abbodi1406, I'm coming from a point of total ignorance here, so forgive me if this is way out there. Would it be possible to use dummy/fake DLL and EXE files, registry entries to make Windows think that the Customer Experience Improvement, Telemetry stuff, Compatibility Appraiser, etc, were already installed? If so, could they be used to report a 'newer version' than what would be installed by offending Monthly Rollups, Security only patches/updates? In other words, could the offending updates by ran by doing this, allowed install anything outside of the offending files and not removed in their entirety, leaving Windows Updates reporting that they are installed, and hopefully allowing removal of the entire fake-out system? I hope that makes sense!
@tro511 Creating fake WinSxS components with higher version is technically possible, but not easy to accomplish and the fake components (manifests) must be added manually with proper registry keys before installing any monthly rollup or security only update i.e. it will only work for clean Win 7 installation the current approch of disabling telemetry is good enough CEIP cannot be removed, but nothing will be sent if it's OFF
hey guys, I didn't read the whole thread. does this block the key logger? also how can we see or is there an application that can tell what microsoft is trying to upload everyday and how to prevent it? update: I meant if we did decide to install w10? Thx!
How about a collection of HOSTS for blocking telemetry as well (I know there are some lists in GitHub, but are they any good?) Also, since some programs can skip the HOSTS resolving directly to next-nearest DNS-resolving (your router/ISP), you can use PieHole in your home network (I've heard that switching to AdGuard-DNS helps eliminate some of the tracking that is shared with the M$ websites such as pixel-tracking and ads-domains), You CAN block those on your machine however if you'll have a program such as PeerBlock (new fork PeerGuardian), the driver works well on Windows 7 at least, and if you'll load up the Microsoft-related IPs (gets updated sometimes) from iblocklist website, it can help you, in additional to the HOSTS blocking.
if its enterprise edition then just a single reg tweak to disable CEIP as suggested by abbodi brother will do it nothing else is needed. but if Home or Pro edition then it needs some tools plus firewall Outbound Rules or separate Hosts file to disable telemtry completely but not 100% as till date i think theres no any solution to completly disable telemetry on these edition without breaking the system function as per user needs. Especialy i am talking about Edge if removed Win updates wont work anymore. shell experience host if removed win wont boot correctly as its needed for wdm windows desktop manager to work properly. etc etc too many other reasons too ie hidden scheduled tasks plus un needed active services ...... list goes on & on & on.
What is this registry tweak for Enterprise? I searched half the thread, but didn't find it. Edit: Nevermind, I thought it was for Windows 7
Ok, nice PS: For anyone asking himself (like me...) howto add the package to a live OS Load a WinPE iso > browse to main OS dir (c:\) >> cmd >> dism /image:c:\ /add-package /packagepath:c:\IMIKurwica-DeTelemetry-Package-x86.cab >> reboot
is there a need to use this after updating windows7 iso using Simplix Pack(which I believe leaves the telemetry updates out)
For anyone interested, not my work obviously....Just read up on the full thread and noticed about the cmd screen not showing on boot...same on my end. Tested diff ways in the task scheduler but it refuse to show on boot? So, for people that like to see the cmd on (each) boot >> I create a GPO rule Code: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run It removes the task and ad the batch to C:\Windows\WuESU\scripts Same file ofcourse put folder on c:\ run [run]w10block_202005.cmd Code: @echo off schtasks /Delete /F /TN "BlockW10" powershell write-host -fore Magenta MS WIndows 7 -- Add W10-block script to the User Logon --===GPO--=== powershell write-host -fore Green Credits to --====abbodi1406 - MDL--==== mkdir C:\Windows\WuESU\scripts xcopy C:\w10block\W10-Block.cmd C:\Windows\WuESU\scripts /r /y regedit /s C:\w10block\w10block.reg TIMEOUT /T 5
If I am using the Suppressor (on Win7 before applying any updates), does it matter if I use the 'Security-only' packages or not? Also: Would this impact applying ESUs in any way?