This policy Code: Computer Policy\Administrative Templates\Control Panel\Regional and Language Options - Allow input personalization set to Disabled. adds the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\InputPersonalization with the value AllowInputPersonalization DWORD 0 and for consistency I am adding this one, which I don't find essential though (for 64-bit OS) HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\InputPersonalization with the value AllowInputPersonalization DWORD 0 This translates to Code: reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d "0" /f Just to clarify, this is in addition to the values already mentioned, not to replace them, at least for added peace of mind, as they may be the only required values after all.
Stumbled upon this thread. Glad to find big batches of registry edits to put into my new builds. I've been using MSMG for a while to customize Windows 10. FYI, Disabling telemetry from install is in the works in MSMG's latest build, but users have reported that it currently causes issues with windows updates.
Hello tried it on my Win10 tablet, but only "Access is denied" on both Where do I go from here? Thanks Delete: Code: sc delete dmwappushservice sc delete diagtrack Answer: Access Denied
Hi, I followed CODYQX4's guide on "Windows Firewall Configuration - Truly Block EVERYTHING..." as "Allow Only Core Networking + Block Windows Update". It seems to work pretty well, except for the fact, that router does log connections to / in telemetry servers on port 80 (http). When it comes to windows, netstat -ano does not list them, neither process hacker 2 show any related connections. As far as I understand, rerouting ips would work, but the list seems to be never ending - a fight without an end, therefore will not be won anytime soon. Does anyone know how/where the ips are sourced on the OS? All related ips should be gathered from os (including yet unused ones) and be rerouted. (I believe running os on a virtual machine, configured this way and later doing a ram dump searching ip of the occured http connection might yield the source of the process, which initiated the connection, possibly the source of ips as well.) And, right, do we have a script or tool to do mass rerouting? On the other side, do we have people with success stories of disabling telemetry successfully? Of course with the test on the router side. Which steps were necessary? Perhaps I miss some registry tweak to approach this windows 10 no-telemetry nirvana.
Why not just block all windows processes and then work your way up from there? You can always install updates offline or allow svchost, when checking for updates. Svchost is required to connect out to update certificates within browsers, but not always. It is also needed to handle DNS requests and get IP from DHCP server. But if you setup IP and DNS servers manually (and disable the useless and dangerous DNS Cache service), you do not need either to be allowed. There also other requirements, if you need store, cortana, sharing, LAN, but there are better 3rd party alternatives to handle most of it. My rules:
As for testing I did set firewall to block all undefined inbound, outbound connections and deleted all rules. Outcome is such that on router side one 137 to 192.168.1.255 was spotted, some 53 connections (to router) and quite a lot of 80s to telemetry server(-s). Windows is not showing any presence of 53s or 80s on netstat and process hacker 2. DNS Client service stop and other options are grayed out for me, cannot disable it.
As you may already know windows creates an additional service for each user with a different name extension. ex. OneSyncSvc OneSyncSvc_a30a7z They are both enabled by default and require registry Start 4 to be dissabled. Question is: how to run a for each key path that begins with HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneSyncSvc. So this can dissable both without knwoing the unique _xyz path.
Directly in Command Prompt: Code: for /f "delims=" %k in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "OneSyncSv*" ^| find "OneSyncSv"') do reg add "%k" /v Start /t REG_DWORD /d 4 /f In a batch file: Code: for /f "delims=" %%k in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services" /k /f "OneSyncSv*" ^| find "OneSyncSv"') do reg add "%%k" /v Start /t REG_DWORD /d 4 /f
Thanks @BAU Last question, certain schtasks need SYSTEM priviledges to be disabled so I do psexec64.exe -i -s cmd.exe and enter manually 1. Is putting them on a bat equivalent in terms of priviledges? like psexec64.exe -i -s test.bat 2. Also for some reason I have lost spell check... is it solely dependent on chrome? I have dissabled it so it doesn't send data to google but I get no spell check even on this forum... writing this post. Any windows native options?
I'm not using psexec so I don't know about that, but it's safer to launch cmd than a file association directly. For example: cmd.exe /c call test.bat Spellchecking should be a feature of the browser itself - check your options. It probably needs javascript support too.