Your software is very promising lakrispipe, because the solution is not integrated with the operating system or changes can be made without notice : a overlay and a transparent control of the registry ! The new keys introduced by the updates must be discriminated or marked: they will be easier to examine in view of their activation/deactivation/deletion with maintain of deletion if necessary. And a event/key/function reference manual will surely be useful. The existing solutions are not hyper-specialised like yours or are part of a heavy security suite (solarwinds registry-monitoring) or very simple (StartupEye Registry Monitor = which only monitors the startup line of the registry).
Just curious: have there been approaches to port (copy, patch) the missing functions from the Enterprise version to the Professional version? I bet, those are just a bunch of DLLs, as we've had in the past, e.g. RDP.
Debloat Task Manager. Disable Microsoft Text Input Application: Code: reg add "HKLM\SOFTWARE\Microsoft\Input" /v InputServiceEnabled /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Input" /v InputServiceEnabledForCCI /t REG_DWORD /d 0 /f Disable CTF Loader: Code: reg add "HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService" /v Start /t REG_DWORD /d 4 /f Disable Security Health Service: Code: reg add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v Start /t REG_DWORD /d 4 /f
The old rule for disabling Multicast DNS is not enough anymore. Add one more. Like this (new and old): Code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMDNS /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f The same concerns Microsoft NCSI. Old rule not enough anymore. Now when you turn on PC Windows sometimes phone to "dns.msftncsi.com". Maybe someone knows a new rule to disable it ?
Its the most wanted & awaited rule to disable msftncsi dns dns.msftncsi.com calling M$ after every 10-30 minutes interval if it could be switched off then i am sure no any telemetry reg tweak or any gpo tweak is needeed as it will completly break user os calling m$ via his or her router local address to remote address. Nice find you are a Gem
@ Clarity ---- > The old one is reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f The new one is reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMDNS /t REG_DWORD /d 0 /f ?
Yes. To completely disable Multicast, they should be both applied. They work only in a pair. I see an attempt to connect to the dns.msftncsi.com takes place only during the OS boot process. Newer more after. Definitely you have not everything is disabled. Try this: Code: reg add "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet" /v EnableActiveProbing /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v NoActiveProbe /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v DisablePassivePolling /t REG_DWORD /d 1 /f
IF YOU CAN CROSS CHECK YOUR ROUTER LOGS THEN YOU WILL BE ABLE TO SEE HOW MANY TIMES IT REQUESTED YOUR SYSTEM TO CONNECT TO IT IN A SINGLE DAY WITHOUT ANY REBOOT. PL DO CROSS CHECK.
I`m using Windows Server 2022 with my own DNS server on it with enabled logging all dns requests. It`s empty. I`m fully disable all microsoft &^%$ on this moment (except this NCIS on boot). I have a lot of experience with disabling this &^%$ I only realized that I never applied all three rules for NCSI together. I need to trace it can help with "boot connections".
Hi, I have win 10 enterprise LTSC installed and have set telemetry level to 0 = security. Also gone through settings -- Privacy and disabled nearly everything. Is that the best I can do ? I couldn't work out if the additional steps atr the top of this thread were in addition or instead of I have reluctantly migrated from Windows 8.1 and I am hoping I now have (more or less) the same level or privacy. Is that true ? BTW in setting telemetry to 0, do MS just collect the same level of data as in basic telemetry ? Operating system name and version, locale. Date and time. Locally defined, unique ID for device, and device class (e.g. Server or Desktop). Various unique user, machine and application identifiers. Various information about the system, both in hash form and strings, e.g. OEM manufacturer information, device name, TMP version, active microphones, firmware, networking information, license state, license key, processor, speech settings, storage, display, and more. (see Census listings there). Thanks