and plan to continue doing so until January. Being “Group B” since before there was a Group B, or even a Woody’s, in either its present or its past “Windows Secrets” incarnation, I have, even so, never, ever had a problem caused by a bad patch. My problems have been caused by bugs in applications installed after Windows or  by “services” and software, those launching at start-up in particular, planted in my HD when installing some gadgets and said applications.

      How Come? Well: all that has taken me to achieve this healthy patching record is to look around for information on possible problems with some updates, figure out which are nonsense and which needs to be taken under advisement, then act accordingly. To this end, places such as Woody’s have been, over the years, of invaluable help. And, of course, having a measure of good luck, as is always needed for anything in life that to turn out OK in the end. Further, I am not too concerned with “telemetry” planted in these updates by MS. It is definitely a worry, but way, way, way down in my list of what-to-worry-about priorities.

      But, other than the above disagreement with following some  parts of Canadian Tech’s recipe, I heartily agree with doing so with others, such as the idea of setting Windows Update to never to update, unless one learns that there is something available for Win 7 after its end of life that might be worth installing, strictly for security reasons. Other than that, it is Group W for ever — or unless until some extended support service is offered and proven in practice to be a good thing to use.

      I also plan to keep the AV up to date for as long as it is supported, as well as other applications needed to protect the PC from malignant intrusions. And use preferentially, as the OS for Internet access, Linux Mint, that now I have installed on the PC in dual-boot with Win 7.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      1 user thanked author for this post.
    • #2006874 Reply

      Susan Bradley
      AskWoody MVP

      And then buy extended security updates.  If you spend this long rebuilding, don’t use it for surfing.

      Susan Bradley Patch Lady

      3 users thanked author for this post.
    • #2006881 Reply

      Volume Z
      AskWoody Lounger

      In my view it’s time to drop KB3020369 from any given tutorial. The patches you can’t do without now are KB4474419 and KB4490628. It takes both for SHA-2 signing support, with KB4490628 taking the place of KB3020369. Also see:

      https://www.bleepingcomputer.com/forums/t/707375/can-i-reset-windows-7-and-receive-updates/page-2#entry4904195

      Regards, VZ

      • #2006897 Reply

        PKCano
        Da Boss

        In this case, @canadian-tech recommends not patching any update after May 2017. KB3020369 qualifies for this timeframe. If you are not currently installing any updates, the SHA-2 coding support and the later Servicing Stack KB4474419 and KB4490628 are irrelevant.

        1 user thanked author for this post.
        • #2007452 Reply

          EP
          AskWoody_MVP

          but KB3020369 is an obsolete update and KB3177467 should be used instead. avoid using KB3020369 since windows update does not offer that one anymore

          KB3177467 was originally released in late September 2016 but got a V2 release on October 2018 as a “security update”. download & install KB3177467 from MS Update Catalog:

          https://www.catalog.update.microsoft.com/Search.aspx?q=3177467

          • This reply was modified 2 weeks, 4 days ago by  EP.
          • This reply was modified 2 weeks, 4 days ago by  EP.
          • #2007563 Reply

            Canadian Tech
            AskWoody_MVP

            EP, You are correct, but that update was issued October 2018. I do not apply any updates that were issued after May 2017.

            The process I describe here works. I know it works. I have done it literally hundreds of times. Many others have followed it as well. Microsoft could screw it up between now and mid January, but up till now it does work.

            After mid January, all bets are off. I would not be surprised if Microsoft pulls those updates that are listed here.

            If you cannot get to this until after mid January, download and store those updates before then. I have done so.

            The problem will be, if Microsoft pulls Win7 updating, you will not be able to bring your newly installed system up to the point where my procedure starts.

            CT

    • #2006995 Reply

      Lars220
      AskWoody Lounger

      Thank you  Canadian Tech  and Woody,  I have bookmarked the full post webpage that Woody references:

      [See the full post at: Canadian Tech: How to rebuild a Win7 system with minimal snooping]

      I use the Firefox extension – Print Friendly & PDF to make a PDF version for my reference and will attach here for others that like PDF.  Good work Canadian Tech.

      Attachments:
      1 user thanked author for this post.
      • #2007375 Reply

        Canadian Tech
        AskWoody_MVP

        lars, would you please make a new pdf of that? two of the links were defective and have since been fixed by PKcano.

        CT

        1 user thanked author for this post.
        • #2007561 Reply

          AJNorth
          AskWoody Plus

          Hello CT and Lars,

          Attached is a freshly-made PDF (created a few hours ago).

          Cheers,

          AJN

          Attachments:
          2 users thanked author for this post.
    • #2006997 Reply

      Kirsty
      Da Boss

      We are aware of some issues with the links as they are currently formatted.

      We are working on fixing this – please bear with us!
      🙂

      4 users thanked author for this post.
    • #2007090 Reply

      rc primak
      AskWoody_MVP

      This seems like a lot of trouble to go through to avoid having a modern operating system.

      The other thing I can’t get out of my mind is how many businesses and individuals stuck with Windows XP — until the day a massive new attack for which XP’s security had no defense came along. Microsoft was obliged to issue an emergency patch, but that did not make XP systems perfectly safe again.

      I fear that this idea of “freezing” the “perfect” Windows installation and never updating it may lead Windows 7 die-hards down the same Primrose Path.

      For all this effort, I could teach a complete newby how to get by in Linux Mint. Even if you think you have “indispensable programs” which are “Windows only”. With very few exceptions for highly technical business programs, there are decent Linux equivalents. You just have to know where and how to look for them. Worst case, you run WINE or a Virtual Machine inside Mint or Ubuntu. The host OS (Linux) is providing all the security in these scenarios, so not being up to date in the VM is nearly irrelevant, as long as your drivers and activation are working.

      If Windows 7 activation ever ceases, that could be a whole different kettle of fish. But Windows XP can’t be activated now, and there are some who still run Windows XP in VMs. I don’t know how they do it. Or why, unless some specific software was never updated by the vendor. And has no Linux equivalent. That would be a rare case indeed.

      -- rc primak

      2 users thanked author for this post.
      • #2007094 Reply

        Paul T
        AskWoody MVP

        There are plenty of production W7 systems that can’t (yet) be replaced so having detailed re-build instructions is a great help.
        Home use is a very different arrangement and up to the individual.

        cheers, Paul

        1 user thanked author for this post.
      • #2007104 Reply

        OscarCP
        AskWoody Plus

        rc primak: I do agree with you, and would add that, if there is enough space on disk, one could install Linux in dual-boot with Win 7 and use the Linux side of the PC for surfing the Web and doing email and other Internet-related activities. Files downloaded in this way can then be passed to the Windows side, after scanning them for viruses. And any rare security update coming from MS can still be installed in Windows. A perfectly safe arrangement? No. But what is ever perfect in this sublunary world? But this way forward is right for me, maybe for you, but not for everybody.

        I do understand that Canadian Tech is addressing users with similar concerns motivated by being in a similar situation as CT: they all have to take care of many computers their owners want to keep on using with Win 7, the operating system they are familiar with; and, or like; and, or need because of some very useful software they have set up just right and would be a tremendous hassle and waste of time to look for a suitable replacement and then set it up to be, once more, just right for its intended purpose. And, or — for whatever reason, including the good one mentioned by Paul T just before this posting– they are required by their bosses to keep using Win 7. And, or are just plain ornery people that don’t like to change anything, ever, so there is no point trying to convince them to change their minds.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

        2 users thanked author for this post.
        • #2007137 Reply

          rc primak
          AskWoody_MVP

          If your boss requires that you stick with Windows 7, your boss should be looking after your updates and security. And your boss should be fixing any problem which result from sticking with an unsupported OS version. That should be a contract requirement. Betcha very few bosses do that.

          -- rc primak

          • This reply was modified 2 weeks, 4 days ago by  rc primak.
      • #2007345 Reply

        Canadian Tech
        AskWoody_MVP

        RC, lets not get out of perspective. This is a solution for Aunt Martha. The aunt who uses her Windows 7 system for email, a bit of browsing and possibly Facebook. She uses it for maybe half an hour ever few days. For her, a very simple system fits her needs just fine.

        This is not a solution for every Techie or user who is technically competent.

        Keep in mind that “Aunt Martha” is a description for the vast majority of computer “users.” The people like you and I who lurk in this corner are techies who have different much more sophisticated needs.

        CT

        2 users thanked author for this post.
    • #2007672 Reply

      Cybertooth
      AskWoody Plus

      I suspect MS activation could well cease after 1-14-20

      I wonder if this event would munge CT’s whole scheme? I would hate for folks to go to all this trouble, only to find that activation is revoked and cannot be re-established.

      Anything is possible, but I’d be very surprised if the ability to activate Windows 7 licenses were to stop anytime soon after January 2020. It may be reassuring to know that Vista could still be activated as of this past summer (I did it).

       

      3 users thanked author for this post.
      • #2007673 Reply

        Canadian Tech
        AskWoody_MVP

        Cybertooth, thanks. I think you are probably right. In fact, I’d put 10 to 1 odds on it. I am just not willing to take the risk. Microsoft never considered Vista a risk. It considers Windows 7 a huge risk because the market still has something like 35% Win7 after 4 years of not being able to buy a Win7 system. So, I am not certain that past behaviour is a good indicator. Particularly in this case.

        CT

        1 user thanked author for this post.
        • #2007678 Reply

          PKCano
          Da Boss

          I don’t think they can afford to stop activation, not at least for a minimum of three more years until 2023. There are going to be a lot of people buy into the extended support that may, at some point, have to reinstall and reactivate.

          2 users thanked author for this post.
        • #2007682 Reply

          jabeattyauditor
          AskWoody Lounger

          It considers Windows 7 a huge risk because the market still has something like 35% Win7 after 4 years of not being able to buy a Win7 system.

          Windows 7 market share is now below 28% – and I’ve seen no evidence that Microsoft considers Windows 7 to be any sort of “risk.”

    • #2007679 Reply

      Canadian Tech
      AskWoody_MVP

      That would be sensible. I am not sure the decisions (especially the executive ones) being made the past few years at MS have all been sensible.

      CT

    • #2007877 Reply

      anonymous

      Canadian Tech: Thanks for this. A couple of points:

      1. You state that you do not update after the May 2017 security only (SO) and IE updates because the June 2017 SO update had a bug only fixed in a later rollup update. I don’t remember reading about this at the time, but after a little searching I found https://appuals.com/fix-something-went-wrong-and-your-search-couldnt-be-completed/  which describes a problem with searching in Outlook caused by the June 2017 SO update KB4022722 and which can be addressed by the “hot-fix” “standalone package” at a link which connects to the June “Preview” Quality Rollup KB4022168. Is this what you are referring to and the specific reason you abandoned further updating? (I see your point in principle, that bugs in SO updates should be fixed in SO updates, but as I don’t use Outlook I would probably not encounter this specific problem in practice.)
      2. Thanks for the advice about DVD+R disks. A few years ago I was using the Windows “create a system partition image” mechanism to backup to DVDs, but when I needed to restore from one of these backups it failed. Out of about 10 such backups about half failed. At the time I assumed that this was a problem with the Windows create/backup and restore software, but based on your comments it may have been because the images were burnt to DVD-R disks 🙂 (I no longer have the disks so cannot check.)
      3. Following my point 2. above, it might be a good idea to add a few words to your instructions to remind people to create their restoration media e.g. W7 rescue disk if using the Windows create/backup mechanism or a 3rd party restore thing if using a 3rd party tool such as Macrium Reflect AND if this is on a DVD it also should be DVD+R (not -R).

      Thanks. Garbo.

      PS: I have created what are effectively “factory recovery” images similar to yours since I replaced Windows XP with W7, when the actual “factory recovery” mechanism from the PC manufacturer restoring XP became obsolete. For a long time I used bootable Partition Manager disks (DVD-R – my bad!) to copy the system partition mid-installation to a new partition in the slowest, inner part of the hard disk drive and later copy it back to the faster, outer system partition to restore.

      More recently I have also created Macrium Reflect images of these mid-installation system partitions, so I have 2 mechanisms and hence some redundancy.

       

      • #2007985 Reply

        Canadian Tech
        AskWoody_MVP

        It would help to provide some background:
        I provide support for about 120 Win7 client systems. These are people much like the Aunt Martha described earlier. They do NOT include enterprise or business situations, gamers or intense technical people. My objective is to bring stability, ease of use and payoff from an investment (the PC). In reality, when you leave out enterprise installations, my clients are actually quite typical of the vast majority of computer users.

        As an underlying strategy, I avoid as much technology as possible. i want my clients to be able to support themselves as much as possible, should I not be available.

        Hence, although I have no doubt that software like Macrium is likely superior, it is just one more step to the technical side as opposed to using what is already built-in to Windows 7 itself. I have used the “System Image” function in Win7 hundreds of times with near perfect success. I simply produce a pack of 2 to 6 DVD’s which I tell them is insurance. Keep them safe and know where they are.

        My conclusions in mid-2017 were that Microsoft had made such a muck up of Windows Update that it was well beyond Aunt Martha’s capability to manage the Update process, and that perhaps we should take the risk of not updating, since it was pretty clear that to continue to pursue the Windows Update paranoia would result in systems that could no longer be used.

        I visit the Ask Woody site daily. When I read the many stories of the mess they call Windows Update, I oddly smile and have a feeling of “that is someone else’s problem”. I have divorced myself and my clients from this mess and they are not only not worse for the decision, but in fact, far better off. There are some serious respectable experts who roam the halls of Woody and offer streams of advice on how to minimize the damage that WU does.

        The results in the ensuing 30 months have been quite stunning. My phone rarely rings any more. My work-load to support these people has fallen off by at least 75% and more like 90%.

        There has not been a single instance of any kind of problem.

        In fact, these systems are as stable as residential heating systems. Rarely needing concern and only maybe annual checkups for potential hardware failures. These systems rarely change. The only changes (updates) that take place are from Chrome and BitDefender, and those are under the covers and not obvious to my clients.

        This story would not be complete without talking about the mess that they call Windows 10. For many reasons I will not go into here, I have not purchased a Win10 system, nor do I ever intend to do so. In years past, that would have been an impossible scenario. However, in today’s world, the vast majority of most people’s computer needs are served well from a tiny device they carry in a shirt or hip pocket. The one that is operated by Google’s Android system. The computer in every home idea has transformed into a computer in every shirt pocket

        My clientelle has fallen off from 4 years ago when it was 150 systems. Of those 30 systems, maybe 5 or 6 bought Windows 10 systems. A few bought Apple systems. The others simply no longer have a computer. Other than those 5 or 6 systems, my clients who used to buy new ones at about 30 per year have not bought a computer is the last 3 years. The computer store which regarded me as a regular customer rarely sees me any longer. I no longer have a sales rep contact at Dell.

        CT

        1 user thanked author for this post.
    • #2008381 Reply

      radosuaf
      AskWoody Lounger

      Great guide, thanks!

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1909 64-bit
      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Canadian Tech: How to rebuild a Win7 system with minimal snooping

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.