Convert Windows Server to Workstation (Offline)

Discussion in 'Windows Server' started by freddie-o, Dec 5, 2021.

  1. #2 Deleted member 1385001, Dec 5, 2021
    Last edited by a moderator: Dec 5, 2021
    Thank you sir . Great thread :)

    Edit:

    Sir might be This Script to remove M$ telemetry package also will be usefull :
    Code:
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Set-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Microsoft-OneCore-AllowTelemetry*' -Name Visibility -Value 1 -Force -EA SilentlyContinue -Verbose"
    Powershell -C "Remove-Item -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Microsoft-OneCore-AllowTelemetry*' -Include *Owner* -Recurse -Force -EA SilentlyContinue -Verbose"
    Powershell -C "Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Microsoft-OneCore-AllowTelemetry*' -Name | ForEach-Object  {dism /online /remove-package /PackageName:$_ /NoRestart}"
    
     
  2. Atari800XL

    Atari800XL MDL Addicted

    Apr 3, 2011
    951
    1,672
    30
    Interesting Powershell code. This replaces the "InstallWimTweak" tool like below, correct?

    Code:
    install_wim_tweak.exe /p d:\mount /c Microsoft-OneCore-AllowTelemetry-Reduced-Default-Package /r
     
  3. Yes Sir . Thank You :)
     
  4. vladnil

    vladnil MDL Senior Member

    Jan 19, 2019
    460
    316
    10
    Have you tried putting a sandbox on Windows Server Preview Build 22509?
    I ran the script but it gives me an error when I start the sandbox.

    dir /b %SystemRoot%\servicing\Packages\*Containers*.mum >sandbox.txt

    for /f %i in ('findstr /i . sandbox.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%i"

    del sandbox.txt

    dir /b %SystemRoot%\servicing\Packages\*HyperV*.mum >hv.txt

    for /f %i in ('findstr /i . hv.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%i"

    del hv.txt

    dir /b %SystemRoot%\servicing\Packages\*Hyper-V*.mum >h-v.txt

    for /f %i in ('findstr /i . h-v.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%i"

    del h-v.txt

    dir /b %SystemRoot%\servicing\Packages\*remote*.mum >remote.txt

    for /f %i in ('findstr /i . remote.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%i"

    del remote.txt

    set REGWAY="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Containers\CmService\Policy"

    reg add %REGWAY% /v DisableClone /t REG_DWORD /d 1

    reg add %REGWAY% /v DisableSnapshot /t REG_DWORD /d 1

    pause

    exit
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,347
    2,256
    60
    #6 freddie-o, Dec 6, 2021
    Last edited: Feb 19, 2022
    (OP)
    This is how I disable telemetry OFFLINE
    https://forums.mydigitallife.net/th...lemetry-repository.63874/page-66#post-1686849

     
  6. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,347
    2,256
    60
    Sorry no experience with either
     
  7. is there any repo thread by you for all your scripts on MDL . i think it will be great for you to create "Freddie-o Scripts Repo" for others to get benefits of them :)
     
  8. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,347
    2,256
    60
    #9 freddie-o, Dec 6, 2021
    Last edited: Dec 7, 2021
    (OP)
    It's in my sig. Most of the scripts I post -- either somebody helped me put together or copy-paste or someone else's script I modified :p
     
  9. as you suggested this way you disable tlmtry https://forums.mydigitallife.net/th...lemetry-repository.63874/page-66#post-1686849
    user have to search it from all your posts but can find it if a repo thread of yours is there on the go . i hope my concern is crystal cleared.

    :)
     
  10. Credits Always Yours Sir & Pleasure Always Remains Mine :)
     
  11. gechu

    gechu MDL Novice

    Jul 20, 2009
    21
    11
    0
    Thanks for sharing! @freddie-o would you claim it's a noticeable performance benefit to running the basic tweaks + disabling telemetry?

    I've been running Windows Server 2022 with most of the basic tweaks you mentioned in the first post - still not sure that I perceive the user experience as noticeably snappier. Can't get PIN login to work, and Lenovo power manager throws some crash message at first login.
     
  12. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,347
    2,256
    60
    #14 freddie-o, Feb 20, 2022
    Last edited: Feb 26, 2022
    (OP)
    It should perform like a regular desktop OS since it's "allocating processor resources for best performance of programs" as oppose to Server which favors background services. These performance benefits are only noticable when there is considerable cpu workload

    Disabling telemetry should also affect performance since it disables telemetry activity running in the background

    (BTW my script on disabling telemetry does not all apply to Server or your scenario. It disables Windows Defender, Firewall, Windows Update, Onedrive, Removes Store (All ProvisionedAppxPackages) etc... Removing services such as "dmwappushservice" will get you stuck in the OOBE phase of installation. Either bypass the OOBE phase with an unattend.xml or remove it when ONLINE. So you need to have a workaround first if you are going to disable them. Choose only the ones that apply to you.)

    I never use a PIN that's why I disable it. Maybe you shouldn't disable "users must enter a user name and password" if you're using it.
     
  13. zbigniew59

    zbigniew59 MDL Senior Member

    May 14, 2016
    374
    171
    10
    #15 zbigniew59, Feb 23, 2022
    Last edited: Feb 23, 2022
    Code:
    This is how I disable telemetry OFFLINE
    https://forums.mydigitallife.net/th...lemetry-repository.63874/page-66#post-1686849
    Is the script from this link together with the unattend.xml file still suitable for the server?

    Why are you turning off the firewall?
    Win Update in the server can probably be left?

    Maybe this is better for the server?

    Code:
    @echo off
    
    rem == create mount and scratch folders ==
    mkdir mount
    mkdir temp
    
    rem == mount install.wim ==
    dism /mount-wim /wimfile:install.wim /index:1 /mountdir:mount
    
    rem == disable telemetry from the registry ==
    reg load HKLM\SOFTHIVE mount\Windows\System32\config\SOFTWARE
    
    rem == disable windows defender, notifications and malicious software removal tool ==
    reg add "HKLM\SOFTHIVE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "LocalSettingOverrideDisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection" /v "EnableNetworkProtection" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f
    
    
    rem == disable retrieving device metadata for installed devices from the internet ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d "1" /f
    
    
    rem == disable logging and tracing ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    
    rem == restrict internet communication ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InternetManagement" /v "RestrictCommunication" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoPublishingWizard" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoOnlinePrintsWizard" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Messenger\Client" /v "CEIP" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "DoReport" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInternetOpenWith" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\EventViewer" /v "MicrosoftEventVwrDisableLinks" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Registration Wizard Control" /v "NoRegistration" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\SearchCompanion" /v "DisableContentFileUpdates" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DriverSearching" /v "DontSearchWindowsUpdate" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "0" /f
    
    rem == prevent computer from sending data to microsoft regarding its activation state ==
    reg add "HKLM\SOFTHIVE\Classes\AppID\slui.exe" /v "NoGenTicket" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "NoGenTicket" /t REG_DWORD /d "1" /f
    
    rem == disable error reporting ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "IncludeKernelFaults" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "AllOrNone" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "IncludeMicrosoftApps" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "IncludeWindowsApps" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "IncludeShutdownErrs" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t REG_DWORD /d "1" /f
    
    rem == disable experiment with the product to study user preferences or device behavior ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableConfigFlighting" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\current\Device\System" /v "AllowExperimentation" /t REG_DWORD /d "0" /f
    
    rem == delete telemetry scheduled tasks ==
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppxDeploymentClient" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Autochk" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CloudExperienceHost" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Feedback" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Flighting" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maps" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetTrace" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PushToInstall" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Time Synchronization" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Time Zone" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting" /f
    
    
    rem == disable smartscreen ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /v "value" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV8" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v "2301" /t REG_DWORD /d "3" /f
    
    
    rem == disable advertising info and accessing my language list ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\RunOnce" /v "HttpAcceptLanguageOptOut" /t REG_SZ /d "reg add \"HKCU\Control Panel\International\User Profile\" /v \"HttpAcceptLanguageOptOut\" /t REG_DWORD /d \"1\" /f" /f
    
    rem == disable inking & typing personalization ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\TextInput" /v "AllowLinguisticDataCollection" /t REG_DWORD /d "0" /f
    
    rem == disable diagnostics & feedback ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableEnterpriseAuthProxy" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableOneSettingsDownloads" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowCommercialDataPipeline" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowDesktopAnalyticsProcessing" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\System\AllowTelemetry" /v "value" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "MaxTelemetryAllowed" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "MicrosoftEdgeDataOptIn" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppCompat" /v "DisableInventory" /t REG_DWORD /d "1" /f
    
    rem == disable activity history ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "EnableActivityFeed" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "PublishUserActivities" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "UploadUserActivities" /t REG_DWORD /d "0" /f
    
    rem == disable location ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocation" /t REG_DWORD /d "1" /f
    
    rem == disable access to notifications ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoCloudApplicationNotification" /t REG_DWORD /d "1" /f
    
    rem == disable access to messaging ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Messaging" /v "AllowMessageSync" /t REG_DWORD /d "0" /f
    
    rem == disable app permissions ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessNotifications" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMicrophone" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMessaging" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCamera" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsActivateWithVoice" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsActivateWithVoiceAboveLock" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\cellularData" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\wifiData" /v "Value" /t REG_SZ /d "Deny" /f
    
    rem == disable find my device ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\FindMyDevice" /v "AllowFindMyDevice" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Settings\FindMyDevice" /v "LocationSyncEnabled" /t REG_DWORD /d "0" /f
    
    rem == delete microsoft cloud identity service ==
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\RunOnce" /v "cloudidsvc" /t REG_SZ /d "reg delete \"HKLM\SYSTEM\ControlSet001\Services\cloudidsvc\" /f" /f
    
    reg unload HKLM\SOFTHIVE
    reg load HKLM\SYSHIVE mount\Windows\System32\config\SYSTEM
    
    rem == delete telemetry services ==
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\BITS" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\DoSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\DiagTrack" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\diagnosticshub.standardcollector.service" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\dmwappushservice" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\lfsvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\pla" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\PNRPAutoReg" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\Sense" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\UsoSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdBoot" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdFilter" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdNisDrv" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdNisSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WinDefend" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WaaSMedicSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\wuauserv" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\wercplsupport" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WerSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\wisvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WSearch" /f
    
    reg unload HKLM\SYSHIVE
    reg load HKLM\NTUSER mount\Users\Default\NTUSER.DAT
    
    rem == disable smartscreen for microsoft edge ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d "0" /f
    
    rem == disable typing insights ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Input\Settings" /v "InsightsEnabled" /t REG_DWORD /d "0" /f
    
    rem == disable advertising info and tracking app launches ==
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /t REG_DWORD /d "0" /f
    
    rem == disable speech recognition ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t REG_DWORD /d "0" /f
    
    rem == disable inking & typing personalization ==
    reg add "HKLM\NTUSER\Software\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\Software\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\Software\Microsoft\InputPersonalization\TrainedDataStore" /v "HarvestContacts" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Personalization\Settings" /v "AcceptedPrivacyPolicy" /t REG_DWORD /d "0" /f
    
    rem == disable diagnostics & feedback ==
    reg add "HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableTailoredExperiencesWithDiagnosticData" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy" /v "TailoredExperiencesWithDiagnosticDataEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /t REG_DWORD /d "0" /f
    
    rem == disable search permissions ==
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /v "SafeSearchMode" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /v "IsMSACloudSearchEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /v "IsAADCloudSearchEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /v "IsDeviceSearchHistoryEnabled" /t REG_DWORD /d "0" /f
    
    
    reg unload HKLM\NTUSER
    rem == done disabling telemetry in the registry ==
    
    rem == remove all provisioned appx packages ==
    for /f "tokens=2 delims=: " %%i in ('dism /scratchdir:temp /image:mount /Get-ProvisionedAppxPackages ^| find /I "PackageName"') do (dism /scratchdir:temp /image:mount /Remove-ProvisionedAppxPackage /Packagename:%%i)
    for /f %%x in ('dir /b "mount\Program Files\WindowsApps\Microsoft*"') do (rmdir /q /s "mount\Program Files\WindowsApps\%%x")
    
    rem == unmount wim ==
    dism /unmount-wim /mountdir:mount /commit
    
    rem == delete mount and scratch folders ==
    rd /s /q mount
    rd /s /q temp
    
    pause
    exit
    
     
  14. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,347
    2,256
    60
    #16 freddie-o, Feb 24, 2022
    Last edited: Jan 14, 2024
    (OP)
    Windows Server 2022


    Original Post
    Disable Telemetry in Windows 10, 11 & Server (Offline)



    disable_telemetry.cmd

    Code:
    @echo off
    
    rem == create mount and scratch folders ==
    mkdir mount
    mkdir temp
    
    rem == mount install.wim ==
    dism /mount-wim /wimfile:install.wim /index:1 /mountdir:mount
    
    rem == load registry hives to disable telemetry ==
    reg load HKLM\SOFTHIVE mount\Windows\System32\config\SOFTWARE
    
    rem == disable windows defender, notifications, updates and malicious software removal tool ==
    reg add "HKLM\SOFTHIVE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "LocalSettingOverrideDisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection" /v "EnableNetworkProtection" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
    
    rem == disable smartscreen ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /v "value" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV8" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v "2301" /t REG_DWORD /d "3" /f
    
    rem == disable windows firewall ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\IPSec\ICFv4" /v "BypassFirewall" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\WindowsFirewall\DomainProfile" /v "EnableFirewall" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging" /v "LogDroppedPackets" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging" /v "LogSuccessfulConnections" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\WindowsFirewall\StandardProfile" /v "EnableFirewall" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging" /v "LogDroppedPackets" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging" /v "LogSuccessfulConnections" /t REG_DWORD /d "0" /f
    
    rem == disable windows update, delivery optimization and reserved storage ==
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoWindowsUpdate" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate" /v "SetDisableUXWUAccess" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableWindowsUpdateAccess" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate" /v "DoNotConnectToWindowsUpdateInternetLocations" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer" /t REG_SZ /d "\" \"" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUStatusServer" /t REG_SZ /d "\" \"" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate" /v "UpdateServiceUrlAlternate" /t REG_SZ /d "\" \"" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "UseWUServer" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DeliveryOptimization" /v "DODownloadMode" /t REG_DWORD /d "99" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /v "DODownloadMode" /t REG_DWORD /d "99" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\ReserveManager" /v "ShippedWithReserves" /t REG_DWORD /d "0" /f
    
    rem == disable retrieving device metadata for installed devices from the internet ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d "1" /f
    
    rem == disable recording of event logging and tracing ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}" /v "LogLevel" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}" /v "TraceLevel" /t REG_DWORD /d "0" /f
    
    rem == restrict internet communication ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InternetManagement" /v "RestrictCommunication" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoPublishingWizard" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "NoGenTicket" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Messenger\Client" /v "CEIP" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "DoReport" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInternetOpenWith" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Internet Connection Wizard" /v "ExitOnMSICW" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\EventViewer" /v "MicrosoftEventVwrDisableLinks" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Registration Wizard Control" /v "NoRegistration" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\SearchCompanion" /v "DisableContentFileUpdates" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DriverSearching" /v "DontSearchWindowsUpdate" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableWindowsUpdateAccess" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v "NoActiveProbe" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\WMDRM" /v "DisableOnline" /t REG_DWORD /d "1" /f
    
    rem == prevent computer from sending data to microsoft regarding its activation state ==
    reg add "HKLM\SOFTHIVE\Classes\AppID\slui.exe" /v "NoGenTicket" /t REG_DWORD /d "1" /f
    
    rem == disable error reporting ==
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "IncludeKernelFaults" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "AllOrNone" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "IncludeMicrosoftApps" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "IncludeWindowsApps" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "IncludeShutdownErrs" /t REG_DWORD /d "0" /f
    
    rem == disable experimentation to study user preferences or device behavior ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableConfigFlighting" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableExperimentation" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\PreviewBuilds" /v "AllowBuildPreview" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\current\Device\System" /v "AllowExperimentation" /t REG_DWORD /d "0" /f
    
    rem == delete telemetry scheduled tasks ==
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppID" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppxDeploymentClient" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Autochk" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CloudExperienceHost" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Device Information" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Diagnosis" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskFootprint" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Flighting" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maps" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetTrace" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Offline Files" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Power Efficiency Diagnostics" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PushToInstall" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Ras" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Registry" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Time Synchronization" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Time Zone" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\User Profile Service" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Filtering Platform" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WaaSMedic" /f
    
    rem == disable cortana ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\Experience\AllowCortana" /v "value" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "AllowCloudSearch" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchPrivacy" /t REG_DWORD /d "3" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchSafeSearch" /t REG_DWORD /d "3" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWeb" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "DeviceHistoryEnabled" /t REG_DWORD /d "0" /f
    
    rem == disable windows network connectivity status indicator (ncsi) ==
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\Connectivity\DisallowNetworkConnectivityActiveTests" /v "value" /t REG_DWORD /d "1" /f
    
    rem == disable advertising info and accessing my language list ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\RunOnce" /v "HttpAcceptLanguageOptOut" /t REG_SZ /d "reg add \"HKCU\Control Panel\International\User Profile\" /v \"HttpAcceptLanguageOptOut\" /t REG_DWORD /d \"1\" /f" /f
    
    rem == disable typing insights & inking and typing personalization ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\TextInput" /v "AllowLinguisticDataCollection" /t REG_DWORD /d "0" /f
    
    rem == disable diagnostics & feedback ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableEnterpriseAuthProxy" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableOneSettingsDownloads" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowCommercialDataPipeline" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowDesktopAnalyticsProcessing" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowDeviceNameInTelemetry" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\System\AllowTelemetry" /v "value" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "MaxTelemetryAllowed" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "MicrosoftEdgeDataOptIn" /t REG_DWORD /d "0" /f
    
    rem == disable cloud content ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CloudContent" /v "DisableSoftLanding" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d "1" /f
    
    rem == disable application compatibility telemetry ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppCompat" /v "DisableInventory" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppCompat" /v "DisablePCA" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppCompat" /v "DisableUAR" /t REG_DWORD /d "1" /f
    
    rem == disable activity history ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "EnableActivityFeed" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "PublishUserActivities" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "UploadUserActivities" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "AllowCrossDeviceClipboard" /t REG_DWORD /d "0" /f
    
    rem == disable location and sensors ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocation" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocationScripting" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableSensors" /t REG_DWORD /d "1" /f
    
    rem == block applications from being able to poll and connect to the windows push notification service (WNS) ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoCloudApplicationNotification" /t REG_DWORD /d "1" /f
    
    rem == disable access to messaging ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Messaging" /v "AllowMessageSync" /t REG_DWORD /d "0" /f
    
    rem == disable app permissions ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessNotifications" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMicrophone" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMessaging" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCamera" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsActivateWithVoice" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsActivateWithVoiceAboveLock" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessGraphicsCaptureProgrammatic" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\cellularData" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam" /v "Value" /t REG_SZ /d "Deny" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\wifiData" /v "Value" /t REG_SZ /d "Deny" /f
    
    rem == disable find my device ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\FindMyDevice" /v "AllowFindMyDevice" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Settings\FindMyDevice" /v "LocationSyncEnabled" /t REG_DWORD /d "0" /f
    
    rem == prevent windows from setting the time automatically ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "Enabled" /t REG_DWORD /d "0" /f
    
    rem == disable updates to the disk failure prediction model ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\StorageHealth" /v "AllowDiskHealthModelUpdates" /t REG_DWORD /d "0" /f
    
    rem == prevent syncing settings to and from this PC ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSync" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSyncUserOverride" /t REG_DWORD /d "1" /f
    
    rem == disable teredo ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\TCPIP\v6Transition" /v "Value" /t REG_SZ /d "Disabled" /f
    
    rem == turn off apps for websites ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "EnableAppUriHandlers" /t REG_DWORD /d "0" /f
    
    rem == prevent SystemApps with telemetry from getting deployed ==
    set key=HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications
    for %%i in (
    AppRep.ChxApp
    CloudExperienceHost
    SecHealthUI
    Client.CBS
    ) do (
      for /f %%a in ('reg query "%key%" /f %%i /k ^| find /i "InboxApplications"') do if not errorlevel 1 (reg delete %%a /f)
    )
    
    rem == hide Microsoft Edge from apps & features ==
    reg delete "HKLM\SOFTHIVE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /f
    reg delete "HKLM\SOFTHIVE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update" /f
    
    reg unload HKLM\SOFTHIVE
    reg load HKLM\SYSHIVE mount\Windows\System32\config\SYSTEM
    
    rem == disable windows network connectivity status indicator (ncsi) ==
    reg add "HKLM\SYSHIVE\ControlSet001\Services\NlaSvc\Parameters\Internet" /v "EnableActiveProbing" /t REG_DWORD /d "0" /f
    
    rem == delete telemetry services ==
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\BITS" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\DoSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\DiagTrack" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\diagnosticshub.standardcollector.service" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\dmwappushservice" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\DPS" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\edgeupdate" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\edgeupdatem" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\lfsvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\MapsBroker" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\pla" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\SecurityHealthService" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\Sense" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\UsoSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdiServiceHost" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdiSystemHost" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdBoot" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdFilter" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdNisDrv" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WdNisSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WinDefend" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WaaSMedicSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\wuauserv" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\wercplsupport" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WerSvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\wisvc" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WpnService" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WSearch" /f
    
    rem == prevent Windows from setting the time automatically ==
    reg add "HKLM\SYSHIVE\ControlSet001\Services\W32Time\Parameters" /v "Type" /t REG_SZ /d "NoSync" /f
    
    rem == delete autologger telemetry ==
    reg delete "HKLM\SYSHIVE\ControlSet001\Control\WMI\Autologger\CloudExperienceHostOobe" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Control\WMI\Autologger\Diagtrack-Listener" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Control\WMI\Autologger\SQMLogger" /f
    reg delete "HKLM\SYSHIVE\ControlSet001\Control\WMI\Autologger\WFP-IPsec Trace" /f
    
    reg unload HKLM\SYSHIVE
    reg load HKLM\NTUSER mount\Users\Default\NTUSER.DAT
    
    rem == disable smartscreen for store and apps ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t REG_DWORD /d "0" /f
    
    rem == disable smartscreen for microsoft edge ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d "0" /f
    
    rem == disable typing insights & handwriting personalization ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Input\Settings" /v "InsightsEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Input\Settings" /v "EnableHwkbTextPrediction" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Input\Settings" /v "EnableHwkbAutocorrection2" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\TabletTip\1.7" /v "EnableAutocorrection" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\TabletTip\1.7" /v "EnableSpellchecking" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\TabletTip\1.7" /v "EnableTextPrediction" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\TabletTip\1.7" /v "EnablePredictionSpaceInsertion" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\TabletTip\1.7" /v "EnableDoubleTapSpace" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Control Panel\International" /v "TurnOffAutocorrectMisspelledWords" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Control Panel\International" /v "TurnOffHighlightMisspelledWords" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Control Panel\International" /v "TurnOffInsertSpace" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Control Panel\International" /v "TurnOffOfferTextPredictions" /t REG_DWORD /d "1" /f
    
    rem == disable advertising info and tracking app launches ==
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoRecentDocsHistory" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoResolveTrack" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInstrumentation" /t REG_DWORD /d "1" /f
    
    rem == disable speech recognition ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t REG_DWORD /d "0" /f
    
    rem == disable inking & typing personalization ==
    reg add "HKLM\NTUSER\Software\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\Software\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\Software\Microsoft\InputPersonalization\TrainedDataStore" /v "HarvestContacts" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Personalization\Settings" /v "AcceptedPrivacyPolicy" /t REG_DWORD /d "0" /f
    
    rem == disable diagnostics & feedback ==
    reg add "HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableTailoredExperiencesWithDiagnosticData" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\Privacy" /v "TailoredExperiencesWithDiagnosticDataEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /t REG_DWORD /d "0" /f
    
    rem == disable search permissions ==
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /v "SafeSearchMode" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /v "IsMSACloudSearchEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /v "IsAADCloudSearchEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\Software\Microsoft\Windows\CurrentVersion\SearchSettings" /v "IsDeviceSearchHistoryEnabled" /t REG_DWORD /d "0" /f
    
    rem == turn off all windows spotlight features (personalized experiences) ==
    reg add "HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightFeatures" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d "1" /f
    
    rem == hide IndexingOptions from control panel ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowCpl" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl" /v "1" /t REG_SZ /d "Microsoft.IndexingOptions" /f
    
    reg unload HKLM\NTUSER
    rem == done disabling telemetry ==
    
    rem == delete edge browser ==
    for /f %%x in ('dir /b "mount\Program Files (x86)\Microsoft\Edge*"') do (rmdir /q /s "mount\Program Files (x86)\Microsoft\%%x")
    
    rem == create panther folder and add unnatend.xml ==
    mkdir mount\Windows\Panther
    copy /y unattend.xml mount\Windows\Panther
    
    rem == unmount wim ==
    dism /unmount-wim /mountdir:mount /commit
    
    rem == rebuild the install.wim ==
    dism /Export-Image /SourceImageFile:install.wim /SourceIndex:1 /DestinationImageFile:install2.wim /checkintegrity
    del /f /q install.wim
    ren install2.wim install.wim
    
    rem == delete mount and scratch folders ==
    rd /s /q mount
    rd /s /q temp
    
    pause
    exit
    
     
  15. maur0

    maur0 MDL Member

    Aug 3, 2012
    234
    101
    10
    i need help
    PS C:\Windows\System32\WindowsPowerShell\v1.0> mmagent


    ApplicationLaunchPrefetching : True
    ApplicationPreLaunch : False
    MaxOperationAPIFiles : 256
    MemoryCompression : True
    OperationAPI : True
    PageCombining : True
    PSComputerName :



    ApplicationPreLaunch is not possible enable on windows server?


    PS C:\Windows\System32\WindowsPowerShell\v1.0> enable-mmagent -ApplicationPreLaunch
    enable-mmagent : Não há suporte para o pedido.
    No linha:1 caractere:1
    + enable-mmagent -ApplicationPreLaunch
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (PS_MMAgent:Root\Microsoft\...gent\PS_MMAgent) [Enable-MMAgent], CimEx
    ception
    + FullyQualifiedErrorId : Windows System Error 50,Enable-MMAgent
     
  16. zbigniew59

    zbigniew59 MDL Senior Member

    May 14, 2016
    374
    171
    10
    Which SystemApps can be safely removed to continue to work updates?
     
  17. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,347
    2,256
    60