[REPO] Windows 10 TELEMETRY REPOSITORY

Discussion in 'Windows 10' started by Yen, Aug 4, 2015.

  1. asache

    asache MDL Junior Member

    Apr 11, 2008
    81
    16
    0
    didnt i read here on forum telemetry will be renamed, reworked and can be disabled ? security will mean will be disabled , basic will remain and full telemetry will not exist anymore?
     
  2. Feniksrising

    Feniksrising MDL Member

    Nov 27, 2016
    169
    117
    10
    Someone explain to me how routing all your traffic through an American company trading on NASDAQ is safe?
     
  3. BAU

    BAU MDL Addicted

    Feb 10, 2009
    619
    1,082
    30
    ;)
     
  4. ashish1989

    ashish1989 MDL Member

    Sep 20, 2013
    144
    8
    10
    I am using windows 10 Pro, read the OP
    I am confused which method is best to apply to block telemetry in my windows
     
  5. vladnil

    vladnil MDL Junior Member

    Jan 19, 2019
    55
    22
    0
    Windows 10 has recently begun to enrage me!
    Even the calculator sends data to Microsoft.
    I'm already silent about the defragmenter!
    The whole system is some kind of terminal server for collecting and sending information.

    It is necessary to bring down from this board ....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. gaaara

    gaaara MDL Novice

    Dec 25, 2015
    9
    1
    0
    the calculator sends data to Microsoft eh ok !? ty for the information ^^
     
  7. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,684
    3,408
    120
    The calculator has to connect to MS as it downloads up-to-date currency conversion rates.
     
  8. MrRexio

    MrRexio MDL Novice

    Feb 13, 2018
    3
    1
    0
    Can anyone explain me why to use 0.0.0.0 in system32\drivers\etc\hosts instead of 127.0.0.1 ??? . The explanation gave by the stackoverflow link is beyond my grasp.

    Easy test made me rethink about it:
    added 0.0.0.0 mydigitallife.net
    saved it
    fired up firefox typed mydigitallife.net
    it loads
     
  9. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,684
    3,408
    120
    When using many 127.0.0.1 redirection entries in the hosts file, it slows down the network stack, as Windows needs more and more time to parse it. 127.0.0.1 means localhost (your own machine).
    When using 0.0.0.0, on the other hand, these slowdowns do not occur. Thus, it's better to use 0.0.0.0.

    General question: There is another thing to consider: If you have IPv6 access, as more and more systems do now, is it enough to redirect to 0.0.0.0 (or 127.0.0.1)? Or do you have to additionally redirect to :: (or ::1), in order to cancel out the IPv6 that might be resolved if the site has an AAAA record? Microsoft has a nearly 100% IPv6 enabled network, these days.
    Currently I'm using both redirections, just to be safe.

    Example:

    Code:
    0.0.0.0 domain
    :: domain
     
  10. MrRexio

    MrRexio MDL Novice

    Feb 13, 2018
    3
    1
    0
    But.... but... why does mydigitallife.net loads if it is blocked with 0.0.0.0 ? :confused: sites blocked with 127.0.0.1 dont load.

    Thanks in advance Carlos
     
  11. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,684
    3,408
    120
    1. You need to block all subdomains separately, e. g. mydigitallife.net will not block www.mydigitallife.net nor forums.mydigitallife.net. Needs 3 entries to block all. Personally, I'm using the Acrylic DNS proxy, Acrylic's hosts file allows wildcards and even regular expressions.
    2. I have made the personal experience that the hosts file sometimes does not "take", especially when being copied in place. Simply repeat the process, copy using Windows tools.
    3. A domain redirected to 0.0.0.0 (and ꞉꞉) is definitely not accessible anymore.
     
  12. case-sensitive

    case-sensitive MDL Member

    Nov 7, 2013
    173
    88
    10
    Short off topic ---- >

    >Myself I'm sticking with DNSCrypt and academic hosted proxies.

    DNSCrypt doesnt work . The ISPs can and do reroute trafic through their servers . I'm not in the position to explain that scientificly ........ i just read what the developers have said themselves when asked why a user can go to DNS server tracking / testing web sites and see their providers server IP adress .
     
  13. BAU

    BAU MDL Addicted

    Feb 10, 2009
    619
    1,082
    30
    #1174 BAU, May 25, 2020
    Last edited: May 25, 2020
    Because hiding your IP address is totally what DNSCrypt was meant to do...
    [edit]...sharp, quote-able posters such as yourself to raise awareness about open source projects that doesnt work since 2008!!! So, thank you for your service!
     
  14. haz367

    haz367 MDL Junior Member

    Jan 11, 2020
    77
    39
    0
    #1176 haz367, May 28, 2020
    Last edited: Jun 1, 2020 at 10:16
    Lots of info/scripts regarding this :p sorting all a little..so credits to all for the tweaks.

    Here's a sorted GPO Tweak reg list. Don't add it blindly ofcourse and use at ur own risk....

    Code:
    Windows Registry Editor Version 5.00
    ;                                          MS Windows 10 GPO Tweaks
    ; based on MANAGE CONNECTIONS FROM WINDOWS 10 OPERATING SYSTEM COMPONENTS TO MICROSOFT SERVICES as of 2019.09.16
    
                                      ;  Telemetry and Error Reporting GPO Tweaks
    
    ; Disable Telemetry Group
    ; Security level is only supported on Education and Enterprise [best editions privacy-wise]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
    "DoNotShowFeedbackNotifications"=dword:00000001
    "AllowDeviceNameInTelemetry"=dword:00000000
    "AllowTelemetry"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]
    "AITEnable"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener]
    "Start"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger\Diagtrack-Listener]
    "Start"=dword:00000000
    
    ; Disable Application Experience Group
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]
    "DisableUAR"=dword:00000001
    "DisableInventory"=dword:00000001
    
    ; Disable CEIP Group
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows]
    "CEIPEnable"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\SQM]
    "DisableCustomerImprovementProgram"=dword:0000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client]
    "CEIP"=dword:00000002
    
    ;Disable Query Remote Server
    [HKEY_LOCAL_MACHINE\SOFTWARE\policies\microsoft\windows\scripteddiagnosticsprovider\policy]
    "enablequeryremoteserver"=dword:00000000
    
    ; Disable Error Reporting Group
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting]
    "Disabled"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting]
    "Disabled"=dword:0000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting]
    "DoReport"=dword:00000000
    
    ; Other Diagnostics
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy]
    "DisableQueryRemoteServer"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Assistance\Client\1.0]
    "NoOnlineAssist"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\StorageHealth]
    "AllowDiskHealthModelUpdates"=dword:00000000
    
                                            ; Search and Cortana GPO Tweaks
    
    ; Disable Cortana Group
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
    "AllowCortana"=dword:00000000
    "AllowSearchToUseLocation"=dword:00000000
    
    ; Disable Online Search Group
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
    "DisableWebSearch"=dword:000000001
    "ConnectedSearchUseWeb"=dword:00000000
    "ConnectedSearchPrivacy"=dword:00000003
    
    ; Turn off Search Companion content file updates
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion]
    "DisableContentFileUpdates"=dword:00000001
    
                                         ; MS Windows Defender GPO Tweaks
    
    ; Disable Windows Defender Group
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
    "DisableRealtimeMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI]
    "AllowAppHVSI_ProviderSet"=dword:00000000
    
    [[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
    "Start"=dword:00000004
    
    ; Silence Windows Defender Group
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting]
    "DisableEnhancedNotifications"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
    "SpynetReporting"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
    "SubmitSamplesConsent"=dword:00000002
    
    ; Disable SmartScreen
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "EnableSmartScreen"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
    "ConfigureAppInstallControlEnabled"=dword:00000000
    "ConfigureAppInstallControl"="Anywhere"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost]
    "EnableWebContentEvaluation"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter]
    "EnabledV9"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter]
    "EnabledV9"=dword:00000000
    
    ; Delete ShellSmartScreenLevel
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "ShellSmartScreenLevel"=""
    
    ; Turn off Windows Network Connectivity Status Indicator active tests
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
    "NoActiveProbe"dword:00000001
    
    ; Silence MRT-Tool - Windows Malicious Removal Tool
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
    "DontOfferThroughWUAU"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
    "DontReportInfectionInformation"=dword:00000001
    
                                        ; Privacy and Advertisement GPO Tweaks
    
    ; Disable Advertisement Group
    
    ; Turn off Advertising
    [HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\AdvertisingInfo]
    "Enabled"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo]
    "DisabledByGroupPolicy"=dword:00000001
    
    ; Turn off Consumer Experiences - MS Store
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CloudContent]
    "DisableWindowsConsumerFeatures"=dword:00000001
    
    ; Limit Tailored Experiences -- Admin
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy]
    "TailoredExperiencesWithDiagnosticDataEnabled"=dword:00000000
    ; Limit Tailored Experiences -- User
    [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
    "DisableTailoredExperiencesWithDiagnosticData"=dword:00000001
    
    ; Turn off Windows Spotlight
    [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
    "DisableWindowsSpotlightFeatures"=dword:000000001
    
    ; Disable Online Tips in Settings
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "AllowOnlineTips"=dword:00000000
    
    ; Don't show Windows Tips
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
    "DisableSoftLanding"=dword:00000001
    
    
    ; Disable Lock Screen Group
    
    ;Don't use Lock Screen
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
    "NoLockScreen"=dword:00000001
    
    ;Set LockScreen Image and Enable LockScreen Image
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
    "LockScreenImage"="C:\\Windows\\Web\\Screen\\lockscreen.jpg"
    "LockScreenOverlaysDisabled"=dword:00000001
    
    
    ; No Personalization Group
    
    ;Disable input personalization
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
    "AllowInputPersonalization"=dword:00000000
    
    ;Disable Test Collection
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
    "RestrictImplicitTextCollection"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\InputPersonalization]
    "RestrictImplicitTextCollection"=dword:00000001
    
    ;Disable Inc Collection
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
    "RestrictImplicitInkCollection"=dword:00000001
    
    ;Disable Linguistic Data Collection
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput]
    "AllowLinguisticDataCollection"=dword:00000000
    
    ;Disable Handwriting Error Reports
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReport]
    "PreventHandwritingErrorReports"=dword:00000001
    
    ;Disable Handwriting Data Sharing
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TabletPC]
    "PreventHandwritingDataSharing"=dword:00000001
    
    
    ;Protect Location Group
    
    ;Disable Location Provider
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors]
    "DisableLocation"=dword:00000001
    
    ;Don't Share Language List
    [HKEY_CURRENT_USER\Control Panel\International\User Profile]
    "HttpAcceptLanguageOptOut"=dword:00000001
    
    ;Online Speech Privacy
    [HKEY_CURRENT_USER\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy]
    "HasAccepted"=dword:00000000
    
    ;Change Windows Feedback Frequency
    [HKEY_CURRENT_USER\Software\Microsoft\Siuf\Rules]
    "PeriodInNanoSeconds"=dword:00000000
    "NumberOfSIUFInPeriod"=dword:00000000
    
    
    ;No Registration Group
    
    ;Disable KMS GenTicket
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform]
    "NoGenTicket"=dword:00000001
    
    ;Disable Registration
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control]
    "NoRegistration"=dword:00000001
    
    
    ;No Push Notifications Group
    
    ;Disable Cloud Notification
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications]
    "NoCloudApplicationNotification"=dword:00000001
    
    ;Disable Cloud Notification
    [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications]
    "NoCloudApplicationNotification"=dword:00000001
    
    
                                        ; Microsoft Account GPO Tweaks
    
    ;Disable Disable OneDrive Group
    
    ; Disable OneDrive Usage
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive]
    "DisableFileSyncNGSC"=dword:00000001
    
    ;Silence OneDrive
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OneDrive]
    "PreventNetworkTrafficPreUserSignIn"=dword:00000001
    
    
    ;No Microsoft Accounts Group
    
    ;Disable Microsoft Accounts
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoConnectedUser"=dword:00000003
    
    
    ;No Settings Sync Group
    
    ;Disable Settings Sync
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SettingSync]
    "DisableSettingSync"=dword:00000002
    
    ;Force Disable Settings Sync
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SettingSync]
    "DisableSettingSyncUserOverride"=dword:00000001
    
    ;Disable WiFi-Sense
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager\config]
    "AutoConnectAllowedOEM"=dword:00000000
    
    
    ;No Find My Device Group
    
    ;Don't Allow FindMyDevice
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FindMyDevice]
    "AllowFindMyDevice"=dword:00000000
    
    
    ;No Cloud Clipboard Group
    
    ;Disable Cloud Clipboard
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
    "AllowCrossDeviceClipboard"=dword:00000000
    
    
    ;No Cloud Messages Group
    
    ;Don't Sync Messages  -- Admin
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Messaging]
    "AllowMessageSync"=dword:00000000
    
    ;Don't Sync Messages -- User
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Messaging]
    "AllowMessageSync"=dword:00000000
    
    ;Disable Activity Feed Group
    
    ;Disable Activity Feed
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
    "EnableActivityFeed"=dword:00000000
    
    ;Don't Upload User Activities
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
    "UploadUserActivities"=dword:00000000
    
    ;Don't Publish User Activities
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
    "PublishUserActivities"=dword:00000000
    
    
    ;No Cross Device Experience Group
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
    "EnableCdp"=dword:00000000
    
    
                                             ;Visual Studio GPO Tweaks
    
    ;Turn off VS telemetry Group
    [HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\Telemetry]
    "TurnOffSwitch"=dword:00000001
    
    ;Turn off PerfWatson2.exe
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\SQM]
    "OptIn"=dword:00000000
    
    ;Block Microsoft.ServiceHub.Controller.exe
    ;Optional
    ;%ProgramFiles(x86)%\Microsoft Visual Studio\2019\Community\Common7\ServiceHub\controller\Microsoft.ServiceHub.Controller.exe
    
    
    ;Turn off VS Feedback button Group
    
    ;DisableFeedbackDialog
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback]
    "DisableFeedbackDialog"=dword:00000001
    
    ;Disable Email Input
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback]
    "DisableEmailInput"=dword:00000001
    
    ;Disable Screenshot Capture
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback]
    "DisableScreenshotCapture"=dword:00000001
    
    
                                            ; Various others GPO Tweaks
    
    
    ;No Explorer AutoComplete Group  -- Recommended
    
    ;Disable Auto Suggest  -- Admin
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]
    "AutoSuggest"="no"
    ;;Disable Auto Suggest  -- User
    [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer\AutoComplete]
    "AutoSuggest"="no"
    
    ;No Delivery Optimizations Group
    
    ;Disable WU Delivery Optimizations -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization]
    "DODownloadMode"="100"
    
    ;No Internet Open With Group -- Recommended
    
    ;Disable Internet Open With -- Admin
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoInternetOpenWith"=dword:00000001
    ;Disable Internet Open With  -- User
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoInternetOpenWith"=dword:00000001
    
    ;Disable Driver Update Group
    
    ;Don't Update Drivers With WU
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
    "ExcludeWUDriversInQualityUpdate"=dword:00000001
    
    ;Don't get Device Info from Web
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Device Metadata]
    "PreventDeviceMetadataFromNetwork"=dword:00000001
    
    ;No Speech Updates Group
    
    ;Don't Update SpeechModel
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Speech]
    "AllowSpeechModelUpdate"=dword:00000000
    
    ;Lockdown MS Edge (non Chromium) Group
    
    ;Prevent Live Tile Data Collection
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main]
    "PreventLiveTileDataCollection"=dword:00000001
    
    ; Disable Pre-launch
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main]
    "AllowPrelaunch"=dword:00000000
    
    ;Disable Tab Pre-Loading
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader]
    "AllowTabPreloading"=dword:00000000
    
    ;Disable Adobe Flash Player
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Addons]
    "FlashPlayerEnabled"=dword:00000000
    
    ;Don't Update Compatibility Lists
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\BrowserEmulation]
    "MSCompatibilityMode"=dword:00000000
    
    ;Set Blank Stat Page
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings]
    "ProvisionedHomePages"="about:blank"
    
    ;Set 'DoNotTrack'
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main]
    "DoNotTrack"=dword:00000001
    
    ;No Password Auto Complete
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main]
    "FormSuggest Passwords"="no"
    
    ;Disable First Start Page
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main]
    "PreventFirstRunPage"=dword:00000001
    
    ;No Form Auto Complete
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main]
    "Use FormSuggest"="no"
    
    ;Disable AddressBar Suggestions
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes]
    "ShowSearchSuggestionsGlobal"=dword:00000000
    
    ;Disable AddressBar (drop down) Suggestions
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\ServiceUI]
    "ShowOneBox"=dword:00000000
    
    ;Keep New Tabs Empty
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\ServiceUI]
    "AllowWebContentOnNewTabPage"=dword:00000000
    
    ;Disable Books Library Updating
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary]
    "AllowConfigurationUpdateForBooksLibrary"=dword:00000000
    
    
    ;No Font Updates Group
    
    ;Don't Update Fonts
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "EnableFontProviders"=dword:00000000
    
    ;Automatic certificate updates Group
    
    ;Disable Certificate Auto Update
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot]
    "DisableRootAutoUpdate"=dword:00000001
    
    ;Date and Time (NTP Client) Group
    
    ;Disable NTP Client
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient]
    "Enabled"=dword:00000000
    
    ;Disable Teredo (IPv6) Group
    
    ;Disable Teredo Tunneling
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition]
    "Teredo_State"="Disabled"
    
    ;Disable Map Updates Group
    
    ;Turn off unsolicited Maps Downloads
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Maps]
    "AllowUntriggeredNetworkTrafficOnSettingsPage"=dword:00000000
    
    ;Turn off Auto Maps Update
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Maps]
    "AutoDownloadAndUpdateMapData"=dword:00000000
    
    
    ;Lockdown Internet Explorer Group
    
    ;Disable Enhanced AddressBar Suggestions
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer]
    "AllowServicePoweredQSA"=dword:00000001
    
    ;Turn off Browser Geolocation
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Geolocation]
    "PolicyDisableGeolocation"=dword:00000001
    
    ;Turn off Site Suggestions
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Suggested Sites]
    "Enabled"=dword:00000000
    
    ;Turn off FlipAhead Prediction
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FlipAhead]
    "Enabled"=dword:00000000
    
    ; Disable Download Version List
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\VersionManager]
    "DownloadVersionList"=dword:00000000
    
    ;Disable Sync of Feeds and Slices
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds]
    "BackgroundSyncStatus"=dword:00000000
    
    ;Disable Compatibility View
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation]
    "DisableSiteListEditing"=dword:00000001
    
    ;Disable First Run Wizard
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main]
    "DisableFirstRunCustomize"=dword:00000001
    
    ;Keep New Tabs Empty
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing]
    "NewTabPageShow"=dword:00000000
    
    
                                         ;Apps and Store GPO Tweaks
    
    ;Disable Store Group
    
    ;Disable the Store
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore]
    "DisableStoreApps"=dword:00000001
    
    ;Don't Auto Update Apps
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore]
    "AutoDownload"=dword:00000002
    
    ;Disable App Uri Handlers
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
    "EnableAppUriHandlers"=dword:00000000
    
    ;Lockdown Apps Group
    
    ;Don't Let Apps Access AccountInfo -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessAccountInfo"=dword:00000002
    
    ;Don't Let Apps Access Calendar -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessCalendar"=dword:00000002
    
    ;Don't Let Apps Access CallHistory -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessCallHistory"=dword:00000002
    
    ;Don't Let Apps Access Camera -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessCamera"=dword:00000002
    
    ;Don't Let Apps Access Contacts -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessContacts"=dword:00000002
    
    ;Don't Let Apps Access Email -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessEmail"=dword:00000002
    
    ;Don't Let Apps Access Location -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessLocation"=dword:00000002
    
    ;Don't Let Apps Access Messaging -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessMessaging"=dword:00000002
    
    ;Don't Let Apps Access Microphone -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessMicrophone"=dword:00000002
    
    ;Don't Let Apps Access Motion -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessMotion"=dword:00000002
    
    ;Don't Let Apps Access Notifications -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessNotifications"=dword:00000002
    
    ;Don't Let Apps Access Radio -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessRadios"=dword:00000002
    
    ;Don't Let Apps Access Tasks -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessTasks"=dword:00000002
    
    ;Don't Let Apps Access TrustedDevices -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsAccessTrustedDevices"=dword:00000002
    
    ;Don't Let Apps get Diagnostic Info -- Recommended
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsGetDiagnosticInfo"=dword:00000002
    
    ;LetAppsRunInBackground
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsRunInBackground"=dword:00000002
    
    ;Don't Let Apps Sync With Devices
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsSyncWithDevices"=dword:00000002
    
    
    ;Block Mail and People Group
    
    ;Disable Mail App
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail]
    "ManualLaunchAllowed"=dword:00000000
    
    ;Hide People from Taskbar -- Admin
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer]
    "HidePeopleBar"=dword:00000001
    ;Hide People from Taskbar -- User
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
    "HidePeopleBar"=dword:00000001
    
    ; Disable Clipboard History
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "AllowClipboardHistory"=dword:00000001
     
  15. case-sensitive

    case-sensitive MDL Member

    Nov 7, 2013
    173
    88
    10
    At deafening silence ---- >

    How do i personaly KNOW that DNSCrypt doesnt work ......... if the ISP doesnt want it to ? :)

    Because just before christmas i was surfing on a ramada hotel wifi net that has virgin as their ISP ......... i was using DNSCrypt proxy / simple DNSCrypt ........ after checking that DNSCrypt proxy was running ....... because it doesnt always start with the system ....... and wanted to go to a test web adress ....... one that i know that virgin blocks :) ...... and i got a block screen that said words to the effect off ' Virgin does not allow the use of this web site ' ......... wich could not happen if DNSCrypt proxy realy works .

    Maybe someone can test if that still happens ?
     
  16. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    936
    816
    30
    DNSCrypt is disabled by default, after you install it, you have to turn it ON. If it is enabled and your ISP blocks it, your DNS requests would fail. Check, if your system is sending traffic via port 53, if it is, then you are using normal DNS.
     

    Attached Files:

  17. case-sensitive

    case-sensitive MDL Member

    Nov 7, 2013
    173
    88
    10