[REPO] Windows 10 TELEMETRY REPOSITORY

Discussion in 'Windows 10' started by Yen, Aug 4, 2015.

  1. DirtyAngelicaSecured

    DirtyAngelicaSecured MDL Junior Member

    Mar 30, 2020
    88
    12
    0
    #1301 DirtyAngelicaSecured, May 16, 2021
    Last edited: May 16, 2021
    Nevermind, figured it out!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Tep

    Tep MDL Novice

    Jul 28, 2019
    1
    0
    0
    #1302 Tep, May 19, 2021
    Last edited: May 20, 2021
    Your software is very promising lakrispipe, because the solution is not integrated with the operating system or changes can be made without notice : a overlay and a transparent control of the registry !

    The new keys introduced by the updates must be discriminated or marked: they will be easier to examine in view of their activation/deactivation/deletion with maintain of deletion if necessary.

    And a event/key/function reference manual will surely be useful.

    The existing solutions are not hyper-specialised like yours or are part of a heavy security suite (solarwinds registry-monitoring) or very simple (StartupEye Registry Monitor = which only monitors the startup line of the registry).





     
  3. fsound

    fsound MDL Novice

    Apr 3, 2015
    34
    18
    0
    Just curious: have there been approaches to port (copy, patch) the missing functions from the Enterprise version to the Professional version? I bet, those are just a bunch of DLLs, as we've had in the past, e.g. RDP.
     
  4. Aldegard

    Aldegard MDL Novice

    Aug 19, 2021
    23
    9
    0
    #1307 Aldegard, Aug 24, 2021
    Last edited: Aug 24, 2021
    Debloat Task Manager.

    Disable Microsoft Text Input Application:
    Code:
    reg add "HKLM\SOFTWARE\Microsoft\Input" /v InputServiceEnabled /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\Microsoft\Input" /v InputServiceEnabledForCCI /t REG_DWORD /d 0 /f
    Disable CTF Loader:
    Code:
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService" /v Start /t REG_DWORD /d 4 /f
    Disable Security Health Service:
    Code:
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v Start /t REG_DWORD /d 4 /f
     
  5. wacamole

    wacamole MDL Novice

    May 31, 2010
    16
    1
    0
    :roflmao: perfect example hahaha
     
  6. Aldegard

    Aldegard MDL Novice

    Aug 19, 2021
    23
    9
    0
    #1309 Aldegard, Sep 1, 2021
    Last edited: Sep 1, 2021
    The old rule for disabling Multicast DNS is not enough anymore. Add one more. Like this (new and old):
    Code:
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMDNS /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f
    The same concerns Microsoft NCSI. Old rule not enough anymore. Now when you turn on PC Windows sometimes phone to "dns.msftncsi.com". Maybe someone knows a new rule to disable it ?
     
  7. mdl052020

    mdl052020 MDL Member

    May 31, 2020
    1,060
    893
    60
    Its the most wanted & awaited rule to disable msftncsi dns dns.msftncsi.com calling M$ after every 10-30 minutes interval if it could be switched off then i am sure no any telemetry reg tweak or any gpo tweak is needeed as it will completly break user os calling m$ via his or her router local address to remote address.

    Nice find you are a Gem ;)
     
  8. case-sensitive

    case-sensitive MDL Addicted

    Nov 7, 2013
    966
    337
    30
    @ Clarity ---- >

    The old one is reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f

    The new one is reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMDNS /t REG_DWORD /d 0 /f

    ?
     
  9. Aldegard

    Aldegard MDL Novice

    Aug 19, 2021
    23
    9
    0
    #1312 Aldegard, Sep 2, 2021
    Last edited: Sep 2, 2021
    Yes. To completely disable Multicast, they should be both applied. They work only in a pair.

    I see an attempt to connect to the dns.msftncsi.com takes place only during the OS boot process. Newer more after. Definitely you have not everything is disabled. Try this:

    Code:
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet" /v EnableActiveProbing /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v NoActiveProbe /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v DisablePassivePolling /t REG_DWORD /d 1 /f
     
  10. mdl052020

    mdl052020 MDL Member

    May 31, 2020
    1,060
    893
    60
    IF YOU CAN CROSS CHECK YOUR ROUTER LOGS THEN YOU WILL BE ABLE TO SEE HOW MANY TIMES IT REQUESTED YOUR SYSTEM TO CONNECT TO IT IN A SINGLE DAY WITHOUT ANY REBOOT.
    PL DO CROSS CHECK.
     
  11. Aldegard

    Aldegard MDL Novice

    Aug 19, 2021
    23
    9
    0
    I`m using Windows Server 2022 with my own DNS server on it with enabled logging all dns requests. It`s empty. I`m fully disable all microsoft &^%$ on this moment (except this NCIS on boot). I have a lot of experience with disabling this &^%$

    I only realized that I never applied all three rules for NCSI together. I need to trace it can help with "boot connections".
     
  12. mdl052020

    mdl052020 MDL Member

    May 31, 2020
    1,060
    893
    60
    yes Thatswhy i already Said "You are a Gem" Awesome ;)
     
  13. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    784
    941
    30
    #1317 freddie-o, Sep 4, 2021
    Last edited: Sep 15, 2021
    This is how I "minimize" telemetry in Enterprise

    Offline and online from the Registry


    OFFLINE SERVICING
    Code:
    reg load HKLM\SOFTHIVE mount\Windows\System32\config\SOFTWARE
    
    rem == disable microsoft defender, notifications, updates and malicious software removal tool ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f
    
    rem == disable telemetry ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\DataCollection" /v "DisableEnterpriseAuthProxy" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\System\AllowTelemetry" /v "value" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "MicrosoftEdgeDataOptIn" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\InternetManagement" /v "RestrictCommunication" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\PCHealth\ErrorReporting" /v "DoReport" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "NoGenTicket" /t REG_DWORD /d "1" /f
    
    rem == delete telemetry scheduled tasks ==
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Feedback" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender" /f
    reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting" /f
    
    rem == disable cortana ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\Experience\AllowCortana" /v "value" /t REG_DWORD /d "0" /f
    
    rem == disable windows network connectivity status indicator (ncsi) ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v "NoActiveProbe" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\Connectivity\DisallowNetworkConnectivityActiveTests" /v "value" /t REG_DWORD /d "1" /f
    
    rem == disable smartscreen ==
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /v "value" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV8" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v "2301" /t REG_DWORD /d "3" /f
    
    reg unload HKLM\SOFTHIVE
    
    reg load HKLM\SYSHIVE mount\Windows\System32\config\SYSTEM
    
    rem == disable windows network connectivity status indicator (ncsi) ==
    reg add "HKLM\SYSHIVE\ControlSet001\Services\NlaSvc\Parameters\Internet" /v "EnableActiveProbing" /t REG_DWORD /d "0" /f
    
    rem == delete windefend service ==
    reg delete "HKLM\SYSHIVE\ControlSet001\Services\WinDefend" /f
    
    reg unload HKLM\SYSHIVE
    
    reg load HKLM\NTUSER mount\Users\Default\NTUSER.DAT
    
    rem == disable smartscreen for store and apps ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d "1" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t REG_DWORD /d "0" /f
    
    rem == disable smartscreen for microsoft edge ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d "0" /f
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d "0" /f
    
    rem == disable typing insight ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Input\Settings" /v "InsightsEnabled" /t REG_DWORD /d "0" /f
    
    rem == disable windows tracking app launches to improve start and search results ==
    reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /t REG_DWORD /d "0" /f
    
    reg unload HKLM\NTUSER
    
    


    ONLINE
    Code:
    Windows Registry Editor Version 5.00
    
    ;; WINDOWS PERMISSIONS
    ; General
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo]
    "DisabledByGroupPolicy"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo]
    "Enabled"=dword:00000000
    
    [HKEY_CURRENT_USER\Control Panel\International\User Profile]
    "HttpAcceptLanguageOptOut"=dword:00000001
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "Start_TrackProgs"=dword:00000000
    
    ; Speech
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy]
    "HasAccepted"=dword:00000000
    
    ; Inking & typing personalization
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\InputPersonalization]
    "RestrictImplicitInkCollection"=dword:00000001
    "RestrictImplicitTextCollection"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\InputPersonalization]
    "AllowInputPersonalization"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\Input\TIPC]
    "Enabled"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization]
    "RestrictImplicitInkCollection"=dword:00000001
    "RestrictImplicitTextCollection"=dword:00000001
    
    [HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization\TrainedDataStore]
    "HarvestContacts"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\Personalization\Settings]
    "AcceptedPrivacyPolicy"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput]
    "AllowLinguisticDataCollection"=dword:00000000
    
    ; Diagnostics & feedback
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
    "DisableWindowsConsumerFeatures"=dword:00000001
    
    [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
    "DisableTailoredExperiencesWithDiagnosticData"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
    "DoNotShowFeedbackNotifications"=dword:00000001
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules]
    "NumberOfSIUFInPeriod"=dword:00000000
    "PeriodInNanoSeconds"=dword:00000000
    
    ; ActivityHistory
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "EnableActivityFeed"=dword:00000000
    "PublishUserActivities"=dword:00000000
    "UploadUserActivities"=dword:00000000
    
    ;; APPS PERMISSIONS
    ; Location
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensors]
    "DisableLocation"=dword:00000001
    
    ; Notifications
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications]
    "NoCloudApplicationNotification"=dword:00000001
    
    ; Messaging
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Messaging]
    "AllowMessageSync"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy]
    "LetAppsGetDiagnosticInfo"=dword:00000002
    "LetAppsRunInBackground"=dword:00000002
    "LetAppsAccessTrustedDevices"=dword:00000002
    "LetAppsAccessTasks"=dword:00000002
    "LetAppsSyncWithDevices"=dword:00000002
    "LetAppsAccessRadios"=dword:00000002
    "LetAppsAccessPhone"=dword:00000002
    "LetAppsAccessNotifications"=dword:00000002
    "LetAppsAccessMotion"=dword:00000002
    "LetAppsAccessMicrophone"=dword:00000002
    "LetAppsAccessMessaging"=dword:00000002
    "LetAppsAccessLocation"=dword:00000002
    "LetAppsAccessEmail"=dword:00000002
    "LetAppsAccessContacts"=dword:00000002
    "LetAppsAccessCamera"=dword:00000002
    "LetAppsAccessCallHistory"=dword:00000002
    "LetAppsAccessCalendar"=dword:00000002
    "LetAppsAccessAccountInfo"=dword:00000002
    "LetAppsActivateWithVoice"=dword:00000002
    "LetAppsActivateWithVoiceAboveLock"=dword:00000002
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess]
    "Value"="Deny"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\cellularData]
    "Value"="Deny"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary]
    "Value"="Deny"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location]
    "Value"="Deny"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone]
    "Value"="Deny"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary]
    "Value"="Deny"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary]
    "Value"="Deny"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam]
    "Value"="Deny"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\wifiData]
    "Value"="Deny"
    
    


     
  14. mdl052020

    mdl052020 MDL Member

    May 31, 2020
    1,060
    893
    60
    Very Nice . Keep it up.
     
  15. Techville

    Techville MDL Novice

    Jan 28, 2021
    3
    0
    0
    Hi,

    I have win 10 enterprise LTSC installed and have set telemetry level to 0 = security. Also gone through settings -- Privacy and disabled nearly everything.


    Is that the best I can do ? I couldn't work out if the additional steps atr the top of this thread were in addition or instead of

    I have reluctantly migrated from Windows 8.1 and I am hoping I now have (more or less) the same level or privacy. Is that true ?

    BTW in setting telemetry to 0, do MS just collect the same level of data as in basic telemetry ?


    1. Operating system name and version, locale.
    2. Date and time.
    3. Locally defined, unique ID for device, and device class (e.g. Server or Desktop).
    4. Various unique user, machine and application identifiers.
    5. Various information about the system, both in hash form and strings, e.g. OEM manufacturer information, device name, TMP version, active microphones, firmware, networking information, license state, license key, processor, speech settings, storage, display, and more. (see Census listings there).


    Thanks
     
  16. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    784
    941
    30