hello! i heard about Product Policy editor on other forum.. what do you think about this program? How effective this solution? and may be you can help me to find topic on MDL about this app
@freddie-o Hello! I found your script for Windows 10 LTSC 2021 and studied it – you did a great job! But something raises my questions: In the "Disable all app permissions, sensor access, and cloud-based services" section, the line Code: reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Messaging" /v "AllowMessageSync" /t REG_DWORD /d "2" /f The REG_DWORD value is set to "2", but the Microsoft Learn website (Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services) says that to disable sync, you need to set the value to "0". If you set the Allow Message Service Cloud Sync to Disable in Group Policy: Computer Configuration > Administrative Templates > Windows Components > Messaging, the registry value will be set to "0". Perhaps I don't have enough information and the meaning of "2" is simply not described in the manuals?
Setting it to "2" force disables it. If you check Settings > Privacy & security > Messaging is "Force Denied" (greyed out)
There are actually a few Registry corrections in the script I'm in the process of updating the scripts I'm also replacing PowerRun with a powershell script (Elevate_as_TI.ps1) I put together in collaboration with a couple of AIs that elevates disable_telemetry script as TrustedInstaller
Updated all disable_telemetry scripts https://forums.mydigitallife.net/th...lemetry-repository.63874/page-66#post-1686849 Registry corrections: -- Fixed a few incorrect registry paths (duplicate "Software" subkeys) causing syntax failure. -- Several registry entries were writing to paths that don't exist on any Windows system due to a typo introduced during an earlier export/conversion process. These would have silently done nothing. They've been corrected to point to the right locations. -- A handful of duplicate and ineffective entries were also removed — they referenced non-existent value names or were overridden by other entries already present in the script. -- Replaced PowerRun with a powershell script (Elevate_as_TI.ps1) that elevates disable_telemetry script as TrustedInstaller. This script was developed and optimized through collaborative AI teamwork. Updated How-to https://forums.mydigitallife.net/th...lemetry-repository.63874/page-72#post-1723800
Code: rem == Disable Windows telemetry, diagnostics, and feedback == reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableEnterpriseAuthProxy" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableDeviceHealthTelemetry" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableOneSettingsDownloads" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowCommercialDataPipeline" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowDesktopAnalyticsProcessing" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowDeviceNameInTelemetry" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowWPRTelemetry" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableAIPoweredDiagnostics" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "LimitEnhancedDiagnosticDataWindowsAnalytics" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack" /v "AllowDiagnosticSubmission" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Feedback" /v "AllowFeedback" /t REG_DWORD /d "0" /f
Serious tech question. What is the test to determination as to when a value is overridden? I performed a clean, never connected install of 24H2 26100.8037 IoT and HKLM\policymanager allowtelemetry has a value of 1.
0 — Diagnostic Data Off (formerly Security): Availability: Only supported on Enterprise, Education, IoT, and Server editions. Behavior: No diagnostic data is sent from the device to Microsoft. On Home or Pro editions, setting this value typically defaults the system back to level 1. 1 — Required Diagnostic Data (formerly Basic): Behavior: Sends the minimum data necessary to keep the device secure, up-to-date, and performing as expected. Includes: Basic device info, quality-related info, and app compatibility. 2 — Enhanced (Deprecated): Status: This level has been removed for Windows 11 and modern versions of Windows 10. Legacy: It is only functional on older versions like Windows 10 version 1809 and earlier, or Windows Server 2016/2019. 3 — Optional Diagnostic Data (formerly Full): Behavior: Includes all "Required" data plus additional info to help Microsoft detect and fix issues. Includes: Details on browser usage, app usage, inking/typing data, and enhanced error reporting (which can include memory snapshots if a crash occurs). This specific policy path is considered deprecated and is primarily functional only on Windows 10 version 1809 and earlier. Code: HKLM\SOFTWARE\Microsoft\PolicyManager Modern versions of Windows use updated diagnostic data policies. Code: HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection
reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "EnableAllowedPeriodico" /t REG_DWORD /d "0" /f ---------》 reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "EnableAllowedPeriodic" /t REG_DWORD /d "0" /f
Found more corrections. These Registry commands are ineffective and can be deleted from the script for now, until I can upload the updated scripts Code: rem == disable cortana & search permissions == reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "AllowBingSearchEnabled" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "EnableAllowedPeriodico" /t REG_DWORD /d "0" /f
Updated disable_telemetry scripts >> 04.07.2026 Removed more ineffective Registry keys from disable_telemetry scripts Updated Elevate_as_TI.ps1 >> v1.1 https://forums.mydigitallife.net/th...lemetry-repository.63874/page-66#post-1686849
Thank you very much for your work. I have just one question for you: as I understand it, the script you provided is intended solely for working with telemetry. As for everything else, is there a complete script in your version that, in addition to disabling telemetry, also performs all other operations on the image? In other words, I'd like to try out the finished tool, as you've implemented it, which incorporates the piece of code you suggested for handling telemetry.
Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > "Configure WPR Telemetry"
Think of it like the difference between a general health report and a full-body MRI scan. Standard Telemetry (AllowTelemetry): This is like your computer telling Microsoft, "I crashed today," or "I use the Start menu twice a day." It’s basic info. WPR Telemetry (AllowWPRTelemetry): This is the deep dive. When your computer is acting slow, the Windows Performance Recorder (WPR) watches every single "breath" your computer takes—exactly what the processor is doing every millisecond and exactly how much memory is being used. The "Trace" (.etl) File When WPR is running, it creates a Trace file. This file is essentially a recording of your computer's "inner thoughts" during a specific window of time. Because this recording is so detailed, it can accidentally catch sensitive information (like bits of data you were working on) or simply be a massive file that takes up a lot of internet bandwidth to send.
for me...disable_telemetry scripts just targets disabling telemetry I'm not sure I understand what you're asking. If you're asking if my version of the script also performs other operations -- Yes. With Windows 10 for example my script also runs BypassESU before mounting the wim, adds LCU and drivers, enables hyper-v features. All my tweaks I run them after installing Windows
I see, that’s not what I meant. I was curious to take a look at your tool for working with the mounted install.wim image.