New
#21
TL;DR answer: Sorry but I just don't know for absolute sure. However, of the 204 logged events I captured, the OpCode results (in order of occurrence) are as follows:
- Info (14) x 134
- No OpCode data x 56
- Change State (17) x 2
- Dispatch Event (16) x 2
- Warning (13) x 8 (2 x Windows Update; 6 x Windows Store because a Microsoft Account could not be identified)
- Start (1) x 1 (Tried to start Windows Update service)
- Error (12) x 1 (because Windows Update was disabled)
There was not a single failure that I can attribute to having the Logon task disabled.
Background info:
I don't use any UWP (Store) apps and remove all the built-in bloatware (except for the Windows Store). All I know for certain are the events I captured the last time that the Logon task fired. These show the task began at 16/08/2021 10:34:01.188 and ended at 16/08/2021 10:35:32.488. During those ~1.5 minutes FullEventLogView identified 204 contiguous log entries.
Of those 204 entries, the source log Channels were as follows:
- Microsoft-Windows-Store/Operational x 150
- Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin x 19
- Microsoft-Windows-Time-Service/Operational x 10
- Application x 7
- System x 7
- Microsoft-Client-Licensing-Platform/Admin x 4
- Microsoft-Windows-TaskScheduler/Maintenance x 2
- Microsoft-Windows-SettingSync/Debug x 4
- Microsoft-Windows-StateRepository/Operational x 1
Checking the user context of these 204 events shows:
- User x 136
- NT AUTHORITY\LOCAL SERVICE x 34
- NT AUTHORITY\SYSTEM x 27
- No data x 7
This is what I've based my guess on that the Logon event involves the Windows Store and its Store-supplied apps. I've been unable to find any Microsoft documentation about Windows 10 Task Scheduler Event IDs so it's not clear when the event ended (nor whether it succeeded or failed). (Windows 10 doesn't use the same Task Scheduler Event IDs as Windows 7.)
It's also clear that you cannot just look at the Channel field but need to consider the Provider and Description fields as well. (If anyone wants to look at the captured events I can attach a CSV file.)
Going through the 204 entries line-by-line it appears that overall the Logon task does the following (in order of execution):
- Checks Network Cost Policy to determine whether the internet connection is metered.
- Checks whether an update scan is needed (this failed with a warning on mine because I have Windows Update disabled (and WaasMedic service is not installed).
- Checks the cached database of UWP apps and downloads an updated database as required.
- Checks each installed UWP app for updates and licenses (including Minecraft... which the Windows 10 Decrapifier script I use should have removed).
- Tries to capture the identity of the logged-on user.
- Checks the registry to determine the logged-on user's Microsoft Account used for the Windows Store. (This results in a Warning as I don't use a Microsoft Account.)
- Transmits the computed hardware GUID for checking activation.
- Compares local time with time.windows.com and corrects local time if necessary.
- Updates local store of 'banned' licenses (Function: OneStoreApplicationLicenseManager::RefreshBannedLicenses).
- Updates local lease using hardware GUID (I assume this means revalidates digital license).
- Updates the task's 'Last run' timestamp.
- Updates multiple 'Power.EnergyEstimationEngine' packages.
I use a customised Windows 10 Decrapifier script during OOBE (always clean installs, never upgrades) and then an AutoHotkey (AHK) script to configure new builds. At first I added a line of code to the AHK script to disable ProvTool's Logon task then, later, removed the line and - instead - added a similar PowerShell command to my customised Windows 10 Decrapifier script instead (after testing to ensure there were no adverse effects for me).
On family and friends' devices I use the following command in an elevated PowerShell console:
Code:Get-ScheduledTask -TaskPath "\Microsoft\Windows\Management\Provisioning\" | Disable-ScheduledTask
This disables both ProvTool tasks - Logon and Cellular, as the screenshot shows:
(Note: If your device doesn't have an active LTE modem then this will have no effect at all, adverse or otherwise.)
To revert, just enter the following instead:
Code:Get-ScheduledTask -TaskPath "\Microsoft\Windows\Management\Provisioning" | Enable-ScheduledTask
(The reason I also disable Cellular is that I have a Lenovo Thinkpad laptop with a built-in LTE modem. Whilst I only put a SIM in whilst away on holiday, I didn't want to wreck my mobile data plan by a potentially 'always on' cellular connection generating unintended additional data traffic outside of my control.)
Note: At first I thought that disabling Logon (and Cellular) may also affect the download of Spotlight images (a 'feature' that I always turn off). Not one of the 204 captured log events showed any mention/evidence of Spotlight images, nor even any registry check whether Spotlight was enabled).
Hope this helps...