[REPO] Windows 10 TELEMETRY REPOSITORY

Discussion in 'Windows 10' started by Yen, Aug 4, 2015.

  1. DirtyAngelicaSecured

    Mar 30, 2020
    101
    17
    10
    #1301 DirtyAngelicaSecured, May 16, 2021
    Last edited: May 16, 2021
    Nevermind, figured it out!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Tep

    Tep MDL Novice

    Jul 28, 2019
    7
    11
    0
    #1302 Tep, May 19, 2021
    Last edited: May 20, 2021
    Your software is very promising lakrispipe, because the solution is not integrated with the operating system or changes can be made without notice : a overlay and a transparent control of the registry !

    The new keys introduced by the updates must be discriminated or marked: they will be easier to examine in view of their activation/deactivation/deletion with maintain of deletion if necessary.

    And a event/key/function reference manual will surely be useful.

    The existing solutions are not hyper-specialised like yours or are part of a heavy security suite (solarwinds registry-monitoring) or very simple (StartupEye Registry Monitor = which only monitors the startup line of the registry).





     
  3. fsound

    fsound MDL Novice

    Apr 3, 2015
    34
    19
    0
    Just curious: have there been approaches to port (copy, patch) the missing functions from the Enterprise version to the Professional version? I bet, those are just a bunch of DLLs, as we've had in the past, e.g. RDP.
     
  4. Aldegard

    Aldegard MDL Novice

    Aug 19, 2021
    23
    13
    0
    #1307 Aldegard, Aug 24, 2021
    Last edited: Aug 24, 2021
    Debloat Task Manager.

    Disable Microsoft Text Input Application:
    Code:
    reg add "HKLM\SOFTWARE\Microsoft\Input" /v InputServiceEnabled /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\Microsoft\Input" /v InputServiceEnabledForCCI /t REG_DWORD /d 0 /f
    Disable CTF Loader:
    Code:
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService" /v Start /t REG_DWORD /d 4 /f
    Disable Security Health Service:
    Code:
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v Start /t REG_DWORD /d 4 /f
     
  5. wacamole

    wacamole MDL Novice

    May 31, 2010
    16
    1
    0
    :roflmao: perfect example hahaha
     
  6. Aldegard

    Aldegard MDL Novice

    Aug 19, 2021
    23
    13
    0
    #1309 Aldegard, Sep 1, 2021
    Last edited: Sep 1, 2021
    The old rule for disabling Multicast DNS is not enough anymore. Add one more. Like this (new and old):
    Code:
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMDNS /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f
    The same concerns Microsoft NCSI. Old rule not enough anymore. Now when you turn on PC Windows sometimes phone to "dns.msftncsi.com". Maybe someone knows a new rule to disable it ?
     
  7. Its the most wanted & awaited rule to disable msftncsi dns dns.msftncsi.com calling M$ after every 10-30 minutes interval if it could be switched off then i am sure no any telemetry reg tweak or any gpo tweak is needeed as it will completly break user os calling m$ via his or her router local address to remote address.

    Nice find you are a Gem ;)
     
  8. case-sensitive

    case-sensitive MDL Expert

    Nov 7, 2013
    1,681
    738
    60
    @ Clarity ---- >

    The old one is reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f

    The new one is reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMDNS /t REG_DWORD /d 0 /f

    ?
     
  9. Aldegard

    Aldegard MDL Novice

    Aug 19, 2021
    23
    13
    0
    #1312 Aldegard, Sep 2, 2021
    Last edited: Sep 2, 2021
    Yes. To completely disable Multicast, they should be both applied. They work only in a pair.

    I see an attempt to connect to the dns.msftncsi.com takes place only during the OS boot process. Newer more after. Definitely you have not everything is disabled. Try this:

    Code:
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet" /v EnableActiveProbing /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v NoActiveProbe /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v DisablePassivePolling /t REG_DWORD /d 1 /f
     
  10. IF YOU CAN CROSS CHECK YOUR ROUTER LOGS THEN YOU WILL BE ABLE TO SEE HOW MANY TIMES IT REQUESTED YOUR SYSTEM TO CONNECT TO IT IN A SINGLE DAY WITHOUT ANY REBOOT.
    PL DO CROSS CHECK.
     
  11. Aldegard

    Aldegard MDL Novice

    Aug 19, 2021
    23
    13
    0
    I`m using Windows Server 2022 with my own DNS server on it with enabled logging all dns requests. It`s empty. I`m fully disable all microsoft &^%$ on this moment (except this NCIS on boot). I have a lot of experience with disabling this &^%$

    I only realized that I never applied all three rules for NCSI together. I need to trace it can help with "boot connections".
     
  12. yes Thatswhy i already Said "You are a Gem" Awesome ;)
     
  13. Very Nice . Keep it up.
     
  14. Techville

    Techville MDL Novice

    Jan 28, 2021
    6
    0
    0
    Hi,

    I have win 10 enterprise LTSC installed and have set telemetry level to 0 = security. Also gone through settings -- Privacy and disabled nearly everything.


    Is that the best I can do ? I couldn't work out if the additional steps atr the top of this thread were in addition or instead of

    I have reluctantly migrated from Windows 8.1 and I am hoping I now have (more or less) the same level or privacy. Is that true ?

    BTW in setting telemetry to 0, do MS just collect the same level of data as in basic telemetry ?


    1. Operating system name and version, locale.
    2. Date and time.
    3. Locally defined, unique ID for device, and device class (e.g. Server or Desktop).
    4. Various unique user, machine and application identifiers.
    5. Various information about the system, both in hash form and strings, e.g. OEM manufacturer information, device name, TMP version, active microphones, firmware, networking information, license state, license key, processor, speech settings, storage, display, and more. (see Census listings there).


    Thanks