Hello...
Nice advanced windows tuning here
i am using the trick many years ago... because 64 bit system is just crap, 64 bit system is good for specific application and specific environment, not for windows... for a server i could understand otherwise microsoft is just adding more crap to the system.
SOME THING VERY IMPORTANT ABOUT THAT MODIFICATION :
You should be quite aware about what you are doing, because it could work fine and look like it's working fine but it could make the system unstable after some times. (why ? read what's next)
First before answering why, you should know that the missing of signing the kernel edited file with microsoft key result in a constant use of system debug mode, plus you have to remove watermark to have a clean system.
Also as the main kernel file is modified, some antivirus could not work fine even if you ignore the issue, plus some Microsoft Checking application will report the issue. any way to bypass that issue you should always leave the original file "ntkrnlpa.exe" at his place and untouched !!! and use an a modified one with an other name like "ntkrnlpatched.exe" (in the same system directory) some patch application do it well, but not all !!! ... you have to check every thing manually to be sure about what it's doing, when you use an other file like "ntkrnlpatched.exe" you just need to point the bootloader to that file, for security you can leave default one to boot the system without patch if you have a problem some day. and add an other menu boot entry pointing to your kernel file. (you could also tune the boot menu for tcpip.sys if you also patched this file)
One all those thing tooked in consideration, unfortunately it's not done at all. and here where i answer the why
"Windows Update" is a must be enabled to have a secure system, YOU HAVE TO KEEP IN MIND that "ntkrnlpa.exe" get updated automatically to new version every 3 month less or more (same issue for tcpip.sys) and using an old outdated patched version after a system update is not a verry good idea, then you have to check every time you make an update if "ntkrnlpa.exe" version have changed and if so, update your "ntkrnlpatched.exe" by re patching the new version.
For me i have made a little application that compare version of "ntkrnlpa.exe" and "ntkrnlpatched.exe" at every boot, then it notify me with a little popup when the version change (get updated) to remember me to update and repatch my file.... my application just boot with the system check the version notify if changed and end (it's not running all the time) i can provide it in here if needed
it also check change for tcpip.sys ... it's not a big deal, but i just have to re patch the kernel it take 5 min. plus i don't have to worry about it that way
to give you an idea, i am using the patch since 2009 and patched the kernel 15 times since that
hope these infos will be helpful
n.b. : for those who are not advanced user, using the primocache feature for hidden memory is a good solution.
n.b.2 : i never want to talk about that patch in here in the past because it may may be a replacement for hidden memory feature.
Cheers ^^