-
Notifications
You must be signed in to change notification settings - Fork 0
/
instructions.txt
785 lines (584 loc) · 49.6 KB
/
instructions.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
********************************************************
Straightforward Training™
Windows 10 Security (Paranoid Mode) aka "Threat Level Midnight!"
Author: Saulo S. Ortiz
Date: 20210113
Update: 20220310
Contact: thetiredretired@gmail[.]com
********************************************************
Copyright ©2021-2022 Saulo S. Ortiz. All Rights Reserved!
********************************************************
*******************************************************************************************************************************************
*** No reproduction/modification of this guide is allowed for commercial purposes without explicit written permission from the author! ***
*******************************************************************************************************************************************
==================================================================================================================================================
Guide Updates:
==================================================================================================================================================
Update #5: 20220310
Fixed typos in step #3 of the 'Stop Windows from Updating' section. Updated Issue #1 information below.
Update #4: 20220307
Fixed some minor typos. Added Bonus info to the index. Found it can update with all these restrictions in place. Added how to stop Windows from
updating in Bonus step.
Update #3: 20210211
Added Task Scheduler modification step as Step #12; moved Bonus Steps to #13 and Final Words outside steps.
Update #2: 20210207
Added three new registry modifications to Step #9 to disable the Activate Windows watermark.
Update #1: 20210131
As an experiment, I've tried another VM session to see if version (18362) would update before doing any heavy modifications. I did perform one
small modification before updating, which was disabling the Windows Update Medic Service in the registry, then ran updates and install them. After
rebooting, I then disabled the regular Windows Update service and continued all other modificcation as per the guide. I'm happy to announce that
after the updates, all sections of this guide still worked. Therefore, if you want you can go ahead and install current updates then proceed with
the guide. But keep in mind that Microsoft could black-list your OS if its not a legal copy or an update could force new settings to take effect
preventing you from getting further updates and/or disabling the OS until you get a legal copy. In other words...BUY IT!!!!
==================================================================================================================================================
Issues Found:
==================================================================================================================================================
Issue #1: 20210113
At this time, I cannot find if I'm able to update manually after doing all these changes, especially after doing the steps 'Stop Windows from Updating'
in the Bonus section. Enabling both Windows Update Service and the Windows Update Medic Service would not allow me to do this at this time. This issue
could lie in the Group Policy, Registry or Firewall. More to come on this once I discover where the issue is. In the mean time, update before you start
this guide if you want to.
==================================================================================================================================================
About the Author:
==================================================================================================================================================
A retired US Air Force Logistics Planner with two tours of war, was introduced to computers (a Commodore 64) at the age of 11. During High School,
he found a summer job in a local "Mom's and Pop's" computer repair shop where he learned to honed his PC repair and building skills.
After joining the US Air Force in 1995, he continued to engage in all computers and technology matters, and learned more about network security
and management. He went on to have his own successful side-business as a Computer Security Consultant and SOHO Technician during and after his Air
Force career. After retiring from active duty, he went on to become the lead Malware Analyst for USCYBERCOM.
Today, he works as a Senior Cyber-Forensics Analyst for the Department of Defense, holds 29 federal certifications, several industry leading
certificates, and a Bachelors in Cyber Forensics/Information Security from Keiser University. He lives with his gorgeous and funny wife of 28 years
whom has gifted him with two great, but equally annoying kids.
==================================================================================================================================================
Disclaimer:
==================================================================================================================================================
1. All steps in this guide have been confirmed multiple times that will not cause any damage/corruption to data, but as always, this is not
100% guaranteed. So, take all the necessary steps to save all your important data to an external device before attempting this or any OS
modifications. PS, Don't forget to include any browser bookmarks which almost everyone forgets to do.
2. These modifications are set for a system that will no longer accept updates (patches). I cannot guarantee that the modifications will
remain if you continue to receive updates. More on this on a later revision.
3. The modifications performed in this guide are for a Desktop environment system. If any App functions are required by the user to perform
remote work or school (video chat, smart card, remote desktop functions, etc) then skip those steps that remove these services from the system.
Modifying these services on a laptop system will result in very limited to no video/audio communications, unless this is what the user wants
to do.
4. Please read each modification option carefully to understand what they do before you disable or enable them. Always backup your current
Windows settings to an external device using Windows Backup or any third party tool you prefer. Additionally, perform a restore point before
modifying Windows just in case you need to go back to an earlier time. Keep in mind restore points may not fix any issues you may experience
especially those that remove the Windows Apps.
5. Bloatware removed cannot be reinstalled unless you re-install the entire OS from scratch as well as Apps (Calendar, Calculator, etc!) You've
been warned!
6. The steps in this guide have been tested with Windows 7 Professional, Windows 7 Ultimate and Windows 10 version 10240, 18362 and 19041. I
cannot confirm they will work with any other Windows 10 versions. This guide goes over Windows 10 (18362 and 19041) which are easier versions
to modify.
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: Windows 10240 has way less Bloatware than later versions, but Windows Apps are more difficult to remove. Cortana cannot be removed in
version 10240 or above.
--------------------------------------------------------------------------------------------------------------------------------------------------
==================================================================================================================================================
Intro:
==================================================================================================================================================
Who Benefits from using this Guide?
If you do not intend to connect to the Microsoft Store to download apps; believe all your data is yours to keep in your own location and not a
cloud environment (among other privacy concerns), then modifying the OS may be for you!
This guide was created to allow users to customize/harden their Windows 10 operating system to stop data leaks, stop remote and update services
among other things. It can also provide a more secure OS, but the trade off is probably some broken applications or services needed by the user.
Carefully read this guide and the options you will be modifying in Windows to know if you'll need them or not.
You can use this guide with Windows XP, 7 and 8/8.1. Of course, they don't have the Bloatware Windows 10 has, but you can do the rest of the
modifications in the same manner as explained here with some minor research on the correct paths/etc since some may have changed from the legacy
systems to Windows 10. Some areas are named differently on each OS, but they work in same way. By the end of this guide you will have an advance
to expert understanding of the Windows operating system.
FYI, There is a PowerShell script (Windows10Debloater) available to remove Bloatware, but I could not get it to remove anything in any version
above 10240 or to install .NET 3.5 even though it stated it did. Therefore, I do not recommend it at this time.
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
Important! You cannot re-install Windows applications like Camera, Maps, Calendar, etc without going to the Microsoft Store. Make sure you do not
needs any of them before you uninstall them!!!
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: Make sure you create a restore point to go back to if you notice something you need is no longer working. An Image Backup is better to do.
--------------------------------------------------------------------------------------------------------------------------------------------------
==================================================================================================================================================
Knowledge Level: Beginner to Advance
==================================================================================================================================================
==================================================================================================================================================
Software Needed:
==================================================================================================================================================
-Glasswire 1.2 (only use this old version...newest version is no longer free)
-FakeNet or ApateDNS (FireEye/Free)
-CCleaner 5.6.7 (tested with this guide)
-Notepad++ (any version will work)
-Wise Registry Cleaner 9.4.7.619 (tested with this guide)
*All tools located in my Google Drive...contact me for access. Hashes will be provided for each program. Windows Firewall export, hosts file and
Registry backup created from using this guide, can also be found in my Google drive.
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
Important! Create an restore point and an Image Backup before making any changes to your system! Better yet, if enough resources are available,
(CPU cores, RAM, HDD space) then practice these modifications in a VM before doing them on your actual system.
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
==================================================================================================================================================
Index:
==================================================================================================================================================
- Guide Updates
- Issues Found
- About the Author
- Disclaimer
- Knowledge Level
- Software Needed
- Index
- Steps:
01. Disabling Some Privacy Settings
02. Software Tool Setup
03. Capturing Callouts
04. Removing Bloatware
05. Modifying the Firewall
06. Exporting Firewall Rules and Hosts File Changes for Backup
07. Disabling IPv6
08. Disabling Some Services
09. Modifying the Registry to Stop Blocked Services
10. Modifying the Group Policy
11. Cleaning and Backing Up the Registry
12. Modifying the Task Scheduler
13. Bonus Info!
- GodMode
- Stop Windows from Remembering Stuff
- Set the Number of Cores/RAM
- Disable Windows 7,8,10 Activation
(NEW) - Stop Windows from Updating
- Final Words
==================================================================================================================================================
==================================================================================================================================================
Step #1: Disabling Some Privacy Settings
==================================================================================================================================================
This is the easy part, so enjoy it while you can.
1. In the Search Bar type and run: Privacy Settings
2. Go through each section in the menu and Disable (turn off) what you don't want running automatically
3. In the Search Bar type and run: Settings
4. Disable any options here you do not want
5. Reboot for changes to take effect
==================================================================================================================================================
Step #2: Software Tool Setup
==================================================================================================================================================
This step is going to take a while to complete, but necessary based on my findings.
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: You'll need .NET 3.5 for ApateDNS to work. Install it before starting this step!
--------------------------------------------------------------------------------------------------------------------------------------------------
1. Using another computer, Download all tools mentioned in the Tools section...DO NOT USE THE SAME COMPUTER OR VM YOU'RE GOING TO MODIFY!
2. Disable your Internet connection by either:
a. Control Panel > Network and Sharing Center > Change Adapter Settings > Right click on the NIC icon and select Disable
b. Or remove the USB antenna
c. Or remove the cat5 cable
d. Right click on the Internet Access icon on the right side in the Taskbar > Open Network & Internet Settings > Status > Adapter Options
Right Click on your connection icon, then select Disable
e. If you're using a VM then disconnect the NIC in the VM Settings
3. Install ApateDNS first
4. Install Glasswire second
5. Install Notepad++ third
6. Install all other software tools now
7. Reboot the system for changes to take effect
==================================================================================================================================================
Step #3: Capturing Call-Outs (Two Parts)
==================================================================================================================================================
In order to get alerts on some call-out you need ApateDNS which needs .NET 3.5 for it to work. Other call-outs will be captured by Glasswire.
More on that later on.
Step #3a:
If you cannot find it and install it without problems, you will need to do some early modifying to prevent Windows from fully updating from the
version that you have. So for this:
1. In the Search Box type and run: Services
2. Find Windows Updates and double click on it
3. On the drop-down menu select Disable
4. If the service is running then click the Stop button
5. Click on Ok to save the changes
6. Go back Online and find the Microsoft webpage for .NET 3.5
(https://www.microsoft.com/en-us/download/details.aspx?id=21)
7. Download and Install the program
8. Go back Offline and continue below
Step #3b:
1. Run ApateDNS and use DNS 127.0.0.1 then click Start
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: Pay attention to ApateDNS and Glasswire. If anything tries to call-out during or after tool installation, or when you run each tool, use
Glasswire to block them. Also you can modify the hosts file using Notepad++ and entering the URL or IP found in ApateDNS and Glasswire.
All this will take a while for you to capture, edit and repeat.
--------------------------------------------------------------------------------------------------------------------------------------------------
2. In Glasswire:
a. Look for the Alert
b. Click on the Fire icon next to it to create a Firewall Rule
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: To see the Glasswire Firewall rules: Control Panel > Windows Defender Firewall > Advance Settings
--------------------------------------------------------------------------------------------------------------------------------------------------
3. To use Notepad++ to edit the Hosts file and create a loop for any call-outs to return to your host machine:
a. Go to C:\Windows\System32\drivers\etc\
b. Right click on the hosts file
c. Select Edit with Notepad++
d. When you save the changes (Ctrl+S) it will ask you to open Notepad++ as administrator, select Yes for your changes to be moved to the
new Notepad++ instance
e. Save any changes
4. Under all the commented out statemens start a new line and enter any findings ApateDNS. Example:
127.0.0.1 adobe.updates.com #Adobe Reader 11
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: A good resource for an already edited hosts file can be found in www.someonewhocares.org. I highly recommend using this server hosts file
for personal use. Make sure you inspect it all and change any 0.0.0.0 to 127.0.0.1. There is a difference in how these two IPs work.
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: You may need to allow for hidden files and folders in to be viewed:
a. Control Panel > File Explorer Options > View Tab
b. Select Show hidden files, folders...
c. Uncheck Hide extensions for known file types...
d. Save the changes
--------------------------------------------------------------------------------------------------------------------------------------------------
Optional: To enter any Glasswire findings in the hosts file:
a. Move your mouse over the alert and wait for the URL or IP address to show
b. Using Notepad++ enter a new loop line with that information. See step #4 above.
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
Important! Make sure you block all of these tools from calling out to their home servers, especially CCleaner, Glasswire and Wise Registry
Cleaner. You don't want them to update and locked you out from certain options (Glasswire) or leaks personal information (CCleaner/Wise).
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
==================================================================================================================================================
Step #4: Removing Bloatware
==================================================================================================================================================
This step is going to take a while to complete...
Use CCleaner to remove Bloatware like MS Store, Cortana, Mail, Tips, Weather, Messaging, Eclipse, XBOX, OneDrive, People, Remote, Maps, Mixed
Reality, etc. Depends on what you don't want to use.
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
Important: You cannot re-install any of the Windows Modules so make a Restore Point and an Image Backup if you think you may need any of these
features later!
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
1. Run CCleaner and uninstall any of the Windows Modules you don't need mentioned above.
a. CCleaner > Tools > Uninstall
b. Remove any Windows modules
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: FYI the CALC may be the only one you will need and you need to block it from calling out...which it does.
--------------------------------------------------------------------------------------------------------------------------------------------------
2. While you're here, stop CCleaner from auto running when Windows starts and also from updating:
a. Options > Privacy > Uncheck box
b. Options > Smart Cleaning > Uncheck Enable Smart Cleaning
c. Options > Updates > Uncheck all checkboxes
d. Options > Settings > Uncheck Run CCleaner when computer starts
e. Tools > Statup > Disable any program here you don't want to automatically start when Windows starts like CCleaner, SteamOS, etc.
This can save memory on low memory systems
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
Important! DO NOT disable any Antivirus or security program!
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
3. Just like before, open the hosts file in Notepad++ as Administrator and type under all the default commented out statements any new findings
Example:
127.0.0.1 adobe.updates.com #Adobe Reader 11.01
127.0.0.1 Any_ApateDNS_Findings #Your_Comment_Here_To_Indicate_From_Where_This_is_Coming_From
4. Leave it running for a while to capture all of the call-outs...also do it after a few reboots and try all your software if you want to stop
leaks. For example, why does File Explorer need to connect to the Internet?! Why does CALC also connects? These applications should just RUN
from the computer and not contact anyone for any reason!
5. If anything shows up in Glasswire, make sure you block it by selecting the Fire icon next to the alert
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: If you don't want to keep CCleaner then uninstall it when you're done...If you're going to keep it, secure it with the steps I've mentioned
above but also disable the Autorun, Auto Update and Monitoring features in its Settings tab
--------------------------------------------------------------------------------------------------------------------------------------------------
==================================================================================================================================================
Step #5: Modifying the Firewall
==================================================================================================================================================
Once you are done editing the hosts file and modifying the Firewall through Glasswire, make sure you save a copy of the hosts file and also export
the Firewall settings and again them in a safe place. But first lets modify the Firewall a little bit more. This part consists of two parts, the
Inbound and the Outbound Firewall rules. First the Inbound.
1. Go to:
a. Control Panel > Windows Defender Firewall > Advance Settings
b. Or in the Search bar or icon search for Windows Defender Firewall with Advance Security
2. Select Inbound Rules
3. Click on the Profile column to sort out starting with All
4. Any IPv6 settings Disable them or Block them...either way they will not be used at this moment
5. Disable the following:
a. AllJoyn Router
b. Any Remote Assistance/Remote Services
c. Any Modules that have been removed or still being used
d. Any other programs you don't want them to call-out to their home servers
6. Select Outbound Rules and sort it the same way as the Inbound Rules
7. Disable any IPV6 settings
8. Disable the following:
a. AllJoyn Router
b. Any Remote Assistance/Remote Services
c. Any Modules that have been removed or still being used
d. Any other programs you don't want them to call-out to their home servers
e. Any @Firewall, Connected-User-Experience, Windows Apps, Media Sharing, Cast-to-Device, Proximity, Wireless Display, etc.
9. Disable any of the Windows Apps that may be in the Firewall (Camera, Maps, Calendar, Calculator, etc.
10. Disable all DOMAIN and PUBLIC rules, but do not disable PUBLIC if you're using a Laptop in public places
11. While you're here, Disable Glasswire Service (stops it from updating)
12. Click on Outbound Rules
13. Basically Disable all PUBLIC and DOMAIN rules and any IPv6, Telemetry, Windows Apps, any Cast-to-Device, Connected Devices, Media Center,
and anything else that sounds you will not be using it like the @Firewall rules, Connected User Experience, etc.
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: You can delete the firewall rules for the Windows modules or just disable them! Just know that if you're still using them, they will
message you asking for a way out. Disabling them is the easiest way to block them. Also notice all the Glasswire rules...to view them:
a. Double click on one of them
b. Select Program and Services tab
c. Find the name of the application being blocked
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: I highly suggest for all to get smart on the default firewall rules. Use another computer or take note then Google what you are not sure
of and how it may affect your communications.
--------------------------------------------------------------------------------------------------------------------------------------------------
==================================================================================================================================================
Step #6: Exporting Firewall Rules and Hosts File Changes for Backup
==================================================================================================================================================
Exporting them is very important...you don't want to redo all of them from scratch if you have to reinstall the OS later on. You can also move them
to another system if you want to.
1. Once you are done modifying the Firewall:
a. On the left menu select Windows Defender Firewall with Advance Security on Local Computer
b. Right click on it and select Export Policy...
c. Give it a name...I usually use the following format:
WFW20210113-1 (WindowsFireWallYearMonthDay-Version), you can use what ever you want
d. Save the file in a secured device away from the computer
e. Save a second export in case the first one gets corrupted...it has happened to me
2. Export the hosts file:
a. C:\Windows\System32\drivers\etc\
b. Copy the hosts file and save it in a secured device away from the computer and also have a second one just in case
==================================================================================================================================================
Step #7: Disabling IPv6
==================================================================================================================================================
If you know anything about IPv6 is that its insecure, leaky and very, unsafe. IPv6 leaks like crazy and even when you have all these modifications
in place, it will leak personal information. Luckily we can stop this and its easy to do.
1. On the Taskbar, right click on the Internet icon
2. Select Open Network & Internet Settings > Ethernet > Change Adapter Options
3. Right click on the Ethernet or Wifi icon you use to connect to the Internet and select Properties
4. Find and uncheck TCP/IPv6 then Ok to save the changes
You can also go through Control Panel > Network and Sharing Center > Change Adapter Settings
==================================================================================================================================================
Step #8: Disabling Some Services
==================================================================================================================================================
This step will take you a bit of time to complete. Go through each one, read their description and Disable the Services depending on what they do.
Some Services I've disabled are: ActiveX, Smart Card, Geolocation, Windows Updates, Fax, XBOX, Secondary Logon, anything Remote services, Telephony,
Bluetooth, Error Reporting and *Windows Event Logon, Telemetry.
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
Important! I recommend taking screen captures using the Snipping Tool in Windows or taking notes to save the original settings in case you need
to revert back to them to make some services work again
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: *If you turn off Windows Event Logon it will also turn off Network List Services and Network Location Awareness which may disable the
Search Bar and Search Icon and you won't be able to search for anything...but this issue depends on the Window 10 version
--------------------------------------------------------------------------------------------------------------------------------------------------
1. In the Search Bar type and run: Services
2. Go through the list of Services and make sure you Disable them from the Drop-Down menu and also Stop the Service if its running...Look for
any Services that are of Privacy concerns or just plain useless for a regular Desktop computer to have
3. To fully disable them:
a. Select the Service to disable and read the description
b. If you do not want it then double click on it
c. On the Startup Type drop-box select Disable
d. If its running select the Stop button
e. Save the changes
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: Some services cannot be stopped through this screen...but I have a fix!!! See Step #8!!!
--------------------------------------------------------------------------------------------------------------------------------------------------
4. Reboot the system and when you return don't forget to run ApateDNS to continue finding call-outs!
==================================================================================================================================================
Step #9: Modifying the Registry to Stop Blocked Services
==================================================================================================================================================
As mentioned in Step #7, some services cannot be disabled but we can do it if we modify the Registry. Below are the ones you should be worried about.
I recommend you have Services and REGEDIT screens side by side so you can see the changes happening. If changes do not happen then you may need to
shutdown the Services screen and return to it to refresh it.
1. Disable Windows Update Medic Service
a. On the Search Bar type and run: Regedit
b. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc
c. In right pane, double click on Start registry DWORD to modify its Value data
d. Set the Value data to 4 to disable Windows Update Medic Service
e. OK to save changes
2. Disable Auto-activation feature
a. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Activation
b. Select MANUAL and change to 4 to disable
3. Disable Auto-activation feature Alternate #1
a. Computer\HKEY_CURRENT_USER\Control Panel\Desktop
b. Go to PaintDesktopVersion and change to 4
4. Disable Auto-activation feature Alternate #2
a. Kill the process in notepad++ open a new page
b. type:
@echo off
taskkill /F /IM explorer.exe
explorer.exe
exit
c. Save as remove.bat
d. Run as Admin
e. Restart
5. Disable Auto-activation feature Alternate #3
a. Right click on Desktop > Display settings > Notifications & Actions
b. Turn off:
Show me Windows Welcome Experience
Get tips, tricks and suggestions
c. Restart
3. Disable Update Orchestrator
a. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc
b. Select START and change to 4 to disable
c. Go to Task Manager > Services tab
d. STOP the service from there
4. Disable OneSync_c523 Service
a. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneSyncSvc_c523d
b. Select START and change to 4 to disable
5. Close REGEDIT to save the changes
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: You can also Export the Registry but before you do, use Wise Registry Cleaner to clean it, then Export it
--------------------------------------------------------------------------------------------------------------------------------------------------
==================================================================================================================================================
Step #10: Modifying the Group Policy
==================================================================================================================================================
Ok...almost done! I've left the longest step in this guide for last. FYI...Some rules state Allow while others state Turn Off...read what they say
then make the necessary changes by double-clicking on them. I highly recommend you check all of the other folders here so you can get a sense
of all the options you have available. You'll be amazed!
1. In the Search Bar type and run: gpedit.msc
2. Open Computer Configuration > Administrative Templates > Windows Components
3. Go through each folder and look for any policy you may not need or is a Privacy concern
(e.g. Maps, Find My Device, *TablePC in a Desktop environment)
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
Important! *Do not disable TabletPC or anything Tablet related in both Group Policy and Services if you have a WACOM or similar peripheral!
==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==*==
4. Carefully read each option that reads Turn Off or Enable and what they do...FYI, you need to Enable a Turn Off policy
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: By default Policies will read "Not configured" which is the same to say the Policy is either On or Off depending of what it states in its
description
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: If you see an icon of an arrow pointing down, it means that the Service was turned off. You don't need to do anything in Group Policy
unless you want to. But since this is Paranoid mode then...
--------------------------------------------------------------------------------------------------------------------------------------------------
==================================================================================================================================================
Step #11: Cleaning and Backing Up the Registry
==================================================================================================================================================
The last thing to do is clear the registry from all the dead registry keys left from all the removing and modifications. This is another easy
part.
1. Run CCleaner > Registry > Scan for Issues
2. Once the scan is complete, it will ask you if you want to save the registry before committing to any changes...this is optional
3. When done close CCleaner
4. Run Wise > Deep Scan
5. When done click on the CCleaner button...you may have to do this a few times
6. Done!
==================================================================================================================================================
Step #12: Modifying the Task Scheduler
==================================================================================================================================================
Not 100% sure if they services disabled still send out information like Telemetry, Reports, etc; but Task Scheduler is the last thing you need to
check out before we are done.
1. In the Search Bar, type and run: Task Scheduler
2. At the Task Scheduler Library you could probably see some pending taskings like: CCleaner, Google Update, etc. You can see their Status
3. Select one and you should see a description of what the pending task will do
4. To disable the task use the menu on the right
5. Open the Folder Tree and look at the different folders
6. Go to Microsoft > Windows > Application Experience and check out the pending taskings there
7. Go through each folder and look for anything that sends report back to Microsoft
(e.g. Telemetry, Error Reporting, Update Orchestrator, Remote Access, Activation Technologies, etc)
==================================================================================================================================================
Step #13: Bonus Info!
==================================================================================================================================================
--------------------------------------------------------------------------------------------------------------------------------------------------
GodMode:
--------------------------------------------------------------------------------------------------------------------------------------------------
What if I told you there is such a thing as GodMode in Windows? Yes! Just like a video game where you can have access to every available option or
make your character invincible, you can have access to all the Windows user features in one single screen. To do this:
1. In Desktop create a new Folder
2. Right click on it and copy and paste this: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
3. Hit the Enter keys
These options are not Group Policy or Services options but user options. But it gives you even more control of the OS.
--------------------------------------------------------------------------------------------------------------------------------------------------
Stop Windows from Remembering Stuff:
--------------------------------------------------------------------------------------------------------------------------------------------------
This option can disable Windows from remembering files that were opened.
1. In the Search Bar type and run: gpedit.msc
2. Open User Configuration > Administrative Templates > Start Menu and Taskbar
3. Double click on Do not keep history of recently opened documents and Enable this Policy
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: a. Check all other options here! How about: Clear history of recently opened documents on exit
b. Check the All Settings folder at the bottom of this Folder Tree and also under Computer Configuration...so many options!
c. These options are per user account and cannot be applied Globally in the system
--------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------
Set the Number of Cores/RAM:
--------------------------------------------------------------------------------------------------------------------------------------------------
1. In the Search Bar type/run: msconfig.msc
2. On the pop-up go to the Boot tab then the Advance options... button
3. If you have a multi-core CPU (and we all do now a-days) you have to wonder why Windows doesn't recognize them...not all programs use all
CPU, but you can tell it here to show you all CPUs by changing the Number of Processors as well as the Maximum Memory.
4. While you're here, check the other tabs
FYI, you can create shortcuts to the Desktop of the Firewall, Resources and other options.
--------------------------------------------------------------------------------------------------------------------------------------------------
Disable Auto-Activation feature (Windows 7):
--------------------------------------------------------------------------------------------------------------------------------------------------
1. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL\Activation
2. Select START and change to 1 to disable
Windows 7 Registry Settings:
0 - Allow (default)
1 - Disable
Windows 8/10 Registry Settings:
0 - Boot
1 - System
2 - Automatic
3 - Manual
4 - Disable
--------------------------------------------------------------------------------------------------------------------------------------------------
Stop Windows from Updating:
--------------------------------------------------------------------------------------------------------------------------------------------------
I didn't want Windows 7 updating to 8 or 10. You may not want 10 updating to 11. I know I don't. But there may be other reasons why you don't want
Windows to auto-update. You may want exclusive hands-on updates to make sure your network doesn't collapse due to a bad update patch, or you may not
want new holes in your security. At any rate here's how to stop Windows from updating. FYI, this may be temporary as some people are reporting that
this option enables again in 2 or 3 days after disabling it. I will continue to find out options and place them here.
Step #1 (Settings):
1. Open Settings
2. Click on Update & Security
3. Click on Windows Update
4. Click the Advanced options button
5. Change the Pause Until option and select the last date on the list
Step #2 (Group Policies):
1. Type/run gpedit.msc
2.Go to the following path:
a. Computer Configuration > Administrative Templates > Windows Components > Windows Update
3. Double-click the Configure Automatic Updates policy option on the right side
4. Select the Disabled option to turn off automatic Windows 10 updates permanently
5. Click the Apply, then the OK button
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: while you're here, check out other policies you can disable. FYI, some "disabling" options have to be "enabled"...read each policy carefully
to understand what it does.
--------------------------------------------------------------------------------------------------------------------------------------------------
FYI: Policy Values
a. 2 — Notify for download and auto install
i. This option prevent updates from downloading automatically
b. 3 — Auto download and notify for install
c. 4 — Auto download and schedule the install
d. 5 — Allow local admin to choose setting
e. 7 — Auto Download, Notify to install, Notify to Restart
--------------------------------------------------------------------------------------------------------------------------------------------------
Note: The best option to disable automatic updates is using (2 — Notify for download and auto install). This option won't download updates
automatically. Instead, you'll get an "Install Now" button in the Windows Update settings page to do it manually.
--------------------------------------------------------------------------------------------------------------------------------------------------
Step #3: (Edit the Registry)
1. Type/run regedit
2. Find the following path:
a. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
3. Find the WindowsUpdate key (folder) and open it
i. If not there, create it
4. Right-click the AU subkey (folder), then select New > DWORD32
i. If not there, create it and create the DWORD32
5. Change the value in key NoAutoUpdate from 0 to 1
i. If not there, create it and change the value to 1
6. Click the OK button then restart the computer
==================================================================================================================================================
Step #14: Final Words!
==================================================================================================================================================
By now I hope you have a better and greater understanding of the many options Windows has at your disposal. With them, we can even find removed
options like Windows Updates which Microsoft removed user access in Control Panel. I hope I have taught you something new about Windows and how
you can be more that just be an idle user but an active participant in control of your operating system.
I've been dealing with Microsoft products since DOS 5.0 and I have learned a lot about making an OS run the way I want it to run. With security in
mind, I tell you the following:
1. If you're missing a .dll file, DO NOT DOWNLOAD IT from just ANY website. Any "missing" dll files can be found from another system or
just reinstalling the program in question. Usually DirectX is the one that gets most of these problems.
2. Malware doesn't necessarily come infected anymore...it downloads from servers once the main (safe) program is installed. The files will call-out to
command-and-control (C2) servers then download their payload and do the damage. Do not install files from unknown sources! Even popular file servers
like Tu-Cows, FileHippo, etc. will contain malicious programs. So download from the developers.
3. You can easily view if a link in an email is legit by hovering your mouse over the link and waiting for a text pop-up. Also be aware of typos
in links like: BankofAmer1ca, 1inkedIn, etc., or redirection from a link or a message asking you to update your Browser. Automatic updates
from Browsers should always be on.
4. Never give your info to anyone! No company/financial institution will ever ask you to confirm anything personal like social security number,
mother's maiden name, pin number, etc. That is not how they work.
5. Be aware of phone scams or emails that stir fear, anger or religious feelings...everything you click on, like or comment is being collected
and can be used against you. Fight the urge to click on a comment that stirs feelings so you don't get targeted by spammens, etc.
5. Clear your cookies...ALWAYS! Set your browser to NEVER REMEMBER settings if you can. Firefox is good for this option and gets updates faster
that any other browser.
6. Speaking about Firefox, did you know you can also modify it to stop leakage to the internet? Open a browser and type about:config. Look for things
like WebRTC. Google for WebRTC leaks and any other browser leaks. Chances are you can modify the browser to stop. Also you can stop updates, reporting,
etc.
7. Do not fall for the "computer is slow? then use this program" scam. TV commercials and pop-ups that advertise fixes from online technicians are fake.
You will get infected and your important documents exfiltrated. Learn how to fix stuff by yourself and use tools like CCleaner or Wise Cleaner to clean
and streamline your Registry (don't forget to block them). Also Windows comes with a Defragmenter you can use to streamline the HDD unless you have an
SDD then you don't really need to defrag. Also, be careful with these two programs I've mentioned. I've seen them both communicating to China. I use
them and block them from outgoing communication using Glasswire.
8. Shouldn't need to tell you this but, if you buy a cheap computer then you will have a slow computer. So buy or better yet, build a good and fast
computer that will last you years. Something with a Six-core or more CPU, 32GB and 1TB HDD/SSD are the best. You may just need to upgrade the GPU
every 2 or 3 years unless you don't plan to play graphic intensive games. Get rid of all the Bloatware from Windows and any other programs already
pre-installed in the system. FYI, Laptops tend to slow down when running from batteries.
==================================================================================================================================================
Contact me if you have any questions on anything I've mentioned here, I've missed something, you have updates or new stuff to add to this guide or
something needs clarification.
==================================================================================================================================================