Frequently Asked Questions
1. What Is This Project?
Windows 10 AME aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Spyware systems, which are abundant in Windows 10 by default, have not been disabled using group policy, registry entries or various other workarounds – they have been entirely removed and deleted from the system, on an executable-level. This includes Windows Update, and any related services intended to re-patch the system via what is essentially a universal backdoor. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as most appx applications, have also been successfully eliminated. The total size of removed files is about 2 GB.
Great effort has been invested in maintaining the subsequent system’s stability, bug-free operation and user experience, as many of these removed services conflict with core Windows 10 features.
2. Ubiquitous Normalization Of Data Collection
The Release Of Windows 10
When Microsoft released Windows 10 on July 29th 2015, it solidified its position in providing an operating system which undermined basic human rights with respect to privacy and overall system control. A shift towards an unjust source of power, via Windows Update and various other subsystems, amalgamated in a poorly designed user interface focused on cognitive ease and commercial advertising: This was to become the new era of computing. It’s important to remark, that due to Windows 10’s update mechanics, combined with Microsoft’s decision of abolishing its testing division for update distribution, a stock system is extremely unpredictable and subject to an ever-shifting, uncontrollable state of disarray - but nevertheless vulnerable to leaked back-doors, in cooperation with the NSA - seriously undermining and questioning the validity of the official narrative’s claim to security and progress.
Source - www.eff.org, Source - autoriteitpersoonsgegevens.nl
“[…] this program is an instrument of unjust power…. Sometimes it tracks the user… and sometimes they can even forcibly change the software at a distance, as Microsoft can with Windows, through the universal backdoor.”
– Richard M. Stallman, at TEDxGeneva 2014
3. Configuring AME For Stable And Secure Operation
Due to the modified nature of this Windows installation, there are various possible security and stability concerns to consider when using Windows 10 AME. The entire removal of the Windows 10 update subsystem, coupled with the lack of automatic driver detection, beyond what is included in the 1809 build of Windows 10 from late 2018, requires manual action in order to configure proper and safe operation.
It is critical to understand, that Windows, regardless of its modernity and patched state, has proven to not be a secure platform. If security is one of your primary concerns, you should not be using AME, or Windows in general.
Source - www.schneier.com, Source - www.pcworld.com
Windows Update And Security Concerns
Since the release of Windows 10, various security patches have been pushed to fix critical vulnerabilities, via Windows update distribution. These patches are not available for AME, as this subsystem has been disabled. In order to secure the system properly, it is strongly advised to revoke administrator privileges from the default user. This will mediate approximately 75% of the critical attack surface, while locking down the system from most foreseeable major future threats.
Archived Source - www.beyondtrust.com, Source - www.tenforums.com
The use of networked Windows file-sharing using the SMB protocol, which, since the release of build 1511, has been hijacked for various large-scale exploits, such as the famed WannaCry ransomware attack, yet still showing extensive vulnerabilities, surfacing even today, should only be used in a user controlled, secured network environment, as this protocol has proven to be largely apprehensive by age of its design. SFTP is strongly recommended for networked file transfers.
The Case For Our Method
“[…] As you can see, even the recommended method for eliminating data collection isn't completely effective and causes a number of problems […] don't install anything, and don't use your computer, the data sent to Microsoft is quite minimal.”
– Mark Burnett, xato.net, May 2017
In May 2017 a security researcher named Mark Burnett demonstrated that disabling the default data collection toggles, found in Windows 10's settings app, are entirely useless. Furthermore he showed that even through using intensive group policy modifications, in a process heavily scrutinized and iterated upon over several days, he was not able to prevent Windows 10 from sending critical, personally identifiable information with certainty.
Source - www.xato.net, Archived Source- www.theinquirer.net
In conclusion, it appears to be extremely difficult to genuinely disable data collection, as proven to be monitorable in a controlled environment, where a constant uncertainty, subject to change by Microsoft's backdoor via Windows Update, plagues any methodology of mitigation, when making use of the built-in tools of Windows 10 such as the basic Privacy settings, gpedit modifications or registry edits. The only logical and unfortunately required method in this scenario, is the removal of the affected services from the system entirely, along with Windows Update.
4. How do I change my username/password?
You can change your username or password by opening amecs and selecting Change Username or Password.
Alternatively, your credentials can be changed via Command Prompt as Administrator:
Substitute <oldname> with your current username, and <newname> with your desired username
wmic useraccount where name='<oldname>' rename <newname>
Substitute <username> with your current username
net user <username> *
You will be prompted for a new password to enter. Simply reboot for changes to take place.
Instructions for this question is also available at AME Guides.
5. Is there a way to change the keyboard language in AME?
Yes, the keyboard language can be changed, however if you would also like to change the system language then it is recommended to do so first before changing the keyboard list as it can cause issues with the language pack.
To add a keyboard language, open amecs and navigate to Manage Language Settings > Add Keyboard Language.
Alternatively, you can add a keyboard language by entering the following commands via PowerShell (not as Administrator), substituting xx-XX with the Language/region tag of your desired keyboard language:
$List = New-WinUserLanguageList en-US
$List.Add("xx-XX")
Set-WinUserLanguageList $List
NOTE:en-USshould be your current system language
Your new language will be available from the language switcher in the system tray.
To make your new language the default, you can use Set-WinDefaultInputMethodOverride paired with the Language/region ID and Keyboard identifier (hexadecimal) of your language.
Instructions for this question is also available at AME Guides.
6. Can AME be activated with a legit key, like normal Windows?
No, the activation components are part of the spyware apparatus, and have been removed to the extent, that they don't send or collect personal data.
AME has been activated with a generic volume license key for Windows 10 Pro N RTM, and will never bother you to be activated, as it cannot verify the key with MS servers.
No 'crackware' was employed to make windows think that it is activated, only the clever removal of components, in the right order.
If you purchased your key from a third party, you may want to activate the key using a vanilla Windows 10 Installation on your machine before proceeding with AME, as the key will be tied to your motherboard and unable to be used again. Third party sellers sometimes check for this so they can make more money if you did not use the key within a short time period.
7. Is DirectX 12 Supported?
As DirectX 12 is primarily updated by Windows Update, certain games potentially could make API calls that aren't available on AME, resulting in crashes. This has not yet been observed in AME, however.
It is worth noting however, that due to DX12's proprietary nature, and Windows exclusivity, not to mention the fact that games, which make use of it, generally see no benefit at this point what so ever, it is advisable to avoid supporting the use of this API. There are promising open alternatives, such as Vulkan, as used by DOOM. Vulkan is fully supported by AME.
8. Legal Considerations
By downloading any of these images, you agree to Microsoft’s Terms of Service with respect to (5.) Authorized Software and Activation. All Images have been rudimentarily activated using a Generic Key for Windows 10 Pro N RTM. By using any of these images you agree that you have obtained a genuine product key or are able to activate by an other authorized method.
AME is developed for educational purposes only, which emphasizes an effort to reverse engineer, disable or replace components of the Microsoft Windows 10 operating system. The goal is an endeavour to better understand and mitigate the collection of Personally identifiable information (PII), as has been clearly outlined by numerous outlets covering the topic, including comments by famed whistle-blower Edward Snowden. Another goal is to replace included proprietary Windows software, such as the Edge web-browser, with ethically verifiable alternatives using open-source licenses.
EU Directive 2009/24, on the legal protection of computer programs, governs reverse engineering in the European Union. The directive states:
“(15) The unauthorised reproduction, translation, adaptation or transformation of the form of the code in which a copy of a computer program has been made available constitutes an infringement of the exclusive rights of the author. Nevertheless, circumstances may exist when such a reproduction of the code and translation of its form are indispensable to obtain the necessary information to achieve the interoperability of an independently created program with other programs. It has therefore to be considered that, in these limited circumstances only, performance of the acts of reproduction and translation by or on behalf of a person having a right to use a copy of the program is legitimate and compatible with fair practice and must therefore be deemed not to require the authorisation of the rightholder. An objective of this exception is to make it possible to connect all components of a computer system, including those of different manufacturers, so that they can work together. Such an exception to the author's exclusive rights may not be used in a way which prejudices the legitimate interests of the rightholder or which conflicts with a normal exploitation of the program.”
The intentions as self-described by the AME project, clearly fall under the case-scenario of enabling better “interoperability”, as the prevalence of proprietary software bundled with the Windows 10 operating system does not constitute an open standard in this regard.
9. Privacy or Security?
As stated on the main page, the objective of this project “[…] aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively”, while “Spyware systems […] have been entirely removed and deleted from the system.”
This is crucial to understand, as we do not provide a heightened state of security as the project’s main focus, beyond what is indirectly affected by the AME alterations. This does include many aspects likely to improve security, such as the reduction of many internal services and features, liable to third party vulnerability escalation (i.e. SMBv1, Edge, Wifi-Sense and many others), however these are, in fact, somewhat unintended side-effects of our, arguably somewhat ideologically fuelled, removal process.
Source - techcommunity.microsoft.com, Source - www.extremetech.com
Furthermore, as touched upon on the main page, approximately 75% of critical Windows 10 vulnerabilities can be mitigated by revoking administrator privileges from the default user. This is also an included feature in AME, and can be set-up by means of the initialization script, as this mode of operation is strongly encouraged.
Archived Source - www.beyondtrust.com, Source - www.tenforums.com
The Deal With Updates
However, AME does not allow for the installation of critical security patches, by means of regular Windows Updates, as this subsystem has been stripped from the OS entirely. Unfortunately, due to Windows 10’s background restoration behaviour, it was deemed necessary to also remove any ability of manually installing update packages, as the system components required for this, are the same ones responsible for the entire Windows Update subsystem to begin with – it was all or nothing.
Additionally, manually patching the OS, if this were possible, considering the goals and values AME deploys, in fact installs and alters many unwanted components, partially restoring Windows 10’s spyware apparatus. Because of this, each patch requires a scrutinous re-evaluation of the OS, followed by additions to the removal and cleansing process.
Nevertheless, each release of AME has been patched up until its release version date.
Open Source
The creation of AME is led by individuals principally interested in the open flow of information, and equal distribution of knowledge, hence a strong inclination towards supporting free and open source software, or even activist efforts, such as the FSF’s ethics.
As of such, the replacement applications provided in AME also attempt to fall in line with open source considerations.
We by all means strongly encourage users unfamiliar with these concepts to explore them in detail, as they are much further reaching in their implications, than simply superficial effects on software development.
10. How do I enable Windows Script Host access?
NOTE: Windows Script Host is enabled by default as of AME 21H1
As described in the documentation, AME ships with various modifications aiming at locking Windows down to a much more secure state. As part of this process hardentools disables a Windows feature called Script Host access. However, this feature is often required for doing development work with, for example, Visual Studio, which will error-out during the installation process, due to this feature missing.
To re-enable Windows Script Host, open amecs and navigate to Extra > Enable Windows Script Host (Legacy).
11. How to add my user back to the Administrator group?
Due to severe security considerations, the default user in AME has been revoked Administrator privileges. However, in certain situations this may cause potential issues, as Windows was not designed to operate in this state, per se. If you require administrator privileges, you can add your user back to this group using amecs and navigate to Elevate User to Administrator.
Note that while certain inconveniences may arise due to not having direct administrator privileges, we strongly recommend sticking with the configuration we ship, for security reasons.
Alternatively, you can use the following command in an elevated command prompt:
Substitute <username> with your current username
net localgroup administrators <username> /add
After this, restart Windows, and the default user will have administrator privileges.
Instructions for this question is also available at AME Guides.
12. Why don't we base AME on LTS(B,C) releases?
Windows 10 LTS releases, such as LTSB, which is based on build 1511, or LTSC, which is based on build 1809, have limited longevity with respect to hardware and driver support. This makes sense, given that the entire goal of the LTS Windows releases is to not change for multiple years. If we based AME on an LTS release, we would essentially only have one release, and then nothing for years on end. By basing AME on the Windows 10 Pro mainline releases, we have the ability to quickly respond, if software or driver incompatibilities emerge, due to the obsolescence of any specific build, as mainline releases are published about every six months by Microsoft.