The user mode dump collection feature in Windows is well documented. As long as the LocalDumps key under HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting is created, every application crash on the system produces a core dump using the default setting. A subkey under it, named after the executable file for the process I am interested in, is overriding the global (default) setting, and I am getting the crash dumps just nominally, full memory burp in the location I specify.
However, there is apparently no setting in the documentation under the LocalDumps that would tell the system not to create dumps, such that I would override one for my service's subkey. In our milieu, there are multiple service processes running under multiple identities, so there are going to be many core dumps scattered around all there identities' %LOCALAPPDATA%\CrashDumps directories, needlessly. These are unattended servers, and more trash means more scripted cleanup.
Is there a documented way to disable core dumps by default for all programs, and override the prohibition for just one?
It is documented that dumps are not created if the location is not writable by the crashing process' identity, but I do not want them for LocalSystem services too, and this guy can write anywhere. Also, it seems that the dumps are not created if the DumpFolder points to an invalid filepath. To make it even maybe a little less hacky, I set it to the NUL device in the device namespace (: stands for "value under key" below):
LocalDumps:DumpFolder=\\.\NUL
LocalDumps:DumpCount=1
LocalDumps\myservice.exe:DumpFolder=C:\Program Files\myservice\data\crash_dumps
LocalDumps\myservice.exe:DumpType=2
LocalDumps\myservice.exe:DumpCount=5
This ostensibly works in Server 2012, 2012R2 and 2016. But I must keep fingers crossed that a next update would not change this (undocumented) behavior.